include: - nginx theos.kyriasis.com: acme.cert: - email: johannes@kyriasis.com - webroot: /srv/http/ - keysize: 4096 - renew: 30 - watch_in: - service: nginx_service - require_in: - service: nginx_service /etc/smtpd/certs/fullchain.pem: file.managed: - source: /etc/letsencrypt/live/theos.kyriasis.com/fullchain.pem - user: root - group: root - mode: 600 - watch_in: - service: opensmtpd /etc/smtpd/certs/privkey.pem: file.managed: - source: /etc/letsencrypt/live/theos.kyriasis.com/privkey.pem - user: root - group: root - mode: 600 ldap-access-theos: acl.present: - name: /etc/letsencrypt/archive/theos.kyriasis.com/ - acl_type: user - acl_name: ldap - perms: r-x - recurse: True - require_in: - acme: theos.kyriasis.com znc-access-theos: acl.present: - name: /etc/letsencrypt/archive/theos.kyriasis.com/ - acl_type: user - acl_name: znc - perms: r-x - recurse: True - require_in: - acme: theos.kyriasis.com kyrias-access-theos: acl.present: - name: /etc/letsencrypt/archive/theos.kyriasis.com/ - acl_type: user - acl_name: kyrias - perms: r-x - recurse: True - require_in: - acme: theos.kyriasis.com # vim: set ft=yaml et: