Merge pull request 'Configure/deploy botka for libera.chat on nodejs-2 VM' (#341) from feature/upgrade_and_move_botka_irc into master

Reviewed-on: #341
This commit is contained in:
Greg 2021-09-21 15:52:23 +00:00
commit fc70895d9c
6 changed files with 170 additions and 58 deletions

View File

@ -1,38 +0,0 @@
{
"id": "botka_freenode",
"rs_logger_token": {
"encrypted_data": "X/7BinesOs5sciifP2myTHzRyYA7q7GxHR92wlHKF1EnVD38GrfMxWFIUVsH\nYUjXr+mm\n",
"iv": "XcqCyyfIsqNJiVfX\n",
"auth_tag": "vPjh3was2w7pbDRYerGQFw==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"nickserv_password": {
"encrypted_data": "bOr4bTbmGIL6YHAycVQCHX3fDsEgvJPtSKYPDyzbMIqn\n",
"iv": "hEmlqJ91R4Mxeab/\n",
"auth_tag": "o8qf0GBVR23IrPYOANywFw==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"gcm_api_key": {
"encrypted_data": "flJe/qcddW54emG29ReJf5BqYyIEmpOK+dKabuZAx5t678Dt1CqLr/UmkeB+\nOcXwezOgr9qj3XHIVQ==\n",
"iv": "fD46RYO1hpk9zb9q\n",
"auth_tag": "ucPDMdVey1QeZmOmYEFiPw==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"vapid_public_key": {
"encrypted_data": "RkyN3Sx4Hme2cBJKMSvXxt6b1rW7liqAG/fLSLMi4aeR9EAMMRf6gEdOLJms\n1WSVx4RU2z7oRTvkD0zwmKwOtNNeyRaJ6zUh/eYnPviBdKMrxvLOXPaQam7O\nCLF9QMHpngCumMPQuaWpHg==\n",
"iv": "WPqkc48gE/uJjLB9\n",
"auth_tag": "UxAnYr9jdCy2V/1gnDC/Og==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"vapid_private_key": {
"encrypted_data": "2O+ESjSSsw3Z4RgTx4AIA3QGYc+zpRY2j0DyEqF1Rdak3prc7bMKmTHy7MwP\nJXGS08Mye5Pnt6sk45TfhoE=\n",
"iv": "8+PRuHXa73tLd3wf\n",
"auth_tag": "ofPSsKrP7Lgt1qiPcZ8isQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}

View File

@ -0,0 +1,38 @@
{
"id": "botka_irc-libera-chat",
"rs_logger_token": {
"encrypted_data": "2CYA4uMDMcTA3/TnoUkZ/WoB573oFn5oZk6zJmgc0MwCjYlKxhOTO6JZV5NF\nrQh0b6DS\n",
"iv": "ZDSklJrhSJknQTGJ\n",
"auth_tag": "RZVkeuP7iu1a/HkeIyM9/Q==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"nickserv_password": {
"encrypted_data": "NXPE0ouvPESbBVRDDg362LaHVfeOqo+BEh4PkE5XeA==\n",
"iv": "4iESOnvAyMLF2TNs\n",
"auth_tag": "PiJvYy++dZls1t+goXui2w==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"gcm_api_key": {
"encrypted_data": "QaF+kUTZbx3fK9QXua9QPq0f8ACZbrj+FEvlcMiv9x469OMOxTHfL2+cF6X2\nyK+1zYtl8byiMdLmSQ==\n",
"iv": "whutD4hY4htiEePI\n",
"auth_tag": "EF19h8haFSNHsOM/oVkcRQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"vapid_public_key": {
"encrypted_data": "dw1LEyE/hksxM+H0ExgIWXgrhFYzFo/dmps4/ct8mG2Se0ukYJ7OI5uJYI1E\nUaaZ+feqK2nic0GsnkaY++SI4Us+RNGoOu0J67CWooy8KIVdGGmxHx/rOI2L\n9S9zbo+8TE3KYBWrHa2jyw==\n",
"iv": "PaqtzI+RgtL/VeKE\n",
"auth_tag": "BPQcLAEWN4cPlrTylfwD/Q==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"vapid_private_key": {
"encrypted_data": "Czly/hPyXa529rlxe3Ab3ea/Hg53iSW3Mpz1d8Aimuojih9GhWWFytY8YH9T\nwAINhXw7toST5o3LLjQjPkk=\n",
"iv": "XZeA6abV1Fi9Q3wm\n",
"auth_tag": "02zb8q+WDLj+mF+bJRWXxQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}

View File

@ -97,11 +97,7 @@
"run_list": [
"role[base]",
"recipe[kosmos-ipfs]",
"recipe[kosmos-hubot::botka_freenode]",
"recipe[kosmos-hubot::hal8000]",
"recipe[kosmos-hubot::hal8000_xmpp]",
"recipe[sockethub]",
"recipe[sockethub::proxy]",
"recipe[kosmos-dirsrv]"
]
}
}

