fix(planet): remove lego in favor of haproxy (#477)

* fix: remove lego from pythonplanet in favor of haproxy * chore: clean up unused server blocks
python · Aug 22, 2024 · a91106b · a91106b
1 parent 37e194a
commit a91106b
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 50 deletions.
diff --git a/salt/planet/config/nginx.planet.conf.jinja b/salt/planet/config/nginx.planet.conf.jinja
@@ -1,30 +1,5 @@
 {% for site, info in salt["pillar.get"]("planet", {}).get("sites").items() %}
 
-server {
-    listen 80 default_server;
-    server_name {{ site }};
-
-    location /.well-known/acme-challenge/ {
-      alias /etc/lego/.well-known/acme-challenge/;
-      try_files $uri =404;
-    }
-
-    location / {
-      return 301 https://$host$request_uri;
-    }
-}
-
-server {
-    listen 443 ssl;
-    server_name {{ site }};
-    error_log /var/log/nginx/{{ site }}.error.log;
-    access_log /var/log/nginx/{{ site }}.access.log;
-    ssl_certificate /etc/lego/certificates/{{ grains['fqdn'] }}.crt;
-    ssl_certificate_key /etc/lego/certificates/{{ grains['fqdn'] }}.key;
-
-    root /srv/{{ site }}/;
-}
-
 server {
     listen 9000 ssl;
     server_name {{ site }};

diff --git a/salt/planet/init.sls b/salt/planet/init.sls
@@ -1,6 +1,5 @@
 include:
   - nginx
-  - tls.lego
 
 git:
   pkg.installed
@@ -33,30 +32,6 @@ planet-user:
     - require:
       - pkg: consul-pkgs
 
-lego_bootstrap:
-  cmd.run:
-    - name: /usr/local/bin/lego -a --email="[email protected]" {% if pillar["dc"] == "vagrant" %}--server=https://salt-master.vagrant.psf.io:14000/dir{% endif %} --domains="{{ grains['fqdn'] }}" {%- for domain in pillar['planet']['subject_alternative_names']  %} --domains {{ domain }}{%- endfor %} --http --path /etc/lego --key-type ec256 run
-    - creates: /etc/lego/certificates/{{ grains['fqdn'] }}.json
-
-lego_renew:
-  cron.present:
-    - name: sudo -u nginx /usr/local/bin/lego -a --email="[email protected]" {% if pillar["dc"] == "vagrant" %}--server=https://salt-master.vagrant.psf.io:14000/dir{% endif %} --domains="{{ grains['fqdn'] }}" {%- for domain in pillar['planet']['subject_alternative_names']  %} --domains {{ domain }}{%- endfor %} --http --http.webroot /etc/lego --path /etc/lego --key-type ec256  renew --days 30 && /usr/sbin/service nginx reload
-    - identifier: roundup_lego_renew
-    - hour: 0
-    - minute: random
-
-lego_config:
-  file.managed:
-    - name: /etc/nginx/conf.d/lego.conf
-    - source: salt://tls/config/lego.conf.jinja
-    - template: jinja
-    - user: root
-    - group: root
-    - mode: "0644"
-    - require:
-      - sls: tls.lego
-      - cmd: lego_bootstrap
-
 /srv/planet/:
   file.directory:
     - user: planet