diff --git a/README.md b/README.md index c373b75..f3ad31c 100644 --- a/README.md +++ b/README.md @@ -30,9 +30,7 @@ enabled on any machine that requires the requested certificates. ### What acme_vault affects This module will create a new system user that is used to request and deploy -certificates. It uses [lexicon](https://github.com/AnalogJ/lexicon) to make -api requests for dns changes. We use namecheap, so the required namecheap -python library is also included. Both are installed via pip. +certificates. This module also assumes a working installation of vault. @@ -139,7 +137,7 @@ Default value: `/secret/letsencrypt/` #### acme_vault::request This class uses acme.sh, and pulls down the git repo for it. It uses the -lexicon provider in acme.sh to do the dns updating for the dns-01 challenge. +namecheap provider in acme.sh to do the dns updating for the dns-01 challenge. It configures a cron job to periodically check if a cert needs renewal. Note: it does not automatically trigger requesting certs, but relies on cron @@ -222,21 +220,23 @@ path the the acme.sh script itself Default value: `$acme_repo_path/acme.sh` -#### `lexicon_provider` +#### `namecheap_sourceip` -provider for lexicon to use for dns-01 challanges. +sourceip for namecheap requests (it is well known that this is ignored by their api) + +Default value: `127.0.0.1` REQUIRED -#### `lexicon_username` +#### `namecheap_username` -username for lexicon dns. +username for namecheap dns api. REQUIRED -#### `lexicon_token` +#### `namecheap_api_key` -token for lexicon user. +token for namecheap api user. REQUIRED diff --git a/manifests/params.pp b/manifests/params.pp index 8d2dee2..1a2faf8 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -27,10 +27,10 @@ class acme_vault::params { $acme_repo_path = "${home_dir}/acme.sh" $acme_script = "${acme_repo_path}/acme.sh" - # lexicon - $lexicon_provider = undef - $lexicon_username = undef - $lexicon_token = undef + # namecheap + $namecheap_username = undef + $namecheap_api_key = undef + $namecheap_sourceip = 127.0.0.1 # settings for deploy $cert_destination_path = '/etc/acme' diff --git a/manifests/request.pp b/manifests/request.pp index 97dffa6..5f4be8d 100644 --- a/manifests/request.pp +++ b/manifests/request.pp @@ -17,10 +17,9 @@ class acme_vault::request ( $acme_repo_path = $::acme_vault::params::acme_repo_path, $acme_script = $::acme_vault::params::acme_script, - $lexicon_provider = $::acme_vault::params::lexicon_provider, - $lexicon_username = $::acme_vault::params::lexicon_username, - $lexicon_token = $::acme_vault::params::lexicon_token, - + $namecheap_username = $::acme_vault::params::namecheap_username, + $namecheap_api_key = $::acme_vault::params::namecheap_api_key, + $namecheap_sourceip = $::acme_vault::params::namecheap_sourceip, ) inherits acme_vault::params { @@ -28,17 +27,11 @@ class acme_vault::request ( $request_bashrc_template = @(END) export TLDEXTRACT_CACHE=$HOME/.tld_set -export PROVIDER=<%= @lexicon_provider %> -export LEXICON_<%= @lexicon_provider.upcase %>_AUTH_USERNAME=<%= @lexicon_username %> -export LEXICON_<%= @lexicon_provider.upcase %>_AUTH_TOKEN=<%= @lexicon_token %> +export NAMECHEAP_USERNAME=<%= @namecheap_username %> +export NAMECHEAP_API_KEY=<%= @namecheap_api_key %> +export NAMECHEAP_SOURCEIP=<%= @namecheap_sourceip %> END - # install lexicon - ensure_packages(['dns-lexicon', 'PyNamecheap'], { - ensure => present, - provider => 'pip', - }) - # variables in bashrc concat::fragment { 'request_bashrc': target => "${home_dir}/.bashrc", diff --git a/templates/domain.epp b/templates/domain.epp index 3fb2668..d8058f9 100644 --- a/templates/domain.epp +++ b/templates/domain.epp @@ -9,7 +9,7 @@ <% } else { -%> --server <%= $prod_url %> \ <% } -%> ---dns dns_lexicon \ +--dns dns_namecheap \ --dnssleep 1800 \ --domain "<%= $domain %>" --challenge-alias <%= "$domain" %> \ <% $domains.each |$d| {