diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-12 18:03:27 +0200 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-12 18:03:27 +0200 |
commit | 5d079317ef09ca27c1e30217a999701204ee3599 (patch) | |
tree | 2de28169eb8e292875c2df66f0611c577a682327 | |
parent | Puppetboard fix linter errors. (diff) | |
download | profiles-5d079317ef09ca27c1e30217a999701204ee3599.tar.gz profiles-5d079317ef09ca27c1e30217a999701204ee3599.tar.xz |
Update puppetboard to new certbot.
-rw-r--r-- | manifests/puppetboard.pp | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/manifests/puppetboard.pp b/manifests/puppetboard.pp index 6a351a3..ed671e8 100644 --- a/manifests/puppetboard.pp +++ b/manifests/puppetboard.pp @@ -5,11 +5,14 @@ # would be nice, but class['Apache'] doesn't have that parameter, # making this a moot point # +# @param server_name +# Published name of the server # @param puppetdb_host # Host to connect for puppetdb # @param puppetdb_port # Port to connect for puppetdb class profiles::puppetboard ( + String $server_name, String $puppetdb_host, Stdlib::Port $puppetdb_port, ) { @@ -22,6 +25,9 @@ class profiles::puppetboard ( # Configure puppetboard + include ::nginx + include ::profiles::certificate + class { 'puppetboard': manage_git => true, manage_virtualenv => true, @@ -38,21 +44,19 @@ class profiles::puppetboard ( Class['puppetdb'] -> Class['puppetboard'] } - class { '::profiles::letsencrypt': - provider => apache, + # Don't use "global" certificate, since that probably probably + # requies nginx + letsencrypt::domain { $server_name: + domain => $server_name, + authenticator => 'apache', } # Only set up TLS if we are ready. This allows us to bootstrap # ourselves the next run. - $certname = lookup('certname') - if $certname and $facts['letsencrypt_directory'][$certname] { + if $facts['letsencrypt_directory'][$server_name] { class { 'puppetboard::apache::vhost': vhost_name => $::fqdn, - port => 443, - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/cert.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - ssl_chain => "/etc/letsencrypt/live/${certname}/fullchain.pem", + * => letsencrypt::conf::apache($server_name), } apache::vhost { 'http-redirect': |