diff options
author | Jesse Luehrs <doy@tozt.net> | 2018-10-20 02:14:02 -0400 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2018-10-20 02:14:02 -0400 |
commit | 61c35b0c5dcc1de7a5b51a5e5731d341e36baeb5 (patch) | |
tree | b6a8bd597ad30000a070afec50134e4e99cd43fc /mail | |
parent | c5546a2c5c39fa6c8bccbae4a4ae9a27637690a0 (diff) | |
download | puppet-tozt-61c35b0c5dcc1de7a5b51a5e5731d341e36baeb5.tar.gz puppet-tozt-61c35b0c5dcc1de7a5b51a5e5731d341e36baeb5.zip |
request a letsencrypt cert before starting up
Diffstat (limited to 'mail')
-rw-r--r-- | mail/certbot/files/nginx | 7 | ||||
-rw-r--r-- | mail/certbot/manifests/init.pp | 33 | ||||
-rw-r--r-- | mail/mail/manifests/mailserver.pp | 2 |
3 files changed, 42 insertions, 0 deletions
diff --git a/mail/certbot/files/nginx b/mail/certbot/files/nginx new file mode 100644 index 0000000..2386da0 --- /dev/null +++ b/mail/certbot/files/nginx @@ -0,0 +1,7 @@ +server { + listen 80 default; + server_name newmail.tozt.net; + location / { + root /var/www/certbot; + } +} diff --git a/mail/certbot/manifests/init.pp b/mail/certbot/manifests/init.pp new file mode 100644 index 0000000..3378329 --- /dev/null +++ b/mail/certbot/manifests/init.pp @@ -0,0 +1,33 @@ +class certbot { + package { + [ + "certbot", + "nginx", + "python-certbot-nginx", + ]: + ensure => installed; + } + + file { + "/etc/nginx/sites-available/certbot": + source => "puppet:///modules/certbot/nginx", + require => Package["nginx"]; + "/etc/nginx/sites-enabled/certbot": + ensure => link, + target => "../sites-available/certbot", + require => Package["nginx"]; + "/var/www/certbot": + ensure => directory, + require => Package["nginx"]; + } + + exec { "initial certbot run": + command => "/usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d newmail.tozt.net", + creates => "/etc/letsencrypt/live", + require => [ + File["/etc/nginx/sites-enabled/certbot"], + File["/var/www/certbot"], + Package["certbot"], + ], + } +} diff --git a/mail/mail/manifests/mailserver.pp b/mail/mail/manifests/mailserver.pp index 7729715..f25e7d3 100644 --- a/mail/mail/manifests/mailserver.pp +++ b/mail/mail/manifests/mailserver.pp @@ -1,4 +1,5 @@ class mail::mailserver { + include certbot include mailserver file { @@ -21,6 +22,7 @@ class mail::mailserver { service { "mailserver": ensure => running, require => [ + Class["certbot"], Class["mailserver"], Exec["systemctl daemon-reload"], File["/usr/local/share/mailserver/config/postfix-accounts.cf"], |