Compare commits
1 Commits
Author | SHA1 | Date |
---|---|---|
Basti | 110177145c |
|
@ -0,0 +1,24 @@
|
|||
{
|
||||
"id": "kredits-github",
|
||||
"app_id": {
|
||||
"encrypted_data": "DVvsNFAlZIO1NMmo1dVbA05MYdyJfPG9\n",
|
||||
"iv": "JP4lpX3pFT8l43Hl\n",
|
||||
"auth_tag": "EncRbtgQigRvLIfbMS+IxQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"private_key": {
|
||||
"encrypted_data": "nV2ecoeWtL/TIM9grbsDAVh34gkaE/bJFc7qebUA9fOU40eeC7xMQst9pBZ+\nIfok2Y4Q0+ABQEKTrilfhSAOA+Hck66W2k1oNdCKXRcNb40T0Y01L77nNdzO\n0b6+uzopQ9oe2M5PF283gk8JWWQV9qED4eKpXEyU8prooA26KabXSrnsMESU\nIztULMsHNhUbDPHBRiEA6q/YUKlw8R++Sh9BcOjjeAEK+pueiARDh+yNMfJV\nomZRWfqncLlryDY6g+hbWEy5Oh+uMD8Th7zhbO//5dPOP1T6ZJjzHfhVQw+v\ng8txFD505yCBKiv70K4cHy9dF+ExFzJBcgr42gJ60gzShemZywAxOCDIc2yz\nFSEVwxGlxYRs5PLHhOT+KCaDzE7w5JmHDyMzv0j+IJnUtPPeInUUI9CNw42F\nmXygqGaY2BmJXAqYtCqEeMsZBtXijqu3TY3mmqxudupxethRrXZ9uZ0I3Ohf\nw6BCnqTw/sT3JkBxtNRQeEQvF+2G8ysXyLujkbqAyWiT+fCmS14FhisEOr8H\n6ojfRGb5iHHScG5wTwXn6tr4de9jjVk5Hrth3Rj46ZImMd1lzROPYyIcWFlS\no57Y3nmF6j7pjDBz++nInnpGlzPG+17sG4OSp6t0t93Vwkr8q9WNQjLo0Jqc\nLNaziU1ke3g+ZpKnHhUwJ2sCyVk4xvVD98hx4lhwCPzKghGQhWu6Vo2YfN79\nhSMjNw5N/3WFxdb5EuF4vYWOFitBvogPkAusZjrexlhUmGIS2qf+jlKvo6yD\nIl8CrCYZttj1UnyCuDmftIXTY9/7czBDQgq+vHlT33e7hNLHD7tFDeTEaz0t\nS+/I0+BgEnKv7aQHSSKExg3ZNc86yqfREKNsKxf4O6YiceBP7r/0qqFR6VBH\nIOQpUwK2e6cv70VmmtoEIjIpRZIOScrVVc1w2QlCj7xH9WfdEG9GSft3uHqd\nqbpegChVNuq2tEq7DoAC8ednjzbYdka4bpGJCqF6zm1c48WaL0G6VBLioi/r\nwFhCNi6AOEYkX0v3wovxME1aodfzBiu1Q6nEuzflZthr+1zERZXXaXY59VZ8\nqzWnLd5Xd/SxvvODY67fdykP90Kn94Xf+6XD9r72ch3S3ZqoWi66YFyqZ5Aa\n0LVKK+nCUwlGWjdgzcEcGx5OOyvbqm2VVnwWo2HuVk/iTzkrppF9y5nvFWUc\n6FfDdGWytkmzRH3KBZ9GKqgrIrswUmsSoIHESugVouJ+QfbFZZLLQS/0p4wH\nPFT8H8GSUvg8CEbap4JRW3R/+yspqSXipfIH5TrKr6NkyggWSE7EMNYq41eU\nuFWtwqX/z8x0SVVo+thAXkgg7KcZrZ9W4LdSGnfrx90QGZ0/K9Xs27pPY8R1\nSUNpaUc3S4Vxt28ualRBksuiIXT9AJGPGQf5UOgpOzBmDFw0GSjZdzz33tLL\n49Ymktapc6mC1FCxkJO3e+pI/I34+FcD9oiVea5v0Gg1cuuZInGJBYrq0PBE\nTaz0w2e8X/eQ2fVnQlUgmHlPcOugtoK8sLEO2+HDyBmIx9ypCfqFo6tu+MHG\nZTRp1GFmifYKUMnGvyxgo7mMFuSJtzgF/UR4PddbfX9yFAxPUTzM2Ba4s9um\nBZXKQoQB/dS9wXhmZVme9Yjq/D1d8w3wosSOcDV3apNerDxegbFqt8ugYbtQ\nmy35aHCXU560Xi1uyWBggRXsoWSsb3RZhNbTz6vsvsly9kj6pSUtxbAiwvwI\nrZuGwvNUgYHdXaHdQAqyCAiIF3KJfQGTyk2di26BZ3K8eTnP3tKbTT157Adf\nOt4e+sHhfmacjmXN9FFuOlLddOk45Y7YSRDwGgqS3NqTSo21GAPBSDqfwqkr\neG76OKxoijCMYeJQ6h0lqh8lXYO5h376BdbUMvZfiy8PzkfbCZ9j45b/jHQD\n8CSWz+T8LmQM4Mg69MZn3zAYOSrPQj9DMbwuQshqe19qRlrexRRemWATvkSO\nYchQJ2891WGn7WZ2vrd9VpEdiXdC6JmCpDfoBBJ3JcaknTrNx7VBPc/48rli\nIlso0fzzxTGIrJjFbYL38Br20/qZcXzOO+YJXuHY+n5vuZ2870yPck4r1vUX\n6HSRALY768YGSLNWwfg9sDfbOcpfxKrnrNJxF5Nz7cGN63CKm1e6GZG+vSX+\nNBkumwPGyUWtLJO+JE8l6yivOZeq01W+XOjSh8NzrQJ3Tt2XVhuqWy+ruXS0\nA9O2/tdI2pu0ed63TVaWL/ULYrfXtHtCOYyjc5ulIwX7+L9LXU2I9zmycp0u\n3eR50MpHBgGSCyk=\n",
|
||||
"iv": "IlCQ6yNhvGFeTJlP\n",
|
||||
"auth_tag": "bItEhCOGVHB2HMzWKuyExg==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"webhook_secret": {
|
||||
"encrypted_data": "5aUw9uwoX7BmUXCXLjJ82VtEOAAaneldYMUnv2XJqL+XUNokmdf/tQwTjI7R\n8Ov1+sXCp2R073apPUk=\n",
|
||||
"iv": "6VeynEodre6uhBE7\n",
|
||||
"auth_tag": "kRGFN3q+N0NKPwoLRrtgtw==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"run_list": [
|
||||
"role[base]",
|
||||
"kredits-github"
|
||||
],
|
||||
