Create nginx_proxy role

Used to configure hosts entries in the Gitea and Drone VMs, as well as
the allowed webhooks config for Gitea.

site-cookbooks/kosmos_drone/recipes/default.rb

@@ -55,9 +55,24 @@ systemd_unit "drone.service" do
   action [:create, :enable, :start]
 end
 
+nginx_proxy_ip_addresses = []
+search(:node, "role:nginx_proxy").each do |node|
+  nginx_proxy_ip_addresses << node["knife_zero"]["host"]
+end
+
+nginx_proxy_ip_addresses.each do |ip_address|
+  IPAddr.new ip_address
+  hostsfile_entry ip_address do
+    hostname 'gitea.kosmos.org'
+    action :create
+  end
+rescue IPAddr::InvalidAddressError
+  next
+end
+
 firewall_rule 'drone' do
   port     [node["kosmos_drone"]["upstream_port"]]
-  source   "10.1.1.0/24"
+  source   "10.1.1.0/24" # TODO only allow nginx proxy IPs
   protocol :tcp
   command  :allow
 end