kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 28 Pull Requests 3 Projects 2 Activity

Merge branch 'master' into feature/7-ejabberd_rebased_2

Browse Source
This commit is contained in:
Greg Karékinian 2019-05-10 11:08:09 +02:00
commit 3884f9922e
40 changed files with 731 additions and 174 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Berksfile
View File

@ -55,4 +55,4 @@ cookbook 'homebrew', '= 3.0.0'
cookbook 'mariadb', '= 0.3.1'
cookbook 'ipfs',
git: 'https://github.com/67P/ipfs-cookbook.git',
ref: 'v0.1.2'
ref: 'feature/reduce_memory_usage'

6
Berksfile.lock
View File

@ -19,8 +19,8 @@ DEPENDENCIES
hostsfile (= 2.4.5)
ipfs
git: https://github.com/67P/ipfs-cookbook.git
revision: 78d3edfd78c56a25494ac84528e152762f38b3be
ref: v0.1.2
revision: 5aa50ecc7eca5c7f113492057ca3bc8158e5154c
ref: feature
logrotate (= 2.2.0)
mariadb (= 0.3.1)
mediawiki
@ -100,7 +100,7 @@ GRAPH
hostname (0.4.2)
hostsfile (>= 0.0.0)
hostsfile (2.4.5)
ipfs (0.1.2)
ipfs (0.1.3)
ark (>= 0.0.0)
logrotate (2.2.0)
mariadb (0.3.1)

42
data_bags/credentials/hal8000_freenode.json
View File

@ -1,33 +1,31 @@
{
"id": "hal8000_freenode",
"nickserv_password": {
"encrypted_data": "wVOuYDPJAjWN/Un+cB/bpKD7gJ4FOOfY6xSTwpOutMD+KmhgjEX4Z99G9rwv\nmeFoBiO3Z9O+C1BeIf3YGAgWnfBgNS5eRnGAxhkzsVyvpyo=\n",
"iv": "26SarumevOdpdim4omgXng==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"rs_logger_token": {
"encrypted_data": "A3z2klmsLGwmJmB4eMVKJu5yC2mjaQii7SAuYBSl/hVtrrWDqlqR5N6vqHSv\nMWoXhptuF+RBOL7wgg0DN08B8A==\n",
"iv": "hpQA2RgJhHytnvoxgsuAhw==\n",
"version": 1,
"cipher": "aes-256-cbc"
"encrypted_data": "rkCsvjS6EipHlxgxPdSiPVl6CCyjyy845P2ftSykmIW0+fxahTSOxbSMYJl8\n1DW6Go88ZE+eKKWIugp2nWDS+5Pnx58I\n",
"iv": "EvNcR0eqpZngoNJx\n",
"auth_tag": "kKFPUuff8llgVZYROTg/EA==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"webhook_token": {
"encrypted_data": "w/cC18Wte2w2j1mU9SkeepRxOm4zBgZKd7djU6N1t3i7YgjEhHMPeQmD4m8f\nxhes\n",
"iv": "dqFAa3sXHLePuH26YrJUxw==\n",
"version": 1,
"cipher": "aes-256-cbc"
"encrypted_data": "ItDsU9w6HCGS7ykQdkZEXQEZzPEt6bW42Fbh00AtZz+h7JmQ\n",
"iv": "OdaAg/XoUMIEfQEQ\n",
"auth_tag": "9ThqnVhWEZbo4jF4lqa5TA==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"kredits_webhook_token": {
"encrypted_data": "mBESEC0w2Q2wf8LRtHUtKAPDkqqt/xTjtoKCXVbu92xJedCccS51qZNcHp69\nw64Y\n",
"iv": "iZX6EzyyFkTHvJ6nnUWT6Q==\n",
"version": 1,
"cipher": "aes-256-cbc"
"encrypted_data": "kUp4XAQkwWFphQT1f4wsGVJJtmhBqrEiW6W1D1ONrpZ0z94=\n",
"iv": "XiGtQlKn4BvAeaS1\n",
"auth_tag": "1hkTI7ccxBN4/6U4VF19WQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"kredits_wallet_password": {
"encrypted_data": "6Lq61jWP1oRSLiI0JucQtCdGnPFeJOYpSMZ9nw6oIkWEFbdMXnrEnKNxYJax\n0abI\n",
"iv": "XMDv5T30HTK/BhsR1lH79g==\n",
"version": 1,
"cipher": "aes-256-cbc"
"encrypted_data": "mKcJBPto0OdPpBXB5x3ynxq01DA2CEz476lTAgjGjTNDHQ==\n",
"iv": "LIvTZ+fx1suOcnjD\n",
"auth_tag": "mcjLU242nqtNn5XR7ku4BQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}

31
data_bags/credentials/hal8000_xmpp.json Normal file
View File

@ -0,0 +1,31 @@
{
"id": "hal8000_xmpp",
"xmpp_password": {
"encrypted_data": "7pE9C6Tdjeg7ZFjtwzgPzC4ekSgPzN18A5ia5awJnKA=\n",
"iv": "p3RqfadD1sPKEof3\n",
"auth_tag": "4zYf0anagoLn5bF3Rt95BQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"webhook_token": {
"encrypted_data": "T6zu7cd5/PXZP56PwjIo5XIjUOJQQSvobvgIekCIB3SgyWQr\n",
"iv": "LwCkuGJP2eZC8S4Y\n",
"auth_tag": "qH5ckddELQR32z3oYxELMg==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"kredits_webhook_token": {
"encrypted_data": "W6xJKRCsoX6qY3QJW/kR5I7Y9LNS1L5zB6X1oLzE71soQ/Y=\n",
"iv": "Piw00LKQysN3AVJN\n",
"auth_tag": "BwH/mJoBtqhA5wNXwFUM6w==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"kredits_wallet_password": {
"encrypted_data": "dFKch6Gjt9oN21w15EeHvho1/f7+mZlKe/aOtoHJtmCgbw==\n",
"iv": "GCueL9BRmLFqlmDw\n",
"auth_tag": "Yq3nOeQenXz+c6VoLhZbQw==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}

