feat: enable retrieval of certbot certs

- refactor certbot
- add nginx to certbot hosts
This commit is contained in:
2024-07-07 22:24:24 +10:00
parent 9db714d02f
commit 30ec8c1bb1
9 changed files with 143 additions and 14 deletions
@@ -0,0 +1,26 @@
define profiles::pki::letsencrypt (
Stdlib::Fqdn $webserver,
Stdlib::Fqdn $domain,
Stdlib::Absolutepath $destination = "/etc/pki/tls/letsencrypt/${domain}",
) {
file { $destination:
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
$cert_files = ['cert.pem', 'chain.pem', 'fullchain.pem', 'privkey.pem']
$cert_files.each |String $file| {
file { "${destination}/${file}":
ensure => file,
source => "https://${webserver}/${domain}/${file}",
owner => 'root',
group => 'root',
mode => '0644',
require => File[$destination],
}
}
}