chef/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb

#
# Cookbook Name:: kosmos-ipfs
# Recipe:: letsencrypt
#
# Copyright 2019, Kosmos
#
# All rights reserved - Do Not Redistribute
#

include_recipe "kosmos-nginx"

domain = node["kosmos-ipfs"]["nginx"]["domain"]

template "#{node['nginx']['dir']}/sites-available/#{domain}" do
  source "nginx_conf_#{domain}.erb"
  owner 'www-data'
  mode 0640
  variables server_name:            domain,
            ssl_cert:               "/etc/letsencrypt/live/#{domain}/fullchain.pem",
            ssl_key:                "/etc/letsencrypt/live/#{domain}/privkey.pem",
            ipfs_api_port:          node['kosmos-ipfs']['nginx']['api_port'],
            ipfs_external_api_port: node['kosmos-ipfs']['nginx']['external_api_port']

  notifies :reload, 'service[nginx]', :delayed
end

nginx_site domain do
  action :enable
end

nginx_certbot_site domain

unless node.chef_environment == "development"
  include_recipe "firewall"
  firewall_rule 'ipfs_api' do
    port     node['kosmos-ipfs']['nginx']['external_api_port']
    protocol :tcp
    command  :allow
  end
end