X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/77cd975164d60c089b6a42b2e9bd128c0e037025..d7a070fcfd61fe0c43f81d9cfefe1e0ee96152ac:/cookbooks/letsencrypt/recipes/default.rb?ds=sidebyside diff --git a/cookbooks/letsencrypt/recipes/default.rb b/cookbooks/letsencrypt/recipes/default.rb index f08fdf3ac..834f215da 100644 --- a/cookbooks/letsencrypt/recipes/default.rb +++ b/cookbooks/letsencrypt/recipes/default.rb @@ -8,7 +8,7 @@ # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -17,12 +17,14 @@ # limitations under the License. # -include_recipe "apache::ssl" +include_recipe "apache" keys = data_bag_item("chef", "keys") -package "certbot" -package "ruby" +package %w[ + certbot + ruby +] directory "/etc/letsencrypt" do owner "letsencrypt" @@ -119,7 +121,14 @@ directory "/srv/acme.openstreetmap.org/requests" do end certificates = search(:node, "letsencrypt:certificates").each_with_object({}) do |n, c| - c.merge!(n[:letsencrypt][:certificates]) + n[:letsencrypt][:certificates].each do |name, details| + c[name] ||= details.merge(:nodes => []) + + c[name][:nodes] << { + :name => n[:fqdn], + :address => n.external_ipaddress || n.internal_ipaddress + } + end end certificates.each do |name, details| @@ -141,6 +150,29 @@ certificates.each do |name, details| end end +Dir.each_child("/srv/acme.openstreetmap.org/requests") do |name| + next if certificates.include?(name) + + file "/srv/acme.openstreetmap.org/requests/#{name}" do + action :delete + end + + execute "certbot-delete-#{name}" do + command "/usr/bin/certbot delete --config-dir /srv/acme.openstreetmap.org/config --work-dir /srv/acme.openstreetmap.org/work --logs-dir /srv/acme.openstreetmap.org/logs --cert-name #{name}" + cwd "/srv/acme.openstreetmap.org" + user "letsencrypt" + group "letsencrypt" + end +end + +template "/srv/acme.openstreetmap.org/bin/check-certificates" do + source "check-certificates.erb" + owner "root" + group "root" + mode 0o755 + variables :certificates => certificates +end + template "/etc/cron.d/letsencrypt" do source "cron.erb" owner "root"