WMDE
/
wmdeit-cf-wmdelib
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
wmdeit-cf-wmdelib/lego.cf

139 lines
4.0 KiB
CFEngine3
Raw Blame History

#
#Lego
#
bundle agent lego
{
vars:
"pkgs" slist => {
"lego"
};
"exe" string => "/usr/bin/lego";
"data_dir" string => "/etc/lego";
debian::
"exe" string => "/usr/bin/lego";
"data_dir" string => "/etc/lego";
"pkgs" slist => {
"lego","cron"
};
freebsd::
"exe" string => "/usr/local/bin/lego";
"data_dir" string => "/usr/local/etc/lego";
}
bundle agent install_lego
{
methods:
"any" usebundle => wmde_install_packages( @(lego.pkgs),"lego");
files:
"$(lego.data_dir)/."
create => "true",
perms => m("750"),
depends_on => {"lego_pkgs_installed"},
handle => "lego_installed";
}
bundle agent lego_dns_certs(sites)
{
vars:
"idx"
slist => getindices(@(sites));
methods:
"$(idx)"
usebundle => lego_dns_cert(@(sites[$(idx)]));
}
bundle agent lego_dns_cert(site)
{
vars:
# command to read all domains a certificate contains
"cert_test_cmd" string => "$(def.wmde_lib)/scripts/get-domains-from-cert.sh $(lego.data_dir)/certificates/$(site[domain]).crt";
"ds" slist => {"$(site[domain])"};
"domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases]))));
"domains_txt" string => string_mustache("{{#-top-}}{{.}} {{/-top-}}",@(domains));
"args" string => string_mustache(
"-d {{domain}} {{#aliases}} -d {{.}} {{/aliases}}",
@(site)
);
"current_domains_txt" string => execresult("/bin/sh $(cert_test_cmd)","useshell"),
if => isvariable ("site[domain]"),
handle=>"lego_current_domains_ready";
"site_domain" string => string_replace(string_replace("$(site[domain])", "-", "_"), ".", "_");
"site_options"
data => mergedata( "site", parsejson('{ "lego_bin": "$(lego.exe)", "lego_data_dir": "$(lego.data_dir)" }') ),
handle => "site_options_ready";
classes:
"run_lego"
expression => not (strcmp("$(current_domains_txt) ","$(domains_txt)")),
depends_on => {"lego_current_domains_ready"};
files:
"/etc/cron.d/lego_$(site_domain)"
create => "true",
content => "# Managed by CFEngine
$(site[dnsapi][key])
0 0 * * * root $(lego.exe) --path $(lego.data_dir) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) $(site[lego_renew_raw]) renew $(site[lego_renew_raw2])
",
depends_on => {"lego_installed"};
systemd::
"/etc/systemd/system/lego_$(site_domain).timer"
perms => mog('644','root','root'),
copy_from => local_cp("$(sys.workdir)/inputs/wmdelib/templates/lego.timer.txt"),
depends_on => { "lego_installed" },
classes => if_repaired( "systemd_timer_units" ),
handle => "systemd_timer_$(site_domain)_copied";
"/etc/systemd/system/lego_$(site_domain).service"
perms => mog('644','root','root'),
edit_template => "$(sys.workdir)/inputs/wmdelib/templates/lego.service.txt",
template_data => @{site_options},
template_method => "mustache",
depends_on => { "lego_installed", "site_options_ready" },
classes => if_repaired( "systemd_service_units" ),
handle => "systemd_service_$(site_domain)_copied";
"/etc/lego/hosting.de.env"
content => "$(site[dnsapi][key])",
perms => mog( "0600", "root", "root"),
depends_on => { "lego_installed" };
commands:
run_lego::
"$(site[dnsapi][key]) $(lego.exe) --path $(lego.data_dir) --accept-tos $(site[lego_raw]) --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run"
contain => wmde_cmd_useshell,
depends_on => {"lego_installed"};
systemd_timer_units|systemd_service_units::
"/usr/bin/systemctl"
args => "daemon-reload";
services:
systemd::
"lego_$(site_domain).timer"
service_policy => "start",
service_method => generic_systemd_at_boot,
depends_on => { "systemd_timer_$(site_domain)_copied" };
reports:
# "COMMAND: $(cert_test_cmd)";
# "CMP: $(current_domains_txt) $(domains_txt)";
# "LEG IS INSTALLED" depends_on => {"lego_installed"};
# run_lego::
# "$(lego.exe)";
# "--path $(lego.data_dir) --accept-tos --email $(site[email]) --dns $(site[dnsapi][provider]) $(args) run";
# depends_on => {"lego_installed"},
# run_lego::
# "MUST RUN LEGO";
# !run_lego::
# "MUST NOT RUN LEGO";
}
Reference in New Issue View Git Blame Copy Permalink