Inject proxy cert to pveproxy

author alex <alex@pdp7.net>

Sun, 5 Mar 2023 19:55:15 +0000 (20:55 +0100)

committer alex <alex@pdp7.net>

Sun, 5 Mar 2023 19:55:15 +0000 (20:55 +0100)
author alex <alex@pdp7.net>
Sun, 5 Mar 2023 19:55:15 +0000 (20:55 +0100)
committer alex <alex@pdp7.net>
Sun, 5 Mar 2023 19:55:15 +0000 (20:55 +0100)
diff --git a/personal_infra/puppet/modules/proxmox/README.md b/personal_infra/puppet/modules/proxmox/README.md

index 42bf724ccb363638d1fe8f181fa70869265faa15..5e5f8bc6cbe632b9074eec370d2938837ba7a17c 100644 (file)
--- a/personal_infra/puppet/modules/proxmox/README.md
+++ b/personal_infra/puppet/modules/proxmox/README.md
@@ -32,3 +32,5 @@ This uses the Apache HTTP Server and mod_md to obtain certificates.
  Your hostname must be publicly accessible, because http challenges are used.
  
  You receive mails to restart your server when required.
+
+The `base_hostname` certificate is injected daily to pveproxy.
diff --git a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp

index 423d5cfab7243a9044294be397480b6c9e55aba2..08101b6a270f162c16c332211077b619cc7aa03a 100644 (file)
--- a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp
+++ b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp
@@ -44,4 +44,10 @@ class proxmox::proxy ($mail, $base_hostname) {
      ,
      mode => '0755',
    }
+
+  cron {'pve-certs':
+    command => "/usr/bin/pvenode cert set /etc/apache2/md/domains/$base_hostname/pubcert.pem /etc/apache2/md/domains/$base_hostname/privkey.pem  --force 1 --restart 1",
+    user => 'root',
+    special => 'daily',
+  }
  }
author	alex <alex@pdp7.net>
	Sun, 5 Mar 2023 19:55:15 +0000 (20:55 +0100)
committer	alex <alex@pdp7.net>
	Sun, 5 Mar 2023 19:55:15 +0000 (20:55 +0100)
personal_infra/puppet/modules/proxmox/README.md		patch \| blob \| history
personal_infra/puppet/modules/proxmox/manifests/proxy.pp		patch \| blob \| history