feat: certbot reorg
- moved certbot into its own module - added fact to list available certificates - created systemd timer to rsync data to $data_dir/pub - ensure the $data_dir/pub exists - manage selinux for nginx
This commit is contained in:
@@ -0,0 +1,37 @@
|
||||
# certbot::letsencrypt
|
||||
class certbot::letsencrypt (
|
||||
String $contact = $certbot::contact,
|
||||
Array[Stdlib::Fqdn] $domains = $certbot::domains,
|
||||
Stdlib::Absolutepath $data_root = $certbot::data_root,
|
||||
) {
|
||||
|
||||
class { 'letsencrypt':
|
||||
configure_epel => false,
|
||||
package_ensure => 'latest',
|
||||
email => $contact,
|
||||
}
|
||||
|
||||
# set location_environment
|
||||
$location_environment = "${facts['country']}-${facts['region']}-${facts['environment']}"
|
||||
|
||||
# collect exported resources
|
||||
Letsencrypt::Certonly <<| tag == $location_environment |>>
|
||||
|
||||
# statically defined certificate
|
||||
$domains.each | $domain | {
|
||||
certbot::cert {$domain:
|
||||
domain => $domain,
|
||||
require => Class['letsencrypt'],
|
||||
}
|
||||
}
|
||||
|
||||
systemd::timer { 'certbot-syncer.timer':
|
||||
timer_content => epp('certbot/certbot-syncer.timer.epp'),
|
||||
service_content => epp('certbot/certbot-syncer.service.epp', {
|
||||
'data_root' => $data_root,
|
||||
}),
|
||||
active => true,
|
||||
enable => true,
|
||||
require => Class['letsencrypt'],
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user