kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Remove unused data bags and cookbooks

Browse Source
This commit is contained in:
Greg Karékinian
2019-05-21 14:58:01 +02:00
parent b10c53cce8
commit aa79297387
15 changed files with 0 additions and 590 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
site-cookbooks/5apps-hubot/CHANGELOG.md
View File

@@ -1,4 +0,0 @@
# 5apps-hubot CHANGELOG
## 0.1.0
- [Greg Karékinian] - Initial release of 5apps-hubot

80
site-cookbooks/5apps-hubot/README.md
View File

@@ -1,80 +0,0 @@
# 5apps-hubot Cookbook
TODO: Enter the cookbook description here.
e.g.
This cookbook makes your favorite breakfast sandwich.
## Requirements
TODO: List your cookbook requirements. Be sure to include any requirements this cookbook has on platforms, libraries, other cookbooks, packages, operating systems, etc.
e.g.
### Platforms
- SandwichOS
### Chef
- Chef 12.0 or later
### Cookbooks
- `toaster` - 5apps-hubot needs toaster to brown your bagel.
## Attributes
TODO: List your cookbook attributes here.
e.g.
### 5apps-hubot::default
<table>
<tr>
<th>Key</th>
<th>Type</th>
<th>Description</th>
<th>Default</th>
</tr>
<tr>
<td><tt>['5apps-hubot']['bacon']</tt></td>
<td>Boolean</td>
<td>whether to include bacon</td>
<td><tt>true</tt></td>
</tr>
</table>
## Usage
### 5apps-hubot::default
TODO: Write usage instructions for each cookbook.
e.g.
Just include `5apps-hubot` in your node's `run_list`:
```json
{
"name":"my_node",
"run_list": [
"recipe[5apps-hubot]"
]
}
```
## Contributing
TODO: (optional) If this is a public cookbook, detail the process for contributing. If this is a private cookbook, remove this section.
e.g.
1. Fork the repository on Github
2. Create a named feature branch (like `add_component_x`)
3. Write your change
4. Write tests for your change (if applicable)
5. Run the tests, ensuring they all pass
6. Submit a Pull Request using Github
## License and Authors
Authors: TODO: List authors

12
site-cookbooks/5apps-hubot/metadata.rb
View File

@@ -1,12 +0,0 @@
name '5apps-hubot'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
description 'Installs/Configures 5apps-hubot'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'
depends 'kosmos-nodejs'
depends 'application_javascript'
depends 'application_git'
depends 'firewall'

98
site-cookbooks/5apps-hubot/recipes/xmpp_botka.rb
View File

@@ -1,98 +0,0 @@
#
# Cookbook Name:: 5apps-hubot
# Recipe:: xmpp_botka
#
# Copyright 2016, Kosmos
#
# All rights reserved - Do Not Redistribute
#
unless node.chef_environment == "development"
include_recipe "firewall"
firewall_rule 'hubot_express_botka_xmpp' do
port 8082
protocol :tcp
command :allow
end
end
group "hubot" do
gid 48268
end
user "hubot" do
system true
manage_home true
comment "hubot user"
uid 48268
gid 48268
shell "/bin/bash"
end
botka_xmpp_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', '5apps_botka_xmpp')
botka_xmpp_path = "/opt/botka_xmpp"
application botka_xmpp_path do
owner "hubot"
group "hubot"
git do
user "hubot"
group "hubot"
repository "https://github.com/67P/botka.git"
revision "master"
end
file "external-scripts.json" do
mode "0640"
owner "hubot"
group "hubot"
content [
"hubot-help",
"hubot-remotestorage-logger",
].to_json
end
npm_install do
user "hubot"
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
template "/lib/systemd/system/botka_xmpp_nodejs.service" do
source 'nodejs.systemd.service.erb'
owner 'root'
group 'root'
mode '0644'
variables(
user: "hubot",
group: "hubot",
app_dir: botka_xmpp_path,
entry: "#{botka_xmpp_path}/bin/hubot -a xmpp --name botka",
environment: { "HUBOT_XMPP_USERNAME" => "botka@5apps.com/hubot",
"HUBOT_XMPP_PASSWORD" => botka_xmpp_data_bag_item['password'],
"HUBOT_XMPP_ROOMS" => "5info@muc.5apps.com,5ops@muc.5apps.com,core@muc.5apps.com,deploy@muc.5apps.com,storage@muc.5apps.com,watercooler@muc.5apps.com,hilti@muc.5apps.com,gymapp@muc.5apps.com,solarisbank@muc.5apps.com",
"HUBOT_XMPP_HOST" => "xmpp.5apps.com",
"HUBOT_RSS_PRINTSUMMARY" => "false",
"EXPRESS_PORT" => "8082",
"HUBOT_RSS_HEADER" => "Update:",
"HUBOT_AUTH_ADMIN" => "basti,garret,greg",
"REDIS_URL" => "redis://localhost:6379/5apps_botka_xmpp",
"RS_LOGGER_USER" => "5apps@5apps.com",
"RS_LOGGER_TOKEN" => botka_xmpp_data_bag_item['rs_logger_token'],
"RS_LOGGER_SERVER_NAME" => "5apps",
"WEBHOOK_TOKEN" => botka_xmpp_data_bag_item['webhook_token'] }
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[botka_xmpp_nodejs]", :delayed
end
service "botka_xmpp_nodejs" do
action [:enable, :start]
end
end

