diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-01-14 23:52:29 +0100 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-01-15 00:09:27 +0100 |
commit | 15e94f424341528b2e23fdcf6d4756775903327e (patch) | |
tree | 4b6e6b0939e2c628fef9686c48297f14d284f874 | |
parent | Exec require files. (diff) | |
download | hugonikanor-letsencrypt-15e94f424341528b2e23fdcf6d4756775903327e.tar.gz hugonikanor-letsencrypt-15e94f424341528b2e23fdcf6d4756775903327e.tar.xz |
Check for cert by filename prefix.
-rw-r--r-- | lib/facter/letsencrypt_bycertname.rb | 23 | ||||
-rw-r--r-- | manifests/cert.pp | 22 |
2 files changed, 35 insertions, 10 deletions
diff --git a/lib/facter/letsencrypt_bycertname.rb b/lib/facter/letsencrypt_bycertname.rb new file mode 100644 index 0000000..56556ff --- /dev/null +++ b/lib/facter/letsencrypt_bycertname.rb @@ -0,0 +1,23 @@ +require 'pathname' + +Facter.add(:letsencrypt_bycertname) do + confine kernel: ['FreeBSD', 'Linux', 'OpenBSD'] + + setcode do + certs = {} + + # locate the certificate repository + livedir = ['/etc/letsencrypt/live', '/etc/certbot/live'] + .map { |path| Pathname.new path } + .find(&:directory?) + + unless livedir.nil? + Pathname.new(livedir).children.select(&:directory?).each do |path| + m = path.basename.to_s.match(%r{(.*?)(-\d+)?$}) + certs[m[1]] = path.to_s + end + end + + certs + end +end diff --git a/manifests/cert.pp b/manifests/cert.pp index 9a34725..ec2baf1 100644 --- a/manifests/cert.pp +++ b/manifests/cert.pp @@ -46,11 +46,11 @@ define letsencrypt::cert ( } ensure_resource('letsencrypt::domain', $domains, { - cert_name => $cert_name, + cert_name => $cert_name, }) if $include_self and ! $cert_name in $domains { ensure_resource('letsencrypt::domain', $cert_name, { - cert_name => $cert_name, + cert_name => $cert_name, }) } @@ -61,14 +61,16 @@ define letsencrypt::cert ( # exists then the new certificate will instead be called # ${cert-name}-0001. See # https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates - exec { "letsencrypt - get initial ${cert_name}": - creates => "${letsencrypt::cert_dir}/${cert_name}", - command => [$letsencrypt::renew::setup::renew_script, $cert_name], - require => [ - Concat[$domain_file], - File[$conf_file], - File[$letsencrypt::renew::setup::renew_script], - ], + if ! $cert_name in $facts['letsencrypt_bycertname'] { + exec { "letsencrypt - get initial ${cert_name}": + creates => "${letsencrypt::cert_dir}/${cert_name}", + command => [$letsencrypt::renew::setup::renew_script, $cert_name], + require => [ + Concat[$domain_file], + File[$conf_file], + File[$letsencrypt::renew::setup::renew_script], + ], + } } exec { "letsencrypt - refresh ${cert_name}": |