diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2016-06-16 18:53:55 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2016-06-16 18:53:55 -0300 |
commit | d14b82a7cc11d9463d38d6656e0bc7084c34471f (patch) | |
tree | 2e8225b1d3753f7646517174710179602fb3f753 | |
parent | 3580b0ee72b210365de78a024c3bf280839cb420 (diff) | |
download | puppet-nginx-d14b82a7cc11d9463d38d6656e0bc7084c34471f.tar.gz puppet-nginx-d14b82a7cc11d9463d38d6656e0bc7084c34471f.tar.bz2 |
Adds initial Let's Encrypt support via certbot
-rw-r--r-- | manifests/certbot.pp | 19 | ||||
-rw-r--r-- | manifests/site.pp | 12 | ||||
-rw-r--r-- | manifests/ssl.pp | 14 |
3 files changed, 44 insertions, 1 deletions
diff --git a/manifests/certbot.pp b/manifests/certbot.pp new file mode 100644 index 0000000..e024b32 --- /dev/null +++ b/manifests/certbot.pp @@ -0,0 +1,19 @@ +define nginx::certbot( + $aliases = '' + $ensure = 'present', + $email = hiera('nginx::certbot::email'), + $size = hiera('nginx::certbot::size', '4096'), +){ + # Certbot support + file { "/var/www/certbot/${name}": + ensure => $ensure, + owner => 'root', + group => 'www-data', + mode => '0750', + require => Package['certbot'], + } + + exec { "certbot-${name}": + command => "/usr/bin/certbot certonly --webroot -w /var/www/certbot/${name} -d ${name} -m ${email} --rsa-key-size ${size} --agree-tos", + } +} diff --git a/manifests/site.pp b/manifests/site.pp index 1886f9b..14406d4 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1,4 +1,8 @@ -define nginx::site($ensure = present, $source = 'file') { +define nginx::site( + $ensure = present, + $source = 'file', + $certbot = true +) { case $source { 'file': { file { "/etc/nginx/sites-available/$name": @@ -45,4 +49,10 @@ define nginx::site($ensure = present, $source = 'file') { require => File["/etc/nginx/sites-enabled"], notify => Service["nginx"], } + + if $certbot == true { + nginx::certbot { $name: + ensure => $ensure, + } + } } diff --git a/manifests/ssl.pp b/manifests/ssl.pp index 6e4af14..8592546 100644 --- a/manifests/ssl.pp +++ b/manifests/ssl.pp @@ -16,4 +16,18 @@ class nginx::ssl( 'ssl_prefer_server_ciphers': value => 'ssl_prefer_server_ciphers on;'; 'ssl_dhparam': value => 'ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem;'; } + + # Certbot support + file { '/var/www/certbot': + ensure => directory, + owner => 'root', + group => 'www-data', + mode => '0750', + require => Package['nginx'], + } + + package { 'certbot': + ensure => present, + require => File['/var/www/certbot'], + } } |