#
# Cookbook Name:: kosmos-mastodon
# Recipe:: nginx
#
# Copyright 2017, Kosmos
#
# All rights reserved - Do Not Redistribute
#

mastodon_path = node["kosmos-mastodon"]["directory"]
server_name   = node["kosmos-mastodon"]["server_name"]

include_recipe "kosmos-nginx"

directory "/var/www/mastodon/.well-known/acme-challenge" do
  owner     node["nginx"]["user"]
  group     node["nginx"]["group"]
  recursive true
  action    :create
end

template "#{node['nginx']['dir']}/sites-available/mastodon" do
  source 'nginx_conf_mastodon.erb'
  owner 'www-data'
  mode 0640
  variables streaming_port:          node["kosmos-mastodon"]["streaming_port"],
            puma_port:               node["kosmos-mastodon"]["puma_port"],
            server_name:             server_name,
            ssl_cert:                "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
            ssl_key:                 "/etc/letsencrypt/live/#{server_name}/privkey.pem",
            mastodon_path:           mastodon_path
  notifies :reload, 'service[nginx]', :delayed
end

nginx_site 'mastodon' do
  enable true
end

unless node.chef_environment == "development"
  include_recipe "kosmos-base::letsencrypt"
  execute "letsencrypt cert for #{server_name}" do
    command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/mastodon -d #{server_name} -n"
    not_if { File.exist? "/etc/letsencrypt/live/#{server_name}/fullchain.pem" }
    notifies :create, "template[#{node['nginx']['dir']}/sites-available/mastodon]", :immediately
  end
end