Create nginx_proxy role
Used to configure hosts entries in the Gitea and Drone VMs, as well as the allowed webhooks config for Gitea.
This commit is contained in:
parent
b270a2c1fd
commit
0a953070fe
|
@ -65,8 +65,6 @@
|
|||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"recipe[kosmos_kvm::host]",
|
||||
"recipe[kosmos_discourse::nginx]",
|
||||
"recipe[kosmos_gitea::nginx]",
|
||||
"recipe[kosmos_drone::nginx]"
|
||||
"role[nginx_proxy]"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
name "nginx_proxy"
|
||||
|
||||
default_run_list = %w(
|
||||
kosmos_discourse::nginx
|
||||
kosmos_gitea::nginx
|
||||
kosmos_drone::nginx
|
||||
)
|
||||
|
||||
env_run_lists(
|
||||
'_default' => default_run_list,
|
||||
'development' => [],
|
||||
'production' => default_run_list
|
||||
)
|
|
@ -55,9 +55,24 @@ systemd_unit "drone.service" do
|
|||
action [:create, :enable, :start]
|
||||
end
|
||||
|
||||
nginx_proxy_ip_addresses = []
|
||||
search(:node, "role:nginx_proxy").each do |node|
|
||||
nginx_proxy_ip_addresses << node["knife_zero"]["host"]
|
||||
end
|
||||
|
||||
nginx_proxy_ip_addresses.each do |ip_address|
|
||||
IPAddr.new ip_address
|
||||
hostsfile_entry ip_address do
|
||||
hostname 'gitea.kosmos.org'
|
||||
action :create
|
||||
end
|
||||
rescue IPAddr::InvalidAddressError
|
||||
next
|
||||
end
|
||||
|
||||
firewall_rule 'drone' do
|
||||
port [node["kosmos_drone"]["upstream_port"]]
|
||||
source "10.1.1.0/24"
|
||||
source "10.1.1.0/24" # TODO only allow nginx proxy IPs
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
|
|
|
@ -60,6 +60,27 @@ directory config_directory do
|
|||
mode "0750"
|
||||
end
|
||||
|
||||
nginx_proxy_ip_addresses = []
|
||||
search(:node, "role:nginx_proxy").each do |node|
|
||||
nginx_proxy_ip_addresses << node["knife_zero"]["host"]
|
||||
end
|
||||
|
||||
node.default["kosmos_gitea"]["config"] = {
|
||||
"webhook": {
|
||||
"allowed_host_list" => "external,#{nginx_proxy_ip_addresses.join(",")}"
|
||||
}
|
||||
}
|
||||
|
||||
nginx_proxy_ip_addresses.each do |ip_address|
|
||||
IPAddr.new ip_address
|
||||
hostsfile_entry ip_address do
|
||||
hostname 'drone.kosmos.org'
|
||||
action :create
|
||||
end
|
||||
rescue IPAddr::InvalidAddressError
|
||||
next
|
||||
end
|
||||
|
||||
template "#{config_directory}/app.ini" do
|
||||
source "app.ini.erb"
|
||||
owner "git"
|
||||
|
@ -79,7 +100,7 @@ template "#{config_directory}/app.ini" do
|
|||
smtp_host: smtp_credentials["relayhost"],
|
||||
smtp_user: smtp_credentials["user_name"],
|
||||
smtp_password: smtp_credentials["password"],
|
||||
config: node["kosmos_gitea"]["config"]
|
||||
config: node.default["kosmos_gitea"]["config"]
|
||||
notifies :restart, "service[gitea]", :delayed
|
||||
end
|
||||
|
||||
|
@ -109,7 +130,7 @@ end
|
|||
|
||||
firewall_rule 'gitea' do
|
||||
port [node["kosmos_gitea"]["port"]]
|
||||
source "10.1.1.0/24"
|
||||
source "10.1.1.0/24" # TODO only allow nginx proxy IPs
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue