new type: __letsencrypt_cert (#591)

cdist/conf/type/__letsencrypt_cert/explorer/exists

@@ -0,0 +1,5 @@
+domain=$__object_id
+
+if [ -f "/etc/letsencrypt/live/$domain/fullchain.pem" ]; then
+   echo yes
+fi

cdist/conf/type/__letsencrypt_cert/gencode-remote

@@ -0,0 +1,18 @@
+domain="$__object_id"
+
+exists=$(cat "$__object/explorer/exists")
+webroot="$(cat "$__object/parameter/webroot")"
+admin_email="$(cat "$__object/parameter/admin-email")"
+
+if [ -n "$exists" ]; then
+	exit 0
+fi
+
+cat <<EOF
+if [ ! -d "$webroot" ]; then
+	mkdir -p "$webroot"
+fi
+
+certbot certonly -n --agree-tos --email '$admin_email' --quiet --webroot \
+	-w '$webroot' -d '$domain'
+EOF

cdist/conf/type/__letsencrypt_cert/man.rst

@@ -0,0 +1,46 @@
+cdist-type__letsencrypt_cert(7)
+===============================
+
+NAME
+----
+cdist-type__letsencrypt_cert - Get an SSL certificate from Let's Encrypt
+
+
+DESCRIPTION
+-----------
+Automatically obtain a Let's Encrypt SSL certificate. Uses certbot's webroot
+method. You must set up your web server to work with webroot.
+
+
+REQUIRED PARAMETERS
+-------------------
+webroot
+   The path to your webroot, as set up in your webserver config.
+
+
+OPTIONAL PARAMETERS
+-------------------
+admin-email
+   Where to send Let's Encrypt emails like "certificate needs renewal". Defaults to root@localhost.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    __letsencrypt_cert example.com --webroot /data/letsencrypt/root
+
+
+AUTHORS
+-------
+Nico Schottelius <nico-cdist--@--schottelius.org>
+Kamila Součková <kamila--@--ksp.sk>
+
+
+COPYING
+-------
+Copyright \(C) 2017 Nico Schottelius, Kamila Součková. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.

cdist/conf/type/__letsencrypt_cert/manifest

@@ -0,0 +1,62 @@
+os=$(cat "$__global/explorer/os")
+os_version=$(cat "$__global/explorer/os_version")
+
+case "$os" in
+    debian)
+        case "$os_version" in
+            8*)
+                __apt_source jessie-backports \
+                             --uri http://http.debian.net/debian \
+                             --distribution jessie-backports \
+                             --component main
+
+                require="__apt_source/jessie-backports" __package_apt python-certbot --target-release jessie-backports
+                require="__apt_source/jessie-backports" __package_apt certbot --target-release jessie-backports
+                # Seems to be a missing dependency on debian 8
+                __package python-ndg-httpsclient
+                ;;
+            *)
+                echo "Unsupported OS version: $os_version" >&2
+                exit 1
+                ;;
+        esac
+
+        certbot_fullpath=/usr/bin/certbot
+        ;;
+    devuan)
+        case "$os_version" in
+            jessie)
+                __apt_source jessie-backports \
+                             --uri http://auto.mirror.devuan.org/merged \
+                             --distribution jessie-backports \
+                             --component main
+
+                require="__apt_source/jessie-backports" __package_apt python-certbot --target-release jessie-backports
+                require="__apt_source/jessie-backports" __package_apt certbot --target-release jessie-backports
+                # Seems to be a missing dependency on debian 8
+                __package python-ndg-httpsclient
+                ;;
+            *)
+                echo "Unsupported OS version: $os_version" >&2
+                exit 1
+                ;;
+        esac
+
+        certbot_fullpath=/usr/bin/certbot
+        ;;
+    freebsd)
+        __package py27-certbot
+
+        certbot_fullpath=/usr/local/bin/certbot
+        ;;
+    *)
+        echo "Unsupported os: $os" >&2
+        exit 1
+        ;;
+esac
+
+
+__cron letsencrypt-certbot  \
+    --user root \
+    --command "$certbot_fullpath renew -q" \
+    --hour 0

cdist/conf/type/__letsencrypt_cert/parameter/default/admin-email

@@ -0,0 +1 @@
+root@localhost

cdist/conf/type/__letsencrypt_cert/parameter/optional

@@ -0,0 +1 @@
+admin-email

cdist/conf/type/__letsencrypt_cert/parameter/required

@@ -0,0 +1 @@
+webroot