request a letsencrypt cert before starting up

3 files changed, 42 insertions, 0 deletions

diff --git a/mail/certbot/files/nginx b/mail/certbot/files/nginx
new file mode 100644
index 0000000..2386da0
--- /dev/null
+++ b/mail/certbot/files/nginx
@@ -0,0 +1,7 @@
+server {
+    listen 80 default;
+    server_name newmail.tozt.net;
+    location / {
+        root /var/www/certbot;
+    }
+}
diff --git a/mail/certbot/manifests/init.pp b/mail/certbot/manifests/init.pp
new file mode 100644
index 0000000..3378329
--- /dev/null
+++ b/mail/certbot/manifests/init.pp
@@ -0,0 +1,33 @@
+class certbot {
+  package {
+    [
+      "certbot",
+      "nginx",
+      "python-certbot-nginx",
+    ]:
+      ensure => installed;
+  }
+
+  file {
+    "/etc/nginx/sites-available/certbot":
+      source => "puppet:///modules/certbot/nginx",
+      require => Package["nginx"];
+    "/etc/nginx/sites-enabled/certbot":
+      ensure => link,
+      target => "../sites-available/certbot",
+      require => Package["nginx"];
+    "/var/www/certbot":
+      ensure => directory,
+      require => Package["nginx"];
+  }
+
+  exec { "initial certbot run":
+    command => "/usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d newmail.tozt.net",
+    creates => "/etc/letsencrypt/live",
+    require => [
+      File["/etc/nginx/sites-enabled/certbot"],
+      File["/var/www/certbot"],
+      Package["certbot"],
+    ],
+  }
+}
diff --git a/mail/mail/manifests/mailserver.pp b/mail/mail/manifests/mailserver.pp
index 7729715..f25e7d3 100644
--- a/mail/mail/manifests/mailserver.pp
+++ b/mail/mail/manifests/mailserver.pp
@@ -1,4 +1,5 @@
 class mail::mailserver {
+  include certbot
   include mailserver
 
   file {
@@ -21,6 +22,7 @@ class mail::mailserver {
   service { "mailserver":
     ensure => running,
     require => [
+      Class["certbot"],
       Class["mailserver"],
       Exec["systemctl daemon-reload"],
       File["/usr/local/share/mailserver/config/postfix-accounts.cf"],