Block some heavy apps and default user-agents

[chef.git] / cookbooks / letsencrypt / recipes / default.rb

diff --git a/cookbooks/letsencrypt/recipes/default.rb b/cookbooks/letsencrypt/recipes/default.rb
index 61a12005757a4b7f14bd9fce6ed85bd06f0e312e..a1df6819035b160a35a42580998811cdb8d3da6c 100644 (file)
--- a/cookbooks/letsencrypt/recipes/default.rb
+++ b/cookbooks/letsencrypt/recipes/default.rb
@@ -1,8 +1,8 @@
 #
-# Cookbook Name:: letsencrypt
+# Cookbook:: letsencrypt
 # Recipe:: default
 #
-# Copyright 2017, OpenStreetMap Foundation
+# Copyright:: 2017, OpenStreetMap Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
 # limitations under the License.
 #
 
+include_recipe "accounts"
 include_recipe "apache"
 
 keys = data_bag_item("chef", "keys")
@@ -147,6 +148,22 @@ certificates.each do |name, details|
     user "letsencrypt"
     group "letsencrypt"
     subscribes :run, "template[/srv/acme.openstreetmap.org/requests/#{name}]"
+    not_if { ENV["TEST_KITCHEN"] }
+  end
+end
+
+Dir.glob("*", :base => "/srv/acme.openstreetmap.org/requests") do |name|
+  next if certificates.include?(name)
+
+  file "/srv/acme.openstreetmap.org/requests/#{name}" do
+    action :delete
+  end
+
+  execute "certbot-delete-#{name}" do
+    command "/usr/bin/certbot delete --config-dir /srv/acme.openstreetmap.org/config --work-dir /srv/acme.openstreetmap.org/work --logs-dir /srv/acme.openstreetmap.org/logs --cert-name #{name}"
+    cwd "/srv/acme.openstreetmap.org"
+    user "letsencrypt"
+    group "letsencrypt"
   end
 end