Merge branch 'master' into feature/7-ejabberd_rebased_2
This commit is contained in:
commit
3884f9922e
@ -55,4 +55,4 @@ cookbook 'homebrew', '= 3.0.0'
|
||||
cookbook 'mariadb', '= 0.3.1'
|
||||
cookbook 'ipfs',
|
||||
git: 'https://github.com/67P/ipfs-cookbook.git',
|
||||
ref: 'v0.1.2'
|
||||
ref: 'feature/reduce_memory_usage'
|
||||
|
@ -19,8 +19,8 @@ DEPENDENCIES
|
||||
hostsfile (= 2.4.5)
|
||||
ipfs
|
||||
git: https://github.com/67P/ipfs-cookbook.git
|
||||
revision: 78d3edfd78c56a25494ac84528e152762f38b3be
|
||||
ref: v0.1.2
|
||||
revision: 5aa50ecc7eca5c7f113492057ca3bc8158e5154c
|
||||
ref: feature
|
||||
logrotate (= 2.2.0)
|
||||
mariadb (= 0.3.1)
|
||||
mediawiki
|
||||
@ -100,7 +100,7 @@ GRAPH
|
||||
hostname (0.4.2)
|
||||
hostsfile (>= 0.0.0)
|
||||
hostsfile (2.4.5)
|
||||
ipfs (0.1.2)
|
||||
ipfs (0.1.3)
|
||||
ark (>= 0.0.0)
|
||||
logrotate (2.2.0)
|
||||
mariadb (0.3.1)
|
||||
|
@ -1,33 +1,31 @@
|
||||
{
|
||||
"id": "hal8000_freenode",
|
||||
"nickserv_password": {
|
||||
"encrypted_data": "wVOuYDPJAjWN/Un+cB/bpKD7gJ4FOOfY6xSTwpOutMD+KmhgjEX4Z99G9rwv\nmeFoBiO3Z9O+C1BeIf3YGAgWnfBgNS5eRnGAxhkzsVyvpyo=\n",
|
||||
"iv": "26SarumevOdpdim4omgXng==\n",
|
||||
"version": 1,
|
||||
"cipher": "aes-256-cbc"
|
||||
},
|
||||
"rs_logger_token": {
|
||||
"encrypted_data": "A3z2klmsLGwmJmB4eMVKJu5yC2mjaQii7SAuYBSl/hVtrrWDqlqR5N6vqHSv\nMWoXhptuF+RBOL7wgg0DN08B8A==\n",
|
||||
"iv": "hpQA2RgJhHytnvoxgsuAhw==\n",
|
||||
"version": 1,
|
||||
"cipher": "aes-256-cbc"
|
||||
"encrypted_data": "rkCsvjS6EipHlxgxPdSiPVl6CCyjyy845P2ftSykmIW0+fxahTSOxbSMYJl8\n1DW6Go88ZE+eKKWIugp2nWDS+5Pnx58I\n",
|
||||
"iv": "EvNcR0eqpZngoNJx\n",
|
||||
"auth_tag": "kKFPUuff8llgVZYROTg/EA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"webhook_token": {
|
||||
"encrypted_data": "w/cC18Wte2w2j1mU9SkeepRxOm4zBgZKd7djU6N1t3i7YgjEhHMPeQmD4m8f\nxhes\n",
|
||||
"iv": "dqFAa3sXHLePuH26YrJUxw==\n",
|
||||
"version": 1,
|
||||
"cipher": "aes-256-cbc"
|
||||
"encrypted_data": "ItDsU9w6HCGS7ykQdkZEXQEZzPEt6bW42Fbh00AtZz+h7JmQ\n",
|
||||
"iv": "OdaAg/XoUMIEfQEQ\n",
|
||||
"auth_tag": "9ThqnVhWEZbo4jF4lqa5TA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"kredits_webhook_token": {
|
||||
"encrypted_data": "mBESEC0w2Q2wf8LRtHUtKAPDkqqt/xTjtoKCXVbu92xJedCccS51qZNcHp69\nw64Y\n",
|
||||
"iv": "iZX6EzyyFkTHvJ6nnUWT6Q==\n",
|
||||
"version": 1,
|
||||
"cipher": "aes-256-cbc"
|
||||
"encrypted_data": "kUp4XAQkwWFphQT1f4wsGVJJtmhBqrEiW6W1D1ONrpZ0z94=\n",
|
||||
"iv": "XiGtQlKn4BvAeaS1\n",
|
||||
"auth_tag": "1hkTI7ccxBN4/6U4VF19WQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"kredits_wallet_password": {
|
||||
"encrypted_data": "6Lq61jWP1oRSLiI0JucQtCdGnPFeJOYpSMZ9nw6oIkWEFbdMXnrEnKNxYJax\n0abI\n",
|
||||
"iv": "XMDv5T30HTK/BhsR1lH79g==\n",
|
||||
"version": 1,
|
||||
"cipher": "aes-256-cbc"
|
||||
"encrypted_data": "mKcJBPto0OdPpBXB5x3ynxq01DA2CEz476lTAgjGjTNDHQ==\n",
|
||||
"iv": "LIvTZ+fx1suOcnjD\n",
|
||||
"auth_tag": "mcjLU242nqtNn5XR7ku4BQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
}
|
||||
}
|
31
data_bags/credentials/hal8000_xmpp.json
Normal file
31
data_bags/credentials/hal8000_xmpp.json
Normal file
@ -0,0 +1,31 @@
|
||||
{
|
||||
"id": "hal8000_xmpp",
|
||||
"xmpp_password": {
|
||||
"encrypted_data": "7pE9C6Tdjeg7ZFjtwzgPzC4ekSgPzN18A5ia5awJnKA=\n",
|
||||
"iv": "p3RqfadD1sPKEof3\n",
|
||||
"auth_tag": "4zYf0anagoLn5bF3Rt95BQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"webhook_token": {
|
||||
"encrypted_data": "T6zu7cd5/PXZP56PwjIo5XIjUOJQQSvobvgIekCIB3SgyWQr\n",
|
||||
"iv": "LwCkuGJP2eZC8S4Y\n",
|
||||
"auth_tag": "qH5ckddELQR32z3oYxELMg==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"kredits_webhook_token": {
|
||||
"encrypted_data": "W6xJKRCsoX6qY3QJW/kR5I7Y9LNS1L5zB6X1oLzE71soQ/Y=\n",
|
||||
"iv": "Piw00LKQysN3AVJN\n",
|
||||
"auth_tag": "BwH/mJoBtqhA5wNXwFUM6w==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"kredits_wallet_password": {
|
||||
"encrypted_data": "dFKch6Gjt9oN21w15EeHvho1/f7+mZlKe/aOtoHJtmCgbw==\n",
|
||||
"iv": "GCueL9BRmLFqlmDw\n",
|
||||
"auth_tag": "Yq3nOeQenXz+c6VoLhZbQw==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
}
|
||||
}
|
24
data_bags/credentials/kredits-github.json
Normal file
24
data_bags/credentials/kredits-github.json
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"id": "kredits-github",
|
||||
"app_id": {
|
||||
"encrypted_data": "DVvsNFAlZIO1NMmo1dVbA05MYdyJfPG9\n",
|
||||
"iv": "JP4lpX3pFT8l43Hl\n",
|
||||
"auth_tag": "EncRbtgQigRvLIfbMS+IxQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"private_key": {
|
||||
