Inject proxy cert to pveproxy

2 files changed, 8 insertions, 0 deletions

diff --git a/personal_infra/puppet/modules/proxmox/README.md b/personal_infra/puppet/modules/proxmox/README.md
index 42bf724c..5e5f8bc6 100644
--- a/personal_infra/puppet/modules/proxmox/README.md
+++ b/personal_infra/puppet/modules/proxmox/README.md
@@ -32,3 +32,5 @@ This uses the Apache HTTP Server and mod_md to obtain certificates.
 Your hostname must be publicly accessible, because http challenges are used.
 
 You receive mails to restart your server when required.
+
+The `base_hostname` certificate is injected daily to pveproxy.
diff --git a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp
index 423d5cfa..08101b6a 100644
--- a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp
+++ b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp
@@ -44,4 +44,10 @@ class proxmox::proxy ($mail, $base_hostname) {
     ,
     mode => '0755',
   }
+
+  cron {'pve-certs':
+    command => "/usr/bin/pvenode cert set /etc/apache2/md/domains/$base_hostname/pubcert.pem /etc/apache2/md/domains/$base_hostname/privkey.pem  --force 1 --restart 1",
+    user => 'root',
+    special => 'daily',
+  }
 }