use puppet strings

manifests/certonly.pp

@@ -1,52 +1,43 @@
-# == Defined Type: letsencrypt::certonly
+# @summary Request a certificate using the `certonly` installer
 #
-#   This type can be used to request a certificate using the `certonly`
-#   installer.
+# This type can be used to request a certificate using the `certonly` installer.
 #
-# === Parameters:
-#
-# [*ensure*]
-#   Intended state of the resource. Accepts either 'present' or 'absent'.
-#   Default: 'present'.
+# @param ensure
+#   Intended state of the resource
 #   Will remove certificates for specified domains if set to 'absent'. Will
 #   also remove cronjobs and renewal scripts if `manage_cron` is set to 'true'.
-# [*domains*]
-#   Namevar. An array of domains to include in the CSR.
-# [*custom_plugin*]
-#   Whether to use a custom plugin in additional_args and disable -a flag.
-# [*plugin*]
-#   The authenticator plugin to use when requesting the certificate.
-# [*webroot_paths*]
+# @param domains
+#   An array of domains to include in the CSR.
+# @param custom_plugin Whether to use a custom plugin in additional_args and disable -a flag.
+# @param plugin The authenticator plugin to use when requesting the certificate.
+# @param webroot_paths
 #   An array of webroot paths for the domains in `domains`.
 #   Required if using `plugin => 'webroot'`. If `domains` and
 #   `webroot_paths` are not the same length, the last `webroot_paths`
 #   element will be used for all subsequent domains.
-# [*letsencrypt_command*]
-#   Command to run letsencrypt
-# [*additional_args*]
-#   An array of additional command line arguments to pass to the
-#   `letsencrypt-auto` command.
-# [*environment*]
-#   An optional array of environment variables (in addition to VENV_PATH).
-# [*manage_cron*]
-#   Boolean indicating whether or not to schedule cron job for renewal. Default: 'false'.
+# @param letsencrypt_command Command to run letsencrypt
+# @param additional_args An array of additional command line arguments to pass to the `letsencrypt-auto` command.
+# @param environment  An optional array of environment variables (in addition to VENV_PATH).
+# @param key_size Size for the RSA public key
+# @param manage_cron
+#   Indicating whether or not to schedule cron job for renewal.
 #   Runs daily but only renews if near expiration, e.g. within 10 days.
-# [*cron_before_command*]
-#   String representation of a command that should be run before renewal command
-# [*cron_success_command*]
-#   String representation of a command that should be run if the renewal command
-#   succeeds.
-# [*cron_hour*]
-#   Optional string, integer or array, hour(s) that the renewal command should execute.
+# @param suppress_cron_output Redirect cron output to devnull
+# @param cron_before_command Representation of a command that should be run before renewal command
+# @param cron_success_command Representation of a command that should be run if the renewal command succeeds.
+# @param cron_hour
+#   Optional hour(s) that the renewal command should execute.
 #   e.g. '[0,12]' execute at midnight and midday.  Default - seeded random hour.
-# [*cron_minute*]
-#   Optional string, integer or array, minute(s) that the renewal command should execute.
+# @param cron_minute
+#   Optional minute(s) that the renewal command should execute.
 #   e.g. 0 or '00' or [0,30].  Default - seeded random minute.
-# [*pre_hook_commands*]
-#   Array of commands to run in a shell before attempting to obtain/renew the certificate.
-# [*post_hook_commands*]
-#   Array of command(s) to run in a shell after attempting to obtain/renew the certificate.
-# [*deploy_hook_commands*]
+# @param cron_monthday
+#   Optional string, integer or array of monthday(s) the renewal command should
+#   run. E.g. '2-30/2' to run on even days. Default: Every day.
+# @param config_dir The path to the configuration directory.
+# @param pre_hook_commands Array of commands to run in a shell before attempting to obtain/renew the certificate.
+# @param post_hook_commands Array of command(s) to run in a shell after attempting to obtain/renew the certificate.
+# @param deploy_hook_commands
 #   Array of command(s) to run in a shell once if the certificate is successfully issued.
 #   Two environmental variables are supplied by certbot:
 #   - $RENEWED_LINEAGE: Points to the live directory with the cert files and key.

manifests/config.pp

@@ -1,6 +1,6 @@
-# == Class: letsencrypt
+# @summary Configures the Let's Encrypt client.
 #
-#   This class configures the Let's Encrypt client. This is a private class.
+# @api private
 #
 class letsencrypt::config (
   $config_dir          = $letsencrypt::config_dir,

manifests/hook.pp

@@ -1,22 +1,16 @@
-# == Defined Type: letsencrypt::hook
+# @summary Creates hook scripts.
 #
-#   This type is used by letsencrypt::renew and letsencrypt::certonly to create
-#   hook scripts.
+# This type is used by letsencrypt::renew and letsencrypt::certonly to create hook scripts.
 #
-# === Parameters:
-#
-# [*type*]
-#   Hook type. Can be pre, post or deploy.
-# [*hook_file*]
-#   Path to deploy hook script.
-# [*commands*]
-#   String or array of bash commands to execute when the hook is run by certbot.
+# @param type Hook type.
+# @param hook_file Path to deploy hook script.
+# @param commands Bash commands to execute when the hook is run by certbot.
 #
 define letsencrypt::hook (
   Enum['pre', 'post', 'deploy'] $type,
   String[1]                     $hook_file,
   # hook.sh.epp will validate this
-  $commands,
+  Variant[String,Array[String]] $commands,
 ) {
 
   $validate_env = $type ? {

manifests/init.pp

@@ -1,55 +1,59 @@
-# == Class: letsencrypt
+# @summary Install and configure Certbot, the LetsEncrypt client
 #
-#   This class installs and configures the Let's Encrypt client.
+# Install and configure Certbot, the LetsEncrypt client
 #
-# === Parameters:
+# @example
+#  class { 'letsencrypt' :
+#    email  => 'letsregister@example.com',
+#    config => {
+#      'server' => 'https://acme-staging.api.letsencrypt.org/directory',
+#    },
+#  }
 #
-# [*email*]
+# @param email
 #   The email address to use to register with Let's Encrypt. This takes
 #   precedence over an 'email' setting defined in $config.
-# [*path*]
-#   The path to the letsencrypt installation.
-# [*environment*]
-#   An optional array of environment variables (in addition to VENV_PATH)
-# [*repo*]
-#   A Git URL to install the Let's encrypt client from.
-# [*version*]
-#   The Git ref (tag, sha, branch) to check out when installing the client with
-#   the `vcs` method.
-# [*package_ensure*]
-#   The value passed to `ensure` when installing the client with the `package`
-#   method.
-# [*package_name*]
-#   Name of package and command to use when installing the client with the
-#   `package` method.
-# [*package_command*]
-#   Path or name for letsencrypt executable when installing the client with
-#   the `package` method.
-# [*config_dir*]
-#   The path to the configuration directory.
-# [*config_file*]
-#   The path to the configuration file for the letsencrypt cli.
-# [*config*]
-#   A hash representation of the letsencrypt configuration file.
-# [*manage_config*]
-#   A feature flag to toggle the management of the letsencrypt configuration
-#   file.
-# [*manage_install*]
-#   A feature flag to toggle the management of the letsencrypt client
-#   installation.
-# [*manage_dependencies*]
-#   A feature flag to toggle the management of the letsencrypt dependencies.
-# [*configure_epel*]
-#   A feature flag to include the 'epel' class and depend on it for package
-#   installation.
-# [*install_method*]
-#   Method to install the letsencrypt client, either package or vcs.
-# [*agree_tos*]
-#   A flag to agree to the Let's Encrypt Terms of Service.
-# [*unsafe_registration*]
-#   A flag to allow using the 'register-unsafely-without-email' flag.
-# [*cron_scripts_path*]
-#   The path to put the script we'll call with cron. Defaults to $puppet_vardir/letsencrypt.
+# @param path The path to the letsencrypt installation.
+# @param venv_path virtualenv path for vcs-installed Certbot
+# @param environment An optional array of environment variables (in addition to VENV_PATH)
+# @param repo A Git URL to install the Let's encrypt client from.
+# @param version The Git ref (tag, sha, branch) to check out when installing the client with the `vcs` method.
+# @param package_name Name of package and command to use when installing the client with the `package` method.
+# @param package_ensure The value passed to `ensure` when installing the client with the `package` method.
+# @param package_command Path or name for letsencrypt executable when installing the client with the `package` method.
+# @param config_file The path to the configuration file for the letsencrypt cli.
+# @param config A hash representation of the letsencrypt configuration file.
+# @param cron_scripts_path The path to put the script we'll call with cron. Defaults to $puppet_vardir/letsencrypt.
+# @param manage_config A feature flag to toggle the management of the letsencrypt configuration file.
+# @param manage_install A feature flag to toggle the management of the letsencrypt client installation.
+# @param manage_dependencies A feature flag to toggle the management of the letsencrypt dependencies.
+# @param configure_epel A feature flag to include the 'epel' class and depend on it for package installation.
+# @param install_method Method to install the letsencrypt client, either package or vcs.
+# @param agree_tos A flag to agree to the Let's Encrypt Terms of Service.
+# @param unsafe_registration A flag to allow using the 'register-unsafely-without-email' flag.
+# @param config_dir The path to the configuration directory.
+# @param key_size Size for the RSA public key
+# @param renew_pre_hook_commands Array of commands to run in a shell before obtaining/renewing any certificates.
+# @param renew_post_hook_commands Array of commands to run in a shell after attempting to obtain/renew certificates.
+# @param renew_deploy_hook_commands
+#   Array of commands to run in a shell once for each successfully issued/renewed
+#   certificate. Two environmental variables are supplied by certbot:
+#   - $RENEWED_LINEAGE: Points to the live directory with the cert files and key.
+#                       Example: /etc/letsencrypt/live/example.com
+#   - $RENEWED_DOMAINS: A space-delimited list of renewed certificate domains.
+#                       Example: "example.com www.example.com"
+# @param renew_additional_args Array of additional command line arguments to pass to 'certbot renew'.
+# @param renew_cron_ensure Intended state of the cron resource running certbot renew.
+# @param renew_cron_hour
+#   Optional string, integer or array of hour(s) the renewal command should run.
+#   E.g. '[0,12]' to execute at midnight and midday. Default: fqdn-seeded random
+#   hour.
+# @param renew_cron_minute
+#   Optional string, integer or array of minute(s) the renewal command should
+#   run. E.g. 0 or '00' or [0,30]. Default: fqdn-seeded random minute.
+# @param renew_cron_monthday
+#   Optional string, integer or array of monthday(s) the renewal command should
+#   run. E.g. '2-30/2' to run on even days. Default: Every day.
 #
 class letsencrypt (
   Optional[String] $email                = undef,

