itamae-plugin-recipe-certbot 0.3.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 5cccaf3da15d10f3e88c4f27cfb8e3adc8ec3a1bacdb363bfb80225b23ca8783
+  data.tar.gz: c9aeef2ccdead3d3f240911bbc5b2d6f4073b7da14947ef2768940e7e273a363
+SHA512:
+  metadata.gz: 690846ae3f82a4dc211d7492be1169aebf7883e98a4552f8786835951f6a603e84ae5cc41fafa253a8f525047f9b50ca592880d406d9f4fd6c0377c89140deec
+  data.tar.gz: bd7bbd9fef38484c3f1fbbacc1996aad178e6e596e4c893d50f49c8a607f11da5cc3d7a8d387dd7a10399e489c3f9b6bc46e14178e98b71accce11bba7a83295

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/CHANGELOG.md

@@ -0,0 +1,16 @@
+## Unreleased
+## v0.3.0 - 2023-11-22
+- Rename gem from [`itamae-plugin-recipe-letsencrypt`][prior] to `itamae-plugin-recipe-certbot`
+- Updated Certbot installation
+- Revised certificates getting/updating process
+
+[prior]: https://github.com/hatappi/itamae-plugin-recipe-letsencrypt
+
+## v0.2.1 - 2017/01/10
+- Support Amazon Linux
+
+## v0.2.0 - 2016/12/18
+- Support Standalone Challenge Type
+
+## v0.1.0 - 2016/12/18
+- First release :tada:

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Yusaku Hatanaka (hatappi)
+Copyright (c) 2023 gemmaro
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,60 @@
+# Itamae plugin recipe Certbot
+
+This gem is an [Itamae][] plugin for getting the [Let's Encrypt][le] certificates with [Certbot][].
+
+[Certbot]: https://certbot.eff.org/
+[Itamae]: https://github.com/ryotarai/itamae
+[le]: https://letsencrypt.org/
+
+## Installation
+
+Add this line to your application's `Gemfile`:
+
+```ruby
+gem 'itamae-plugin-recipe-certbot'
+```
+
+And then execute `bundle`.
+Or install it yourself as `gem install itamae-plugin-recipe-certbot`.
+
+## Support
+
+- [Debian GNU/Linux 10 (buster)][buster]
+
+[buster]: https://www.debian.org/releases/buster/
+
+Contributions are welcome for other platforms.
+
+## Usage
+
+### Recipe
+
+```ruby
+include_recipe "certbot::get"
+```
+
+### Node
+
+`node.yml`:
+
+```yaml
+certbot:
+  domains:
+    - test.example.com
+    - test2.example.com
+  email: test@example.com
+  webroot_path: /var/www/example
+```
+
+```shell
+itamae -y node.yml
+```
+
+Other attributes are set to defaults as in `lib/itamae/plugin/recipe/certbot/get.rb`.
+Note that process of the port selected by `challenge_type` needs to be stopped.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License][mit].
+
+[mit]: http://opensource.org/licenses/MIT

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/itamae-plugin-recipe-certbot.gemspec

@@ -0,0 +1,35 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'itamae/plugin/recipe/certbot/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "itamae-plugin-recipe-certbot"
+  spec.version       = Itamae::Plugin::Recipe::Certbot::VERSION
+  spec.authors       = ["Yusaku Hatanaka (hatappi)", "gemmaro"]
+  spec.email         = ["hata.yusaku.1225@gmail.com", "gemmaro.dev@gmail.com"]
+
+  spec.summary       = %q{Itamae plugin to install Certbot}
+  spec.description   = 'Itamae plugin recipe Certbot is a Itamae plugin to install and configure Certbot.'
+  spec.license       = "MIT"
+
+  spec.homepage = 'https://codeberg.org/gemmaro/itamae-plugin-recipe-certbot'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "itamae-plugin-resource-snappy", "~> 0.1.0"
+
+  spec.add_development_dependency "bundler", "~> 1.12"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+
+  spec.metadata = {
+    'rubygems_mfa_required' => 'true',
+    'bug_tracker_uri' => 'https://codeberg.org/gemmaro/itamae-plugin-recipe-certbot/issues',
+    'changelog_uri' => 'https://codeberg.org/gemmaro/itamae-plugin-recipe-certbot/src/branch/main/CHANGELOG.md',
+    'documentation_uri' => 'https://www.rubydoc.info/gems/itamae-plugin-recipe-certbot',
+    'homepage_uri' => spec.homepage,
+    'source_code_uri' => spec.homepage,
+    'wiki_uri' => 'https://codeberg.org/gemmaro/itamae-plugin-recipe-certbot/wiki',
+  }
+end

data/lib/itamae/plugin/recipe/certbot/command.rb

@@ -0,0 +1,13 @@
+node.reverse_merge!(
+  certbot: {
+    command: '/usr/bin/certbot',
+  }
+)
+
+node.validate! do
+  {
+    certbot: {
+      command: string,
+    }
+  }
+end

data/lib/itamae/plugin/recipe/certbot/cron.rb

@@ -0,0 +1,38 @@
+include_recipe 'command'
+
+node.reverse_merge!(
+  certbot: {
+    cron: {
+      user: 'root',
+      file_path: '/etc/cron.d/itamae-certbot',
+    },
+  }
+)
+
+node.validate! do
+  {
+    certbot: {
+      cron: {
+        user: string,
+        file_path: string,
+      },
+    }
+  }
+end
+
+template node[:certbot][:cron][:file_path] do
+  variables user: node[:certbot][:cron][:user],
+            command: node[:certbot][:command]
+  source 'templates/etc/cron.d/itamae-certbot.erb'
+end
+
+service_name = case node[:platform]
+               when 'amazon'
+                 'crond'
+               else
+                 'cron'
+               end
+
+service service_name do
+  action :start
+end

data/lib/itamae/plugin/recipe/certbot/get.rb

@@ -0,0 +1,63 @@
+require 'shellwords'
+
+include_recipe 'command'
+
+node.reverse_merge!(
+  certbot: {
+    challenge_type: 'http-01',
+    authenticator: 'standalone',
+    debug_mode: false,
+    snappy_executable: '/snap/bin/certbot',
+    live_dir: '/etc/letsencrypt/live',
+  }
+)
+
+node.validate! do
+  {
+    certbot: {
+      challenge_type: string,
+      authenticator: string,
+      debug_mode: boolean,
+      snappy_executable: string,
+      live_dir: string,
+
+      domains: array_of(string),
+      email: string,
+      webroot_path: optional(string),
+    }
+  }
+end
+
+package 'snapd'
+
+snappy 'certbot' do
+  classic true
+end
+
+link node[:certbot][:command] do
+  to node[:certbot][:snappy_executable]
+end
+
+# get each domain certificate
+node[:certbot][:domains].each do |domain|
+  execute "get #{domain} certificate" do
+    cmd = [
+      node[:certbot][:command],
+      'certonly',
+      '--agree-tos',
+      "--domain", domain,
+      "-m", node[:certbot][:email],
+      '-n', # Run non-interactively
+      '--keep',
+      "--authenticator", node[:certbot][:authenticator],
+      "--preferred-challenges", node[:certbot][:challenge_type],
+    ]
+    cmd += ["--webroot", node[:certbot][:webroot_path]] if node[:certbot][:webroot_path]
+    cmd << '--debug' if node[:certbot][:debug_mode]
+    command cmd.shelljoin
+
+    dir = File.join(node[:certbot][:live_dir], domain)
+    exists = ["test", "-d", dir].shelljoin
+    not_if exists
+  end
+end

data/lib/itamae/plugin/recipe/certbot/templates/etc/cron.d/itamae-certbot.erb

@@ -0,0 +1,3 @@
+# DO NOT EDIT
+# BECAUSE THIS CRON CREATE BY itamae-plugin-recipe-certbot
+0 0 1 * * <%= @user %> <%= @command %> renew

data/lib/itamae/plugin/recipe/certbot/version.rb

@@ -0,0 +1,9 @@
+module Itamae
+  module Plugin
+    module Recipe
+      module Certbot
+        VERSION = "0.3.0"
+      end
+    end
+  end
+end

data/lib/itamae/plugin/recipe/certbot.rb

@@ -0,0 +1 @@
+require "itamae/plugin/recipe/certbot/version"

metadata

@@ -0,0 +1,122 @@
+--- !ruby/object:Gem::Specification
+name: itamae-plugin-recipe-certbot
+version: !ruby/object:Gem::Version
+  version: 0.3.0
+platform: ruby
+authors:
+- Yusaku Hatanaka (hatappi)
+- gemmaro
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-11-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: itamae-plugin-resource-snappy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: Itamae plugin recipe Certbot is a Itamae plugin to install and configure
+  Certbot.
+email:
+- hata.yusaku.1225@gmail.com
+- gemmaro.dev@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- CHANGELOG.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- itamae-plugin-recipe-certbot.gemspec
+- lib/itamae/plugin/recipe/certbot.rb
+- lib/itamae/plugin/recipe/certbot/command.rb
+- lib/itamae/plugin/recipe/certbot/cron.rb
+- lib/itamae/plugin/recipe/certbot/get.rb
+- lib/itamae/plugin/recipe/certbot/templates/etc/cron.d/itamae-certbot.erb
+- lib/itamae/plugin/recipe/certbot/version.rb
+homepage: https://codeberg.org/gemmaro/itamae-plugin-recipe-certbot
+licenses:
+- MIT
+metadata:
+  rubygems_mfa_required: 'true'
+  bug_tracker_uri: https://codeberg.org/gemmaro/itamae-plugin-recipe-certbot/issues
+  changelog_uri: https://codeberg.org/gemmaro/itamae-plugin-recipe-certbot/src/branch/main/CHANGELOG.md
+  documentation_uri: https://www.rubydoc.info/gems/itamae-plugin-recipe-certbot
+  homepage_uri: https://codeberg.org/gemmaro/itamae-plugin-recipe-certbot
+  source_code_uri: https://codeberg.org/gemmaro/itamae-plugin-recipe-certbot
+  wiki_uri: https://codeberg.org/gemmaro/itamae-plugin-recipe-certbot/wiki
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.26
+signing_key:
+specification_version: 4
+summary: Itamae plugin to install Certbot
+test_files: []