feat: certbot reorg
- moved certbot into its own module - added fact to list available certificates - created systemd timer to rsync data to $data_dir/pub - ensure the $data_dir/pub exists - manage selinux for nginx
This commit is contained in:
@@ -1,26 +0,0 @@
|
||||
define profiles::pki::letsencrypt (
|
||||
Stdlib::Fqdn $webserver,
|
||||
Stdlib::Fqdn $domain,
|
||||
Stdlib::Absolutepath $destination = "/etc/pki/tls/letsencrypt/${domain}",
|
||||
) {
|
||||
|
||||
file { $destination:
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
}
|
||||
|
||||
$cert_files = ['cert.pem', 'chain.pem', 'fullchain.pem', 'privkey.pem']
|
||||
|
||||
$cert_files.each |String $file| {
|
||||
file { "${destination}/${file}":
|
||||
ensure => file,
|
||||
source => "https://${webserver}/${domain}/${file}",
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
require => File[$destination],
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user