(#396) Add support for adding hooks after cert creation

certbot supports different hooks. They are executed during the
certificate renewal. Those hooks are configured per-certificate.
Previously you had to specify all hooks during the initial certificate
creation. If a hook was added afterwards in Puppet, it was written to
disk as a shell script, but it wasn't added to the configuration file.
The config file wasn't managed with openvox at all, it was created by
certbot. certbot has no cli options to update an existing config file.
Because of that, we added an ini_setting resource to ensure that all
hooks are added to the config file.

Fixes #396

Author: bastelfreak

manifests/certonly.pp

@@ -257,6 +257,10 @@
     }
   }
 
+  # certbot uses --cert-name to generate the file path
+  $live_path_certname = regsubst($cert_name, '^\*\.', '')
+  $live_path = "${config_dir}/live/${live_path_certname}/cert.pem"
+
   $hook_args = ['pre', 'post', 'deploy'].map | String $type | {
     $commands = getvar("${type}_hook_commands")
     if (!empty($commands)) {
@@ -267,17 +271,29 @@
         commands  => $commands,
         before    => Exec["letsencrypt certonly ${title}"],
       }
+      # if ensure is set to present, ensure that the hooks exist in the config file for the domain
+      # this has to happen after the exec, because `certbot certonly` creates the initial config file
+      # certbot won't update the config. But an update is required if new hooks are added afterwards
+      #
+      # we cannot add it to letsencrypt::hook because the defined resource runs before the Exec, not afterwards
+      if $ensure == 'present' {
+        ini_setting { "${title}-${type}":
+          ensure  => 'present',
+          path    => "${config_dir}/renewal/${live_path_certname}.conf",
+          section => 'renewalparams',
+          setting => "${type}_hook",
+          value   => $hook_file,
+          require => Exec["letsencrypt certonly ${title}"],
+        }
+      }
+
       "--${type}-hook \"${hook_file}\""
     }
     else {
       undef
     }
   }
 
-  # certbot uses --cert-name to generate the file path
-  $live_path_certname = regsubst($cert_name, '^\*\.', '')
-  $live_path = "${config_dir}/live/${live_path_certname}/cert.pem"
-
   $_command = flatten(
     [
       $letsencrypt_command,