From c00c7b81b8d9858703377a900baf64e28aca692a Mon Sep 17 00:00:00 2001 From: Henrik Henriksson <hx@hx.ax> Date: Tue, 7 May 2019 19:45:27 +0200 Subject: [PATCH] Automatically update ssl-certificates --- modules/insidan/manifests/certificates.pp | 8 +++++--- modules/insidan/manifests/openproject.pp | 3 +-- modules/wordpress/manifests/certificates.pp | 19 +++++++++++++++++++ modules/wordpress/manifests/init.pp | 18 ++++-------------- 4 files changed, 29 insertions(+), 19 deletions(-) create mode 100644 modules/wordpress/manifests/certificates.pp diff --git a/modules/insidan/manifests/certificates.pp b/modules/insidan/manifests/certificates.pp index 06ddbf2..37e4664 100644 --- a/modules/insidan/manifests/certificates.pp +++ b/modules/insidan/manifests/certificates.pp @@ -6,10 +6,12 @@ class insidan::certificates { letsencrypt::certonly { 'insidan.holgerspexet.se': domains => [ 'insidan.holgerspexet.se', 'holgerspexet.lysator.liu.se', - 'holgerspexet.se', - 'www.holgerspexet.se', ], + manage_cron => true, suppress_cron_output => true, - cron_success_command => '/bin/systemctl restart nginx', + cron_hour => '4', + cron_minute => '13', + pre_hook_commands => ['/bin/systemctl stop nginx',], + post_hook_commands => ['/bin/systemctl restart nginx',], } } diff --git a/modules/insidan/manifests/openproject.pp b/modules/insidan/manifests/openproject.pp index c441a34..0497382 100644 --- a/modules/insidan/manifests/openproject.pp +++ b/modules/insidan/manifests/openproject.pp @@ -41,10 +41,9 @@ class insidan::openproject { - - # Setup Nginx nginx::resource::server { 'insidan.holgerspexet.se': + require => [ Class['::insidan::certificates'], ], server_name => ['insidan.holgerspexet.se'], proxy => 'http://localhost:6000', diff --git a/modules/wordpress/manifests/certificates.pp b/modules/wordpress/manifests/certificates.pp new file mode 100644 index 0000000..b31f7ca --- /dev/null +++ b/modules/wordpress/manifests/certificates.pp @@ -0,0 +1,19 @@ +class wordpress::certificates { + class { '::letsencrypt': + email => 'hx@hx.ax', # Putting in my personal email for now + } + + letsencrypt::certonly { 'holgerspexet.se': + domains => [ 'holgerspexet.se', + 'holgerspexet-public.lysator.liu.se', + 'www.holgerspexet.se', + ], + manage_cron => true, + suppress_cron_output => true, + cron_hour => '4', + cron_minute => '17', + pre_hook_commands => ['/bin/systemctl stop apache',], + post_hook_commands => ['/bin/systemctl restart apache || true',], + # '||true' for initial bootstrap. pls fix + } +} diff --git a/modules/wordpress/manifests/init.pp b/modules/wordpress/manifests/init.pp index 7a1735c..128ede5 100644 --- a/modules/wordpress/manifests/init.pp +++ b/modules/wordpress/manifests/init.pp @@ -7,9 +7,12 @@ class wordpress { ensure => directory, } + include wordpress::certificates; + class { 'apache': default_vhost => false, mpm_module => 'prefork', + require => [ Class['::wordpress::certificates'], ], } include apache::mod::rewrite @@ -66,18 +69,5 @@ class wordpress { redirect_status => 'permanent', redirect_dest => 'https://dev.holgerspexet.se', } - - - class { '::letsencrypt': - email => 'hx@hx.ax', # Putting in my personal email for now - } - - letsencrypt::certonly { 'holgerspexet.se': - domains => [ 'holgerspexet.se', - 'holgerspexet-public.lysator.liu.se', - 'www.holgerspexet.se', - ], - suppress_cron_output => true, - cron_success_command => '/bin/systemctl restart nginx', - } } + -- GitLab