Puppet Class: dehydrated::params

Inherited by:
dehydrated
Defined in:
manifests/params.pp

Summary

A short summary of the purpose of this class

Overview

A description of what this class does

Examples:

include dehydrated::params


8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
# File 'manifests/params.pp', line 8

class dehydrated::params {
  # OS settings
  case $facts['kernel'] {
    'windows' : {
      $puppet_user = $facts.dig('identity', 'user')
      $puppet_group = undef
      $user = undef
      $group = undef
      $base_dir = 'C:/LE_certs'
      $manage_user = false
      if ($facts['puppet_vardir'] =~ /\/tmp\/.*/) {
        # this is a hack for running rspec for windows on a linux host
        # :(
        $puppet_vardir = 'C:/ProgramData/PuppetLabs/puppet/var'
      } else {
        # puppet_vardir is a "windows" path
        $puppet_vardir = regsubst($facts['puppet_vardir'], '\\\\', '/', 'G')
      }
      $path_seperator = '/'
      $packages = []
      $manage_packages = false
      $dehydrated_user = undef
      $dehydrated_group = undef
      $pki_packages = []
      $dehydrated_host_packages = []
      $build_pfx_files = true
    }
    'Linux' : {
      $puppet_user = pick(
        $facts.dig('identity', 'user'),
        $facts.dig('user'),
        'root'
      )
      $puppet_group = pick(
        $facts.dig('identity', 'group'),
        $facts.dig('group'),
        'root'
      )
      $user = $puppet_user
      case $user {
        'root' : {
          $group = 'dehydrated'
          $dehydrated_user = 'dehydrated'
          $manage_user = true
        }
        default : {
          $group = $puppet_group
          $dehydrated_user = $user
          $manage_user = false
        }
      }
      $dehydrated_group = $group
      $path_seperator = '/'
      case $facts['os']['family'] {
        'Debian' : {
          # only in unstable :(
          #$pki_packages = ['pki-base']
          $pki_packages = []
          $base_dir = '/etc/dehydrated'
        }
        default: {
          $pki_packages = []
          $base_dir = '/etc/pki/dehydrated'
        }
      }
      $puppet_vardir = $facts['puppet_vardir']
      $packages = ['git', 'openssl']
      $manage_packages = true
      $dehydrated_host_packages = ['jq']
      $build_pfx_files = false
    }
    default : { fail('Your OS is not supported!') }
  }

  $configdir = join([$puppet_vardir, 'bzed-dehydrated'], $path_seperator)
  $configfile = join([$configdir, 'config.json'], $path_seperator)
  $domainfile = join([$configdir, 'domains.json'], $path_seperator)

  # letsencrypt settings
  $letsencrypt_ca = 'v2-production'
  $letsencrypt_cas = {
    'production' => {
      'url'  => 'https://acme-v01.api.letsencrypt.org/directory',
      'hash' => 'aHR0cHM6Ly9hY21lLXYwMS5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo',
    },
    'staging'    => {
      'url'  => 'https://acme-staging.api.letsencrypt.org/directory',
      'hash' => 'aHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9kaXJlY3RvcnkK',
    },
    'v2-production' => {
      'url'  => 'https://acme-v02.api.letsencrypt.org/directory',
      'hash' => 'aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo',
    },
    'v2-staging'    => {
      'url'  => 'https://acme-staging-v02.api.letsencrypt.org/directory',
      'hash' => 'aHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvZGlyZWN0b3J5Cg',
    },
  }

  #ssl settings
  $dh_param_size = 2048
  $challengetype = 'dns-01'
  $algorithm = 'rsa'
  $key_size = 3072 # for rsa only

  # dehydrated setting
  $dehydrated_git_url = 'https://github.com/dehydrated-io/dehydrated.git'
  $dehydrated_git_tag = 'v0.7.1'

  $dehydrated_base_dir = '/opt/dehydrated'

  $dehydrated_puppetmaster = $server_facts['servername']
  $dehydrated_host = $dehydrated_puppetmaster

  $dehydrated_environment = {}
  $dehydrated_domain_validation_hook = undef

  $dehydrated_contact_email = undef

  $preferred_chain = undef
}