From ee0a587dad0f15bad78ccc0e491318e38f9db2cd Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Mon, 13 Sep 2021 18:21:46 +0200 Subject: [PATCH] Upgrade botka, deploy for Libera.Chat to nodejs-2 Note: Temporarily disables wormhole, because it's still on Freenode, where its credentials have been deleted by the new "management". --- data_bags/credentials/botka_freenode.json | 38 ------ .../credentials/botka_irc-libera-chat.json | 38 ++++++ nodes/barnard.kosmos.org.json | 6 +- nodes/nodejs-2.json | 23 ++-- .../kosmos-hubot/attributes/default.rb | 3 +- .../recipes/botka_irc-libera-chat.rb | 120 ++++++++++++++++++ 6 files changed, 170 insertions(+), 58 deletions(-) delete mode 100644 data_bags/credentials/botka_freenode.json create mode 100644 data_bags/credentials/botka_irc-libera-chat.json create mode 100644 site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb diff --git a/data_bags/credentials/botka_freenode.json b/data_bags/credentials/botka_freenode.json deleted file mode 100644 index a72d4ae..0000000 --- a/data_bags/credentials/botka_freenode.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "id": "botka_freenode", - "rs_logger_token": { - "encrypted_data": "X/7BinesOs5sciifP2myTHzRyYA7q7GxHR92wlHKF1EnVD38GrfMxWFIUVsH\nYUjXr+mm\n", - "iv": "XcqCyyfIsqNJiVfX\n", - "auth_tag": "vPjh3was2w7pbDRYerGQFw==\n", - "version": 3, - "cipher": "aes-256-gcm" - }, - "nickserv_password": { - "encrypted_data": "bOr4bTbmGIL6YHAycVQCHX3fDsEgvJPtSKYPDyzbMIqn\n", - "iv": "hEmlqJ91R4Mxeab/\n", - "auth_tag": "o8qf0GBVR23IrPYOANywFw==\n", - "version": 3, - "cipher": "aes-256-gcm" - }, - "gcm_api_key": { - "encrypted_data": "flJe/qcddW54emG29ReJf5BqYyIEmpOK+dKabuZAx5t678Dt1CqLr/UmkeB+\nOcXwezOgr9qj3XHIVQ==\n", - "iv": "fD46RYO1hpk9zb9q\n", - "auth_tag": "ucPDMdVey1QeZmOmYEFiPw==\n", - "version": 3, - "cipher": "aes-256-gcm" - }, - "vapid_public_key": { - "encrypted_data": "RkyN3Sx4Hme2cBJKMSvXxt6b1rW7liqAG/fLSLMi4aeR9EAMMRf6gEdOLJms\n1WSVx4RU2z7oRTvkD0zwmKwOtNNeyRaJ6zUh/eYnPviBdKMrxvLOXPaQam7O\nCLF9QMHpngCumMPQuaWpHg==\n", - "iv": "WPqkc48gE/uJjLB9\n", - "auth_tag": "UxAnYr9jdCy2V/1gnDC/Og==\n", - "version": 3, - "cipher": "aes-256-gcm" - }, - "vapid_private_key": { - "encrypted_data": "2O+ESjSSsw3Z4RgTx4AIA3QGYc+zpRY2j0DyEqF1Rdak3prc7bMKmTHy7MwP\nJXGS08Mye5Pnt6sk45TfhoE=\n", - "iv": "8+PRuHXa73tLd3wf\n", - "auth_tag": "ofPSsKrP7Lgt1qiPcZ8isQ==\n", - "version": 3, - "cipher": "aes-256-gcm" - } -} \ No newline at end of file diff --git a/data_bags/credentials/botka_irc-libera-chat.json b/data_bags/credentials/botka_irc-libera-chat.json new file mode 100644 index 0000000..96547eb --- /dev/null +++ b/data_bags/credentials/botka_irc-libera-chat.json @@ -0,0 +1,38 @@ +{ + "id": "botka_irc-libera-chat", + "rs_logger_token": { + "encrypted_data": "2CYA4uMDMcTA3/TnoUkZ/WoB573oFn5oZk6zJmgc0MwCjYlKxhOTO6JZV5NF\nrQh0b6DS\n", + "iv": "ZDSklJrhSJknQTGJ\n", + "auth_tag": "RZVkeuP7iu1a/HkeIyM9/Q==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "nickserv_password": { + "encrypted_data": "NXPE0ouvPESbBVRDDg362LaHVfeOqo+BEh4PkE5XeA==\n", + "iv": "4iESOnvAyMLF2TNs\n", + "auth_tag": "PiJvYy++dZls1t+goXui2w==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "gcm_api_key": { + "encrypted_data": "QaF+kUTZbx3fK9QXua9QPq0f8ACZbrj+FEvlcMiv9x469OMOxTHfL2+cF6X2\nyK+1zYtl8byiMdLmSQ==\n", + "iv": "whutD4hY4htiEePI\n", + "auth_tag": "EF19h8haFSNHsOM/oVkcRQ==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "vapid_public_key": { + "encrypted_data": "dw1LEyE/hksxM+H0ExgIWXgrhFYzFo/dmps4/ct8mG2Se0ukYJ7OI5uJYI1E\nUaaZ+feqK2nic0GsnkaY++SI4Us+RNGoOu0J67CWooy8KIVdGGmxHx/rOI2L\n9S9zbo+8TE3KYBWrHa2jyw==\n", + "iv": "PaqtzI+RgtL/VeKE\n", + "auth_tag": "BPQcLAEWN4cPlrTylfwD/Q==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "vapid_private_key": { + "encrypted_data": "Czly/hPyXa529rlxe3Ab3ea/Hg53iSW3Mpz1d8Aimuojih9GhWWFytY8YH9T\nwAINhXw7toST5o3LLjQjPkk=\n", + "iv": "XZeA6abV1Fi9Q3wm\n", + "auth_tag": "02zb8q+WDLj+mF+bJRWXxQ==\n", + "version": 3, + "cipher": "aes-256-gcm" + } +} \ No newline at end of file diff --git a/nodes/barnard.kosmos.org.json b/nodes/barnard.kosmos.org.json index c0055b0..9de80d0 100644 --- a/nodes/barnard.kosmos.org.json +++ b/nodes/barnard.kosmos.org.json @@ -97,11 +97,7 @@ "run_list": [ "role[base]", "recipe[kosmos-ipfs]", - "recipe[kosmos-hubot::botka_freenode]", - "recipe[kosmos-hubot::hal8000]", "recipe[kosmos-hubot::hal8000_xmpp]", - "recipe[sockethub]", - "recipe[sockethub::proxy]", "recipe[kosmos-dirsrv]" ] -} \ No newline at end of file +} diff --git a/nodes/nodejs-2.json b/nodes/nodejs-2.json index f470672..241fb7e 100644 --- a/nodes/nodejs-2.json +++ b/nodes/nodejs-2.json @@ -8,7 +8,7 @@ "automatic": { "fqdn": "nodejs-2", "os": "linux", - "os_version": "5.4.0-1031-kvm", + "os_version": "5.4.0-1045-kvm", "hostname": "nodejs-2", "ipaddress": "192.168.122.243", "roles": [ @@ -18,7 +18,7 @@ "recipes": [ "kosmos-base", "kosmos-base::default", - "kosmos-hubot::wormhole", + "kosmos-hubot::botka_irc-libera-chat", "kredits-github", "kredits-github::default", "kredits-github::nginx", @@ -42,9 +42,12 @@ "kosmos-nodejs::default", "nodejs::nodejs_from_package", "nodejs::repo", - "kosmos-hubot::_user", - "git::default", - "git::package", + "kosmos-redis::default", + "redis::server", + "redis::default", + "backup::default", + "logrotate::default", + "kosmos-base::letsencrypt", "kosmos-nginx::default", "nginx::default", "nginx::package", @@ -55,15 +58,9 @@ "nginx::commons_script", "nginx::commons_conf", "kosmos-nginx::firewall", - "kosmos-redis::default", - "redis::server", - "redis::default", - "backup::default", - "logrotate::default", "nodejs::npm", "nodejs::install", - "sockethub::_firewall", - "kosmos-base::letsencrypt" + "sockethub::_firewall" ], "platform": "ubuntu", "platform_version": "20.04", @@ -81,7 +78,7 @@ }, "run_list": [ "recipe[kosmos-base]", - "recipe[kosmos-hubot::wormhole]", + "recipe[kosmos-hubot::botka_irc-libera-chat]", "role[kredits_github]", "role[sockethub]" ] diff --git a/site-cookbooks/kosmos-hubot/attributes/default.rb b/site-cookbooks/kosmos-hubot/attributes/default.rb index 9172f36..250134f 100644 --- a/site-cookbooks/kosmos-hubot/attributes/default.rb +++ b/site-cookbooks/kosmos-hubot/attributes/default.rb @@ -1,7 +1,6 @@ node.default['hal8000']['http_port'] = 8080 -node.default['botka_freenode']['http_port'] = 8081 -node.default['botka_freenode']['domain'] = "freenode.botka.kosmos.org" +node.default['botka_irc-libera-chat']['http_port'] = 8081 node.default['hal8000_xmpp']['http_port'] = 8082 node.default['hal8000_xmpp']['domain'] = "hal8000.chat.kosmos.org" diff --git