Merge pull request 'Configure/deploy new akkounts Rails app' (#242) from feature/akkounts into master
Reviewed-on: #242
This commit is contained in:
commit
89f5a81952
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"name": "akkounts-1",
|
||||
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LKcqydrG3zgtmThEg+q\nOcw8QvIB2usMkF4kNMFeqhhdr2q/AtRcq4RJ0u0MiZbkHduGWfG9QZpjmbFZcEke\nURJbddqSDPHFAtrK2+BpcMqNN/mSp59f4MJf6wdLnBoeZCF5pCCXibyj+/754Ly+\nEJNiB1sf1Lu82YW2YM7iLhOLk1QQD2DTfBGbj9swdPrgKK+1npQ4A7O8sOB5gDjb\n9QVLCvCEoYFi+9is0vw/YryEr6tfnNw+CroP2uDfyVfWznF8oPUuttAcHgqDA3CV\n7lCRk9yVt1FKwuq2lFcsMqZ7wO4EoxpzCz/XTnpFPFvgeVinyXjSPsQCBAdwJe5T\nWQIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
{
|
||||
"id": "akkounts",
|
||||
"postgresql_password": {
|
||||
"encrypted_data": "Vt/jXxrJPbJbEl8Nw9EdVymoId21hdzHxA0zwEfAkA==\n",
|
||||
"iv": "rV3dOjUhPsrdhF59\n",
|
||||
"auth_tag": "GwuMLjf5zqTxLUIKb7ZKjA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"rails_master_key": {
|
||||
"encrypted_data": "GjtdLy59dThzWYbEUD9Ss4G9vC3tcVgWDWLz3AoUl/jjJfSP2ym7ErjYwJhl\nE+1J2T3+\n",
|
||||
"iv": "7PJXyCr2ozJHsMWZ\n",
|
||||
"auth_tag": "nuW914Rh3Cn+ldGMc1JdGw==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,74 @@
|
|||
{
|
||||
"name": "akkounts-1",
|
||||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "10.147.20.144"
|
||||
}
|
||||
},
|
||||
"automatic": {
|
||||
"fqdn": "akkounts-1",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-54-generic",
|
||||
"hostname": "akkounts-1",
|
||||
"ipaddress": "192.168.122.160",
|
||||
"roles": [
|
||||
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos-akkounts",
|
||||
"kosmos-akkounts::default",
|
||||
"kosmos-akkounts::nginx",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
"ntp::default",
|
||||
"ntp::apparmor",
|
||||
"kosmos-base::systemd_emails",
|
||||
"apt::unattended-upgrades",
|
||||
"kosmos-base::firewall",
|
||||
"kosmos-postfix::default",
|
||||
"postfix::default",
|
||||
"postfix::_common",
|
||||
"postfix::_attributes",
|
||||
"postfix::sasl_auth",
|
||||
"hostname::default",
|
||||
"kosmos-nodejs::default",
|
||||
"nodejs::nodejs_from_package",
|
||||
"nodejs::repo",
|
||||
"nodejs::npm",
|
||||
"nodejs::install",
|
||||
"kosmos-nginx::default",
|
||||
"nginx::default",
|
||||
"nginx::package",
|
||||
"nginx::ohai_plugin",
|
||||
"nginx::repo",
|
||||
"nginx::commons",
|
||||
"nginx::commons_dir",
|
||||
"nginx::commons_script",
|
||||
"nginx::commons_conf",
|
||||
"git::default",
|
||||
"git::package",
|
||||
"kosmos-base::letsencrypt"
|
||||
],
|
||||
"platform": "ubuntu",
|
||||
"platform_version": "20.04",
|
||||
"cloud": null,
|
||||
"chef_packages": {
|
||||
"chef": {
|
||||
"version": "15.14.0",
|
||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib"
|
||||
},
|
||||
"ohai": {
|
||||
"version": "15.12.0",
|
||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
|
||||
}
|
||||
}
|
||||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"recipe[kosmos-akkounts::default]",
|
||||
"recipe[kosmos-akkounts::nginx]"
|
||||
]
|
||||
}
|
|
@ -1,3 +1,4 @@
|
|||
node.default['akkounts-api']['revision'] = 'master'
|
||||
node.default['akkounts-api']['port'] = 3200
|
||||
node.default['akkounts-api']['server_name'] = 'api.accounts.kosmos.org'
|
||||
node.default['akkounts']['repo'] = 'https://gitea.kosmos.org/kosmos/akkounts.git'
|
||||
node.default['akkounts']['revision'] = 'master'
|
||||
node.default['akkounts']['port'] = 3000
|
||||
node.default['akkounts']['domain'] = 'accounts.kosmos.org'