manifests/install.pp

@@ -1,32 +1,14 @@
-# == Class: letsencrypt::install
+# @summary Installs the Let's Encrypt client.
 #
-#   This class installs the Let's Encrypt client.  This is a private class.
-#
-# === Parameters:
-#
-# [*manage_install*]
-#   A feature flag to toggle the management of the letsencrypt client
-#   installation.
-# [*manage_dependencies*]
-#   A feature flag to toggle the management of the letsencrypt dependencies.
-# [*configure_epel*]
-#   A feature flag to include the 'epel' class and depend on it for package
-#   installation.
-# [*install_method*]
-#   Method to install the letsencrypt client, either package or vcs.
-# [*path*]
-#   The path to the letsencrypt installation.
-# [*repo*]
-#   A Git URL to install the Let's encrypt client from.
-# [*version*]
-#   The Git ref (tag, sha, branch) to check out when installing the client with
-#   the `vcs` method.
-# [*package_ensure*]
-#   The value passed to `ensure` when installing the client with the `package`
-#   method.
-# [*package_name*]
-#   Name of package to use when installing the client with the `package`
-#   method.
+# @param manage_install A feature flag to toggle the management of the letsencrypt client installation.
+# @param manage_dependencies  A feature flag to toggle the management of the letsencrypt dependencies.
+# @param configure_epel  A feature flag to include the 'epel' class and depend on it for package installation.
+# @param install_method Method to install the letsencrypt client
+# @param path The path to the letsencrypt installation.
+# @param repo A Git URL to install the Let's encrypt client from.
+# @param version The Git ref (tag, sha, branch) to check out when installing the client with the `vcs` method.
+# @param package_ensure The value passed to `ensure` when installing the client with the `package` method.
+# @param package_name Name of package to use when installing the client with the `package` method.
 #
 class letsencrypt::install (
   Boolean $manage_install                = $letsencrypt::manage_install,

manifests/plugin/dns_rfc2136.pp

@@ -1,28 +1,17 @@
-# == Class: letsencrypt::plugin::dns_rfc2136
+# @summary Installs and configures the dns-rfc2136 plugin
 #
-#   This class installs and configures the Let's Encrypt dns-rfc2136 plugin.
-#   https://certbot-dns-rfc2136.readthedocs.io
+# This class installs and configures the Let's Encrypt dns-rfc2136 plugin.
+# https://certbot-dns-rfc2136.readthedocs.io
 #
-# === Parameters:
-#
-# [*server*]
-#   Target DNS server.
-# [*key_name*]
-#   TSIG key name.
-# [*key_secret*]
-#   TSIG key secret.
-# [*key_algorithm*]
-#   TSIG key algorithm.
-# [*port*]
-#   Target DNS port.
-# [*propagation_seconds*]
-#   Number of seconds to wait for the DNS server to propagate the DNS-01 challenge.
-# [*manage_package*]
-#   Manage the plugin package.
-# [*package_name*]
-#   The name of the package to install when $manage_package is true.
-# [*config_dir*]
-#   The path to the configuration directory.
+# @param server Target DNS server.
+# @param key_name TSIG key name.
+# @param key_secret TSIG key secret.
+# @param key_algorithm TSIG key algorithm.
+# @param port Target DNS port.
+# @param propagation_seconds Number of seconds to wait for the DNS server to propagate the DNS-01 challenge.
+# @param manage_package Manage the plugin package.
+# @param package_name The name of the package to install when $manage_package is true.
+# @param config_dir The path to the configuration directory.
 #
 class letsencrypt::plugin::dns_rfc2136 (
   Stdlib::Host $server,

