X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprofile%2Fmanifests%2Fapache.pp;h=3c25e2b6e2a996b700e82bbab79bbd0c08f07393;hb=54cb56fe666f54a11f6e0b1a53303508a1826114;hp=8db58da99beb5aed81e044791bf7393213ba5682;hpb=85abd2fdbad83430df4824843764719064afb9b4;p=perso%2FImmae%2FProjets%2FPuppet.git

diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp
index 8db58da..3c25e2b 100644
--- a/modules/profile/manifests/apache.pp
+++ b/modules/profile/manifests/apache.pp
@@ -4,6 +4,8 @@ class profile::apache {
     root_directory_options => ["All"],
     default_mods           => false,
     default_vhost          => false,
+    user                   => "http",
+    group                  => "http",
     log_formats            => {
       combined => '%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %p',
       common   => '%h %l %u %t \"%r\" %>s %b',
@@ -20,6 +22,11 @@ class profile::apache {
     filename => 'protocols.conf'
   }
 
+  ::apache::custom_config { 'protocols.load':
+    content  => 'LoadModule http2_module /etc/httpd/modules/mod_http2.so',
+    filename => 'protocols.load'
+  }
+
   ::apache::custom_config { 'document_root.conf':
     source   => "puppet:///modules/profile/apache/document_root.conf",
     filename => "document_root.conf"
@@ -67,13 +74,12 @@ class profile::apache {
     install_method  => "package",
     package_name    => "certbot",
     package_command => "certbot",
-    # FIXME
-    email           => 'sites+letsencrypt@mail.immae.eu',
+    email           => lookup('letsencrypt::email'),
   }
 
-  $real_hostname = lookup("base_installation::real_hostname") |$key| { {} }
+  $real_hostname = lookup("base_installation::real_hostname", { "default_value" => undef })
   unless empty($real_hostname) {
-    if (lookup("ssl::try_letsencrypt_for_real_hostname") |$key| { true }) {
+    if (lookup("letsencrypt::try_for_real_hostname", { "default_value" => true })) {
       letsencrypt::certonly { $real_hostname:
         before => Apache::Vhost["default_ssl"];
         default: * => $::profile::apache::letsencrypt_certonly_default;
@@ -110,6 +116,14 @@ class profile::apache {
     }
   }
 
+  lookup("letsencrypt::hosts", { "default_value" => [] }).each |$host| {
+    if ($host != $real_hostname) { # Done above already
+      letsencrypt::certonly { $host: ;
+        default: * => $letsencrypt_certonly_default;
+      }
+    }
+  }
+
   apache::vhost { "redirect_no_ssl":
     port          => '80',
     error_log     => false,