#
# Cookbook Name:: kosmos-base
# Recipe:: letsencrypt
#
# Copyright 2018, Kosmos
#
# All rights reserved - Do Not Redistribute
#

# Install certbot and set up hooks

apt_repository "certbot" do
  uri "ppa:certbot/certbot"
end

package "certbot"

file "/etc/letsencrypt/renewal-hooks/post/nginx" do
  content <<-EOF
#!/usr/bin/env bash
# Reloading nginx is enough to read the new certificates
systemctl reload nginx
  EOF
  mode 0755
  owner "root"
  group "root"
end

gandi_api_data_bag_item = data_bag_item('credentials', 'gandi_api_5apps')

template "/root/gandi_dns_certbot_hook.sh" do
  variables gandi_api_key: gandi_api_data_bag_item["key"]
  mode 0770
end