From e0f2915fdad577eadd39570c1131f86cb34c0279 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= Date: Wed, 5 Jan 2022 18:02:30 +0100 Subject: Letsencrypt improvements --- modules/profiles/manifests/letsencrypt.pp | 25 ++++++++++++++++++++----- modules/profiles/manifests/puppetboard.pp | 15 +++------------ 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/modules/profiles/manifests/letsencrypt.pp b/modules/profiles/manifests/letsencrypt.pp index 4b4b568..48aa3a8 100644 --- a/modules/profiles/manifests/letsencrypt.pp +++ b/modules/profiles/manifests/letsencrypt.pp @@ -1,20 +1,35 @@ class profiles::letsencrypt ( String $certname, - String $nginx_plugin, Array[String] $domains, + Enum['nginx','apache'] $provider, + Optional[String] $nginx_plugin = undef, + Optional[String] $apache_plugin = undef, ) { - ensure_packages ([$nginx_plugin]) - include ::letsencrypt + $plugin = $provider + $post_hook = $provider ? { + 'nginx' => 'systemctl restart nginx.service', + 'apache' => 'systemctl restart apache2.service', + } + + case $provider { + 'apache': { + ensure_packages ([$apache_plugin]) + } + 'nginx': { + ensure_packages ([$nginx_plugin]) + } + } + letsencrypt::certonly { $certname: ensure => present, domains => $domains, manage_cron => true, - plugin => 'nginx', + plugin => $plugin, additional_args => [ '--quiet', ], # pre_hook_commands => [ 'systemctl stop nginx.service', ], - post_hook_commands => [ 'systemctl restart nginx.service', ], + post_hook_commands => [ $post_hook, ], } } diff --git a/modules/profiles/manifests/puppetboard.pp b/modules/profiles/manifests/puppetboard.pp index b5f6b1f..d477632 100644 --- a/modules/profiles/manifests/puppetboard.pp +++ b/modules/profiles/manifests/puppetboard.pp @@ -32,20 +32,11 @@ class profiles::puppetboard { offline_mode => true, } - include ::letsencrypt - - ensure_packages(['python3-certbot-apache']) - - $certname = lookup('certname') - letsencrypt::certonly { $certname: - ensure => present, - domains => [ $::fqdn, ], - manage_cron => true, - plugin => 'apache', - additional_args => ['--quiet'], - post_hook_commands => ['systemctl restart apache2'], + class { '::profiles::letsencrypt': + provider => apache, } + $certname = lookup('certname') class { 'puppetboard::apache::vhost': vhost_name => $::fqdn, port => 443, -- cgit v1.2.3