Add cookbook for static asset hosting

Configures assets.kosmos.org, only for webfont hosting for now.
2021-02-25 12:12:41 +01:00 · 2021-02-25 12:12:41 +01:00 · 1c47f9ab27
parent 09f0faadda
commit 1c47f9ab27
4 changed files with 76 additions and 0 deletions
--- a/site-cookbooks/kosmos_assets/attributes/default.rb
+++ b/site-cookbooks/kosmos_assets/attributes/default.rb
@ -0,0 +1,3 @@
+node.default["kosmos_assets"]["domain"] = "assets.kosmos.org"
+node.default["kosmos_assets"]["repo"] = "https://gitea.kosmos.org/kosmos/assets.kosmos.org.git"
+node.default["kosmos_assets"]["revision"] = "master"
--- a/site-cookbooks/kosmos_assets/metadata.rb
+++ b/site-cookbooks/kosmos_assets/metadata.rb
@ -0,0 +1,10 @@
+name 'kosmos_assets'
+maintainer 'Kosmos'
+maintainer_email 'ops@kosmos.org'
+license 'MIT'
+description 'Configures static asset Web hosting'
+long_description 'Configures static asset Web hosting'
+version '1.0.0'
+chef_version '>= 15.10' if respond_to?(:chef_version)
+
+depends "kosmos-nginx"
--- a/site-cookbooks/kosmos_assets/recipes/nginx_site.rb
+++ b/site-cookbooks/kosmos_assets/recipes/nginx_site.rb
@ -0,0 +1,38 @@
+#
+# Cookbook:: kosmos_assets
+# Recipe:: nginx_site
+#
+
+include_recipe "kosmos-nginx"
+
+domain = node["kosmos_assets"]["domain"]
+
+nginx_certbot_site domain
+
+directory "/var/www/#{domain}/site" do
+  user node["nginx"]["user"]
+  group node["nginx"]["group"]
+  mode "0755"
+end
+
+git "/var/www/#{domain}/site" do
+  user node["nginx"]["user"]
+  group node["nginx"]["group"]
+  repository node["kosmos_assets"]["repo"]
+  revision node["kosmos_assets"]["revision"]
+  action :sync
+end
+
+template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
+  source "nginx_conf_assets.erb"
+  owner node["nginx"]["user"]
+  mode 0640
+  variables domain: domain,
+            ssl_cert:    "/etc/letsencrypt/live/#{domain}/fullchain.pem",
+            ssl_key:     "/etc/letsencrypt/live/#{domain}/privkey.pem"
+  notifies :reload, "service[nginx]", :delayed
+end
+
+nginx_site domain do
+  action :enable
+end
--- a/site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb
+++ b/site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb
@ -0,0 +1,25 @@
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+# Generated by Chef
+
+server {
+  listen 443 ssl http2;
+  server_name <%= @domain %>;
+
+  root /var/www/<%= @domain %>/site;
+
+  access_log off;
+  gzip_static on;
+  gzip_comp_level 5;
+
+  location ~* .(css)$ {
+    expires 1d;
+  }
+
+  location ~* .(woff|woff2)$ {
+    expires max;
+  }
+
+  ssl_certificate     <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+}
+<% end -%>