From 240680f63885aa689d3acfbe5e13b2e3a6c76259 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Fri, 2 Jul 2021 18:35:00 +0200
Subject: [PATCH] Document letsencrypt dns challenge.

---
 manifests/setup.pp | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/manifests/setup.pp b/manifests/setup.pp
index 0cfc792..638828c 100644
--- a/manifests/setup.pp
+++ b/manifests/setup.pp
@@ -47,6 +47,7 @@ class irc_bouncer::setup {
     ensure => directory,
     owner  => 'znc',
   }
+
   # vcsrepo { '/var/lib/znc/znc-lysator':
   #   ensure   => latest,
   #   provider => git,
@@ -76,6 +77,15 @@ class irc_bouncer::setup {
     args => ['saslauthd'],
   }
 
+  # Letsencrypt challenge is done through DNS since the ZNC webserver
+  # is to inflexible, and I neither want to front it just for certs,
+  # and I don't want to stop ZNC just for updating certs.
+
+  # https://certbot-dns-rfc2136.readthedocs.io/en/stable/
+
+  # Secret is manually generated on the nameserver, and placed in the
+  # appropriate dns config file.
+  # $ tsig-keygen -a hmac-sha256 verdigris.lysator.liu.se
 
   class { '::letsencrypt':
     config  => {
@@ -107,13 +117,6 @@ class irc_bouncer::setup {
     mode   => '0755',
   }
 
-  # exec { 'znc make pem':
-  #   command => 'znc --datadir=/var/lib/znc --makepem',
-  #   path    => '/usr/bin:/bin',
-  #   user    => 'znc',
-  #   onlyif  => 'test ! -f /var/lib/znc/znc.pem',
-  # }
-
   file { '/var/lib/znc/moddata/cyrusauth/.registry':
     ensure  => file,
     content => "CreateUser true\n",
-- 
GitLab