35 lines
664 B
Ruby
35 lines
664 B
Ruby
#
|
|
# Cookbook Name:: kosmos-base
|
|
# Recipe:: letsencrypt
|
|
#
|
|
# Copyright 2018, Kosmos
|
|
#
|
|
# All rights reserved - Do Not Redistribute
|
|
#
|
|
|
|
# Install certbot and set up hooks
|
|
|
|
apt_repository "certbot" do
|
|
uri "ppa:certbot/certbot"
|
|
end
|
|
|
|
package "certbot"
|
|
|
|
file "/etc/letsencrypt/renewal-hooks/post/nginx" do
|
|
content <<-EOF
|
|
#!/usr/bin/env bash
|
|
# Reloading nginx is enough to read the new certificates
|
|
systemctl reload nginx
|
|
EOF
|
|
mode 0755
|
|
owner "root"
|
|
group "root"
|
|
end
|
|
|
|
gandi_api_data_bag_item = data_bag_item('credentials', 'gandi_api_5apps')
|
|
|
|
template "/root/gandi_dns_certbot_hook.sh" do
|
|
variables gandi_api_key: gandi_api_data_bag_item["key"]
|
|
mode 0770
|
|
end
|