From d879eb88b1bfb76ebffc67a431959df15e4f2a0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 18 Jun 2019 18:26:14 +0200
Subject: [PATCH] Replace the certbot systemd unit with a cron job with
 notifications

Uses cronic (https://habilis.net/cronic/) to filter out the stdout and
send a sensible email to ops@kosmos.org when renewal fails

Closes #3
---
 site-cookbooks/kosmos-base/metadata.rb        |  2 +-
 .../kosmos-base/recipes/letsencrypt.rb        | 20 +++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/site-cookbooks/kosmos-base/metadata.rb b/site-cookbooks/kosmos-base/metadata.rb
index 29c832b..d633405 100644
--- a/site-cookbooks/kosmos-base/metadata.rb
+++ b/site-cookbooks/kosmos-base/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
 license          'MIT'
 description      'The Kosmos base cookbook'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.2.0'
+version          '0.2.1'
 chef_version     '>= 14.0' # Uses the new sudo resource
 
 depends 'apt'
diff --git a/site-cookbooks/kosmos-base/recipes/letsencrypt.rb b/site-cookbooks/kosmos-base/recipes/letsencrypt.rb
index c4e77e9..6c8b799 100644
--- a/site-cookbooks/kosmos-base/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-base/recipes/letsencrypt.rb
@@ -72,3 +72,23 @@ template "/root/gandi_dns_certbot_hook.sh" do
   variables gandi_api_key: gandi_api_data_bag_item["key"]
   mode 0770
 end
+
+# Replace the systemd timer with a cronjob, for easy email notifications
+%w(certbot.service certbot.timer).each do |service|
+  service service do
+    action :disable
+  end
+
+  file "/lib/systemd/system/#{service}" do
+    action :delete
+  end
+end
+
+package "cronic"
+
+cron "certbot" do
+  hour "0,12"
+  minute 0
+  mailto "ops@kosmos.org"
+  command "cronic /usr/bin/certbot renew"
+end