mark/cdist
1
0
Fork 0
forked from ungleich-public/cdist
Code Issues Pull requests Projects Releases Wiki Activity

new type: __letsencrypt_cert (#591)

Browse source
This commit is contained in:
kamila 2017-11-01 08:56:12 +01:00 committed by Darko Poljak
commit 4799e43516
7 changed files with 134 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
cdist/conf/type/__letsencrypt_cert/explorer/exists Normal file
View file

@ -0,0 +1,5 @@
domain=$__object_id
if [ -f "/etc/letsencrypt/live/$domain/fullchain.pem" ]; then
echo yes
fi

18
cdist/conf/type/__letsencrypt_cert/gencode-remote Normal file
View file

@ -0,0 +1,18 @@
domain="$__object_id"
exists=$(cat "$__object/explorer/exists")
webroot="$(cat "$__object/parameter/webroot")"
admin_email="$(cat "$__object/parameter/admin-email")"
if [ -n "$exists" ]; then
exit 0
fi
cat <<EOF
if [ ! -d "$webroot" ]; then
mkdir -p "$webroot"
fi
certbot certonly -n --agree-tos --email '$admin_email' --quiet --webroot \
-w '$webroot' -d '$domain'
EOF

46
cdist/conf/type/__letsencrypt_cert/man.rst Normal file
View file

@ -0,0 +1,46 @@
cdist-type__letsencrypt_cert(7)
===============================
NAME
----
cdist-type__letsencrypt_cert - Get an SSL certificate from Let's Encrypt
DESCRIPTION
-----------
Automatically obtain a Let's Encrypt SSL certificate. Uses certbot's webroot
method. You must set up your web server to work with webroot.
REQUIRED PARAMETERS
-------------------
webroot
The path to your webroot, as set up in your webserver config.
OPTIONAL PARAMETERS
-------------------
admin-email
Where to send Let's Encrypt emails like "certificate needs renewal". Defaults to root@localhost.
EXAMPLES
--------
.. code-block:: sh
__letsencrypt_cert example.com --webroot /data/letsencrypt/root
AUTHORS
-------
Nico Schottelius <nico-cdist--@--schottelius.org>
Kamila Součková <kamila--@--ksp.sk>
COPYING
-------
Copyright \(C) 2017 Nico Schottelius, Kamila Součková. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

62
cdist/conf/type/__letsencrypt_cert/manifest Normal file
View file

@ -0,0 +1,62 @@
os=$(cat "$__global/explorer/os")
os_version=$(cat "$__global/explorer/os_version")
case "$os" in
debian)
case "$os_version" in
8*)
__apt_source jessie-backports \
--uri http://http.debian.net/debian \
--distribution jessie-backports \
--component main
require="__apt_source/jessie-backports" __package_apt python-certbot --target-release jessie-backports
require="__apt_source/jessie-backports" __package_apt certbot --target-release jessie-backports
# Seems to be a missing dependency on debian 8
__package python-ndg-httpsclient
;;
*)
echo "Unsupported OS version: $os_version" >&2
exit 1
;;
esac
certbot_fullpath=/usr/bin/certbot
;;
devuan)
case "$os_version" in
jessie)
__apt_source jessie-backports \
--uri http://auto.mirror.devuan.org/merged \
--distribution jessie-backports \
--component main
require="__apt_source/jessie-backports" __package_apt python-certbot --target-release jessie-backports
require="__apt_source/jessie-backports" __package_apt certbot --target-release jessie-backports
# Seems to be a missing dependency on debian 8
__package python-ndg-httpsclient
;;
*)
echo "Unsupported OS version: $os_version" >&2
exit 1
;;
esac
certbot_fullpath=/usr/bin/certbot
;;
freebsd)
__package py27-certbot
certbot_fullpath=/usr/local/bin/certbot
;;
*)
echo "Unsupported os: $os" >&2
exit 1
;;
esac
__cron letsencrypt-certbot \
--user root \
--command "$certbot_fullpath renew -q" \
--hour 0

1
cdist/conf/type/__letsencrypt_cert/parameter/default/admin-email Normal file
View file

@ -0,0 +1 @@
root@localhost

1
cdist/conf/type/__letsencrypt_cert/parameter/optional Normal file
View file

@ -0,0 +1 @@
admin-email

1
cdist/conf/type/__letsencrypt_cert/parameter/required Normal file
View file

@ -0,0 +1 @@
webroot