Support proxy domain validation for Garage web domains

Also rename the data bag item

site-cookbooks/kosmos-base/resources/tls_cert_for.rb

@@ -18,7 +18,7 @@ action :create do
 
   case new_resource.auth
   when "gandi_dns"
-    gandi_api_credentials = data_bag_item('credentials', 'gandi_api_5apps')
+    gandi_api_credentials = data_bag_item('credentials', 'gandi_api')
 
     hook_path = "/root/gandi_dns_certbot_hook.sh"
     hook_auth_command = "#{hook_path} auth"

site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb

@@ -33,7 +33,7 @@ file "/etc/letsencrypt/renewal-hooks/post/ejabberd" do
   group "root"
 end
 
-gandi_api_credentials = data_bag_item('credentials', 'gandi_api_5apps')
+gandi_api_credentials = data_bag_item('credentials', 'gandi_api')
 
 template "/root/gandi_dns_certbot_hook.sh" do
   variables access_token: gandi_api_credentials["access_token"]

site-cookbooks/kosmos_garage/recipes/nginx_web.rb

@@ -3,6 +3,8 @@
 # Recipe:: nginx_web
 #
 
+gandi_api_credentials = data_bag_item('credentials', 'gandi_api')
+
 file "#{node['openresty']['dir']}/conf.d/garage.conf" do
   content <<-EOF
 upstream garage_web {
@@ -40,8 +42,12 @@ end
 #
 
 node['garage']['s3_web_domains'].each do |domain_name|
+  second_level_domain = domain_name.match(/(?:.*\.)?([^.]+\.[^.]+)$/) { $1 }
+  proxy_validation = !gandi_api_credentials["domains"].include?(second_level_domain)
+
   tls_cert_for domain_name do
     auth "gandi_dns"
+    acme_domain "letsencrypt.kosmos.org" if proxy_validation
     action :create
   end
 

site-cookbooks/sockethub/recipes/proxy.rb

@@ -24,10 +24,10 @@ file "/etc/letsencrypt/renewal-hooks/post/nginx" do
   group "root"
 end
 
-gandi_api_data_bag_item = data_bag_item('credentials', 'gandi_api_5apps')
+gandi_api_credentials = data_bag_item('credentials', 'gandi_api')
 
 template "/root/gandi_dns_certbot_hook.sh" do
-  variables gandi_api_key: gandi_api_data_bag_item["key"]
+  variables gandi_api_key: gandi_api_credentials["key"]
   mode 0770
 end