diff --git a/nodes/barnard.kosmos.org.json b/nodes/barnard.kosmos.org.json index d3bec0f..2b4251b 100644 --- a/nodes/barnard.kosmos.org.json +++ b/nodes/barnard.kosmos.org.json @@ -101,6 +101,8 @@ "recipe[kosmos-hubot::hal8000_xmpp]", "recipe[kosmos-hubot::wormhole]", "recipe[sockethub]", - "recipe[sockethub::proxy]" + "recipe[sockethub::proxy]", + "recipe[kosmos-akkounts]", + "recipe[kosmos-akkounts::nginx]" ] -} \ No newline at end of file +} diff --git a/site-cookbooks/kosmos-akkounts/.gitignore b/site-cookbooks/kosmos-akkounts/.gitignore new file mode 100644 index 0000000..9abf29f --- /dev/null +++ b/site-cookbooks/kosmos-akkounts/.gitignore @@ -0,0 +1,22 @@ +.vagrant +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +gems.locked +bin/* +.bundle/* + +# test kitchen +.kitchen/ +kitchen.local.yml + +# Chef +Berksfile.lock +.zero-knife.rb +Policyfile.lock.json diff --git a/site-cookbooks/kosmos-akkounts/CHANGELOG.md b/site-cookbooks/kosmos-akkounts/CHANGELOG.md new file mode 100644 index 0000000..5365d00 --- /dev/null +++ b/site-cookbooks/kosmos-akkounts/CHANGELOG.md @@ -0,0 +1,5 @@ +# kosmos-akkounts CHANGELOG + +# 0.1.0 + +Initial release. diff --git a/site-cookbooks/kosmos-akkounts/LICENSE b/site-cookbooks/kosmos-akkounts/LICENSE new file mode 100644 index 0000000..f3b5d1c --- /dev/null +++ b/site-cookbooks/kosmos-akkounts/LICENSE @@ -0,0 +1,20 @@ +Copyright (c) 2019 Kosmos Developers + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/site-cookbooks/kosmos-akkounts/README.md b/site-cookbooks/kosmos-akkounts/README.md new file mode 100644 index 0000000..2543f80 --- /dev/null +++ b/site-cookbooks/kosmos-akkounts/README.md @@ -0,0 +1,5 @@ +# kosmos-akkounts + +Deploy akkounts-api from GitHub (https://github.com/67P/akkounts-api). It will +run on port 3200. The nginx recipe sets up a reverse proxy and Let's Encrypt +TLS certificate diff --git a/site-cookbooks/kosmos-akkounts/attributes/default.rb b/site-cookbooks/kosmos-akkounts/attributes/default.rb new file mode 100644 index 0000000..692c1ee --- /dev/null +++ b/site-cookbooks/kosmos-akkounts/attributes/default.rb @@ -0,0 +1,3 @@ +node.default['akkounts-api']['revision'] = 'master' +node.default['akkounts-api']['port'] = 3200 +node.default['akkounts-api']['server_name'] = 'api.accounts.kosmos.org' diff --git a/site-cookbooks/kosmos-akkounts/chefignore b/site-cookbooks/kosmos-akkounts/chefignore new file mode 100644 index 0000000..5039e1c --- /dev/null +++ b/site-cookbooks/kosmos-akkounts/chefignore @@ -0,0 +1,110 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +mkmf.log +REVISION +TAGS* +tmtags + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out + +# Testing # +########### +.circleci/* +.codeclimate.yml +.foodcritic +.kitchen* +.rspec +.rubocop.yml +.travis.yml +.watchr +azure-pipelines.yml +examples/* +features/* +Guardfile +kitchen.yml* +Procfile +Rakefile +spec/* +spec/* +spec/fixtures/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Cookbooks # +############# +CHANGELOG* +CONTRIBUTING* +TESTING* +CODE_OF_CONDUCT* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/site-cookbooks/kosmos-akkounts/metadata.rb b/site-cookbooks/kosmos-akkounts/metadata.rb new file mode 100644 index 0000000..c487b0c --- /dev/null +++ b/site-cookbooks/kosmos-akkounts/metadata.rb @@ -0,0 +1,14 @@ +name 'kosmos-akkounts' +maintainer 'Kosmos Developers' +maintainer_email 'mail@kosmos.org' +license 'MIT' +description 'Installs/Configures kosmos-akkounts' +long_description 'Installs/Configures kosmos-akkounts' +version '0.1.0' +chef_version '>= 14.0' + +depends 'application_javascript' +depends 'application_git' +depends 'kosmos-nodejs' +depends 'kosmos-mastodon' +depends 'kosmos-nginx' diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb new file mode 100644 index 0000000..42d01c2 --- /dev/null +++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb @@ -0,0 +1,119 @@ +# +# Cookbook:: kosmos-akkounts +# Recipe:: default +# +# The MIT License (MIT) +# +# Copyright:: 2019, Kosmos Developers +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +include_recipe 'kosmos-nodejs' + +app_name = "akkounts-api" +deploy_user = "deploy" +deploy_group = "deploy" +credentials = Chef::EncryptedDataBagItem.load('credentials', app_name) + +group deploy_group + +user deploy_user do + group deploy_group + manage_home true + shell "/bin/bash" + comment "deploy user" +end + +path_to_deploy = "/opt/#{app_name}" +application path_to_deploy do + owner deploy_user + group deploy_group + + # Take care of application restarts manually, in the git resource + action_on_update false + + git do + user deploy_user + group deploy_group + repository "https://github.com/67P/#{app_name}.git" + revision node[app_name]['revision'] + # Restart service on deployments + notifies :restart, "application[#{path_to_deploy}]", :delayed + end + + npm_install do + user deploy_user + production false # typescript is a dev dependency + end + + execute "compile app" do + command "npm run compile:app" + environment "HOME" => "/home/#{deploy_user}" + user deploy_user + cwd path_to_deploy + end + + execute "systemctl daemon-reload" do + command "systemctl daemon-reload" + action :nothing + end + + smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp') + + template "#{path_to_deploy}/.env" do + source "dotenv.erb" + sensitive true + owner deploy_user + group deploy_group + variables btcpay_url: "https://btcpay.kosmos.org", + btcpay_privkey: credentials["btcpay_privkey"], + btcpay_merchant: "btcpay_merchant", + btcpay_store_id: "btcpay_store_id", + btcpay_webhook_host: "https://btcpay.kosmos.org/webhook", + btcpay_webhook_token: credentials["btcpay_webhook_token"], + smtp_host: "smtp.mailgun.org", + smtp_use_tls: true, + smtp_username: smtp_credentials['user_name'], + smtp_password: smtp_credentials['password'], + mastodon_host: "https://#{node["kosmos-mastodon"]["server_name"]}", + mastodon_auth_token: credentials["mastodon_auth_token"] + mode '0440' + # Restart service when the config changes + notifies :restart, "application[#{path_to_deploy}]", :delayed + end + + template "/lib/systemd/system/#{app_name}.service" do + source 'nodejs.systemd.service.erb' + owner 'root' + group 'root' + mode '0640' + variables( + user: deploy_user, + group: deploy_group, + app_dir: path_to_deploy, + entry: "/usr/bin/env node dist/app/index.js" + ) + notifies :run, "execute[systemctl daemon-reload]", :delayed + notifies :restart, "service[#{app_name}]", :delayed + end + + service app_name do + action [:enable, :start] + end +end diff --git a/site-cookbooks/kosmos-akkounts/recipes/nginx.rb b/site-cookbooks/kosmos-akkounts/recipes/nginx.rb new file mode 100644 index 0000000..9a2b6a4 --- /dev/null +++ b/site-cookbooks/kosmos-akkounts/recipes/nginx.rb @@ -0,0 +1,46 @@ +# +# Cookbook Name:: kosmos-akkounts +# Recipe:: nginx +# +# The MIT License (MIT) +# +# Copyright:: 2019, Kosmos Developers +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +include_recipe "kosmos-nginx" +app_name = "akkounts-api" +server_name = node[app_name]["server_name"] + +template "#{node['nginx']['dir']}/sites-available/#{server_name}" do + source "nginx_conf_#{app_name}.erb" + owner 'www-data' + mode 0640 + variables port: node[app_name]['port'], + server_name: server_name, + ssl_cert: "/etc/letsencrypt/live/#{server_name}/fullchain.pem", + ssl_key: "/etc/letsencrypt/live/#{server_name}/privkey.pem" + notifies :reload, 'service[nginx]', :delayed +end + +nginx_site server_name do + action :enable +end + +nginx_certbot_site server_name diff --git a/site-cookbooks/kosmos-akkounts/templates/dotenv.erb b/site-cookbooks/kosmos-akkounts/templates/dotenv.erb new file mode 100644 index 0000000..15ae3b2 --- /dev/null +++ b/site-cookbooks/kosmos-akkounts/templates/dotenv.erb @@ -0,0 +1,13 @@ +BTCPAY_URL=<%= @btcpay_url %> +BTCPAY_PRIVKEY=<%= @btcpay_privkey %> +BTCPAY_MERCHANT=<%= @btcpay_merchant %> +BTCPAY_STORE_ID=<%= @btcpay_store_id %> +BTCPAY_WEBHOOK_HOST=<%= @btcpay_webhook_host %> +BTCPAY_WEBHOOK_TOKEN=<%= @btcpay_webhook_token %> +SMTP_HOST=<%= @smtp_host %> +SMTP_USE_TLS=true +SMTP_USERNAME=<%= @smtp_username %> +SMTP_PASSWORD=<%= @smtp_password %> +MASTODON_HOST=<%= @mastodon_host %> +MASTODON_AUTH_TOKEN=<%= @mastodon_auth_token %> +PORT=<%= node['akkounts-api']['port'] %> diff --git a/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts-api.erb b/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts-api.erb new file mode 100644 index 0000000..f01fa26 --- /dev/null +++ b/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts-api.erb @@ -0,0 +1,35 @@ +# Generated by Chef +upstream _akkounts { + server localhost:<%= @port %>; +} + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> + listen 443 ssl http2; + add_header Strict-Transport-Security "max-age=15768000"; + + ssl_certificate <%= @ssl_cert %>; + ssl_certificate_key <%= @ssl_key %>; + <% else -%> + listen 80; + <% end -%> + + server_name <%= @server_name %>; + + access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json; + error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn; + + location / { + # Increase number of buffers. Default is 8 + proxy_buffers 1024 8k; + + proxy_pass http://_akkounts; + proxy_http_version 1.1; + } + +} diff --git a/site-cookbooks/kosmos-akkounts/templates/nodejs.systemd.service.erb b/site-cookbooks/kosmos-akkounts/templates/nodejs.systemd.service.erb new file mode 100644 index 0000000..76a74e8 --- /dev/null +++ b/site-cookbooks/kosmos-akkounts/templates/nodejs.systemd.service.erb @@ -0,0 +1,15 @@ +[Unit] +Description=Start nodejs app + +[Service] +ExecStart=<%= @entry %> +WorkingDirectory=<%= @app_dir %> +User=<%= @user %> +Group=<%= @group %> +<% if @environment -%> +Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %> +<% end -%> +Restart=always + +[Install] +WantedBy=multi-user.target