Switch trac to letsencrypt

[chef.git] / cookbooks / trac / recipes / default.rb

diff --git a/cookbooks/trac/recipes/default.rb b/cookbooks/trac/recipes/default.rb
index 70213e899982afbd9511ce03d1b047db39419c7d..551f28e71c0470aacfafc5a16e64b9e4fc98ae9c 100644 (file)
--- a/cookbooks/trac/recipes/default.rb
+++ b/cookbooks/trac/recipes/default.rb
@@ -30,7 +30,7 @@ template "/var/lib/trac/conf/trac.ini" do
   source "trac.ini.erb"
   owner "trac"
   group "www-data"
-  mode 0644
+  mode 0o644
   variables :name => site_name
 end
 
@@ -38,10 +38,10 @@ remote_directory "/var/lib/trac/htdocs" do
   source "htdocs"
   owner "trac"
   group "trac"
-  mode 0755
+  mode 0o755
   files_owner "trac"
   files_group "trac"
-  files_mode 0644
+  files_mode 0o644
   purge true
 end
 
@@ -49,10 +49,10 @@ remote_directory "/var/lib/trac/templates" do
   source "templates"
   owner "trac"
   group "trac"
-  mode 0755
+  mode 0o755
   files_owner "trac"
   files_group "trac"
-  files_mode 0644
+  files_mode 0o644
   purge true
 end
 
@@ -60,17 +60,23 @@ execute "trac-deploy-#{site_name}" do
   command "trac-admin /var/lib/trac deploy #{site_directory}"
   user "root"
   group "root"
-  not_if { File.exists?(site_directory) }
+  not_if { File.exist?(site_directory) }
 end
 
 cookbook_file "/usr/local/bin/trac-authenticate" do
   owner "root"
   group "root"
-  mode 0755
+  mode 0o755
 end
 
 apache_module "wsgi"
 
+ssl_certificate "trac.openstreetmap.org" do
+  domains "trac.openstreetmap.org"
+  fallback_certificate "openstreetmap"
+  notifies :reload, "service[apache2]"
+end
+
 apache_site site_name do
   template "apache.erb"
   directory site_directory
@@ -81,5 +87,12 @@ template "/etc/sudoers.d/trac" do
   source "sudoers.erb"
   owner "root"
   group "root"
-  mode 0440
+  mode 0o440
+end
+
+template "/etc/cron.daily/trac-backup" do
+  source "backup.cron.erb"
+  owner "root"
+  group "root"
+  mode 0o755
 end