diff options
author | Jesse Luehrs <doy@tozt.net> | 2018-10-14 16:26:34 -0400 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2018-10-14 16:26:34 -0400 |
commit | e3d4e2e7bf93356fafaff2398cec60d65d6b3873 (patch) | |
tree | 8fee7d4fec52f6f496769a46c5f5f039abbc98a5 /modules/certbot | |
parent | fc7014a8ffea45ef85a50f2dedf429393f6a643e (diff) | |
download | puppet-tozt-e3d4e2e7bf93356fafaff2398cec60d65d6b3873.tar.gz puppet-tozt-e3d4e2e7bf93356fafaff2398cec60d65d6b3873.zip |
try to fix initial certbot provisioning
Diffstat (limited to 'modules/certbot')
-rwxr-xr-x | modules/certbot/files/bootstrap-certbot | 50 | ||||
-rw-r--r-- | modules/certbot/manifests/init.pp | 10 |
2 files changed, 56 insertions, 4 deletions
diff --git a/modules/certbot/files/bootstrap-certbot b/modules/certbot/files/bootstrap-certbot new file mode 100755 index 0000000..cb496f8 --- /dev/null +++ b/modules/certbot/files/bootstrap-certbot @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +set -eu +set -o pipefail + +# XXX update to real domain name + +config_dir="$1" +if systemctl is-active -q nginx; then + is_running=1 +else + is_running= +fi + +cleanup() { + if [ -z "$is_running" ]; then + systemctl stop nginx + fi + + if [ -e /etc/nginx/nginx.conf.backup ]; then + mv /etc/nginx/nginx.conf.backup /etc/nginx.conf + fi +} +trap cleanup EXIT + +mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup +cat > /etc/nginx/nginx.conf <<EOF +worker_processes 1; +events { + worker_connections 1024; +} +http { + server { + listen 80 default; + server_name new.tozt.net; + location / { + root /tmp; + } + } +} +EOF + +if [ -z "$is_running" ]; then + systemctl start nginx +fi + +if [ -z "$config_dir" ]; then + /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d new.tozt.net +else + /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d new.tozt.net --config-dir "$config_dir" +fi diff --git a/modules/certbot/manifests/init.pp b/modules/certbot/manifests/init.pp index e0e78ab..27d59a6 100644 --- a/modules/certbot/manifests/init.pp +++ b/modules/certbot/manifests/init.pp @@ -1,11 +1,9 @@ class certbot($config_dir=undef) { if $config_dir { $_config_dir = $config_dir - $config_dir_opts = " --config-dir ${config_dir}" } else { $_config_dir = "/etc/letsencrypt" - $config_dir_opts = "" } include cron @@ -36,17 +34,21 @@ class certbot($config_dir=undef) { "${_config_dir}/renewal-hooks/deploy/reload-cert": source => 'puppet:///modules/certbot/reload-cert', require => File["${_config_dir}/renewal-hooks/deploy"]; + "/usr/local/bin/bootstrap-certbot": + source => 'puppet:///modules/certbot/bootstrap-certbot', + mode => '0755'; } exec { "initial certbot run": - # XXX update to real domain name - command => "/usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d new.tozt.net${config_dir_opts}", + provider => shell, + command => "/usr/local/bin/bootstrap-certbot ${config_dir}", creates => "${_config_dir}/live", require => [ Package["certbot"], # not Class["nginx"], because of circular dependencies with nginx::site Package["nginx"], Package["certbot-nginx"], + File['/usr/local/bin/bootstrap-certbot'], ], } } |