Replace the certbot systemd unit with a cron job with notifications

Uses cronic (https://habilis.net/cronic/) to filter out the stdout and send a sensible email to ops@kosmos.org when renewal fails Closes #3
2019-06-18 18:26:14 +02:00 · 2019-06-18 18:26:14 +02:00 · d879eb88b1
parent a7eb12d0eb
commit d879eb88b1
2 changed files with 21 additions and 1 deletions
--- a/site-cookbooks/kosmos-base/metadata.rb
+++ b/site-cookbooks/kosmos-base/metadata.rb
@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
 license          'MIT'
 description      'The Kosmos base cookbook'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.2.0'
+version          '0.2.1'
 chef_version     '>= 14.0' # Uses the new sudo resource

 depends 'apt'
--- a/site-cookbooks/kosmos-base/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-base/recipes/letsencrypt.rb
@ -72,3 +72,23 @@ template "/root/gandi_dns_certbot_hook.sh" do
  variables gandi_api_key: gandi_api_data_bag_item["key"]
  mode 0770
 end
+
+# Replace the systemd timer with a cronjob, for easy email notifications
+%w(certbot.service certbot.timer).each do |service|
+  service service do
+    action :disable
+  end
+
+  file "/lib/systemd/system/#{service}" do
+    action :delete
+  end
+end
+
+package "cronic"
+
+cron "certbot" do
+  hour "0,12"
+  minute 0
+  mailto "ops@kosmos.org"
+  command "cronic /usr/bin/certbot renew"
+end