View File

@ -8,7 +8,7 @@
"automatic": {
"fqdn": "nodejs-2",
"os": "linux",
"os_version": "5.4.0-1031-kvm",
"os_version": "5.4.0-1045-kvm",
"hostname": "nodejs-2",
"ipaddress": "192.168.122.243",
"roles": [
@ -18,7 +18,7 @@
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos-hubot::wormhole",
"kosmos-hubot::botka_irc-libera-chat",
"kredits-github",
"kredits-github::default",
"kredits-github::nginx",
@ -42,9 +42,12 @@
"kosmos-nodejs::default",
"nodejs::nodejs_from_package",
"nodejs::repo",
"kosmos-hubot::_user",
"git::default",
"git::package",
"kosmos-redis::default",
"redis::server",
"redis::default",
"backup::default",
"logrotate::default",
"kosmos-base::letsencrypt",
"kosmos-nginx::default",
"nginx::default",
"nginx::package",
@ -55,15 +58,9 @@
"nginx::commons_script",
"nginx::commons_conf",
"kosmos-nginx::firewall",
"kosmos-redis::default",
"redis::server",
"redis::default",
"backup::default",
"logrotate::default",
"nodejs::npm",
"nodejs::install",
"sockethub::_firewall",
"kosmos-base::letsencrypt"
"sockethub::_firewall"
],
"platform": "ubuntu",
"platform_version": "20.04",
@ -81,7 +78,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"recipe[kosmos-hubot::wormhole]",
"recipe[kosmos-hubot::botka_irc-libera-chat]",
"role[kredits_github]",
"role[sockethub]"
]

View File

@ -1,7 +1,6 @@
node.default['hal8000']['http_port'] = 8080
node.default['botka_freenode']['http_port'] = 8081
node.default['botka_freenode']['domain'] = "freenode.botka.kosmos.org"
node.default['botka_irc-libera-chat']['http_port'] = 8081
node.default['hal8000_xmpp']['http_port'] = 8082
node.default['hal8000_xmpp']['domain'] = "hal8000.chat.kosmos.org"

View File

@ -0,0 +1,120 @@
#
# Cookbook Name:: kosmos-hubot
# Recipe:: botka_irc-libera-chat
#
app_name = "botka_irc-libera-chat"
app_path = "/opt/#{app_name}"
app_user = "hubot"
app_group = "hubot"
domain = "irc-libera-chat.botka.kosmos.chat"
build_essential app_name do
compile_time true
end
include_recipe "kosmos-nodejs"
include_recipe "kosmos-redis"
application app_path do
data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
owner app_user
group app_group
git do
user app_user
group app_group
repository "https://gitea.kosmos.org/kosmos/botka.git"
revision "master"
end
file "#{app_path}/external-scripts.json" do
mode "0640"
owner app_user
group app_group
content [
"hubot-help",
"hubot-redis-brain",
"hubot-remotestorage-logger",
"hubot-web-push-notifications",
].to_json
end
npm_install do
user app_user
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
template "/lib/systemd/system/#{app_name}.service" do
source 'nodejs.systemd.service.erb'
owner 'root'
group 'root'
mode '0644'
variables(
user: app_user,
group: app_group,
app_dir: app_path,
entry: "#{app_path}/bin/hubot -a irc",
environment: {
"HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info",
"HUBOT_IRC_SERVER" => "irc.libera.chat",
"HUBOT_IRC_ROOMS" => "#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#mastodon",
"HUBOT_IRC_NICK" => "botka",
"HUBOT_IRC_NICKSERV_USERNAME" => "botka",
"HUBOT_IRC_NICKSERV_PASSWORD" => data_bag['nickserv_password'],
"HUBOT_IRC_UNFLOOD" => "100",
"HUBOT_RSS_PRINTSUMMARY" => "false",
"HUBOT_RSS_PRINTERROR" => "false",
"HUBOT_RSS_IRCCOLORS" => "true",
"REDIS_URL" => "redis://localhost:6379/botka",
"EXPRESS_PORT" => node[app_name]['http_port'],
"HUBOT_AUTH_ADMIN" => "bkero,raucao",
"HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
"RS_LOGGER_USER" => "kosmos@5apps.com",
"RS_LOGGER_TOKEN" => data_bag['rs_logger_token'],
"RS_LOGGER_SERVER_NAME" => "freenode",
"RS_LOGGER_PUBLIC" => "true",
"GCM_API_KEY" => data_bag['gcm_api_key'],
"VAPID_SUBJECT" => "https://kosmos.org",
"VAPID_PUBLIC_KEY" => data_bag['vapid_public_key'],
"VAPID_PRIVATE_KEY" => data_bag['vapid_private_key']
}
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[#{app_name}]", :delayed
end
service app_name do
action [:enable, :start]
end
end
#
# Nginx reverse proxy
#
unless node.chef_environment == "development"
include_recipe "kosmos-base::letsencrypt"
include_recipe "kosmos-nginx"
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
source 'nginx_conf_hubot.erb'
owner node["nginx"]["user"]
mode 0640
variables express_port: node[app_name]['http_port'],
server_name: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site domain do
action :enable
end
nginx_certbot_site domain
end