1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
# Sets up letsencrypt for this host
class profiles::letsencrypt (
String $certname = $::fqdn,
Array[String] $domains = [ $::fqdn, ],
Enum['nginx','apache'] $provider,
) {
include ::letsencrypt
# TODO general restart comman
$plugin = $provider
$post_hook = $provider ? {
'nginx' => 'systemctl restart nginx.service',
'apache' => 'systemctl restart apache2.service',
}
case $facts['os']['family'] {
'Debian': {
$nginx_plugin = 'python3-certbot-nginx'
$apache_plugin = 'python3-certbot-apache'
}
'RedHat': {
if $facts['os']['name'] == 'Fedora' {
$nginx_plugin = 'python3-certbot-nginx'
$apache_plugin = 'python3-certbot-apache'
} else {
case $facts['os']['release']['major'] {
'7': {
$nginx_plugin = 'python2-certbot-nginx'
$apache_plugin = 'python2-certbot-apache'
}
'8': {
$nginx_plugin = 'python3-certbot-nginx'
$apache_plugin = 'python3-certbot-apache'
}
}
}
}
'Archlinux': {
$nginx_plugin = 'certbot-nginx'
$apache_plugin = 'certbot-apache'
}
'FreeBSD': {
$nginx_plugin = 'py38-certbot-nginx'
$apache_plugin = 'py38-certbot-apache'
}
}
# TODO this requires that we have the webserver in question started.
# TODO we also have the bootstrap problem, which I should find a
# common solution for
letsencrypt::certonly { $certname:
ensure => present,
domains => $domains,
manage_cron => true,
plugin => $plugin,
additional_args => [ '--quiet', ],
post_hook_commands => [ $post_hook, ],
}
}
|