1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
class profiles::gandalf_web (
String $certname,
) {
include ::nginx
file { '/etc/nginx/modules-enabled':
ensure => directory,
purge => true,
recurse => true,
}
# TODO this fails at bootstrapping, since letsencrypt requires nginx
# to be enabled, but nginx can't be enabled if any cert file is
# missing
# Letsencrypt::Certonly <| |> -> Nginx::Resource::Server <| |>
$domains = [
'bookmark.gandalf.adrift.space',
'calendar.gandalf.adrift.space',
'repo.gandalf.adrift.space',
'gandalf.adrift.space',
'hack.adrift.space',
'adrift.space',
]
ensure_packages (['cronie',], { ensure => installed })
ensure_packages (['certbot', 'certbot-nginx'], { ensure => installed })
class { '::letsencrypt':
config => {
email => 'hugo@hornquist.se',
# server => 'https://acme-staging-v02.api.letsencrypt.org/directory',
server => 'https://acme-v02.api.letsencrypt.org/directory',
},
manage_install => false,
}
letsencrypt::certonly { $certname:
ensure => present,
domains => $domains,
manage_cron => true,
plugin => 'nginx',
additional_args => [ '--quiet', ],
# pre_hook_commands => [ 'systemctl stop nginx.service', ],
post_hook_commands => [ 'systemctl restart nginx.service', ],
}
}
|