feat: certbot reorg

- moved certbot into its own module
- added fact to list available certificates
- created systemd timer to rsync data to $data_dir/pub
- ensure the $data_dir/pub exists
- manage selinux for nginx
This commit is contained in:
2024-07-08 20:22:44 +10:00
parent 30ec8c1bb1
commit bd5164fed3
21 changed files with 232 additions and 80 deletions
@@ -0,0 +1,18 @@
# frozen_string_literal: true
Facter.add(:certbot_available_certs) do
confine enc_role: 'roles::infra::pki::certbot'
setcode do
certs_dir = '/etc/letsencrypt/live'
available_certs = []
if Dir.exist?(certs_dir)
Dir.children(certs_dir).each do |entry|
fullchain_pem = File.join(certs_dir, entry, 'fullchain.pem')
available_certs << entry if File.exist?(fullchain_pem)
end
end
available_certs.join(',')
end
end