Add support for a default hook script

The default hook script can be used to reload the webserver
when a new certificate has been installed.

CHANGELOG.rst

@@ -1,6 +1,10 @@
 letsencrypt-sh formula
 ======================
 
+0.3.1 (UNRELEASED)
+
+- Add support for hook script reloading a service.
+
 0.3.0 (2016-12-12)
 
 - Updated for version 0.3.0 of the client.

letsencrypt-sh/config.sls

@@ -3,7 +3,12 @@
 
 {% from "letsencrypt-sh/map.jinja" import letsencrypt_sh with context %}
 
-letsencrypth-sh-config:
+{% set install_hook = False %}
+{% if letsencrypt_sh.hook_script_src != 'salt://letsencrypt-sh/files/hook' or letsencrypt_sh.hook_service_to_reload %}
+{% set install_hook = True %}
+{% endif %}
+
+letsencrypt-sh-config:
   file.managed:
     - name: {{ letsencrypt_sh.config_file }}
     - source: salt://letsencrypt-sh/files/config
@@ -11,6 +16,19 @@ letsencrypth-sh-config:
     - user: root
     - group: root
     - template: jinja
+    - context:
+        use_default_hook: {{ install_hook }}
+
+{% if install_hook %}
+letsencrypt-sh-hook:
+  file.managed:
+    - name: {{ letsencrypt_sh.hook_script }}
+    - source: {{ letsencrypt_sh.hook_script_src }}
+    - mode: 755
+    - user: root
+    - group: root
+    - template: jinja
+{% endif %}
 
 letsencrypt-sh-domains:
   file.managed:

letsencrypt-sh/defaults.yaml

@@ -11,3 +11,6 @@ letsencrypt_sh:
   cron_hour: random
   cron_dayweek: random
   cron_enabled: True
+  hook_script: '/etc/letsencrypt.sh/hook'
+  hook_script_src: 'salt://letsencrypt-sh/files/hook'
+  hook_service_to_reload: ''

letsencrypt-sh/files/config

@@ -5,6 +5,9 @@
 	   'domains-txt': letsencrypt_sh.domains_txt,
    })
 -%}
+{%- if use_default_hook -%}
+{%- do cfg_client.setdefault('hook', letsencrypt_sh.hook_script) -%}
+{%- endif -%}
 {%- macro get_config(configname, default_value) -%}
 {%- set varname = configname.replace("-", "_") -%}
 {%- if configname in cfg_client -%}

letsencrypt-sh/files/hook

@@ -0,0 +1,15 @@
+#!/bin/sh
+# File managed by Salt (salt://letsencrypt-sh/files/hook). Do not edit by
+# hand!
+
+{% from "letsencrypt-sh/map.jinja" import letsencrypt_sh with context %}
+{% if letsencrypt_sh.hook_service_to_reload %}
+if [ "$1" = "deploy_cert" ]; then
+    service {{ letsencrypt_sh.hook_service_to_reload }} reload
+fi
+{% else %}
+# Empty file because pillar letsencrypt-sh:lookup:hook_service_to_reload
+# was not set for this minion. Alternatively you can set
+# letsencrypt-sh:lookup:hook_script_src to point to another source
+# file.
+{% endif %}

pillar.example

@@ -19,4 +19,6 @@ letsencrypt-sh:
     pkg: letsencrypt.sh
     pkg_apache: letsencrypt.sh-apache2
     cron_command: cronic letsencrypt.sh --cron
+    # Service to reload after install of new cert
+    hook_service_to_reload: nginx
     # see defaults.yaml for full list