profile.apache-httpd: manage snippets

- add apache-httpd profile with snippets configuration
- add TLS snippet to apache-httpd role pillar

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

3 files changed, 42 insertions, 1 deletions

diff --git a/pillar/role/web/apache-httpd.sls b/pillar/role/web/apache-httpd.sls
index 5b4b64b..bd77162 100644
--- a/pillar/role/web/apache-httpd.sls
+++ b/pillar/role/web/apache-httpd.sls
@@ -1,3 +1,13 @@
+{%- set host = grains['host'] -%}
+{%- set fqdn = grains['fqdn'] -%}
+
 apache:
   global:
     ServerAdmin: system@lysergic.dev
+
+profile:
+  apache-httpd:
+   snippets:
+    ssl_{{ host }}:
+      - 'SSLCertificateFile    "/etc/ssl/{{ host }}/{{ fqdn }}.crt"'
+      - 'SSLCertificateKeyFile "/etc/ssl/{{ host }}/{{ fqdn }}.key"'
diff --git a/salt/profile/apache-httpd/init.sls b/salt/profile/apache-httpd/init.sls
new file mode 100644
index 0000000..db5b6f9
--- /dev/null
+++ b/salt/profile/apache-httpd/init.sls
@@ -0,0 +1,31 @@
+{%- set snippetsdir = '/etc/apache2/snippets.d' -%}
+{%- set mypillar = salt['pillar.get']('profile:apache-httpd', {}) -%}
+
+{{ snippetsdir }}:
+  file.directory:
+    - makedirs: True
+
+{%- if 'snippets' in mypillar %}
+{%- for snippet, config in mypillar['snippets'].items() %}
+{{ snippetsdir }}/{{ snippet }}.conf:
+  file.managed:
+    - contents:
+      {%- for line in config %}
+      - {{ line }}
+      {%- endfor %}
+    - require:
+      - file: {{ snippetsdir }}
+    {#- formula dependencies #}
+    - require_in:
+      - module: apache-service-running-restart
+      - service: apache-service-running
+    - watch_in:
+      - module: apache-service-running-reload
+{%- endfor %}
+{%- endif %}
+
+include:
+  - apache.config
+
+
+
diff --git a/salt/role/web/apache-httpd.sls b/salt/role/web/apache-httpd.sls
index 7c2002f..559d860 100644
--- a/salt/role/web/apache-httpd.sls
+++ b/salt/role/web/apache-httpd.sls
@@ -1,2 +1,2 @@
 include:
-  - apache.config
+  - profile.apache-httpd