Puppet Function: profile::postfix::acme_chief_cert

Defined in:
modules/profile/functions/postfix/acme_chief_cert.pp
Function type:
Puppet Language

Overview

profile::postfix::acme_chief_cert(Stdlib::Host $acme_chief_host, String[1] $cert, String[1] $tls_key_type)Type[Concat]

SPDX-License-Identifier: Apache-2.0

Builds a TLS cert in the order of key + cert + chain, which is required by Postfix for smtpd_tls_chain_files. Returns a Concat resource of the file path to be created.

[1]: www.postfix.org/postconf.5.html#smtpd_tls_chain_files:~:text=smtpd_tls_chain_files%20(default%3A%20empty)

Parameters:

  • acme_chief_host (Stdlib::Host)
  • cert (String[1])
  • tls_key_type (String[1])

Returns:

  • (Type[Concat]) 


8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'modules/profile/functions/postfix/acme_chief_cert.pp', line 8

function profile::postfix::acme_chief_cert(
    Stdlib::Host $acme_chief_host,
    String[1]    $cert,
    String[1]    $tls_key_type,
) >> Type[Concat] {
    require acme_chief

    $path = "/etc/ssl/private/${cert}.${tls_key_type}.crt"
    $cert_rsc =
        concat { $path:
            path      => $path,
            show_diff => false,
            backup    => false,
            mode      => '0400',
        }
    $src_base = "${acme_chief_host}/acmedata/${cert}/live"
    # lint:ignore:puppet_url_without_modules
    concat::fragment { "${cert}-${tls_key_type}-private-key":
        target => $path,
        order  => '01',
        source => "puppet://${src_base}/${tls_key_type}.key",
    }
    concat::fragment { "${cert}-${tls_key_type}-public-key":
        target => $path,
        order  => '02',
        source => "puppet://${src_base}/${tls_key_type}.crt",
    }
    concat::fragment { "${cert}-${tls_key_type}-public-chain":
        target => $path,
        order  => '03',
        source => "puppet://${src_base}/${tls_key_type}.chain.crt",
    }
    # lint:endignore
    $cert_rsc[0]
}