assert node.has_bundle('nginx'), 'letsencrypt needs nginx' pkg_apt = { 'dehydrated': {}, } actions = { 'letsencrypt_update_certificates': { 'command': 'dehydrated --cron --accept-terms --challenge http-01', 'triggered': True, 'needs': { 'svc_systemd:nginx', }, }, } for domain, _ in node.metadata.get('letsencrypt/domains').items(): actions['letsencrypt_ensure-some-certificate_{}'.format(domain)] = { 'command': '/etc/dehydrated/letsencrypt-ensure-some-certificate {}'.format(domain), 'unless': '/etc/dehydrated/letsencrypt-ensure-some-certificate {} true'.format(domain), 'needs': { 'file:/etc/dehydrated/letsencrypt-ensure-some-certificate', }, 'needed_by': { 'svc_systemd:nginx', }, } files = { '/etc/dehydrated/domains.txt': { 'content_type': 'mako', 'triggers': { 'action:letsencrypt_update_certificates', }, }, '/etc/dehydrated/config': { 'triggers': { 'action:letsencrypt_update_certificates', }, }, '/etc/dehydrated/hook.sh': { 'content_type': 'mako', 'mode': '0755', }, '/etc/dehydrated/letsencrypt-ensure-some-certificate': { 'mode': '0755', }, }