"encrypted_data": "nV2ecoeWtL/TIM9grbsDAVh34gkaE/bJFc7qebUA9fOU40eeC7xMQst9pBZ+\nIfok2Y4Q0+ABQEKTrilfhSAOA+Hck66W2k1oNdCKXRcNb40T0Y01L77nNdzO\n0b6+uzopQ9oe2M5PF283gk8JWWQV9qED4eKpXEyU8prooA26KabXSrnsMESU\nIztULMsHNhUbDPHBRiEA6q/YUKlw8R++Sh9BcOjjeAEK+pueiARDh+yNMfJV\nomZRWfqncLlryDY6g+hbWEy5Oh+uMD8Th7zhbO//5dPOP1T6ZJjzHfhVQw+v\ng8txFD505yCBKiv70K4cHy9dF+ExFzJBcgr42gJ60gzShemZywAxOCDIc2yz\nFSEVwxGlxYRs5PLHhOT+KCaDzE7w5JmHDyMzv0j+IJnUtPPeInUUI9CNw42F\nmXygqGaY2BmJXAqYtCqEeMsZBtXijqu3TY3mmqxudupxethRrXZ9uZ0I3Ohf\nw6BCnqTw/sT3JkBxtNRQeEQvF+2G8ysXyLujkbqAyWiT+fCmS14FhisEOr8H\n6ojfRGb5iHHScG5wTwXn6tr4de9jjVk5Hrth3Rj46ZImMd1lzROPYyIcWFlS\no57Y3nmF6j7pjDBz++nInnpGlzPG+17sG4OSp6t0t93Vwkr8q9WNQjLo0Jqc\nLNaziU1ke3g+ZpKnHhUwJ2sCyVk4xvVD98hx4lhwCPzKghGQhWu6Vo2YfN79\nhSMjNw5N/3WFxdb5EuF4vYWOFitBvogPkAusZjrexlhUmGIS2qf+jlKvo6yD\nIl8CrCYZttj1UnyCuDmftIXTY9/7czBDQgq+vHlT33e7hNLHD7tFDeTEaz0t\nS+/I0+BgEnKv7aQHSSKExg3ZNc86yqfREKNsKxf4O6YiceBP7r/0qqFR6VBH\nIOQpUwK2e6cv70VmmtoEIjIpRZIOScrVVc1w2QlCj7xH9WfdEG9GSft3uHqd\nqbpegChVNuq2tEq7DoAC8ednjzbYdka4bpGJCqF6zm1c48WaL0G6VBLioi/r\nwFhCNi6AOEYkX0v3wovxME1aodfzBiu1Q6nEuzflZthr+1zERZXXaXY59VZ8\nqzWnLd5Xd/SxvvODY67fdykP90Kn94Xf+6XD9r72ch3S3ZqoWi66YFyqZ5Aa\n0LVKK+nCUwlGWjdgzcEcGx5OOyvbqm2VVnwWo2HuVk/iTzkrppF9y5nvFWUc\n6FfDdGWytkmzRH3KBZ9GKqgrIrswUmsSoIHESugVouJ+QfbFZZLLQS/0p4wH\nPFT8H8GSUvg8CEbap4JRW3R/+yspqSXipfIH5TrKr6NkyggWSE7EMNYq41eU\nuFWtwqX/z8x0SVVo+thAXkgg7KcZrZ9W4LdSGnfrx90QGZ0/K9Xs27pPY8R1\nSUNpaUc3S4Vxt28ualRBksuiIXT9AJGPGQf5UOgpOzBmDFw0GSjZdzz33tLL\n49Ymktapc6mC1FCxkJO3e+pI/I34+FcD9oiVea5v0Gg1cuuZInGJBYrq0PBE\nTaz0w2e8X/eQ2fVnQlUgmHlPcOugtoK8sLEO2+HDyBmIx9ypCfqFo6tu+MHG\nZTRp1GFmifYKUMnGvyxgo7mMFuSJtzgF/UR4PddbfX9yFAxPUTzM2Ba4s9um\nBZXKQoQB/dS9wXhmZVme9Yjq/D1d8w3wosSOcDV3apNerDxegbFqt8ugYbtQ\nmy35aHCXU560Xi1uyWBggRXsoWSsb3RZhNbTz6vsvsly9kj6pSUtxbAiwvwI\nrZuGwvNUgYHdXaHdQAqyCAiIF3KJfQGTyk2di26BZ3K8eTnP3tKbTT157Adf\nOt4e+sHhfmacjmXN9FFuOlLddOk45Y7YSRDwGgqS3NqTSo21GAPBSDqfwqkr\neG76OKxoijCMYeJQ6h0lqh8lXYO5h376BdbUMvZfiy8PzkfbCZ9j45b/jHQD\n8CSWz+T8LmQM4Mg69MZn3zAYOSrPQj9DMbwuQshqe19qRlrexRRemWATvkSO\nYchQJ2891WGn7WZ2vrd9VpEdiXdC6JmCpDfoBBJ3JcaknTrNx7VBPc/48rli\nIlso0fzzxTGIrJjFbYL38Br20/qZcXzOO+YJXuHY+n5vuZ2870yPck4r1vUX\n6HSRALY768YGSLNWwfg9sDfbOcpfxKrnrNJxF5Nz7cGN63CKm1e6GZG+vSX+\nNBkumwPGyUWtLJO+JE8l6yivOZeq01W+XOjSh8NzrQJ3Tt2XVhuqWy+ruXS0\nA9O2/tdI2pu0ed63TVaWL/ULYrfXtHtCOYyjc5ulIwX7+L9LXU2I9zmycp0u\n3eR50MpHBgGSCyk=\n",
|
||||
"iv": "IlCQ6yNhvGFeTJlP\n",
|
||||
"auth_tag": "bItEhCOGVHB2HMzWKuyExg==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"webhook_secret": {
|
||||
"encrypted_data": "5aUw9uwoX7BmUXCXLjJ82VtEOAAaneldYMUnv2XJqL+XUNokmdf/tQwTjI7R\n8Ov1+sXCp2R073apPUk=\n",
|
||||
"iv": "6VeynEodre6uhBE7\n",
|
||||
"auth_tag": "kRGFN3q+N0NKPwoLRrtgtw==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
}
|
||||
}
|
@ -8,7 +8,8 @@
|
||||
"kosmos-mediawiki",
|
||||
"sockethub",
|
||||
"sockethub::proxy",
|
||||
"kosmos-btcpayserver::proxy"
|
||||
"kosmos-btcpayserver::proxy",
|
||||
"role[mastodon]"
|
||||
],
|
||||
"normal": {
|
||||
"postgresql": {
|
||||
|
13
nodes/barnard.kosmos.org.json
Normal file
13
nodes/barnard.kosmos.org.json
Normal file
@ -0,0 +1,13 @@
|
||||
{
|
||||
"run_list": [
|
||||
"role[base]",
|
||||
"role[kredits_github]",
|
||||
"kosmos-ipfs::cluster",
|
||||
"kosmos-hubot::botka_freenode",
|
||||
"kosmos-hubot::hal8000",
|
||||
"kosmos-hubot::hal8000_xmpp"
|
||||
],
|
||||
"automatic": {
|
||||
"ipaddress": "barnard.kosmos.org"
|
||||
}
|
||||
}
|
@ -2,14 +2,8 @@
|
||||
"run_list": [
|
||||
"role[base]",
|
||||
"kosmos-redis",
|
||||
"kosmos-hubot",
|
||||
"5apps-xmpp_server",
|
||||
"5apps-hubot::xmpp_schlupp",
|
||||
"5apps-hubot::xmpp_botka",
|
||||
"kosmos-mastodon",
|
||||
"kosmos-mastodon::nginx",
|
||||
"sockethub::_firewall",
|
||||
"kosmos-ipfs::cluster"
|
||||
"sockethub::_firewall"
|
||||
],
|
||||
"normal": {
|
||||
"postgresql": {
|
||||
|
6
roles/kredits_github.rb
Normal file
6
roles/kredits_github.rb
Normal file
@ -0,0 +1,6 @@
|
||||
name "kredits_github"
|
||||
|
||||
run_list %w(
|
||||
kredits-github::default
|
||||
kredits-github::nginx
|
||||
)
|
@ -10,7 +10,7 @@
|
||||
unless node.chef_environment == "development"
|
||||
include_recipe "firewall"
|
||||
firewall_rule "xmpp" do
|
||||
port [5222, 5269]
|
||||
port [5222, 5269, 5281]
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
|
@ -3,7 +3,7 @@ maintainer_email 'mail@kosmos.org'
|
||||
license 'MIT'
|
||||
description "Installs/configures backup via the Backup gem"
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
|
||||
version "0.5.0"
|
||||
version "0.5.1"
|
||||
name "backup"
|
||||
|
||||
depends 'logrotate'
|
||||
|
@ -26,7 +26,7 @@
|
||||
build_essential 'backup gem'
|
||||
|
||||
# Don't try to install packages on older Ubuntu, the repositories are 404
|
||||
package ["ruby", "ruby-dev"] if node[:platform_version].to_f >= 16.04
|
||||
package ["ruby", "ruby-dev", "zlib1g-dev"] if node[:platform_version].to_f >= 16.04
|
||||
|
||||
gem_package 'backup' do
|
||||
version '5.0.0.beta.2'
|
||||
|
@ -1,7 +1,7 @@
|
||||
# encoding: utf-8
|
||||
|
||||
##
|
||||
# Backup v4.x Configuration
|
||||
# Backup v5.x Configuration
|
||||
#
|
||||
# Documentation: http://backup.github.io/backup
|
||||
