Add nginx site for hal8000_xmpp

site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb

@@ -38,6 +38,15 @@ include_recipe "kosmos-hubot::_user"
 # Needed for hubot-kredits
 include_recipe "kosmos-ipfs"
 
+unless node.chef_environment == "development"
+  include_recipe 'firewall'
+  firewall_rule 'ipfs_swarm_p2p' do
+    port     4001
+    protocol :tcp
+    command  :allow
+  end
+end
+
 application app_path do
   data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
 
@@ -119,18 +128,27 @@ application app_path do
   end
 end
 
+#
+# Nginx reverse proxy
+#
 unless node.chef_environment == "development"
-  include_recipe 'firewall'
+  include_recipe "kosmos-base::letsencrypt"
+  include_recipe "kosmos-nginx"
 
-  firewall_rule "hubot_express_#{app_name}" do
+  template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
-    port     node[app_name]['http_port']
+    source 'nginx_conf_hubot.erb'
-    protocol :tcp
+    owner node["nginx"]["user"]
-    command  :allow
+    mode 0640
+    variables express_port: node[app_name]['http_port'],
+              server_name:  node[app_name]['domain'],
+              ssl_cert:     "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
+              ssl_key:      "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
+    notifies :reload, 'service[nginx]', :delayed
   end
 
-  firewall_rule 'ipfs_swarm_p2p' do
+  nginx_site node[app_name]['domain'] do
-    port     4001
+    action :enable
-    protocol :tcp
-    command  :allow
   end
+
+  nginx_certbot_site node[app_name]['domain']
 end