Skip to content

Commit ca751e4

Browse files
JacobCoffeeJacobCoffee
committed
feat: move acme stuff into pillar data
1 parent 98dc839 commit ca751e4

File tree

2 files changed

+88
-74
lines changed

2 files changed

+88
-74
lines changed

pillar/base/tls.sls

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,3 +61,77 @@ tls:
6161
svn.psf.io:
6262
roles:
6363
- hg
64+
65+
acme_certs:
66+
bugs.python.org:
67+
validation: http
68+
roles:
69+
{# - bugs#}
70+
- loadbalancer
71+
pycon.org:
72+
validation: http
73+
roles:
74+
- loadbalancer
75+
aliases:
76+
- www.pycon.org
77+
speed.pypy.org:
78+
validation: http
79+
roles:
80+
- loadbalancer
81+
salt-public.psf.io:
82+
validation: http
83+
roles:
84+
- loadbalancer
85+
planetpython.org:
86+
validation: http
87+
roles:
88+
- loadbalancer
89+
aliases:
90+
- www.planetpython.org
91+
- planet.python.org
92+
pypa.io:
93+
validation: http
94+
roles:
95+
- loadbalancer
96+
aliases:
97+
- www.pypa.io
98+
jython.org:
99+
validation: http
100+
roles:
101+
- loadbalancer
102+
aliases:
103+
- www.jython.net
104+
- jython.net
105+
- www.jython.com
106+
- jython.com
107+
bugs.python.org-multi:
108+
validation: http
109+
name: bugs.python.org
110+
roles:
111+
- loadbalancer
112+
aliases:
113+
- bugs.jython.org
114+
- issues.roundup-tracker.org
115+
- mail.roundup-tracker.org
116+
{# star.python.org:#}
117+
{# validation: dns#}
118+
{# dns_plugin: route53#}
119+
{# dns_plugin_credentials: route53.python#}
120+
{# roles:#}
121+
{# - loadbalancer#}
122+
{# star.pycon.org:#}
123+
{# validation: dns#}
124+
{# dns_plugin: route53#}
125+
{# dns_plugin_credentials: route53.pycon#}
126+
{# roles:#}
127+
{# - loadbalancer#}
128+
{# aliases:#}
129+
{# - pycon.org#}
130+
{# star.pyfound.org:#}
131+
{# validation: dns#}
132+
{# dns_plugin: gandiv5#}
133+
{# dns_plugin_credentials: gandi#}
134+
{# roles:#}
135+
{# - loadbalancer#}
136+
{# aliases:#}
137+
{# - pyfound.org#}

salt/tls/init.sls

Lines changed: 14 additions & 74 deletions
Original file line numberDiff line numberDiff line change
@@ -46,89 +46,29 @@ certbot:
4646
{% endfor %}
4747

4848
{% if salt["match.compound"](pillar["roles"]["salt-master"]["pattern"]) %}
49-
# HTTP-validated domains
50-
{% for domain in [
51-
'pypa.io',
52-
'www.pycon.org',
53-
'speed.pypy.org',
54-
'salt-public.psf.io',
55-
'planetpython.org',
56-
'bugs.python.org'
57-
] %}
49+
# Process ACME certificates
50+
{% for domain, domain_config in salt["pillar.get"]("tls:acme_certs", {}).items() %}
5851
{{ domain }}:
5952
acme.cert:
6053
- email: [email protected]
6154
- webroot: /etc/lego
6255
- renew: 14
56+
{% if domain_config.get('aliases') %}
57+
- aliases:
58+
{% for alias in domain_config.get('aliases', []) %}
59+
- {{ alias }}
60+
{% endfor %}
61+
{% endif %}
6362
{% if pillar["dc"] == "vagrant" %}
6463
- server: https://salt-master.vagrant.psf.io:14000/dir
6564
{% endif %}
65+
{% if domain_config.get('validation') == "dns" %}
66+
- dns_plugin: {{ domain_config.get('dns_plugin') }}
67+
- dns_plugin_credentials: {{ domain_config.get('dns_plugin_credentials') }}
68+
{% else %}
6669
- require:
6770
- sls: tls.lego
71+
- pkg: certbot
72+
{% endif %}
6873
{% endfor %}
69-
70-
# DNS-validated domains
71-
# dns plugins do not exist yet for route53 & gandi
72-
{#star.python.org:#}
73-
{# acme.cert:#}
74-
{# - aliases:#}
75-
{# - python.org#}
76-
{# - email: [email protected]#}
77-
{## - dns_plugin: route53#}
78-
{## - dns_plugin_credentials: route53.python#}
79-
{# - renew: 14#}
80-
{# - server: https://localhost:14000/dir#}
81-
{# - require:#}
82-
{# - pkg: certbot#}
83-
{#
84-
- sls: tls.lego
85-
{#star.pycon.org:#}
86-
{# acme.cert:#}
87-
{# - aliases:#}
88-
{# - pycon.org#}
89-
{# - email: [email protected]#}
90-
{## - dns_plugin: route53#}
91-
{## - dns_plugin_credentials: route53.pycon#}
92-
{# - renew: 14#}
93-
{# - server: https://localhost:14000/dir#}
94-
{# - require:#}
95-
{# - sls: tls.lego#}
96-
97-
{#star.pyfound.org:#}
98-
{# acme.cert:#}
99-
{# - aliases:#}
100-
{# - pyfound.org#}
101-
{# - email: [email protected]#}
102-
{## - dns_plugin: gandiv5#}
103-
{## - dns_plugin_credentials: gandi#}
104-
{# - renew: 14#}
105-
{# - require:#}
106-
{# - sls: tls.lego#}
107-
108-
# Multi-domain certificates
109-
{#jython.org:#}
110-
{# acme.cert:#}
111-
{# - aliases:#}
112-
{# - www.jython.net#}
113-
{# - jython.net#}
114-
{# - www.jython.com#}
115-
{# - jython.com#}
116-
{# - email: [email protected]#}
117-
{# - webroot: /etc/lego#}
118-
{# - renew: 14#}
119-
{# - require:#}
120-
{# - sls: tls.lego#}
121-
{##}
122-
{#bugs.python.org-multi:#}
123-
{# acme.cert:#}
124-
{# - name: bugs.python.org#}
125-
{# - aliases:#}
126-
{# - bugs.jython.org#}
127-
{# - issues.roundup-tracker.org#}
128-
{# - mail.roundup-tracker.org#}
129-
{# - email: [email protected]#}
130-
{# - webroot: /etc/lego#}
131-
{# - renew: 14#}
132-
{# - require:#}
133-
{# - sls: tls.lego#}
13474
{% endif %}

0 commit comments

Comments
 (0)