137
site-cookbooks/5apps-hubot/recipes/xmpp_schlupp.rb
View File

@@ -1,137 +0,0 @@
#
# Cookbook Name:: 5apps-hubot
# Recipe:: xmpp_schlupp
#
# Copyright 2016, Kosmos
#
# All rights reserved - Do Not Redistribute
#
express_port = 8083
express_domain = "hubot.5apps.com"
unless node.chef_environment == "development"
include_recipe "firewall"
firewall_rule 'hubot_express_schlupp_xmpp' do
port express_port
protocol :tcp
command :allow
end
end
group "hubot" do
gid 48268
end
user "hubot" do
system true
manage_home true
comment "hubot user"
uid 48268
gid 48268
shell "/bin/bash"
end
schlupp_xmpp_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', '5apps_schlupp_xmpp')
schlupp_xmpp_path = "/opt/schlupp_xmpp"
application schlupp_xmpp_path do
owner "hubot"
group "hubot"
git do
user "hubot"
group "hubot"
repository "git@gitlab.com:5apps/schlupp.git"
revision "master"
deploy_key schlupp_xmpp_data_bag_item['deploy_key']
end
file "external-scripts.json" do
mode "0640"
owner "hubot"
group "hubot"
content [
"hubot-auth",
"hubot-help",
"hubot-redis-brain",
"hubot-rules",
"hubot-shipit",
"hubot-plusplus",
"hubot-tell",
"hubot-seen",
"hubot-rss-reader",
"hubot-incoming-webhook",
"hubot-yubikey-invalidation",
].to_json
end
npm_install do
user "hubot"
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
template "/lib/systemd/system/schlupp_xmpp_nodejs.service" do
source 'nodejs.systemd.service.erb'
owner 'root'
group 'root'
mode '0644'
variables(
user: "hubot",
group: "hubot",
app_dir: schlupp_xmpp_path,
entry: "#{schlupp_xmpp_path}/bin/hubot -a xmpp --name schlupp",
environment: { "HUBOT_XMPP_USERNAME" => "schlupp@5apps.com/hubot",
"HUBOT_XMPP_PASSWORD" => schlupp_xmpp_data_bag_item['password'],
"HUBOT_XMPP_ROOMS" => "5info@muc.5apps.com,5ops@muc.5apps.com,core@muc.5apps.com,deploy@muc.5apps.com,storage@muc.5apps.com,watercooler@muc.5apps.com,hilti@muc.5apps.com,test@muc.5apps.com,gymapp@muc.5apps.com,solarisbank@muc.5apps.com",
"HUBOT_XMPP_HOST" => "xmpp.5apps.com",
"HUBOT_RSS_PRINTSUMMARY" => "false",
"EXPRESS_PORT" => express_port,
"HUBOT_RSS_HEADER" => "Update:",
"HUBOT_AUTH_ADMIN" => "basti,garret,greg",
"REDIS_URL" => "redis://localhost:6379/5apps_schlupp_xmpp",
"WEBHOOK_TOKEN" => schlupp_xmpp_data_bag_item['webhook_token'],
"AIRTABLE_API_KEY" => schlupp_xmpp_data_bag_item['airtable_api_key'],
"GITHUB_TOKEN" => schlupp_xmpp_data_bag_item['github_token'],
"AWS_ACCESS_KEY_ID" => schlupp_xmpp_data_bag_item['aws_access_key_id'],
"AWS_SECRET_ACCESS_KEY" => schlupp_xmpp_data_bag_item['aws_secret_access_key'] }
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[schlupp_xmpp_nodejs]", :delayed
end
service "schlupp_xmpp_nodejs" do
action [:enable, :start]
end
end
#
# Nginx reverse proxy
#
unless node.chef_environment == "development"
include_recipe "kosmos-base::letsencrypt"
end
include_recipe 'kosmos-nginx'
template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
source 'nginx_conf_hubot.erb'
owner node["nginx"]["user"]
mode 0640
variables express_port: express_port,
server_name: express_domain,
ssl_cert: "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site express_domain do
action :enable
end
nginx_certbot_site express_domain

31
site-cookbooks/5apps-hubot/templates/default/nginx_conf_hubot.erb
View File

@@ -1,31 +0,0 @@
#
# Generated by Chef
#
upstream _express_<%= @server_name.gsub(".", "_") %> {
server localhost:<%= @express_port %>;
}
server {
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
listen 443 ssl http2;
add_header Strict-Transport-Security "max-age=15768000";
<% end -%>
server_name <%= @server_name %>;
access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json;
error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
location / {
# Increase number of buffers. Default is 8
proxy_buffers 1024 8k;
proxy_pass http://_express_<%= @server_name.gsub(".", "_") %>;
proxy_http_version 1.1;
}
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
<% end -%>
}

17
site-cookbooks/5apps-hubot/templates/default/nodejs.systemd.service.erb
View File

@@ -1,17 +0,0 @@
[Unit]
Description=Start nodejs app
Requires=redis-server.service
After=redis-server.service
[Service]
ExecStart=<%= @entry %>
WorkingDirectory=<%= @app_dir %>
User=<%= @user %>
Group=<%= @group %>
<% unless @environment.empty? -%>
Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %>
<% end -%>
Restart=always
[Install]
WantedBy=multi-user.target

4
site-cookbooks/5apps-xmpp_server/CHANGELOG.md
View File

@@ -1,4 +0,0 @@
# 5apps-xmpp_server CHANGELOG
## 0.1.0
- [Greg Karékinian] - Initial release of 5apps-xmpp_server

3
site-cookbooks/5apps-xmpp_server/README.md
View File

@@ -1,3 +0,0 @@
# 5apps-xmpp_server Cookbook
This cookbook installs prosody as 5apps' private XMPP server

11
site-cookbooks/5apps-xmpp_server/metadata.rb
View File

@@ -1,11 +0,0 @@
name '5apps-xmpp_server'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
description 'Installs/Configures 5apps-xmpp_server'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.2.0'
depends 'firewall'
depends 'apt'
depends 'backup'

44
site-cookbooks/5apps-xmpp_server/recipes/default.rb
View File

@@ -1,44 +0,0 @@
#
# Cookbook Name:: 5apps-xmpp_server
# Recipe:: default
#
# Copyright 2016, 5apps
#
# All rights reserved - Do Not Redistribute
#
unless node.chef_environment == "development"
include_recipe "firewall"
firewall_rule "xmpp" do
port [5222, 5269, 5281]
protocol :tcp
command :allow
end
end
apt_repository "prosody" do
uri "https://packages.prosody.im/debian"
# 15.04 doesn't get new packages anymore, use the ones built for 16.04
distribution node["lsb"]["codename"] == "vivid" ? "xenial" : node["lsb"]["codename"]
components ["main"]
key "https://prosody.im/files/prosody-debian-packages.key"
end
# For SQL backend support
package "lua-dbi-sqlite3"
package "prosody" do
version "0.10.0-1~xenial4"
end
service "prosody" do
action [:enable]
end
unless node.chef_environment == "development"
include_recipe "5apps-xmpp_server::letsencrypt"
# backup the data dir and the config files
node.override["backup"]["archives"]["prosody"] = ["/var/lib/prosody", "/etc/prosody"]
include_recipe "backup"
end

44
site-cookbooks/5apps-xmpp_server/recipes/letsencrypt.rb
View File

@@ -1,44 +0,0 @@
# Generate a Let's Encrypt cert for 5apps.com, muc.5apps.com and xmpp.5apps.com
include_recipe "kosmos-base::letsencrypt"
prosody_post_hook = <<-EOF
#!/usr/bin/env bash
# Copy the prosody certificates and restart the server if it has been renewed
# This is necessary because the prosody user doesn't have access to the
# letsencrypt live folder
for domain in $RENEWED_DOMAINS; do
case $domain in
# Do not copy over when renewing other 5apps.com domains
5apps.com)
cp "${RENEWED_LINEAGE}/fullchain.pem" /etc/prosody/certs/5apps.com.crt
cp "${RENEWED_LINEAGE}/privkey.pem" /etc/prosody/certs/5apps.com.key
cp "${RENEWED_LINEAGE}/fullchain.pem" /etc/prosody/certs/muc.5apps.com.crt
cp "${RENEWED_LINEAGE}/privkey.pem" /etc/prosody/certs/muc.5apps.com.key
cp "${RENEWED_LINEAGE}/fullchain.pem" /etc/prosody/certs/xmpp.5apps.com.crt
cp "${RENEWED_LINEAGE}/privkey.pem" /etc/prosody/certs/xmpp.5apps.com.key
chown prosody:prosody /etc/prosody/certs/*
chmod 600 /etc/prosody/certs/*.key
chmod 640 /etc/prosody/certs/*.crt
systemctl restart prosody
;;
esac
done
EOF
file "/etc/letsencrypt/renewal-hooks/post/prosody" do
content prosody_post_hook
mode 0755
owner "root"
group "root"
end
# Generate a Let's Encrypt cert (only if no cert has been generated before).
# The renew cron will take care of renewing
execute "letsencrypt cert for 5apps xmpp" do
command "/usr/bin/certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup\" --email ops@5apps.com -d 5apps.com -d muc.5apps.com -d xmpp.5apps.com -n"
not_if do
File.exist?("/etc/prosody/certs/5apps.com.crt")
end
end