From 09f0faaddafa1ce465bd0ff9d4a93a2247f38734 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Wed, 24 Feb 2021 19:11:53 +0100
Subject: [PATCH 1/3] Add missing header to recipe

---
 site-cookbooks/kosmos-nginx/recipes/with_perl.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/site-cookbooks/kosmos-nginx/recipes/with_perl.rb b/site-cookbooks/kosmos-nginx/recipes/with_perl.rb
index 5be4fda..a5dbc53 100644
--- a/site-cookbooks/kosmos-nginx/recipes/with_perl.rb
+++ b/site-cookbooks/kosmos-nginx/recipes/with_perl.rb
@@ -1,3 +1,8 @@
+#
+# Cookbook Name:: kosmos-nginx
+# Recipe:: with_perl
+#
+
 node.override['nginx']['default_site_enabled'] = false
 node.override['nginx']['server_tokens']        = 'off'
 

From 1c47f9ab27ef3376d196aa035d18e19f9496eb66 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Thu, 25 Feb 2021 12:12:41 +0100
Subject: [PATCH 2/3] Add cookbook for static asset hosting

Configures assets.kosmos.org, only for webfont hosting for now.
---
 .../kosmos_assets/attributes/default.rb       |  3 ++
 site-cookbooks/kosmos_assets/metadata.rb      | 10 +++++
 .../kosmos_assets/recipes/nginx_site.rb       | 38 +++++++++++++++++++
 .../templates/nginx_conf_assets.erb           | 25 ++++++++++++
 4 files changed, 76 insertions(+)
 create mode 100644 site-cookbooks/kosmos_assets/attributes/default.rb
 create mode 100644 site-cookbooks/kosmos_assets/metadata.rb
 create mode 100644 site-cookbooks/kosmos_assets/recipes/nginx_site.rb
 create mode 100644 site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb

diff --git a/site-cookbooks/kosmos_assets/attributes/default.rb b/site-cookbooks/kosmos_assets/attributes/default.rb
new file mode 100644
index 0000000..7133c57
--- /dev/null
+++ b/site-cookbooks/kosmos_assets/attributes/default.rb
@@ -0,0 +1,3 @@
+node.default["kosmos_assets"]["domain"] = "assets.kosmos.org"
+node.default["kosmos_assets"]["repo"] = "https://gitea.kosmos.org/kosmos/assets.kosmos.org.git"
+node.default["kosmos_assets"]["revision"] = "master"
diff --git a/site-cookbooks/kosmos_assets/metadata.rb b/site-cookbooks/kosmos_assets/metadata.rb
new file mode 100644
index 0000000..0b82f51
--- /dev/null
+++ b/site-cookbooks/kosmos_assets/metadata.rb
@@ -0,0 +1,10 @@
+name 'kosmos_assets'
+maintainer 'Kosmos'
+maintainer_email 'ops@kosmos.org'
+license 'MIT'
+description 'Configures static asset Web hosting'
+long_description 'Configures static asset Web hosting'
+version '1.0.0'
+chef_version '>= 15.10' if respond_to?(:chef_version)
+
+depends "kosmos-nginx"
diff --git a/site-cookbooks/kosmos_assets/recipes/nginx_site.rb b/site-cookbooks/kosmos_assets/recipes/nginx_site.rb
new file mode 100644
index 0000000..aadeb7a
--- /dev/null
+++ b/site-cookbooks/kosmos_assets/recipes/nginx_site.rb
@@ -0,0 +1,38 @@
+#
+# Cookbook:: kosmos_assets
+# Recipe:: nginx_site
+#
+
+include_recipe "kosmos-nginx"
+
+domain = node["kosmos_assets"]["domain"]
+
+nginx_certbot_site domain
+
+directory "/var/www/#{domain}/site" do
+  user node["nginx"]["user"]
+  group node["nginx"]["group"]
+  mode "0755"
+end
+
+git "/var/www/#{domain}/site" do
+  user node["nginx"]["user"]
+  group node["nginx"]["group"]
+  repository node["kosmos_assets"]["repo"]
+  revision node["kosmos_assets"]["revision"]
+  action :sync
+end
+
+template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
+  source "nginx_conf_assets.erb"
+  owner node["nginx"]["user"]
+  mode 0640
+  variables domain: domain,
+            ssl_cert:    "/etc/letsencrypt/live/#{domain}/fullchain.pem",
+            ssl_key:     "/etc/letsencrypt/live/#{domain}/privkey.pem"
+  notifies :reload, "service[nginx]", :delayed
+end
+
+nginx_site domain do
+  action :enable
+end
diff --git a/site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb b/site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb
new file mode 100644
index 0000000..14b6235
--- /dev/null
+++ b/site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb
@@ -0,0 +1,25 @@
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+# Generated by Chef
+
+server {
+  listen 443 ssl http2;
+  server_name <%= @domain %>;
+
+  root /var/www/<%= @domain %>/site;
+
+  access_log off;
+  gzip_static on;
+  gzip_comp_level 5;
+
+  location ~* .(css)$ {
+    expires 1d;
+  }
+
+  location ~* .(woff|woff2)$ {
+    expires max;
+  }
+
+  ssl_certificate     <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+}
+<% end -%>

From 6109707f3c14549afb3f3576473db115813916ef Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Thu, 25 Feb 2021 12:13:20 +0100
Subject: [PATCH 3/3] Host assets.kosmos.org on centaurus

---
 nodes/centaurus.kosmos.org.json | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nodes/centaurus.kosmos.org.json b/nodes/centaurus.kosmos.org.json
index bff7694..539fe71 100644
--- a/nodes/centaurus.kosmos.org.json
+++ b/nodes/centaurus.kosmos.org.json
@@ -30,6 +30,7 @@
       "kosmos_discourse::default",
       "kosmos_drone",
       "kosmos_drone::default",
+      "kosmos_assets::nginx_site",
       "kosmos_kvm::host",
       "kosmos-ejabberd::firewall",
       "kosmos_zerotier::firewall",
@@ -81,6 +82,7 @@
     "role[gitea]",
     "role[discourse]",
     "role[drone]",
+    "recipe[kosmos_assets::nginx_site]",
     "recipe[kosmos_kvm::host]",
     "recipe[kosmos-ejabberd::firewall]",
     "recipe[kosmos_zerotier::firewall]"