Page MenuHomeDevCentral
Files F3763668

D966.id2469.diff
No OneTemporary
Actions

D966.id2469.diff
View Options

diff --git a/roles/core/letsencrypt/software.sls b/pillar/certificates/certificates.sls
copy from roles/core/letsencrypt/software.sls
copy to pillar/certificates/certificates.sls
--- a/roles/core/letsencrypt/software.sls
+++ b/pillar/certificates/certificates.sls
@@ -3,14 +3,14 @@
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-04-27
-# Description: Provide a renewal service
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-letsencrypt_software:
- pkg.installed:
- {% if grains['os'] == 'FreeBSD' %}
- - name: py27-certbot
- {% else %}
- - name: certbot
- {% endif %}
+# -------------------------------------------------------------
+# Certificates
+# -------------------------------------------------------------
+
+certificates_letsencrypt:
+ eglide:
+ - www.eglide.org
+ - robot.paysannerebelle.com
diff --git a/pillar/top.sls b/pillar/top.sls
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -9,6 +9,7 @@
base:
'*':
- core.hostnames
+ - certificates.certificates
eglide:
- users.revokedusers
- users.shellusers
diff --git a/roles/core/letsencrypt/certificates.sls b/roles/core/letsencrypt/certificates.sls
new file mode 100644
--- /dev/null
+++ b/roles/core/letsencrypt/certificates.sls
@@ -0,0 +1,29 @@
+# -------------------------------------------------------------
+# Salt — Let's encrypt certificates
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-04-27
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+
+# -------------------------------------------------------------
+# Working directory
+# -------------------------------------------------------------
+
+/var/letsencrypt-auto:
+ file.directory:
+ - user: root
+ - dir_mode: 711
+
+# -------------------------------------------------------------
+# Certificates
+# -------------------------------------------------------------
+
+{% for domain in pillar.get('certificates_letsencrypt')[grains['id']] %}
+certificate_{{ domain }}:
+ cmd.run:
+ - name: certbot certonly --server https://acme-v01.api.letsencrypt.org/directory -a webroot --webroot-path=/var/letsencrypt-auto -d {{ domain }}
+ - unless: test -f {{ dirs.etc }}/letsencrypt/live/{{ domain }}/fullchain.pem
+{% endfor %}
diff --git a/roles/core/letsencrypt/files/cli.ini b/roles/core/letsencrypt/files/cli.ini
new file mode 100644
--- /dev/null
+++ b/roles/core/letsencrypt/files/cli.ini
@@ -0,0 +1,29 @@
+# -------------------------------------------------------------
+# Let's encrypt
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-04-27
+# License: Trivial work, not eligible to copyright
+# Source file: roles/core/letsencrypt-renew/files/letsencrypt.timer
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# Configuration
+server = https://acme-v01.api.letsencrypt.org/directory
+authenticator = webroot
+webroot-path = /var/letsencrypt-auto
+
+# Automation
+email = ops-tls@nasqueron.org
+agree-tos = True
+keep-until-expiring = True
+expand = True
+
+# Security
+rsa-key-size = 4096
diff --git a/roles/core/letsencrypt/init.sls b/roles/core/letsencrypt/init.sls
--- a/roles/core/letsencrypt/init.sls
+++ b/roles/core/letsencrypt/init.sls
@@ -9,3 +9,4 @@
include:
- .software
- .service
+ - .certificates
diff --git a/roles/core/letsencrypt/software.sls b/roles/core/letsencrypt/software.sls
--- a/roles/core/letsencrypt/software.sls
+++ b/roles/core/letsencrypt/software.sls
@@ -7,6 +7,12 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
+{% from "map.jinja" import dirs with context %}
+
+# -------------------------------------------------------------
+# Software
+# -------------------------------------------------------------
+
letsencrypt_software:
pkg.installed:
{% if grains['os'] == 'FreeBSD' %}
@@ -14,3 +20,21 @@
{% else %}
- name: certbot
{% endif %}
+
+
+# -------------------------------------------------------------
+# Working directory
+# -------------------------------------------------------------
+
+/var/letsencrypt-auto:
+ file.directory:
+ - user: root
+ - dir_mode: 711
+
+# -------------------------------------------------------------
+# Configuration file
+# -------------------------------------------------------------
+
+{{ dirs.etc }}/letsencrypt/cli.ini:
+ file.managed:
+ - source: salt://roles/core/letsencrypt/files/cli.ini

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 23, 01:32 (15 h, 59 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2256803
Default Alt Text
D966.id2469.diff (5 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator