Create a resource to get a Let's Encrypt cert with DNS validation

2023-07-12 20:35:15 +02:00
parent d077dfdcf2
commit c1e2145ba1
3 changed files with 120 additions and 10 deletions
--- a/site-cookbooks/kosmos-base/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-base/recipes/letsencrypt.rb
@@ -52,16 +52,17 @@ end
  end
 end

-# TODO check if nginx is installed/running on the node
-file "/etc/letsencrypt/renewal-hooks/deploy/nginx" do
-  content <<-EOF
-#!/usr/bin/env bash
-# Reloading nginx is enough to read the new certificates
-systemctl reload nginx
-  EOF
-  mode 0755
-  owner "root"
-  group "root"
+if node.run_list.roles.include?("openresty_proxy")
+  file "/etc/letsencrypt/renewal-hooks/post/openresty" do
+    content <<-EOF
+  #!/usr/bin/env bash
+  # Reloading openresty is enough to read the new certificates
+  systemctl reload openresty
+    EOF
+    mode 0755
+    owner "root"
+    group "root"
+  end
 end

 # include_recipe 'kosmos-base::systemd_emails'