feat: certbot reorg

- moved certbot into its own module
- added fact to list available certificates
- created systemd timer to rsync data to $data_dir/pub
- ensure the $data_dir/pub exists
- manage selinux for nginx
This commit is contained in:
2024-07-08 20:22:44 +10:00
parent 30ec8c1bb1
commit bd5164fed3
21 changed files with 232 additions and 80 deletions
+19
View File
@@ -0,0 +1,19 @@
# certbot::init
class certbot (
String $contact,
Array[Stdlib::Fqdn] $domains = [],
Stdlib::Absolutepath $data_root = '/var/www',
Stdlib::Fqdn $nginx_vhost = $facts['networking']['fqdn'],
Array[Stdlib::Host] $nginx_aliases = [],
Stdlib::Port $nginx_port = 80,
Stdlib::Port $nginx_ssl_port = 443,
Enum['http','https','both'] $nginx_listen_mode = 'https',
Enum['puppet', 'vault'] $nginx_cert_type = 'puppet',
) {
include certbot::nginx
include certbot::selinux
include certbot::haproxy
include certbot::letsencrypt
}