From 438ee4ace04ad594d19c5109b4bb2b3b8ec031c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A2u=20Cao?= <raucao@kip.pe>
Date: Sun, 30 Jul 2023 12:35:21 +0200
Subject: [PATCH] Migrate Gitea SSH stream to openresty

---
 nodes/draco.kosmos.org.json                     |  1 +
 nodes/fornax.kosmos.org.json                    |  1 -
 roles/openresty_proxy.rb                        |  1 +
 .../kosmos_gitea/recipes/nginx_ssh.rb           | 17 ++++++++---------
 .../templates/default/nginx_conf_ssh.erb        |  2 +-
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json
index ac1ee25..c2432b1 100644
--- a/nodes/draco.kosmos.org.json
+++ b/nodes/draco.kosmos.org.json
@@ -47,6 +47,7 @@
       "kosmos_drone::nginx",
       "kosmos_garage::nginx_web",
       "kosmos_gitea::nginx",
+      "kosmos_gitea::nginx_ssh",
       "kosmos_rsk::nginx_testnet",
       "kosmos_rsk::nginx_mainnet",
       "kosmos_website",
diff --git a/nodes/fornax.kosmos.org.json b/nodes/fornax.kosmos.org.json
index 5d6222f..f648554 100644
--- a/nodes/fornax.kosmos.org.json
+++ b/nodes/fornax.kosmos.org.json
@@ -102,7 +102,6 @@
     "role[base]",
     "role[kvm_host]",
     "role[nginx_proxy]",
-    "kosmos_gitea::nginx_ssh",
     "role[zerotier_controller]"
   ]
 }
diff --git a/roles/openresty_proxy.rb b/roles/openresty_proxy.rb
index f9f5a7d..e731403 100644
--- a/roles/openresty_proxy.rb
+++ b/roles/openresty_proxy.rb
@@ -31,6 +31,7 @@ production_run_list = %w(
   kosmos_drone::nginx
   kosmos_garage::nginx_web
   kosmos_gitea::nginx
+  kosmos_gitea::nginx_ssh
   kosmos_rsk::nginx_testnet
   kosmos_rsk::nginx_mainnet
   kosmos_website::default
diff --git a/site-cookbooks/kosmos_gitea/recipes/nginx_ssh.rb b/site-cookbooks/kosmos_gitea/recipes/nginx_ssh.rb
index 16f8e7a..cdc3f5d 100644
--- a/site-cookbooks/kosmos_gitea/recipes/nginx_ssh.rb
+++ b/site-cookbooks/kosmos_gitea/recipes/nginx_ssh.rb
@@ -3,16 +3,15 @@
 # Recipe:: nginx_ssh
 #
 
-template "#{node['nginx']['dir']}/streams-available/ssh" do
-  source "nginx_conf_ssh.erb"
-  owner 'www-data'
-  mode 0640
-  variables domain: domain,
-            upstream_host: upstream_ip_address
-
-  notifies :reload, 'service[nginx]', :delayed
+begin
+  upstream_ip_address = search(:node, "role:gitea").first["knife_zero"]["host"]
+rescue
+  Chef::Log.warn('No server with "gitea" role. Stopping here.')
+  return
 end
 
-nginx_stream "ssh" do
+openresty_stream "ssh" do
+  template "nginx_conf_ssh.erb"
+  variables upstream_host: upstream_ip_address
   action :enable
 end
diff --git a/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_ssh.erb b/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_ssh.erb
index 085f7ff..9a84533 100644
--- a/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_ssh.erb
+++ b/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_ssh.erb
@@ -3,6 +3,6 @@ upstream _gitea_ssh {
 }
 
 server {
-  listen 148.251.83.201:22;
+  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>22;
   proxy_pass _gitea_ssh;
 }