add letsencrypt bundle

bundles/letsencrypt/files/domains.txt

@@ -0,0 +1,5 @@
+${node.hostname}
+
+% for domain, aliases in node.metadata.get('letsencrypt', {}).get('domains', {}).items():
+${domain} ${' '.join(aliases)}
+% endfor

bundles/letsencrypt/items.py

@@ -0,0 +1,24 @@
+assert node.has_bundle('nginx'), 'letsencrypt needs nginx'
+
+pkg_apt = {
+    'dehydrated': {},
+}
+
+actions = {
+    'letsencrypt_update_certificates': {
+        'command': 'dehydrated --cron --accept-terms --ocsp --challenge http-01',
+        'triggered': True,
+        'needs': {
+            'pkg_apt:dehydrated',
+        },
+    },
+}
+
+files = {
+    '/etc/dehydrated/domains.txt': {
+        'content_type': 'mako',
+        'triggers': {
+            'action:letsencrypt_update_certificates',
+        },
+    },
+}

bundles/nginx/files/port80.conf

@@ -2,12 +2,12 @@ server {
     listen       80 default_server;
     listen       [::]:80 default_server;
     server_name  _;
-    
+
     location / {
         return 301 https://$host$request_uri;
     }
 
     location /.well-known/acme-challenge/ {
-        alias /var/www/default/.well-known/acme-challenge/;
+        alias /var/lib/dehydrated/acme-challenges/;
     }
 }

groups/all.py

@@ -5,6 +5,7 @@ groups['all'] = {
     'bundles': {
         'apt',
         'hostname',
+        'letsencrypt',
         'sudo',
         'systemd',
         'users',

nodes/htz-cloud/sewfile.py

@@ -7,6 +7,11 @@ nodes['htz-cloud.sewfile'] = {
         'seafile',
     ],
     'metadata': {
+        'letsencrypt': {
+            'domains': {
+                'sewfile.franzi.business': set(),
+            },
+        },
         'os': 'debian',
         'os_release': 'buster',
     },