From 1362da0add1cf7a634469c0c7c8b6678d6e63a1f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A2u=20Cao?= <raucao@kip.pe>
Date: Wed, 26 Jul 2023 15:57:08 +0200
Subject: [PATCH] Migrate RS Discourse proxy to openresty

---
 nodes/draco.kosmos.org.json                   |  1 +
 roles/openresty_proxy.rb                      |  2 +-
 .../attributes/default.rb                     |  2 --
 .../remotestorage_discourse/metadata.rb       |  8 ++++--
 .../remotestorage_discourse/recipes/nginx.rb  | 28 ++++++++++++++++++-
 .../templates/nginx_conf.erb                  |  8 ++----
 6 files changed, 37 insertions(+), 12 deletions(-)

diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json
index a0b0128..c4383f5 100644
--- a/nodes/draco.kosmos.org.json
+++ b/nodes/draco.kosmos.org.json
@@ -49,6 +49,7 @@
       "kosmos-akkounts::nginx_api",
       "kosmos-bitcoin::nginx_lndhub",
       "kosmos-mastodon::nginx",
+      "remotestorage_discourse::nginx",
       "kosmos_encfs",
       "kosmos_encfs::default",
       "kosmos-ejabberd::firewall",
diff --git a/roles/openresty_proxy.rb b/roles/openresty_proxy.rb
index 0f59edc..5f379f0 100644
--- a/roles/openresty_proxy.rb
+++ b/roles/openresty_proxy.rb
@@ -29,7 +29,6 @@ default_run_list = %w(
   kosmos-hubot::nginx_botka_irc-libera-chat
   kosmos-hubot::nginx_hal8000_xmpp
   kosmos-ipfs::nginx_public_gateway
-  remotestorage_discourse::nginx
 )
 
 production_run_list = %w(
@@ -45,6 +44,7 @@ production_run_list = %w(
   kosmos-akkounts::nginx_api
   kosmos-bitcoin::nginx_lndhub
   kosmos-mastodon::nginx
+  remotestorage_discourse::nginx
 )
 
 env_run_lists(
diff --git a/site-cookbooks/remotestorage_discourse/attributes/default.rb b/site-cookbooks/remotestorage_discourse/attributes/default.rb
index 59beba8..e69de29 100644
--- a/site-cookbooks/remotestorage_discourse/attributes/default.rb
+++ b/site-cookbooks/remotestorage_discourse/attributes/default.rb
@@ -1,2 +0,0 @@
-node.override['discourse']['domain'] = "community.remotestorage.io"
-node.override['discourse']['role'] = "remotestorage_discourse"
diff --git a/site-cookbooks/remotestorage_discourse/metadata.rb b/site-cookbooks/remotestorage_discourse/metadata.rb
index f0de442..42f41e6 100644
--- a/site-cookbooks/remotestorage_discourse/metadata.rb
+++ b/site-cookbooks/remotestorage_discourse/metadata.rb
@@ -2,9 +2,11 @@ name 'remotestorage_discourse'
 maintainer 'Kosmos Developers'
 maintainer_email 'mail@kosmos.org'
 license 'MIT'
-description 'Installs/Configures discourse'
-long_description 'Installs/Configures discourse'
-version '0.1.0'
+description 'Installs/configures Discourse'
+long_description 'Installs/configures Discourse'
+version '0.2.0'
 chef_version '>= 14.0'
 
 depends 'discourse'
+depends 'firewall'
+depends 'kosmos_openresty'
diff --git a/site-cookbooks/remotestorage_discourse/recipes/nginx.rb b/site-cookbooks/remotestorage_discourse/recipes/nginx.rb
index 937a70e..ac3f842 100644
--- a/site-cookbooks/remotestorage_discourse/recipes/nginx.rb
+++ b/site-cookbooks/remotestorage_discourse/recipes/nginx.rb
@@ -3,4 +3,30 @@
 # Recipe:: nginx
 #
 
-include_recipe "discourse::nginx"
+domain = "community.remotestorage.io"
+discourse_role = "remotestorage_discourse"
+
+upstream_ip_addresses = []
+search(:node, "role:#{discourse_role}").each do |n|
+  upstream_ip_addresses << n["knife_zero"]["host"]
+end
+# No Discourse host, stop here
+if upstream_ip_addresses.empty?
+  Chef::Log.warn("No server with '#{discourse_role}' role. Stopping here.")
+  return
+end
+
+tls_cert_for domain do
+  auth "gandi_dns"
+  action :create
+end
+
+openresty_site domain do
+  template "nginx_conf.erb"
+  variables server_name:           domain,
+            ssl_cert:              "/etc/letsencrypt/live/#{domain}/fullchain.pem",
+            ssl_key:               "/etc/letsencrypt/live/#{domain}/privkey.pem",
+            upstream_port:         node['discourse']['port'],
+            upstream_name:         discourse_role,
+            upstream_ip_addresses: upstream_ip_addresses
+end
diff --git a/site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb b/site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb
index 9db6621..7e2618c 100644
--- a/site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb
+++ b/site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb
@@ -1,14 +1,13 @@
 # Generated by Chef
-upstream _discourse {
+upstream _rs_discourse {
   <% @upstream_ip_addresses.each do |upstream_ip_address| -%>
   server   <%= upstream_ip_address %>:<%= @upstream_port %>;
   <% end -%>
 }
 
-<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
 server {
   server_name <%= @server_name %>;
-  listen 443 ssl http2;
+  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
   listen [::]:443 ssl http2;
 
   ssl_certificate     <%= @ssl_cert %>;
@@ -28,8 +27,7 @@ server {
 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
-    proxy_pass http://_discourse;
+    proxy_pass http://_rs_discourse;
     proxy_http_version 1.1;
   }
 }
-<% end -%>