Split hubot into separate recipes, add ipfs to hal8000

2018-09-09 16:20:24 +08:00 · 2018-09-09 16:20:24 +08:00 · c0358f5c9b
commit c0358f5c9b
parent 4dff379065
4 changed files with 256 additions and 239 deletions
--- a/site-cookbooks/kosmos-hubot/metadata.rb
+++ b/site-cookbooks/kosmos-hubot/metadata.rb
@ -1,8 +1,8 @@
 name             'kosmos-hubot'
 maintainer       'Kosmos'
 maintainer_email 'mail@kosmos.org'
-license          'All rights reserved'
+license          'MIT'
-description      'Installs/Configures kosmos-hubot'
+description      'Configures Kosmos chat bots'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 version          '0.1.0'
@ -10,3 +10,4 @@ depends 'kosmos-nodejs'
 depends 'kosmos-redis'
 depends 'firewall'
 depends 'application_javascript'
 depends 'ipfs'
--- a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
@ -0,0 +1,129 @@
 #
 # Cookbook Name:: kosmos-hubot
 # Recipe:: botka_freenode
 #
 # Copyright 2017-2018, Kosmos
 #
 include_recipe "kosmos-nodejs"
 include_recipe "kosmos-redis"
 botka_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'botka_freenode')
 botka_freenode_path = "/opt/botka_freenode"
 application botka_freenode_path do
  owner "hubot"
  group "hubot"
  git do
    user       "hubot"
    group      "hubot"
    repository "https://github.com/67P/botka.git"
    revision   "master"
  end
  file "#{name}/external-scripts.json" do
    mode  "0640"
    owner "hubot"
    group "hubot"
    content [
      "hubot-help",
      "hubot-redis-brain",
      "hubot-remotestorage-logger",
      "hubot-web-push-notifications",
    ].to_json
  end
  npm_install do
    user "hubot"
  end
  execute "systemctl daemon-reload" do
    command "systemctl daemon-reload"
    action :nothing
  end
  template "/lib/systemd/system/botka_freenode_nodejs.service" do
    source 'nodejs.systemd.service.erb'
    owner 'root'
    group 'root'
    mode '0644'
    variables(
      user: "hubot",
      group: "hubot",
      app_dir: botka_freenode_path,
      entry: "#{botka_freenode_path}/bin/hubot -a irc",
      environment: {
        "HUBOT_IRC_SERVER"            => "irc.freenode.net",
        "HUBOT_IRC_ROOMS"             => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#opensourcedesign,#openknot,#emberjs,#mastodon,#indieweb,#lnd",
        "HUBOT_IRC_NICK"              => "botka",
        "HUBOT_IRC_NICKSERV_USERNAME" => "botka",
        "HUBOT_IRC_NICKSERV_PASSWORD" => botka_freenode_data_bag_item['nickserv_password'],
        "HUBOT_IRC_UNFLOOD"           => "100",
        "HUBOT_RSS_PRINTSUMMARY"      => "false",
        "HUBOT_RSS_PRINTERROR"        => "false",
        "HUBOT_RSS_IRCCOLORS"         => "true",
        # "HUBOT_LOG_LEVEL"             => "error",
        "EXPRESS_PORT"                => "8081",
        "HUBOT_AUTH_ADMIN"            => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao",
        "RS_LOGGER_USER"              => "kosmos@5apps.com",
        "RS_LOGGER_TOKEN"             => botka_freenode_data_bag_item['rs_logger_token'],
        "RS_LOGGER_SERVER_NAME"       => "freenode",
        "RS_LOGGER_PUBLIC"            => "true",
        "GCM_API_KEY"                 => botka_freenode_data_bag_item['gcm_api_key'],
        "VAPID_SUBJECT"               => "https://kosmos.org",
        "VAPID_PUBLIC_KEY"            => botka_freenode_data_bag_item['vapid_public_key'],
        "VAPID_PRIVATE_KEY"           => botka_freenode_data_bag_item['vapid_private_key']
      }
    )
    notifies :run, "execute[systemctl daemon-reload]", :delayed
    notifies :restart, "service[botka_freenode_nodejs]", :delayed
  end
  service "botka_freenode_nodejs" do
    action [:enable, :start]
  end
 end
 #
 # Nginx reverse proxy
 #
 unless node.chef_environment == "development"
  express_port = 8081
  express_domain = "freenode.botka.kosmos.org"
  include_recipe "kosmos-base::letsencrypt"
  include_recipe 'kosmos-nginx'
  directory "/var/www/#{express_domain}/.well-known/acme-challenge" do
    owner     node["nginx"]["user"]
    group     node["nginx"]["group"]
    recursive true
    action    :create
  end
  template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
    source 'nginx_conf_hubot.erb'
    owner node["nginx"]["user"]
