wmdeit-cf-wmdelib/lego.cf

#
#Lego
# 

bundle agent lego 
{
vars:
	"pkgs" slist => {
		"lego"
	};
	"exe" string => "/usr/bin/lego";
	"data_dir" string => "/etc/lego";
debian::
	"exe" string => "/usr/bin/lego";
	"data_dir" string => "/etc/lego";
	"pkgs" slist => {
		"lego","cron"
	};

freebsd::
	"exe" string => "/usr/local/bin/lego";
	"data_dir" string => "/usr/local/etc/lego";

}

bundle agent install_lego
{
methods:
	"any" usebundle => wmde_install_packages( @(lego.pkgs),"lego");
files:
	"$(lego.data_dir)/." 
		create => "true",
		perms => m("750"), 
		depends_on => {"lego_pkgs_installed"},
		handle => "lego_installed";
	
}


bundle agent lego_dns_cert(site)
{
vars:
	# command to read all domains a certificate contains
	"cert_test_cmd" string => "$(def.wmde_lib)/scripts/get-domains-from-cert.sh $(lego.data_dir)/certificates/$(site[domain]).crt";

	"ds" slist => {"$(site[domain])"};
	"domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases]))));
	"domains_txt" string => string_mustache("{{#-top-}}{{.}} {{/-top-}}",@(domains));
	"args" string => string_mustache(
			"-d {{domain}} {{#aliases}} -d {{.}} {{/aliases}}",
			@(site)
			);


	"current_domains_txt" string => execresult("/bin/sh $(cert_test_cmd)","useshell"),
		if => isvariable ("site[domain]"),
		handle=>"lego_current_domains_ready";

classes:
	"run_lego"
	expression => not (strcmp("$(current_domains_txt) ","$(domains_txt)")),
		depends_on => {"lego_current_domains_ready"};

files:
	"/etc/cron.d/lego-$(site[domain])"
		create => "true",
		content => "0 0 * * * root $(site[dnsapi][key]) $(lego.exe) --path $(lego.data_dir) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) $(site[lego_renew_raw]) renew $(site[lego_renew_raw2])", 
		depends_on => {"lego_installed"};
			

commands:
	run_lego::
		"$(site[dnsapi][key]) $(lego.exe) --path $(lego.data_dir) --accept-tos $(site[lego_raw]) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run"
		contain => wmde_cmd_useshell,
		depends_on => {"lego_installed"};

#		"$(certbot.exe)"
#		depends_on => {"certbot_installed","certbot_dry_run_ok"},
#		args => "certonly --agree-tos -n $(webroot_arg) --expand --email $(site[email]) $(args)";


reports:


#	"COMMAND: $(cert_test_cmd)";
#	"CMP: $(current_domains_txt) $(domains_txt)";

#	"LEG IS INSTALLED" depends_on => {"lego_installed"};


#	run_lego::
#		"$(lego.exe)";
#		"--path $(lego.data_dir) --accept-tos --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run";
		#depends_on => {"lego_installed"},
		

#	run_lego::
#		"MUST RUN LEGO";
#	!run_lego::
#		"MUST NOT RUN LEGO";
}
added cron, lego, lxc-host, mediawiki, nano, python, lxc-hooks.sh, postgres-create-db.sh, and multiple templates, renamed install-php-repo.sh to install-apt-repo.sh 2025-04-15 11:05:07 +00:00			`#`
			`#Lego`
			`#`

			`bundle agent lego`
			`{`
			`vars:`
			`"pkgs" slist => {`
			`"lego"`
			`};`
			`"exe" string => "/usr/bin/lego";`
			`"data_dir" string => "/etc/lego";`
			`debian::`
			`"exe" string => "/usr/bin/lego";`
			`"data_dir" string => "/etc/lego";`
			`"pkgs" slist => {`
			`"lego","cron"`
			`};`

			`freebsd::`
			`"exe" string => "/usr/local/bin/lego";`
			`"data_dir" string => "/usr/local/etc/lego";`

			`}`

			`bundle agent install_lego`
			`{`
			`methods:`
			`"any" usebundle => wmde_install_packages( @(lego.pkgs),"lego");`
			`files:`
			`"$(lego.data_dir)/."`
			`create => "true",`
			`perms => m("750"),`
			`depends_on => {"lego_pkgs_installed"},`
			`handle => "lego_installed";`

			`}`


			`bundle agent lego_dns_cert(site)`
			`{`
			`vars:`
			`# command to read all domains a certificate contains`
			`"cert_test_cmd" string => "$(def.wmde_lib)/scripts/get-domains-from-cert.sh $(lego.data_dir)/certificates/$(site[domain]).crt";`

			`"ds" slist => {"$(site[domain])"};`
			`"domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases]))));`
			`"domains_txt" string => string_mustache("{{#-top-}}{{.}} {{/-top-}}",@(domains));`
			`"args" string => string_mustache(`
			`"-d {{domain}} {{#aliases}} -d {{.}} {{/aliases}}",`
			`@(site)`
			`);`


			`"current_domains_txt" string => execresult("/bin/sh $(cert_test_cmd)","useshell"),`
			`if => isvariable ("site[domain]"),`
			`handle=>"lego_current_domains_ready";`

			`classes:`
			`"run_lego"`
			`expression => not (strcmp("$(current_domains_txt) ","$(domains_txt)")),`
			`depends_on => {"lego_current_domains_ready"};`

			`files:`
			`"/etc/cron.d/lego-$(site[domain])"`
			`create => "true",`
			`content => "0 0 * * * root $(site[dnsapi][key]) $(lego.exe) --path $(lego.data_dir) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) $(site[lego_renew_raw]) renew $(site[lego_renew_raw2])",`
			`depends_on => {"lego_installed"};`


			`commands:`
			`run_lego::`
			`"$(site[dnsapi][key]) $(lego.exe) --path $(lego.data_dir) --accept-tos $(site[lego_raw]) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run"`
			`contain => wmde_cmd_useshell,`
			`depends_on => {"lego_installed"};`

			`# "$(certbot.exe)"`
			`# depends_on => {"certbot_installed","certbot_dry_run_ok"},`
			`# args => "certonly --agree-tos -n $(webroot_arg) --expand --email $(site[email]) $(args)";`



			`reports:`



			`# "COMMAND: $(cert_test_cmd)";`
			`# "CMP: $(current_domains_txt) $(domains_txt)";`

			`# "LEG IS INSTALLED" depends_on => {"lego_installed"};`


			`# run_lego::`
			`# "$(lego.exe)";`
			`# "--path $(lego.data_dir) --accept-tos --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run";`
			`#depends_on => {"lego_installed"},`




			`# run_lego::`
			`# "MUST RUN LEGO";`
			`# !run_lego::`
			`# "MUST NOT RUN LEGO";`
			`}`