kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Create nginx_proxy role

Browse Source 
Used to configure hosts entries in the Gitea and Drone VMs, as well as
the allowed webhooks config for Gitea.
This commit is contained in:
Basti 2022-03-12 15:37:38 -06:00
parent b270a2c1fd
commit 0a953070fe
Signed by untrusted user: basti
GPG Key ID: 9F88009D31D99C72
4 changed files with 54 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nodes/fornax.kosmos.org.json
View File

@ -65,8 +65,6 @@
"run_list": [ "run_list": [
"recipe[kosmos-base]", "recipe[kosmos-base]",
"recipe[kosmos_kvm::host]", "recipe[kosmos_kvm::host]",
"recipe[kosmos_discourse::nginx]", "role[nginx_proxy]"
"recipe[kosmos_gitea::nginx]",
"recipe[kosmos_drone::nginx]"
] ]
} }

13
roles/nginx_proxy.rb Normal file
View File

@ -0,0 +1,13 @@
name "nginx_proxy"
default_run_list = %w(
kosmos_discourse::nginx
kosmos_gitea::nginx
kosmos_drone::nginx
)
env_run_lists(
'_default' => default_run_list,
'development' => [],
'production' => default_run_list
)

17
site-cookbooks/kosmos_drone/recipes/default.rb
View File

@ -55,9 +55,24 @@ systemd_unit "drone.service" do
action [:create, :enable, :start] action [:create, :enable, :start]
end end
nginx_proxy_ip_addresses = []
search(:node, "role:nginx_proxy").each do |node|
nginx_proxy_ip_addresses << node["knife_zero"]["host"]
end
nginx_proxy_ip_addresses.each do |ip_address|
IPAddr.new ip_address
hostsfile_entry ip_address do
hostname 'gitea.kosmos.org'
action :create
end
rescue IPAddr::InvalidAddressError
next
end
firewall_rule 'drone' do firewall_rule 'drone' do
port [node["kosmos_drone"]["upstream_port"]] port [node["kosmos_drone"]["upstream_port"]]
source "10.1.1.0/24" source "10.1.1.0/24" # TODO only allow nginx proxy IPs
protocol :tcp protocol :tcp
command :allow command :allow
end end

25
site-cookbooks/kosmos_gitea/recipes/default.rb
View File

@ -60,6 +60,27 @@ directory config_directory do
mode "0750" mode "0750"
end end
nginx_proxy_ip_addresses = []
search(:node, "role:nginx_proxy").each do |node|
nginx_proxy_ip_addresses << node["knife_zero"]["host"]
end
node.default["kosmos_gitea"]["config"] = {
"webhook": {
"allowed_host_list" => "external,#{nginx_proxy_ip_addresses.join(",")}"
}
}
nginx_proxy_ip_addresses.each do |ip_address|
IPAddr.new ip_address
hostsfile_entry ip_address do
hostname 'drone.kosmos.org'
action :create
end
rescue IPAddr::InvalidAddressError
next
end
template "#{config_directory}/app.ini" do template "#{config_directory}/app.ini" do
source "app.ini.erb" source "app.ini.erb"
owner "git" owner "git"
@ -79,7 +100,7 @@ template "#{config_directory}/app.ini" do
smtp_host: smtp_credentials["relayhost"], smtp_host: smtp_credentials["relayhost"],
smtp_user: smtp_credentials["user_name"], smtp_user: smtp_credentials["user_name"],
smtp_password: smtp_credentials["password"], smtp_password: smtp_credentials["password"],
config: node["kosmos_gitea"]["config"] config: node.default["kosmos_gitea"]["config"]
notifies :restart, "service[gitea]", :delayed notifies :restart, "service[gitea]", :delayed
end end
@ -109,7 +130,7 @@ end
firewall_rule 'gitea' do firewall_rule 'gitea' do
port [node["kosmos_gitea"]["port"]] port [node["kosmos_gitea"]["port"]]
source "10.1.1.0/24" source "10.1.1.0/24" # TODO only allow nginx proxy IPs
protocol :tcp protocol :tcp
command :allow command :allow
end end