    mode 0640
    variables express_port: express_port,
              server_name:  express_domain,
              ssl_cert:     "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
              ssl_key:      "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
    notifies :reload, 'service[nginx]', :delayed
  end
  nginx_site express_domain do
    enable true
  end
  # FIXME This doesn't actually work on the first run. Apparently nginx is not
  # reloaded after adding the vhost or sth, because it does work on the second
  # run.
  execute "letsencrypt cert for #{express_domain}" do
    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n"
    cwd "/usr/local/certbot"
    not_if { File.exist? "/etc/letsencrypt/live/#{express_domain}/fullchain.pem" }
    notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{express_domain}]", :immediately
  end
 end
--- a/site-cookbooks/kosmos-hubot/recipes/default.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/default.rb
@ -2,27 +2,8 @@
 # Cookbook Name:: kosmos-hubot
 # Recipe:: default
 #
-# Copyright 2017, Kosmos
+# Copyright 2017-2018, Kosmos
 #
 # All rights reserved - Do Not Redistribute
 #
 unless node.chef_environment == "development"
  include_recipe 'firewall'
  firewall_rule 'hubot_express_hal8000_freenode' do
    port     8080
    protocol :tcp
    command  :allow
  end
  firewall_rule 'ipfs_swarm_p2p' do
    port     4001
    protocol :tcp
    command  :allow
  end
 end
 include_recipe "kosmos-nodejs"
 include_recipe "kosmos-redis"
 group "hubot" do
  gid 48268
@ -35,220 +16,5 @@ user "hubot" do
  shell "/bin/bash"
 end
-hal8000_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'hal8000_freenode')
+include_recipe "kosmos-hubot::hal8000"
-
+include_recipe "kosmos-hubot::botka_freenode"
 hal8000_path = "/opt/hal8000"
 application hal8000_path do
  owner "hubot"
  group "hubot"
  git do
    user       "hubot"
    group      "hubot"
    repository "https://github.com/67P/hal8000.git"
    revision   "master"
  end
  file "#{name}/external-scripts.json" do
    mode  "0640"
    owner "hubot"
    group "hubot"
    content [
      "hubot-help",
      "hubot-read-tweet",
      "hubot-redis-brain",
      "hubot-rules",
      "hubot-shipit",
      "hubot-plusplus",
      "hubot-tell",
      "hubot-seen",
      "hubot-rss-reader",
      "hubot-incoming-webhook",
      "hubot-auth",
      "hubot-kredits",
    ].to_json
  end
  npm_install do
    user "hubot"
  end
  execute "systemctl daemon-reload" do
    command "systemctl daemon-reload"
    action :nothing
  end
  template "/lib/systemd/system/hal8000_nodejs.service" do
    source 'nodejs.systemd.service.erb'
    owner 'root'
    group 'root'
    mode '0644'
    variables(
      user: "hubot",
      group: "hubot",
      app_dir: hal8000_path,
      entry: "#{hal8000_path}/bin/hubot -a irc",
      environment: {
        # "HUBOT_LOG_LEVEL"           => "error",
        "HUBOT_IRC_SERVER"            => "irc.freenode.net",
        "HUBOT_IRC_ROOMS"             => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub",
        "HUBOT_IRC_NICK"              => "hal8000",
        "HUBOT_IRC_NICKSERV_USERNAME" => "hal8000",
        "HUBOT_IRC_NICKSERV_PASSWORD" => hal8000_freenode_data_bag_item['nickserv_password'],
        "HUBOT_IRC_UNFLOOD"           => "100",
        "HUBOT_RSS_PRINTSUMMARY"      => "false",
        "HUBOT_RSS_PRINTERROR"        => "false",
        "HUBOT_RSS_IRCCOLORS"         => "true",
        "HUBOT_PLUSPLUS_POINTS_TERM"  => "karma,karma",
        "EXPRESS_PORT"                => "8080",
        "HUBOT_RSS_HEADER"            => "Update:",
        "HUBOT_AUTH_ADMIN"            => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao",
        "WEBHOOK_TOKEN"               => hal8000_freenode_data_bag_item['webhook_token'],
        "IPFS_API_HOST"               => node['hal8000']['kredits']['ipfs_host'],
        "IPFS_API_PORT"               => node['hal8000']['kredits']['ipfs_port'],
        "IPFS_API_PROTOCOL"           => node['hal8000']['kredits']['ipfs_protocol'],
        "KREDITS_ROOM"                => node['hal8000']['kredits']['room'],
        "KREDITS_WEBHOOK_TOKEN"       => hal8000_freenode_data_bag_item['kredits_webhook_token'],
        "KREDITS_PROVIDER_URL"        => node['hal8000']['kredits']['provider_url'],
        "KREDITS_NETWORK_ID"          => node['hal8000']['kredits']['network_id'],
        "KREDITS_WALLET_PATH"         => node['hal8000']['kredits']['wallet_path'],
        "KREDITS_WALLET_PASSWORD"     => hal8000_freenode_data_bag_item['kredits_wallet_password'],
        "KREDITS_MEDIAWIKI_URL"       => node['hal8000']['kredits']['mediawiki_url'],
        "KREDITS_GITHUB_REPO_BLACKLIST" => node['hal8000']['kredits']['github_repo_blacklist']
      }
    )
    notifies :run, "execute[systemctl daemon-reload]", :delayed
    notifies :restart, "service[hal8000_nodejs]", :delayed
  end
  cookbook_file "#{name}/wallet.json" do
    source "wallet.json"
  end
  service "hal8000_nodejs" do
    action [:enable, :start]
  end
 end
 botka_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'botka_freenode')
 botka_freenode_path = "/opt/botka_freenode"
 application botka_freenode_path do
  owner "hubot"
  group "hubot"
  git do
    user       "hubot"
    group      "hubot"
    repository "https://github.com/67P/botka.git"
    revision   "master"
  end
  file "#{name}/external-scripts.json" do
    mode  "0640"
    owner "hubot"
    group "hubot"
    content [
      "hubot-help",
      "hubot-redis-brain",
      "hubot-remotestorage-logger",
      "hubot-web-push-notifications",
    ].to_json
  end
  npm_install do
    user "hubot"
  end
  execute "systemctl daemon-reload" do
    command "systemctl daemon-reload"
    action :nothing
  end
  template "/lib/systemd/system/botka_freenode_nodejs.service" do
    source 'nodejs.systemd.service.erb'
    owner 'root'
    group 'root'
    mode '0644'
    variables(
      user: "hubot",
      group: "hubot",
      app_dir: botka_freenode_path,
      entry: "#{botka_freenode_path}/bin/hubot -a irc",
      environment: {
        "HUBOT_IRC_SERVER"            => "irc.freenode.net",
        "HUBOT_IRC_ROOMS"             => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#opensourcedesign,#openknot,#emberjs,#mastodon,#indieweb,#lnd",
        "HUBOT_IRC_NICK"              => "botka",
        "HUBOT_IRC_NICKSERV_USERNAME" => "botka",
        "HUBOT_IRC_NICKSERV_PASSWORD" => botka_freenode_data_bag_item['nickserv_password'],
        "HUBOT_IRC_UNFLOOD"           => "100",
        "HUBOT_RSS_PRINTSUMMARY"      => "false",
        "HUBOT_RSS_PRINTERROR"        => "false",
        "HUBOT_RSS_IRCCOLORS"         => "true",
        # "HUBOT_LOG_LEVEL"             => "error",
        "EXPRESS_PORT"                => "8081",
        "HUBOT_AUTH_ADMIN"            => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao",
        "RS_LOGGER_USER"              => "kosmos@5apps.com",
        "RS_LOGGER_TOKEN"             => botka_freenode_data_bag_item['rs_logger_token'],
        "RS_LOGGER_SERVER_NAME"       => "freenode",
        "RS_LOGGER_PUBLIC"            => "true",
        "GCM_API_KEY"                 => botka_freenode_data_bag_item['gcm_api_key'],
        "VAPID_SUBJECT"               => "https://kosmos.org",
        "VAPID_PUBLIC_KEY"            => botka_freenode_data_bag_item['vapid_public_key'],
        "VAPID_PRIVATE_KEY"           => botka_freenode_data_bag_item['vapid_private_key']
      }
    )
    notifies :run, "execute[systemctl daemon-reload]", :delayed
    notifies :restart, "service[botka_freenode_nodejs]", :delayed
  end
  service "botka_freenode_nodejs" do
    action [:enable, :start]
  end
 end
 #
 # Nginx reverse proxy
 #
 express_port = 8081
 express_domain = "freenode.botka.kosmos.org"
 unless node.chef_environment == "development"
  include_recipe "kosmos-base::letsencrypt"
 end
 include_recipe 'kosmos-nginx'
 directory "/var/www/#{express_domain}/.well-known/acme-challenge" do
  owner     node["nginx"]["user"]
  group     node["nginx"]["group"]
  recursive true
  action    :create
 end
 template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
  source 'nginx_conf_hubot.erb'
  owner node["nginx"]["user"]
  mode 0640
  variables express_port: express_port,
            server_name:  express_domain,
            ssl_cert:     "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
            ssl_key:      "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
  notifies :reload, 'service[nginx]', :delayed
 end
 nginx_site express_domain do
  enable true
 end
 # FIXME This doesn't actually work on the first run. Apparently nginx is not
 # reloaded after adding the vhost or sth, because it does work on the second
 # run.
 unless node.chef_environment == "development"
  execute "letsencrypt cert for #{express_domain}" do
    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n"
    cwd "/usr/local/certbot"
    not_if { File.exist? "/etc/letsencrypt/live/#{express_domain}/fullchain.pem" }
    notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{express_domain}]", :immediately
  end
 end
--- a/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
@ -0,0 +1,121 @@
 #
 # Cookbook Name:: kosmos-hubot
 # Recipe:: hal8000
 #
 # Copyright 2017-2018, Kosmos
 #
 include_recipe "kosmos-nodejs"
 include_recipe "kosmos-redis"
 # Needed for hubot-kredits
 include_recipe "ipfs"
 unless node.chef_environment == "development"
  include_recipe 'firewall'
  firewall_rule 'hubot_express_hal8000_freenode' do
    port     8080
    protocol :tcp
    command  :allow
  end
  firewall_rule 'ipfs_swarm_p2p' do
    port     4001
    protocol :tcp
    command  :allow
  end
 end
 hal8000_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'hal8000_freenode')
 hal8000_path = "/opt/hal8000"
 application hal8000_path do
  owner "hubot"
  group "hubot"
  git do
    user       "hubot"
    group      "hubot"
    repository "https://github.com/67P/hal8000.git"
    revision   "master"
  end
  file "#{name}/external-scripts.json" do
    mode  "0640"
    owner "hubot"
    group "hubot"
    content [
      "hubot-help",
      "hubot-read-tweet",
      "hubot-redis-brain",
      "hubot-rules",
      "hubot-shipit",
      "hubot-plusplus",
      "hubot-tell",
      "hubot-seen",
      "hubot-rss-reader",
      "hubot-incoming-webhook",
      "hubot-auth",
      "hubot-kredits",
    ].to_json
  end
  npm_install do
    user "hubot"
  end
  execute "systemctl daemon-reload" do
    command "systemctl daemon-reload"
    action :nothing
  end
  template "/lib/systemd/system/hal8000_nodejs.service" do
    source 'nodejs.systemd.service.erb'
    owner 'root'
    group 'root'
    mode '0644'
    variables(
      user: "hubot",
      group: "hubot",
      app_dir: hal8000_path,
      entry: "#{hal8000_path}/bin/hubot -a irc",
      environment: {
        # "HUBOT_LOG_LEVEL"           => "error",
        "HUBOT_IRC_SERVER"            => "irc.freenode.net",
        "HUBOT_IRC_ROOMS"             => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub",
        "HUBOT_IRC_NICK"              => "hal8000",
        "HUBOT_IRC_NICKSERV_USERNAME" => "hal8000",
        "HUBOT_IRC_NICKSERV_PASSWORD" => hal8000_freenode_data_bag_item['nickserv_password'],
        "HUBOT_IRC_UNFLOOD"           => "100",
        "HUBOT_RSS_PRINTSUMMARY"      => "false",
        "HUBOT_RSS_PRINTERROR"        => "false",
        "HUBOT_RSS_IRCCOLORS"         => "true",
        "HUBOT_PLUSPLUS_POINTS_TERM"  => "karma,karma",
        "EXPRESS_PORT"                => "8080",
        "HUBOT_RSS_HEADER"            => "Update:",
        "HUBOT_AUTH_ADMIN"            => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao",
        "WEBHOOK_TOKEN"               => hal8000_freenode_data_bag_item['webhook_token'],
        "IPFS_API_HOST"               => node['hal8000']['kredits']['ipfs_host'],
        "IPFS_API_PORT"               => node['hal8000']['kredits']['ipfs_port'],
        "IPFS_API_PROTOCOL"           => node['hal8000']['kredits']['ipfs_protocol'],
        "KREDITS_ROOM"                => node['hal8000']['kredits']['room'],
        "KREDITS_WEBHOOK_TOKEN"       => hal8000_freenode_data_bag_item['kredits_webhook_token'],
        "KREDITS_PROVIDER_URL"        => node['hal8000']['kredits']['provider_url'],
        "KREDITS_NETWORK_ID"          => node['hal8000']['kredits']['network_id'],
        "KREDITS_WALLET_PATH"         => node['hal8000']['kredits']['wallet_path'],
        "KREDITS_WALLET_PASSWORD"     => hal8000_freenode_data_bag_item['kredits_wallet_password'],
        "KREDITS_MEDIAWIKI_URL"       => node['hal8000']['kredits']['mediawiki_url'],
        "KREDITS_GITHUB_REPO_BLACKLIST" => node['hal8000']['kredits']['github_repo_blacklist']
      }
    )
    notifies :run, "execute[systemctl daemon-reload]", :delayed
    notifies :restart, "service[hal8000_nodejs]", :delayed
  end
  cookbook_file "#{name}/wallet.json" do
    source "wallet.json"
  end
  service "hal8000_nodejs" do
    action [:enable, :start]
  end
 end