]> gitweb.fluxo.info Git - puppet-nginx.git/commitdiff
projects / puppet-nginx.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3580b0e)
Adds initial Let's Encrypt support via certbot
authorSilvio Rhatto <rhatto@riseup.net>
Thu, 16 Jun 2016 21:53:55 +0000 (18:53 -0300)
committerSilvio Rhatto <rhatto@riseup.net>
Thu, 16 Jun 2016 21:53:55 +0000 (18:53 -0300)
manifests/certbot.pp [new file with mode: 0644] patch | blob
manifests/site.pp patch | blob | history
manifests/ssl.pp patch | blob | history

diff --git a/manifests/certbot.pp b/manifests/certbot.pp
new file mode 100644 (file)
index 0000000..e024b32
--- /dev/null
+++ b/manifests/certbot.pp
@@ -0,0 +1,19 @@
+define nginx::certbot(
+  $aliases = ''
+  $ensure  = 'present',
+  $email   = hiera('nginx::certbot::email'),
+  $size    = hiera('nginx::certbot::size', '4096'),
+){
+  # Certbot support
+  file { "/var/www/certbot/${name}":
+    ensure  => $ensure,
+    owner   => 'root',
+    group   => 'www-data',
+    mode    => '0750',
+    require => Package['certbot'],
+  }
+
+  exec { "certbot-${name}":
+    command => "/usr/bin/certbot certonly --webroot -w /var/www/certbot/${name} -d ${name} -m ${email} --rsa-key-size ${size} --agree-tos",
+  }
+}
diff --git a/manifests/site.pp b/manifests/site.pp
index 1886f9bada6e938b6b133d3b81b870c023578bfd..14406d4247c1768fed1ea32f94d9215669c093fb 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,4 +1,8 @@
-define nginx::site($ensure = present, $source = 'file') {
+define nginx::site(
+  $ensure  = present,
+  $source  = 'file',
+  $certbot = true
+) {
   case $source {
     'file': {
       file { "/etc/nginx/sites-available/$name":
@@ -45,4 +49,10 @@ define nginx::site($ensure = present, $source = 'file') {
     require => File["/etc/nginx/sites-enabled"],
     notify  => Service["nginx"],
   }
+
+  if $certbot == true {
+    nginx::certbot { $name:
+      ensure => $ensure,
+    }
+  }
 }
diff --git a/manifests/ssl.pp b/manifests/ssl.pp
index 6e4af14df907cb01442f887e581420b67b0f764d..8592546459b54cad16173e885f1646b4d0c65b6d 100644 (file)
--- a/manifests/ssl.pp
+++ b/manifests/ssl.pp
@@ -16,4 +16,18 @@ class nginx::ssl(
     'ssl_prefer_server_ciphers': value => 'ssl_prefer_server_ciphers on;';
     'ssl_dhparam':               value => 'ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem;';
   }
+
+  # Certbot support
+  file { '/var/www/certbot':
+    ensure  => directory,
+    owner   => 'root',
+    group   => 'www-data',
+    mode    => '0750',
+    require => Package['nginx'],
+  }
+
+  package { 'certbot':
+    ensure => present,
+    require => File['/var/www/certbot'],
+  }
 }
Puppet module for nginx