use namecheap provider directly instead of lexicon

README.md

@@ -30,9 +30,7 @@ enabled on any machine that requires the requested certificates.
 ### What acme_vault affects
 
 This module will create a new system user that is used to request and deploy
-certificates.  It uses [lexicon](https://github.com/AnalogJ/lexicon) to make
+certificates.
-api requests for dns changes.  We use namecheap, so the required namecheap
-python library is also included.  Both are installed via pip.
 
 This module also assumes a working installation of vault.
 
@@ -139,7 +137,7 @@ Default value: `/secret/letsencrypt/`
 #### acme_vault::request
 
 This class uses acme.sh, and pulls down the git repo for it.  It uses the
-lexicon provider in acme.sh to do the dns updating for the dns-01 challenge.
+namecheap provider in acme.sh to do the dns updating for the dns-01 challenge.
 It configures a cron job to periodically check if a cert needs renewal.
 
 Note: it does not automatically trigger requesting certs, but relies on cron
@@ -222,21 +220,23 @@ path the the acme.sh script itself
 
 Default value: `$acme_repo_path/acme.sh`
 
-#### `lexicon_provider`
+#### `namecheap_sourceip`
 
-provider for lexicon to use for dns-01 challanges.
+sourceip for namecheap requests (it is well known that this is ignored by their api)
+
+Default value: `127.0.0.1`
 
 REQUIRED
 
-#### `lexicon_username`
+#### `namecheap_username`
 
-username for lexicon dns.
+username for namecheap dns api.
 
 REQUIRED
 
-#### `lexicon_token`
+#### `namecheap_api_key`
 
-token for lexicon user.
+token for namecheap api user.
 
 REQUIRED
 

manifests/params.pp

@@ -27,10 +27,10 @@ class acme_vault::params {
     $acme_repo_path = "${home_dir}/acme.sh"
     $acme_script    = "${acme_repo_path}/acme.sh"
 
-    # lexicon
+    # namecheap
-    $lexicon_provider   = undef
+    $namecheap_username = undef
-    $lexicon_username   = undef
+    $namecheap_api_key  = undef
-    $lexicon_token      = undef
+    $namecheap_sourceip = 127.0.0.1
 
     # settings for deploy
     $cert_destination_path = '/etc/acme'

manifests/request.pp

@@ -17,10 +17,9 @@ class acme_vault::request (
     $acme_repo_path     = $::acme_vault::params::acme_repo_path,
     $acme_script        = $::acme_vault::params::acme_script,
 
-    $lexicon_provider   = $::acme_vault::params::lexicon_provider,
+    $namecheap_username = $::acme_vault::params::namecheap_username,
-    $lexicon_username   = $::acme_vault::params::lexicon_username,
+    $namecheap_api_key  = $::acme_vault::params::namecheap_api_key,
-    $lexicon_token      = $::acme_vault::params::lexicon_token,
+    $namecheap_sourceip = $::acme_vault::params::namecheap_sourceip,
-
 
 ) inherits acme_vault::params {
 
@@ -28,17 +27,11 @@ class acme_vault::request (
 
     $request_bashrc_template = @(END)
 export TLDEXTRACT_CACHE=$HOME/.tld_set
-export PROVIDER=<%= @lexicon_provider %>
+export NAMECHEAP_USERNAME=<%= @namecheap_username %>
-export LEXICON_<%= @lexicon_provider.upcase %>_AUTH_USERNAME=<%= @lexicon_username %>
+export NAMECHEAP_API_KEY=<%= @namecheap_api_key %>
-export LEXICON_<%= @lexicon_provider.upcase %>_AUTH_TOKEN=<%= @lexicon_token %>
+export NAMECHEAP_SOURCEIP=<%= @namecheap_sourceip %>
 END
 
-    # install lexicon
-    ensure_packages(['dns-lexicon', 'PyNamecheap'], {
-      ensure   => present,
-      provider => 'pip',
-    })
-
     # variables in bashrc
     concat::fragment { 'request_bashrc':
       target  => "${home_dir}/.bashrc",

templates/domain.epp

@@ -9,7 +9,7 @@
 <% } else { -%>
 --server <%= $prod_url %> \
 <% } -%>
---dns dns_lexicon \
+--dns dns_namecheap \
 --dnssleep 1800 \
 --domain "<%= $domain %>" --challenge-alias <%= "$domain" %> \
 <% $domains.each |$d| {