Puppet Class: acme

Defined in:
manifests/init.pp

Summary

Configure x509 certificates with ACME

Overview

Parameters:

  • certificates (Hash[String, Hash]) (defaults to: {})

    sets the certificates to create

  • path (String) (defaults to: '/opt/lego')

    sets the storage directory for certs



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'manifests/init.pp', line 5

class acme (
  Hash[String, Hash] $certificates = {},
  String $path = '/opt/lego',
) {
  package { 'lego': }

  file { $path:
    ensure => directory,
    owner  => 'root',
    group  => 'root',
  }

  file { ["${path}/hooks", "${path}/creds", "${path}/email"]:
    ensure  => directory,
    owner   => 'root',
    group   => 'root',
    recurse => true,
    purge   => true,
  }

  file { '/opt/lego/renew_all':
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0755',
    content => template('acme/renew_all.erb'),
  }

  file { '/etc/systemd/system/acme_renew.service':
    ensure  => file,
    content => template('acme/acme_renew.service.erb'),
    notify  => Service['acme_renew.timer'],
  }

  file { '/etc/systemd/system/acme_renew.timer':
    ensure => file,
    source => 'puppet:///modules/acme/acme_renew.timer',
    notify => Service['acme_renew.timer'],
  }

  service { 'acme_renew.timer':
    ensure => running,
    enable => true,
  }

  $acme::certificates.each | String $name, Hash $options | {
    acme::certificate { $name:
      * => $options,
    }
  }
}