From 1ad605a509cfd534334111c1d6c1ea8682446b10 Mon Sep 17 00:00:00 2001
From: Evilham <cvs@evilham.com>
Date: Mon, 9 Dec 2019 19:49:05 +0100
Subject: [PATCH] [new-type] __openldap_server: Add admin-email parameter.

---
 cdist/conf/type/__openldap_server/man.rst            | 5 +++++
 cdist/conf/type/__openldap_server/manifest           | 8 +++++++-
 cdist/conf/type/__openldap_server/parameter/optional | 1 +
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/cdist/conf/type/__openldap_server/man.rst b/cdist/conf/type/__openldap_server/man.rst
index 1fc24eaa..4447971a 100644
--- a/cdist/conf/type/__openldap_server/man.rst
+++ b/cdist/conf/type/__openldap_server/man.rst
@@ -48,6 +48,11 @@ syncrepl-searchbase
     The searchbase to use for replication.
     E.g. `dc=ungleich,dc=ch`. See `slapd.conf(5)`.
 
+admin-email
+    Passed to `cdist-type__letsencrypt_cert`; has otherwise no use.
+    Required if using `__letsencrypt_cert`.
+    Where to send Let's Encrypt emails like "certificate needs renewal".
+
 tls-cert
     If defined, `__letsencrypt_cert` is not used and this must be the path in
     the remote hosts to the PEM-encoded TLS certificate.
diff --git a/cdist/conf/type/__openldap_server/manifest b/cdist/conf/type/__openldap_server/manifest
index 518edd86..e10432d6 100644
--- a/cdist/conf/type/__openldap_server/manifest
+++ b/cdist/conf/type/__openldap_server/manifest
@@ -58,6 +58,12 @@ if [ -f "${__object}/parameter/tls-cert" ]; then
 
     _skip_letsencrypt_cert="YES"
 else
+    if [ ! -f "${__object}/parameter/admin-email" ]; then
+        echo "When using __letsencrypt_cert, admin-email is also required." >&2
+        exit 1
+    fi
+    admin_email=$(cat "${__object}/parameter/admin-email")
+
     tls_cert="${SLAPD_DIR}/sasl2/cert.pem"
     tls_privkey="${SLAPD_DIR}/sasl2/privkey.pem"
     tls_ca="${SLAPD_DIR}/sasl2/chain.pem"
@@ -131,7 +137,7 @@ if [ -z "${_skip_letsencrypt_cert}" ]; then
         staging=""
     fi
 
-    __letsencrypt_cert "${name}" --admin-email technik@ungleich.ch \
+    __letsencrypt_cert "${name}" --admin-email "${admin_email}" \
         --renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R openldap:openldap ${SLAPD_DIR}/sasl2 && service slapd restart" \
         --automatic-renewal ${staging}
 fi
diff --git a/cdist/conf/type/__openldap_server/parameter/optional b/cdist/conf/type/__openldap_server/parameter/optional
index 53587c4e..f4254cb6 100644
--- a/cdist/conf/type/__openldap_server/parameter/optional
+++ b/cdist/conf/type/__openldap_server/parameter/optional
@@ -1,5 +1,6 @@
 syncrepl-credentials
 syncrepl-searchbase
+admin-email
 tls-cert
 tls-privkey
 tls-ca