Page MenuHomeDevCentral

D965.id2465.diff
No OneTemporary

D965.id2465.diff

diff --git a/pillar/certificates/certificates.sls b/pillar/certificates/certificates.sls
new file mode 100644
--- /dev/null
+++ b/pillar/certificates/certificates.sls
@@ -0,0 +1,16 @@
+# -------------------------------------------------------------
+# Salt — Let's encrypt certificates
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-04-27
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Certificates
+# -------------------------------------------------------------
+
+certificates_letsencrypt:
+ eglide:
+ - www.eglide.org
+ - robot.paysannerebelle.com
diff --git a/roles/core/letsencrypt-renew/files/letsencrypt.service b/roles/core/letsencrypt/files/letsencrypt-renew.service
rename from roles/core/letsencrypt-renew/files/letsencrypt.service
rename to roles/core/letsencrypt/files/letsencrypt-renew.service
--- a/roles/core/letsencrypt-renew/files/letsencrypt.service
+++ b/roles/core/letsencrypt/files/letsencrypt-renew.service
@@ -18,5 +18,5 @@
Description=Renew Let's encrypt certificates.
[Service]
-Type=simple
-ExecStart=letsencrypt-renewal
+Type=oneshot
+ExecStart=/usr/local/sbin/letsencrypt-renewal
diff --git a/roles/core/letsencrypt-renew/files/letsencrypt.timer b/roles/core/letsencrypt/files/letsencrypt-renew.timer
rename from roles/core/letsencrypt-renew/files/letsencrypt.timer
rename to roles/core/letsencrypt/files/letsencrypt-renew.timer
--- a/roles/core/letsencrypt-renew/files/letsencrypt.timer
+++ b/roles/core/letsencrypt/files/letsencrypt-renew.timer
@@ -20,4 +20,6 @@
[Timer]
OnCalendar=*-*-26 12:15:00
Persistent=yes
-Unit=letsencrypt.service
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/core/letsencrypt-renew/files/letsencrypt-renewal.sh b/roles/core/letsencrypt/files/letsencrypt-renewal.sh
rename from roles/core/letsencrypt-renew/files/letsencrypt-renewal.sh
rename to roles/core/letsencrypt/files/letsencrypt-renewal.sh
--- a/roles/core/letsencrypt-renew/files/letsencrypt-renewal.sh
+++ b/roles/core/letsencrypt/files/letsencrypt-renewal.sh
@@ -28,4 +28,4 @@
}
-letsencrypt renew && nginx_test && service nginx restart
+certbot renew && nginx_test && service nginx restart
diff --git a/roles/core/letsencrypt/init.sls b/roles/core/letsencrypt/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/core/letsencrypt/init.sls
@@ -0,0 +1,11 @@
+# -------------------------------------------------------------
+# Salt — Let's encrypt certificates
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-04-27
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+include:
+ - .software
+ - .service
diff --git a/roles/core/letsencrypt/service.sls b/roles/core/letsencrypt/service.sls
new file mode 100644
--- /dev/null
+++ b/roles/core/letsencrypt/service.sls
@@ -0,0 +1,45 @@
+# -------------------------------------------------------------
+# Salt — Let's encrypt certificates
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-04-27
+# Description: Provide a renewal service
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import services with context %}
+
+# -------------------------------------------------------------
+# Renew script
+# -------------------------------------------------------------
+
+/usr/local/sbin/letsencrypt-renewal:
+ file.managed:
+ - source: salt://roles/core/letsencrypt/files/letsencrypt-renewal.sh
+ - mode: 0755
+
+# -------------------------------------------------------------
+# Unit configuration
+# -------------------------------------------------------------
+
+{% if services['manager'] == 'systemd' %}
+
+letsencrypt_renew_unit:
+ file.managed:
+ - name: /etc/systemd/system/letsencrypt-renew.service
+ - source: salt://roles/core/letsencrypt/files/letsencrypt-renew.service
+ - mode: 0644
+ module.run:
+ - name: service.force_reload
+ - m_name: letsencrypt-renew
+ - onchanges:
+ - file: letsencrypt_renew_unit
+
+letsencrypt_renew_running:
+ service.running:
+ - name: letsencrypt-renew
+ - enable: true
+ - watch:
+ - module: letsencrypt_renew_unit
+
+{% endif %}
diff --git a/roles/core/letsencrypt/software.sls b/roles/core/letsencrypt/software.sls
new file mode 100644
--- /dev/null
+++ b/roles/core/letsencrypt/software.sls
@@ -0,0 +1,16 @@
+# -------------------------------------------------------------
+# Salt — Let's encrypt certificates
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-04-27
+# Description: Provide a renewal service
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+letsencrypt_software:
+ pkg.installed:
+ {% if grains['os'] == 'FreeBSD' %}
+ - name: py27-certbot
+ {% else %}
+ - name: certbot
+ {% endif %}
diff --git a/top.sls b/top.sls
--- a/top.sls
+++ b/top.sls
@@ -14,6 +14,7 @@
- roles/core/motd
- roles/core/rsyslog
- roles/core/sshd
+ - roles/core/letsencrypt
'eglide':
- roles/shellserver/users
- roles/shellserver/userland-software

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 16, 04:35 (19 h, 42 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2247116
Default Alt Text
D965.id2465.diff (5 KB)

Event Timeline