add cert defined type
This commit is contained in:
parent
4376191dea
commit
caa0e47174
GPG Key ID:
18524638BE25530A
118
manifests/cert.pp
Normal file
118
manifests/cert.pp
Normal file
@ -0,0 +1,118 @@
|
||||
# create a certificate using certbot
|
||||
#
|
||||
# @param email
|
||||
# email address to provide to letsencrypt
|
||||
# @param preferred_challanges
|
||||
# value for the --preferred-challanges parameter to certbot
|
||||
# @param auth_hook
|
||||
# Script to use as an auth hook to certbot. To use hooks provided by the puppet subclasses in this module,
|
||||
# set it to the subclass name (for example "loopia" to use the loopia auth hook)
|
||||
# @param clean_hook
|
||||
# Script to use as a clean hook to certbot. See auth_hook.
|
||||
# @param domain
|
||||
# Domain to get certificate for
|
||||
# @param create_timeout
|
||||
# Timeout for certbot when fetching the certificate for the first time.
|
||||
# @param cert_path
|
||||
# Path where the certificate will be "installed" when fetched.
|
||||
# @param fullchain_path
|
||||
# Path where the file containing the full certificate chain will be "installed" when fetched.
|
||||
# @param chain_path
|
||||
# Path where the pki chain file will be "installed" when fetched.
|
||||
# @param key_path
|
||||
# Path where the key file will be "installed" when fetched.
|
||||
# @param file_owner
|
||||
# User that should own the "installed" certificate/key files.
|
||||
# @param file_group
|
||||
# Group that should own the "installed certificate/key files.
|
||||
# @param public_files_perm
|
||||
# Permissions mode for the public certificate files.
|
||||
# @param private_files_perm
|
||||
# Permissions mode fot the private key file.
|
||||
#
|
||||
define certbot::cert (
|
||||
String[1] $email,
|
||||
Optional[String[1]] $preferred_challanges = undef,
|
||||
Optional[String[1]] $auth_hook = undef,
|
||||
Optional[String[1]] $clean_hook = undef,
|
||||
String[1] $domain = $title,
|
||||
Integer $create_timeout = 900,
|
||||
Optional[String[1]] $cert_path = undef,
|
||||
Optional[String[1]] $fullchain_path = undef,
|
||||
Optional[String[1]] $chain_path = undef,
|
||||
Optional[String[1]] $key_path = undef,
|
||||
Variant[String[1], Integer] $file_owner = 0,
|
||||
Variant[String[1], Integer] $file_group = 0,
|
||||
String[1] $public_files_perm = '0644',
|
||||
String[1] $private_files_perm = '0400',
|
||||
) {
|
||||
|
||||
if $auth_hook or $clean_hook {
|
||||
$exec_manual = '--manual --manual-public-ip-logging-ok'
|
||||
}
|
||||
|
||||
$exec_auth_hook = $auth_hook ? {
|
||||
'loopia' => "--manual-auth-hook ${certbot::cert::bin_dir}/acme-auth-loopia.py",
|
||||
undef => '',
|
||||
default => "--manual-auth-hook ${auth_hook}",
|
||||
}
|
||||
$exec_clean_hook = $auth_hook ? {
|
||||
'loopia' => "--manual-auth-hook ${certbot::cert::bin_dir}/acme-cleanup-loopia.py",
|
||||
undef => '',
|
||||
default => "--manual-auth-hook ${auth_hook}",
|
||||
}
|
||||
|
||||
if $preferred_challanges {
|
||||
$exec_challanges = "--preferred-challenges=${preferred_challanges}"
|
||||
}
|
||||
|
||||
$exec_cmd = "${certbot::params::certbot_bin} certonly --agree-tos -n -d ${domain} -m ${email} ${exec_challanges} ${exec_manual} ${exec_auth_hook} ${exec_clean_hook}" # lint:ignore:140chars
|
||||
|
||||
exec {
|
||||
"certbot::cert::${title}":
|
||||
command => $exec_cmd,
|
||||
timeout => $create_timeout,
|
||||
creates => "${certbot::params::etc_dir}/letsencrypt/renewal/${domain}.conf";
|
||||
}
|
||||
|
||||
if $cert_path {
|
||||
file {
|
||||
$cert_path:
|
||||
source => "${certbot::params::etc_dir}/letsencrypt/live/${domain}/cert.pem",
|
||||
owner => $file_owner,
|
||||
group => $file_group,
|
||||
mode => $public_files_perm,
|
||||
require => Exec[ "certbot::cert::${title}" ];
|
||||
}
|
||||
}
|
||||
if $fullchain_path {
|
||||
file {
|
||||
$fullchain_path:
|
||||
source => "${certbot::params::etc_dir}/letsencrypt/live/${domain}/fullchain.pem",
|
||||
owner => $file_owner,
|
||||
group => $file_group,
|
||||
mode => $public_files_perm,
|
||||
require => Exec[ "certbot::cert::${title}" ];
|
||||
}
|
||||
}
|
||||
if $chain_path {
|
||||
file {
|
||||
$chain_path:
|
||||
source => "${certbot::params::etc_dir}/letsencrypt/live/${domain}/chain.pem",
|
||||
owner => $file_owner,
|
||||
group => $file_group,
|
||||
mode => $public_files_perm,
|
||||
require => Exec[ "certbot::cert::${title}" ];
|
||||
}
|
||||
}
|
||||
if $key_path {
|
||||
file {
|
||||
$key_path:
|
||||
source => "${certbot::params::etc_dir}/letsencrypt/live/${domain}/privkey.pem",
|
||||
owner => $file_owner,
|
||||
group => $file_group,
|
||||
mode => $private_files_perm,
|
||||
require => Exec[ "certbot::cert::${title}" ];
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user