forked from ungleich-public/cdist
new type: __letsencrypt_cert (#591)
This commit is contained in:
parent
1ed43c345b
commit
4799e43516
7 changed files with 134 additions and 0 deletions
5
cdist/conf/type/__letsencrypt_cert/explorer/exists
Normal file
5
cdist/conf/type/__letsencrypt_cert/explorer/exists
Normal file
|
@ -0,0 +1,5 @@
|
|||
domain=$__object_id
|
||||
|
||||
if [ -f "/etc/letsencrypt/live/$domain/fullchain.pem" ]; then
|
||||
echo yes
|
||||
fi
|
18
cdist/conf/type/__letsencrypt_cert/gencode-remote
Normal file
18
cdist/conf/type/__letsencrypt_cert/gencode-remote
Normal file
|
@ -0,0 +1,18 @@
|
|||
domain="$__object_id"
|
||||
|
||||
exists=$(cat "$__object/explorer/exists")
|
||||
webroot="$(cat "$__object/parameter/webroot")"
|
||||
admin_email="$(cat "$__object/parameter/admin-email")"
|
||||
|
||||
if [ -n "$exists" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
cat <<EOF
|
||||
if [ ! -d "$webroot" ]; then
|
||||
mkdir -p "$webroot"
|
||||
fi
|
||||
|
||||
certbot certonly -n --agree-tos --email '$admin_email' --quiet --webroot \
|
||||
-w '$webroot' -d '$domain'
|
||||
EOF
|
46
cdist/conf/type/__letsencrypt_cert/man.rst
Normal file
46
cdist/conf/type/__letsencrypt_cert/man.rst
Normal file
|
@ -0,0 +1,46 @@
|
|||
cdist-type__letsencrypt_cert(7)
|
||||
===============================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__letsencrypt_cert - Get an SSL certificate from Let's Encrypt
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
Automatically obtain a Let's Encrypt SSL certificate. Uses certbot's webroot
|
||||
method. You must set up your web server to work with webroot.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
webroot
|
||||
The path to your webroot, as set up in your webserver config.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
admin-email
|
||||
Where to send Let's Encrypt emails like "certificate needs renewal". Defaults to root@localhost.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
__letsencrypt_cert example.com --webroot /data/letsencrypt/root
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Nico Schottelius <nico-cdist--@--schottelius.org>
|
||||
Kamila Součková <kamila--@--ksp.sk>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2017 Nico Schottelius, Kamila Součková. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
62
cdist/conf/type/__letsencrypt_cert/manifest
Normal file
62
cdist/conf/type/__letsencrypt_cert/manifest
Normal file
|
@ -0,0 +1,62 @@
|
|||
os=$(cat "$__global/explorer/os")
|
||||
os_version=$(cat "$__global/explorer/os_version")
|
||||
|
||||
case "$os" in
|
||||
debian)
|
||||
case "$os_version" in
|
||||
8*)
|
||||
__apt_source jessie-backports \
|
||||
--uri http://http.debian.net/debian \
|
||||
--distribution jessie-backports \
|
||||
--component main
|
||||
|
||||
require="__apt_source/jessie-backports" __package_apt python-certbot --target-release jessie-backports
|
||||
require="__apt_source/jessie-backports" __package_apt certbot --target-release jessie-backports
|
||||
# Seems to be a missing dependency on debian 8
|
||||
__package python-ndg-httpsclient
|
||||
;;
|
||||
*)
|
||||
echo "Unsupported OS version: $os_version" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
certbot_fullpath=/usr/bin/certbot
|
||||
;;
|
||||
devuan)
|
||||
case "$os_version" in
|
||||
jessie)
|
||||
__apt_source jessie-backports \
|
||||
--uri http://auto.mirror.devuan.org/merged \
|
||||
--distribution jessie-backports \
|
||||
--component main
|
||||
|
||||
require="__apt_source/jessie-backports" __package_apt python-certbot --target-release jessie-backports
|
||||
require="__apt_source/jessie-backports" __package_apt certbot --target-release jessie-backports
|
||||
# Seems to be a missing dependency on debian 8
|
||||
__package python-ndg-httpsclient
|
||||
;;
|
||||
*)
|
||||
echo "Unsupported OS version: $os_version" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
certbot_fullpath=/usr/bin/certbot
|
||||
;;
|
||||
freebsd)
|
||||
__package py27-certbot
|
||||
|
||||
certbot_fullpath=/usr/local/bin/certbot
|
||||
;;
|
||||
*)
|
||||
echo "Unsupported os: $os" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
__cron letsencrypt-certbot \
|
||||
--user root \
|
||||
--command "$certbot_fullpath renew -q" \
|
||||
--hour 0
|
|
@ -0,0 +1 @@
|
|||
root@localhost
|
1
cdist/conf/type/__letsencrypt_cert/parameter/optional
Normal file
1
cdist/conf/type/__letsencrypt_cert/parameter/optional
Normal file
|
@ -0,0 +1 @@
|
|||
admin-email
|
1
cdist/conf/type/__letsencrypt_cert/parameter/required
Normal file
1
cdist/conf/type/__letsencrypt_cert/parameter/required
Normal file
|
@ -0,0 +1 @@
|
|||
webroot
|
Loading…
Reference in a new issue