kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Remove unused data bags and cookbooks

Browse Source
This commit is contained in:
Greg Karékinian 2019-05-21 14:58:01 +02:00
parent b10c53cce8
commit aa79297387
15 changed files with 0 additions and 590 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
data_bags/credentials/5apps_botka_xmpp.json
View File

@ -1,21 +0,0 @@
{
"id": "5apps_botka_xmpp",
"password": {
"encrypted_data": "DY7A6osNk5UpLZQMVZiQnKl+5eR5sRZeyENZa38qBTqOtzALhwgqxwULIgoV\nhs+q\n",
"iv": "LMPDBACECul+dP/gwvrILA==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"webhook_token": {
"encrypted_data": "v7F6EX5up25FNlNdg4Rwrh/vBxR/GWu3044mBlbErNKQi9tMgaS8GOJNCalK\n9PUf\n",
"iv": "9U8CyeMgAZHsfkW9dlScEA==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"rs_logger_token": {
"encrypted_data": "WPEhS0I6FxJ7hPDz7/71mYmHN4Gll2MJICkUvwuAS639eYZvpaGW96TAOleb\nlVtORxd7KnG+9mPLikXOxODEuA==\n",
"iv": "cQM6JOcXmcLZfXdWCmFydA==\n",
"version": 1,
"cipher": "aes-256-cbc"
}
}

