summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2016-06-17 09:14:02 -0300
committerSilvio Rhatto <rhatto@riseup.net>2016-06-17 09:14:02 -0300
commitb1602fcad85d1c283d0f4da8d4166d3e17149344 (patch)
treef4ec24f515899bb6f1b0c26da699f051db085dc0
parentf2f65ac3c75729004f0735c3a6e2bf64ff1db763 (diff)
downloadpuppet-nginx-b1602fcad85d1c283d0f4da8d4166d3e17149344.tar.gz
puppet-nginx-b1602fcad85d1c283d0f4da8d4166d3e17149344.tar.bz2
Uses certbot module
-rw-r--r--manifests/certbot.pp22
-rw-r--r--manifests/site.pp6
-rw-r--r--manifests/ssl.pp29
3 files changed, 9 insertions, 48 deletions
diff --git a/manifests/certbot.pp b/manifests/certbot.pp
deleted file mode 100644
index 98f5203..0000000
--- a/manifests/certbot.pp
+++ /dev/null
@@ -1,22 +0,0 @@
-define nginx::certbot(
- $aliases = '',
- $ensure = present,
- $email = hiera('nginx::certbot::email'),
- $size = hiera('nginx::certbot::size', '4096'),
-){
- # Certbot support
- file { "/var/www/certbot/${name}":
- ensure => directory,
- owner => 'root',
- group => 'www-data',
- mode => '0750',
- require => Package['certbot'],
- }
-
- # Make sure nginx is restarted and request a certificate
- exec { "certbot-${name}":
- command => "/usr/sbin/service nginx restart && /usr/bin/certbot certonly --webroot -w /var/www/certbot/${name} -d ${name} -d www.${name} -m ${email} --rsa-key-size ${size} --agree-tos",
- creates => "/etc/letsencrypt/archive/${name}",
- require => File["/var/www/certbot/${name}", "/etc/nginx/sites-enabled/$name"],
- }
-}
diff --git a/manifests/site.pp b/manifests/site.pp
index c2a0a89..543850c 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -51,8 +51,10 @@ define nginx::site(
}
if $certbot == true {
- nginx::certbot { $name:
- ensure => $ensure,
+ certbot::manage { $name:
+ ensure => $ensure,
+ pre_hook => '/usr/sbin/service nginx restart',
+ require => File["/etc/nginx/sites-enabled/$name"],
}
}
}
diff --git a/manifests/ssl.pp b/manifests/ssl.pp
index 1fec72a..4b38332 100644
--- a/manifests/ssl.pp
+++ b/manifests/ssl.pp
@@ -3,6 +3,11 @@ class nginx::ssl(
) {
include ssl
+ class { 'certbot':
+ pre_hook => '/usr/sbin/service nginx stop',
+ post_hook => '/usr/sbin/service nginx start',
+ }
+
# See https://weakdh.org/
ssl::dhparams { 'nginx-2048':
notify => Service['nginx'],
@@ -16,28 +21,4 @@ class nginx::ssl(
'ssl_prefer_server_ciphers': value => 'ssl_prefer_server_ciphers on;';
'ssl_dhparam': value => 'ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem;';
}
-
- # Certbot support
- file { '/var/www/certbot':
- ensure => directory,
- owner => 'root',
- group => 'www-data',
- mode => '0750',
- require => Package['nginx'],
- }
-
- package { 'certbot':
- ensure => present,
- require => File['/var/www/certbot'],
- }
-
- cron { 'certbot-renew':
- command => '/usr/bin/certbot renew --standalone --pre-hook "service nginx stop" --post-hook "service nginx start"',
- user => 'root',
- weekday => 1,
- hour => "05",
- minute => "30",
- ensure => present,
- require => Package['certbot'],
- }
}