kosmos/chef
8
3
Fork 0
Code Issues 32 Pull Requests 1 Projects 2 Activity

Compare commits

base: kosmos:f82fdd96cf3355a91bda1913ed597d8de69a478e
Branches Tags
kosmos:master kosmos:feature/blossom_server kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg
...
compare: kosmos:ff313525c86c91bbe9dcf194d1249ba56d198d03
Branches Tags
kosmos:feature/blossom_server kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg

2 Commits
f82fdd96cf ... ff313525c8

Author SHA1 Message Date
Râu Cao
ff313525c8 Reload postfix and dovecot on cert renewal 
closes #552

Co-authored-by: Greg Karékinian <greg@karekinian.com>
 2024-06-05 16:44:18 +02:00
Râu Cao
cfb379741e Add imap and smtp subdomains to mail server cert 
closes #543

Co-authored-by: Greg Karékinian <greg@karekinian.com>
 2024-06-05 15:55:29 +02:00
2 changed files with 18 additions and 1 deletions
Expand all files Collapse all files

16
site-cookbooks/kosmos-base/resources/tls_cert_for.rb
View File

@@ -3,6 +3,7 @@ provides :tls_cert_for
property :domain, [String, Array], name_property: true property :domain, [String, Array], name_property: true
property :auth, [String, NilClass], default: nil property :auth, [String, NilClass], default: nil
property :deploy_hook, [String, NilClass], default: nil
property :acme_domain, [String, NilClass], default: nil property :acme_domain, [String, NilClass], default: nil
default_action :create default_action :create
@@ -36,6 +37,19 @@ action :create do
sensitive true sensitive true
end end
if new_resource.deploy_hook
deploy_hook_path = "/etc/letsencrypt/renewal-hooks/#{domains.first}"
file deploy_hook_path do
content new_resource.deploy_hook
mode 0755
owner "root"
group "root"
end
elsif node.run_list.roles.include?("openresty_proxy")
deploy_hook_path = "/etc/letsencrypt/renewal-hooks/post/openresty"
end
# Generate a Let's Encrypt cert (only if no cert has been generated before). # Generate a Let's Encrypt cert (only if no cert has been generated before).
# The systemd timer will take care of renewing # The systemd timer will take care of renewing
execute "letsencrypt cert for #{domains.join(', ')}" do execute "letsencrypt cert for #{domains.join(', ')}" do
@@ -47,7 +61,7 @@ action :create do
--manual-auth-hook '#{hook_auth_command}' \ --manual-auth-hook '#{hook_auth_command}' \
--manual-cleanup-hook '#{hook_cleanup_command}' \ --manual-cleanup-hook '#{hook_cleanup_command}' \
--email ops@kosmos.org \ --email ops@kosmos.org \
#{node.run_list.roles.include?("openresty_proxy") ? '--deploy-hook /etc/letsencrypt/renewal-hooks/post/openresty' : nil } \ #{"--deploy-hook #{deploy_hook_path}" if defined?(deploy_hook_path)} \
#{domains.map {|d| "-d #{d}" }.join(" ")} #{domains.map {|d| "-d #{d}" }.join(" ")}
CMD CMD
not_if do not_if do

3
site-cookbooks/kosmos_email/recipes/default.rb
View File

@@ -7,6 +7,7 @@ domain = node["email"]["domain"]
hostname = node["email"]["hostname"] hostname = node["email"]["hostname"]
root_dir = node["email"]["root_directory"] root_dir = node["email"]["root_directory"]
ip_addr = node["knife_zero"]["host"] ip_addr = node["knife_zero"]["host"]
extra_hostnames = ["smtp.#{domain}", "imap.#{domain}"]
node.override["set_fqdn"] = hostname node.override["set_fqdn"] = hostname
include_recipe "hostname" include_recipe "hostname"
@@ -23,7 +24,9 @@ directory root_dir do
end end
tls_cert_for hostname do tls_cert_for hostname do
domain ([hostname]+extra_hostnames)
auth "gandi_dns" auth "gandi_dns"
deploy_hook "systemctl reload postfix.service && systemctl reload dovecot.service"
action :create action :create
end end