Mercurial > repos > other > Puppet
comparison modules/website/manifests/init.pp @ 133:9337c9ce648a puppet-3.6
Switch to using LetsEncrypt certs by default
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Fri, 11 Nov 2016 17:15:23 +0000 |
parents | 95502bafeaa3 |
children | b3f6c7a910d0 |
comparison
equal
deleted
inserted
replaced
132:9af4b04c2667 | 133:9337c9ce648a |
---|---|
1 class website( | 1 class website( |
2 $base_dir, | 2 $base_dir, |
3 $cert_dir = '/etc/pki/custom', | 3 $cert_dir = '/etc/pki/custom', |
4 $ssl_chain = 'ca-chain.pem', | |
5 $primary_ip, | 4 $primary_ip, |
6 $secondary_ip, | 5 $secondary_ip, |
7 $default_owner, | 6 $default_owner, |
8 $default_group, | 7 $default_group, |
9 $default_tld = 'com', | 8 $default_tld = 'com', |
18 | 17 |
19 $basedir = $base_dir | 18 $basedir = $base_dir |
20 $certdir = $cert_dir | 19 $certdir = $cert_dir |
21 $docroot_owner = $default_owner | 20 $docroot_owner = $default_owner |
22 $docroot_group = $default_group | 21 $docroot_group = $default_group |
23 $ca_chain = $ssl_chain | 22 $ca_chain = "/etc/letsencrypt/live/${::fqdn}/chain.pem" |
24 $tld = $default_tld | 23 $tld = $default_tld |
25 $extra_tlds = $default_extra_tlds | 24 $extra_tlds = $default_extra_tlds |
26 $htmlphpfragment = "Include conf.extra/html-php.conf" | 25 $htmlphpfragment = "Include conf.extra/html-php.conf" |
27 $filterfragment = "Include conf.custom/filter.conf" | 26 $filterfragment = "Include conf.custom/filter.conf" |
28 $cmsfragment = "Include conf.extra/cms_rewrites.conf" | 27 $cmsfragment = "Include conf.extra/cms_rewrites.conf" |
109 command => 'semanage fcontext -a -t httpd_sys_content_t "/srv/sites(/.*)?"', | 108 command => 'semanage fcontext -a -t httpd_sys_content_t "/srv/sites(/.*)?"', |
110 path => '/bin:/usr/bin/:/sbin:/usr/sbin', | 109 path => '/bin:/usr/bin/:/sbin:/usr/sbin', |
111 require => Package['policycoreutils-python'], | 110 require => Package['policycoreutils-python'], |
112 unless => 'semanage fcontext --list | grep "/srv/sites\\(/\\.\\*\\)\\?"', | 111 unless => 'semanage fcontext --list | grep "/srv/sites\\(/\\.\\*\\)\\?"', |
113 } | 112 } |
113 cron { 'letsencrypt-renewal': | |
114 command => '/usr/bin/certbot renew --quiet', | |
115 hour => '*/12', | |
116 minute => '21', | |
117 } | |
114 } | 118 } |
115 } | 119 } |