dovecot: use ssl module for certificate paths

dovecot/manifests/init.pp

@@ -39,15 +39,6 @@ class dovecot::server inherits dovecot::common {
         $dovecot_mailbox_format = "mbox"
     }
 
-    case $operatingsystem {
-        centos,fedora: {
-            $dovecot_ssl_dir = "/etc/pki/tls"
-        }
-        default: {
-            fail("Dovecot module not supported in ${operatingsystem}.")
-        }
-    }
-
     service { "dovecot":
         ensure => running,
         enable => true,
@@ -76,8 +67,33 @@ class dovecot::server inherits dovecot::common {
         require => Package["dovecot"],
     }
 
+
+    if ! ($dovecot_ssl_key and $dovecot_ssl_cert) {
+        fail("Must define \$dovecot_ssl_key and \$dovecot_ssl_cert")
+    }
+
+    include ssl
+
+    file { "${ssl::private}/dovecot.key":
+        ensure => present,
+        source => $dovecot_ssl_key,
+        mode   => "0600",
+        owner  => "root",
+        group  => "root",
+        notify => Service["dovecot"],
+    }
+
+    file { "${ssl::certs}/dovecot.crt":
+        ensure => present,
+        source => $dovecot_ssl_cert,
+        mode   => "0644",
+        owner  => "root",
+        group  => "root",
+        notify => Service["dovecot"],
+    }
+
     if $dovecot_ssl_csr {
-        file { "$dovecot_ssl_dir/private/dovecot.csr":
+        file { "${ssl::private}/dovecot.csr":
             ensure => present,
             source => $dovecot_ssl_csr,
             mode   => "0640",
@@ -88,7 +104,7 @@ class dovecot::server inherits dovecot::common {
     }
 
     if $dovecot_ssl_ca {
-        file { "$dovecot_ssl_dir/certs/dovecot.ca.crt":
+        file { "${ssl::certs}/dovecot.ca.crt":
             ensure => present,
             source => $dovecot_ssl_ca,
             mode   => "0644",
@@ -98,32 +114,6 @@ class dovecot::server inherits dovecot::common {
         }
     }
 
-    if $dovecot_ssl_cert {
-        file { "$dovecot_ssl_dir/certs/dovecot.crt":
-            ensure => present,
-            source => $dovecot_ssl_cert,
-            mode   => "0644",
-            owner  => "root",
-            group  => "root",
-            notify => Service["dovecot"],
-        }
-    } else {
-        fail("You need to define an ssl_cert in your node manifest.")
-    }
-
-    if $dovecot_ssl_key {
-        file { "$dovecot_ssl_dir/private/dovecot.key":
-            ensure => present,
-            source => $dovecot_ssl_key,
-            mode   => "0600",
-            owner  => "root",
-            group  => "root",
-            notify => Service["dovecot"],
-        }
-    } else {
-        fail("You need to define an ssl_key in your node manifest.")
-    }
-
 }
 
 

dovecot/templates/puppet.conf.erb

@@ -1,12 +1,11 @@
-
+ssl = required
-ssl=required
+ssl_cert = <<%= scope.lookupvar('ssl::certs') %>/dovecot.crt
-ssl_cert = <<%= @dovecot_ssl_dir %>/certs/dovecot.crt
+ssl_key = <<%= scope.lookupvar('ssl::private') %>/dovecot.key
-ssl_key = <<%= @dovecot_ssl_dir %>/private/dovecot.key
 <% if @dovecot_ssl_ca -%>
-ssl_ca = <<%= @dovecot_ssl_dir %>/certs/dovecot.ca.crt
+ssl_ca = <<%= scope.lookupvar('ssl::certs') %>/dovecot.ca.crt
 <% end -%>
-
 <% if @dovecot_mailbox_format && @dovecot_mailbox_format == "mdbox" -%>
+
 # mdbox settings
 mdbox_rotate_size = 10M
 mdbox_rotate_interval = 10d