From 3ce9889ad3a37cbba279ec5afa5742da5ac4bbc2 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 1 Mar 2026 21:42:42 +0000
Subject: [PATCH] Configure letsencrypt user directly using chef resources

---
 cookbooks/letsencrypt/attributes/default.rb |  1 -
 cookbooks/letsencrypt/recipes/default.rb    | 13 +++++++++++++
 test/data_bags/accounts/letsencrypt.json    |  6 ------
 3 files changed, 13 insertions(+), 7 deletions(-)
 delete mode 100644 cookbooks/letsencrypt/attributes/default.rb
 delete mode 100644 test/data_bags/accounts/letsencrypt.json

diff --git a/cookbooks/letsencrypt/attributes/default.rb b/cookbooks/letsencrypt/attributes/default.rb
deleted file mode 100644
index 21b32a880..000000000
--- a/cookbooks/letsencrypt/attributes/default.rb
+++ /dev/null
@@ -1 +0,0 @@
-default[:accounts][:users][:letsencrypt][:status] = :role
diff --git a/cookbooks/letsencrypt/recipes/default.rb b/cookbooks/letsencrypt/recipes/default.rb
index 3e492f6af..4b70620e5 100644
--- a/cookbooks/letsencrypt/recipes/default.rb
+++ b/cookbooks/letsencrypt/recipes/default.rb
@@ -26,6 +26,19 @@ keys = data_bag_item("chef", "keys")
 
 package "certbot"
 
+group "letsencrypt" do
+  gid 526
+end
+
+user "letsencrypt" do
+  uid 526
+  gid 526
+  comment "Let's Encrypt"
+  home "/srv/acme.openstreetmap.org"
+  shell "/usr/sbin/nologin"
+  manage_home false
+end
+
 directory "/etc/letsencrypt" do
   owner "letsencrypt"
   group "letsencrypt"
diff --git a/test/data_bags/accounts/letsencrypt.json b/test/data_bags/accounts/letsencrypt.json
deleted file mode 100644
index 2b4005a8d..000000000
--- a/test/data_bags/accounts/letsencrypt.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  "id": "letsencrypt",
-  "uid": "526",
-  "comment": "Let's Encrypt",
-  "manage_home": false
-}
-- 
2.39.5