Migrate ejabberd uploads to mod_s3_upload and Garage

In addition to installing and configuring the new module, this also enables public access to the S3 API via `bucket-name.s3.kosmos.org` as well as Web access on `bucket-name.web.s3.kosmos.org` (when enabled). Also includes some drive-by improvements to Chef attribute naming and usage. Co-authored-by: Greg Karékinian <greg@karekinian.com>
2023-10-10 17:55:55 +02:00
parent 832075dfb2
commit 65d71d6a73
25 changed files with 322 additions and 132 deletions
--- a/site-cookbooks/kosmos_garage/recipes/nginx_s3.rb
+++ b/site-cookbooks/kosmos_garage/recipes/nginx_s3.rb
@@ -0,0 +1,22 @@
+#
+# Cookbook Name:: kosmos_garage
+# Recipe:: nginx_s3
+#
+
+domain_name = node['garage']['s3_api_root_domain']
+server_name = "*.#{domain_name}"
+
+tls_cert_for domain_name do
+  domain [domain_name, server_name]
+  auth "gandi_dns"
+  action :create
+end
+
+openresty_site domain_name do
+  template "nginx_conf_s3.erb"
+  variables server_name: "#{domain_name} #{server_name}",
+            domain_name: domain_name,
+            xmpp_upload_bucket: node['garage']['xmpp_upload_bucket'],
+            ssl_cert:    "/etc/letsencrypt/live/#{domain_name}/fullchain.pem",
+            ssl_key:     "/etc/letsencrypt/live/#{domain_name}/privkey.pem"
+end