|
||||
|
|
|
@ -2,13 +2,16 @@ name 'kosmos-akkounts'
|
|||
maintainer 'Kosmos Developers'
|
||||
maintainer_email 'mail@kosmos.org'
|
||||
license 'MIT'
|
||||
description 'Installs/Configures kosmos-akkounts'
|
||||
long_description 'Installs/Configures kosmos-akkounts'
|
||||
version '0.1.0'
|
||||
description 'Installs/configures kosmos-akkounts'
|
||||
long_description 'Installs/configures kosmos-akkounts'
|
||||
version '0.2.0'
|
||||
chef_version '>= 14.0'
|
||||
|
||||
depends 'application_javascript'
|
||||
depends 'application_git'
|
||||
depends 'kosmos-nodejs'
|
||||
depends 'kosmos-mastodon'
|
||||
depends 'kosmos-nginx'
|
||||
depends "kosmos-nodejs"
|
||||
depends "poise-ruby-build"
|
||||
depends "application"
|
||||
depends 'application_git'
|
||||
depends "postgresql"
|
||||
depends "kosmos-postgresql"
|
||||
depends "backup"
|
||||
|
|
|
@ -3,8 +3,7 @@
|
|||
# Recipe:: default
|
||||
#
|
||||
# The MIT License (MIT)
|
||||
#
|
||||
# Copyright:: 2019, Kosmos Developers
|
||||
# Copyright:: 2020, Kosmos Developers
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
|
@ -23,12 +22,11 @@
|
|||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
|
||||
include_recipe 'kosmos-nodejs'
|
||||
|
||||
app_name = "akkounts-api"
|
||||
#
|
||||
app_name = "akkounts"
|
||||
deploy_user = "deploy"
|
||||
deploy_group = "deploy"
|
||||
deploy_path = "/opt/#{app_name}"
|
||||
credentials = Chef::EncryptedDataBagItem.load('credentials', app_name)
|
||||
|
||||
group deploy_group
|
||||
|
@ -37,75 +35,110 @@ user deploy_user do
|
|||
group deploy_group
|
||||
manage_home true
|
||||
shell "/bin/bash"
|
||||
comment "deploy user"
|
||||
end
|
||||
|
||||
path_to_deploy = "/opt/#{app_name}"
|
||||
application path_to_deploy do
|
||||
package "libpq-dev"
|
||||
|
||||
include_recipe 'kosmos-nodejs'
|
||||
|
||||
npm_package "yarn" do
|
||||
version "1.22.4"
|
||||
end
|
||||
|
||||
ruby_version = "2.6.6"
|
||||
bundle_path = "/opt/ruby_build/builds/#{ruby_version}/bin/bundle"
|
||||
rails_env = node.chef_environment == "development" ? "development" : "production"
|
||||
|
||||
systemd_unit "akkounts.service" do
|
||||
content({
|
||||
Unit: {
|
||||
Description: "Kosmos account management",
|
||||
Documentation: ["https://gitea.kosmos.org/kosmos/akkounts"],
|
||||
After: "network.target"
|
||||
},
|
||||
Service: {
|
||||
Type: "simple",
|
||||
User: deploy_user,
|
||||
WorkingDirectory: deploy_path,
|
||||
Environment: "RAILS_ENV=#{rails_env}",
|
||||
ExecStart: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid",
|
||||
ExecStop: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid stop",
|
||||
ExecReload: "#{bundle_path} exec pumactl -F config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid phased-restart",
|
||||
PIDFile: "#{deploy_path}/tmp/puma.pid",
|
||||
TimeoutSec: "10",
|
||||
Restart: "always",
|
||||
},
|
||||
Install: {
|
||||
WantedBy: "multi-user.target"
|
||||
}
|
||||
})
|
||||
verify false
|
||||
triggers_reload true
|
||||
action [:create, :enable]
|
||||
end
|
||||
|
||||
application deploy_path do
|
||||
owner deploy_user
|
||||
group deploy_group
|
||||
|
||||
# Take care of application restarts manually, in the git resource
|
||||
action_on_update false
|
||||
|
||||
environment "HOME" => deploy_path,
|
||||
"PATH" => "/opt/ruby_build/builds/#{ruby_version}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
|
||||
|
||||
ruby_runtime ruby_version do
|
||||
provider :ruby_build
|
||||
version ruby_version
|
||||
end
|
||||
|
||||
git do
|
||||
user deploy_user
|
||||
group deploy_group
|
||||
repository "https://github.com/67P/#{app_name}.git"
|
||||
revision node[app_name]['revision']
|
||||
# Restart service on deployments
|
||||
notifies :restart, "application[#{path_to_deploy}]", :delayed
|
||||
end
|
||||
|
||||
npm_install do
|
||||
user deploy_user
|
||||
group deploy_group
|
||||
repository node[app_name]["repo"]
|
||||
revision node[app_name]["revision"]
|
||||
# Restart services on deployments
|
||||
notifies :restart, "application[#{deploy_path}]", :delayed
|
||||
end
|
||||
|
||||
execute "systemctl daemon-reload" do
|
||||
command "systemctl daemon-reload"
|
||||
action :nothing
|
||||
end
|
||||
|
||||
smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp')
|
||||
|
||||
template "#{path_to_deploy}/.env" do
|
||||
source "dotenv.erb"
|
||||
sensitive true
|
||||
file "#{deploy_path}/config/master.key" do
|
||||
content credentials['rails_master_key']
|
||||
mode '0400'
|
||||
owner deploy_user
|
||||
group deploy_group
|
||||
variables btcpay_url: "https://btcpay.kosmos.org",
|
||||
btcpay_privkey: credentials["btcpay_privkey"],
|
||||
btcpay_merchant: credentials["btcpay_merchant"],
|
||||
btcpay_store_id: credentials["btcpay_store_id"],
|
||||
btcpay_webhook_host: "https://#{node[app_name]["server_name"]}",
|
||||
btcpay_webhook_token: credentials["btcpay_webhook_token"],
|
||||
smtp_host: "smtp.mailgun.org",
|
||||
smtp_use_tls: true,
|
||||
smtp_username: smtp_credentials['user_name'],
|
||||
smtp_password: smtp_credentials['password'],
|
||||
mastodon_host: "https://#{node["kosmos-mastodon"]["server_name"]}",
|
||||
mastodon_auth_token: credentials["mastodon_auth_token"]
|
||||
mode '0440'
|
||||
# Restart service when the config changes
|
||||
notifies :restart, "application[#{path_to_deploy}]", :delayed
|
||||
end
|
||||
|
||||
template "/lib/systemd/system/#{app_name}.service" do
|
||||
source 'nodejs.systemd.service.erb'
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0640'
|
||||
variables(
|
||||
user: deploy_user,
|
||||
group: deploy_group,
|
||||
app_dir: path_to_deploy,
|
||||
entry: "/usr/bin/env node release/index.js"
|
||||
)
|
||||
notifies :run, "execute[systemctl daemon-reload]", :delayed
|
||||
notifies :restart, "service[#{app_name}]", :delayed
|
||||
execute "bundle install" do
|
||||
environment "HOME" => deploy_path
|
||||
user deploy_user
|
||||
cwd deploy_path
|
||||
command "/opt/ruby_build/builds/#{ruby_version}/bin/bundle install --without development,test --deployment"
|
||||
end
|
||||
|
||||
service app_name do
|
||||
execute "yarn install" do
|
||||
environment "HOME" => deploy_path, "NODE_ENV" => "production"
|
||||
user deploy_user
|
||||
cwd deploy_path
|
||||
command "yarn install --pure-lockfile"
|
||||
end
|
||||
|
||||
execute 'rake db:migrate' do
|
||||
environment "RAILS_ENV" => rails_env, "HOME" => deploy_path
|
||||
user deploy_user
|
||||
group deploy_group
|
||||
cwd deploy_path
|
||||
command "PATH=\"/opt/ruby_build/builds/#{ruby_version}/bin:$PATH\" bundle exec rake db:migrate"
|
||||
end
|
||||
|
||||
execute 'rake assets:precompile' do
|
||||
environment "RAILS_ENV" => rails_env, "HOME" => deploy_path
|
||||
user deploy_user
|
||||
group deploy_group
|
||||
cwd deploy_path
|
||||
command "PATH=\"/opt/ruby_build/builds/#{ruby_version}/bin:$PATH\" bundle exec rake assets:precompile"
|
||||
end
|
||||
|
||||
service "akkounts" do
|
||||
action [:enable, :start]
|
||||
end
|
||||
end
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
#
|
||||
# The MIT License (MIT)
|
||||
#
|
||||
# Copyright:: 2019, Kosmos Developers
|
||||
# Copyright:: 2020, Kosmos Developers
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
|
@ -25,22 +25,23 @@
|
|||
# THE SOFTWARE.
|
||||
|
||||
include_recipe "kosmos-nginx"
|
||||
app_name = "akkounts-api"
|
||||
server_name = node[app_name]["server_name"]
|
||||
app_name = "akkounts"
|
||||
domain = node[app_name]["domain"]
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
|
||||
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
|
||||
source "nginx_conf_#{app_name}.erb"
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables port: node[app_name]['port'],
|
||||
server_name: server_name,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{server_name}/privkey.pem"
|
||||
variables port: node[app_name]['port'],
|
||||
domain: domain,
|
||||
root_dir: "/opt/#{app_name}/public",
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site server_name do
|
||||
nginx_site domain do
|
||||
action :enable
|
||||
end
|
||||
|
||||
nginx_certbot_site server_name
|
||||
nginx_certbot_site domain
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
BTCPAY_URL=<%= @btcpay_url %>
|
||||
BTCPAY_PRIVKEY=<%= @btcpay_privkey %>
|
||||
BTCPAY_MERCHANT=<%= @btcpay_merchant %>
|
||||
BTCPAY_STORE_ID=<%= @btcpay_store_id %>
|
||||
BTCPAY_WEBHOOK_HOST=<%= @btcpay_webhook_host %>
|
||||
BTCPAY_WEBHOOK_TOKEN=<%= @btcpay_webhook_token %>
|
||||
SMTP_HOST=<%= @smtp_host %>
|
||||
SMTP_USE_TLS=true
|
||||
SMTP_USERNAME=<%= @smtp_username %>
|
||||
SMTP_PASSWORD=<%= @smtp_password %>
|
||||
MASTODON_HOST=<%= @mastodon_host %>
|
||||
MASTODON_AUTH_TOKEN=<%= @mastodon_auth_token %>
|
||||
PORT=<%= node['akkounts-api']['port'] %>
|
|
@ -1,28 +0,0 @@
|
|||
# Generated by Chef
|
||||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
upstream _akkounts {
|
||||
server localhost:<%= @port %>;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
add_header Strict-Transport-Security "max-age=15768000";
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
||||
server_name <%= @server_name %>;
|
||||
|
||||
access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json;
|
||||
error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
|
||||
|
||||
location / {
|
||||
# Increase number of buffers. Default is 8
|
||||
proxy_buffers 1024 8k;
|
||||
|
||||
proxy_pass http://_akkounts;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
}
|
||||
<% end -%>
|
|
@ -0,0 +1,54 @@
|
|||
# Generated by Chef
|
||||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
upstream _akkounts {
|
||||
server localhost:<%= @port %>;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
add_header Strict-Transport-Security "max-age=15768000";
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
||||
server_name <%= @domain %>;
|
||||
|
||||
access_log <%= node[:nginx][:log_dir] %>/<%= @domain %>.access.log json;
|
||||
error_log <%= node[:nginx][:log_dir] %>/<%= @domain %>.error.log warn;
|
||||
|
||||
root <%= @root_dir %>;
|
||||
|
||||
location ~ ^/(assets|packs|images|javascripts|stylesheets|swfs|system)/ {
|
||||
access_log off;
|
||||
gzip_static on;
|
||||
expires max;
|
||||
add_header Cache-Control public;
|
||||
}
|
||||
|
||||
try_files $uri/index.html $uri @app;
|
||||
|
||||
location @app {
|
||||
# an HTTP header important enough to have its own Wikipedia entry:
|
||||
# http://en.wikipedia.org/wiki/X-Forwarded-For
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
# enable this if and only if you use HTTPS, this helps Rack
|
||||
# set the proper protocol for doing redirects:
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
|
||||
# pass the Host: header from the client right along so redirects
|
||||
# can be set properly within the Rack application
|
||||
proxy_set_header Host $http_host;
|
||||
|
||||
# we don't want nginx trying to do something clever with
|
||||
# redirects, we set the Host: header above already.
|
||||
proxy_redirect off;
|
||||
|
||||
# Increase number of buffers. Default is 8
|
||||
proxy_buffers 1024 8k;
|
||||
|
||||
proxy_pass http://_akkounts;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
}
|
||||
<% end -%>
|
|
@ -1,15 +0,0 @@
|
|||
[Unit]
|
||||
Description=Start nodejs app
|
||||
|
||||
[Service]
|
||||
ExecStart=<%= @entry %>
|
||||
WorkingDirectory=<%= @app_dir %>
|
||||
User=<%= @user %>
|
||||
Group=<%= @group %>
|
||||
<% if @environment -%>
|
||||
Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %>
|
||||
<% end -%>
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue