Configure/deploy kosmos.org
Includes a new directive for Lightning Address resolution.
This commit is contained in:
parent
1e6c40b136
commit
d14d109a00
|
@ -33,6 +33,8 @@
|
|||
"kosmos_assets::nginx_site",
|
||||
"kosmos_kvm::host",
|
||||
"kosmos-ejabberd::firewall",
|
||||
"kosmos_website",
|
||||
"kosmos_website::default",
|
||||
"kosmos_zerotier::firewall",
|
||||
"sockethub::_firewall",
|
||||
"apt::default",
|
||||
|
@ -86,6 +88,7 @@
|
|||
"recipe[kosmos_assets::nginx_site]",
|
||||
"recipe[kosmos_kvm::host]",
|
||||
"recipe[kosmos-ejabberd::firewall]",
|
||||
"recipe[kosmos_website::default]",
|
||||
"recipe[kosmos_zerotier::firewall]",
|
||||
"recipe[sockethub::_firewall]"
|
||||
]
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
node.default["kosmos_website"]["domain"] = "kosmos.org"
|
||||
node.default["kosmos_website"]["repo"] = "https://gitea.kosmos.org/kosmos/website.git"
|
||||
node.default["kosmos_website"]["revision"] = "master"
|
|
@ -0,0 +1,10 @@
|
|||
name 'kosmos_website'
|
||||
maintainer 'Kosmos'
|
||||
maintainer_email 'ops@kosmos.org'
|
||||
license 'MIT'
|
||||
description 'Configures the main kosmos.org website'
|
||||
long_description 'Configures the main kosmos.org website'
|
||||
version '1.0.0'
|
||||
chef_version '>= 15.10' if respond_to?(:chef_version)
|
||||
|
||||
depends "kosmos-nginx"
|
|
@ -0,0 +1,38 @@
|
|||
#
|
||||
# Cookbook:: kosmos_website
|
||||
# Recipe:: default
|
||||
#
|
||||
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
domain = node["kosmos_website"]["domain"]
|
||||
|
||||
nginx_certbot_site domain
|
||||
|
||||
directory "/var/www/#{domain}/site" do
|
||||
user node["nginx"]["user"]
|
||||
group node["nginx"]["group"]
|
||||
mode "0755"
|
||||
end
|
||||
|
||||
git "/var/www/#{domain}/site" do
|
||||
user node["nginx"]["user"]
|
||||
group node["nginx"]["group"]
|
||||
repository node["kosmos_website"]["repo"]
|
||||
revision node["kosmos_website"]["revision"]
|
||||
action :sync
|
||||
end
|
||||
|
||||
template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
|
||||
source "nginx_conf_website.erb"
|
||||
owner node["nginx"]["user"]
|
||||
mode 0640
|
||||
variables domain: domain,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
|
||||
notifies :reload, "service[nginx]", :delayed
|
||||
end
|
||||
|
||||
nginx_site domain do
|
||||
action :enable
|
||||
end
|
|
@ -0,0 +1,26 @@
|
|||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
# Generated by Chef
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name <%= @domain %>;
|
||||
|
||||
root /var/www/<%= @domain %>/site;
|
||||
|
||||
access_log off;
|
||||
gzip_static on;
|
||||
gzip_comp_level 5;
|
||||
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
||||
location /.well-known/lnurlp/ {
|
||||
proxy_ssl_server_name on;
|
||||
rewrite /.well-known/lnurlp/([^/]+) /lnurlpay/$1@kosmos.org break;
|
||||
proxy_pass https://accounts.kosmos.org;
|
||||
}
|
||||
}
|
||||
<% end -%>
|
Loading…
Reference in New Issue