# Issue Tracker: https://github.com/backup/backup/issues
|
||||
|
@ -38,27 +38,3 @@ firewall_rule 'mosh' do
|
||||
protocol :udp
|
||||
command :allow
|
||||
end
|
||||
|
||||
firewall_rule 'prosody_http_upload' do
|
||||
port 5281
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
|
||||
firewall_rule 'hubot_express_hal8000' do
|
||||
port 8080
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
|
||||
firewall_rule 'hubot_express_botka_xmpp' do
|
||||
port 8082
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
|
||||
firewall_rule 'hubot_express_schlupp_xmpp' do
|
||||
port 8083
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
|
@ -1,9 +1,36 @@
|
||||
node.default['hal8000']['kredits']['ipfs_host'] = 'localhost'
|
||||
node.default['hal8000']['kredits']['ipfs_port'] = '5001'
|
||||
node.default['hal8000']['kredits']['ipfs_protocol'] = 'http'
|
||||
node.default['hal8000']['kredits']['room'] = '#kosmos'
|
||||
node.default['hal8000']['kredits']['provider_url'] = 'https://rinkeby.infura.io/v3/c5e74367261d475ab935e2f0e726482f'
|
||||
node.default['hal8000']['kredits']['network_id'] = '4'
|
||||
node.default['hal8000']['kredits']['wallet_path'] = 'wallet.json'
|
||||
node.default['hal8000']['kredits']['mediawiki_url'] = 'https://wiki.kosmos.org/'
|
||||
node.default['hal8000']['kredits']['github_repo_blacklist'] = '67P/test-one-two'
|
||||
node.default['hal8000']['http_port'] = 8080
|
||||
|
||||
node.default['botka_freenode']['http_port'] = 8081
|
||||
node.default['botka_freenode']['domain'] = "freenode.botka.kosmos.org"
|
||||
|
||||
node.default['hal8000_xmpp']['http_port'] = 8082
|
||||
node.default['hal8000_xmpp']['domain'] = "hal8000.chat.kosmos.org"
|
||||
|
||||
node.default['hal8000_xmpp']['hubot_scripts'] = [
|
||||
"hubot-help", "hubot-read-tweet", "hubot-redis-brain",
|
||||
"hubot-rules", "hubot-shipit", "hubot-plusplus",
|
||||
"hubot-tell", "hubot-seen", "hubot-rss-reader",
|
||||
"hubot-incoming-webhook", "hubot-auth",
|
||||
"hubot-kredits", "hubot-schedule"
|
||||
]
|
||||
|
||||
node.default['hal8000_xmpp']['rooms'] = [
|
||||
'kosmos@chat.kosmos.org',
|
||||
'kosmos-dev@chat.kosmos.org',
|
||||
'kredits@chat.kosmos.org',
|
||||
]
|
||||
|
||||
node.default['hal8000_xmpp']['auth_admins'] = []
|
||||
|
||||
node.default['hal8000_xmpp']['kredits']['ipfs_host'] = 'localhost'
|
||||
# Use the running ipfs-cluster, so adding documents adds and pins them on all
|
||||
# members of the cluster
|
||||
node.default['hal8000_xmpp']['kredits']['ipfs_port'] = '9095'
|
||||
node.default['hal8000_xmpp']['kredits']['ipfs_protocol'] = 'http'
|
||||
node.default['hal8000_xmpp']['kredits']['room'] = 'kredits@chat.kosmos.org'
|
||||
node.default['hal8000_xmpp']['kredits']['provider_url'] = 'https://rinkeby.infura.io/v3/c5e74367261d475ab935e2f0e726482f'
|
||||
node.default['hal8000_xmpp']['kredits']['network_id'] = '4'
|
||||
node.default['hal8000_xmpp']['kredits']['wallet_path'] = 'wallet.json'
|
||||
node.default['hal8000_xmpp']['kredits']['mediawiki_url'] = 'https://wiki.kosmos.org/'
|
||||
node.default['hal8000_xmpp']['kredits']['github_repo_blacklist'] = '67P/test-one-two'
|
||||
node.default['hal8000_xmpp']['kredits']['gitea_repo_blacklist'] = 'kosmos/test-one-two'
|
||||
|
@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
|
||||
license 'MIT'
|
||||
description 'Configures Kosmos chat bots'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version '0.1.0'
|
||||
version '0.1.1'
|
||||
|
||||
depends 'kosmos-nodejs'
|
||||
depends 'kosmos-redis'
|
||||
|
@ -2,34 +2,55 @@
|
||||
# Cookbook Name:: kosmos-hubot
|
||||
# Recipe:: botka_freenode
|
||||
#
|
||||
# Copyright 2017-2018, Kosmos
|
||||
# Copyright:: 2019, Kosmos Developers
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
#
|
||||
app_name = "botka_freenode"
|
||||
app_path = "/opt/#{app_name}"
|
||||
app_user = "hubot"
|
||||
app_group = "hubot"
|
||||
|
||||
build_essential 'botka' do
|
||||
build_essential app_name do
|
||||
compile_time true
|
||||
end
|
||||
|
||||
include_recipe "kosmos-nodejs"
|
||||
include_recipe "kosmos-redis"
|
||||
|
||||
botka_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'botka_freenode')
|
||||
application app_path do
|
||||
data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
|
||||
|
||||
botka_freenode_path = "/opt/botka_freenode"
|
||||
application botka_freenode_path do
|
||||
owner "hubot"
|
||||
group "hubot"
|
||||
owner app_user
|
||||
group app_group
|
||||
|
||||
git do
|
||||
user "hubot"
|
||||
group "hubot"
|
||||
user app_user
|
||||
group app_group
|
||||
repository "https://github.com/67P/botka.git"
|
||||
revision "master"
|
||||
end
|
||||
|
||||
file "#{name}/external-scripts.json" do
|
||||
file "#{app_path}/external-scripts.json" do
|
||||
mode "0640"
|
||||
owner "hubot"
|
||||
group "hubot"
|
||||
owner app_user
|
||||
group app_group
|
||||
content [
|
||||
