mirror of
https://github.com/krislamo/puppet-acme_vault
synced 2024-11-09 20:30:36 +00:00
Kris Lamoureux
8d80daa9a7
- Added comprehensive documentation for all Puppet classes - Applied bash linting and made minor improvements to check_cert.sh - Updated domain issue cron to source the .bashrc file - Implemented small changes to address Puppet linting issues
74 lines
3.1 KiB
ObjectPascal
74 lines
3.1 KiB
ObjectPascal
# acme_vault::params
|
|
#
|
|
# This class defines the default parameters for the acme_vault module.
|
|
# It includes settings for the acme user, authentication, staging and production URLs,
|
|
# repository paths, Namecheap configuration, and deployment settings.
|
|
#
|
|
# @param user The system user for the acme_vault module.
|
|
# @param group The system group for the acme_vault module.
|
|
# @param group_members Members of the acme_vault group.
|
|
# @param home_dir The home directory for the acme_vault user.
|
|
# @param contact_email The contact email address for Let's Encrypt notifications.
|
|
# @param domains The list of domain names for which certificates will be requested and managed.
|
|
# @param overrides A list of challenge-alias overrides. Defaults to the domain itself.
|
|
#
|
|
# @param vault_token HashiCorp Vault authentication token.
|
|
# @param vault_addr HashiCorp Vault server address.
|
|
# @param vault_bin Path to the HashiCorp Vault binary.
|
|
# @param vault_prefix The path prefix in Vault where Let's Encrypt secrets are stored.
|
|
#
|
|
# @param staging Whether to use the Let's Encrypt staging environment.
|
|
# @param staging_url Let's Encrypt staging environment API URL.
|
|
# @param prod_url Let's Encrypt production environment API URL.
|
|
#
|
|
# @param acme_revision The revision of the acme.sh script to use.
|
|
# @param acme_repo_path The path to the acme.sh repository.
|
|
# @param acme_script The path to the acme.sh script within the repository.
|
|
#
|
|
# @param namecheap_username Namecheap account username for DNS API.
|
|
# @param namecheap_api_key Namecheap API key.
|
|
# @param namecheap_sourceip The source IP address for Namecheap API requests.
|
|
#
|
|
# @param cert_destination_path The directory where certificates will be deployed on the filesystem.
|
|
# @param deploy_scripts The directory where deployment scripts will be stored.
|
|
# @param restart_method The command to run after certificate deployment (e.g., to restart dependent services).
|
|
#
|
|
class acme_vault::params {
|
|
# settings for acme user
|
|
$user = 'acme'
|
|
$group = 'acme'
|
|
$group_members = []
|
|
$home_dir = '/home/acme_vault'
|
|
$contact_email = ''
|
|
$domains = undef
|
|
# overrides is a list of challenge-alias overrides. It defaults to the domain itself.
|
|
# see https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode
|
|
$overrides = {}
|
|
|
|
# authentication
|
|
$vault_token = undef
|
|
$vault_addr = undef
|
|
$vault_bin = '/usr/local/bin/vault'
|
|
|
|
$vault_prefix = '/secret/letsencrypt/'
|
|
|
|
# whether to use the letsencrypt staging url, set those urls
|
|
$staging = false
|
|
$staging_url = 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
|
$prod_url = 'https://acme-v02.api.letsencrypt.org/directory'
|
|
|
|
$acme_revision = 'HEAD'
|
|
$acme_repo_path = "${home_dir}/acme.sh"
|
|
$acme_script = "${acme_repo_path}/acme.sh"
|
|
|
|
# namecheap
|
|
$namecheap_username = undef
|
|
$namecheap_api_key = undef
|
|
$namecheap_sourceip = '127.0.0.1'
|
|
|
|
# settings for deploy
|
|
$cert_destination_path = '/etc/acme'
|
|
$deploy_scripts = "${cert_destination_path}/deploy.d"
|
|
$restart_method = "for f in ${deploy_scripts}/*.sh; do \"\$f\"; done"
|
|
}
|