From d14b82a7cc11d9463d38d6656e0bc7084c34471f Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Thu, 16 Jun 2016 18:53:55 -0300 Subject: Adds initial Let's Encrypt support via certbot --- manifests/certbot.pp | 19 +++++++++++++++++++ manifests/site.pp | 12 +++++++++++- manifests/ssl.pp | 14 ++++++++++++++ 3 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 manifests/certbot.pp diff --git a/manifests/certbot.pp b/manifests/certbot.pp new file mode 100644 index 0000000..e024b32 --- /dev/null +++ b/manifests/certbot.pp @@ -0,0 +1,19 @@ +define nginx::certbot( + $aliases = '' + $ensure = 'present', + $email = hiera('nginx::certbot::email'), + $size = hiera('nginx::certbot::size', '4096'), +){ + # Certbot support + file { "/var/www/certbot/${name}": + ensure => $ensure, + owner => 'root', + group => 'www-data', + mode => '0750', + require => Package['certbot'], + } + + exec { "certbot-${name}": + command => "/usr/bin/certbot certonly --webroot -w /var/www/certbot/${name} -d ${name} -m ${email} --rsa-key-size ${size} --agree-tos", + } +} diff --git a/manifests/site.pp b/manifests/site.pp index 1886f9b..14406d4 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1,4 +1,8 @@ -define nginx::site($ensure = present, $source = 'file') { +define nginx::site( + $ensure = present, + $source = 'file', + $certbot = true +) { case $source { 'file': { file { "/etc/nginx/sites-available/$name": @@ -45,4 +49,10 @@ define nginx::site($ensure = present, $source = 'file') { require => File["/etc/nginx/sites-enabled"], notify => Service["nginx"], } + + if $certbot == true { + nginx::certbot { $name: + ensure => $ensure, + } + } } diff --git a/manifests/ssl.pp b/manifests/ssl.pp index 6e4af14..8592546 100644 --- a/manifests/ssl.pp +++ b/manifests/ssl.pp @@ -16,4 +16,18 @@ class nginx::ssl( 'ssl_prefer_server_ciphers': value => 'ssl_prefer_server_ciphers on;'; 'ssl_dhparam': value => 'ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem;'; } + + # Certbot support + file { '/var/www/certbot': + ensure => directory, + owner => 'root', + group => 'www-data', + mode => '0750', + require => Package['nginx'], + } + + package { 'certbot': + ensure => present, + require => File['/var/www/certbot'], + } } -- cgit v1.2.3