51
data_bags/credentials/5apps_schlupp_xmpp.json
View File

@ -1,51 +0,0 @@
{
"id": "5apps_schlupp_xmpp",
"password": {
"encrypted_data": "PoT+Wn5X9/509Rt2XVHrvBk8khF9cbxluwQlgHI/PVSLWZ+JlcnvO1YF0xal\ng0hd\n",
"iv": "kJPRQDvdPT0V9bHQeV/lrA==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"webhook_token": {
"encrypted_data": "Gg4/3dSVtWmXq/Ce5fCDg+4AKPPjy90CI0Lp7DnPV4R+j+T467LEYYtgp038\nplyi\n",
"iv": "FEhVZWtxFt85DeJcp2E6jA==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"rs_logger_token": {
"encrypted_data": "5S6I1cenYT2qTvjtuXlgIestyI6tHcPzKw6Hvwe9b7tZ3tHF2j8gsCfqCPQR\nx3xhRJnH4PyhVkbCzr6dApNNZA==\n",
"iv": "GWtGG5jqapw65Oes4zG4Xw==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"deploy_key": {
"encrypted_data": "8nvIpT8zGVbs0JZvcDD8CPhdUVlZbwKBIbaXmnntKrCPun7iqMrixTIXN5Qu\nAlrhErok7bJ8SiHg8K6OTnLia2JcHHrWJ2CpdEjl1kUDNrtmaSq+CPgb2+RA\ngdD87k9eYUJW7DqQ89NNBCZGuaiR6FO2Bz2Q0tCTXGzeauBO+3P0YrqZfMZX\nzpozAGi5GdFsTPKKT5AX/KpfP7CREsoXDDI6uJJ+1tWoOi0vbjIegCnfFUFS\niUHWeyv4yKMNKOAkk7cyZRbcDxkuHk4Q/148rzzE/Q0bQqpHiRjLNNxckw8i\nfAdGnSLv8VMWifroPmGfL992/k3/0XTrkttSLc+LZ+TGj/dq3LSTHiz3k16G\nmSmsRw1ckccmhAC//mAFjtI+mmqxQwO6mnl7PlXgo8040fQJModDP/xJledp\nvPrzUH1QWynn/MXTJDeK4IZB3LA/0CEwQoLqfNKCiJNERXNHG6/YxZVgiB9E\nrykXCvRxCcWLEv1pBoLDbDaODaqMVFcSq7Xlszv6lOvGI15Gy7wCD6/Ixb2W\n5Lsmv4bbgkU6vOQewUFC8PWJdKwhZSbXLvVnmCZ4y/I3zes2TGQ9AtJFDsR/\nhcL97PCNV82aiC3/RpqxDy7X8sMJIHEppz8NBcumW3npwXfDOGK8ewNB2hDM\nAqmN7jFbd3ySD+0el1rY9uODkhaR+d8KUy4VfL+WTtSFUjT6oxm736n/MYXA\ngzEXllmg/kTzleuzi2caJyAMJEHauBVfAbaPFwHxFfxAb7ALDhGujGpglL0Y\na3nFd0chPcHGQ8vkqQIHwn6s1lz2I+4CEt08w4a4PNk66sqm6+t3WHRac/Jz\nb3BIVIAUCLgQ1DXbiIMr/3EHDSC5J7QW6BSmCH46QalNw33wHLY2Zv3mA4kB\nb0O9Niv5lMIuqkt89o/Jb1B/dDZCw+v6NNSp0ltYnfnSiAJrxMI4IE/zjrrp\nmDEW56HbOwflX4kaUQSscgaFMIKIQDz/mYmsDd/nxbf/PBYzp6cbz/3lvNUW\ntc2Grr2LcSZaVOwj8TmQxuk9QT/5de+kdUmj4X+bt8Ibg0jCZ94AqTIM09le\nB88n2yfTz2KhZkS2tTC18FkrMcbrK5lEK92HWSmePKOZr2Hl3G3QzEMjPyQi\nXJgZOHzKts8TPxUcEYr4dgsFC3V0LOwNUJuNAtN9F8gKUjYkgKinXWmw4YG2\nm006PEDLQqwpIPbyOKuaPRMSZOW20tVic4Rq0uAmAcXGUxnsAas378YI0Dtq\nfalD3lu+3cOQacP5ZrnJ/QW/V//s9o+w9o2n81gtBXP//7nT1pkbskyRQEy5\nfQCcOKuHogMP6sl2sP3IqrhyPVo5zG3OAGJNP7iouFYwbX3B1+ncA97XZNvd\ng1iw9ybSEuIrx6lsIsn5zVGqmwJFP+hYK3+PY+PAjAKT5Y+1UzRGaDB/87tU\n5avjgNhnYiGFYwjwrdvG/Wzbx27kW8a5fUwhwvDI5SURYrFaE8rKIkvbAQQY\nS+d3RKu2/p9m+6A4UyU8+px10GE6sm1qjV6kBWlS7sIyIsbGYbzbbFq05Afx\nT5ph5SzO7Aa44cWDhH/Bdno7mEXqOEAYP8dXMq3q9/IlGqy8P/oVsM8X7jcZ\neOTV9jC2oLpckY4mAFKJ31AJ6BiG/jsheZQY8d29hTpzauK9qo7mDAZwem50\n3x4pTLdRNDbSCOEALsNvGtmZr2UgVXCteMO0CFi7uPy5cU4e39D0/wBJ4/mT\nnVGX8aiAPBSOeoUcWg9qEzTums6ctSMluIHrafuxn6pJR6h0y8kh2oy3KiUE\nN1x4J/aXe3WYzBPoBDw60rnLht4XHXAWueK8mGLTC5vZstamvgDNXREL1aM3\nWDcfLleer9Rbde784Kpa6x5QgYcTV51ecPVnYweugFgLIVQNkEBbAn4V84HX\nK4XcOo4tJy+f4P3tAgIE9CoLd7Q9V8yuZplw20LykecuzBOCaP4um4KSLlTn\nTp5NwKU1ijQ5nefEeMbESJ9TFBxH8K6Y7EUUBBGNCJ3LlNbpsawCtrMgKqMh\n0kP2geQwf7ARBwWa3MHdebL0FUUaQjpGKOxJ2PtEI3t2vQmzr7go1fpVOmeJ\n3dDI1ecLpd7VelQlJVT1nKv+07aHPdSE1+hMZi8CVARCAEyOqufEs+KcHeHK\nhUI9cjjqy3kXrBR1Gw7jMUvbfTqfrV3oo+RqNorF+6ZyFtkivKih2POMHRjS\njHY7ag0sQYYe/O5DLhR9WIIhxkKMKYed8mywTEg0YWAxBCXUIl9M+GH6T7WU\n8Ajg3k1paLzi09ypwLVWOzq+\n",
"iv": "//Oik8zYVxlYLCJ/5zk2Jw==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"airtable_api_key": {
"encrypted_data": "qDEztKIUYN6qU6dAbXi7leapA/+fK0beTZpEvFxvP9+0IrfSQ0mjagIU33ne\nkM/Y\n",
"iv": "MdfLft5aSoC/yzZe7BRCyg==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"github_token": {
"encrypted_data": "Rp1icQX6fbE8WImrY3NxkLcq10+CcCOG0nSED3ALtVaiY9gXtLb4mEPhgz6B\nqepZ5bG35W08ORxjBskpPudKMQ==\n",
"iv": "9JTZWHikvB9+dfyht5UYmQ==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"aws_access_key_id": {
"encrypted_data": "J7sNPOtA+lzj+7FjZlneadNcLZxBGz2x1JNeX0j0Rl/pSU7QZCaPFy8KCGj+\nIh8v\n",
"iv": "K29ZdZdSAd+yJS8yNxkjpg==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"aws_secret_access_key": {
"encrypted_data": "UFLVmj81LAMZheItVvEioQhecPYXLU9tzQVRFLOO1NKZLRK6oDNDPbvey5vO\ndzw1UiGD6LcrAFRPDYuwsQrteg==\n",
"iv": "RCSCMBxVC8oF02R3l2ASxg==\n",
"version": 1,
"cipher": "aes-256-cbc"
}
}

