Add liquor_cabinet cookbook

site-cookbooks/liquor_cabinet/recipes/default.rb

@@ -0,0 +1,139 @@
+#
+# Cookbook:: liquor_cabinet
+# Recipe:: default
+#
+
+app_name     = "liquor-cabinet"
+deploy_user  = "deploy"
+deploy_group = "deploy"
+deploy_path  = "/opt/#{app_name}"
+credentials  = Chef::EncryptedDataBagItem.load('credentials', app_name)
+
+ruby_version = node[app_name]['ruby']['version']
+ruby_path    = "/opt/ruby_build/builds/#{ruby_version}"
+bundle_path  = "#{ruby_path}/bin/bundle"
+rack_env     = node.chef_environment == "production" ? "production" : "development"
+
+ruby_build_install 'v20231225'
+ruby_build_definition ruby_version do
+  prefix_path ruby_path
+end
+
+group deploy_group
+
+user deploy_user do
+  group       deploy_group
+  manage_home true
+  shell       "/bin/bash"
+end
+
+directory deploy_path do
+  owner deploy_user
+  group deploy_group
+  mode  '0750'
+end
+
+redis_server_role = node[app_name]['redis_server_role']
+redis_host = search(:node, "role:#{redis_server_role}").first['knife_zero']['host'] rescue nil
+if redis_host.nil?
+  Chef::Log.warn("No node found with '#{redis_server_role}' role. Stopping here.")
+  return
+end
+
+git deploy_path do
+  repository node[app_name]['repo']
+  revision node[app_name]['revision']
+  user  deploy_user
+  group deploy_group
+  notifies :restart, "service[#{app_name}]", :delayed
+end
+
+directory "#{deploy_path}/tmp" do
+  owner deploy_user
+  group deploy_group
+  mode  0750
+end
+
+execute "bundle install" do
+  user deploy_user
+  cwd deploy_path
+  command "#{bundle_path} install --without development,test --deployment"
+end
+
+template "#{deploy_path}/config.yml.erb" do
+  source 'config.yml.erb'
+  owner deploy_user
+  group deploy_group
+  mode '0600'
+  sensitive true
+  variables environment: rack_env,
+            redis_host: redis_host,
+            redis_port: node[app_name]['redis_port'],
+            redis_db: node[app_name]['redis_db'],
+            s3_endpoint: node[app_name]['s3_endpoint'],
+            s3_region: node[app_name]['s3_region'],
+            s3_bucket: node[app_name]['s3_bucket'],
+            s3_access_key: credentials['s3_access_key'],
+            s3_secret_key: credentials['s3_secret_key'],
+            maintenance_mode_enabled: node[app_name]['maintenance_mode_enabled']
+            # TODO sentry_dsn: credentials['sentry_dsn']
+  notifies :restart, "service[#{app_name}]", :delayed
+end
+
+directory '/etc/rainbows' do
+  owner deploy_user
+  group deploy_group
+  mode  '0750'
+end
+
+template "/etc/rainbows/#{app_name}.rb" do
+  source 'rainbows.rb.erb'
+  owner deploy_user
+  group deploy_group
+  mode '0640'
+  variables user: deploy_user,
+            group: deploy_group,
+            app_name: app_name,
+            working_directory: deploy_path,
+            config: node[app_name]['rainbows']
+  notifies :restart, "service[#{app_name}]", :delayed
+end
+
+systemd_unit "#{app_name}.service" do
+  content({
+    Unit: {
+      Description: "Liquor Cabinet remoteStorage HTTP API",
+      Documentation: ["https://gitea.kosmos.org/5apps/liquor-cabinet"],
+      After: "syslog.target network.target"
+    },
+    Service: {
+      Type: "simple",
+      User: deploy_user,
+      WorkingDirectory: deploy_path,
+      Environment: "RACK_ENV=#{rack_env}",
+      ExecStart: "#{bundle_path} exec rainbows -c /etc/rainbows/#{app_name}.rb -E #{rack_env}",
+      PIDFile: "#{deploy_path}/tmp/rainbows.pid",
+      TimeoutSec: "10",
+      Restart: "on-failure",
+    },
+    Install: {
+      WantedBy: "multi-user.target"
+    }
+  })
+  verify false
+  triggers_reload true
+  action [:create, :enable]
+end
+
+service app_name do
+  action [:enable, :start]
+end
+
+if node[app_name]['ufw_source_allowed']
+  firewall_rule app_name do
+    command  :allow
+    protocol :tcp
+    port     node[app_name]['rainbows']['port']
+    source   node[app_name]['ufw_source_allowed']
+  end
+end