1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
# @summary Sets up letsencrypt for other classes
# @param email Contact email sent to letsencrypt
# @param manage_package
# Should the certbot package resource be managed by this class
# @param certbot_package
# Name of the certbot package. Should be automatically set through hiera.
# @param server
# Server providing ACME challenge
# @param renewal_provider
# Service responsible for periodically renewing the certificate
# @param config
# Default configuration values to pass to certbot. $server and
# $email is added here if not explicitly set. It's later merged with
# a specific instance for each certificate.
class letsencrypt (
String $email,
Letsencrypt::Renewal_provider $renewal_provider, # hiera
String $certbot_package = 'certbot',
Boolean $manage_package = true,
String $server = 'https://acme-v02.api.letsencrypt.org/directory',
Hash[String, Any] $config = {},
) {
# if $default_cert {
# letsencrypt::cert { $default_cert_name:
# ensure => present,
# }
# }
# These are internal instead of parameters, since certbot appears to
# not accept them in other places. This might prove wrong (BSD?), in
# that case: make them parameters again, and resolve the few remaining
# instances where they are hard coded.
$config_dir = '/etc/letsencrypt'
$cert_dir = "${config_dir}/live"
# Used by letsencrypt::cert
$config_ = {
'server' => $server,
'email' => $email,
} + $config
file { $config_dir:
ensure => directory,
}
include letsencrypt::renew::setup
if $manage_package {
package { $certbot_package:
ensure => installed,
}
}
}
|