2020-12-02 17:18:32 +01:00
|
|
|
# create a certificate using certbot
|
|
|
|
#
|
|
|
|
# @param email
|
|
|
|
# email address to provide to letsencrypt
|
|
|
|
# @param preferred_challanges
|
|
|
|
# value for the --preferred-challanges parameter to certbot
|
|
|
|
# @param auth_hook
|
|
|
|
# Script to use as an auth hook to certbot. To use hooks provided by the puppet subclasses in this module,
|
|
|
|
# set it to the subclass name (for example "loopia" to use the loopia auth hook)
|
|
|
|
# @param clean_hook
|
|
|
|
# Script to use as a clean hook to certbot. See auth_hook.
|
|
|
|
# @param domain
|
|
|
|
# Domain to get certificate for
|
|
|
|
# @param create_timeout
|
|
|
|
# Timeout for certbot when fetching the certificate for the first time.
|
|
|
|
# @param cert_path
|
|
|
|
# Path where the certificate will be "installed" when fetched.
|
|
|
|
# @param fullchain_path
|
|
|
|
# Path where the file containing the full certificate chain will be "installed" when fetched.
|
|
|
|
# @param chain_path
|
|
|
|
# Path where the pki chain file will be "installed" when fetched.
|
|
|
|
# @param key_path
|
|
|
|
# Path where the key file will be "installed" when fetched.
|
|
|
|
# @param file_owner
|
|
|
|
# User that should own the "installed" certificate/key files.
|
|
|
|
# @param file_group
|
|
|
|
# Group that should own the "installed certificate/key files.
|
|
|
|
# @param public_files_perm
|
|
|
|
# Permissions mode for the public certificate files.
|
|
|
|
# @param private_files_perm
|
|
|
|
# Permissions mode fot the private key file.
|
|
|
|
#
|
|
|
|
define certbot::cert (
|
|
|
|
String[1] $email,
|
|
|
|
Optional[String[1]] $preferred_challanges = undef,
|
|
|
|
Optional[String[1]] $auth_hook = undef,
|
|
|
|
Optional[String[1]] $clean_hook = undef,
|
|
|
|
String[1] $domain = $title,
|
|
|
|
Integer $create_timeout = 900,
|
|
|
|
Optional[String[1]] $cert_path = undef,
|
|
|
|
Optional[String[1]] $fullchain_path = undef,
|
|
|
|
Optional[String[1]] $chain_path = undef,
|
|
|
|
Optional[String[1]] $key_path = undef,
|
|
|
|
Variant[String[1], Integer] $file_owner = 0,
|
|
|
|
Variant[String[1], Integer] $file_group = 0,
|
|
|
|
String[1] $public_files_perm = '0644',
|
|
|
|
String[1] $private_files_perm = '0400',
|
|
|
|
) {
|
|
|
|
|
|
|
|
if $auth_hook or $clean_hook {
|
|
|
|
$exec_manual = '--manual --manual-public-ip-logging-ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
$exec_auth_hook = $auth_hook ? {
|
2020-12-02 20:43:10 +01:00
|
|
|
'loopia' => "--manual-auth-hook ${certbot::params::bin_dir}/acme-auth-loopia.py",
|
2020-12-02 17:18:32 +01:00
|
|
|
undef => '',
|
|
|
|
default => "--manual-auth-hook ${auth_hook}",
|
|
|
|
}
|
2020-12-06 14:32:57 +01:00
|
|
|
$exec_clean_hook = $clean_hook ? {
|
|
|
|
'loopia' => "--manual-cleanup-hook ${certbot::params::bin_dir}/acme-cleanup-loopia.py",
|
2020-12-02 17:18:32 +01:00
|
|
|
undef => '',
|
2020-12-06 14:32:57 +01:00
|
|
|
default => "--manual-cleanup-hook ${auth_hook}",
|
2020-12-02 17:18:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if $preferred_challanges {
|
|
|
|
$exec_challanges = "--preferred-challenges=${preferred_challanges}"
|
|
|
|
}
|
|
|
|
|
|
|
|
$exec_cmd = "${certbot::params::certbot_bin} certonly --agree-tos -n -d ${domain} -m ${email} ${exec_challanges} ${exec_manual} ${exec_auth_hook} ${exec_clean_hook}" # lint:ignore:140chars
|
|
|
|
|
|
|
|
exec {
|
|
|
|
"certbot::cert::${title}":
|
|
|
|
command => $exec_cmd,
|
|
|
|
timeout => $create_timeout,
|
|
|
|
creates => "${certbot::params::etc_dir}/letsencrypt/renewal/${domain}.conf";
|
|
|
|
}
|
|
|
|
|
|
|
|
if $cert_path {
|
|
|
|
file {
|
|
|
|
$cert_path:
|
|
|
|
source => "${certbot::params::etc_dir}/letsencrypt/live/${domain}/cert.pem",
|
|
|
|
owner => $file_owner,
|
|
|
|
group => $file_group,
|
|
|
|
mode => $public_files_perm,
|
2020-12-02 17:41:48 +01:00
|
|
|
links => 'follow',
|
2020-12-02 17:18:32 +01:00
|
|
|
require => Exec[ "certbot::cert::${title}" ];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if $fullchain_path {
|
|
|
|
file {
|
|
|
|
$fullchain_path:
|
|
|
|
source => "${certbot::params::etc_dir}/letsencrypt/live/${domain}/fullchain.pem",
|
|
|
|
owner => $file_owner,
|
|
|
|
group => $file_group,
|
|
|
|
mode => $public_files_perm,
|
2020-12-02 17:41:48 +01:00
|
|
|
links => 'follow',
|
2020-12-02 17:18:32 +01:00
|
|
|
require => Exec[ "certbot::cert::${title}" ];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if $chain_path {
|
|
|
|
file {
|
|
|
|
$chain_path:
|
|
|
|
source => "${certbot::params::etc_dir}/letsencrypt/live/${domain}/chain.pem",
|
|
|
|
owner => $file_owner,
|
|
|
|
group => $file_group,
|
|
|
|
mode => $public_files_perm,
|
2020-12-02 17:41:48 +01:00
|
|
|
links => 'follow',
|
2020-12-02 17:18:32 +01:00
|
|
|
require => Exec[ "certbot::cert::${title}" ];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if $key_path {
|
|
|
|
file {
|
|
|
|
$key_path:
|
|
|
|
source => "${certbot::params::etc_dir}/letsencrypt/live/${domain}/privkey.pem",
|
|
|
|
owner => $file_owner,
|
|
|
|
group => $file_group,
|
|
|
|
mode => $private_files_perm,
|
2020-12-02 17:41:48 +01:00
|
|
|
links => 'follow',
|
2020-12-02 17:18:32 +01:00
|
|
|
require => Exec[ "certbot::cert::${title}" ];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|