Create a nginx_certbot_site resource to remove duplication

It creates a folder, the nginx vhost for certbot and HTTP redirects, and
also runs certbot and recreates the nginx vhost that includes the TLS
cert

site-cookbooks/kosmos-mastodon/recipes/default.rb

@@ -91,12 +91,6 @@ application mastodon_path do
               vapid_public_key: mastodon_credentials['vapid_public_key']
   end
 
-  directory "#{mastodon_path}/public/.well-known" do
-    owner node['nginx']['user']
-    group node['nginx']['group']
-    recursive true
-  end
-
   bundle_install do
     user "mastodon"
     deployment true

site-cookbooks/kosmos-mastodon/recipes/nginx.rb

@@ -2,7 +2,7 @@
 # Cookbook Name:: kosmos-mastodon
 # Recipe:: nginx
 #
-# Copyright 2017, Kosmos
+# Copyright 2019, Kosmos
 #
 # All rights reserved - Do Not Redistribute
 #
@@ -12,35 +12,26 @@ server_name   = node["kosmos-mastodon"]["server_name"]
 
 include_recipe "kosmos-nginx"
 
-directory "/var/www/mastodon/.well-known/acme-challenge" do
-  owner     node["nginx"]["user"]
-  group     node["nginx"]["group"]
-  recursive true
-  action    :create
-end
-
-template "#{node['nginx']['dir']}/sites-available/mastodon" do
+template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
   source 'nginx_conf_mastodon.erb'
   owner 'www-data'
   mode 0640
-  variables streaming_port:          node["kosmos-mastodon"]["streaming_port"],
-            puma_port:               node["kosmos-mastodon"]["puma_port"],
-            server_name:             server_name,
-            ssl_cert:                "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
-            ssl_key:                 "/etc/letsencrypt/live/#{server_name}/privkey.pem",
-            mastodon_path:           mastodon_path
+  variables streaming_port: node["kosmos-mastodon"]["streaming_port"],
+            puma_port:      node["kosmos-mastodon"]["puma_port"],
+            server_name:    server_name,
+            ssl_cert:       "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
+            ssl_key:        "/etc/letsencrypt/live/#{server_name}/privkey.pem",
+            mastodon_path:  mastodon_path
   notifies :reload, 'service[nginx]', :delayed
 end
 
-nginx_site 'mastodon' do
-  enable true
+# Legacy vhost
+nginx_site "mastodon" do
+  action :disable
 end
 
-unless node.chef_environment == "development"
-  include_recipe "kosmos-base::letsencrypt"
-  execute "letsencrypt cert for #{server_name}" do
-    command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/mastodon -d #{server_name} -n"
-    not_if { File.exist? "/etc/letsencrypt/live/#{server_name}/fullchain.pem" }
-    notifies :create, "template[#{node['nginx']['dir']}/sites-available/mastodon]", :immediately
-  end
+nginx_site server_name do
+  action :enable
 end
+
+nginx_certbot_site server_name

site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb

@@ -3,18 +3,6 @@ map $http_upgrade $connection_upgrade {
   ''      close;
 }
 
-server {
-  listen 80;
-  listen [::]:80;
-  server_name <%= @server_name %>;
-
-  access_log "/var/log/nginx/mastodon.access.log";
-  error_log "/var/log/nginx/mastodon.error.log";
-
-  location /.well-known { root "/var/www/mastodon"; }
-  location / { return 301 https://$host$request_uri; }
-}
-
 server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;