diff options
Diffstat (limited to 'manifests/init.pp')
| -rw-r--r-- | manifests/init.pp | 65 |
1 files changed, 40 insertions, 25 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index cc72b32..d6fb5f6 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,38 +1,53 @@ # @summary Sets up letsencrypt for other classes # @param email Contact email sent to letsencrypt -# @param config_dir Location of configuration files -# @param default_cert Should a certificate be automatically configured -# @param default_cert_name -# The name (and domain) of the automatically configured centificate. +# @param manage_package +# Should the certbot package resource be managed by this class +# @param certbot_package +# Name of the certbot package. Should be automatically set through hiera. +# @param server +# Server providing ACME challenge +# @param renewal_provider +# Service responsible for periodically renewing the certificate +# @param config +# Default configuration values to pass to certbot. $server and +# $email is added here if not explicitly set. It's later merged with +# a specific instance for each certificate. class letsencrypt ( String $email, - Stdlib::Unixpath $config_dir = '/etc/letsencrypt', - String $default_cert_name = $::facts['fqdn'], - Boolean $default_cert = true, - # TODO renewal provider here? + Letsencrypt::Renewal_provider $renewal_provider, # hiera + String $certbot_package = 'certbot', + Boolean $manage_package = true, + String $server = 'https://acme-v02.api.letsencrypt.org/directory', + Hash[String, Any] $config = {}, ) { - if $default_cert { - letsencrypt::cert { $default_cert_name: - ensure => present, - } - } + # if $default_cert { + # letsencrypt::cert { $default_cert_name: + # ensure => present, + # } + # } - file { $config_dir: - ensure => directory, - } + # These are internal instead of parameters, since certbot appears to + # not accept them in other places. This might prove wrong (BSD?), in + # that case: make them parameters again, and resolve the few remaining + # instances where they are hard coded. + $config_dir = '/etc/letsencrypt' + $cert_dir = "${config_dir}/live" - $cli_conf = @("EOF") - email = ${email} - | EOF + # Used by letsencrypt::cert + $config_ = { + 'server' => $server, + 'email' => $email, + } + $config - file { "${config_dir}/cli.ini": - content => $cli_conf, + file { $config_dir: + ensure => directory, } include letsencrypt::renew::setup - # Boolean indicating if ssl is configured. Mainly used by - # letsencrypt::nginx and similar classes to determine their export - # of their variable $ssl. - $ssl_configured = 'letsencrypt_director$' in keys($facts) + if $manage_package { + package { $certbot_package: + ensure => installed, + } + } } |