feat: certbot reorg
- moved certbot into its own module - added fact to list available certificates - created systemd timer to rsync data to $data_dir/pub - ensure the $data_dir/pub exists - manage selinux for nginx
This commit is contained in:
@@ -0,0 +1,23 @@
|
||||
class certbot::client (
|
||||
Array[Stdlib::Fqdn] $domains,
|
||||
Stdlib::Fqdn $webserver,
|
||||
Stdlib::Absolutepath $data_dir = '/etc/pki/tls/letsencrypt/',
|
||||
) {
|
||||
|
||||
mkdir::p {$data_dir:}
|
||||
file { $data_dir:
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
}
|
||||
|
||||
$domains.each |$domain| {
|
||||
certbot::client::cert {"${facts['networking']['fqdn']}_download_${domain}":
|
||||
domain => $domain,
|
||||
destination => "${data_dir}/${domain}",
|
||||
webserver => $webserver,
|
||||
require => File[$data_dir],
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user