Ben Vincent
bd5164fed3
- moved certbot into its own module - added fact to list available certificates - created systemd timer to rsync data to $data_dir/pub - ensure the $data_dir/pub exists - manage selinux for nginx
24 lines
571 B
Puppet
24 lines
571 B
Puppet
class certbot::client (
|
|
Array[Stdlib::Fqdn] $domains,
|
|
Stdlib::Fqdn $webserver,
|
|
Stdlib::Absolutepath $data_dir = '/etc/pki/tls/letsencrypt/',
|
|
) {
|
|
|
|
mkdir::p {$data_dir:}
|
|
file { $data_dir:
|
|
ensure => directory,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
}
|
|
|
|
$domains.each |$domain| {
|
|
certbot::client::cert {"${facts['networking']['fqdn']}_download_${domain}":
|
|
domain => $domain,
|
|
destination => "${data_dir}/${domain}",
|
|
webserver => $webserver,
|
|
require => File[$data_dir],
|
|
}
|
|
}
|
|
}
|