35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
# File 'modules/profile/manifests/acme_chief.pp', line 35
class profile::acme_chief (
Hash[String, Hash[String, String]] $accounts = lookup('profile::acme_chief::accounts'),
Hash[String, Acme_chief::Certificate] $certificates = lookup('profile::acme_chief::certificates'),
Hash[String, Acme_chief::Certificate] $shared_acme_certificates = lookup('shared_acme_certificates', {default_value => {}}),
Hash[String, Hash[String, Any]] $challenges = lookup('profile::acme_chief::challenges'),
String $http_proxy = lookup('http_proxy'),
String $active_host = lookup('profile::acme_chief::active'),
String $passive_host = lookup('profile::acme_chief::passive'),
Hash[Stdlib::Fqdn, Stdlib::IP::Address::Nosubnet] $authdns_servers = lookup('authdns_servers'),
Integer $watchdog_sec = lookup('profile::acme_chief::watchdog_sec', {default_value => 600}),
) {
$internal_domains = ['wmnet']
$acme_chief_certificates = $certificates + $shared_acme_certificates
$acme_chief_certificates.each |$cert, $config| {
if $config['CN'].stdlib::end_with($internal_domains) {
fail("${cert} CN (${config['CN']}) contains internal domain")
}
$config['SNI'].each |$sni| {
if $sni.stdlib::end_with($internal_domains) {
fail("${cert} SNI (${sni}) contains internal domain")
}
}
}
class { '::acme_chief::server':
accounts => $accounts,
certificates => $acme_chief_certificates,
challenges => $challenges,
http_proxy => $http_proxy,
active_host => $active_host,
passive_host => $passive_host,
authdns_hosts => $authdns_servers.keys(),
watchdog_sec => $watchdog_sec,
}
}
|