diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-04 03:11:48 +0100 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-04 03:21:51 +0100 |
commit | bfea15615fa603dcddd6e0512cf8d1cd52063bb8 (patch) | |
tree | 99e46d1023085f9017bda452286a1027938b0897 /modules/profiles/manifests | |
parent | Remove node gandalf. (diff) | |
download | webdav_server-bfea15615fa603dcddd6e0512cf8d1cd52063bb8.tar.gz webdav_server-bfea15615fa603dcddd6e0512cf8d1cd52063bb8.tar.xz |
letsencrypt
Diffstat (limited to 'modules/profiles/manifests')
-rw-r--r-- | modules/profiles/manifests/gandalf_web.pp | 36 | ||||
-rw-r--r-- | modules/profiles/manifests/letsencrypt.pp | 18 |
2 files changed, 18 insertions, 36 deletions
diff --git a/modules/profiles/manifests/gandalf_web.pp b/modules/profiles/manifests/gandalf_web.pp index 98b539f..dfa00f8 100644 --- a/modules/profiles/manifests/gandalf_web.pp +++ b/modules/profiles/manifests/gandalf_web.pp @@ -10,40 +10,4 @@ class profiles::gandalf_web ( recurse => true, } - # TODO this fails at bootstrapping, since letsencrypt requires nginx - # to be enabled, but nginx can't be enabled if any cert file is - # missing - # Letsencrypt::Certonly <| |> -> Nginx::Resource::Server <| |> - - $domains = [ - 'bookmark.gandalf.adrift.space', - 'calendar.gandalf.adrift.space', - 'repo.gandalf.adrift.space', - 'gandalf.adrift.space', - 'hack.adrift.space', - 'adrift.space', - ] - - ensure_packages (['cronie',], { ensure => installed }) - - ensure_packages (['certbot', 'certbot-nginx'], { ensure => installed }) - class { '::letsencrypt': - config => { - email => 'hugo@hornquist.se', - # server => 'https://acme-staging-v02.api.letsencrypt.org/directory', - server => 'https://acme-v02.api.letsencrypt.org/directory', - }, - manage_install => false, - } - - letsencrypt::certonly { $certname: - ensure => present, - domains => $domains, - manage_cron => true, - plugin => 'nginx', - additional_args => [ '--quiet', ], - # pre_hook_commands => [ 'systemctl stop nginx.service', ], - post_hook_commands => [ 'systemctl restart nginx.service', ], - } - } diff --git a/modules/profiles/manifests/letsencrypt.pp b/modules/profiles/manifests/letsencrypt.pp new file mode 100644 index 0000000..ded12ed --- /dev/null +++ b/modules/profiles/manifests/letsencrypt.pp @@ -0,0 +1,18 @@ +class profiles::letsencrypt ( + String $certname, + String $nginx_plugin, + Array[String] $domains, +) { + + ensure_packages ([$nginx_plugin]) + + letsencrypt::certonly { $certname: + ensure => present, + domains => $domains, + manage_cron => true, + plugin => 'nginx', + additional_args => [ '--quiet', ], + # pre_hook_commands => [ 'systemctl stop nginx.service', ], + post_hook_commands => [ 'systemctl restart nginx.service', ], + } +} |