diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2016-06-17 09:14:02 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2016-06-17 09:14:02 -0300 |
commit | b1602fcad85d1c283d0f4da8d4166d3e17149344 (patch) | |
tree | f4ec24f515899bb6f1b0c26da699f051db085dc0 | |
parent | f2f65ac3c75729004f0735c3a6e2bf64ff1db763 (diff) | |
download | puppet-nginx-b1602fcad85d1c283d0f4da8d4166d3e17149344.tar.gz puppet-nginx-b1602fcad85d1c283d0f4da8d4166d3e17149344.tar.bz2 |
Uses certbot module
-rw-r--r-- | manifests/certbot.pp | 22 | ||||
-rw-r--r-- | manifests/site.pp | 6 | ||||
-rw-r--r-- | manifests/ssl.pp | 29 |
3 files changed, 9 insertions, 48 deletions
diff --git a/manifests/certbot.pp b/manifests/certbot.pp deleted file mode 100644 index 98f5203..0000000 --- a/manifests/certbot.pp +++ /dev/null @@ -1,22 +0,0 @@ -define nginx::certbot( - $aliases = '', - $ensure = present, - $email = hiera('nginx::certbot::email'), - $size = hiera('nginx::certbot::size', '4096'), -){ - # Certbot support - file { "/var/www/certbot/${name}": - ensure => directory, - owner => 'root', - group => 'www-data', - mode => '0750', - require => Package['certbot'], - } - - # Make sure nginx is restarted and request a certificate - exec { "certbot-${name}": - command => "/usr/sbin/service nginx restart && /usr/bin/certbot certonly --webroot -w /var/www/certbot/${name} -d ${name} -d www.${name} -m ${email} --rsa-key-size ${size} --agree-tos", - creates => "/etc/letsencrypt/archive/${name}", - require => File["/var/www/certbot/${name}", "/etc/nginx/sites-enabled/$name"], - } -} diff --git a/manifests/site.pp b/manifests/site.pp index c2a0a89..543850c 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -51,8 +51,10 @@ define nginx::site( } if $certbot == true { - nginx::certbot { $name: - ensure => $ensure, + certbot::manage { $name: + ensure => $ensure, + pre_hook => '/usr/sbin/service nginx restart', + require => File["/etc/nginx/sites-enabled/$name"], } } } diff --git a/manifests/ssl.pp b/manifests/ssl.pp index 1fec72a..4b38332 100644 --- a/manifests/ssl.pp +++ b/manifests/ssl.pp @@ -3,6 +3,11 @@ class nginx::ssl( ) { include ssl + class { 'certbot': + pre_hook => '/usr/sbin/service nginx stop', + post_hook => '/usr/sbin/service nginx start', + } + # See https://weakdh.org/ ssl::dhparams { 'nginx-2048': notify => Service['nginx'], @@ -16,28 +21,4 @@ class nginx::ssl( 'ssl_prefer_server_ciphers': value => 'ssl_prefer_server_ciphers on;'; 'ssl_dhparam': value => 'ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem;'; } - - # Certbot support - file { '/var/www/certbot': - ensure => directory, - owner => 'root', - group => 'www-data', - mode => '0750', - require => Package['nginx'], - } - - package { 'certbot': - ensure => present, - require => File['/var/www/certbot'], - } - - cron { 'certbot-renew': - command => '/usr/bin/certbot renew --standalone --pre-hook "service nginx stop" --post-hook "service nginx start"', - user => 'root', - weekday => 1, - hour => "05", - minute => "30", - ensure => present, - require => Package['certbot'], - } } |