add letsencrypt bundle

This commit is contained in:
Franzi 2020-06-01 10:26:37 +02:00
parent 04f2baacf4
commit dc9e8dc679
Signed by: kunsi
GPG key ID: 12E3D2136B818350
5 changed files with 37 additions and 2 deletions

View file

@ -0,0 +1,5 @@
${node.hostname}
% for domain, aliases in node.metadata.get('letsencrypt', {}).get('domains', {}).items():
${domain} ${' '.join(aliases)}
% endfor

View file

@ -0,0 +1,24 @@
assert node.has_bundle('nginx'), 'letsencrypt needs nginx'
pkg_apt = {
'dehydrated': {},
}
actions = {
'letsencrypt_update_certificates': {
'command': 'dehydrated --cron --accept-terms --ocsp --challenge http-01',
'triggered': True,
'needs': {
'pkg_apt:dehydrated',
},
},
}
files = {
'/etc/dehydrated/domains.txt': {
'content_type': 'mako',
'triggers': {
'action:letsencrypt_update_certificates',
},
},
}

View file

@ -8,6 +8,6 @@ server {
} }
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
alias /var/www/default/.well-known/acme-challenge/; alias /var/lib/dehydrated/acme-challenges/;
} }
} }

View file

@ -5,6 +5,7 @@ groups['all'] = {
'bundles': { 'bundles': {
'apt', 'apt',
'hostname', 'hostname',
'letsencrypt',
'sudo', 'sudo',
'systemd', 'systemd',
'users', 'users',

View file

@ -7,6 +7,11 @@ nodes['htz-cloud.sewfile'] = {
'seafile', 'seafile',
], ],
'metadata': { 'metadata': {
'letsencrypt': {
'domains': {
'sewfile.franzi.business': set(),
},
},
'os': 'debian', 'os': 'debian',
'os_release': 'buster', 'os_release': 'buster',
}, },