X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/e698e02106fc290ff3e530f5de66a91868a7f1f8..9d484a34c1141e82a1565d1d6a21f9b68077e1b7:/cookbooks/letsencrypt/recipes/default.rb diff --git a/cookbooks/letsencrypt/recipes/default.rb b/cookbooks/letsencrypt/recipes/default.rb index 899ee1fc5..92c78a51d 100644 --- a/cookbooks/letsencrypt/recipes/default.rb +++ b/cookbooks/letsencrypt/recipes/default.rb @@ -19,6 +19,7 @@ include_recipe "accounts" include_recipe "apache" +include_recipe "chef::knife" keys = data_bag_item("chef", "keys") @@ -30,31 +31,31 @@ package %w[ directory "/etc/letsencrypt" do owner "letsencrypt" group "letsencrypt" - mode 0o755 + mode "755" end directory "/var/lib/letsencrypt" do owner "letsencrypt" group "letsencrypt" - mode 0o755 + mode "755" end directory "/var/log/letsencrypt" do owner "letsencrypt" group "letsencrypt" - mode 0o700 + mode "700" end directory "/srv/acme.openstreetmap.org" do owner "letsencrypt" group "letsencrypt" - mode 0o755 + mode "755" end directory "/srv/acme.openstreetmap.org/html" do owner "letsencrypt" group "letsencrypt" - mode 0o755 + mode "755" end ssl_certificate "acme.openstreetmap.org" do @@ -70,55 +71,55 @@ end directory "/srv/acme.openstreetmap.org/config" do owner "letsencrypt" group "letsencrypt" - mode 0o755 + mode "755" end directory "/srv/acme.openstreetmap.org/work" do owner "letsencrypt" group "letsencrypt" - mode 0o755 + mode "755" end directory "/srv/acme.openstreetmap.org/logs" do owner "letsencrypt" group "letsencrypt" - mode 0o700 + mode "700" end directory "/srv/acme.openstreetmap.org/.chef" do owner "letsencrypt" group "letsencrypt" - mode 0o2775 + mode "2775" end file "/srv/acme.openstreetmap.org/.chef/client.pem" do content keys["letsencrypt"].join("\n") owner "letsencrypt" group "letsencrypt" - mode 0o660 + mode "660" end cookbook_file "/srv/acme.openstreetmap.org/.chef/knife.rb" do source "knife.rb" owner "letsencrypt" group "letsencrypt" - mode 0o660 + mode "660" end remote_directory "/srv/acme.openstreetmap.org/bin" do source "bin" owner "root" group "root" - mode 0o755 + mode "755" files_owner "root" files_group "root" - files_mode 0o755 + files_mode "755" end directory "/srv/acme.openstreetmap.org/requests" do owner "root" group "root" - mode 0o755 + mode "755" end certificates = search(:node, "letsencrypt:certificates").each_with_object({}) do |n, c| @@ -137,7 +138,7 @@ certificates.each do |name, details| source "request.erb" owner "root" group "letsencrypt" - mode 0o754 + mode "754" variables details end @@ -148,7 +149,7 @@ certificates.each do |name, details| user "letsencrypt" group "letsencrypt" subscribes :run, "template[/srv/acme.openstreetmap.org/requests/#{name}]" - not_if { ENV["TEST_KITCHEN"] } + not_if { kitchen? } end end @@ -171,7 +172,7 @@ template "/srv/acme.openstreetmap.org/bin/check-certificates" do source "check-certificates.erb" owner "root" group "root" - mode 0o755 + mode "755" variables :certificates => certificates end @@ -190,3 +191,10 @@ cron_d "letencrypt-check" do command "/srv/acme.openstreetmap.org/bin/check-certificates" mailto "admins@openstreetmap.org" end + +template "/etc/logrotate.d/letsencrypt" do + source "logrotate.erb" + owner "root" + group "root" + mode "644" +end