From bfea15615fa603dcddd6e0512cf8d1cd52063bb8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Tue, 4 Jan 2022 03:11:48 +0100
Subject: letsencrypt

---
 manifests/site.pp                         | 21 +-----------------
 modules/profiles/manifests/gandalf_web.pp | 36 -------------------------------
 modules/profiles/manifests/letsencrypt.pp | 18 ++++++++++++++++
 3 files changed, 19 insertions(+), 56 deletions(-)
 create mode 100644 modules/profiles/manifests/letsencrypt.pp

diff --git a/manifests/site.pp b/manifests/site.pp
index e1bda99..03e8438 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -21,8 +21,6 @@ node 'hornquist.se' {
     ],
   }
 
-  $certname = 'hornquist'
-
   service { 'php7.4-fpm':
     ensure => running,
     enable => true,
@@ -46,24 +44,7 @@ node 'hornquist.se' {
     | EOF
   }
 
-  ensure_packages(['python3-certbot-nginx'],
-    { ensure => installed })
-
-  letsencrypt::certonly { $certname:
-      ensure             => present,
-      manage_cron        => true,
-      plugin             => 'nginx',
-      additional_args    => [ '--quiet', ],
-      post_hook_commands => [ 'systemctl reload nginx.service', ],
-      domains            => [
-      'blog.hornquist.se',
-      'blogg.hornquist.se',
-      'www.hornquist.se',
-      'hornquist.se',
-      'git.hornquist.se',
-      'wiki.hornquist.se',
-    ],
-  }
+  include ::profiles::letsencrypt
 
 
 
diff --git a/modules/profiles/manifests/gandalf_web.pp b/modules/profiles/manifests/gandalf_web.pp
index 98b539f..dfa00f8 100644
--- a/modules/profiles/manifests/gandalf_web.pp
+++ b/modules/profiles/manifests/gandalf_web.pp
@@ -10,40 +10,4 @@ class profiles::gandalf_web (
     recurse => true,
   }
 
-  # TODO this fails at bootstrapping, since letsencrypt requires nginx
-  # to be enabled, but nginx can't be enabled if any cert file is
-  # missing
-  # Letsencrypt::Certonly <| |> -> Nginx::Resource::Server <| |>
-
-  $domains = [
-    'bookmark.gandalf.adrift.space',
-    'calendar.gandalf.adrift.space',
-    'repo.gandalf.adrift.space',
-    'gandalf.adrift.space',
-    'hack.adrift.space',
-    'adrift.space',
-  ]
-
-  ensure_packages (['cronie',], { ensure => installed })
-
-  ensure_packages (['certbot', 'certbot-nginx'], { ensure => installed })
-  class { '::letsencrypt':
-    config   => {
-      email  => 'hugo@hornquist.se',
-      # server => 'https://acme-staging-v02.api.letsencrypt.org/directory',
-      server => 'https://acme-v02.api.letsencrypt.org/directory',
-    },
-    manage_install => false,
-  }
-
-  letsencrypt::certonly { $certname:
-    ensure             => present,
-    domains            => $domains,
-    manage_cron        => true,
-    plugin             => 'nginx',
-    additional_args    => [ '--quiet', ],
-    # pre_hook_commands  => [ 'systemctl stop nginx.service', ],
-    post_hook_commands => [ 'systemctl restart nginx.service', ],
-  }
-
 }
diff --git a/modules/profiles/manifests/letsencrypt.pp b/modules/profiles/manifests/letsencrypt.pp
new file mode 100644
index 0000000..ded12ed
--- /dev/null
+++ b/modules/profiles/manifests/letsencrypt.pp
@@ -0,0 +1,18 @@
+class profiles::letsencrypt (
+  String $certname,
+  String $nginx_plugin,
+  Array[String] $domains,
+) {
+
+  ensure_packages ([$nginx_plugin])
+
+  letsencrypt::certonly { $certname:
+    ensure             => present,
+    domains            => $domains,
+    manage_cron        => true,
+    plugin             => 'nginx',
+    additional_args    => [ '--quiet', ],
+    # pre_hook_commands  => [ 'systemctl stop nginx.service', ],
+    post_hook_commands => [ 'systemctl restart nginx.service', ],
+  }
+}
-- 
cgit v1.2.3