diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2016-06-17 09:13:47 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2016-06-17 09:13:47 -0300 |
commit | 1d23b69b233d10dca9f2bb2a29d6082af6723fb7 (patch) | |
tree | f90cc031c9e31a34db311aab379293e73b10ffc1 /manifests | |
download | puppet-certbot-1d23b69b233d10dca9f2bb2a29d6082af6723fb7.tar.gz puppet-certbot-1d23b69b233d10dca9f2bb2a29d6082af6723fb7.tar.bz2 |
Initial import
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/init.pp | 43 | ||||
-rw-r--r-- | manifests/manage.pp | 25 |
2 files changed, 68 insertions, 0 deletions
diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..92cb32a --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,43 @@ +class certbot( + $basedir = '/var/spool/certbot', + $owner = 'www-data', + $pre_hook = '', + $post_hook = '', +) { + + $tool = $::lsbdistcodename { + 'xenial' => 'letsencrypt', + default => 'certbot', + } + + if $pre_hook != '' { + $real_pre_hook = "--pre-hook ${pre_hook}" + } + + if $post_hook != '' { + $real_post_hook = "--post-hook \"${post_hook}\"" + } + + # Certbot support + file { $basedir: + ensure => directory, + owner => 'root', + group => $owner, + mode => '0750', + } + + package { $tool: + ensure => present, + require => File[$basedir], + } + + cron { 'certbot-renew': + command => '"/usr/bin/${tool} renew --standalone ${real_pre_hook} ${real_post_hook}", + user => 'root', + weekday => 1, + hour => "05", + minute => "30", + ensure => present, + require => Package[$tool], + } +} diff --git a/manifests/manage.pp b/manifests/manage.pp new file mode 100644 index 0000000..865ca24 --- /dev/null +++ b/manifests/manage.pp @@ -0,0 +1,25 @@ +define certbot::manage( + $pre_hook = '', + $ensure = present, + $email = hiera('certbot::manage::email'), + $size = hiera('certbot::manage::size', '4096'), +){ + file { "${::certbot::basedir}/${name}": + ensure => directory, + owner => 'root', + group => "${::certbot::owner}" + mode => '0750', + require => Package["${::certbot::tool}"], + } + + if $pre_hook != '' { + $real_pre_hook = "${pre_hook} && " + } + + # Make sure nginx is restarted and request a certificate + exec { "certbot-${name}": + command => "${real_pre_hook}/usr/bin/certbot certonly --webroot -w /var/www/certbot/${name} -d ${name} -d www.${name} -m ${email} --rsa-key-size ${size} --agree-tos", + creates => "/etc/letsencrypt/archive/${name}", + require => File["${::certbot::basedir}/${name}"], + } +} |