lordcirth/haproxy_init.sls

## haproxy_init.sls
include:
  - certbot

certbot_haproxy_hook:
  file.managed:
    - name:     '/etc/letsencrypt/renewal-hooks/deploy/haproxy.hook'
    - source:   'salt://{{ tpldir }}/haproxy.hook.jinja'
    - template: jinja
    - makedirs: True
    - mode:     0755

certbot_ssh_privkey:
  file.managed:
    - name: '/root/.ssh/id_certbot'
    - contents_pillar: 'haproxy:ssh_privkey'
    - mode: 600

certbot_domains:
  file.managed:
    - name:     '/etc/letsencrypt/domains'
    - source:   'salt://{{ tpldir }}/domains.jinja'
    - template: jinja
    - require:
      - pkg: certbot_pkgs
    - onchanges_in:
      - file: certbot_new_cert

## init.sls
certbot_repo:
  pkgrepo.managed:
    - ppa: 'certbot/certbot'

certbot_pkgs:
  pkg.installed:
    - pkgs:
      - certbot
    - require:
      - pkgrepo: certbot_repo

certbot_new_script:
  file.managed:
    - name:     '/root/bin/new_cert.sh'
    - makedirs: True
    - source:   'salt://{{ tpldir }}/new_cert.sh'
    - mode:     755
    - template: jinja

# Override the default certbot.service file
certbot_service_file:
  file.managed:
    - name:     '/etc/systemd/system/certbot.service'
    - source:   'salt://{{ tpldir }}/certbot.service'
    - mode:     0644

# If domains change, request new cert
# /etc/letsencrypt/domains must be written by another state, eg certbot.haproxy
certbot_new_cert:
  cmd.run:
    - name: '/root/bin/new_cert.sh $(cat /etc/letsencrypt/domains)'
    - require:
      - file: certbot_new_script
#    - onchanges:
#      - test: dummy_state

certbot_systemd_reload:
  cmd.run:
    - name:     'systemctl daemon-reload'
    - onchanges:
      - file: certbot_service_file

#dummy_state:
#  test.succeed_without_changes: []
	include:
	- certbot

	certbot_haproxy_hook:
	file.managed:
	- name: '/etc/letsencrypt/renewal-hooks/deploy/haproxy.hook'
	- source: 'salt://{{ tpldir }}/haproxy.hook.jinja'
	- template: jinja
	- makedirs: True
	- mode: 0755

	certbot_ssh_privkey:
	file.managed:
	- name: '/root/.ssh/id_certbot'
	- contents_pillar: 'haproxy:ssh_privkey'
	- mode: 600

	certbot_domains:
	file.managed:
	- name: '/etc/letsencrypt/domains'
	- source: 'salt://{{ tpldir }}/domains.jinja'
	- template: jinja
	- require:
	- pkg: certbot_pkgs
	- onchanges_in:
	- file: certbot_new_cert
	certbot_repo:
	pkgrepo.managed:
	- ppa: 'certbot/certbot'

	certbot_pkgs:
	pkg.installed:
	- pkgs:
	- certbot
	- require:
	- pkgrepo: certbot_repo

	certbot_new_script:
	file.managed:
	- name: '/root/bin/new_cert.sh'
	- makedirs: True
	- source: 'salt://{{ tpldir }}/new_cert.sh'
	- mode: 755
	- template: jinja

	# Override the default certbot.service file
	certbot_service_file:
	file.managed:
	- name: '/etc/systemd/system/certbot.service'
	- source: 'salt://{{ tpldir }}/certbot.service'
	- mode: 0644

	# If domains change, request new cert
	# /etc/letsencrypt/domains must be written by another state, eg certbot.haproxy
	certbot_new_cert:
	cmd.run:
	- name: '/root/bin/new_cert.sh $(cat /etc/letsencrypt/domains)'
	- require:
	- file: certbot_new_script
	# - onchanges:
	# - test: dummy_state

	certbot_systemd_reload:
	cmd.run:
	- name: 'systemctl daemon-reload'
	- onchanges:
	- file: certbot_service_file

	#dummy_state:
	# test.succeed_without_changes: []