From cf83d16606d96d461435d5cb5641fb1bf45e9c74 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 18 Jun 2016 13:53:07 -0300
Subject: Initial certbot support

---
 manifests/site.pp        | 13 +++++++++++--
 manifests/site/config.pp |  1 +
 templates/site.erb       | 12 ++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index 6af019e..586d5c1 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -32,8 +32,8 @@ define apache::site(
   $hidden_service       = false,
   $custom_directives    = false,
   $allow_override       = false,
-  $hosting_domain       = hiera('apache::site::domain', $::domain)
-
+  $hosting_domain       = hiera('apache::site::domain', $::domain),
+  $certbot              = false,
 ) {
   $vhost = $filename ? {
     ''      => "${name}",
@@ -118,6 +118,7 @@ define apache::site(
     custom_directives    => $custom_directives,
     allow_override       => $allow_override,
     hosting_domain       => $hosting_domain,
+    certbot              => $certbot,
   }
 
   # Enable or disable accordingly
@@ -128,5 +129,13 @@ define apache::site(
     owner          => $owner,
     group          => $group,
     vhost          => $vhost,
+    require        => Apache::Site::Config[$name],
+  }
+
+  if $certbot == true {
+    certbot::manage { $name:
+      pre_hook => '/usr/sbin/service apache2 reload',
+      require  => Apache::Site::Manage[$name],
+    }
   }
 }
diff --git a/manifests/site/config.pp b/manifests/site/config.pp
index a723eab..063c08f 100644
--- a/manifests/site/config.pp
+++ b/manifests/site/config.pp
@@ -21,6 +21,7 @@ define apache::site::config(
   $custom_directives    = false,
   $allow_override       = false,
   $hosting_domain       = hiera('apache::site::domain', $::domain)
+  $certbot              = false,
 ) {
   case $source {
     true: {
diff --git a/templates/site.erb b/templates/site.erb
index 2ed5107..17ff13e 100644
--- a/templates/site.erb
+++ b/templates/site.erb
@@ -38,6 +38,18 @@
      AllowOverride <%= @allow_override %>
    </Directory>
 <% end -%>
+<% if @certbot != false -%>
+   # Add Alias For Lets Encrypt WebRoot Authentication Using ACME
+   # See https://ubuntu101.co.za/ssl/postfix-and-dovecot-on-ubuntu-with-a-lets-encrypt-ssl-certificate/
+   AliasMatch ^/.well-known/acme-challenge/(.*)$ /var/spool/certbot/<%= @name %>/.well-known/acme-challenge/$1
+   Alias /.well-known/acme-challenge/ /var/spool/certbot/<%= @name %>/.well-known/acme-challenge/
+   <Directory "/var/spool/certbot/<%= @name %>/.well-known/acme-challenge/">
+     Options None
+     AllowOverride None
+     ForceType text/plain
+     RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
+   </Directory>
+<% end -%>
 </VirtualHost>
 # end vhost for <%= @title %>
 <% if @ssl == true %>
-- 
cgit v1.2.3