summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2016-06-16 18:53:55 -0300
committerSilvio Rhatto <rhatto@riseup.net>2016-06-16 18:53:55 -0300
commitd14b82a7cc11d9463d38d6656e0bc7084c34471f (patch)
tree2e8225b1d3753f7646517174710179602fb3f753
parent3580b0ee72b210365de78a024c3bf280839cb420 (diff)
downloadpuppet-nginx-d14b82a7cc11d9463d38d6656e0bc7084c34471f.tar.gz
puppet-nginx-d14b82a7cc11d9463d38d6656e0bc7084c34471f.tar.bz2
Adds initial Let's Encrypt support via certbot
-rw-r--r--manifests/certbot.pp19
-rw-r--r--manifests/site.pp12
-rw-r--r--manifests/ssl.pp14
3 files changed, 44 insertions, 1 deletions
diff --git a/manifests/certbot.pp b/manifests/certbot.pp
new file mode 100644
index 0000000..e024b32
--- /dev/null
+++ b/manifests/certbot.pp
@@ -0,0 +1,19 @@
+define nginx::certbot(
+ $aliases = ''
+ $ensure = 'present',
+ $email = hiera('nginx::certbot::email'),
+ $size = hiera('nginx::certbot::size', '4096'),
+){
+ # Certbot support
+ file { "/var/www/certbot/${name}":
+ ensure => $ensure,
+ owner => 'root',
+ group => 'www-data',
+ mode => '0750',
+ require => Package['certbot'],
+ }
+
+ exec { "certbot-${name}":
+ command => "/usr/bin/certbot certonly --webroot -w /var/www/certbot/${name} -d ${name} -m ${email} --rsa-key-size ${size} --agree-tos",
+ }
+}
diff --git a/manifests/site.pp b/manifests/site.pp
index 1886f9b..14406d4 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,4 +1,8 @@
-define nginx::site($ensure = present, $source = 'file') {
+define nginx::site(
+ $ensure = present,
+ $source = 'file',
+ $certbot = true
+) {
case $source {
'file': {
file { "/etc/nginx/sites-available/$name":
@@ -45,4 +49,10 @@ define nginx::site($ensure = present, $source = 'file') {
require => File["/etc/nginx/sites-enabled"],
notify => Service["nginx"],
}
+
+ if $certbot == true {
+ nginx::certbot { $name:
+ ensure => $ensure,
+ }
+ }
}
diff --git a/manifests/ssl.pp b/manifests/ssl.pp
index 6e4af14..8592546 100644
--- a/manifests/ssl.pp
+++ b/manifests/ssl.pp
@@ -16,4 +16,18 @@ class nginx::ssl(
'ssl_prefer_server_ciphers': value => 'ssl_prefer_server_ciphers on;';
'ssl_dhparam': value => 'ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem;';
}
+
+ # Certbot support
+ file { '/var/www/certbot':
+ ensure => directory,
+ owner => 'root',
+ group => 'www-data',
+ mode => '0750',
+ require => Package['nginx'],
+ }
+
+ package { 'certbot':
+ ensure => present,
+ require => File['/var/www/certbot'],
+ }
}