From a9a5a117824a042b8e3318dcc3b3e322830e2f7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Fri, 2 Jul 2021 18:08:04 +0200
Subject: [PATCH] Setup certbot.

---
 manifests/setup.pp | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/manifests/setup.pp b/manifests/setup.pp
index 832edf4..a356e8e 100644
--- a/manifests/setup.pp
+++ b/manifests/setup.pp
@@ -76,6 +76,30 @@ class irc_bouncer::setup {
     args => ['saslauthd'],
   }
 
+
+  class { '::letsencrypt::plugin::dns2136':
+    server              => 'ns-master.lysator.liu.se',
+    keyname             => 'verdigris.lysator.liu.se',
+    key_algorithm       => 'HMAC-SHA256',
+    key_secret          => 'YHR7/5gOkdPF64GwWRu6Ge8jcjz8siqCWIy/G8FsVzw=',
+    propagation_seconds => 10,
+    manage_package      => true,
+  }
+  -> letsencrypt::certonly { $servername:
+    ensure  => 'present',
+    domains => [ $servername, ],
+    plugin  => 'dns-rfc2136'
+  }
+
+  # Allow world to read our certificates so znc can access them.
+  # In theory slightly unsafe, but noone else should have filesystem
+  # access.
+  file { ['/etc/letsencrypt/live',
+          '/etc/letsencrypt/archive', ]:
+    ensure => directory,
+    mode   => '0755',
+  }
+
   # exec { 'znc make pem':
   #   command => 'znc --datadir=/var/lib/znc --makepem',
   #   path    => '/usr/bin:/bin',
-- 
GitLab