kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 28 Pull Requests 3 Projects 2 Activity

Replace the certbot systemd unit with a cron job with notifications

Browse Source 
Uses cronic (https://habilis.net/cronic/) to filter out the stdout and
send a sensible email to ops@kosmos.org when renewal fails

Closes #3
This commit is contained in:
Greg Karékinian 2019-06-18 18:26:14 +02:00
parent a7eb12d0eb
commit d879eb88b1
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
site-cookbooks/kosmos-base/metadata.rb
View File

@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
license 'MIT' license 'MIT'
description 'The Kosmos base cookbook' description 'The Kosmos base cookbook'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.2.0' version '0.2.1'
chef_version '>= 14.0' # Uses the new sudo resource chef_version '>= 14.0' # Uses the new sudo resource
depends 'apt' depends 'apt'

20
site-cookbooks/kosmos-base/recipes/letsencrypt.rb
View File

@ -72,3 +72,23 @@ template "/root/gandi_dns_certbot_hook.sh" do
variables gandi_api_key: gandi_api_data_bag_item["key"] variables gandi_api_key: gandi_api_data_bag_item["key"]
mode 0770 mode 0770
end end
# Replace the systemd timer with a cronjob, for easy email notifications
%w(certbot.service certbot.timer).each do |service|
service service do
action :disable
end
file "/lib/systemd/system/#{service}" do
action :delete
end
end
package "cronic"
cron "certbot" do
hour "0,12"
minute 0
mailto "ops@kosmos.org"
command "cronic /usr/bin/certbot renew"
end