Deploy kosmos assets with Openresty

2023-07-12 20:36:12 +02:00 · 2023-07-12 20:36:12 +02:00 · d79dcd8e65
commit d79dcd8e65
parent c1e2145ba1
4 changed files with 20 additions and 22 deletions
--- a/.chef/config.rb
+++ b/.chef/config.rb
@ -27,7 +27,7 @@ knife[:automatic_attribute_whitelist] = %w[
 ]

 knife[:default_attribute_whitelist] = []
-knife[:normal_attribute_whitelist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd']
+knife[:normal_attribute_whitelist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
 knife[:override_attribute_whitelist] = []

-knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd']
+knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
--- a/site-cookbooks/kosmos_assets/metadata.rb
+++ b/site-cookbooks/kosmos_assets/metadata.rb
@ -7,4 +7,5 @@ long_description 'Configures static asset Web hosting'
 version '1.0.0'
 chef_version '>= 15.10' if respond_to?(:chef_version)

-depends "kosmos-nginx"
+depends "kosmos-base"
+depends "kosmos_openresty"
--- a/site-cookbooks/kosmos_assets/recipes/nginx_site.rb
+++ b/site-cookbooks/kosmos_assets/recipes/nginx_site.rb
@ -1,38 +1,35 @@
 #
 # Cookbook:: kosmos_assets
-# Recipe:: nginx_site
+# Recipe:: openresty_site
 #

-include_recipe "kosmos-nginx"
+include_recipe "kosmos_openresty"

 domain = node["kosmos_assets"]["domain"]

-nginx_certbot_site domain
+tls_cert_for domain do
+  auth "gandi_dns"
+  action :create
+end

 directory "/var/www/#{domain}/site" do
-  user node["nginx"]["user"]
-  group node["nginx"]["group"]
+  user node["openresty"]["user"]
+  group node["openresty"]["group"]
  mode "0755"
+  recursive true
 end

 git "/var/www/#{domain}/site" do
-  user node["nginx"]["user"]
-  group node["nginx"]["group"]
+  user node["openresty"]["user"]
+  group node["openresty"]["group"]
  repository node["kosmos_assets"]["repo"]
  revision node["kosmos_assets"]["revision"]
  action :sync
 end

-template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
-  source "nginx_conf_assets.erb"
-  owner node["nginx"]["user"]
-  mode 0640
+openresty_site domain do
+  template "nginx_conf_assets.erb"
  variables domain: domain,
-            ssl_cert:    "/etc/letsencrypt/live/#{domain}/fullchain.pem",
-            ssl_key:     "/etc/letsencrypt/live/#{domain}/privkey.pem"
-  notifies :reload, "service[nginx]", :delayed
-end
-
-nginx_site domain do
-  action :enable
+            ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
+            ssl_key:  "/etc/letsencrypt/live/#{domain}/privkey.pem"
 end
--- a/site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb
+++ b/site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb
@ -2,7 +2,7 @@
 # Generated by Chef

 server {
-  listen 443 ssl http2;
+  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
  listen [::]:443 ssl http2;
  server_name <%= @domain %>;