X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fprofile%2Fmanifests%2Fapache.pp;h=382633bb3f8c60d802356b43ce973d019066db91;hb=f25ad097f24e0d39d5dd9ac2cef39760e671e08f;hp=605b7014c14b2c7b351ede5ab9252915333ffe60;hpb=5be7de41fe02fe60fbbac530e6729f74e206aea3;p=perso%2FImmae%2FProjets%2FPuppet.git

diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp
index 605b701..382633b 100644
--- a/modules/profile/manifests/apache.pp
+++ b/modules/profile/manifests/apache.pp
@@ -49,11 +49,17 @@ class profile::apache {
     ]
   }
 
+  exec { 'Start-apache':
+    command => "/usr/bin/systemctl start httpd",
+    before  => Class["::letsencrypt"],
+    unless  => "/usr/bin/systemctl is-active httpd",
+  }
+
   $letsencrypt_certonly_default = {
     plugin        => "webroot",
     webroot_paths => ["/srv/http/"],
     notify        => Class['Apache::Service'],
-    require       => [Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]],
+    require       => [Exec['Start-apache'],Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]],
     manage_cron   => true,
   }
 
@@ -61,13 +67,12 @@ class profile::apache {
     install_method  => "package",
     package_name    => "certbot",
     package_command => "certbot",
-    # FIXME
-    email           => 'sites+letsencrypt@mail.immae.eu',
+    email           => lookup('letsencrypt::email'),
   }
 
-  $real_hostname = lookup("base_installation::real_hostname") |$key| { {} }
+  $real_hostname = lookup("base_installation::real_hostname", { "default_value" => undef })
   unless empty($real_hostname) {
-    if (lookup("ssl::try_letsencrypt_for_real_hostname") |$key| { true }) {
+    if (lookup("letsencrypt::try_for_real_hostname", { "default_value" => true })) {
       letsencrypt::certonly { $real_hostname:
         before => Apache::Vhost["default_ssl"];
         default: * => $::profile::apache::letsencrypt_certonly_default;
@@ -104,6 +109,14 @@ class profile::apache {
     }
   }
 
+  lookup("letsencrypt::hosts", { "default_value" => [] }).each |$host| {
+    if ($host != $real_hostname) { # Done above already
+      letsencrypt::certonly { $host: ;
+        default: * => $letsencrypt_certonly_default;
+      }
+    }
+  }
+
   apache::vhost { "redirect_no_ssl":
     port          => '80',
     error_log     => false,