Automatically update ssl-certificates

c00c7b81 · Henrik Henriksson · 2d61a012 · c00c7b81 · c00c7b81 · c00c7b81
Commit c00c7b81 authored May 7, 2019 by Henrik Henriksson
--- a/modules/insidan/manifests/certificates.pp
+++ b/modules/insidan/manifests/certificates.pp
@@ -6,10 +6,12 @@ class insidan::certificates {
  letsencrypt::certonly { 'insidan.holgerspexet.se':
    domains => [ 'insidan.holgerspexet.se',
                 'holgerspexet.lysator.liu.se',
-                 'holgerspexet.se',
-                 'www.holgerspexet.se',
               ],
+    manage_cron => true,
    suppress_cron_output => true,
-    cron_success_command => '/bin/systemctl restart nginx',
+    cron_hour  => '4',
+    cron_minute => '13',
+    pre_hook_commands => ['/bin/systemctl stop nginx',],
+    post_hook_commands => ['/bin/systemctl restart nginx',],
  }
 }
--- a/modules/insidan/manifests/openproject.pp
+++ b/modules/insidan/manifests/openproject.pp
@@ -41,10 +41,9 @@ class insidan::openproject {
  # Setup Nginx
  nginx::resource::server { 'insidan.holgerspexet.se':
+    require => [ Class['::insidan::certificates'], ],
    server_name => ['insidan.holgerspexet.se'],
    proxy => 'http://localhost:6000',

--- a/modules/wordpress/manifests/certificates.pp
+++ b/modules/wordpress/manifests/certificates.pp
+class wordpress::certificates {
+    class { '::letsencrypt':
+    email => 'hx@hx.ax', # Putting in my personal email for now
+  }
+  letsencrypt::certonly { 'holgerspexet.se':
+    domains => [ 'holgerspexet.se',
+                 'holgerspexet-public.lysator.liu.se',
+                 'www.holgerspexet.se',
+               ],
+    manage_cron => true,
+    suppress_cron_output => true,
+    cron_hour  => '4',
+    cron_minute => '17',
+    pre_hook_commands => ['/bin/systemctl stop apache',],
+    post_hook_commands => ['/bin/systemctl restart apache || true',],
+    # '||true' for initial bootstrap. pls fix
+  }
+}
--- a/modules/wordpress/manifests/init.pp
+++ b/modules/wordpress/manifests/init.pp
@@ -7,9 +7,12 @@ class wordpress {
    ensure => directory,
  }
+  include wordpress::certificates;
  class { 'apache':
    default_vhost => false,
    mpm_module    => 'prefork',
+    require => [ Class['::wordpress::certificates'], ],
  }
  include apache::mod::rewrite
@@ -66,18 +69,5 @@ class wordpress {
    redirect_status => 'permanent',
    redirect_dest => 'https://dev.holgerspexet.se',
  }
-  class { '::letsencrypt':
-    email => 'hx@hx.ax', # Putting in my personal email for now
 }
-  letsencrypt::certonly { 'holgerspexet.se':
-    domains => [ 'holgerspexet.se',
-                 'holgerspexet-public.lysator.liu.se',
-                 'www.holgerspexet.se',
-               ],
-    suppress_cron_output => true,
-    cron_success_command => '/bin/systemctl restart nginx',
-  }
-}