feat: manage certbot

- add haproxy backend for be_letsencrypt
- manage the certbot role/profile
- create define to export certificate requests
This commit is contained in:
2024-07-07 16:12:53 +10:00
parent 991c8a3029
commit 9db714d02f
7 changed files with 75 additions and 0 deletions
+15
View File
@@ -0,0 +1,15 @@
# profiles::certbot::cert
define profiles::certbot::cert (
Stdlib::Fqdn $domain,
Array $additional_args = ['--http-01-port=8888'],
Boolean $manage_cron = true,
) {
$location_environment = "${facts['country']}-${facts['region']}-${facts['environment']}"
@@letsencrypt::certonly { $domain:
additional_args => $additional_args,
manage_cron => $manage_cron,
tag => $location_environment,
}
}
+32
View File
@@ -0,0 +1,32 @@
# profiles::certbot::server
class profiles::certbot::server (
String $contact,
Array[Stdlib::Fqdn] $domains = [],
) {
class { 'letsencrypt':
configure_epel => false,
package_ensure => 'latest',
email => $contact,
}
# set location_environment
$location_environment = "${facts['country']}-${facts['region']}-${facts['environment']}"
# collect exported resources
Letsencrypt::Certonly <<| tag == $location_environment |>>
# statically defined certificate
$domains.each | $domain | {
profiles::certbot::cert {$domain:
domain => $domain,
}
}
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8888":
service => 'be_letsencrypt',
ports => [8888],
options => []
}
}