2019-10-27 07:15:12 +00:00
|
|
|
# ---
|
|
|
|
# Variables & Constants
|
|
|
|
USER = 'webadm'
|
|
|
|
GROUP = 'webadm'
|
|
|
|
TARBALL = '/home/webadm/lego/lego.tar.gz'
|
|
|
|
WORKDIR = '/home/webadm/lego'
|
|
|
|
LEGO_DIR = '/opt/local/lego'
|
|
|
|
LEGO = '/opt/local/lego/lego'
|
|
|
|
LEGO_STORAGE = '/etc/lego/'
|
|
|
|
|
|
|
|
vtag = ''
|
|
|
|
tag_version = ''
|
|
|
|
lego = ''
|
|
|
|
# ---
|
|
|
|
|
|
|
|
# -------------------------------------------
|
|
|
|
# Calculating the latest `nginx-build` version:
|
|
|
|
# -------------------------------------------
|
|
|
|
begin
|
|
|
|
require 'net/http'
|
|
|
|
|
|
|
|
uri = URI.parse('https://github.com/go-acme/lego/releases/latest')
|
|
|
|
|
|
|
|
Timeout.timeout(3) do
|
|
|
|
response = Net::HTTP.get_response(uri)
|
|
|
|
|
|
|
|
if response.body =~ %r{tag\/(v\d+\.\d+\.\d+)}
|
|
|
|
vtag = $1
|
|
|
|
tag_version = vtag.sub('v', '')
|
|
|
|
|
|
|
|
lego = "https://github.com/go-acme/lego/releases/download/#{vtag}/lego_#{vtag}_linux_amd64.tar.gz"
|
|
|
|
end
|
2019-03-03 08:50:49 +00:00
|
|
|
end
|
2019-10-27 07:15:12 +00:00
|
|
|
rescue
|
|
|
|
# Abort the chef client process:
|
|
|
|
raise 'Cannot connect to http://github.com.'
|
2019-03-03 08:50:49 +00:00
|
|
|
end
|
|
|
|
|
2019-10-27 07:15:12 +00:00
|
|
|
directory WORKDIR do
|
|
|
|
owner USER
|
|
|
|
group GROUP
|
|
|
|
mode '755'
|
|
|
|
end
|
|
|
|
|
|
|
|
directory LEGO_DIR do
|
|
|
|
owner 'root'
|
|
|
|
group 'root'
|
|
|
|
mode '755'
|
|
|
|
end
|
|
|
|
|
|
|
|
# バージョン確認して、アップデート必要かどうか確認
|
|
|
|
result = run_command("lego -v | grep #{tag_version}", error: false)
|
|
|
|
if result.exit_status != 0
|
|
|
|
execute "wget #{lego} -O #{TARBALL}" do
|
|
|
|
user USER
|
|
|
|
end
|
|
|
|
|
|
|
|
execute "tar xf #{TARBALL} -C #{LEGO_DIR}" do
|
|
|
|
user 'root'
|
|
|
|
end
|
2019-03-03 08:50:49 +00:00
|
|
|
|
2019-10-27 07:15:12 +00:00
|
|
|
file LEGO do
|
|
|
|
user 'root'
|
|
|
|
group 'root'
|
2019-03-03 08:50:49 +00:00
|
|
|
mode '755'
|
|
|
|
end
|
2019-10-27 07:15:12 +00:00
|
|
|
|
|
|
|
link '/usr/local/bin/lego' do
|
|
|
|
user 'root'
|
|
|
|
to LEGO
|
2020-09-06 04:16:25 +00:00
|
|
|
force true
|
2019-10-27 07:15:12 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
directory "#{LEGO_STORAGE}" do
|
|
|
|
user 'root'
|
|
|
|
group 'root'
|
|
|
|
mode '755'
|
|
|
|
end
|
|
|
|
|
|
|
|
encrypted_remote_file "#{LEGO_STORAGE}/lego_run.sh" do
|
|
|
|
owner 'root'
|
|
|
|
group 'root'
|
|
|
|
mode '500'
|
|
|
|
source "files/#{LEGO_STORAGE}/lego_run.sh"
|
|
|
|
password ENV['ITAMAE_PASSWORD']
|
|
|
|
end
|
|
|
|
|
|
|
|
execute "#{LEGO_STORAGE}/lego_run.sh" do
|
|
|
|
user 'root'
|
|
|
|
cwd LEGO_STORAGE
|
|
|
|
not_if "test -d #{LEGO_STORAGE}/.lego"
|
2019-03-03 08:50:49 +00:00
|
|
|
end
|
|
|
|
|
2019-10-27 07:15:12 +00:00
|
|
|
encrypted_remote_file '/etc/cron.d/lego' do
|
2019-03-03 08:50:49 +00:00
|
|
|
owner 'root'
|
|
|
|
group 'root'
|
|
|
|
mode '644'
|
2019-10-27 07:15:12 +00:00
|
|
|
source 'files/etc/cron.d/lego'
|
|
|
|
password ENV['ITAMAE_PASSWORD']
|
2019-03-03 08:50:49 +00:00
|
|
|
end
|
2019-11-03 05:32:08 +00:00
|
|
|
|
|
|
|
remote_file "/etc/lego/dhparams_4096.pem" do
|
|
|
|
owner 'root'
|
|
|
|
group 'root'
|
|
|
|
mode '444'
|
|
|
|
end
|
|
|
|
|
|
|
|
execute "openssl rand 48 > /etc/lego/ticket.key"
|