itamae/cookbooks/nginx/lego.rb

111 lines
2.2 KiB
Ruby

# ---
# Variables & Constants
USER = 'webadm'
GROUP = 'webadm'
TARBALL = '/home/webadm/lego/lego.tar.gz'
WORKDIR = '/home/webadm/lego'
LEGO_DIR = '/opt/local/lego'
LEGO = '/opt/local/lego/lego'
LEGO_STORAGE = '/etc/lego/'
vtag = ''
tag_version = ''
lego = ''
# ---
# -------------------------------------------
# Calculating the latest `nginx-build` version:
# -------------------------------------------
begin
require 'net/http'
uri = URI.parse('https://github.com/go-acme/lego/releases/latest')
Timeout.timeout(3) do
response = Net::HTTP.get_response(uri)
if response['location'] =~ %r{tag\/(v\d+\.\d+\.\d+)}
vtag = $1
tag_version = vtag.sub('v', '')
lego = "https://github.com/go-acme/lego/releases/download/#{vtag}/lego_#{vtag}_linux_amd64.tar.gz"
end
end
rescue
# Abort the chef client process:
raise 'Cannot connect to http://github.com.'
end
directory WORKDIR do
owner USER
group GROUP
mode '755'
end
directory LEGO_DIR do
owner 'root'
group 'root'
mode '755'
end
# バージョン確認して、アップデート必要かどうか確認
result = run_command("lego -v | grep #{tag_version}", error: false)
if result.exit_status != 0
execute "wget #{lego} -O #{TARBALL}" do
user USER
end
execute "tar xf #{TARBALL} -C #{LEGO_DIR}" do
user 'root'
end
file LEGO do
user 'root'
group 'root'
mode '755'
end
link '/usr/local/bin/lego' do
user 'root'
to LEGO
force true
end
end
directory "#{LEGO_STORAGE}" do
user 'root'
group 'root'
mode '755'
end
%w( kazu634 everun ).each do |domain|
encrypted_remote_file "#{LEGO_STORAGE}/#{domain}_run.sh" do
owner 'root'
group 'root'
mode '500'
source "files/#{LEGO_STORAGE}/#{domain}_run.sh"
password ENV['ITAMAE_PASSWORD']
end
execute "#{LEGO_STORAGE}/#{domain}_run.sh" do
user 'root'
cwd LEGO_STORAGE
end
encrypted_remote_file "/etc/cron.d/#{domain}" do
owner 'root'
group 'root'
mode '644'
source "files/etc/cron.d/#{domain}"
password ENV['ITAMAE_PASSWORD']
end
end
remote_file "/etc/lego/dhparams_4096.pem" do
owner 'root'
group 'root'
mode '444'
end
execute "openssl rand 48 > /etc/lego/ticket.key"