From a77580d6da0f92fefb0aff7f57a08b49098a4543 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 15 Mar 2019 12:37:20 +0700 Subject: [PATCH] Use variable instead of hardcoding domain The domain name is hardcoded exactly 12 times in just the letsencrypt recipe. --- .../kosmos-ipfs/attributes/default.rb | 5 ++++ .../kosmos-ipfs/recipes/letsencrypt.rb | 24 +++++++++---------- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/site-cookbooks/kosmos-ipfs/attributes/default.rb b/site-cookbooks/kosmos-ipfs/attributes/default.rb index 7cf96de..d871e3a 100644 --- a/site-cookbooks/kosmos-ipfs/attributes/default.rb +++ b/site-cookbooks/kosmos-ipfs/attributes/default.rb @@ -1,3 +1,8 @@ # Override to connect to the IPFS cluster proxy on port 9095 # (https://cluster.ipfs.io/documentation/composite-clusters/) + +# FIXME api_port should come from the ipfs cookbook/attributes +# It has nothing to do with nginx node.default['kosmos-ipfs']['nginx']['api_port'] = 5001 + +node.default['kosmos-ipfs']['nginx']['domain'] = "ipfs.kosmos.org" diff --git a/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb b/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb index 2f3e396..2462884 100644 --- a/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb +++ b/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb @@ -14,7 +14,7 @@ end include_recipe "kosmos-nginx" -root_directory = "/var/www/ipfs.kosmos.org" +root_directory = "/var/www/#{node["kosmos-ipfs"]["nginx"]["domain"]}" directory "#{root_directory}/.well-known/acme-challenge" do owner node["nginx"]["user"] @@ -23,21 +23,21 @@ directory "#{root_directory}/.well-known/acme-challenge" do recursive true end -template "#{node['nginx']['dir']}/sites-available/ipfs.kosmos.org" do - source 'nginx_conf_ipfs.kosmos.org.erb' +template "#{node['nginx']['dir']}/sites-available/#{node["kosmos-ipfs"]["nginx"]["domain"]}" do + source "nginx_conf_#{node["kosmos-ipfs"]["nginx"]["domain"]}.erb" owner 'www-data' mode 0640 - variables server_name: 'ipfs.kosmos.org', + variables server_name: node["kosmos-ipfs"]["nginx"]["domain"], root_directory: root_directory, - ssl_cert: "/etc/letsencrypt/live/ipfs.kosmos.org/fullchain.pem", - ssl_key: "/etc/letsencrypt/live/ipfs.kosmos.org/privkey.pem", + ssl_cert: "/etc/letsencrypt/live/#{node["kosmos-ipfs"]["nginx"]["domain"]}/fullchain.pem", + ssl_key: "/etc/letsencrypt/live/#{node["kosmos-ipfs"]["nginx"]["domain"]}/privkey.pem", ipfs_api_port: node['kosmos-ipfs']['nginx']['api_port'], ipfs_external_api_port: 5444 notifies :reload, 'service[nginx]', :delayed end -nginx_site 'ipfs.kosmos.org' do +nginx_site node["kosmos-ipfs"]["nginx"]["domain"] do enable true end @@ -51,12 +51,12 @@ unless node.chef_environment == "development" # Generate a Let's Encrypt cert (only if the nginx vhost exists and no cert # has been generated before. The renew cron will take care of renewing - execute "letsencrypt cert for ipfs.kosmos.org" do - command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{root_directory} -d ipfs.kosmos.org -n" + execute "letsencrypt cert for #{node["kosmos-ipfs"]["nginx"]["domain"]}" do + command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{root_directory} -d #{node["kosmos-ipfs"]["nginx"]["domain"]} -n" only_if do - File.exist?("#{node['nginx']['dir']}/sites-enabled/ipfs.kosmos.org") && - !File.exist?("/etc/letsencrypt/live/ipfs.kosmos.org/fullchain.pem") + File.exist?("#{node['nginx']['dir']}/sites-enabled/#{node["kosmos-ipfs"]["nginx"]["domain"]}") && + !File.exist?("/etc/letsencrypt/live/#{node["kosmos-ipfs"]["nginx"]["domain"]}/fullchain.pem") end - notifies :create, "template[#{node['nginx']['dir']}/sites-available/ipfs.kosmos.org]", :delayed + notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{node["kosmos-ipfs"]["nginx"]["domain"]}]", :delayed end end