"hubot-help",
|
||||
"hubot-redis-brain",
|
||||
@ -39,7 +60,7 @@ application botka_freenode_path do
|
||||
end
|
||||
|
||||
npm_install do
|
||||
user "hubot"
|
||||
user app_user
|
||||
end
|
||||
|
||||
execute "systemctl daemon-reload" do
|
||||
@ -47,46 +68,46 @@ application botka_freenode_path do
|
||||
action :nothing
|
||||
end
|
||||
|
||||
template "/lib/systemd/system/botka_freenode_nodejs.service" do
|
||||
template "/lib/systemd/system/#{app_name}.service" do
|
||||
source 'nodejs.systemd.service.erb'
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0644'
|
||||
variables(
|
||||
user: "hubot",
|
||||
group: "hubot",
|
||||
app_dir: botka_freenode_path,
|
||||
entry: "#{botka_freenode_path}/bin/hubot -a irc",
|
||||
user: app_user,
|
||||
group: app_group,
|
||||
app_dir: app_path,
|
||||
entry: "#{app_path}/bin/hubot -a irc",
|
||||
environment: {
|
||||
"HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info",
|
||||
"HUBOT_IRC_SERVER" => "irc.freenode.net",
|
||||
"HUBOT_IRC_ROOMS" => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#opensourcedesign,#openknot,#emberjs,#mastodon,#indieweb,#lnd",
|
||||
"HUBOT_IRC_NICK" => "botka",
|
||||
"HUBOT_IRC_NICKSERV_USERNAME" => "botka",
|
||||
"HUBOT_IRC_NICKSERV_PASSWORD" => botka_freenode_data_bag_item['nickserv_password'],
|
||||
"HUBOT_IRC_NICKSERV_PASSWORD" => data_bag['nickserv_password'],
|
||||
"HUBOT_IRC_UNFLOOD" => "100",
|
||||
"HUBOT_RSS_PRINTSUMMARY" => "false",
|
||||
"HUBOT_RSS_PRINTERROR" => "false",
|
||||
"HUBOT_RSS_IRCCOLORS" => "true",
|
||||
# "HUBOT_LOG_LEVEL" => "error",
|
||||
"EXPRESS_PORT" => "8081",
|
||||
"HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao",
|
||||
"REDIS_URL" => "redis://localhost:6379/botka",
|
||||
"EXPRESS_PORT" => node[app_name]['http_port'],
|
||||
"HUBOT_AUTH_ADMIN" => "derbumi,galfert,gregkare,slvrbckt,raucao",
|
||||
"HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
|
||||
"RS_LOGGER_USER" => "kosmos@5apps.com",
|
||||
"RS_LOGGER_TOKEN" => botka_freenode_data_bag_item['rs_logger_token'],
|
||||
"RS_LOGGER_TOKEN" => data_bag['rs_logger_token'],
|
||||
"RS_LOGGER_SERVER_NAME" => "freenode",
|
||||
"RS_LOGGER_PUBLIC" => "true",
|
||||
"GCM_API_KEY" => botka_freenode_data_bag_item['gcm_api_key'],
|
||||
"GCM_API_KEY" => data_bag['gcm_api_key'],
|
||||
"VAPID_SUBJECT" => "https://kosmos.org",
|
||||
"VAPID_PUBLIC_KEY" => botka_freenode_data_bag_item['vapid_public_key'],
|
||||
"VAPID_PRIVATE_KEY" => botka_freenode_data_bag_item['vapid_private_key'],
|
||||
"REDIS_URL" => "redis://localhost:6379/botka"
|
||||
"VAPID_PUBLIC_KEY" => data_bag['vapid_public_key'],
|
||||
"VAPID_PRIVATE_KEY" => data_bag['vapid_private_key']
|
||||
}
|
||||
)
|
||||
notifies :run, "execute[systemctl daemon-reload]", :delayed
|
||||
notifies :restart, "service[botka_freenode_nodejs]", :delayed
|
||||
notifies :restart, "service[#{app_name}]", :delayed
|
||||
end
|
||||
|
||||
service "botka_freenode_nodejs" do
|
||||
service app_name do
|
||||
action [:enable, :start]
|
||||
end
|
||||
end
|
||||
@ -95,27 +116,23 @@ end
|
||||
# Nginx reverse proxy
|
||||
#
|
||||
unless node.chef_environment == "development"
|
||||
express_port = 8081
|
||||
express_domain = "freenode.botka.kosmos.org"
|
||||
|
||||
include_recipe "kosmos-base::letsencrypt"
|
||||
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
|
||||
template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
|
||||
source 'nginx_conf_hubot.erb'
|
||||
owner node["nginx"]["user"]
|
||||
mode 0640
|
||||
variables express_port: express_port,
|
||||
server_name: express_domain,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
|
||||
variables express_port: node[app_name]['http_port'],
|
||||
server_name: node[app_name]['domain'],
|
||||
ssl_cert: "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site express_domain do
|
||||
nginx_site node[app_name]['domain'] do
|
||||
action :enable
|
||||
end
|
||||
|
||||
nginx_certbot_site express_domain
|
||||
nginx_certbot_site node[app_name]['domain']
|
||||
end
|
||||
|
@ -5,15 +5,6 @@
|
||||
# Copyright 2017-2018, Kosmos
|
||||
#
|
||||
|
||||
unless node.chef_environment == "development"
|
||||
include_recipe 'firewall'
|
||||
firewall_rule 'hubot_express_hal8000_freenode' do
|
||||
port 8080
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
end
|
||||
|
||||
include_recipe "kosmos-nodejs"
|
||||
include_recipe "kosmos-redis"
|
||||
|
||||
|
@ -2,7 +2,25 @@
|
||||
# Cookbook Name:: kosmos-hubot
|
||||
# Recipe:: hal8000
|
||||
#
|
||||
# Copyright 2017-2018, Kosmos
|
||||
# Copyright:: 2019, Kosmos Developers
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
#
|
||||
|
||||
build_essential 'hal8000' do
|
||||
@ -13,18 +31,10 @@ include_recipe "kosmos-nodejs"
|
||||
include_recipe "kosmos-redis"
|
||||
include_recipe "kosmos-hubot::_user"
|
||||
|
||||
# Needed for hubot-kredits
|
||||
