From d14b82a7cc11d9463d38d6656e0bc7084c34471f Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 16 Jun 2016 18:53:55 -0300
Subject: Adds initial Let's Encrypt support via certbot

---
 manifests/certbot.pp | 19 +++++++++++++++++++
 manifests/site.pp    | 12 +++++++++++-
 manifests/ssl.pp     | 14 ++++++++++++++
 3 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 manifests/certbot.pp

diff --git a/manifests/certbot.pp b/manifests/certbot.pp
new file mode 100644
index 0000000..e024b32
--- /dev/null
+++ b/manifests/certbot.pp
@@ -0,0 +1,19 @@
+define nginx::certbot(
+  $aliases = ''
+  $ensure  = 'present',
+  $email   = hiera('nginx::certbot::email'),
+  $size    = hiera('nginx::certbot::size', '4096'),
+){
+  # Certbot support
+  file { "/var/www/certbot/${name}":
+    ensure  => $ensure,
+    owner   => 'root',
+    group   => 'www-data',
+    mode    => '0750',
+    require => Package['certbot'],
+  }
+
+  exec { "certbot-${name}":
+    command => "/usr/bin/certbot certonly --webroot -w /var/www/certbot/${name} -d ${name} -m ${email} --rsa-key-size ${size} --agree-tos",
+  }
+}
diff --git a/manifests/site.pp b/manifests/site.pp
index 1886f9b..14406d4 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,4 +1,8 @@
-define nginx::site($ensure = present, $source = 'file') {
+define nginx::site(
+  $ensure  = present,
+  $source  = 'file',
+  $certbot = true
+) {
   case $source {
     'file': {
       file { "/etc/nginx/sites-available/$name":
@@ -45,4 +49,10 @@ define nginx::site($ensure = present, $source = 'file') {
     require => File["/etc/nginx/sites-enabled"],
     notify  => Service["nginx"],
   }
+
+  if $certbot == true {
+    nginx::certbot { $name:
+      ensure => $ensure,
+    }
+  }
 }
diff --git a/manifests/ssl.pp b/manifests/ssl.pp
index 6e4af14..8592546 100644
--- a/manifests/ssl.pp
+++ b/manifests/ssl.pp
@@ -16,4 +16,18 @@ class nginx::ssl(
     'ssl_prefer_server_ciphers': value => 'ssl_prefer_server_ciphers on;';
     'ssl_dhparam':               value => 'ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem;';
   }
+
+  # Certbot support
+  file { '/var/www/certbot':
+    ensure  => directory,
+    owner   => 'root',
+    group   => 'www-data',
+    mode    => '0750',
+    require => Package['nginx'],
+  }
+
+  package { 'certbot':
+    ensure => present,
+    require => File['/var/www/certbot'],
+  }
 }
-- 
cgit v1.2.3