Test opening port 80 for certbot operation

global/overlay/etc/puppet/modules/cdn/manifests/ca.pp

@@ -116,4 +116,7 @@ class cdn::ca(
     creates => '/root/.step/config/defaults.json',
     onlyif  => 'test -f /opt/step-ca/data/certs/root_ca.crt'
   }
+
+  # Enable acme
+  # step ca provisioner add acme --type ACME --admin-subject=step --admin-password-file=/opt/step-ca/init/secrets/provisioner-password
 }

global/overlay/etc/puppet/modules/cdn/manifests/mqtt.pp

@@ -22,4 +22,10 @@ class cdn::mqtt(
     mode    => '0644',
     content => template('cdn/mqtt/cdn.conf.erb'),
   }
+
+  sunet::nftables::allow { "allow-step-ca-acme":
+    from  => 'any',
+    port  => 80,
+    proto => 'tcp',
+  }
 }