Ben Vincent
bd5164fed3
- moved certbot into its own module - added fact to list available certificates - created systemd timer to rsync data to $data_dir/pub - ensure the $data_dir/pub exists - manage selinux for nginx
38 lines
1.0 KiB
Puppet
38 lines
1.0 KiB
Puppet
# certbot::letsencrypt
|
|
class certbot::letsencrypt (
|
|
String $contact = $certbot::contact,
|
|
Array[Stdlib::Fqdn] $domains = $certbot::domains,
|
|
Stdlib::Absolutepath $data_root = $certbot::data_root,
|
|
) {
|
|
|
|
class { 'letsencrypt':
|
|
configure_epel => false,
|
|
package_ensure => 'latest',
|
|
email => $contact,
|
|
}
|
|
|
|
# set location_environment
|
|
$location_environment = "${facts['country']}-${facts['region']}-${facts['environment']}"
|
|
|
|
# collect exported resources
|
|
Letsencrypt::Certonly <<| tag == $location_environment |>>
|
|
|
|
# statically defined certificate
|
|
$domains.each | $domain | {
|
|
certbot::cert {$domain:
|
|
domain => $domain,
|
|
require => Class['letsencrypt'],
|
|
}
|
|
}
|
|
|
|
systemd::timer { 'certbot-syncer.timer':
|
|
timer_content => epp('certbot/certbot-syncer.timer.epp'),
|
|
service_content => epp('certbot/certbot-syncer.service.epp', {
|
|
'data_root' => $data_root,
|
|
}),
|
|
active => true,
|
|
enable => true,
|
|
require => Class['letsencrypt'],
|
|
}
|
|
}
|