From 4d528d67ef22646ccccf08033dbb44a27e55a3e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A2u=20Cao?= <raucao@kip.pe>
Date: Wed, 26 Jul 2023 14:08:44 +0200
Subject: [PATCH] Migrate RSK proxies to openresty

---
 nodes/draco.kosmos.org.json                   |  2 ++
 site-cookbooks/kosmos_rsk/metadata.rb         |  2 +-
 .../kosmos_rsk/resources/nginx_site.rb        | 20 +++++++------------
 .../kosmos_rsk/templates/nginx_conf_rskj.erb  |  2 +-
 4 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json
index 21262c9..a73127d 100644
--- a/nodes/draco.kosmos.org.json
+++ b/nodes/draco.kosmos.org.json
@@ -41,6 +41,8 @@
       "kosmos-akkounts::nginx",
       "kosmos_discourse::nginx",
       "kosmos_drone::nginx",
+      "kosmos_rsk::nginx_testnet",
+      "kosmos_rsk::nginx_mainnet",
       "kosmos_encfs",
       "kosmos_encfs::default",
       "kosmos-ejabberd::firewall",
diff --git a/site-cookbooks/kosmos_rsk/metadata.rb b/site-cookbooks/kosmos_rsk/metadata.rb
index 6f0c24a..e4eebd3 100644
--- a/site-cookbooks/kosmos_rsk/metadata.rb
+++ b/site-cookbooks/kosmos_rsk/metadata.rb
@@ -9,4 +9,4 @@ issues_url 'https://gitea.kosmos.org/kosmos/chef/issues'
 source_url 'https://gitea.kosmos.org/kosmos/chef'
 
 depends 'firewall'
-depends 'kosmos-nginx'
+depends 'kosmos_openresty'
diff --git a/site-cookbooks/kosmos_rsk/resources/nginx_site.rb b/site-cookbooks/kosmos_rsk/resources/nginx_site.rb
index 2230655..c1f0026 100644
--- a/site-cookbooks/kosmos_rsk/resources/nginx_site.rb
+++ b/site-cookbooks/kosmos_rsk/resources/nginx_site.rb
@@ -5,33 +5,27 @@ property :network, String, required: true, name_property: true
 property :domain, String, required: true
 
 action :create do
-  include_recipe "kosmos-nginx"
-
   network = new_resource.network
   domain  = new_resource.domain
 
-  nginx_certbot_site domain
-
   upstream_hosts = []
   search(:node, "role:rskj_#{network}").each do |node|
     upstream_hosts << node["knife_zero"]["host"]
   end
   upstream_hosts.push("localhost") if upstream_hosts.empty?
 
-  template "#{node['nginx']['dir']}/sites-available/#{domain}" do
-    source "nginx_conf_rskj.erb"
-    owner 'www-data'
-    mode 0640
+  tls_cert_for domain do
+    auth "gandi_dns"
+    action :create
+  end
+
+  openresty_site domain do
+    template "nginx_conf_rskj.erb"
     variables domain: domain,
               upstream_name: "rskj_#{network}",
               upstream_hosts: upstream_hosts,
               upstream_port: "4444",
               ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
               ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
-    notifies :reload, 'service[nginx]', :delayed
-  end
-
-  nginx_site domain do
-    action :enable
   end
 end
diff --git a/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb b/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb
index 9831d8b..53e5945 100644
--- a/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb
+++ b/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb
@@ -5,7 +5,7 @@ upstream _<%= @upstream_name %> {
 }
 
 server {
-  listen 443 ssl http2;
+  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
   listen [::]:443 ssl http2;
 
   server_name <%= @domain %>;