From 75f5cf6bb2ed7fa2b9a5ba9fbe3a06aaaf88e751 Mon Sep 17 00:00:00 2001 From: Kamila Souckova Date: Tue, 31 Oct 2017 14:08:36 +0100 Subject: [PATCH] new type: __letsencrypt_cert --- .../type/__letsencrypt_cert/explorer/exists | 5 ++ .../type/__letsencrypt_cert/gencode-remote | 18 ++++++ cdist/conf/type/__letsencrypt_cert/man.rst | 46 ++++++++++++++ cdist/conf/type/__letsencrypt_cert/manifest | 62 +++++++++++++++++++ .../parameter/default/admin-email | 1 + .../__letsencrypt_cert/parameter/optional | 1 + .../__letsencrypt_cert/parameter/required | 1 + 7 files changed, 134 insertions(+) create mode 100644 cdist/conf/type/__letsencrypt_cert/explorer/exists create mode 100644 cdist/conf/type/__letsencrypt_cert/gencode-remote create mode 100644 cdist/conf/type/__letsencrypt_cert/man.rst create mode 100644 cdist/conf/type/__letsencrypt_cert/manifest create mode 100644 cdist/conf/type/__letsencrypt_cert/parameter/default/admin-email create mode 100644 cdist/conf/type/__letsencrypt_cert/parameter/optional create mode 100644 cdist/conf/type/__letsencrypt_cert/parameter/required diff --git a/cdist/conf/type/__letsencrypt_cert/explorer/exists b/cdist/conf/type/__letsencrypt_cert/explorer/exists new file mode 100644 index 00000000..cb967663 --- /dev/null +++ b/cdist/conf/type/__letsencrypt_cert/explorer/exists @@ -0,0 +1,5 @@ +domain=$__object_id + +if [ -f "/etc/letsencrypt/live/$domain/fullchain.pem" ]; then + echo yes +fi diff --git a/cdist/conf/type/__letsencrypt_cert/gencode-remote b/cdist/conf/type/__letsencrypt_cert/gencode-remote new file mode 100644 index 00000000..ca6f64cb --- /dev/null +++ b/cdist/conf/type/__letsencrypt_cert/gencode-remote @@ -0,0 +1,18 @@ +domain="$__object_id" + +exists=$(cat "$__object/explorer/exists") +webroot="$(cat "$__object/parameter/webroot")" +admin_email="$(cat "$__object/parameter/admin-email")" + +if [ -n "$exists" ]; then + exit 0 +fi + +cat < +Kamila Součková + + +COPYING +------- +Copyright \(C) 2017 Nico Schottelius, Kamila Součková. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__letsencrypt_cert/manifest b/cdist/conf/type/__letsencrypt_cert/manifest new file mode 100644 index 00000000..0dbb281e --- /dev/null +++ b/cdist/conf/type/__letsencrypt_cert/manifest @@ -0,0 +1,62 @@ +os=$(cat "$__global/explorer/os") +os_version=$(cat "$__global/explorer/os_version") + +case "$os" in + debian) + case "$os_version" in + 8*) + __apt_source jessie-backports \ + --uri http://http.debian.net/debian \ + --distribution jessie-backports \ + --component main + + require="__apt_source/jessie-backports" __package_apt python-certbot --target-release jessie-backports + require="__apt_source/jessie-backports" __package_apt certbot --target-release jessie-backports + # Seems to be a missing dependency on debian 8 + __package python-ndg-httpsclient + ;; + *) + echo "Unsupported OS version: $os_version" >&2 + exit 1 + ;; + esac + + certbot_fullpath=/usr/bin/certbot + ;; + devuan) + case "$os_version" in + jessie) + __apt_source jessie-backports \ + --uri http://auto.mirror.devuan.org/merged \ + --distribution jessie-backports \ + --component main + + require="__apt_source/jessie-backports" __package_apt python-certbot --target-release jessie-backports + require="__apt_source/jessie-backports" __package_apt certbot --target-release jessie-backports + # Seems to be a missing dependency on debian 8 + __package python-ndg-httpsclient + ;; + *) + echo "Unsupported OS version: $os_version" >&2 + exit 1 + ;; + esac + + certbot_fullpath=/usr/bin/certbot + ;; + freebsd) + __package py27-certbot + + certbot_fullpath=/usr/local/bin/certbot + ;; + *) + echo "Unsupported os: $os" >&2 + exit 1 + ;; +esac + + +__cron letsencrypt-certbot \ + --user root \ + --command "$certbot_fullpath renew -q" \ + --hour 0 diff --git a/cdist/conf/type/__letsencrypt_cert/parameter/default/admin-email b/cdist/conf/type/__letsencrypt_cert/parameter/default/admin-email new file mode 100644 index 00000000..8da2d115 --- /dev/null +++ b/cdist/conf/type/__letsencrypt_cert/parameter/default/admin-email @@ -0,0 +1 @@ +root@localhost diff --git a/cdist/conf/type/__letsencrypt_cert/parameter/optional b/cdist/conf/type/__letsencrypt_cert/parameter/optional new file mode 100644 index 00000000..bfe77226 --- /dev/null +++ b/cdist/conf/type/__letsencrypt_cert/parameter/optional @@ -0,0 +1 @@ +admin-email diff --git a/cdist/conf/type/__letsencrypt_cert/parameter/required b/cdist/conf/type/__letsencrypt_cert/parameter/required new file mode 100644 index 00000000..fc7c3e96 --- /dev/null +++ b/cdist/conf/type/__letsencrypt_cert/parameter/required @@ -0,0 +1 @@ +webroot