kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Replace application cookbook with git resource

Browse Source
This commit is contained in:
Greg Karékinian 2023-06-28 18:53:59 +02:00
parent 3cf9c3868b
commit 3a5a038f7e
4 changed files with 163 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
site-cookbooks/kosmos-hubot/metadata.rb
View File

@ -10,6 +10,5 @@ depends 'kosmos-base'
depends 'kosmos-nodejs' depends 'kosmos-nodejs'
depends 'kosmos-ipfs' depends 'kosmos-ipfs'
depends 'firewall' depends 'firewall'
depends 'application_javascript'
depends 'git' depends 'git'
depends 'redisio' depends 'redisio'

143
site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb
View File

@ -18,85 +18,86 @@ include_recipe "kosmos-hubot::_user"
include_recipe "kosmos-hubot::_nodejs" include_recipe "kosmos-hubot::_nodejs"
include_recipe "kosmos-base::firewall" include_recipe "kosmos-base::firewall"
application app_path do credentials = Chef::EncryptedDataBagItem.load('credentials', app_name)
credentials = Chef::EncryptedDataBagItem.load('credentials', app_name)
git app_path do
user app_user
group app_group
repository "https://gitea.kosmos.org/kosmos/botka.git"
revision "master"
notifies :restart, "systemd_unit[#{app_name}.service]", :delayed
end
file "#{app_path}/external-scripts.json" do
mode "0640"
owner app_user owner app_user
group app_group group app_group
content [
"hubot-help",
"hubot-redis-brain",
"hubot-remotestorage-logger",
"hubot-web-push-notifications",
].to_json
end
git do execute "npm install" do
user app_user cwd app_path
group app_group environment "HOME" => app_path
repository "https://gitea.kosmos.org/kosmos/botka.git" user app_user
revision "master" end
end
file "#{app_path}/external-scripts.json" do service_env = {
mode "0640" "HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info",
owner app_user "HUBOT_IRC_USESSL" => "true",
group app_group "HUBOT_IRC_SERVER" => credentials["znc_host"],
content [ "HUBOT_IRC_PORT" => credentials["znc_port"],
"hubot-help", "HUBOT_IRC_NICK" => "botka",
"hubot-redis-brain", "HUBOT_IRC_USERNAME" => credentials['znc_user'],
"hubot-remotestorage-logger", "HUBOT_IRC_PASSWORD" => credentials['znc_password'],
"hubot-web-push-notifications", "HUBOT_IRC_REALNAME" => "botka (kosmos)",
].to_json "HUBOT_IRC_ROOMS" => "#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#mastodon",
end "HUBOT_IRC_UNFLOOD" => "100",
"HUBOT_RSS_PRINTSUMMARY" => "false",
"HUBOT_RSS_PRINTERROR" => "false",
"HUBOT_RSS_IRCCOLORS" => "true",
"REDIS_URL" => "redis://localhost:6379/botka",
"EXPRESS_PORT" => node[app_name]['http_port'],
"HUBOT_AUTH_ADMIN" => "bkero,raucao",
"HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
"RS_LOGGER_USER" => "kosmos@5apps.com",
"RS_LOGGER_TOKEN" => credentials['rs_logger_token'],
"RS_LOGGER_SERVER_NAME" => "irc.libera.chat",
"RS_LOGGER_PUBLIC" => "true",
"GCM_API_KEY" => credentials['gcm_api_key'],
"VAPID_SUBJECT" => "https://kosmos.org",
"VAPID_PUBLIC_KEY" => credentials['vapid_public_key'],
"VAPID_PRIVATE_KEY" => credentials['vapid_private_key']
}
npm_install do systemd_unit "#{app_name}.service" do
user app_user content({
end Unit: {
Description: app_name,
Requires: "redis@6379.service",
After: "redis@6379.service"
},
execute "systemctl daemon-reload" do Service: {
command "systemctl daemon-reload" ExecStart: "#{app_path}/bin/hubot -a irc",
action :nothing WorkingDirectory: app_path,
end User: app_user,
Group: app_group,
Environment: service_env.map { |k, v| "'#{k}=#{v}'" },
Restart: 'always'
},
template "/lib/systemd/system/#{app_name}.service" do Install: {
source 'nodejs.systemd.service.erb' WantedBy: 'multi-user.target'
owner 'root' }
group 'root' })
mode '0644' verify false
variables( triggers_reload true
user: app_user, action [:create, :enable, :start]
group: app_group,
app_dir: app_path,
entry: "#{app_path}/bin/hubot -a irc",
environment: {
"HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info",
"HUBOT_IRC_USESSL" => "true",
"HUBOT_IRC_SERVER" => credentials["znc_host"],
"HUBOT_IRC_PORT" => credentials["znc_port"],
"HUBOT_IRC_NICK" => "botka",
"HUBOT_IRC_USERNAME" => credentials['znc_user'],
"HUBOT_IRC_PASSWORD" => credentials['znc_password'],
"HUBOT_IRC_REALNAME" => "botka (kosmos)",
"HUBOT_IRC_ROOMS" => "#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#mastodon",
"HUBOT_IRC_UNFLOOD" => "100",
"HUBOT_RSS_PRINTSUMMARY" => "false",
"HUBOT_RSS_PRINTERROR" => "false",
"HUBOT_RSS_IRCCOLORS" => "true",
"REDIS_URL" => "redis://localhost:6379/botka",
"EXPRESS_PORT" => node[app_name]['http_port'],
"HUBOT_AUTH_ADMIN" => "bkero,raucao",
"HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
"RS_LOGGER_USER" => "kosmos@5apps.com",
"RS_LOGGER_TOKEN" => credentials['rs_logger_token'],
"RS_LOGGER_SERVER_NAME" => "irc.libera.chat",
"RS_LOGGER_PUBLIC" => "true",
"GCM_API_KEY" => credentials['gcm_api_key'],
"VAPID_SUBJECT" => "https://kosmos.org",
"VAPID_PUBLIC_KEY" => credentials['vapid_public_key'],
"VAPID_PRIVATE_KEY" => credentials['vapid_private_key']
}
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[#{app_name}]", :delayed
end
service app_name do
action [:enable, :start]
end
end end
firewall_rule app_name do firewall_rule app_name do

181
site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
View File

@ -18,41 +18,40 @@ include_recipe "kosmos-hubot::_user"
include_recipe "kosmos-hubot::_nodejs" include_recipe "kosmos-hubot::_nodejs"
include_recipe "kosmos-base::firewall" include_recipe "kosmos-base::firewall"
application app_path do data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
git app_path do
user app_user
group app_group
repository "https://gitea.kosmos.org/kosmos/hal8000.git"
revision "master"
notifies :restart, "systemd_unit[#{app_name}.service]", :delayed
end
file "#{app_path}/external-scripts.json" do
mode "0640"
owner app_user owner app_user
group app_group group app_group
content node[app_name]['hubot_scripts'].to_json
end
git do execute "npm install" do
user app_user cwd app_path
group app_group environment "HOME" => app_path
repository "https://gitea.kosmos.org/kosmos/hal8000.git" user app_user
revision "master" end
end
file "#{app_path}/external-scripts.json" do ipfs_host = search(:node, "role:ipfs_gateway").first["knife_zero"]["host"]
mode "0640" node.override[app_name]['kredits']['ipfs_host'] = ipfs_host
owner app_user
group app_group
content node[app_name]['hubot_scripts'].to_json
end
npm_install do rsk_node_ip = search(:node, "role:rskj_testnet").first["knife_zero"]["host"]
user app_user node.override[app_name]['kredits']['provider_url'] = "http://#{rsk_node_ip}:4444"
end
ipfs_host = search(:node, "role:ipfs_gateway").first["knife_zero"]["host"] file "#{app_path}/node_modules/@kredits/hubot-kredits/.env" do
node.override[app_name]['kredits']['ipfs_host'] = ipfs_host mode "0600"
owner app_user
rsk_node_ip = search(:node, "role:rskj_testnet").first["knife_zero"]["host"] group app_group
node.override[app_name]['kredits']['provider_url'] = "http://#{rsk_node_ip}:4444" content <<-EOF
file "#{app_path}/node_modules/@kredits/hubot-kredits/.env" do
mode "0600"
owner app_user
group app_group
content <<-EOF
GITEA_TOKEN=#{data_bag['gitea_token']} GITEA_TOKEN=#{data_bag['gitea_token']}
GITHUB_TOKEN=#{data_bag['github_token']} GITHUB_TOKEN=#{data_bag['github_token']}
KREDITS_PROVIDER_URL=#{node[app_name]['kredits']['provider_url']} KREDITS_PROVIDER_URL=#{node[app_name]['kredits']['provider_url']}
@ -61,72 +60,74 @@ IPFS_API_PORT=#{node[app_name]['kredits']['ipfs_port']}
IPFS_API_PROTOCOL=#{node[app_name]['kredits']['ipfs_protocol']} IPFS_API_PROTOCOL=#{node[app_name]['kredits']['ipfs_protocol']}
KREDITS_WALLET_PATH=../../#{node[app_name]['kredits']['wallet_path']} KREDITS_WALLET_PATH=../../#{node[app_name]['kredits']['wallet_path']}
KREDITS_WALLET_PASSWORD=#{data_bag['kredits_wallet_password']} KREDITS_WALLET_PASSWORD=#{data_bag['kredits_wallet_password']}
EOF EOF
end end
execute "systemctl daemon-reload" do cookbook_file "#{app_path}/wallet.json" do
command "systemctl daemon-reload" source "wallet.json"
action :nothing end
end
template "/lib/systemd/system/#{app_name}.service" do service_env = {
source 'nodejs.systemd.service.erb' "HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info",
owner 'root' "HUBOT_XMPP_USERNAME" => "hal8000@kosmos.org/hubot",
group 'root' "HUBOT_XMPP_PASSWORD" => data_bag['xmpp_password'],
mode '0644' "HUBOT_XMPP_HOST" => "xmpp.kosmos.org",
variables( "HUBOT_XMPP_ROOMS" => node[app_name]['rooms'].join(','),
user: app_user, "HUBOT_AUTH_ADMIN" => node[app_name]['auth_admins'].join(','),
group: app_user, "HUBOT_RSS_PRINTSUMMARY" => "false",
app_dir: app_path, "HUBOT_RSS_PRINTERROR" => "false",
entry: "#{app_path}/bin/hubot -a xmpp --name hal8000", "HUBOT_RSS_IRCCOLORS" => "true",
environment: { "HUBOT_PLUSPLUS_POINTS_TERM" => "karma,karma",
"HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info", "HUBOT_RSS_HEADER" => "Update:",
"HUBOT_XMPP_USERNAME" => "hal8000@kosmos.org/hubot", "HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
"HUBOT_XMPP_PASSWORD" => data_bag['xmpp_password'], "REDIS_URL" => "redis://localhost:6379/#{app_name}",
"HUBOT_XMPP_HOST" => "xmpp.kosmos.org", "EXPRESS_PORT" => node[app_name]['http_port'],
"HUBOT_XMPP_ROOMS" => node[app_name]['rooms'].join(','), "WEBHOOK_TOKEN" => data_bag['webhook_token'],
"HUBOT_AUTH_ADMIN" => node[app_name]['auth_admins'].join(','), "IPFS_API_HOST" => node[app_name]['kredits']['ipfs_host'],
"HUBOT_RSS_PRINTSUMMARY" => "false", "IPFS_API_PORT" => node[app_name]['kredits']['ipfs_port'],
"HUBOT_RSS_PRINTERROR" => "false", "IPFS_API_PROTOCOL" => node[app_name]['kredits']['ipfs_protocol'],
"HUBOT_RSS_IRCCOLORS" => "true", "KREDITS_WEB_URL" => node[app_name]['kredits']['web_url'],
"HUBOT_PLUSPLUS_POINTS_TERM" => "karma,karma", "KREDITS_ROOM" => node[app_name]['kredits']['room'],
"HUBOT_RSS_HEADER" => "Update:", "KREDITS_WEBHOOK_TOKEN" => data_bag['kredits_webhook_token'],
"HUBOT_HELP_REPLY_IN_PRIVATE" => "true", "KREDITS_PROVIDER_URL" => node[app_name]['kredits']['provider_url'],
"REDIS_URL" => "redis://localhost:6379/#{app_name}", "KREDITS_WALLET_PATH" => node[app_name]['kredits']['wallet_path'],
"EXPRESS_PORT" => node[app_name]['http_port'], "KREDITS_WALLET_PASSWORD" => data_bag['kredits_wallet_password'],
"WEBHOOK_TOKEN" => data_bag['webhook_token'], "KREDITS_MEDIAWIKI_URL" => node[app_name]['kredits']['mediawiki_url'],
"IPFS_API_HOST" => node[app_name]['kredits']['ipfs_host'], "KREDITS_GITHUB_REPO_BLACKLIST" => node[app_name]['kredits']['github_repo_blacklist'],
"IPFS_API_PORT" => node[app_name]['kredits']['ipfs_port'], "KREDITS_GITEA_REPO_BLACKLIST" => node[app_name]['kredits']['gitea_repo_blacklist'],
"IPFS_API_PROTOCOL" => node[app_name]['kredits']['ipfs_protocol'], "KREDITS_GRANT_HOST" => node[app_name]['domain'],
"KREDITS_WEB_URL" => node[app_name]['kredits']['web_url'], "KREDITS_GRANT_PROTOCOL" => "https",
"KREDITS_ROOM" => node[app_name]['kredits']['room'], "KREDITS_SESSION_SECRET" => data_bag['kredits_session_secret'],
"KREDITS_WEBHOOK_TOKEN" => data_bag['kredits_webhook_token'], "KREDITS_GITHUB_KEY" => data_bag['kredits_github_key'],
"KREDITS_PROVIDER_URL" => node[app_name]['kredits']['provider_url'], "KREDITS_GITHUB_SECRET" => data_bag['kredits_github_secret'],
"KREDITS_WALLET_PATH" => node[app_name]['kredits']['wallet_path'], "KREDITS_ZOOM_JWT" => data_bag['kredits_zoom_jwt'],
"KREDITS_WALLET_PASSWORD" => data_bag['kredits_wallet_password'], "KREDITS_ZOOM_MEETING_WHITELIST" => "414901303,82557072771"
"KREDITS_MEDIAWIKI_URL" => node[app_name]['kredits']['mediawiki_url'], }
"KREDITS_GITHUB_REPO_BLACKLIST" => node[app_name]['kredits']['github_repo_blacklist'],
"KREDITS_GITEA_REPO_BLACKLIST" => node[app_name]['kredits']['gitea_repo_blacklist'],
"KREDITS_GRANT_HOST" => node[app_name]['domain'],
"KREDITS_GRANT_PROTOCOL" => "https",
"KREDITS_SESSION_SECRET" => data_bag['kredits_session_secret'],
"KREDITS_GITHUB_KEY" => data_bag['kredits_github_key'],
"KREDITS_GITHUB_SECRET" => data_bag['kredits_github_secret'],
"KREDITS_ZOOM_JWT" => data_bag['kredits_zoom_jwt'],
"KREDITS_ZOOM_MEETING_WHITELIST" => "414901303,82557072771"
}
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[#{app_name}]", :delayed
end
cookbook_file "#{app_path}/wallet.json" do systemd_unit "#{app_name}.service" do
source "wallet.json" content({
end Unit: {
Description: app_name,
Requires: "redis@6379.service",
After: "redis@6379.service"
},
service app_name do Service: {
action [:enable, :start] ExecStart: "#{app_path}/bin/hubot -a xmpp --name hal8000",
end WorkingDirectory: app_path,
User: app_user,
Group: app_group,
Environment: service_env.map { |k, v| "'#{k}=#{v}'" },
Restart: 'always'
},
Install: {
WantedBy: 'multi-user.target'
}
})
verify false
triggers_reload true
action [:create, :enable, :start]
end end
firewall_rule app_name do firewall_rule app_name do

19
site-cookbooks/kosmos-hubot/templates/default/nodejs.systemd.service.erb
View File

@ -1,19 +0,0 @@
[Unit]
Description=Start nodejs app
<% unless @without_redis %>
Requires=redis@6379.service
After=redis@6379.service
<% end %>
[Service]
ExecStart=<%= @entry %>
WorkingDirectory=<%= @app_dir %>
User=<%= @user %>
Group=<%= @group %>
<% unless @environment.empty? -%>
Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %>
<% end -%>
Restart=always
[Install]
WantedBy=multi-user.target