From: alex <alex@pdp7.net>
Date: Sun, 5 Mar 2023 19:55:15 +0000 (+0100)
Subject: Inject proxy cert to pveproxy
X-Git-Tag: 20240214-emacs~395
X-Git-Url: https://xn--ix-yja.es/gitweb/?a=commitdiff_plain;h=a9c73bcbe6e2ec5476ad4ca814baf6f7666af5bf;p=alex.git

Inject proxy cert to pveproxy
---

diff --git a/personal_infra/puppet/modules/proxmox/README.md b/personal_infra/puppet/modules/proxmox/README.md
index 42bf724..5e5f8bc 100644
--- a/personal_infra/puppet/modules/proxmox/README.md
+++ b/personal_infra/puppet/modules/proxmox/README.md
@@ -32,3 +32,5 @@ This uses the Apache HTTP Server and mod_md to obtain certificates.
 Your hostname must be publicly accessible, because http challenges are used.
 
 You receive mails to restart your server when required.
+
+The `base_hostname` certificate is injected daily to pveproxy.
diff --git a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp
index 423d5cf..08101b6 100644
--- a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp
+++ b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp
@@ -44,4 +44,10 @@ class proxmox::proxy ($mail, $base_hostname) {
     ,
     mode => '0755',
   }
+
+  cron {'pve-certs':
+    command => "/usr/bin/pvenode cert set /etc/apache2/md/domains/$base_hostname/pubcert.pem /etc/apache2/md/domains/$base_hostname/privkey.pem  --force 1 --restart 1",
+    user => 'root',
+    special => 'daily',
+  }
 }