manifests/renew.pp

@@ -1,38 +1,30 @@
-# == Class: letsencrypt::renew
-#
-#   This class configures renewal of Let's Encrypt certificates using the
-#   certbot renew command.
+
+# @summary Configures renewal of Let's Encrypt certificates using Certbot
 #
-#   Note: Hooks set here will run before/after/for ALL certificates, including
-#   any not managed by Puppet. If you want to create hooks for specific
-#   certificates only, create them using letsencrypt::certonly.
+# Configures renewal of Let's Encrypt certificates using the certbot renew command.
 #
-# === Parameters:
+# Note: Hooks set here will run before/after/for ALL certificates, including
+# any not managed by Puppet. If you want to create hooks for specific
+# certificates only, create them using letsencrypt::certonly.
 #
-# [*pre_hook_commands*]
-#   Array of commands to run in a shell before obtaining/renewing any certificates.
-# [*post_hook_commands*]
-#   Array of commands to run in a shell after attempting to obtain/renew certificates.
-# [*deploy_hook_commands*]
+# @param pre_hook_commands Array of commands to run in a shell before obtaining/renewing any certificates.
+# @param post_hook_commands Array of commands to run in a shell after attempting to obtain/renew certificates.
+# @param deploy_hook_commands
 #   Array of commands to run in a shell once for each successfully issued/renewed
 #   certificate. Two environmental variables are supplied by certbot:
 #   - $RENEWED_LINEAGE: Points to the live directory with the cert files and key.
 #                       Example: /etc/letsencrypt/live/example.com
 #   - $RENEWED_DOMAINS: A space-delimited list of renewed certificate domains.
 #                       Example: "example.com www.example.com"
-# [*additional_args*]
-#   Array of additional command line arguments to pass to 'certbot renew'.
-# [*cron_ensure*]
-#   Intended state of the cron resource running certbot renew. Accepts 'present'
-#   or 'absent'. Default: 'absent'
-# [*cron_hour*]
+# @param additional_args Array of additional command line arguments to pass to 'certbot renew'.
+# @param cron_ensure Intended state of the cron resource running certbot renew
+# @param cron_hour
 #   Optional string, integer or array of hour(s) the renewal command should run.
-#   E.g. '[0,12]' to execute at midnight and midday. Default: fqdn-seeded random
-#   hour.
-# [*cron_minute*]
+#   E.g. '[0,12]' to execute at midnight and midday. Default: fqdn-seeded random hour.
+# @param cron_minute
 #   Optional string, integer or array of minute(s) the renewal command should
 #   run. E.g. 0 or '00' or [0,30]. Default: fqdn-seeded random minute.
-# [*cron_monthday*]
+# @param cron_monthday
 #   Optional string, integer or array of monthday(s) the renewal command should
 #   run. E.g. '2-30/2' to run on even days. Default: Every day.
 #

types/cron/hour.pp

@@ -1 +1,11 @@
-type Letsencrypt::Cron::Hour = Variant[Integer[0,23], String[1], Array[Variant[Integer[0,23], String[1]]]]
+# @summary mimic hour setting in cron as defined in man 5 crontab
+type Letsencrypt::Cron::Hour = Variant[
+  Integer[0,23],
+  String[1],
+  Array[
+    Variant[
+      Integer[0,23],
+      String[1],
+    ]
+  ]
+]

types/cron/minute.pp

@@ -1 +1,11 @@
-type Letsencrypt::Cron::Minute = Variant[Integer[0,59], String[1], Array[Variant[Integer[0,59], String[1]]]]
+# @summary mimic minute setting in cron as defined in man 5 crontab
+type Letsencrypt::Cron::Minute = Variant[
+  Integer[0,59],
+  String[1],
+  Array[
+    Variant[
+      Integer[0,59],
+      String[1],
+    ]
+  ]
+]