wmdeit-cf-wmdelib/lego.cf

#
#Lego
# 

bundle agent lego 
{
	vars:
		"pkgs" slist => {
			"lego"
		};
		"exe" string => "/usr/bin/lego";
		"data_dir" string => "/etc/lego";
		debian::
			"exe" string => "/usr/bin/lego";
			"data_dir" string => "/etc/lego";
			"pkgs" slist => {
				"lego","cron"
			};

		freebsd::
			"exe" string => "/usr/local/bin/lego";
			"data_dir" string => "/usr/local/etc/lego";
}

bundle agent install_lego
{
	methods:
		"any" usebundle => wmde_install_packages( @(lego.pkgs),"lego");
	files:
		"$(lego.data_dir)/." 
			create => "true",
			perms => m("750"), 
			depends_on => {"lego_pkgs_installed"},
			handle => "lego_installed";
}

bundle agent lego_dns_certs(sites)
{
	vars:
		"idx"
			slist		=> getindices(@(sites));
	methods:
		"$(idx)"
			usebundle	=> lego_dns_cert(@(sites[$(idx)]));
}

bundle agent lego_dns_cert(site)
{
	vars:
		# command to read all domains a certificate contains
		"cert_test_cmd" string => "$(def.wmde_lib)/scripts/get-domains-from-cert.sh $(lego.data_dir)/certificates/$(site[domain]).crt";

		"ds" slist => {"$(site[domain])"};
		"domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases]))));
		"domains_txt" string => string_mustache("{{#-top-}}{{.}} {{/-top-}}",@(domains));
		"args" string => string_mustache(
				"-d {{domain}} {{#aliases}} -d {{.}} {{/aliases}}",
				@(site)
				);


		"current_domains_txt" string => execresult("/bin/sh $(cert_test_cmd)","useshell"),
			if => isvariable ("site[domain]"),
			handle=>"lego_current_domains_ready";

		"site_domain" string => string_replace(string_replace("$(site[domain])", "-", "_"), ".", "_");

		"site_options"
			data	=> mergedata( "site", parsejson('{ "lego_bin": "$(lego.exe)", "lego_data_dir": "$(lego.data_dir)" }') ),
			handle	=> "site_options_ready";

	classes:
		"run_lego"
			expression => not (strcmp("$(current_domains_txt) ","$(domains_txt)")),
			depends_on => {"lego_current_domains_ready"};

	files:
		"/etc/cron.d/lego_$(site_domain)"
			create => "true",
			content => "# Managed by CFEngine
$(site[dnsapi][key])
0 0 * * * root $(lego.exe) --path $(lego.data_dir) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) $(site[lego_renew_raw]) renew $(site[lego_renew_raw2])
", 
			depends_on => {"lego_installed"};
		systemd::
			"/etc/systemd/system/lego_$(site_domain).timer"
				perms		=> mog('644','root','root'),
				copy_from	=> local_cp("$(sys.workdir)/inputs/wmdelib/templates/lego.timer.txt"),
				depends_on	=> { "lego_installed" },
				classes		=> if_repaired( "systemd_timer_units" ),
				handle		=> "systemd_timer_$(site_domain)_copied";
			"/etc/systemd/system/lego_$(site_domain).service"
				perms		=> mog('644','root','root'),
				edit_template	=> "$(sys.workdir)/inputs/wmdelib/templates/lego.service.txt",
				template_data	=> @{site_options},
				template_method	=> "mustache",
				depends_on	=> { "lego_installed", "site_options_ready" },
				classes		=> if_repaired( "systemd_service_units" ),
				handle		=> "systemd_service_$(site_domain)_copied";
			"/etc/lego/hosting.de.env"
				content		=> "$(site[dnsapi][key])",
				perms		=> mog( "0600", "root", "root"),
				depends_on	=> { "lego_installed" };

	commands:
		run_lego::
			"$(site[dnsapi][key]) $(lego.exe) --path $(lego.data_dir) --accept-tos $(site[lego_raw]) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run"
			contain => wmde_cmd_useshell,
			depends_on => {"lego_installed"};

		systemd_timer_units|systemd_service_units::
			"/usr/bin/systemctl"
				args	=> "daemon-reload";

	services:
		systemd::
			"lego_$(site_domain).timer"
					service_policy	=> "start",
					service_method	=> generic_systemd_at_boot,
					depends_on		=> { "systemd_timer_$(site_domain)_copied" };

	reports:
#		"COMMAND: $(cert_test_cmd)";
#		"CMP: $(current_domains_txt) $(domains_txt)";

#		"LEG IS INSTALLED" depends_on => {"lego_installed"};


#		run_lego::
#			"$(lego.exe)";
#			"--path $(lego.data_dir) --accept-tos --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run";
#			depends_on => {"lego_installed"},

#	run_lego::
#		"MUST RUN LEGO";
#	!run_lego::
#		"MUST NOT RUN LEGO";
}
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00			`#`
			`#Lego`
			`#`

			`bundle agent lego`
			`{`
Notcommit 2025-11-11 09:43:35 +00:00			`vars:`
			`"pkgs" slist => {`
			`"lego"`
			`};`
			`"exe" string => "/usr/bin/lego";`
			`"data_dir" string => "/etc/lego";`
			`debian::`
			`"exe" string => "/usr/bin/lego";`
			`"data_dir" string => "/etc/lego";`
			`"pkgs" slist => {`
			`"lego","cron"`
			`};`