include_recipe "kosmos-ipfs"
|
||||
|
||||
unless node.chef_environment == "development"
|
||||
include_recipe 'firewall'
|
||||
firewall_rule 'hubot_express_hal8000_freenode' do
|
||||
port 8080
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
firewall_rule 'ipfs_swarm_p2p' do
|
||||
port 4001
|
||||
port node['hal8000']['http_port']
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
@ -60,7 +70,7 @@ application hal8000_path do
|
||||
"hubot-rss-reader",
|
||||
"hubot-incoming-webhook",
|
||||
"hubot-auth",
|
||||
"hubot-kredits",
|
||||
"hubot-schedule"
|
||||
].to_json
|
||||
end
|
||||
|
||||
@ -84,43 +94,28 @@ application hal8000_path do
|
||||
app_dir: hal8000_path,
|
||||
entry: "#{hal8000_path}/bin/hubot -a irc",
|
||||
environment: {
|
||||
# "HUBOT_LOG_LEVEL" => "error",
|
||||
"HUBOT_IRC_SERVER" => "irc.freenode.net",
|
||||
"HUBOT_IRC_ROOMS" => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub",
|
||||
"HUBOT_IRC_NICK" => "hal8000",
|
||||
"HUBOT_IRC_NICKSERV_USERNAME" => "hal8000",
|
||||
"HUBOT_IRC_NICKSERV_PASSWORD" => hal8000_freenode_data_bag_item['nickserv_password'],
|
||||
"HUBOT_IRC_UNFLOOD" => "100",
|
||||
"HUBOT_RSS_PRINTSUMMARY" => "false",
|
||||
"HUBOT_RSS_PRINTERROR" => "false",
|
||||
"HUBOT_RSS_IRCCOLORS" => "true",
|
||||
"HUBOT_PLUSPLUS_POINTS_TERM" => "karma,karma",
|
||||
"EXPRESS_PORT" => "8080",
|
||||
"HUBOT_RSS_HEADER" => "Update:",
|
||||
"HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao",
|
||||
"HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
|
||||
"WEBHOOK_TOKEN" => hal8000_freenode_data_bag_item['webhook_token'],
|
||||
"IPFS_API_HOST" => node['hal8000']['kredits']['ipfs_host'],
|
||||
"IPFS_API_PORT" => node['hal8000']['kredits']['ipfs_port'],
|
||||
"IPFS_API_PROTOCOL" => node['hal8000']['kredits']['ipfs_protocol'],
|
||||
"KREDITS_ROOM" => node['hal8000']['kredits']['room'],
|
||||
"KREDITS_WEBHOOK_TOKEN" => hal8000_freenode_data_bag_item['kredits_webhook_token'],
|
||||
"KREDITS_PROVIDER_URL" => node['hal8000']['kredits']['provider_url'],
|
||||
"KREDITS_NETWORK_ID" => node['hal8000']['kredits']['network_id'],
|
||||
"KREDITS_WALLET_PATH" => node['hal8000']['kredits']['wallet_path'],
|
||||
"KREDITS_WALLET_PASSWORD" => hal8000_freenode_data_bag_item['kredits_wallet_password'],
|
||||
"KREDITS_MEDIAWIKI_URL" => node['hal8000']['kredits']['mediawiki_url'],
|
||||
"KREDITS_GITHUB_REPO_BLACKLIST" => node['hal8000']['kredits']['github_repo_blacklist']
|
||||
# "HUBOT_LOG_LEVEL" => "error",
|
||||
"HUBOT_IRC_SERVER" => "irc.freenode.net",
|
||||
"HUBOT_IRC_ROOMS" => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub",
|
||||
"HUBOT_IRC_NICK" => "hal8000",
|
||||
"HUBOT_IRC_NICKSERV_USERNAME" => "hal8000",
|
||||
"HUBOT_IRC_NICKSERV_PASSWORD" => hal8000_freenode_data_bag_item['nickserv_password'],
|
||||
"HUBOT_IRC_UNFLOOD" => "100",
|
||||
"HUBOT_RSS_PRINTSUMMARY" => "false",
|
||||
"HUBOT_RSS_PRINTERROR" => "false",
|
||||
"HUBOT_RSS_IRCCOLORS" => "true",
|
||||
"HUBOT_PLUSPLUS_POINTS_TERM" => "karma,karma",
|
||||
"HUBOT_RSS_HEADER" => "Update:",
|
||||
"HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao",
|
||||
"HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
|
||||
"WEBHOOK_TOKEN" => hal8000_freenode_data_bag_item['webhook_token'],
|
||||
"EXPRESS_PORT" => node['hal8000']['http_port']
|
||||
}
|
||||
)
|
||||
notifies :run, "execute[systemctl daemon-reload]", :delayed
|
||||
notifies :restart, "service[hal8000_nodejs]", :delayed
|
||||
end
|
||||
|
||||
cookbook_file "#{name}/wallet.json" do
|
||||
source "wallet.json"
|
||||
end
|
||||
|
||||
service "hal8000_nodejs" do
|
||||
action [:enable, :start]
|
||||
end
|
||||
|
155
site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
Normal file
155
site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
Normal file
@ -0,0 +1,155 @@
|
||||
#
|
||||
# Cookbook Name:: kosmos-hubot
|
||||
# Recipe:: hal8000_xmpp
|
||||
#
|
||||
# Copyright:: 2019, Kosmos Developers
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
#
|
||||
app_name = "hal8000_xmpp"
|
||||
app_path = "/opt/#{app_name}"
|
||||
app_user = "hubot"
|
||||
app_group = "hubot"
|
||||
|
||||
build_essential app_name do
|
||||
compile_time true
|
||||
end
|
||||
|
||||
include_recipe "kosmos-nodejs"
|
||||
include_recipe "kosmos-redis"
|
||||
include_recipe "kosmos-hubot::_user"
|
||||
|
||||
# Needed for hubot-kredits
|
||||
include_recipe "kosmos-ipfs"
|
||||
|
||||
unless node.chef_environment == "development"
|
||||
include_recipe 'firewall'
|
||||
firewall_rule 'ipfs_swarm_p2p' do
|
||||
port 4001
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
end
|
||||
|
||||
application app_path do
|
||||
data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
|
||||
|
||||
owner app_user
|
||||
group app_group
|
||||
|
||||
git do
|
||||
user app_user
|
||||
group app_group
|
||||
repository "https://github.com/67P/hal8000.git"
|
||||
revision "master"
|
||||
end
|
||||
|
||||
file "#{app_path}/external-scripts.json" do
|
||||
mode "0640"
|
||||
owner app_user
|
||||
group app_group
|
||||
content node[app_name]['hubot_scripts'].to_json
|
||||
end
|
||||
|
||||
npm_install do
|
||||
user app_user
|
||||
end
|
||||
|
||||
execute "systemctl daemon-reload" do
|
||||
command "systemctl daemon-reload"
|
||||
action :nothing
|
||||
end
|
||||
|
||||
template "/lib/systemd/system/#{app_name}.service" do
|
||||
source 'nodejs.systemd.service.erb'
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0644'
|
||||
variables(
|
||||
user: app_user,
|
||||
group: app_user,
|
||||
app_dir: app_path,
|
||||
entry: "#{app_path}/bin/hubot -a xmpp --name hal8000",
|
||||
environment: {
|
||||
"HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info",
|
||||
"HUBOT_XMPP_USERNAME" => "hal8000@kosmos.org/hubot",
|
||||
"HUBOT_XMPP_PASSWORD" => data_bag['xmpp_password'],
|
||||
"HUBOT_XMPP_HOST" => "xmpp.kosmos.org",
|
||||
"HUBOT_XMPP_ROOMS" => node[app_name]['rooms'].join(','),
|
||||
"HUBOT_AUTH_ADMIN" => node[app_name]['auth_admins'].join(','),
|
||||
"HUBOT_RSS_PRINTSUMMARY" => "false",
|
||||
"HUBOT_RSS_PRINTERROR" => "false",
|
||||
"HUBOT_RSS_IRCCOLORS" => "true",
|
||||
"HUBOT_PLUSPLUS_POINTS_TERM" => "karma,karma",
|
||||
"HUBOT_RSS_HEADER" => "Update:",
|
||||
"HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
|
||||
"REDIS_URL" => "redis://localhost:6379/#{app_name}",
|
||||
"EXPRESS_PORT" => node[app_name]['http_port'],
|
||||
"WEBHOOK_TOKEN" => data_bag['webhook_token'],
|
||||
"IPFS_API_HOST" => node[app_name]['kredits']['ipfs_host'],
|
||||
"IPFS_API_PORT" => node[app_name]['kredits']['ipfs_port'],
|
||||
"IPFS_API_PROTOCOL" => node[app_name]['kredits']['ipfs_protocol'],
|
||||
"KREDITS_ROOM" => node[app_name]['kredits']['room'],
|
||||
"KREDITS_WEBHOOK_TOKEN" => data_bag['kredits_webhook_token'],
|
||||
"KREDITS_PROVIDER_URL" => node[app_name]['kredits']['provider_url'],
|
||||
"KREDITS_NETWORK_ID" => node[app_name]['kredits']['network_id'],
|
||||
"KREDITS_WALLET_PATH" => node[app_name]['kredits']['wallet_path'],
|
||||
"KREDITS_WALLET_PASSWORD" => data_bag['kredits_wallet_password'],
|
||||
"KREDITS_MEDIAWIKI_URL" => node[app_name]['kredits']['mediawiki_url'],
|
||||
"KREDITS_GITHUB_REPO_BLACKLIST" => node[app_name]['kredits']['github_repo_blacklist'],
|
||||
"KREDITS_GITEA_REPO_BLACKLIST" => node[app_name]['kredits']['gitea_repo_blacklist']
|
||||
}
|
||||
)
|
||||
notifies :run, "execute[systemctl daemon-reload]", :delayed
|
||||
notifies :restart, "service[#{app_name}]", :delayed
|
||||
end
|
||||
|
||||
cookbook_file "#{app_path}/wallet.json" do
|
||||
source "wallet.json"
|
||||
end
|
||||
|
||||
service app_name do
|
||||
action [:enable, :start]
|
||||
end
|
||||
end
|
||||
|
||||
#
|
||||
# Nginx reverse proxy
|
||||
#
|
||||
unless node.chef_environment == "development"
|
||||
include_recipe "kosmos-base::letsencrypt"
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
|
||||
source 'nginx_conf_hubot.erb'
|
||||
owner node["nginx"]["user"]
|
||||
mode 0640
|
||||
variables express_port: node[app_name]['http_port'],
|
||||
server_name: node[app_name]['domain'],
|
||||
ssl_cert: "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site node[app_name]['domain'] do
|
||||
action :enable
|
||||
end
|
||||
|
||||
nginx_certbot_site node[app_name]['domain']
|
||||
end
|
@ -8,10 +8,10 @@ upstream _express_<%= @server_name.gsub(".", "_") %> {
|
||||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
add_header Strict-Transport-Security "max-age=15768000";
|
||||
|
||||
server_name <%= @server_name %>;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=15768000";
|
||||
|
||||
access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json;
|
||||
error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
|
||||
|
||||
|
@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
|
||||
license 'MIT'
|
||||
description 'Installs/Configures kosmos-ipfs'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version '0.1.0'
|
||||
version '0.1.3'
|
||||
|
||||
depends 'ipfs'
|
||||
depends 'kosmos-base'
|
||||
|
@ -24,7 +24,7 @@
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
|
||||
node.override['ipfs']['cluster']['version'] = '0.9.0'
|
||||
node.override['ipfs']['cluster']['version'] = '0.10.1'
|
||||
|
||||
include_recipe "ipfs::cluster"
|
||||
include_recipe "ipfs::cluster_service"
|
||||
|
@ -24,8 +24,8 @@
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
|
||||
node.override['ipfs']['version'] = '0.4.18'
|
||||
node.override['ipfs']['checksum'] = '21e6c44c0fa8edf91a727f1e8257342a4c3a879462e656861b0a179e1f6a03f6'
|
||||
node.override['ipfs']['version'] = '0.4.20'
|
||||
node.override['ipfs']['checksum'] = '155dbdb2d7a9b8df38feccf48eb925cf9ab650754dc51994aa1e0bda1c1f9123'
|
||||
include_recipe "ipfs"
|
||||
|
||||
# Configure ipfs
|
||||
|
@ -33,6 +33,9 @@ server {
|
||||
location /api/v0/object/data {
|
||||
proxy_pass http://_ipfs/api/v0/object/data;
|
||||
}
|
||||
location /api/v0/id {
|
||||
proxy_pass http://_ipfs/api/v0/id;
|
||||
}
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
@ -152,14 +152,14 @@ application mastodon_path do
|
||||
db_pass: postgresql_data_bag_item['mastodon_user_password']
|
||||
end
|
||||
|
||||
execute do
|
||||
execute "bundle install" do
|
||||
environment "HOME" => mastodon_path
|
||||
user mastodon_user
|
||||
cwd mastodon_path
|
||||
command "/opt/ruby_build/builds/#{ruby_version}/bin/bundle install --without development,test --deployment"
|
||||
end
|
||||
|
||||
execute do
|
||||
execute "yarn install" do
|
||||
environment "HOME" => mastodon_path
|
||||
user mastodon_user
|
||||
cwd mastodon_path
|
||||
@ -212,7 +212,7 @@ unless node.chef_environment == "development"
|
||||
node.override["backup"]["postgresql"]["host"] = "localhost"
|
||||
unless platform?('ubuntu') && node[:platform_version].to_f < 18.04
|
||||
node.override["backup"]["postgresql"]["username"] = "mastodon"
|
||||
node.override["backup"]["postgresql"]["password"] = postgres_password
|
||||
node.override["backup"]["postgresql"]["password"] = postgresql_data_bag_item['mastodon_user_password']
|
||||
else
|
||||
node.override["backup"]["postgresql"]["username"] = "postgres"
|
||||
node.override["backup"]["postgresql"]["password"] = node['postgresql']['password']['postgres']
|
||||
|
@ -35,6 +35,11 @@ server {
|
||||
add_header Strict-Transport-Security "max-age=31536000";
|
||||
|
||||
location / {
|
||||
# If the maintenance file is present, show maintenance page
|
||||
if (-f <%= @mastodon_path %>/public/maintenance.html) {
|
||||
return 503;
|
||||
}
|
||||
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
@ -83,5 +88,11 @@ server {
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
error_page 500 501 502 503 504 /500.html;
|
||||
error_page 500 501 502 504 /500.html;
|
||||
error_page 503 /maintenance.html;
|
||||
|
||||
location = /maintenance.html {
|
||||
root <%= @mastodon_path %>/public;
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -101,7 +101,7 @@ nginx_site server_name do
|
||||
action :enable
|
||||
end
|
||||
|
||||
nginx_certbot_site server_name unless node.chef_environment == "development"
|
||||
nginx_certbot_site server_name
|
||||
|
||||
#
|
||||
# Extensions
|
||||
|
40
site-cookbooks/kosmos-nginx/files/default/maintenance.html
Normal file
40
site-cookbooks/kosmos-nginx/files/default/maintenance.html
Normal file
File diff suppressed because one or more lines are too long
@ -60,6 +60,22 @@ cookbook_file "#{node['nginx']['dir']}/conf.d/tls_config.conf" do
|
||||
notifies :restart, 'service[nginx]'
|
||||
end
|
||||
|
||||
directory node["nginx"]["user_home"] do
|
||||
owner node["nginx"]["user"]
|
||||
group node["nginx"]["group"]
|
||||
action :create
|
||||
recursive true
|
||||
end
|
||||
|
||||
# Maintenance page, to be copied or served when putting things in maintenance
|
||||
# mode
|
||||
cookbook_file "#{node["nginx"]["user_home"]}/maintenance.html" do
|
||||
source "maintenance.html"
|
||||
owner node['nginx']['user']
|
||||
group node['nginx']['group']
|
||||
mode "0640"
|
||||
end
|
||||
|
||||
unless node.chef_environment == "development"
|
||||
include_recipe 'kosmos-base::firewall'
|
||||
|
||||
|
@ -6,6 +6,8 @@ property :domain, String, name_property: true
|
||||
property :site, String
|
||||
|
||||
action :create do
|
||||
return if node.chef_environment == "development"
|
||||
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
domain = new_resource.domain
|
||||
|
6
site-cookbooks/kredits-github/CHANGELOG.md
Normal file
6
site-cookbooks/kredits-github/CHANGELOG.md
Normal file
@ -0,0 +1,6 @@
|
||||
kredits-github CHANGELOG
|
||||
========================
|
||||
|
||||
0.1.0
|
||||
-----
|
||||
- [Râu Cao] - Initial release of kredits-github
|
20
site-cookbooks/kredits-github/LICENSE
Normal file
20
site-cookbooks/kredits-github/LICENSE
Normal file
@ -0,0 +1,20 @@
|
||||
Copyright (c) 2019 Kosmos Developers
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
"Software"), to deal in the Software without restriction, including
|
||||
without limitation the rights to use, copy, modify, merge, publish,
|
||||
distribute, sublicense, and/or sell copies of the Software, and to
|
||||
permit persons to whom the Software is furnished to do so, subject to
|
||||
the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be
|
||||
included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
35
site-cookbooks/kredits-github/README.md
Normal file
35
site-cookbooks/kredits-github/README.md
Normal file
@ -0,0 +1,35 @@
|
||||
kredits-github Cookbook
|
||||
=======================
|
||||
|
||||
This cookbook installs [kredits-github](https://github.com/67P/kredits-github).
|
||||
|
||||
Attributes
|
||||
----------
|
||||
|
||||
#### kredits-github::default
|
||||
<table>
|
||||
<tr>
|
||||
<th>Key</th>
|
||||
<th>Type</th>
|
||||
<th>Description</th>
|
||||
<th>Default</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><tt>['kredits-github']['port']</tt></td>
|
||||
<td>String</td>
|
||||
<td>The local port that kredits-github is running on</td>
|
||||
<td><tt>3000</tt></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><tt>['kredits-github']['revision']</tt></td>
|
||||
<td>String</td>
|
||||
<td>Git revision/branch to deploy</td>
|
||||
<td><tt>master</tt></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><tt>['kredits-github']['domain']</tt></td>
|
||||
<td>String</td>
|
||||
<td>Domain name for requests to the app</td>
|
||||
<td><tt>kredits-github.kosmos.org</tt></td>
|
||||
</tr>
|
||||
</table>
|
3
site-cookbooks/kredits-github/attributes/default.rb
Normal file
3
site-cookbooks/kredits-github/attributes/default.rb
Normal file
@ -0,0 +1,3 @@
|
||||
node.default['kredits-github']['port'] = '3000'
|
||||
node.default['kredits-github']['revision'] = 'master'
|
||||
node.default['kredits-github']['domain'] = 'kredits-github.kosmos.org'
|
11
site-cookbooks/kredits-github/metadata.rb
Normal file
11
site-cookbooks/kredits-github/metadata.rb
Normal file
@ -0,0 +1,11 @@
|
||||
name 'kredits-github'
|
||||
maintainer 'Kosmos'
|
||||
maintainer_email 'mail@kosmos.org'
|
||||
license 'MIT'
|
||||
description 'Installs/Configures kredits-github'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version '0.1.0'
|
||||
|
||||
depends 'application_javascript'
|
||||
depends 'kosmos-nodejs'
|
||||
depends 'kosmos-nginx'
|
95
site-cookbooks/kredits-github/recipes/default.rb
Normal file
95
site-cookbooks/kredits-github/recipes/default.rb
Normal file
@ -0,0 +1,95 @@
|
||||
#
|
||||
# Cookbook Name:: kredits-github
|
||||
# Recipe:: default
|
||||
#
|
||||
# The MIT License (MIT)
|
||||
#
|
||||
# Copyright:: 2019, Kosmos Developers
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
|
||||
include_recipe 'kosmos-nodejs'
|
||||
|
||||
app_name = "kredits-github"
|
||||
deploy_user = "deploy"
|
||||
deploy_group = "deploy"
|
||||
credentials = Chef::EncryptedDataBagItem.load('credentials', app_name)
|
||||
|
||||
group deploy_group
|
||||
|
||||
user deploy_user do
|
||||
group deploy_group
|
||||
manage_home true
|
||||
shell "/bin/bash"
|
||||
comment "deploy user"
|
||||
end
|
||||
|
||||
path_to_deploy = "/opt/#{app_name}"
|
||||
application path_to_deploy do
|
||||
owner deploy_user
|
||||
group deploy_group
|
||||
|
||||
git do
|
||||
user deploy_user
|
||||
group deploy_group
|
||||
repository "https://github.com/67P/#{app_name}.git"
|
||||
revision node[app_name]['revision']
|
||||
end
|
||||
|
||||
npm_install do
|
||||
user deploy_user
|
||||
end
|
||||
|
||||
execute "systemctl daemon-reload" do
|
||||
command "systemctl daemon-reload"
|
||||
action :nothing
|
||||
end
|
||||
|
||||
file "#{path_to_deploy}/github_app_key.pem" do
|
||||
content credentials['private_key']
|
||||
owner deploy_user
|
||||
group deploy_group
|
||||
mode '0440'
|
||||
end
|
||||
|
||||
template "/lib/systemd/system/#{app_name}.service" do
|
||||
source 'nodejs.systemd.service.erb'
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0640'
|
||||
variables(
|
||||
user: deploy_user,
|
||||
group: deploy_group,
|
||||
app_dir: path_to_deploy,
|
||||
entry: "/usr/bin/node /usr/bin/npm start",
|
||||
environment: {
|
||||
'LOG_LEVEL' => "info",
|
||||
'APP_ID' => credentials['app_id'],
|
||||
'PRIVATE_KEY_PATH' => "#{path_to_deploy}/github_app_key.pem",
|
||||
'WEBHOOK_SECRET' => credentials['webhook_secret'],
|
||||
}
|
||||
)
|
||||
notifies :run, "execute[systemctl daemon-reload]", :delayed
|
||||
notifies :restart, "service[#{app_name}]", :delayed
|
||||
end
|
||||
|
||||
service app_name do
|
||||
action [:enable, :start]
|
||||
end
|
||||
end
|
46
site-cookbooks/kredits-github/recipes/nginx.rb
Normal file
46
site-cookbooks/kredits-github/recipes/nginx.rb
Normal file
@ -0,0 +1,46 @@
|
||||
#
|
||||
# Cookbook Name:: kredits-github
|
||||
# Recipe:: nginx
|
||||
#
|
||||
# The MIT License (MIT)
|
||||
#
|
||||
# Copyright:: 2019, Kosmos Developers
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
|
||||
include_recipe 'kosmos-nginx'
|
||||
server_name = node['kredits-github']['domain']
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
|
||||
source 'nginx_conf.erb'
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables app_name: "kredits-github",
|
||||
nodejs_port: node['kredits-github']['port'],
|
||||
server_name: server_name,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{server_name}/privkey.pem"
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site server_name do
|
||||
action :enable
|
||||
end
|
||||
|
||||
nginx_certbot_site server_name
|
@ -0,0 +1,26 @@
|
||||
# Generated by Chef
|
||||
upstream _<%= @app_name %> {
|
||||
server localhost:<%= @nodejs_port %>;
|
||||
}
|
||||
|
||||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name <%= @server_name %>;
|
||||
|
||||
access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log json;
|
||||
error_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.error.log warn;
|
||||
|
||||
gzip on;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=15768000";
|
||||
|
||||
location / {
|
||||
proxy_buffers 1024 8k; # Increase number of buffers. Default is 8
|
||||
proxy_pass http://_<%= @app_name %>;
|
||||
}
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
}
|
||||
<% end -%>
|
@ -0,0 +1,15 @@
|
||||
[Unit]
|
||||
Description=Start nodejs app
|
||||
|
||||
[Service]
|
||||
ExecStart=<%= @entry %>
|
||||
WorkingDirectory=<%= @app_dir %>
|
||||
User=<%= @user %>
|
||||
Group=<%= @group %>
|
||||
<% unless @environment.empty? -%>
|
||||
Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %>
|
||||
<% end -%>
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
x
Reference in New Issue
Block a user