Fixes for certbot, no certbot script just yet.

2024-10-28 15:55:35 +01:00 · 2024-10-28 15:55:35 +01:00 · 0af1dbe562
commit 0af1dbe562
parent 1dc0a879db
2 changed files with 3 additions and 2 deletions
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@ -13,3 +13,4 @@
    x_remote_user: true
    groups:
      - 'sunet-cert'
+    certbot: false
--- a/global/overlay/etc/puppet/modules/soc/manifests/sso.pp
+++ b/global/overlay/etc/puppet/modules/soc/manifests/sso.pp
@ -18,7 +18,7 @@
 #   If true, EPPN is put in the HTTP header X-Remote-User instead of REMOTE_USER.
 #
 # @param single_user
-#   If true, EPPN is discarded and X-Remote-User is set to "cnaas-user". This is useful in
+#   If true, EPPN is discarded and X-Remote-User is set to "soc-user". This is useful in
 #   cases where the service we reverse proxy for can't create new accounts automatically.
 #   We use this only for Graylog at the time of writing.
 #
@ -113,7 +113,7 @@ class soc::sso(

    file { '/etc/letsencrypt/acme-dns-auth.py':
      ensure  => file,
-      content => file('cnaas/sso/acme-dns-auth.py'),
+      content => file('soc/sso/acme-dns-auth.py'),
      mode    => '0744',
    }