a/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb b/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb new file mode 100644 index 0000000..1326552 --- /dev/null +++ b/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb @@ -0,0 +1,120 @@ +# +# Cookbook Name:: kosmos-hubot +# Recipe:: botka_irc-libera-chat +# + +app_name = "botka_irc-libera-chat" +app_path = "/opt/#{app_name}" +app_user = "hubot" +app_group = "hubot" +domain = "irc-libera-chat.botka.kosmos.chat" + +build_essential app_name do + compile_time true +end + +include_recipe "kosmos-nodejs" +include_recipe "kosmos-redis" + +application app_path do + data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name) + + owner app_user + group app_group + + git do + user app_user + group app_group + repository "https://gitea.kosmos.org/kosmos/botka.git" + revision "master" + end + + file "#{app_path}/external-scripts.json" do + mode "0640" + owner app_user + group app_group + content [ + "hubot-help", + "hubot-redis-brain", + "hubot-remotestorage-logger", + "hubot-web-push-notifications", + ].to_json + end + + npm_install do + user app_user + end + + execute "systemctl daemon-reload" do + command "systemctl daemon-reload" + action :nothing + end + + template "/lib/systemd/system/#{app_name}.service" do + source 'nodejs.systemd.service.erb' + owner 'root' + group 'root' + mode '0644' + variables( + user: app_user, + group: app_group, + app_dir: app_path, + entry: "#{app_path}/bin/hubot -a irc", + environment: { + "HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info", + "HUBOT_IRC_SERVER" => "irc.libera.chat", + "HUBOT_IRC_ROOMS" => "#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#mastodon", + "HUBOT_IRC_NICK" => "botka", + "HUBOT_IRC_NICKSERV_USERNAME" => "botka", + "HUBOT_IRC_NICKSERV_PASSWORD" => data_bag['nickserv_password'], + "HUBOT_IRC_UNFLOOD" => "100", + "HUBOT_RSS_PRINTSUMMARY" => "false", + "HUBOT_RSS_PRINTERROR" => "false", + "HUBOT_RSS_IRCCOLORS" => "true", + "REDIS_URL" => "redis://localhost:6379/botka", + "EXPRESS_PORT" => node[app_name]['http_port'], + "HUBOT_AUTH_ADMIN" => "bkero,raucao", + "HUBOT_HELP_REPLY_IN_PRIVATE" => "true", + "RS_LOGGER_USER" => "kosmos@5apps.com", + "RS_LOGGER_TOKEN" => data_bag['rs_logger_token'], + "RS_LOGGER_SERVER_NAME" => "freenode", + "RS_LOGGER_PUBLIC" => "true", + "GCM_API_KEY" => data_bag['gcm_api_key'], + "VAPID_SUBJECT" => "https://kosmos.org", + "VAPID_PUBLIC_KEY" => data_bag['vapid_public_key'], + "VAPID_PRIVATE_KEY" => data_bag['vapid_private_key'] + } + ) + notifies :run, "execute[systemctl daemon-reload]", :delayed + notifies :restart, "service[#{app_name}]", :delayed + end + + service app_name do + action [:enable, :start] + end +end + +# +# Nginx reverse proxy +# +unless node.chef_environment == "development" + include_recipe "kosmos-base::letsencrypt" + include_recipe "kosmos-nginx" + + template "#{node['nginx']['dir']}/sites-available/#{domain}" do + source 'nginx_conf_hubot.erb' + owner node["nginx"]["user"] + mode 0640 + variables express_port: node[app_name]['http_port'], + server_name: domain, + ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", + ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem" + notifies :reload, 'service[nginx]', :delayed + end + + nginx_site domain do + action :enable + end + + nginx_certbot_site domain +end