Configure/deploy kosmos.org

Includes a new directive for Lightning Address resolution.
2021-11-26 14:10:39 -06:00 · 2021-11-26 14:10:39 -06:00 · d14d109a00
parent 1e6c40b136
commit d14d109a00
5 changed files with 80 additions and 0 deletions
--- a/nodes/centaurus.kosmos.org.json
+++ b/nodes/centaurus.kosmos.org.json
@ -33,6 +33,8 @@
      "kosmos_assets::nginx_site",
      "kosmos_kvm::host",
      "kosmos-ejabberd::firewall",
+      "kosmos_website",
+      "kosmos_website::default",
      "kosmos_zerotier::firewall",
      "sockethub::_firewall",
      "apt::default",
@ -86,6 +88,7 @@
    "recipe[kosmos_assets::nginx_site]",
    "recipe[kosmos_kvm::host]",
    "recipe[kosmos-ejabberd::firewall]",
+    "recipe[kosmos_website::default]",
    "recipe[kosmos_zerotier::firewall]",
    "recipe[sockethub::_firewall]"
  ]
--- a/site-cookbooks/kosmos_website/attributes/default.rb
+++ b/site-cookbooks/kosmos_website/attributes/default.rb
@ -0,0 +1,3 @@
+node.default["kosmos_website"]["domain"]   = "kosmos.org"
+node.default["kosmos_website"]["repo"]     = "https://gitea.kosmos.org/kosmos/website.git"
+node.default["kosmos_website"]["revision"] = "master"
--- a/site-cookbooks/kosmos_website/metadata.rb
+++ b/site-cookbooks/kosmos_website/metadata.rb
@ -0,0 +1,10 @@
+name 'kosmos_website'
+maintainer 'Kosmos'
+maintainer_email 'ops@kosmos.org'
+license 'MIT'
+description 'Configures the main kosmos.org website'
+long_description 'Configures the main kosmos.org website'
+version '1.0.0'
+chef_version '>= 15.10' if respond_to?(:chef_version)
+
+depends "kosmos-nginx"
--- a/site-cookbooks/kosmos_website/recipes/default.rb
+++ b/site-cookbooks/kosmos_website/recipes/default.rb
@ -0,0 +1,38 @@
+#
+# Cookbook:: kosmos_website
+# Recipe:: default
+#
+
+include_recipe "kosmos-nginx"
+
+domain = node["kosmos_website"]["domain"]
+
+nginx_certbot_site domain
+
+directory "/var/www/#{domain}/site" do
+  user node["nginx"]["user"]
+  group node["nginx"]["group"]
+  mode "0755"
+end
+
+git "/var/www/#{domain}/site" do
+  user node["nginx"]["user"]
+  group node["nginx"]["group"]
+  repository node["kosmos_website"]["repo"]
+  revision node["kosmos_website"]["revision"]
+  action :sync
+end
+
+template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
+  source "nginx_conf_website.erb"
+  owner node["nginx"]["user"]
+  mode 0640
+  variables domain: domain,
+            ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
+            ssl_key:  "/etc/letsencrypt/live/#{domain}/privkey.pem"
+  notifies :reload, "service[nginx]", :delayed
+end
+
+nginx_site domain do
+  action :enable
+end
--- a/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb
+++ b/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb
@ -0,0 +1,26 @@
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+# Generated by Chef
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name <%= @domain %>;
+
+  root /var/www/<%= @domain %>/site;
+
+  access_log off;
+  gzip_static on;
+  gzip_comp_level 5;
+
+  add_header 'Access-Control-Allow-Origin' '*';
+
+  ssl_certificate     <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+
+  location /.well-known/lnurlp/ {
+    proxy_ssl_server_name on;
+    rewrite /.well-known/lnurlp/([^/]+) /lnurlpay/$1@kosmos.org break;
+    proxy_pass https://accounts.kosmos.org;
+  }
+}
+<% end -%>