Add let's encrypt module

manifests/init.pp

@@ -54,6 +54,9 @@
 # [*users*]
 #   List of hashes with users information.
 #
+# [*cert_admin_mail*]
+#   Email to provide to Let's Encrypt in exchange for SSL certificates
+#
 class mastodon (
   String $ensure = 'present',
   String $hostname = 'mastodon.example.org',
@@ -94,6 +97,7 @@ class mastodon (
     'SESSION_RETENTION_PERIOD' => 31556952,
   },
   Array $users = [],
+  String $cert_admin_mail = 'cert-admin@example.org',
 ) {
   case $ensure {
     default: {
@@ -118,7 +122,6 @@ class mastodon (
     'bison',
     'build-essential',
     'ca-certificates',
-    'certbot',
     'ffmpeg',
     'file',
     'g++',
@@ -144,7 +147,6 @@ class mastodon (
     'pkg-config',
     # 'postgresql-contrib',
     'protobuf-compiler',
-    'python3-certbot-apache',
     # 'redis-tools',
     'wget',
     'zlib1g-dev',
@@ -324,10 +326,14 @@ class mastodon (
     timeout     => 0,
     require     => File["${mastodon_home}/live/.env.production"],
   }
-  exec { "register-${hostname}-letsencrypt":
-    command => "/etc/init.d/apache2 stop && /usr/bin/certbot certonly --agree-tos --email certs@susurrando.com -d ${hostname} -n --standalone && /etc/init.d/apache2 start",
-    creates => "/etc/letsencrypt/live/${hostname}/privkey.pem",
-    require => Package['python3-certbot-apache'],
+  class { 'letsencrypt':
+    email             => $cert_admin_mail,
+    renew_cron_ensure => 'present',
+  }
+  letsencrypt::certonly { $hostname:
+    domains            => [$hostname],
+    pre_hook_commands  => ['systemctl stop apache2'],
+    post_hook_commands => ['systemctl start apache2'],
   }
   apache::vhost { $hostname:
     ensure                => $ensure,

metadata.json

@@ -29,6 +29,10 @@
     {
       "name": "puppet-systemd", 
       "version_requirement": "4.0.1"
+    },
+    {
+      "name": "puppet-letsencrypt",
+      "version_requirement": "10.1.0"
     }
   ],
   "operatingsystem_support": [