1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
class certbot(
$script_base = '/usr/bin',
$basedir = '/var/spool/certbot',
$owner = 'www-data',
$pre_hook = '',
$post_hook = '',
$plugin = 'webroot',
) {
$tool = $::lsbdistcodename ? {
'xenial' => 'letsencrypt',
default => 'certbot',
}
if $pre_hook != '' {
$real_pre_hook = "--pre-hook \"${pre_hook}\""
}
if $post_hook != '' {
$real_post_hook = "--post-hook \"${post_hook}\""
}
# Certbot support
file { $basedir:
ensure => directory,
owner => 'root',
group => $owner,
mode => '0750',
}
package { $tool:
ensure => $::lsbdistcodename ? {
trusty => absent,
default => present,
},
require => File[$basedir],
}
# Chosing an arbitrary minute within the hour in the hope that won't overload Let's Encrypt servers
cron { 'certbot-renew':
command => "${script_base}/${tool} renew --${plugin} --quiet -n ${real_pre_hook} ${real_post_hook}",
user => 'root',
hour => [ 5, 23 ],
minute => "28",
ensure => present,
require => Package[$tool],
}
}
|