From 0af1dbe562f02dda45d6e769a21f2b73357359b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johan=20Bj=C3=B6rklund?= Date: Mon, 28 Oct 2024 15:55:35 +0100 Subject: [PATCH] Fixes for certbot, no certbot script just yet. --- global/overlay/etc/puppet/cosmos-rules.yaml | 1 + global/overlay/etc/puppet/modules/soc/manifests/sso.pp | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index f61cdf2..01f05e4 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -13,3 +13,4 @@ x_remote_user: true groups: - 'sunet-cert' + certbot: false diff --git a/global/overlay/etc/puppet/modules/soc/manifests/sso.pp b/global/overlay/etc/puppet/modules/soc/manifests/sso.pp index ac5eb23..30eaf63 100644 --- a/global/overlay/etc/puppet/modules/soc/manifests/sso.pp +++ b/global/overlay/etc/puppet/modules/soc/manifests/sso.pp @@ -18,7 +18,7 @@ # If true, EPPN is put in the HTTP header X-Remote-User instead of REMOTE_USER. # # @param single_user -# If true, EPPN is discarded and X-Remote-User is set to "cnaas-user". This is useful in +# If true, EPPN is discarded and X-Remote-User is set to "soc-user". This is useful in # cases where the service we reverse proxy for can't create new accounts automatically. # We use this only for Graylog at the time of writing. # @@ -113,7 +113,7 @@ class soc::sso( file { '/etc/letsencrypt/acme-dns-auth.py': ensure => file, - content => file('cnaas/sso/acme-dns-auth.py'), + content => file('soc/sso/acme-dns-auth.py'), mode => '0744', }