new type: __letsencrypt_cert
This commit is contained in:
parent
f767ec04ec
commit
75f5cf6bb2
7 changed files with 134 additions and 0 deletions
5
cdist/conf/type/__letsencrypt_cert/explorer/exists
Normal file
5
cdist/conf/type/__letsencrypt_cert/explorer/exists
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
domain=$__object_id
|
||||||
|
|
||||||
|
if [ -f "/etc/letsencrypt/live/$domain/fullchain.pem" ]; then
|
||||||
|
echo yes
|
||||||
|
fi
|
18
cdist/conf/type/__letsencrypt_cert/gencode-remote
Normal file
18
cdist/conf/type/__letsencrypt_cert/gencode-remote
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
domain="$__object_id"
|
||||||
|
|
||||||
|
exists=$(cat "$__object/explorer/exists")
|
||||||
|
webroot="$(cat "$__object/parameter/webroot")"
|
||||||
|
admin_email="$(cat "$__object/parameter/admin-email")"
|
||||||
|
|
||||||
|
if [ -n "$exists" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
if [ ! -d "$webroot" ]; then
|
||||||
|
echo mkdir -p "$webroot"
|
||||||
|
fi
|
||||||
|
|
||||||
|
certbot certonly -n --agree-tos --email '$admin_email' --quiet --webroot \
|
||||||
|
-w '$webroot' -d '$domain'
|
||||||
|
EOF
|
46
cdist/conf/type/__letsencrypt_cert/man.rst
Normal file
46
cdist/conf/type/__letsencrypt_cert/man.rst
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
cdist-type__letsencrypt_cert(7)
|
||||||
|
===============================
|
||||||
|
|
||||||
|
NAME
|
||||||
|
----
|
||||||
|
cdist-type__letsencrypt_cert - Get an SSL certificate from Let's Encrypt
|
||||||
|
|
||||||
|
|
||||||
|
DESCRIPTION
|
||||||
|
-----------
|
||||||
|
Automatically obtain a Let's Encrypt SSL certificate. Uses certbot's webroot
|
||||||
|
method. You must set up your web server to work with webroot.
|
||||||
|
|
||||||
|
|
||||||
|
REQUIRED PARAMETERS
|
||||||
|
-------------------
|
||||||
|
webroot
|
||||||
|
The path to your webroot, as set up in your webserver config.
|
||||||
|
|
||||||
|
|
||||||
|
OPTIONAL PARAMETERS
|
||||||
|
-------------------
|
||||||
|
admin-email
|
||||||
|
Where to send Let's Encrypt emails like "certificate needs renewal". Defaults to root@localhost.
|
||||||
|
|
||||||
|
|
||||||
|
EXAMPLES
|
||||||
|
--------
|
||||||
|
|
||||||
|
.. code-block:: sh
|
||||||
|
|
||||||
|
__letsencrypt_cert example.com --webroot /data/letsencrypt/root
|
||||||
|
|
||||||
|
|
||||||
|
AUTHORS
|
||||||
|
-------
|
||||||
|
Nico Schottelius <nico-cdist--@--schottelius.org>
|
||||||
|
Kamila Součková <kamila--@--ksp.sk>
|
||||||
|
|
||||||
|
|
||||||
|
COPYING
|
||||||
|
-------
|
||||||
|
Copyright \(C) 2017 Nico Schottelius, Kamila Součková. You can redistribute it
|
||||||
|
and/or modify it under the terms of the GNU General Public License as
|
||||||
|
published by the Free Software Foundation, either version 3 of the
|
||||||
|
License, or (at your option) any later version.
|
62
cdist/conf/type/__letsencrypt_cert/manifest
Normal file
62
cdist/conf/type/__letsencrypt_cert/manifest
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
os=$(cat "$__global/explorer/os")
|
||||||
|
os_version=$(cat "$__global/explorer/os_version")
|
||||||
|
|
||||||
|
case "$os" in
|
||||||
|
debian)
|
||||||
|
case "$os_version" in
|
||||||
|
8*)
|
||||||
|
__apt_source jessie-backports \
|
||||||
|
--uri http://http.debian.net/debian \
|
||||||
|
--distribution jessie-backports \
|
||||||
|
--component main
|
||||||
|
|
||||||
|
require="__apt_source/jessie-backports" __package_apt python-certbot --target-release jessie-backports
|
||||||
|
require="__apt_source/jessie-backports" __package_apt certbot --target-release jessie-backports
|
||||||
|
# Seems to be a missing dependency on debian 8
|
||||||
|
__package python-ndg-httpsclient
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Unsupported OS version: $os_version" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
certbot_fullpath=/usr/bin/certbot
|
||||||
|
;;
|
||||||
|
devuan)
|
||||||
|
case "$os_version" in
|
||||||
|
jessie)
|
||||||
|
__apt_source jessie-backports \
|
||||||
|
--uri http://auto.mirror.devuan.org/merged \
|
||||||
|
--distribution jessie-backports \
|
||||||
|
--component main
|
||||||
|
|
||||||
|
require="__apt_source/jessie-backports" __package_apt python-certbot --target-release jessie-backports
|
||||||
|
require="__apt_source/jessie-backports" __package_apt certbot --target-release jessie-backports
|
||||||
|
# Seems to be a missing dependency on debian 8
|
||||||
|
__package python-ndg-httpsclient
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Unsupported OS version: $os_version" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
certbot_fullpath=/usr/bin/certbot
|
||||||
|
;;
|
||||||
|
freebsd)
|
||||||
|
__package py27-certbot
|
||||||
|
|
||||||
|
certbot_fullpath=/usr/local/bin/certbot
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Unsupported os: $os" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
|
||||||
|
__cron letsencrypt-certbot \
|
||||||
|
--user root \
|
||||||
|
--command "$certbot_fullpath renew -q" \
|
||||||
|
--hour 0
|
|
@ -0,0 +1 @@
|
||||||
|
root@localhost
|
1
cdist/conf/type/__letsencrypt_cert/parameter/optional
Normal file
1
cdist/conf/type/__letsencrypt_cert/parameter/optional
Normal file
|
@ -0,0 +1 @@
|
||||||
|
admin-email
|
1
cdist/conf/type/__letsencrypt_cert/parameter/required
Normal file
1
cdist/conf/type/__letsencrypt_cert/parameter/required
Normal file
|
@ -0,0 +1 @@
|
||||||
|
webroot
|
Loading…
Reference in a new issue