feat: certbot reorg

- moved certbot into its own module
- added fact to list available certificates
- created systemd timer to rsync data to $data_dir/pub
- ensure the $data_dir/pub exists
- manage selinux for nginx
This commit is contained in:
2024-07-08 20:22:44 +10:00
parent 30ec8c1bb1
commit bd5164fed3
21 changed files with 232 additions and 80 deletions
@@ -1,26 +0,0 @@
define profiles::pki::letsencrypt (
Stdlib::Fqdn $webserver,
Stdlib::Fqdn $domain,
Stdlib::Absolutepath $destination = "/etc/pki/tls/letsencrypt/${domain}",
) {
file { $destination:
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
$cert_files = ['cert.pem', 'chain.pem', 'fullchain.pem', 'privkey.pem']
$cert_files.each |String $file| {
file { "${destination}/${file}":
ensure => file,
source => "https://${webserver}/${domain}/${file}",
owner => 'root',
group => 'root',
mode => '0644',
require => File[$destination],
}
}
}