kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 28 Pull Requests 3 Projects 2 Activity

Deploy kosmos assets with Openresty

Browse Source
This commit is contained in:
Greg Karékinian 2023-07-12 20:36:12 +02:00
parent c1e2145ba1
commit d79dcd8e65
4 changed files with 20 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.chef/config.rb
View File

@ -27,7 +27,7 @@ knife[:automatic_attribute_whitelist] = %w[
] ]
knife[:default_attribute_whitelist] = [] knife[:default_attribute_whitelist] = []
knife[:normal_attribute_whitelist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd'] knife[:normal_attribute_whitelist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
knife[:override_attribute_whitelist] = [] knife[:override_attribute_whitelist] = []
knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd'] knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']

3
site-cookbooks/kosmos_assets/metadata.rb
View File

@ -7,4 +7,5 @@ long_description 'Configures static asset Web hosting'
version '1.0.0' version '1.0.0'
chef_version '>= 15.10' if respond_to?(:chef_version) chef_version '>= 15.10' if respond_to?(:chef_version)
depends "kosmos-nginx" depends "kosmos-base"
depends "kosmos_openresty"

33
site-cookbooks/kosmos_assets/recipes/nginx_site.rb
View File

@ -1,38 +1,35 @@
# #
# Cookbook:: kosmos_assets # Cookbook:: kosmos_assets
# Recipe:: nginx_site # Recipe:: openresty_site
# #
include_recipe "kosmos-nginx" include_recipe "kosmos_openresty"
domain = node["kosmos_assets"]["domain"] domain = node["kosmos_assets"]["domain"]
nginx_certbot_site domain tls_cert_for domain do
auth "gandi_dns"
action :create
end
directory "/var/www/#{domain}/site" do directory "/var/www/#{domain}/site" do
user node["nginx"]["user"] user node["openresty"]["user"]
group node["nginx"]["group"] group node["openresty"]["group"]
mode "0755" mode "0755"
recursive true
end end
git "/var/www/#{domain}/site" do git "/var/www/#{domain}/site" do
user node["nginx"]["user"] user node["openresty"]["user"]
group node["nginx"]["group"] group node["openresty"]["group"]
repository node["kosmos_assets"]["repo"] repository node["kosmos_assets"]["repo"]
revision node["kosmos_assets"]["revision"] revision node["kosmos_assets"]["revision"]
action :sync action :sync
end end
template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do openresty_site domain do
source "nginx_conf_assets.erb" template "nginx_conf_assets.erb"
owner node["nginx"]["user"]
mode 0640
variables domain: domain, variables domain: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem" ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
notifies :reload, "service[nginx]", :delayed
end
nginx_site domain do
action :enable
end end

2
site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb
View File

@ -2,7 +2,7 @@
# Generated by Chef # Generated by Chef
server { server {
listen 443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name <%= @domain %>; server_name <%= @domain %>;