WIP Deploy substr

2024-10-23 15:53:07 +02:00
parent c8160e38c8
commit c878ed1a1e
6 changed files with 131 additions and 1 deletions
--- a/site-cookbooks/kosmos_strfry/recipes/substr.rb
+++ b/site-cookbooks/kosmos_strfry/recipes/substr.rb
@@ -0,0 +1,99 @@
+#
+# Cookbook:: kosmos_strfry
+# Recipe:: substr
+#
+
+unless platform?("ubuntu")
+  raise "This recipe only supports Ubuntu installs at the moment"
+end
+
+apt_package "imagemagick"
+
+if node["substr"]["download_url"]
+  #
+  # Install by downloading an executable file
+  #
+  remote_file '/usr/local/bin/substr' do
+    source node["substr"]["download_url"]
+    checksum node["substr"]["checksum"]
+    mode '0755'
+    show_progress true
+    notifies :restart, "service[substr]", :delayed
+  end
+else
+  # TODO Install Deno 2
+end
+
+directory node["substr"]["workdir"] do
+  owner node["strfry"]["user"]
+  group node["strfry"]["group"]
+  mode "0755"
+end
+
+git node["substr"]["workdir"] do
+  user node["strfry"]["user"]
+  group node["strfry"]["group"]
+  repository node['substr']['repo']
+  revision node['substr']['revision']
+  action :sync
+  notifies :restart, "service[substr]", :delayed
+end
+
+file "#{node["substr"]["workdir"]}/users.yaml" do
+  mode "0644"
+  owner node["strfry"]["user"]
+  group node["strfry"]["group"]
+  content node["strfry"]["known_pubkeys"].to_yaml
+  notifies :restart, "service[substr]", :delayed
+end
+
+ldap_credentials = Chef::EncryptedDataBagItem.load('credentials', 'dirsrv')
+
+env = {
+  port: node['substr']['port'],
+  base_url: "https://#{node["strfry"]["domain"]}",
+  relay_urls: node['substr']['relay_urls'].join(","),
+  ldap_url: 'ldap://ldap.kosmos.local:389', # requires "ldap_client" role
+  ldap_bind_dn: ldap_credentials["service_dn"],
+  ldap_password: ldap_credentials["service_password"],
+  ldap_search_dn: node["strfry"]["ldap_search_dn"],
+}
+
+template "#{node["substr"]["workdir"]}/.env" do
+  source 'env.erb'
+  owner node["strfry"]["user"]
+  group node["strfry"]["group"]
+  mode 0600
+  sensitive true
+  variables config: env
+  notifies :restart, "service[substr]", :delayed
+end
+
+systemd_unit "substr.service" do
+  content({
+    Unit: {
+      Description: "substr for nostr",
+      Documentation: ["https://gitea.kosmos.org/kosmos/substr"],
+    },
+    Service: {
+      Type: "simple",
+      User: node["strfry"]["user"],
+      WorkingDirectory: node["substr"]["workdir"],
+      ExecStart: "/usr/local/bin/substr",
+      Restart: "on-failure",
+      RestartSec: "5",
+      ProtectHome: "no",
+      NoNewPrivileges: "yes",
+      ProtectSystem: "full"
+    },
+    Install: {
+      WantedBy: "multi-user.target"
+    }
+  })
+  triggers_reload true
+  action :create
+end
+
+service "substr" do
+  action [:enable, :start]
+end