#
# Cookbook Name:: kosmos-parity
# Recipe:: letsencrypt
#
# Copyright 2017, Kosmos
#
# All rights reserved - Do Not Redistribute
#

include_recipe "kosmos-base::letsencrypt"

hostname = node['kosmos-parity']['hostname']

directory "/var/www/#{hostname}/.well-known/acme-challenge" do
  owner     node["nginx"]["user"]
  group     node["nginx"]["group"]
  action    :create
  recursive true
end

template "#{node['nginx']['dir']}/sites-available/#{hostname}" do
  source 'nginx_conf_parity_letsencrypt.erb'
  owner 'www-data'
  mode 0640
  variables server_name: hostname,
            ssl_cert:    "/etc/letsencrypt/live/#{hostname}/fullchain.pem",
            ssl_key:     "/etc/letsencrypt/live/#{hostname}/privkey.pem"
  notifies :reload, 'service[nginx]', :delayed
end

nginx_site "#{hostname}" do
  action :enable
end

execute "letsencrypt cert for #{hostname}" do
  command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{hostname} -d #{hostname} -n"
  not_if { File.exist? "/etc/letsencrypt/live/#{hostname}/fullchain.pem" }
  notifies :reload, "service[nginx]", :delayed
end