"automatic": {
|
||||
"ipaddress": "barnard.kosmos.org"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,6 @@
|
|||
kredits-github CHANGELOG
|
||||
========================
|
||||
|
||||
0.1.0
|
||||
-----
|
||||
- [Râu Cao] - Initial release of kredits-github
|
|
@ -0,0 +1,20 @@
|
|||
Copyright (c) 2019 Kosmos Developers
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
"Software"), to deal in the Software without restriction, including
|
||||
without limitation the rights to use, copy, modify, merge, publish,
|
||||
distribute, sublicense, and/or sell copies of the Software, and to
|
||||
permit persons to whom the Software is furnished to do so, subject to
|
||||
the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be
|
||||
included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
@ -0,0 +1,31 @@
|
|||
kredits-github Cookbook
|
||||
=======================
|
||||
|
||||
This cookbook installs [kredits-github](https://github.com/67P/kredits-github).
|
||||
|
||||
Attributes
|
||||
----------
|
||||
|
||||
#### kredits-github::default
|
||||
<table>
|
||||
<tr>
|
||||
<th>Key</th>
|
||||
<th>Type</th>
|
||||
<th>Description</th>
|
||||
<th>Default</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><tt>['sockethub']['port']</tt></td>
|
||||
<td>Integer</td>
|
||||
<td>The local port to run sockethub on</td>
|
||||
<td><tt>10551</tt></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><tt>['sockethub']['external_port']</tt></td>
|
||||
<td>Integer</td>
|
||||
<td>The external port to run sockethub on. This will also open the port on the firewall</td>
|
||||
<td><tt>10550</tt></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
Right now the nginx vhost is hardcoded: sockethub.kosmos.org
|
|
@ -0,0 +1,3 @@
|
|||
node.default['kredits-github']['port'] = '3000'
|
||||
node.default['kredits-github']['revision'] = 'master'
|
||||
node.default['kredits-github']['domain'] = 'kredits-github.kosmos.org'
|
|
@ -0,0 +1,12 @@
|
|||
name 'kredits-github'
|
||||
maintainer 'Kosmos'
|
||||
maintainer_email 'mail@kosmos.org'
|
||||
license 'MIT'
|
||||
description 'Installs/Configures kredits-github'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version '0.1.0'
|
||||
|
||||
depends 'application_javascript'
|
||||
depends 'kosmos-nodejs'
|
||||
depends 'kosmos-nginx'
|
||||
depends 'firewall'
|
|
@ -0,0 +1,96 @@
|
|||
#
|
||||
# Cookbook Name:: sockethub
|
||||
# Recipe:: default
|
||||
#
|
||||
# The MIT License (MIT)
|
||||
#
|
||||
# Copyright:: 2019, Kosmos Developers
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
|
||||
include_recipe 'kosmos-nodejs'
|
||||
include_recipe 'kredits-github::nginx'
|
||||
|
||||
app_name = "kredits-github"
|
||||
deploy_user = "deploy"
|
||||
deploy_group = "deploy"
|
||||
credentials = Chef::EncryptedDataBagItem.load('credentials', app_name)
|
||||
|
||||
group deploy_group
|
||||
|
||||
user deploy_user do
|
||||
group deploy_group
|
||||
manage_home true
|
||||
shell "/bin/bash"
|
||||
comment "deploy user"
|
||||
end
|
||||
|
||||
path_to_deploy = "/opt/#{app_name}"
|
||||
application path_to_deploy do
|
||||
owner deploy_user
|
||||
group deploy_group
|
||||
|
||||
git do
|
||||
user deploy_user
|
||||
group deploy_group
|
||||