33
data_bags/credentials/schlupp_5apps.json
View File

@ -1,33 +0,0 @@
{
"id": "schlupp_5apps",
"nickserv_password": {
"encrypted_data": "lbBdgTUfmpduKtGe016XIj5vXDIrCD6Zr6XC1GVrtAk=\n",
"iv": "woPI4Urqdf+2My1sZnnM7Q==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"rs_logger_token": {
"encrypted_data": "0eR75jl00C4fxpVWHwPxDPnOwuWXJOGKhcQ51Yx7PIQaQ1dxpR24PlE4iwfq\nXnlhiP+J9BVWko98QDb3LgxNBw==\n",
"iv": "f4zGM+sgctpmON1uH0ylVw==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"webhook_token": {
"encrypted_data": "hM0aE+B23vaovLPGKd9nw8LiiPnVcv6ZUMj+RnGGDSe0obVslaj0oMusiDuY\n8YU0\n",
"iv": "AwUPMpO2W0fP51gKYvB4gw==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"rs_ops_token": {
"encrypted_data": "Dweur0XEIuce23nQV4mMqX5WB7ozzfrr6Gz6cBA2kywriV2JhL6fvfWzUX3K\nGiBqTluJ1NXgIapjuxjmy8ssmw==\n",
"iv": "wEuzcADN5cZdIghrYgQg8g==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"deploy_key": {
"encrypted_data": "Zxaeht3wefd7GycwtJN/ufOPVhOPmb0HGJz8MWGNYTFmH9b3cZSKaVwG6S5+\ngagABP7DfEm3dmds/lHA22Vs9OmKLyy4pkqktpr1hHnWfJS4xDVbBcV7cwde\nZ9sT4AY+TNgxkEvPOpiPMwNjnIvjtGXP2iA9OOIszOEJ6CLu8JYFT8XCNv9g\nez30qbMMUVf3xyRKbD12BTuaE4TIvEENTL2pvOuiC2tmw1YpnwwZPv42vlXa\n6CMAJruM6Vx9wUn3IcL/RAZTZBwkWDS9JtH30DT1yN3H7Ugeg5X0vJFcgtLY\nK2gBm9B87UUq57vE7zWOsbPu6c4rHf1LNylJvALvpRbXhoduYRJIYTzhQiKe\nxf56u0r+f1zTaGjKtwcJDZExj3a5gIZeiEzGgiM9pAH6J2vEmXX9xYXo3fi9\ntKxQlWdfe41uzT4uTo+/b5Gm8Kt7iWbhegRvXNGiWPI8JmYRthC0lPdITFQV\n9uKGbdnXWQpQesnIm/VUpO2EWv5MtN8T5KuyURqGG/rVC2GyfODbofzl+kTK\nJPMWsLxO0+b3+TCj5UAGRyO6sLRzQnsjX0+lT4wbXE/Os2dnyEznkpJBUQYQ\nAkte7dR+rN/UrtmZ4OphmatJzbA2ZeFUE7A3BVwxBfQJJBXaFgYLNVW4oyAY\nXW9W5x5Zv/a80xc2vzdO4cpZg26e0N7ulLgl9PsWXw/Elopzmic5vocCiP3C\ni//4+A+eW413pr0O2RPJ+08nMRlyG9v07Oaj7Lj9+rjPXr/Xfe+GYESGTKzL\ni8B4EVKr29yGxTqrC/7HvzuTQHF/p3q5r4IpfX/gp3zYYYpjSDjAGpvY0cJP\nMmh3lMcuUkKDayR9lPqVmNq0f2sIrdLx6v2GIEsEcYJwQxqITeWjq+TtNHKk\nxV6nwbstVfQplH8Cq+mbVB1KNep7enFrF3VEkucGHi8KNKoHoiI7UL79dPws\nERv5bXXsdusesrax9p4FQotaYuiSeKYa/tZ2uJEaLBGMl9MQ0zQ/9NkdLKZB\nXiADNQKYIqkK0vwm1YHQDoTyrA2DHaIebvvz79v3dPcstexOL5ZVr5BDFCfh\nabL5koFCSnxQ5A7PjgDlscfkzu8jNj3cBqN6nQQzK1NkthVs3K/rHein/q0T\nsr6fB8bqdgHXg9FpnbibzYOE+KU7xICIvk+N9vX30jIc3XGYXpTE5orv8CGR\nmAYb3AVbjUXCk1Zeph3zXUd8aWkPY8JhEdr5QaW3B2hBgiTH3CdDIttMcqDy\nStcSgqR0zXznxpbvHMGvHSrCAe29qUzVW7OzATUkRIrfl1P2YjTqRC1luxOq\nvpDTwPSPvAULcjQE2I/gpCDOAYwI+oI25pBT3Z0LogLu/ZgZ0cFE+s6bMBq9\nYogxao4y7+31Gvf2nE6gGRdUkYda2hOZ3hkyAmurlCu8+9O7yINyCpNSXXt4\nms21V6NbTP9ffwoUKGLf/ypcxAcNGlt5ws3ZC3xREDdDOMvy5dIAhin+S7yH\nbjGAeMJXP2uD5EXdHuDQrBWajs/GKM4gBBCXedwN7G65T8DyLK7hgxhJOIPT\nhtJ/Q5qw5FTwz3hK2IAPZ0Lkl3w20YZ8VL8/5EvE1r5I0sMwiT/yEepydegA\nxOWtk568gF3ju5KFvAcFO5WLdNwgihYMPqrKgzVyFJAzg+tOzEDSqQAFLVlQ\n9MaqSOQJjZA4Pww2UimmiOXGCzEtKa4mkRo9jPAYQoMoUyWu3fxXPvM29LBD\nJIZmehrMid1/HBh12BvAmGqfdkexdm1cCIw93sgRs1772dSBVuUtsOd7+YA0\njeIRM3v3xweNr6p4bHy2r0syh14s6olwnNoHLEDCDCC51ILfgf52JSkIKMLz\nt03MzI29i58DIr++5lzUEO8PNqcYr9i9s1khaGkjg1x/zEFbzyXcVylQIQxl\nyzch+fIHsH4GbOhdl4hNHaBLMsXjDjuhLfj8pnXJhjoemC5B+X+mj2OKu0Uf\nEHWk9GODqS2jeDeX1xTbp87tshXHH9yGCKTfOEvgJ2pv7OU2wogarZFmLwHS\nabjcWUIJnhgE/9FjMNeMDMn1LbpkSv+y6rQfcowFEIO9Lyvw6aogQMG2vLih\n3QQCMfTjFHKZoNfDjLq/JdMwXLFgSjMI72T01yvvjgVtE3/fJDnhDo95659n\nbOYPjIzORZDOCXxUEJD9rX23HZGxKvqo1n5jB3je1q1TWsPSxigNp0Iv9oOk\nDEkENZrF6oAy3oSII/9ecA2lpharnxmKMUUUWV3eTx1q8eQs6woKkoumSOKr\nae8hr7/pRkludQdmvem0X3TX\n",
"iv": "C8kUHlS1U84I45JsAql/Qg==\n",
"version": 1,
"cipher": "aes-256-cbc"
}
}

4
site-cookbooks/5apps-hubot/CHANGELOG.md
View File

@ -1,4 +0,0 @@
# 5apps-hubot CHANGELOG
## 0.1.0
- [Greg Karékinian] - Initial release of 5apps-hubot

80
site-cookbooks/5apps-hubot/README.md
View File

@ -1,80 +0,0 @@
# 5apps-hubot Cookbook
TODO: Enter the cookbook description here.
e.g.
This cookbook makes your favorite breakfast sandwich.
## Requirements
TODO: List your cookbook requirements. Be sure to include any requirements this cookbook has on platforms, libraries, other cookbooks, packages, operating systems, etc.
e.g.
### Platforms
- SandwichOS
### Chef
- Chef 12.0 or later
### Cookbooks
- `toaster` - 5apps-hubot needs toaster to brown your bagel.
## Attributes
TODO: List your cookbook attributes here.
e.g.
### 5apps-hubot::default
<table>
<tr>
<th>Key</th>
<th>Type</th>
<th>Description</th>
<th>Default</th>
</tr>
<tr>
<td><tt>['5apps-hubot']['bacon']</tt></td>
<td>Boolean</td>
<td>whether to include bacon</td>
<td><tt>true</tt></td>
</tr>
</table>
## Usage
### 5apps-hubot::default
TODO: Write usage instructions for each cookbook.
e.g.
Just include `5apps-hubot` in your node's `run_list`:
```json
{
"name":"my_node",
"run_list": [
"recipe[5apps-hubot]"
]
}
```
## Contributing
TODO: (optional) If this is a public cookbook, detail the process for contributing. If this is a private cookbook, remove this section.
e.g.
1. Fork the repository on Github
2. Create a named feature branch (like `add_component_x`)
3. Write your change
4. Write tests for your change (if applicable)
5. Run the tests, ensuring they all pass
6. Submit a Pull Request using Github
## License and Authors
Authors: TODO: List authors

12
site-cookbooks/5apps-hubot/metadata.rb
View File

@ -1,12 +0,0 @@
name '5apps-hubot'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
description 'Installs/Configures 5apps-hubot'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'
depends 'kosmos-nodejs'
depends 'application_javascript'
depends 'application_git'
depends 'firewall'

98
site-cookbooks/5apps-hubot/recipes/xmpp_botka.rb
View File

@ -1,98 +0,0 @@
#
# Cookbook Name:: 5apps-hubot
# Recipe:: xmpp_botka
#
# Copyright 2016, Kosmos
#
# All rights reserved - Do Not Redistribute
#
unless node.chef_environment == "development"
include_recipe "firewall"
firewall_rule 'hubot_express_botka_xmpp' do
port 8082
protocol :tcp
command :allow
end
end
group "hubot" do
gid 48268
end
user "hubot" do
system true
manage_home true
comment "hubot user"
uid 48268
gid 48268
shell "/bin/bash"
end
botka_xmpp_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', '5apps_botka_xmpp')
botka_xmpp_path = "/opt/botka_xmpp"
application botka_xmpp_path do
owner "hubot"
group "hubot"
git do
user "hubot"
group "hubot"
repository "https://github.com/67P/botka.git"
revision "master"
end
file "external-scripts.json" do
mode "0640"
owner "hubot"
group "hubot"
content [
"hubot-help",
"hubot-remotestorage-logger",
].to_json
end
npm_install do
user "hubot"
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
template "/lib/systemd/system/botka_xmpp_nodejs.service" do
source 'nodejs.systemd.service.erb'
owner 'root'
group 'root'
mode '0644'
variables(
user: "hubot",
group: "hubot",
app_dir: botka_xmpp_path,
entry: "#{botka_xmpp_path}/bin/hubot -a xmpp --name botka",
environment: { "HUBOT_XMPP_USERNAME" => "botka@5apps.com/hubot",
"HUBOT_XMPP_PASSWORD" => botka_xmpp_data_bag_item['password'],
"HUBOT_XMPP_ROOMS" => "5info@muc.5apps.com,5ops@muc.5apps.com,core@muc.5apps.com,deploy@muc.5apps.com,storage@muc.5apps.com,watercooler@muc.5apps.com,hilti@muc.5apps.com,gymapp@muc.5apps.com,solarisbank@muc.5apps.com",
"HUBOT_XMPP_HOST" => "xmpp.5apps.com",
"HUBOT_RSS_PRINTSUMMARY" => "false",
"EXPRESS_PORT" => "8082",
"HUBOT_RSS_HEADER" => "Update:",
"HUBOT_AUTH_ADMIN" => "basti,garret,greg",
"REDIS_URL" => "redis://localhost:6379/5apps_botka_xmpp",
"RS_LOGGER_USER" => "5apps@5apps.com",
"RS_LOGGER_TOKEN" => botka_xmpp_data_bag_item['rs_logger_token'],
"RS_LOGGER_SERVER_NAME" => "5apps",
"WEBHOOK_TOKEN" => botka_xmpp_data_bag_item['webhook_token'] }
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[botka_xmpp_nodejs]", :delayed
end
service "botka_xmpp_nodejs" do
action [:enable, :start]
end
end

137
site-cookbooks/5apps-hubot/recipes/xmpp_schlupp.rb
View File

@ -1,137 +0,0 @@
#
# Cookbook Name:: 5apps-hubot
# Recipe:: xmpp_schlupp
#
# Copyright 2016, Kosmos
#
# All rights reserved - Do Not Redistribute
#
express_port = 8083
express_domain = "hubot.5apps.com"
unless node.chef_environment == "development"
include_recipe "firewall"
firewall_rule 'hubot_express_schlupp_xmpp' do
port express_port
protocol :tcp
command :allow
end
end
group "hubot" do
gid 48268
end
user "hubot" do
system true
manage_home true
comment "hubot user"
uid 48268
gid 48268
shell "/bin/bash"
end
schlupp_xmpp_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', '5apps_schlupp_xmpp')
schlupp_xmpp_path = "/opt/schlupp_xmpp"
application schlupp_xmpp_path do
owner "hubot"
group "hubot"
git do
user "hubot"
group "hubot"
repository "git@gitlab.com:5apps/schlupp.git"
revision "master"
deploy_key schlupp_xmpp_data_bag_item['deploy_key']
end
file "external-scripts.json" do
mode "0640"
owner "hubot"
group "hubot"
content [
"hubot-auth",
"hubot-help",
"hubot-redis-brain",
"hubot-rules",
"hubot-shipit",
"hubot-plusplus",
"hubot-tell",
"hubot-seen",
"hubot-rss-reader",
"hubot-incoming-webhook",
"hubot-yubikey-invalidation",
].to_json
end
npm_install do
user "hubot"
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
template "/lib/systemd/system/schlupp_xmpp_nodejs.service" do
source 'nodejs.systemd.service.erb'
owner 'root'
group 'root'
mode '0644'
variables(
user: "hubot",
group: "hubot",
app_dir: schlupp_xmpp_path,
entry: "#{schlupp_xmpp_path}/bin/hubot -a xmpp --name schlupp",
environment: { "HUBOT_XMPP_USERNAME" => "schlupp@5apps.com/hubot",
"HUBOT_XMPP_PASSWORD" => schlupp_xmpp_data_bag_item['password'],
"HUBOT_XMPP_ROOMS" => "5info@muc.5apps.com,5ops@muc.5apps.com,core@muc.5apps.com,deploy@muc.5apps.com,storage@muc.5apps.com,watercooler@muc.5apps.com,hilti@muc.5apps.com,test@muc.5apps.com,gymapp@muc.5apps.com,solarisbank@muc.5apps.com",
"HUBOT_XMPP_HOST" => "xmpp.5apps.com",
"HUBOT_RSS_PRINTSUMMARY" => "false",
"EXPRESS_PORT" => express_port,
"HUBOT_RSS_HEADER" => "Update:",
"HUBOT_AUTH_ADMIN" => "basti,garret,greg",
"REDIS_URL" => "redis://localhost:6379/5apps_schlupp_xmpp",
"WEBHOOK_TOKEN" => schlupp_xmpp_data_bag_item['webhook_token'],
"AIRTABLE_API_KEY" => schlupp_xmpp_data_bag_item['airtable_api_key'],
"GITHUB_TOKEN" => schlupp_xmpp_data_bag_item['github_token'],
"AWS_ACCESS_KEY_ID" => schlupp_xmpp_data_bag_item['aws_access_key_id'],
"AWS_SECRET_ACCESS_KEY" => schlupp_xmpp_data_bag_item['aws_secret_access_key'] }
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[schlupp_xmpp_nodejs]", :delayed
end
service "schlupp_xmpp_nodejs" do
action [:enable, :start]
end
end
#
# Nginx reverse proxy
#
unless node.chef_environment == "development"
include_recipe "kosmos-base::letsencrypt"
end
include_recipe 'kosmos-nginx'
template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
source 'nginx_conf_hubot.erb'
owner node["nginx"]["user"]
mode 0640
variables express_port: express_port,
server_name: express_domain,
ssl_cert: "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site express_domain do
action :enable
end
nginx_certbot_site express_domain

31
site-cookbooks/5apps-hubot/templates/default/nginx_conf_hubot.erb
View File

@ -1,31 +0,0 @@
#
# Generated by Chef
#
upstream _express_<%= @server_name.gsub(".", "_") %> {
server localhost:<%= @express_port %>;
}
server {
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
listen 443 ssl http2;
add_header Strict-Transport-Security "max-age=15768000";
<% end -%>
server_name <%= @server_name %>;
access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json;
error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
location / {
# Increase number of buffers. Default is 8
proxy_buffers 1024 8k;
proxy_pass http://_express_<%= @server_name.gsub(".", "_") %>;
proxy_http_version 1.1;
}
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
<% end -%>
}

17
site-cookbooks/5apps-hubot/templates/default/nodejs.systemd.service.erb
View File

@ -1,17 +0,0 @@
[Unit]
Description=Start nodejs app
Requires=redis-server.service
After=redis-server.service
[Service]
ExecStart=<%= @entry %>
WorkingDirectory=<%= @app_dir %>
User=<%= @user %>
Group=<%= @group %>
<% unless @environment.empty? -%>
Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %>
<% end -%>
Restart=always
[Install]
WantedBy=multi-user.target

4
site-cookbooks/5apps-xmpp_server/CHANGELOG.md
View File

@ -1,4 +0,0 @@
# 5apps-xmpp_server CHANGELOG
## 0.1.0
- [Greg Karékinian] - Initial release of 5apps-xmpp_server

3
site-cookbooks/5apps-xmpp_server/README.md
View File

@ -1,3 +0,0 @@
# 5apps-xmpp_server Cookbook
This cookbook installs prosody as 5apps' private XMPP server

11
site-cookbooks/5apps-xmpp_server/metadata.rb
View File

@ -1,11 +0,0 @@
name '5apps-xmpp_server'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
description 'Installs/Configures 5apps-xmpp_server'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.2.0'
depends 'firewall'
depends 'apt'
depends 'backup'

44
site-cookbooks/5apps-xmpp_server/recipes/default.rb
View File

@ -1,44 +0,0 @@
#
# Cookbook Name:: 5apps-xmpp_server
# Recipe:: default
#
# Copyright 2016, 5apps
#
# All rights reserved - Do Not Redistribute
#
unless node.chef_environment == "development"
include_recipe "firewall"
firewall_rule "xmpp" do
port [5222, 5269, 5281]
protocol :tcp
command :allow
end
end
apt_repository "prosody" do
uri "https://packages.prosody.im/debian"
# 15.04 doesn't get new packages anymore, use the ones built for 16.04
distribution node["lsb"]["codename"] == "vivid" ? "xenial" : node["lsb"]["codename"]
components ["main"]
key "https://prosody.im/files/prosody-debian-packages.key"
end
# For SQL backend support
package "lua-dbi-sqlite3"
package "prosody" do
version "0.10.0-1~xenial4"
end
service "prosody" do
action [:enable]
end
unless node.chef_environment == "development"
include_recipe "5apps-xmpp_server::letsencrypt"
# backup the data dir and the config files
node.override["backup"]["archives"]["prosody"] = ["/var/lib/prosody", "/etc/prosody"]
include_recipe "backup"
end

44
site-cookbooks/5apps-xmpp_server/recipes/letsencrypt.rb
View File

@ -1,44 +0,0 @@
# Generate a Let's Encrypt cert for 5apps.com, muc.5apps.com and xmpp.5apps.com
include_recipe "kosmos-base::letsencrypt"
prosody_post_hook = <<-EOF
#!/usr/bin/env bash
# Copy the prosody certificates and restart the server if it has been renewed
# This is necessary because the prosody user doesn't have access to the
# letsencrypt live folder
for domain in $RENEWED_DOMAINS; do
case $domain in
# Do not copy over when renewing other 5apps.com domains
5apps.com)
cp "${RENEWED_LINEAGE}/fullchain.pem" /etc/prosody/certs/5apps.com.crt
cp "${RENEWED_LINEAGE}/privkey.pem" /etc/prosody/certs/5apps.com.key
cp "${RENEWED_LINEAGE}/fullchain.pem" /etc/prosody/certs/muc.5apps.com.crt
cp "${RENEWED_LINEAGE}/privkey.pem" /etc/prosody/certs/muc.5apps.com.key
cp "${RENEWED_LINEAGE}/fullchain.pem" /etc/prosody/certs/xmpp.5apps.com.crt
cp "${RENEWED_LINEAGE}/privkey.pem" /etc/prosody/certs/xmpp.5apps.com.key
chown prosody:prosody /etc/prosody/certs/*
chmod 600 /etc/prosody/certs/*.key
chmod 640 /etc/prosody/certs/*.crt
systemctl restart prosody
;;
esac
done
EOF
file "/etc/letsencrypt/renewal-hooks/post/prosody" do
content prosody_post_hook
mode 0755
owner "root"
group "root"
end
# Generate a Let's Encrypt cert (only if no cert has been generated before).
# The renew cron will take care of renewing
execute "letsencrypt cert for 5apps xmpp" do
command "/usr/bin/certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup\" --email ops@5apps.com -d 5apps.com -d muc.5apps.com -d xmpp.5apps.com -n"
not_if do
File.exist?("/etc/prosody/certs/5apps.com.crt")
end
end