puppet-acme_vault/manifests/request.pp

# Configuration for requesting a cert from letsencrypt, and storing it in vault.
#

class acme_vault::request (
    $user               = $::acme_vault::common::user,
    $group              = $::acme_vault::common::group,
    $home_dir           = $::acme_vault::common::home_dir,
    $contact_email      = $::acme_vault::common::contact_email,
    $domains            = $::acme_vault::common::domains,
    $overrides          = $::acme_vault::common::overrides,

    $staging            = $::acme_vault::params::staging,
    $staging_url        = $::acme_vault::params::staging_url,
    $prod_url           = $::acme_vault::params::prod_url,

    $acme_revision      = $::acme_vault::params::acme_revision,
    $acme_repo_path     = $::acme_vault::params::acme_repo_path,
    $acme_script        = $::acme_vault::params::acme_script,

    $namecheap_username = $::acme_vault::params::namecheap_username,
    $namecheap_api_key  = $::acme_vault::params::namecheap_api_key,
    $namecheap_sourceip = $::acme_vault::params::namecheap_sourceip,

) inherits acme_vault::params {

    include acme_vault::common

    $request_bashrc_template = @(END)
export TLDEXTRACT_CACHE=$HOME/.tld_set
export NAMECHEAP_USERNAME=<%= @namecheap_username %>
export NAMECHEAP_API_KEY=<%= @namecheap_api_key %>
export NAMECHEAP_SOURCEIP=<%= @namecheap_sourceip %>
END

    # variables in bashrc
    concat::fragment { 'request_bashrc':
      target  => "${home_dir}/.bashrc",
      content => inline_template($request_bashrc_template),
      order   => '02',
    }


    # checkout acme repo
    vcsrepo { $acme_repo_path:
      ensure   => present,
      provider => git,
      source   => 'https://github.com/Neilpang/acme.sh.git',
      revision => $acme_revision,
    }

    file { "${home_dir}/.acme.sh":
      ensure => directory,
      owner  => $user,
      group  => $group,
      mode   => '0700',
    } ->
    file { "${home_dir}/.acme.sh/account.conf":
      ensure => present,
      owner  => $user,
      group  => $group,
      mode   => '0600',
    } ->
    file_line { ' add email to acme conf':
      path  => "${home_dir}/.acme.sh/account.conf",
      line  => "ACCOUNT_EMAIL='${contact_email}'",
      match => '^ACCOUNT_EMAIL=.*$',
    }

    # create issue scripts
    $domains.each |$domain, $d_list| {
      file {"/${home_dir}/${domain}.sh":
        ensure  => present,
        mode    => '0700',
        owner   => $user,
        group   => $group,

        content => epp('acme_vault/domain.epp', {
          acme_script => $acme_script,
          domain      => $domain,
          domains     => $d_list,
          staging     => $staging,
          staging_url => $staging_url,
          prod_url    => $prod_url,
          overrides   => $overrides,
          }
        )
      }
      cron { "${domain}_issue":
        command => "${home_dir}/${domain}.sh",
        user    => $user,
        weekday => 1,
        hour    => 11,
        minute  => 28,
      }
    }

}
add docs, cleanup 2018-02-27 18:58:42 +00:00			`# Configuration for requesting a cert from letsencrypt, and storing it in vault.`
			`#`

add email conf for acme s/requestor/request 2018-02-28 18:46:41 +00:00			`class acme_vault::request (`
fix cron conditional, common namespace fixes, domain template includes domain 2018-02-27 15:32:51 +00:00			`$user = $::acme_vault::common::user,`
			`$group = $::acme_vault::common::group,`
			`$home_dir = $::acme_vault::common::home_dir,`
			`$contact_email = $::acme_vault::common::contact_email,`
			`$domains = $::acme_vault::common::domains,`
update acme_vault repo - Aug-8-2019 2019-08-08 16:01:55 +00:00			`$overrides = $::acme_vault::common::overrides,`
requester first pass 2018-02-22 19:46:51 +00:00
			`$staging = $::acme_vault::params::staging,`
			`$staging_url = $::acme_vault::params::staging_url,`
			`$prod_url = $::acme_vault::params::prod_url,`

			`$acme_revision = $::acme_vault::params::acme_revision,`
			`$acme_repo_path = $::acme_vault::params::acme_repo_path,`
			`$acme_script = $::acme_vault::params::acme_script,`
add common class, lexicon vars, general cleanup 2018-02-22 20:50:27 +00:00
use namecheap provider directly instead of lexicon 2021-04-20 17:11:05 +00:00			`$namecheap_username = $::acme_vault::params::namecheap_username,`
			`$namecheap_api_key = $::acme_vault::params::namecheap_api_key,`
			`$namecheap_sourceip = $::acme_vault::params::namecheap_sourceip,`
requester first pass 2018-02-22 19:46:51 +00:00
			`) inherits acme_vault::params {`

add common class, lexicon vars, general cleanup 2018-02-22 20:50:27 +00:00			`include acme_vault::common`
requester first pass 2018-02-22 19:46:51 +00:00
add email conf for acme s/requestor/request 2018-02-28 18:46:41 +00:00			`$request_bashrc_template = @(END)`
add deploy, cron job, lexicon installation 2018-02-23 15:03:41 +00:00			`export TLDEXTRACT_CACHE=$HOME/.tld_set`
use namecheap provider directly instead of lexicon 2021-04-20 17:11:05 +00:00			`export NAMECHEAP_USERNAME=<%= @namecheap_username %>`
			`export NAMECHEAP_API_KEY=<%= @namecheap_api_key %>`
			`export NAMECHEAP_SOURCEIP=<%= @namecheap_sourceip %>`
add common class, lexicon vars, general cleanup 2018-02-22 20:50:27 +00:00			`END`
requester first pass 2018-02-22 19:46:51 +00:00
add deploy, cron job, lexicon installation 2018-02-23 15:03:41 +00:00			`# variables in bashrc`
add email conf for acme s/requestor/request 2018-02-28 18:46:41 +00:00			`concat::fragment { 'request_bashrc':`
add common class, lexicon vars, general cleanup 2018-02-22 20:50:27 +00:00			`target => "${home_dir}/.bashrc",`
add email conf for acme s/requestor/request 2018-02-28 18:46:41 +00:00			`content => inline_template($request_bashrc_template),`
puppet-lint 2018-02-26 19:54:07 +00:00			`order => '02',`
requester first pass 2018-02-22 19:46:51 +00:00			`}`


			`# checkout acme repo`
			`vcsrepo { $acme_repo_path:`
			`ensure => present,`
			`provider => git,`
puppet-lint 2018-02-26 19:54:07 +00:00			`source => 'https://github.com/Neilpang/acme.sh.git',`
requester first pass 2018-02-22 19:46:51 +00:00			`revision => $acme_revision,`
			`}`

add email conf for acme s/requestor/request 2018-02-28 18:46:41 +00:00			`file { "${home_dir}/.acme.sh":`
			`ensure => directory,`
			`owner => $user,`
			`group => $group,`
			`mode => '0700',`
			`} ->`
			`file { "${home_dir}/.acme.sh/account.conf":`
			`ensure => present,`
			`owner => $user,`
			`group => $group,`
			`mode => '0600',`
			`} ->`
			`file_line { ' add email to acme conf':`
			`path => "${home_dir}/.acme.sh/account.conf",`
add quotes to account_email in account.conf 2018-03-02 15:28:15 +00:00			`line => "ACCOUNT_EMAIL='${contact_email}'",`
add email conf for acme s/requestor/request 2018-02-28 18:46:41 +00:00			`match => '^ACCOUNT_EMAIL=.*$',`
			`}`

add common class, lexicon vars, general cleanup 2018-02-22 20:50:27 +00:00			`# create issue scripts`
requester first pass 2018-02-22 19:46:51 +00:00			`$domains.each \|$domain, $d_list\| {`
			`file {"/${home_dir}/${domain}.sh":`
puppet-lint 2018-02-26 19:54:07 +00:00			`ensure => present,`
			`mode => '0700',`
			`owner => $user,`
			`group => $group,`
requester first pass 2018-02-22 19:46:51 +00:00
puppet-lint 2018-02-26 19:54:07 +00:00			`content => epp('acme_vault/domain.epp', {`
			`acme_script => $acme_script,`
requester first pass 2018-02-22 19:46:51 +00:00			`domain => $domain,`
			`domains => $d_list,`
			`staging => $staging,`
			`staging_url => $staging_url,`
			`prod_url => $prod_url,`
update acme_vault repo - Aug-8-2019 2019-08-08 16:01:55 +00:00			`overrides => $overrides,`
puppet-lint 2018-02-26 19:54:07 +00:00			`}`
add common class, lexicon vars, general cleanup 2018-02-22 20:50:27 +00:00			`)`
requester first pass 2018-02-22 19:46:51 +00:00			`}`
add deploy, cron job, lexicon installation 2018-02-23 15:03:41 +00:00			`cron { "${domain}_issue":`
puppet-lint 2018-02-26 19:54:07 +00:00			`command => "${home_dir}/${domain}.sh",`
			`user => $user,`
			`weekday => 1,`
cron time fixes, sourcing 2018-03-05 18:23:44 +00:00			`hour => 11,`
			`minute => 28,`
add deploy, cron job, lexicon installation 2018-02-23 15:03:41 +00:00			`}`
requester first pass 2018-02-22 19:46:51 +00:00			`}`

			`}`