			`freebsd::`
			`"exe" string => "/usr/local/bin/lego";`
			`"data_dir" string => "/usr/local/etc/lego";`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00			`}`

			`bundle agent install_lego`
			`{`
Notcommit 2025-11-11 09:43:35 +00:00			`methods:`
			`"any" usebundle => wmde_install_packages( @(lego.pkgs),"lego");`
			`files:`
			`"$(lego.data_dir)/."`
			`create => "true",`
			`perms => m("750"),`
			`depends_on => {"lego_pkgs_installed"},`
			`handle => "lego_installed";`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00			`}`

Notcommit 2025-11-11 09:43:35 +00:00			`bundle agent lego_dns_certs(sites)`
			`{`
			`vars:`
			`"idx"`
			`slist => getindices(@(sites));`
			`methods:`
			`"$(idx)"`
			`usebundle => lego_dns_cert(@(sites[$(idx)]));`
			`}`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00
			`bundle agent lego_dns_cert(site)`
			`{`
Notcommit 2025-11-11 09:43:35 +00:00			`vars:`
			`# command to read all domains a certificate contains`
			`"cert_test_cmd" string => "$(def.wmde_lib)/scripts/get-domains-from-cert.sh $(lego.data_dir)/certificates/$(site[domain]).crt";`

			`"ds" slist => {"$(site[domain])"};`
			`"domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases]))));`
			`"domains_txt" string => string_mustache("{{#-top-}}{{.}} {{/-top-}}",@(domains));`
			`"args" string => string_mustache(`
			`"-d {{domain}} {{#aliases}} -d {{.}} {{/aliases}}",`
			`@(site)`
			`);`


			`"current_domains_txt" string => execresult("/bin/sh $(cert_test_cmd)","useshell"),`
			`if => isvariable ("site[domain]"),`
			`handle=>"lego_current_domains_ready";`

			`"site_domain" string => string_replace(string_replace("$(site[domain])", "-", "_"), ".", "_");`

			`"site_options"`
			`data => mergedata( "site", parsejson('{ "lego_bin": "$(lego.exe)", "lego_data_dir": "$(lego.data_dir)" }') ),`
			`handle => "site_options_ready";`

			`classes:`
			`"run_lego"`
			`expression => not (strcmp("$(current_domains_txt) ","$(domains_txt)")),`
			`depends_on => {"lego_current_domains_ready"};`

			`files:`
			`"/etc/cron.d/lego_$(site_domain)"`
			`create => "true",`
			`content => "# Managed by CFEngine`
			`$(site[dnsapi][key])`
			`0 0 * * * root $(lego.exe) --path $(lego.data_dir) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) $(site[lego_renew_raw]) renew $(site[lego_renew_raw2])`
			`",`
			`depends_on => {"lego_installed"};`
			`systemd::`
			`"/etc/systemd/system/lego_$(site_domain).timer"`
			`perms => mog('644','root','root'),`
			`copy_from => local_cp("$(sys.workdir)/inputs/wmdelib/templates/lego.timer.txt"),`
			`depends_on => { "lego_installed" },`
			`classes => if_repaired( "systemd_timer_units" ),`
			`handle => "systemd_timer_$(site_domain)_copied";`
			`"/etc/systemd/system/lego_$(site_domain).service"`
			`perms => mog('644','root','root'),`
			`edit_template => "$(sys.workdir)/inputs/wmdelib/templates/lego.service.txt",`
			`template_data => @{site_options},`
			`template_method => "mustache",`
			`depends_on => { "lego_installed", "site_options_ready" },`
			`classes => if_repaired( "systemd_service_units" ),`
			`handle => "systemd_service_$(site_domain)_copied";`
			`"/etc/lego/hosting.de.env"`
			`content => "$(site[dnsapi][key])",`
			`perms => mog( "0600", "root", "root"),`
			`depends_on => { "lego_installed" };`

			`commands:`
			`run_lego::`
			`"$(site[dnsapi][key]) $(lego.exe) --path $(lego.data_dir) --accept-tos $(site[lego_raw]) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run"`
			`contain => wmde_cmd_useshell,`
			`depends_on => {"lego_installed"};`

			`systemd_timer_units\|systemd_service_units::`
			`"/usr/bin/systemctl"`
			`args => "daemon-reload";`

			`services:`
			`systemd::`
			`"lego_$(site_domain).timer"`
			`service_policy => "start",`
			`service_method => generic_systemd_at_boot,`
			`depends_on => { "systemd_timer_$(site_domain)_copied" };`

			`reports:`
			`# "COMMAND: $(cert_test_cmd)";`
			`# "CMP: $(current_domains_txt) $(domains_txt)";`

			`# "LEG IS INSTALLED" depends_on => {"lego_installed"};`


			`# run_lego::`
			`# "$(lego.exe)";`
			`# "--path $(lego.data_dir) --accept-tos --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run";`
			`# depends_on => {"lego_installed"},`
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00
			`# run_lego::`
			`# "MUST RUN LEGO";`
			`# !run_lego::`
			`# "MUST NOT RUN LEGO";`
			`}`