verglasz/soc-ops
0
0
Fork 0
forked from SUNET/soc-ops
Code Pull requests Activity

Fixes for certbot, no certbot script just yet.

Browse source
This commit is contained in:
Johan Björklund 2024-10-28 15:55:35 +01:00
parent 1dc0a879db
commit 0af1dbe562
Signed by untrusted user: bjorklund
GPG key ID: 5E8401339C7F5037
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
global/overlay/etc/puppet/cosmos-rules.yaml
View file

@ -13,3 +13,4 @@
x_remote_user: true x_remote_user: true
groups: groups:
- 'sunet-cert' - 'sunet-cert'
certbot: false

4
global/overlay/etc/puppet/modules/soc/manifests/sso.pp
View file

@ -18,7 +18,7 @@
# If true, EPPN is put in the HTTP header X-Remote-User instead of REMOTE_USER. # If true, EPPN is put in the HTTP header X-Remote-User instead of REMOTE_USER.
# #
# @param single_user # @param single_user
# If true, EPPN is discarded and X-Remote-User is set to "cnaas-user". This is useful in # If true, EPPN is discarded and X-Remote-User is set to "soc-user". This is useful in
# cases where the service we reverse proxy for can't create new accounts automatically. # cases where the service we reverse proxy for can't create new accounts automatically.
# We use this only for Graylog at the time of writing. # We use this only for Graylog at the time of writing.
# #
@ -113,7 +113,7 @@ class soc::sso(
file { '/etc/letsencrypt/acme-dns-auth.py': file { '/etc/letsencrypt/acme-dns-auth.py':
ensure => file, ensure => file,
content => file('cnaas/sso/acme-dns-auth.py'), content => file('soc/sso/acme-dns-auth.py'),
mode => '0744', mode => '0744',
} }