feat: certbot reorg
- moved certbot into its own module - added fact to list available certificates - created systemd timer to rsync data to $data_dir/pub - ensure the $data_dir/pub exists - manage selinux for nginx
This commit is contained in:
@@ -0,0 +1,18 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
Facter.add(:certbot_available_certs) do
|
||||
confine enc_role: 'roles::infra::pki::certbot'
|
||||
setcode do
|
||||
certs_dir = '/etc/letsencrypt/live'
|
||||
available_certs = []
|
||||
|
||||
if Dir.exist?(certs_dir)
|
||||
Dir.children(certs_dir).each do |entry|
|
||||
fullchain_pem = File.join(certs_dir, entry, 'fullchain.pem')
|
||||
available_certs << entry if File.exist?(fullchain_pem)
|
||||
end
|
||||
end
|
||||
|
||||
available_certs.join(',')
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user