+++ /dev/null
-define nginx::certbot(
- $aliases = '',
- $ensure = present,
- $email = hiera('nginx::certbot::email'),
- $size = hiera('nginx::certbot::size', '4096'),
-){
- # Certbot support
- file { "/var/www/certbot/${name}":
- ensure => directory,
- owner => 'root',
- group => 'www-data',
- mode => '0750',
- require => Package['certbot'],
- }
-
- # Make sure nginx is restarted and request a certificate
- exec { "certbot-${name}":
- command => "/usr/sbin/service nginx restart && /usr/bin/certbot certonly --webroot -w /var/www/certbot/${name} -d ${name} -d www.${name} -m ${email} --rsa-key-size ${size} --agree-tos",
- creates => "/etc/letsencrypt/archive/${name}",
- require => File["/var/www/certbot/${name}", "/etc/nginx/sites-enabled/$name"],
- }
-}
}
if $certbot == true {
- nginx::certbot { $name:
- ensure => $ensure,
+ certbot::manage { $name:
+ ensure => $ensure,
+ pre_hook => '/usr/sbin/service nginx restart',
+ require => File["/etc/nginx/sites-enabled/$name"],
}
}
}
) {
include ssl
+ class { 'certbot':
+ pre_hook => '/usr/sbin/service nginx stop',
+ post_hook => '/usr/sbin/service nginx start',
+ }
+
# See https://weakdh.org/
ssl::dhparams { 'nginx-2048':
notify => Service['nginx'],
'ssl_prefer_server_ciphers': value => 'ssl_prefer_server_ciphers on;';
'ssl_dhparam': value => 'ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem;';
}
-
- # Certbot support
- file { '/var/www/certbot':
- ensure => directory,
- owner => 'root',
- group => 'www-data',
- mode => '0750',
- require => Package['nginx'],
- }
-
- package { 'certbot':
- ensure => present,
- require => File['/var/www/certbot'],
- }
-
- cron { 'certbot-renew':
- command => '/usr/bin/certbot renew --standalone --pre-hook "service nginx stop" --post-hook "service nginx start"',
- user => 'root',
- weekday => 1,
- hour => "05",
- minute => "30",
- ensure => present,
- require => Package['certbot'],
- }
}
projects / puppet-nginx.git / commitdiff