summaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2016-06-17 09:13:47 -0300
committerSilvio Rhatto <rhatto@riseup.net>2016-06-17 09:13:47 -0300
commit1d23b69b233d10dca9f2bb2a29d6082af6723fb7 (patch)
treef90cc031c9e31a34db311aab379293e73b10ffc1 /manifests
downloadpuppet-certbot-1d23b69b233d10dca9f2bb2a29d6082af6723fb7.tar.gz
puppet-certbot-1d23b69b233d10dca9f2bb2a29d6082af6723fb7.tar.bz2
Initial import
Diffstat (limited to 'manifests')
-rw-r--r--manifests/init.pp43
-rw-r--r--manifests/manage.pp25
2 files changed, 68 insertions, 0 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
new file mode 100644
index 0000000..92cb32a
--- /dev/null
+++ b/manifests/init.pp
@@ -0,0 +1,43 @@
+class certbot(
+ $basedir = '/var/spool/certbot',
+ $owner = 'www-data',
+ $pre_hook = '',
+ $post_hook = '',
+) {
+
+ $tool = $::lsbdistcodename {
+ 'xenial' => 'letsencrypt',
+ default => 'certbot',
+ }
+
+ if $pre_hook != '' {
+ $real_pre_hook = "--pre-hook ${pre_hook}"
+ }
+
+ if $post_hook != '' {
+ $real_post_hook = "--post-hook \"${post_hook}\""
+ }
+
+ # Certbot support
+ file { $basedir:
+ ensure => directory,
+ owner => 'root',
+ group => $owner,
+ mode => '0750',
+ }
+
+ package { $tool:
+ ensure => present,
+ require => File[$basedir],
+ }
+
+ cron { 'certbot-renew':
+ command => '"/usr/bin/${tool} renew --standalone ${real_pre_hook} ${real_post_hook}",
+ user => 'root',
+ weekday => 1,
+ hour => "05",
+ minute => "30",
+ ensure => present,
+ require => Package[$tool],
+ }
+}
diff --git a/manifests/manage.pp b/manifests/manage.pp
new file mode 100644
index 0000000..865ca24
--- /dev/null
+++ b/manifests/manage.pp
@@ -0,0 +1,25 @@
+define certbot::manage(
+ $pre_hook = '',
+ $ensure = present,
+ $email = hiera('certbot::manage::email'),
+ $size = hiera('certbot::manage::size', '4096'),
+){
+ file { "${::certbot::basedir}/${name}":
+ ensure => directory,
+ owner => 'root',
+ group => "${::certbot::owner}"
+ mode => '0750',
+ require => Package["${::certbot::tool}"],
+ }
+
+ if $pre_hook != '' {
+ $real_pre_hook = "${pre_hook} && "
+ }
+
+ # Make sure nginx is restarted and request a certificate
+ exec { "certbot-${name}":
+ command => "${real_pre_hook}/usr/bin/certbot certonly --webroot -w /var/www/certbot/${name} -d ${name} -d www.${name} -m ${email} --rsa-key-size ${size} --agree-tos",
+ creates => "/etc/letsencrypt/archive/${name}",
+ require => File["${::certbot::basedir}/${name}"],
+ }
+}