24
data_bags/credentials/kredits-github.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "kredits-github",
"app_id": {
"encrypted_data": "DVvsNFAlZIO1NMmo1dVbA05MYdyJfPG9\n",
"iv": "JP4lpX3pFT8l43Hl\n",
"auth_tag": "EncRbtgQigRvLIfbMS+IxQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"private_key": {
"encrypted_data": "nV2ecoeWtL/TIM9grbsDAVh34gkaE/bJFc7qebUA9fOU40eeC7xMQst9pBZ+\nIfok2Y4Q0+ABQEKTrilfhSAOA+Hck66W2k1oNdCKXRcNb40T0Y01L77nNdzO\n0b6+uzopQ9oe2M5PF283gk8JWWQV9qED4eKpXEyU8prooA26KabXSrnsMESU\nIztULMsHNhUbDPHBRiEA6q/YUKlw8R++Sh9BcOjjeAEK+pueiARDh+yNMfJV\nomZRWfqncLlryDY6g+hbWEy5Oh+uMD8Th7zhbO//5dPOP1T6ZJjzHfhVQw+v\ng8txFD505yCBKiv70K4cHy9dF+ExFzJBcgr42gJ60gzShemZywAxOCDIc2yz\nFSEVwxGlxYRs5PLHhOT+KCaDzE7w5JmHDyMzv0j+IJnUtPPeInUUI9CNw42F\nmXygqGaY2BmJXAqYtCqEeMsZBtXijqu3TY3mmqxudupxethRrXZ9uZ0I3Ohf\nw6BCnqTw/sT3JkBxtNRQeEQvF+2G8ysXyLujkbqAyWiT+fCmS14FhisEOr8H\n6ojfRGb5iHHScG5wTwXn6tr4de9jjVk5Hrth3Rj46ZImMd1lzROPYyIcWFlS\no57Y3nmF6j7pjDBz++nInnpGlzPG+17sG4OSp6t0t93Vwkr8q9WNQjLo0Jqc\nLNaziU1ke3g+ZpKnHhUwJ2sCyVk4xvVD98hx4lhwCPzKghGQhWu6Vo2YfN79\nhSMjNw5N/3WFxdb5EuF4vYWOFitBvogPkAusZjrexlhUmGIS2qf+jlKvo6yD\nIl8CrCYZttj1UnyCuDmftIXTY9/7czBDQgq+vHlT33e7hNLHD7tFDeTEaz0t\nS+/I0+BgEnKv7aQHSSKExg3ZNc86yqfREKNsKxf4O6YiceBP7r/0qqFR6VBH\nIOQpUwK2e6cv70VmmtoEIjIpRZIOScrVVc1w2QlCj7xH9WfdEG9GSft3uHqd\nqbpegChVNuq2tEq7DoAC8ednjzbYdka4bpGJCqF6zm1c48WaL0G6VBLioi/r\nwFhCNi6AOEYkX0v3wovxME1aodfzBiu1Q6nEuzflZthr+1zERZXXaXY59VZ8\nqzWnLd5Xd/SxvvODY67fdykP90Kn94Xf+6XD9r72ch3S3ZqoWi66YFyqZ5Aa\n0LVKK+nCUwlGWjdgzcEcGx5OOyvbqm2VVnwWo2HuVk/iTzkrppF9y5nvFWUc\n6FfDdGWytkmzRH3KBZ9GKqgrIrswUmsSoIHESugVouJ+QfbFZZLLQS/0p4wH\nPFT8H8GSUvg8CEbap4JRW3R/+yspqSXipfIH5TrKr6NkyggWSE7EMNYq41eU\nuFWtwqX/z8x0SVVo+thAXkgg7KcZrZ9W4LdSGnfrx90QGZ0/K9Xs27pPY8R1\nSUNpaUc3S4Vxt28ualRBksuiIXT9AJGPGQf5UOgpOzBmDFw0GSjZdzz33tLL\n49Ymktapc6mC1FCxkJO3e+pI/I34+FcD9oiVea5v0Gg1cuuZInGJBYrq0PBE\nTaz0w2e8X/eQ2fVnQlUgmHlPcOugtoK8sLEO2+HDyBmIx9ypCfqFo6tu+MHG\nZTRp1GFmifYKUMnGvyxgo7mMFuSJtzgF/UR4PddbfX9yFAxPUTzM2Ba4s9um\nBZXKQoQB/dS9wXhmZVme9Yjq/D1d8w3wosSOcDV3apNerDxegbFqt8ugYbtQ\nmy35aHCXU560Xi1uyWBggRXsoWSsb3RZhNbTz6vsvsly9kj6pSUtxbAiwvwI\nrZuGwvNUgYHdXaHdQAqyCAiIF3KJfQGTyk2di26BZ3K8eTnP3tKbTT157Adf\nOt4e+sHhfmacjmXN9FFuOlLddOk45Y7YSRDwGgqS3NqTSo21GAPBSDqfwqkr\neG76OKxoijCMYeJQ6h0lqh8lXYO5h376BdbUMvZfiy8PzkfbCZ9j45b/jHQD\n8CSWz+T8LmQM4Mg69MZn3zAYOSrPQj9DMbwuQshqe19qRlrexRRemWATvkSO\nYchQJ2891WGn7WZ2vrd9VpEdiXdC6JmCpDfoBBJ3JcaknTrNx7VBPc/48rli\nIlso0fzzxTGIrJjFbYL38Br20/qZcXzOO+YJXuHY+n5vuZ2870yPck4r1vUX\n6HSRALY768YGSLNWwfg9sDfbOcpfxKrnrNJxF5Nz7cGN63CKm1e6GZG+vSX+\nNBkumwPGyUWtLJO+JE8l6yivOZeq01W+XOjSh8NzrQJ3Tt2XVhuqWy+ruXS0\nA9O2/tdI2pu0ed63TVaWL/ULYrfXtHtCOYyjc5ulIwX7+L9LXU2I9zmycp0u\n3eR50MpHBgGSCyk=\n",
"iv": "IlCQ6yNhvGFeTJlP\n",
"auth_tag": "bItEhCOGVHB2HMzWKuyExg==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"webhook_secret": {
"encrypted_data": "5aUw9uwoX7BmUXCXLjJ82VtEOAAaneldYMUnv2XJqL+XUNokmdf/tQwTjI7R\n8Ov1+sXCp2R073apPUk=\n",
"iv": "6VeynEodre6uhBE7\n",
"auth_tag": "kRGFN3q+N0NKPwoLRrtgtw==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}

3
nodes/andromeda.kosmos.org.json
View File

@ -8,7 +8,8 @@
"kosmos-mediawiki",
"sockethub",
"sockethub::proxy",
"kosmos-btcpayserver::proxy"
"kosmos-btcpayserver::proxy",
"role[mastodon]"
],
"normal": {
"postgresql": {

13
nodes/barnard.kosmos.org.json Normal file
View File

@ -0,0 +1,13 @@
{
"run_list": [
"role[base]",
"role[kredits_github]",
"kosmos-ipfs::cluster",
"kosmos-hubot::botka_freenode",
"kosmos-hubot::hal8000",
"kosmos-hubot::hal8000_xmpp"
],
"automatic": {
"ipaddress": "barnard.kosmos.org"
}
}

8
nodes/dev.kosmos.org.json
View File

@ -2,14 +2,8 @@
"run_list": [
"role[base]",
"kosmos-redis",
"kosmos-hubot",
"5apps-xmpp_server",
"5apps-hubot::xmpp_schlupp",
"5apps-hubot::xmpp_botka",
"kosmos-mastodon",
"kosmos-mastodon::nginx",
"sockethub::_firewall",
"kosmos-ipfs::cluster"
"sockethub::_firewall"
],
"normal": {
"postgresql": {

6
roles/kredits_github.rb Normal file
View File

@ -0,0 +1,6 @@
name "kredits_github"
run_list %w(
kredits-github::default
kredits-github::nginx
)

2
site-cookbooks/5apps-xmpp_server/recipes/default.rb
View File

@ -10,7 +10,7 @@
unless node.chef_environment == "development"
include_recipe "firewall"
firewall_rule "xmpp" do
port [5222, 5269]
port [5222, 5269, 5281]
protocol :tcp
command :allow
end

2
site-cookbooks/backup/metadata.rb
View File

@ -3,7 +3,7 @@ maintainer_email 'mail@kosmos.org'
license 'MIT'
description "Installs/configures backup via the Backup gem"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
version "0.5.0"
version "0.5.1"
name "backup"
depends 'logrotate'

2
site-cookbooks/backup/recipes/default.rb
View File

@ -26,7 +26,7 @@
build_essential 'backup gem'
# Don't try to install packages on older Ubuntu, the repositories are 404
package ["ruby", "ruby-dev"] if node[:platform_version].to_f >= 16.04
package ["ruby", "ruby-dev", "zlib1g-dev"] if node[:platform_version].to_f >= 16.04
gem_package 'backup' do
version '5.0.0.beta.2'

2
site-cookbooks/backup/templates/default/config.rb.erb
View File

@ -1,7 +1,7 @@
# encoding: utf-8
##
# Backup v4.x Configuration
# Backup v5.x Configuration
#
# Documentation: http://backup.github.io/backup
# Issue Tracker: https://github.com/backup/backup/issues

24
site-cookbooks/kosmos-base/recipes/firewall.rb
View File

@ -38,27 +38,3 @@ firewall_rule 'mosh' do
protocol :udp
command :allow
end
firewall_rule 'prosody_http_upload' do
port 5281
protocol :tcp
command :allow
end
firewall_rule 'hubot_express_hal8000' do
port 8080
protocol :tcp
command :allow
end
firewall_rule 'hubot_express_botka_xmpp' do
port 8082
protocol :tcp
command :allow
end
firewall_rule 'hubot_express_schlupp_xmpp' do
port 8083
protocol :tcp
command :allow
end

45
site-cookbooks/kosmos-hubot/attributes/default.rb
View File

@ -1,9 +1,36 @@
node.default['hal8000']['kredits']['ipfs_host'] = 'localhost'
node.default['hal8000']['kredits']['ipfs_port'] = '5001'
node.default['hal8000']['kredits']['ipfs_protocol'] = 'http'
node.default['hal8000']['kredits']['room'] = '#kosmos'
node.default['hal8000']['kredits']['provider_url'] = 'https://rinkeby.infura.io/v3/c5e74367261d475ab935e2f0e726482f'
node.default['hal8000']['kredits']['network_id'] = '4'
node.default['hal8000']['kredits']['wallet_path'] = 'wallet.json'
node.default['hal8000']['kredits']['mediawiki_url'] = 'https://wiki.kosmos.org/'
node.default['hal8000']['kredits']['github_repo_blacklist'] = '67P/test-one-two'
node.default['hal8000']['http_port'] = 8080
node.default['botka_freenode']['http_port'] = 8081
node.default['botka_freenode']['domain'] = "freenode.botka.kosmos.org"
node.default['hal8000_xmpp']['http_port'] = 8082
node.default['hal8000_xmpp']['domain'] = "hal8000.chat.kosmos.org"
node.default['hal8000_xmpp']['hubot_scripts'] = [
"hubot-help", "hubot-read-tweet", "hubot-redis-brain",
"hubot-rules", "hubot-shipit", "hubot-plusplus",
"hubot-tell", "hubot-seen", "hubot-rss-reader",
"hubot-incoming-webhook", "hubot-auth",
"hubot-kredits", "hubot-schedule"
]
node.default['hal8000_xmpp']['rooms'] = [
'kosmos@chat.kosmos.org',
'kosmos-dev@chat.kosmos.org',
'kredits@chat.kosmos.org',
]
node.default['hal8000_xmpp']['auth_admins'] = []
node.default['hal8000_xmpp']['kredits']['ipfs_host'] = 'localhost'
# Use the running ipfs-cluster, so adding documents adds and pins them on all
# members of the cluster
node.default['hal8000_xmpp']['kredits']['ipfs_port'] = '9095'
node.default['hal8000_xmpp']['kredits']['ipfs_protocol'] = 'http'
node.default['hal8000_xmpp']['kredits']['room'] = 'kredits@chat.kosmos.org'
node.default['hal8000_xmpp']['kredits']['provider_url'] = 'https://rinkeby.infura.io/v3/c5e74367261d475ab935e2f0e726482f'
node.default['hal8000_xmpp']['kredits']['network_id'] = '4'
node.default['hal8000_xmpp']['kredits']['wallet_path'] = 'wallet.json'
node.default['hal8000_xmpp']['kredits']['mediawiki_url'] = 'https://wiki.kosmos.org/'
node.default['hal8000_xmpp']['kredits']['github_repo_blacklist'] = '67P/test-one-two'
node.default['hal8000_xmpp']['kredits']['gitea_repo_blacklist'] = 'kosmos/test-one-two'

2
site-cookbooks/kosmos-hubot/metadata.rb
View File

@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
license 'MIT'
description 'Configures Kosmos chat bots'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'
version '0.1.1'
depends 'kosmos-nodejs'
depends 'kosmos-redis'

97
site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
View File

@ -2,34 +2,55 @@
# Cookbook Name:: kosmos-hubot
# Recipe:: botka_freenode
#
# Copyright 2017-2018, Kosmos
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#
app_name = "botka_freenode"
app_path = "/opt/#{app_name}"
app_user = "hubot"
app_group = "hubot"
build_essential 'botka' do
build_essential app_name do
compile_time true
end
include_recipe "kosmos-nodejs"
include_recipe "kosmos-redis"
botka_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'botka_freenode')
application app_path do
data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
botka_freenode_path = "/opt/botka_freenode"
application botka_freenode_path do
owner "hubot"
group "hubot"
owner app_user
group app_group
git do
user "hubot"
group "hubot"
user app_user
group app_group
repository "https://github.com/67P/botka.git"
revision "master"
end
file "#{name}/external-scripts.json" do
file "#{app_path}/external-scripts.json" do
mode "0640"
owner "hubot"
group "hubot"
owner app_user
group app_group
content [
"hubot-help",
"hubot-redis-brain",
@ -39,7 +60,7 @@ application botka_freenode_path do
end
npm_install do
user "hubot"
user app_user
end
execute "systemctl daemon-reload" do
@ -47,46 +68,46 @@ application botka_freenode_path do
action :nothing
end
template "/lib/systemd/system/botka_freenode_nodejs.service" do
template "/lib/systemd/system/#{app_name}.service" do
source 'nodejs.systemd.service.erb'
owner 'root'
group 'root'
mode '0644'
variables(
user: "hubot",
group: "hubot",
app_dir: botka_freenode_path,
entry: "#{botka_freenode_path}/bin/hubot -a irc",
user: app_user,
group: app_group,
app_dir: app_path,
entry: "#{app_path}/bin/hubot -a irc",
environment: {
"HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info",
"HUBOT_IRC_SERVER" => "irc.freenode.net",
"HUBOT_IRC_ROOMS" => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#opensourcedesign,#openknot,#emberjs,#mastodon,#indieweb,#lnd",
"HUBOT_IRC_NICK" => "botka",
"HUBOT_IRC_NICKSERV_USERNAME" => "botka",
"HUBOT_IRC_NICKSERV_PASSWORD" => botka_freenode_data_bag_item['nickserv_password'],
"HUBOT_IRC_NICKSERV_PASSWORD" => data_bag['nickserv_password'],
"HUBOT_IRC_UNFLOOD" => "100",
"HUBOT_RSS_PRINTSUMMARY" => "false",
"HUBOT_RSS_PRINTERROR" => "false",
"HUBOT_RSS_IRCCOLORS" => "true",
# "HUBOT_LOG_LEVEL" => "error",
"EXPRESS_PORT" => "8081",
"HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao",
"REDIS_URL" => "redis://localhost:6379/botka",
"EXPRESS_PORT" => node[app_name]['http_port'],
"HUBOT_AUTH_ADMIN" => "derbumi,galfert,gregkare,slvrbckt,raucao",
"HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
"RS_LOGGER_USER" => "kosmos@5apps.com",
"RS_LOGGER_TOKEN" => botka_freenode_data_bag_item['rs_logger_token'],
"RS_LOGGER_TOKEN" => data_bag['rs_logger_token'],
"RS_LOGGER_SERVER_NAME" => "freenode",
"RS_LOGGER_PUBLIC" => "true",
"GCM_API_KEY" => botka_freenode_data_bag_item['gcm_api_key'],
"GCM_API_KEY" => data_bag['gcm_api_key'],
"VAPID_SUBJECT" => "https://kosmos.org",
"VAPID_PUBLIC_KEY" => botka_freenode_data_bag_item['vapid_public_key'],
"VAPID_PRIVATE_KEY" => botka_freenode_data_bag_item['vapid_private_key'],
"REDIS_URL" => "redis://localhost:6379/botka"
"VAPID_PUBLIC_KEY" => data_bag['vapid_public_key'],
"VAPID_PRIVATE_KEY" => data_bag['vapid_private_key']
}
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[botka_freenode_nodejs]", :delayed
notifies :restart, "service[#{app_name}]", :delayed
end
service "botka_freenode_nodejs" do
service app_name do
action [:enable, :start]
end
end
@ -95,27 +116,23 @@ end
# Nginx reverse proxy
#
unless node.chef_environment == "development"
express_port = 8081
express_domain = "freenode.botka.kosmos.org"
include_recipe "kosmos-base::letsencrypt"
include_recipe "kosmos-nginx"
template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
source 'nginx_conf_hubot.erb'
owner node["nginx"]["user"]
mode 0640
variables express_port: express_port,
server_name: express_domain,
ssl_cert: "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
variables express_port: node[app_name]['http_port'],
server_name: node[app_name]['domain'],
ssl_cert: "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site express_domain do
nginx_site node[app_name]['domain'] do
action :enable
end
nginx_certbot_site express_domain
nginx_certbot_site node[app_name]['domain']
end

9
site-cookbooks/kosmos-hubot/recipes/default.rb
View File

@ -5,15 +5,6 @@
# Copyright 2017-2018, Kosmos
#
unless node.chef_environment == "development"
include_recipe 'firewall'
firewall_rule 'hubot_express_hal8000_freenode' do
port 8080
protocol :tcp
command :allow
end
end
include_recipe "kosmos-nodejs"
include_recipe "kosmos-redis"

79
site-cookbooks/kosmos-hubot/recipes/hal8000.rb
View File

@ -2,7 +2,25 @@
# Cookbook Name:: kosmos-hubot
# Recipe:: hal8000
#
# Copyright 2017-2018, Kosmos
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#
build_essential 'hal8000' do
@ -13,18 +31,10 @@ include_recipe "kosmos-nodejs"
include_recipe "kosmos-redis"
include_recipe "kosmos-hubot::_user"
# Needed for hubot-kredits
include_recipe "kosmos-ipfs"
unless node.chef_environment == "development"
include_recipe 'firewall'
firewall_rule 'hubot_express_hal8000_freenode' do
port 8080
protocol :tcp
command :allow
end
firewall_rule 'ipfs_swarm_p2p' do
port 4001
port node['hal8000']['http_port']
protocol :tcp
command :allow
end
@ -60,7 +70,7 @@ application hal8000_path do
"hubot-rss-reader",
"hubot-incoming-webhook",
"hubot-auth",
"hubot-kredits",
"hubot-schedule"
].to_json
end
@ -84,43 +94,28 @@ application hal8000_path do
app_dir: hal8000_path,
entry: "#{hal8000_path}/bin/hubot -a irc",
environment: {
# "HUBOT_LOG_LEVEL" => "error",
"HUBOT_IRC_SERVER" => "irc.freenode.net",
"HUBOT_IRC_ROOMS" => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub",
"HUBOT_IRC_NICK" => "hal8000",
"HUBOT_IRC_NICKSERV_USERNAME" => "hal8000",
"HUBOT_IRC_NICKSERV_PASSWORD" => hal8000_freenode_data_bag_item['nickserv_password'],
"HUBOT_IRC_UNFLOOD" => "100",
"HUBOT_RSS_PRINTSUMMARY" => "false",
"HUBOT_RSS_PRINTERROR" => "false",
"HUBOT_RSS_IRCCOLORS" => "true",
"HUBOT_PLUSPLUS_POINTS_TERM" => "karma,karma",
"EXPRESS_PORT" => "8080",
"HUBOT_RSS_HEADER" => "Update:",
"HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao",
"HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
"WEBHOOK_TOKEN" => hal8000_freenode_data_bag_item['webhook_token'],
"IPFS_API_HOST" => node['hal8000']['kredits']['ipfs_host'],
"IPFS_API_PORT" => node['hal8000']['kredits']['ipfs_port'],
"IPFS_API_PROTOCOL" => node['hal8000']['kredits']['ipfs_protocol'],
"KREDITS_ROOM" => node['hal8000']['kredits']['room'],
"KREDITS_WEBHOOK_TOKEN" => hal8000_freenode_data_bag_item['kredits_webhook_token'],
"KREDITS_PROVIDER_URL" => node['hal8000']['kredits']['provider_url'],
"KREDITS_NETWORK_ID" => node['hal8000']['kredits']['network_id'],
"KREDITS_WALLET_PATH" => node['hal8000']['kredits']['wallet_path'],
"KREDITS_WALLET_PASSWORD" => hal8000_freenode_data_bag_item['kredits_wallet_password'],
"KREDITS_MEDIAWIKI_URL" => node['hal8000']['kredits']['mediawiki_url'],
"KREDITS_GITHUB_REPO_BLACKLIST" => node['hal8000']['kredits']['github_repo_blacklist']
# "HUBOT_LOG_LEVEL" => "error",
"HUBOT_IRC_SERVER" => "irc.freenode.net",
"HUBOT_IRC_ROOMS" => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub",
"HUBOT_IRC_NICK" => "hal8000",
"HUBOT_IRC_NICKSERV_USERNAME" => "hal8000",
"HUBOT_IRC_NICKSERV_PASSWORD" => hal8000_freenode_data_bag_item['nickserv_password'],
"HUBOT_IRC_UNFLOOD" => "100",
"HUBOT_RSS_PRINTSUMMARY" => "false",
"HUBOT_RSS_PRINTERROR" => "false",
"HUBOT_RSS_IRCCOLORS" => "true",
"HUBOT_PLUSPLUS_POINTS_TERM" => "karma,karma",
"HUBOT_RSS_HEADER" => "Update:",
"HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao",
"HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
"WEBHOOK_TOKEN" => hal8000_freenode_data_bag_item['webhook_token'],
"EXPRESS_PORT" => node['hal8000']['http_port']
}
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[hal8000_nodejs]", :delayed
end
cookbook_file "#{name}/wallet.json" do
source "wallet.json"
end
service "hal8000_nodejs" do
action [:enable, :start]
end

155
site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb Normal file
View File

@ -0,0 +1,155 @@
#
# Cookbook Name:: kosmos-hubot
# Recipe:: hal8000_xmpp
#
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#
app_name = "hal8000_xmpp"
app_path = "/opt/#{app_name}"
app_user = "hubot"
app_group = "hubot"
build_essential app_name do
compile_time true
end
include_recipe "kosmos-nodejs"
include_recipe "kosmos-redis"
include_recipe "kosmos-hubot::_user"
# Needed for hubot-kredits
include_recipe "kosmos-ipfs"
unless node.chef_environment == "development"
include_recipe 'firewall'
firewall_rule 'ipfs_swarm_p2p' do
port 4001
protocol :tcp
command :allow
end
end
application app_path do
data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
owner app_user
group app_group
git do
user app_user
group app_group
repository "https://github.com/67P/hal8000.git"
revision "master"
end
file "#{app_path}/external-scripts.json" do
mode "0640"
owner app_user
group app_group
content node[app_name]['hubot_scripts'].to_json
end
npm_install do
user app_user
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
template "/lib/systemd/system/#{app_name}.service" do
source 'nodejs.systemd.service.erb'
owner 'root'
group 'root'
mode '0644'
variables(
user: app_user,
group: app_user,
app_dir: app_path,
entry: "#{app_path}/bin/hubot -a xmpp --name hal8000",
environment: {
"HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info",
"HUBOT_XMPP_USERNAME" => "hal8000@kosmos.org/hubot",
"HUBOT_XMPP_PASSWORD" => data_bag['xmpp_password'],
"HUBOT_XMPP_HOST" => "xmpp.kosmos.org",
"HUBOT_XMPP_ROOMS" => node[app_name]['rooms'].join(','),
"HUBOT_AUTH_ADMIN" => node[app_name]['auth_admins'].join(','),
"HUBOT_RSS_PRINTSUMMARY" => "false",
"HUBOT_RSS_PRINTERROR" => "false",
"HUBOT_RSS_IRCCOLORS" => "true",
"HUBOT_PLUSPLUS_POINTS_TERM" => "karma,karma",
"HUBOT_RSS_HEADER" => "Update:",
"HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
"REDIS_URL" => "redis://localhost:6379/#{app_name}",
"EXPRESS_PORT" => node[app_name]['http_port'],
"WEBHOOK_TOKEN" => data_bag['webhook_token'],
"IPFS_API_HOST" => node[app_name]['kredits']['ipfs_host'],
"IPFS_API_PORT" => node[app_name]['kredits']['ipfs_port'],
"IPFS_API_PROTOCOL" => node[app_name]['kredits']['ipfs_protocol'],
"KREDITS_ROOM" => node[app_name]['kredits']['room'],
"KREDITS_WEBHOOK_TOKEN" => data_bag['kredits_webhook_token'],
"KREDITS_PROVIDER_URL" => node[app_name]['kredits']['provider_url'],
"KREDITS_NETWORK_ID" => node[app_name]['kredits']['network_id'],
"KREDITS_WALLET_PATH" => node[app_name]['kredits']['wallet_path'],
"KREDITS_WALLET_PASSWORD" => data_bag['kredits_wallet_password'],
"KREDITS_MEDIAWIKI_URL" => node[app_name]['kredits']['mediawiki_url'],
"KREDITS_GITHUB_REPO_BLACKLIST" => node[app_name]['kredits']['github_repo_blacklist'],
"KREDITS_GITEA_REPO_BLACKLIST" => node[app_name]['kredits']['gitea_repo_blacklist']
}
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[#{app_name}]", :delayed
end
cookbook_file "#{app_path}/wallet.json" do
source "wallet.json"
end
service app_name do
action [:enable, :start]
end
end
#
# Nginx reverse proxy
#
unless node.chef_environment == "development"
include_recipe "kosmos-base::letsencrypt"
include_recipe "kosmos-nginx"
template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
source 'nginx_conf_hubot.erb'
owner node["nginx"]["user"]
mode 0640
variables express_port: node[app_name]['http_port'],
server_name: node[app_name]['domain'],
ssl_cert: "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site node[app_name]['domain'] do
action :enable
end
nginx_certbot_site node[app_name]['domain']
end

4
site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb
View File

@ -8,10 +8,10 @@ upstream _express_<%= @server_name.gsub(".", "_") %> {
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
server {
listen 443 ssl http2;
add_header Strict-Transport-Security "max-age=15768000";
server_name <%= @server_name %>;
add_header Strict-Transport-Security "max-age=15768000";
access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json;
error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;

2
site-cookbooks/kosmos-ipfs/metadata.rb
View File

@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
license 'MIT'
description 'Installs/Configures kosmos-ipfs'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'
version '0.1.3'
depends 'ipfs'
depends 'kosmos-base'

2
site-cookbooks/kosmos-ipfs/recipes/cluster.rb
View File

@ -24,7 +24,7 @@
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
node.override['ipfs']['cluster']['version'] = '0.9.0'
node.override['ipfs']['cluster']['version'] = '0.10.1'
include_recipe "ipfs::cluster"
include_recipe "ipfs::cluster_service"

4
site-cookbooks/kosmos-ipfs/recipes/default.rb
View File

@ -24,8 +24,8 @@
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
node.override['ipfs']['version'] = '0.4.18'
node.override['ipfs']['checksum'] = '21e6c44c0fa8edf91a727f1e8257342a4c3a879462e656861b0a179e1f6a03f6'
node.override['ipfs']['version'] = '0.4.20'
node.override['ipfs']['checksum'] = '155dbdb2d7a9b8df38feccf48eb925cf9ab650754dc51994aa1e0bda1c1f9123'
include_recipe "ipfs"
# Configure ipfs

3
site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
View File

@ -33,6 +33,9 @@ server {
location /api/v0/object/data {
proxy_pass http://_ipfs/api/v0/object/data;
}
location /api/v0/id {
proxy_pass http://_ipfs/api/v0/id;
}
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;

6
site-cookbooks/kosmos-mastodon/recipes/default.rb
View File

@ -152,14 +152,14 @@ application mastodon_path do
db_pass: postgresql_data_bag_item['mastodon_user_password']
end
execute do
execute "bundle install" do
environment "HOME" => mastodon_path
user mastodon_user
cwd mastodon_path
command "/opt/ruby_build/builds/#{ruby_version}/bin/bundle install --without development,test --deployment"
end
execute do
execute "yarn install" do
environment "HOME" => mastodon_path
user mastodon_user
cwd mastodon_path
@ -212,7 +212,7 @@ unless node.chef_environment == "development"
node.override["backup"]["postgresql"]["host"] = "localhost"
unless platform?('ubuntu') && node[:platform_version].to_f < 18.04
node.override["backup"]["postgresql"]["username"] = "mastodon"
node.override["backup"]["postgresql"]["password"] = postgres_password
node.override["backup"]["postgresql"]["password"] = postgresql_data_bag_item['mastodon_user_password']
else
node.override["backup"]["postgresql"]["username"] = "postgres"
node.override["backup"]["postgresql"]["password"] = node['postgresql']['password']['postgres']

13
site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
View File

@ -35,6 +35,11 @@ server {
add_header Strict-Transport-Security "max-age=31536000";
location / {
# If the maintenance file is present, show maintenance page
if (-f <%= @mastodon_path %>/public/maintenance.html) {
return 503;
}
try_files $uri @proxy;
}
@ -83,5 +88,11 @@ server {
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;
error_page 500 501 502 504 /500.html;
error_page 503 /maintenance.html;
location = /maintenance.html {
root <%= @mastodon_path %>/public;
}
}

2
site-cookbooks/kosmos-mediawiki/recipes/default.rb
View File

@ -101,7 +101,7 @@ nginx_site server_name do
action :enable
end
nginx_certbot_site server_name unless node.chef_environment == "development"
nginx_certbot_site server_name
#
# Extensions

40
site-cookbooks/kosmos-nginx/files/default/maintenance.html Normal file
View File

File diff suppressed because one or more lines are too long

16
site-cookbooks/kosmos-nginx/recipes/default.rb
View File

@ -60,6 +60,22 @@ cookbook_file "#{node['nginx']['dir']}/conf.d/tls_config.conf" do
notifies :restart, 'service[nginx]'
end
directory node["nginx"]["user_home"] do
owner node["nginx"]["user"]
group node["nginx"]["group"]
action :create
recursive true
end
# Maintenance page, to be copied or served when putting things in maintenance
# mode
cookbook_file "#{node["nginx"]["user_home"]}/maintenance.html" do
source "maintenance.html"
owner node['nginx']['user']
group node['nginx']['group']
mode "0640"
end
unless node.chef_environment == "development"
include_recipe 'kosmos-base::firewall'

2
site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb
View File

@ -6,6 +6,8 @@ property :domain, String, name_property: true
property :site, String
action :create do
return if node.chef_environment == "development"
include_recipe "kosmos-nginx"
domain = new_resource.domain

6
site-cookbooks/kredits-github/CHANGELOG.md Normal file
View File

@ -0,0 +1,6 @@
kredits-github CHANGELOG
========================
0.1.0
-----
- [Râu Cao] - Initial release of kredits-github

20
site-cookbooks/kredits-github/LICENSE Normal file
View File

@ -0,0 +1,20 @@
Copyright (c) 2019 Kosmos Developers
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

35
site-cookbooks/kredits-github/README.md Normal file
View File

@ -0,0 +1,35 @@
kredits-github Cookbook
=======================
This cookbook installs [kredits-github](https://github.com/67P/kredits-github).
Attributes
----------
#### kredits-github::default
<table>
<tr>
<th>Key</th>
<th>Type</th>
<th>Description</th>
<th>Default</th>
</tr>
<tr>
<td><tt>['kredits-github']['port']</tt></td>
<td>String</td>
<td>The local port that kredits-github is running on</td>
<td><tt>3000</tt></td>
</tr>
<tr>
<td><tt>['kredits-github']['revision']</tt></td>
<td>String</td>
<td>Git revision/branch to deploy</td>
<td><tt>master</tt></td>
</tr>
<tr>
<td><tt>['kredits-github']['domain']</tt></td>
<td>String</td>
<td>Domain name for requests to the app</td>
<td><tt>kredits-github.kosmos.org</tt></td>
</tr>
</table>

3
site-cookbooks/kredits-github/attributes/default.rb Normal file
View File

@ -0,0 +1,3 @@
node.default['kredits-github']['port'] = '3000'
node.default['kredits-github']['revision'] = 'master'
node.default['kredits-github']['domain'] = 'kredits-github.kosmos.org'

11
site-cookbooks/kredits-github/metadata.rb Normal file
View File

@ -0,0 +1,11 @@
name 'kredits-github'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'MIT'
description 'Installs/Configures kredits-github'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'
depends 'application_javascript'
depends 'kosmos-nodejs'
depends 'kosmos-nginx'

95
site-cookbooks/kredits-github/recipes/default.rb Normal file
View File

@ -0,0 +1,95 @@
#
# Cookbook Name:: kredits-github
# Recipe:: default
#
# The MIT License (MIT)
#
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
include_recipe 'kosmos-nodejs'
app_name = "kredits-github"
deploy_user = "deploy"
deploy_group = "deploy"
credentials = Chef::EncryptedDataBagItem.load('credentials', app_name)
group deploy_group
user deploy_user do
group deploy_group
manage_home true
shell "/bin/bash"
comment "deploy user"
end
path_to_deploy = "/opt/#{app_name}"
application path_to_deploy do
owner deploy_user
group deploy_group
git do
user deploy_user
group deploy_group
repository "https://github.com/67P/#{app_name}.git"
revision node[app_name]['revision']
end
npm_install do
user deploy_user
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
file "#{path_to_deploy}/github_app_key.pem" do
content credentials['private_key']
owner deploy_user
group deploy_group
mode '0440'
end
template "/lib/systemd/system/#{app_name}.service" do
source 'nodejs.systemd.service.erb'
owner 'root'
group 'root'
mode '0640'
variables(
user: deploy_user,
group: deploy_group,
app_dir: path_to_deploy,
entry: "/usr/bin/node /usr/bin/npm start",
environment: {
'LOG_LEVEL' => "info",
'APP_ID' => credentials['app_id'],
'PRIVATE_KEY_PATH' => "#{path_to_deploy}/github_app_key.pem",
'WEBHOOK_SECRET' => credentials['webhook_secret'],
}
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[#{app_name}]", :delayed
end
service app_name do
action [:enable, :start]
end
end

46
site-cookbooks/kredits-github/recipes/nginx.rb Normal file
View File

@ -0,0 +1,46 @@
#
# Cookbook Name:: kredits-github
# Recipe:: nginx
#
# The MIT License (MIT)
#
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
include_recipe 'kosmos-nginx'
server_name = node['kredits-github']['domain']
template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
source 'nginx_conf.erb'
owner 'www-data'
mode 0640
variables app_name: "kredits-github",
nodejs_port: node['kredits-github']['port'],
server_name: server_name,
ssl_cert: "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{server_name}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site server_name do
action :enable
end
nginx_certbot_site server_name

26
site-cookbooks/kredits-github/templates/default/nginx_conf.erb Normal file
View File

@ -0,0 +1,26 @@
# Generated by Chef
upstream _<%= @app_name %> {
server localhost:<%= @nodejs_port %>;
}
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
server {
listen 443 ssl http2;
server_name <%= @server_name %>;
access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log json;
error_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.error.log warn;
gzip on;
add_header Strict-Transport-Security "max-age=15768000";
location / {
proxy_buffers 1024 8k; # Increase number of buffers. Default is 8
proxy_pass http://_<%= @app_name %>;
}
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
}
<% end -%>

15
site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=Start nodejs app
[Service]
ExecStart=<%= @entry %>
WorkingDirectory=<%= @app_dir %>
User=<%= @user %>
Group=<%= @group %>
<% unless @environment.empty? -%>
Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %>
<% end -%>
Restart=always
[Install]
WantedBy=multi-user.target