summaryrefslogtreecommitdiff
path: root/manifests/certificate.pp
diff options
context:
space:
mode:
authorHugo Hörnquist <hugo@lysator.liu.se>2023-01-10 12:57:19 +0100
committerHugo Hörnquist <hugo@lysator.liu.se>2023-01-16 22:29:18 +0100
commit6c2c73fb3304da6f35c7390b4a952bb7f51a4d5d (patch)
tree59b6723b30e648eb2c5fcffc7101c3430a79dbe2 /manifests/certificate.pp
parentAdd default value to mounts::mounts. (diff)
downloadprofiles-6c2c73fb3304da6f35c7390b4a952bb7f51a4d5d.tar.gz
profiles-6c2c73fb3304da6f35c7390b4a952bb7f51a4d5d.tar.xz
Introduce profiles::certificates + repomaster work.
Diffstat (limited to 'manifests/certificate.pp')
-rw-r--r--manifests/certificate.pp19
1 files changed, 19 insertions, 0 deletions
diff --git a/manifests/certificate.pp b/manifests/certificate.pp
new file mode 100644
index 0000000..829ae37
--- /dev/null
+++ b/manifests/certificate.pp
@@ -0,0 +1,19 @@
+# Sets up a certificate for this machine.
+# Should preferably be included before a letsencrypt::domain resource
+# is declared.
+class profiles::certificate (
+ String $cert_name = $::fqdn,
+ Letsencrypt::Authenticator $authenticator = 'nginx',
+ Hash[String,Any] $config = {
+ # more portable than 'systemctl reload nginx'
+ 'post-hook' => 'nginx -s reload',
+ },
+) {
+ include ::letsencrypt
+
+ letsencrypt::cert { $cert_name:
+ domains => [ $::fqdn, ],
+ authenticator => $authenticator,
+ config => $config,
+ }
+}