diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-01-10 12:57:19 +0100 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-01-16 22:29:18 +0100 |
| commit | 6c2c73fb3304da6f35c7390b4a952bb7f51a4d5d (patch) | |
| tree | 59b6723b30e648eb2c5fcffc7101c3430a79dbe2 /manifests | |
| parent | Add default value to mounts::mounts. (diff) | |
| download | profiles-6c2c73fb3304da6f35c7390b4a952bb7f51a4d5d.tar.gz profiles-6c2c73fb3304da6f35c7390b4a952bb7f51a4d5d.tar.xz | |
Introduce profiles::certificates + repomaster work.
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/certificate.pp | 19 | ||||
| -rw-r--r-- | manifests/repomaster.pp | 26 |
2 files changed, 44 insertions, 1 deletions
diff --git a/manifests/certificate.pp b/manifests/certificate.pp new file mode 100644 index 0000000..829ae37 --- /dev/null +++ b/manifests/certificate.pp @@ -0,0 +1,19 @@ +# Sets up a certificate for this machine. +# Should preferably be included before a letsencrypt::domain resource +# is declared. +class profiles::certificate ( + String $cert_name = $::fqdn, + Letsencrypt::Authenticator $authenticator = 'nginx', + Hash[String,Any] $config = { + # more portable than 'systemctl reload nginx' + 'post-hook' => 'nginx -s reload', + }, +) { + include ::letsencrypt + + letsencrypt::cert { $cert_name: + domains => [ $::fqdn, ], + authenticator => $authenticator, + config => $config, + } +} diff --git a/manifests/repomaster.pp b/manifests/repomaster.pp index 671b16f..d7143f6 100644 --- a/manifests/repomaster.pp +++ b/manifests/repomaster.pp @@ -2,10 +2,17 @@ class profiles::repomaster ( String $directory, String $hostname = "repo.${::fqdn}", + Boolean $publish_dns = false, + Optional[String] $dns_zone = undef, ) { include ::nginx + include ::profiles::certificate + letsencrypt::domain { $hostname: + cert_name => $profiles::certificate::cert_name, + } + nginx::resource::server { $hostname: www_root => $directory, autoindex => 'on', @@ -13,7 +20,24 @@ class profiles::repomaster ( ipv6_enable => true, ipv6_listen_options => '', listen_options => '', - # TODO ssl + * => letsencrypt::conf::nginx($hostname), } + if $publish_dns { + # TODO Separate toggles for ipv4 and ipv6 + # Since ipv4 might be internal and shouldn't be exported. + # @@dns_record { "${hostname} A": + # type => 'A', + # zone => $dns_zone, + # key => $hostname, + # value => $facts['ipaddress'], + # } + + @@dns_record { "${hostname} AAAA": + type => 'AAAA', + zone => $dns_zone, + key => $hostname, + value => $facts['ipaddress6'], + } + } } |