Replace the certbot systemd unit with a cron job with notifications

Uses cronic (https://habilis.net/cronic/) to filter out the stdout and send a sensible email to ops@kosmos.org when renewal fails Closes #3
2019-06-18 18:26:14 +02:00
parent a7eb12d0eb
commit d879eb88b1
2 changed files with 21 additions and 1 deletions
--- a/site-cookbooks/kosmos-base/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-base/recipes/letsencrypt.rb
@@ -72,3 +72,23 @@ template "/root/gandi_dns_certbot_hook.sh" do
  variables gandi_api_key: gandi_api_data_bag_item["key"]
  mode 0770
 end
+
+# Replace the systemd timer with a cronjob, for easy email notifications
+%w(certbot.service certbot.timer).each do |service|
+  service service do
+    action :disable
+  end
+
+  file "/lib/systemd/system/#{service}" do
+    action :delete
+  end
+end
+
+package "cronic"
+
+cron "certbot" do
+  hour "0,12"
+  minute 0
+  mailto "ops@kosmos.org"
+  command "cronic /usr/bin/certbot renew"
+end