repository "https://github.com/67P/#{app_name}.git"
|
||||
revision node[app_name]['revision']
|
||||
end
|
||||
|
||||
npm_install do
|
||||
user deploy_user
|
||||
end
|
||||
|
||||
execute "systemctl daemon-reload" do
|
||||
command "systemctl daemon-reload"
|
||||
action :nothing
|
||||
end
|
||||
|
||||
file "#{path_to_deploy}/github_app_key.pem" do
|
||||
content credentials['private_key']
|
||||
owner deploy_user
|
||||
group deploy_group
|
||||
mode '0440'
|
||||
end
|
||||
|
||||
template "/lib/systemd/system/#{app_name}.service" do
|
||||
source 'nodejs.systemd.service.erb'
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '0644'
|
||||
variables(
|
||||
user: deploy_user,
|
||||
group: deploy_group,
|
||||
app_dir: path_to_deploy,
|
||||
entry: "/usr/bin/node /usr/bin/npm start",
|
||||
environment: {
|
||||
'LOG_LEVEL' => "debug",
|
||||
'APP_ID' => credentials['app_id'],
|
||||
'PRIVATE_KEY_PATH' => "#{path_to_deploy}/github_app_key.pem",
|
||||
'WEBHOOK_SECRET' => credentials['webhook_secret'],
|
||||
}
|
||||
)
|
||||
notifies :run, "execute[systemctl daemon-reload]", :delayed
|
||||
notifies :restart, "service[#{app_name}]", :delayed
|
||||
end
|
||||
|
||||
service app_name do
|
||||
action [:enable, :start]
|
||||
end
|
||||
end
|
|
@ -0,0 +1,46 @@
|
|||
#
|
||||
# Cookbook Name:: kredits-github
|
||||
# Recipe:: nginx
|
||||
#
|
||||
# The MIT License (MIT)
|
||||
#
|
||||
# Copyright:: 2019, Kosmos Developers
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
|
||||
include_recipe 'kosmos-nginx'
|
||||
server_name = node['kredits-github']['domain']
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
|
||||
source 'nginx_conf.erb'
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables app_name: "kredits-github",
|
||||
nodejs_port: node['kredits-github']['port'],
|
||||
server_name: server_name,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{server_name}/privkey.pem"
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site server_name do
|
||||
action :enable
|
||||
end
|
||||
|
||||
nginx_certbot_site server_name
|
|
@ -0,0 +1,26 @@
|
|||
# Generated by Chef
|
||||
upstream _<%= @app_name %> {
|
||||
server localhost:<%= @nodejs_port %>;
|
||||
}
|
||||
|
||||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
add_header Strict-Transport-Security "max-age=15768000";
|
||||
|
||||
server_name <%= @server_name %>;
|
||||
|
||||
access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log json;
|
||||
error_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.error.log warn;
|
||||
|
||||
gzip on;
|
||||
|
||||
location / {
|
||||
proxy_buffers 1024 8k; # Increase number of buffers. Default is 8
|
||||
proxy_pass http://_<%= @app_name %>;
|
||||
}
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
}
|
||||
<% end -%>
|
|
@ -0,0 +1,17 @@
|
|||
[Unit]
|
||||
Description=Start nodejs app
|
||||
Requires=nginx.service
|
||||
After=nginx.service
|
||||
|
||||
[Service]
|
||||
ExecStart=<%= @entry %>
|
||||
WorkingDirectory=<%= @app_dir %>
|
||||
User=<%= @user %>
|
||||
Group=<%= @group %>
|
||||
<% unless @environment.empty? -%>
|
||||
Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %>
|
||||
<% end -%>
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue