Page MenuHomeDevCentral
Files F3763259

D966.diff
No OneTemporary
Actions

D966.diff
View Options

diff --git a/roles/core/letsencrypt/init.sls b/pillar/certificates/certificates.sls
copy from roles/core/letsencrypt/init.sls
copy to pillar/certificates/certificates.sls
--- a/roles/core/letsencrypt/init.sls
+++ b/pillar/certificates/certificates.sls
@@ -6,6 +6,11 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-include:
- - .software
- - .service
+# -------------------------------------------------------------
+# Certificates
+# -------------------------------------------------------------
+
+certificates_letsencrypt:
+ eglide:
+ - www.eglide.org
+ - robot.paysannerebelle.com
diff --git a/pillar/top.sls b/pillar/top.sls
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -9,6 +9,7 @@
base:
'*':
- core.hostnames
+ - certificates.certificates
eglide:
- users.revokedusers
- users.shellusers
diff --git a/roles/core/letsencrypt/certificates.sls b/roles/core/letsencrypt/certificates.sls
new file mode 100644
--- /dev/null
+++ b/roles/core/letsencrypt/certificates.sls
@@ -0,0 +1,20 @@
+# -------------------------------------------------------------
+# Salt — Let's encrypt certificates
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-04-27
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+
+# -------------------------------------------------------------
+# Certificates
+# -------------------------------------------------------------
+
+{% for domain in pillar.get('certificates_letsencrypt')[grains['id']] %}
+certificate_{{ domain }}:
+ cmd.run:
+ - name: certbot certonly -d {{ domain }}
+ - unless: test -f {{ dirs.etc }}/letsencrypt/live/{{ domain }}/fullchain.pem
+{% endfor %}
diff --git a/roles/core/letsencrypt/files/cli.ini b/roles/core/letsencrypt/files/cli.ini
new file mode 100644
--- /dev/null
+++ b/roles/core/letsencrypt/files/cli.ini
@@ -0,0 +1,27 @@
+# -------------------------------------------------------------
+# Let's encrypt
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-04-27
+# License: Trivial work, not eligible to copyright
+# Source file: roles/core/letsencrypt-renew/files/letsencrypt.timer
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# Configuration
+server = https://acme-v01.api.letsencrypt.org/directory
+authenticator = webroot
+webroot-path = /var/letsencrypt-auto
+
+# Automation
+email = ops-tls@nasqueron.org
+agree-tos = True
+keep-until-expiring = True
+eff-email = False
+expand = True
diff --git a/roles/core/letsencrypt/init.sls b/roles/core/letsencrypt/init.sls
--- a/roles/core/letsencrypt/init.sls
+++ b/roles/core/letsencrypt/init.sls
@@ -9,3 +9,4 @@
include:
- .software
- .service
+ - .certificates
diff --git a/roles/core/letsencrypt/software.sls b/roles/core/letsencrypt/software.sls
--- a/roles/core/letsencrypt/software.sls
+++ b/roles/core/letsencrypt/software.sls
@@ -7,6 +7,12 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
+{% from "map.jinja" import dirs with context %}
+
+# -------------------------------------------------------------
+# Software
+# -------------------------------------------------------------
+
letsencrypt_software:
pkg.installed:
{% if grains['os'] == 'FreeBSD' %}
@@ -14,3 +20,21 @@
{% else %}
- name: certbot
{% endif %}
+
+
+# -------------------------------------------------------------
+# Working directory
+# -------------------------------------------------------------
+
+/var/letsencrypt-auto:
+ file.directory:
+ - user: root
+ - dir_mode: 711
+
+# -------------------------------------------------------------
+# Configuration file
+# -------------------------------------------------------------
+
+{{ dirs.etc }}/letsencrypt/cli.ini:
+ file.managed:
+ - source: salt://roles/core/letsencrypt/files/cli.ini

File Metadata

Mime Type
text/plain
Expires
Fri, Nov 22, 21:56 (12 h, 42 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2256541
Default Alt Text
D966.diff (4 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator