diff --git a/site-cookbooks/kosmos-hubot/metadata.rb b/site-cookbooks/kosmos-hubot/metadata.rb index a41559b..16bea56 100644 --- a/site-cookbooks/kosmos-hubot/metadata.rb +++ b/site-cookbooks/kosmos-hubot/metadata.rb @@ -1,8 +1,8 @@ name 'kosmos-hubot' maintainer 'Kosmos' maintainer_email 'mail@kosmos.org' -license 'All rights reserved' -description 'Installs/Configures kosmos-hubot' +license 'MIT' +description 'Configures Kosmos chat bots' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.1.0' @@ -10,3 +10,4 @@ depends 'kosmos-nodejs' depends 'kosmos-redis' depends 'firewall' depends 'application_javascript' +depends 'ipfs' diff --git a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb new file mode 100644 index 0000000..e9b4f6b --- /dev/null +++ b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb @@ -0,0 +1,129 @@ +# +# Cookbook Name:: kosmos-hubot +# Recipe:: botka_freenode +# +# Copyright 2017-2018, Kosmos +# +include_recipe "kosmos-nodejs" +include_recipe "kosmos-redis" + +botka_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'botka_freenode') + +botka_freenode_path = "/opt/botka_freenode" +application botka_freenode_path do + owner "hubot" + group "hubot" + + git do + user "hubot" + group "hubot" + repository "https://github.com/67P/botka.git" + revision "master" + end + + file "#{name}/external-scripts.json" do + mode "0640" + owner "hubot" + group "hubot" + content [ + "hubot-help", + "hubot-redis-brain", + "hubot-remotestorage-logger", + "hubot-web-push-notifications", + ].to_json + end + + npm_install do + user "hubot" + end + + execute "systemctl daemon-reload" do + command "systemctl daemon-reload" + action :nothing + end + + template "/lib/systemd/system/botka_freenode_nodejs.service" do + source 'nodejs.systemd.service.erb' + owner 'root' + group 'root' + mode '0644' + variables( + user: "hubot", + group: "hubot", + app_dir: botka_freenode_path, + entry: "#{botka_freenode_path}/bin/hubot -a irc", + environment: { + "HUBOT_IRC_SERVER" => "irc.freenode.net", + "HUBOT_IRC_ROOMS" => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#opensourcedesign,#openknot,#emberjs,#mastodon,#indieweb,#lnd", + "HUBOT_IRC_NICK" => "botka", + "HUBOT_IRC_NICKSERV_USERNAME" => "botka", + "HUBOT_IRC_NICKSERV_PASSWORD" => botka_freenode_data_bag_item['nickserv_password'], + "HUBOT_IRC_UNFLOOD" => "100", + "HUBOT_RSS_PRINTSUMMARY" => "false", + "HUBOT_RSS_PRINTERROR" => "false", + "HUBOT_RSS_IRCCOLORS" => "true", + # "HUBOT_LOG_LEVEL" => "error", + "EXPRESS_PORT" => "8081", + "HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao", + "RS_LOGGER_USER" => "kosmos@5apps.com", + "RS_LOGGER_TOKEN" => botka_freenode_data_bag_item['rs_logger_token'], + "RS_LOGGER_SERVER_NAME" => "freenode", + "RS_LOGGER_PUBLIC" => "true", + "GCM_API_KEY" => botka_freenode_data_bag_item['gcm_api_key'], + "VAPID_SUBJECT" => "https://kosmos.org", + "VAPID_PUBLIC_KEY" => botka_freenode_data_bag_item['vapid_public_key'], + "VAPID_PRIVATE_KEY" => botka_freenode_data_bag_item['vapid_private_key'] + } + ) + notifies :run, "execute[systemctl daemon-reload]", :delayed + notifies :restart, "service[botka_freenode_nodejs]", :delayed + end + + service "botka_freenode_nodejs" do + action [:enable, :start] + end +end + +# +# Nginx reverse proxy +# +unless node.chef_environment == "development" + express_port = 8081 + express_domain = "freenode.botka.kosmos.org" + + include_recipe "kosmos-base::letsencrypt" + + include_recipe 'kosmos-nginx' + + directory "/var/www/#{express_domain}/.well-known/acme-challenge" do + owner node["nginx"]["user"] + group node["nginx"]["group"] + recursive true + action :create + end + + template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do + source 'nginx_conf_hubot.erb' + owner node["nginx"]["user"] + mode 0640 + variables express_port: express_port, + server_name: express_domain, + ssl_cert: "/etc/letsencrypt/live/#{express_domain}/fullchain.pem", + ssl_key: "/etc/letsencrypt/live/#{express_domain}/privkey.pem" + notifies :reload, 'service[nginx]', :delayed + end + + nginx_site express_domain do + enable true + end + + # FIXME This doesn't actually work on the first run. Apparently nginx is not + # reloaded after adding the vhost or sth, because it does work on the second + # run. + execute "letsencrypt cert for #{express_domain}" do + command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n" + cwd "/usr/local/certbot" + not_if { File.exist? "/etc/letsencrypt/live/#{express_domain}/fullchain.pem" } + notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{express_domain}]", :immediately + end +end diff --git a/site-cookbooks/kosmos-hubot/recipes/default.rb b/site-cookbooks/kosmos-hubot/recipes/default.rb index 5560692..1acd008 100644 --- a/site-cookbooks/kosmos-hubot/recipes/default.rb +++ b/site-cookbooks/kosmos-hubot/recipes/default.rb @@ -2,9 +2,7 @@ # Cookbook Name:: kosmos-hubot # Recipe:: default # -# Copyright 2017, Kosmos -# -# All rights reserved - Do Not Redistribute +# Copyright 2017-2018, Kosmos # unless node.chef_environment == "development" @@ -30,220 +28,5 @@ user "hubot" do shell "/bin/bash" end -hal8000_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'hal8000_freenode') - -hal8000_path = "/opt/hal8000" -application hal8000_path do - owner "hubot" - group "hubot" - - git do - user "hubot" - group "hubot" - repository "https://github.com/67P/hal8000.git" - revision "master" - end - - file "#{name}/external-scripts.json" do - mode "0640" - owner "hubot" - group "hubot" - content [ - "hubot-help", - "hubot-read-tweet", - "hubot-redis-brain", - "hubot-rules", - "hubot-shipit", - "hubot-plusplus", - "hubot-tell", - "hubot-seen", - "hubot-rss-reader", - "hubot-incoming-webhook", - "hubot-auth", - "hubot-kredits", - ].to_json - end - - npm_install do - user "hubot" - end - - execute "systemctl daemon-reload" do - command "systemctl daemon-reload" - action :nothing - end - - template "/lib/systemd/system/hal8000_nodejs.service" do - source 'nodejs.systemd.service.erb' - owner 'root' - group 'root' - mode '0644' - variables( - user: "hubot", - group: "hubot", - app_dir: hal8000_path, - entry: "#{hal8000_path}/bin/hubot -a irc", - environment: { - # "HUBOT_LOG_LEVEL" => "error", - "HUBOT_IRC_SERVER" => "irc.freenode.net", - "HUBOT_IRC_ROOMS" => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub", - "HUBOT_IRC_NICK" => "hal8000", - "HUBOT_IRC_NICKSERV_USERNAME" => "hal8000", - "HUBOT_IRC_NICKSERV_PASSWORD" => hal8000_freenode_data_bag_item['nickserv_password'], - "HUBOT_IRC_UNFLOOD" => "100", - "HUBOT_RSS_PRINTSUMMARY" => "false", - "HUBOT_RSS_PRINTERROR" => "false", - "HUBOT_RSS_IRCCOLORS" => "true", - "HUBOT_PLUSPLUS_POINTS_TERM" => "karma,karma", - "EXPRESS_PORT" => "8080", - "HUBOT_RSS_HEADER" => "Update:", - "HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao", - "WEBHOOK_TOKEN" => hal8000_freenode_data_bag_item['webhook_token'], - "IPFS_API_HOST" => node['hal8000']['kredits']['ipfs_host'], - "IPFS_API_PORT" => node['hal8000']['kredits']['ipfs_port'], - "IPFS_API_PROTOCOL" => node['hal8000']['kredits']['ipfs_protocol'], - "KREDITS_ROOM" => node['hal8000']['kredits']['room'], - "KREDITS_WEBHOOK_TOKEN" => hal8000_freenode_data_bag_item['kredits_webhook_token'], - "KREDITS_PROVIDER_URL" => node['hal8000']['kredits']['provider_url'], - "KREDITS_NETWORK_ID" => node['hal8000']['kredits']['network_id'], - "KREDITS_WALLET_PATH" => node['hal8000']['kredits']['wallet_path'], - "KREDITS_WALLET_PASSWORD" => hal8000_freenode_data_bag_item['kredits_wallet_password'], - "KREDITS_MEDIAWIKI_URL" => node['hal8000']['kredits']['mediawiki_url'], - "KREDITS_GITHUB_REPO_BLACKLIST" => node['hal8000']['kredits']['github_repo_blacklist'] - } - ) - notifies :run, "execute[systemctl daemon-reload]", :delayed - notifies :restart, "service[hal8000_nodejs]", :delayed - end - - cookbook_file "#{name}/wallet.json" do - source "wallet.json" - end - - service "hal8000_nodejs" do - action [:enable, :start] - end -end - -botka_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'botka_freenode') - -botka_freenode_path = "/opt/botka_freenode" -application botka_freenode_path do - owner "hubot" - group "hubot" - - git do - user "hubot" - group "hubot" - repository "https://github.com/67P/botka.git" - revision "master" - end - - file "#{name}/external-scripts.json" do - mode "0640" - owner "hubot" - group "hubot" - content [ - "hubot-help", - "hubot-redis-brain", - "hubot-remotestorage-logger", - "hubot-web-push-notifications", - ].to_json - end - - npm_install do - user "hubot" - end - - execute "systemctl daemon-reload" do - command "systemctl daemon-reload" - action :nothing - end - - template "/lib/systemd/system/botka_freenode_nodejs.service" do - source 'nodejs.systemd.service.erb' - owner 'root' - group 'root' - mode '0644' - variables( - user: "hubot", - group: "hubot", - app_dir: botka_freenode_path, - entry: "#{botka_freenode_path}/bin/hubot -a irc", - environment: { - "HUBOT_IRC_SERVER" => "irc.freenode.net", - "HUBOT_IRC_ROOMS" => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#opensourcedesign,#openknot,#emberjs,#mastodon,#indieweb,#lnd", - "HUBOT_IRC_NICK" => "botka", - "HUBOT_IRC_NICKSERV_USERNAME" => "botka", - "HUBOT_IRC_NICKSERV_PASSWORD" => botka_freenode_data_bag_item['nickserv_password'], - "HUBOT_IRC_UNFLOOD" => "100", - "HUBOT_RSS_PRINTSUMMARY" => "false", - "HUBOT_RSS_PRINTERROR" => "false", - "HUBOT_RSS_IRCCOLORS" => "true", - # "HUBOT_LOG_LEVEL" => "error", - "EXPRESS_PORT" => "8081", - "HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao", - "RS_LOGGER_USER" => "kosmos@5apps.com", - "RS_LOGGER_TOKEN" => botka_freenode_data_bag_item['rs_logger_token'], - "RS_LOGGER_SERVER_NAME" => "freenode", - "RS_LOGGER_PUBLIC" => "true", - "GCM_API_KEY" => botka_freenode_data_bag_item['gcm_api_key'], - "VAPID_SUBJECT" => "https://kosmos.org", - "VAPID_PUBLIC_KEY" => botka_freenode_data_bag_item['vapid_public_key'], - "VAPID_PRIVATE_KEY" => botka_freenode_data_bag_item['vapid_private_key'] - } - ) - notifies :run, "execute[systemctl daemon-reload]", :delayed - notifies :restart, "service[botka_freenode_nodejs]", :delayed - end - - service "botka_freenode_nodejs" do - action [:enable, :start] - end -end - -# -# Nginx reverse proxy -# -express_port = 8081 -express_domain = "freenode.botka.kosmos.org" - -unless node.chef_environment == "development" - include_recipe "kosmos-base::letsencrypt" -end - -include_recipe 'kosmos-nginx' - -directory "/var/www/#{express_domain}/.well-known/acme-challenge" do - owner node["nginx"]["user"] - group node["nginx"]["group"] - recursive true - action :create -end - -template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do - source 'nginx_conf_hubot.erb' - owner node["nginx"]["user"] - mode 0640 - variables express_port: express_port, - server_name: express_domain, - ssl_cert: "/etc/letsencrypt/live/#{express_domain}/fullchain.pem", - ssl_key: "/etc/letsencrypt/live/#{express_domain}/privkey.pem" - notifies :reload, 'service[nginx]', :delayed -end - -nginx_site express_domain do - enable true -end - -# FIXME This doesn't actually work on the first run. Apparently nginx is not -# reloaded after adding the vhost or sth, because it does work on the second -# run. -unless node.chef_environment == "development" - execute "letsencrypt cert for #{express_domain}" do - command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n" - cwd "/usr/local/certbot" - not_if { File.exist? "/etc/letsencrypt/live/#{express_domain}/fullchain.pem" } - notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{express_domain}]", :immediately - end -end +include_recipe "kosmos-hubot::hal8000" +include_recipe "kosmos-hubot::botka_freenode" diff --git a/site-cookbooks/kosmos-hubot/recipes/hal8000.rb b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb new file mode 100644 index 0000000..def41cf --- /dev/null +++ b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb @@ -0,0 +1,121 @@ +# +# Cookbook Name:: kosmos-hubot +# Recipe:: hal8000 +# +# Copyright 2017-2018, Kosmos +# +include_recipe "kosmos-nodejs" +include_recipe "kosmos-redis" + +# Needed for hubot-kredits +include_recipe "kosmos-ipfs" + +unless node.chef_environment == "development" + include_recipe 'firewall' + firewall_rule 'hubot_express_hal8000_freenode' do + port 8080 + protocol :tcp + command :allow + end + firewall_rule 'ipfs_swarm_p2p' do + port 4001 + protocol :tcp + command :allow + end +end + +hal8000_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'hal8000_freenode') + +hal8000_path = "/opt/hal8000" +application hal8000_path do + owner "hubot" + group "hubot" + + git do + user "hubot" + group "hubot" + repository "https://github.com/67P/hal8000.git" + revision "master" + end + + file "#{name}/external-scripts.json" do + mode "0640" + owner "hubot" + group "hubot" + content [ + "hubot-help", + "hubot-read-tweet", + "hubot-redis-brain", + "hubot-rules", + "hubot-shipit", + "hubot-plusplus", + "hubot-tell", + "hubot-seen", + "hubot-rss-reader", + "hubot-incoming-webhook", + "hubot-auth", + "hubot-kredits", + ].to_json + end + + npm_install do + user "hubot" + end + + execute "systemctl daemon-reload" do + command "systemctl daemon-reload" + action :nothing + end + + template "/lib/systemd/system/hal8000_nodejs.service" do + source 'nodejs.systemd.service.erb' + owner 'root' + group 'root' + mode '0644' + variables( + user: "hubot", + group: "hubot", + app_dir: hal8000_path, + entry: "#{hal8000_path}/bin/hubot -a irc", + environment: { + # "HUBOT_LOG_LEVEL" => "error", + "HUBOT_IRC_SERVER" => "irc.freenode.net", + "HUBOT_IRC_ROOMS" => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub", + "HUBOT_IRC_NICK" => "hal8000", + "HUBOT_IRC_NICKSERV_USERNAME" => "hal8000", + "HUBOT_IRC_NICKSERV_PASSWORD" => hal8000_freenode_data_bag_item['nickserv_password'], + "HUBOT_IRC_UNFLOOD" => "100", + "HUBOT_RSS_PRINTSUMMARY" => "false", + "HUBOT_RSS_PRINTERROR" => "false", + "HUBOT_RSS_IRCCOLORS" => "true", + "HUBOT_PLUSPLUS_POINTS_TERM" => "karma,karma", + "EXPRESS_PORT" => "8080", + "HUBOT_RSS_HEADER" => "Update:", + "HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao", + "WEBHOOK_TOKEN" => hal8000_freenode_data_bag_item['webhook_token'], + "IPFS_API_HOST" => node['hal8000']['kredits']['ipfs_host'], + "IPFS_API_PORT" => node['hal8000']['kredits']['ipfs_port'], + "IPFS_API_PROTOCOL" => node['hal8000']['kredits']['ipfs_protocol'], + "KREDITS_ROOM" => node['hal8000']['kredits']['room'], + "KREDITS_WEBHOOK_TOKEN" => hal8000_freenode_data_bag_item['kredits_webhook_token'], + "KREDITS_PROVIDER_URL" => node['hal8000']['kredits']['provider_url'], + "KREDITS_NETWORK_ID" => node['hal8000']['kredits']['network_id'], + "KREDITS_WALLET_PATH" => node['hal8000']['kredits']['wallet_path'], + "KREDITS_WALLET_PASSWORD" => hal8000_freenode_data_bag_item['kredits_wallet_password'], + "KREDITS_MEDIAWIKI_URL" => node['hal8000']['kredits']['mediawiki_url'], + "KREDITS_GITHUB_REPO_BLACKLIST" => node['hal8000']['kredits']['github_repo_blacklist'] + } + ) + notifies :run, "execute[systemctl daemon-reload]", :delayed + notifies :restart, "service[hal8000_nodejs]", :delayed + end + + cookbook_file "#{name}/wallet.json" do + source "wallet.json" + end + + service "hal8000_nodejs" do + action [:enable, :start] + end +end + diff --git a/site-cookbooks/kosmos-ipfs/recipes/default.rb b/site-cookbooks/kosmos-ipfs/recipes/default.rb index 2cf553d..adf4853 100644 --- a/site-cookbooks/kosmos-ipfs/recipes/default.rb +++ b/site-cookbooks/kosmos-ipfs/recipes/default.rb @@ -7,7 +7,6 @@ # All rights reserved - Do Not Redistribute # -require 'json' include_recipe "ipfs" # Configure ipfs