Add hal8000_xmpp recipe

Also, configure express ports in attributes, so they are both easy to
see at once, as well as override per node/env.

data_bags/credentials/hal8000_xmpp.json

@@ -0,0 +1,31 @@
+{
+  "id": "hal8000_xmpp",
+  "xmpp_password": {
+    "encrypted_data": "7pE9C6Tdjeg7ZFjtwzgPzC4ekSgPzN18A5ia5awJnKA=\n",
+    "iv": "p3RqfadD1sPKEof3\n",
+    "auth_tag": "4zYf0anagoLn5bF3Rt95BQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "webhook_token": {
+    "encrypted_data": "T6zu7cd5/PXZP56PwjIo5XIjUOJQQSvobvgIekCIB3SgyWQr\n",
+    "iv": "LwCkuGJP2eZC8S4Y\n",
+    "auth_tag": "qH5ckddELQR32z3oYxELMg==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "kredits_webhook_token": {
+    "encrypted_data": "W6xJKRCsoX6qY3QJW/kR5I7Y9LNS1L5zB6X1oLzE71soQ/Y=\n",
+    "iv": "Piw00LKQysN3AVJN\n",
+    "auth_tag": "BwH/mJoBtqhA5wNXwFUM6w==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "kredits_wallet_password": {
+    "encrypted_data": "dFKch6Gjt9oN21w15EeHvho1/f7+mZlKe/aOtoHJtmCgbw==\n",
+    "iv": "GCueL9BRmLFqlmDw\n",
+    "auth_tag": "Yq3nOeQenXz+c6VoLhZbQw==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  }
+}

site-cookbooks/kosmos-hubot/attributes/default.rb

@@ -1,12 +1,39 @@
-node.default['hal8000']['kredits']['ipfs_host']     = 'localhost'
+node.default['hal8000']['http_port']        = 8080
+node.default['botka_freenode']['http_port'] = 8081
+node.default['hal8000_xmpp']['http_port']   = 8082
+
+node.default['hal8000_xmpp']['hubot_scripts'] = [
+  "hubot-help",
+  "hubot-read-tweet",
+  "hubot-redis-brain",
+  "hubot-rules",
+  "hubot-shipit",
+  "hubot-plusplus",
+  "hubot-tell",
+  "hubot-seen",
+  "hubot-rss-reader",
+  "hubot-incoming-webhook",
+  "hubot-auth",
+  "hubot-kredits",
+  "hubot-schedule"
+]
+
+node.default['hal8000_xmpp']['rooms'] = [
+  'kosmos@chat.kosmos.org'
+  # 'kosmos-dev@chat.kosmos.org',
+]
+
+node.default['hal8000_xmpp']['auth_admins'] = []
+
+node.default['hal8000_xmpp']['kredits']['ipfs_host']     = 'localhost'
 # Use the running ipfs-cluster, so adding documents adds and pins them on all
 # members of the cluster
-node.default['hal8000']['kredits']['ipfs_port']     = '9095'
-node.default['hal8000']['kredits']['ipfs_protocol'] = 'http'
-node.default['hal8000']['kredits']['room']          = '#kosmos'
-node.default['hal8000']['kredits']['provider_url']  = 'https://rinkeby.infura.io/v3/c5e74367261d475ab935e2f0e726482f'
-node.default['hal8000']['kredits']['network_id']    = '4'
-node.default['hal8000']['kredits']['wallet_path']   = 'wallet.json'
-node.default['hal8000']['kredits']['mediawiki_url'] = 'https://wiki.kosmos.org/'
-node.default['hal8000']['kredits']['github_repo_blacklist'] = '67P/test-one-two'
-node.default['hal8000']['kredits']['gitea_repo_blacklist']  = 'kosmos/test-one-two'
+node.default['hal8000_xmpp']['kredits']['ipfs_port']     = '9095'
+node.default['hal8000_xmpp']['kredits']['ipfs_protocol'] = 'http'
+node.default['hal8000_xmpp']['kredits']['room']          = 'kosmos@chat.kosmos.org'
+node.default['hal8000_xmpp']['kredits']['provider_url']  = 'https://rinkeby.infura.io/v3/c5e74367261d475ab935e2f0e726482f'
+node.default['hal8000_xmpp']['kredits']['network_id']    = '4'
+node.default['hal8000_xmpp']['kredits']['wallet_path']   = 'wallet.json'
+node.default['hal8000_xmpp']['kredits']['mediawiki_url'] = 'https://wiki.kosmos.org/'
+node.default['hal8000_xmpp']['kredits']['github_repo_blacklist'] = '67P/test-one-two'
+node.default['hal8000_xmpp']['kredits']['gitea_repo_blacklist']  = 'kosmos/test-one-two'

site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb

@@ -68,7 +68,7 @@ application botka_freenode_path do
         "HUBOT_RSS_PRINTERROR"        => "false",
         "HUBOT_RSS_IRCCOLORS"         => "true",
         # "HUBOT_LOG_LEVEL"             => "error",
-        "EXPRESS_PORT"                => "8081",
+        "EXPRESS_PORT"                => node[app_name]['http_port'],
         "HUBOT_AUTH_ADMIN"            => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao",
         "HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
         "RS_LOGGER_USER"              => "kosmos@5apps.com",
@@ -95,18 +95,16 @@ end
 # Nginx reverse proxy
 #
 unless node.chef_environment == "development"
-  express_port = 8081
   express_domain = "freenode.botka.kosmos.org"
 
   include_recipe "kosmos-base::letsencrypt"
-
   include_recipe "kosmos-nginx"
 
   template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
     source 'nginx_conf_hubot.erb'
     owner node["nginx"]["user"]
     mode 0640
-    variables express_port: express_port,
+    variables express_port: node[app_name]['http_port'],
               server_name:  express_domain,
               ssl_cert:     "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
               ssl_key:      "/etc/letsencrypt/live/#{express_domain}/privkey.pem"

site-cookbooks/kosmos-hubot/recipes/hal8000.rb

@@ -2,7 +2,25 @@
 # Cookbook Name:: kosmos-hubot
 # Recipe:: hal8000
 #
-# Copyright 2017-2018, Kosmos
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
 #
 
 build_essential 'hal8000' do
@@ -19,7 +37,7 @@ include_recipe "kosmos-ipfs"
 unless node.chef_environment == "development"
   include_recipe 'firewall'
   firewall_rule 'hubot_express_hal8000_freenode' do
-    port     8080
+    port     node['hal8000']['http_port']
     protocol :tcp
     command  :allow
   end
@@ -96,7 +114,7 @@ application hal8000_path do
         "HUBOT_RSS_PRINTERROR"          => "false",
         "HUBOT_RSS_IRCCOLORS"           => "true",
         "HUBOT_PLUSPLUS_POINTS_TERM"    => "karma,karma",
-        "EXPRESS_PORT"                  => "8080",
+        "EXPRESS_PORT"                  => node['hal8000']['http_port'],
         "HUBOT_RSS_HEADER"              => "Update:",
         "HUBOT_AUTH_ADMIN"              => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao",
         "HUBOT_HELP_REPLY_IN_PRIVATE"   => "true",

site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb

@@ -0,0 +1,136 @@
+#
+# Cookbook Name:: kosmos-hubot
+# Recipe:: hal8000_xmpp
+#
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#
+app_name  = "hal8000_xmpp"
+app_path  = "/opt/#{app_name}"
+app_user  = "hubot"
+app_group = "hubot"
+
+build_essential app_name do
+  compile_time true
+end
+
+include_recipe "kosmos-nodejs"
+include_recipe "kosmos-redis"
+include_recipe "kosmos-hubot::_user"
+
+# Needed for hubot-kredits
+include_recipe "kosmos-ipfs"
+
+application app_path do
+  data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
+
+  owner app_user
+  group app_group
+
+  git do
+    user       app_user
+    group      app_group
+    repository "https://github.com/67P/hal8000.git"
+    revision   "master"
+  end
+
+  file "#{app_path}/external-scripts.json" do
+    mode  "0640"
+    owner app_user
+    group app_group
+    content node[app_name]['hubot_scripts'].to_json
+  end
+
+  npm_install do
+    user app_user
+  end
+
+  execute "systemctl daemon-reload" do
+    command "systemctl daemon-reload"
+    action :nothing
+  end
+
+  template "/lib/systemd/system/#{app_name}.service" do
+    source 'nodejs.systemd.service.erb'
+    owner 'root'
+    group 'root'
+    mode '0644'
+    variables(
+      user: app_user,
+      group: app_user,
+      app_dir: app_path,
+      entry: "#{app_path}/bin/hubot -a xmpp --name hal8000",
+      environment: {
+        "HUBOT_LOG_LEVEL"               => node.chef_environment == "development" ? "debug" : "info",
+        "HUBOT_XMPP_USERNAME"           => "hal8000@kosmos.org/hubot",
+        "HUBOT_XMPP_PASSWORD"           => data_bag['xmpp_password'],
+        "HUBOT_XMPP_HOST"               => "xmpp.kosmos.org",
+        "HUBOT_XMPP_ROOMS"              => node[app_name]['rooms'].join(','),
+        "HUBOT_AUTH_ADMIN"              => node[app_name]['auth_admins'].join(','),
+        "HUBOT_RSS_PRINTSUMMARY"        => "false",
+        "HUBOT_RSS_PRINTERROR"          => "false",
+        "HUBOT_RSS_IRCCOLORS"           => "true",
+        "HUBOT_PLUSPLUS_POINTS_TERM"    => "karma,karma",
+        "HUBOT_RSS_HEADER"              => "Update:",
+        "HUBOT_HELP_REPLY_IN_PRIVATE"   => "true",
+        "EXPRESS_PORT"                  => node[app_name]['http_port'],
+        "WEBHOOK_TOKEN"                 => data_bag['webhook_token'],
+        "IPFS_API_HOST"                 => node[app_name]['kredits']['ipfs_host'],
+        "IPFS_API_PORT"                 => node[app_name]['kredits']['ipfs_port'],
+        "IPFS_API_PROTOCOL"             => node[app_name]['kredits']['ipfs_protocol'],
+        "KREDITS_ROOM"                  => node[app_name]['kredits']['room'],
+        "KREDITS_WEBHOOK_TOKEN"         => data_bag['kredits_webhook_token'],
+        "KREDITS_PROVIDER_URL"          => node[app_name]['kredits']['provider_url'],
+        "KREDITS_NETWORK_ID"            => node[app_name]['kredits']['network_id'],
+        "KREDITS_WALLET_PATH"           => node[app_name]['kredits']['wallet_path'],
+        "KREDITS_WALLET_PASSWORD"       => data_bag['kredits_wallet_password'],
+        "KREDITS_MEDIAWIKI_URL"         => node[app_name]['kredits']['mediawiki_url'],
+        "KREDITS_GITHUB_REPO_BLACKLIST" => node[app_name]['kredits']['github_repo_blacklist'],
+        "KREDITS_GITEA_REPO_BLACKLIST"  => node[app_name]['kredits']['gitea_repo_blacklist']
+      }
+    )
+    notifies :run, "execute[systemctl daemon-reload]", :delayed
+    notifies :restart, "service[#{app_name}]", :delayed
+  end
+
+  cookbook_file "#{app_path}/wallet.json" do
+    source "wallet.json"
+  end
+
+  service app_name do
+    action [:enable, :start]
+  end
+end
+
+unless node.chef_environment == "development"
+  include_recipe 'firewall'
+
+  firewall_rule "hubot_express_#{app_name}" do
+    port     node[app_name]['http_port']
+    protocol :tcp
+    command  :allow
+  end
+
+  firewall_rule 'ipfs_swarm_p2p' do
+    port     4001
+    protocol :tcp
+    command  :allow
+  end
+end