nodes/centaurus.kosmos.org.json

@@ -14,7 +14,8 @@
     "roles": [
       "gitea",
       "postgresql_client",
-      "postgresql_replica"
+      "postgresql_replica",
+      "discourse"
     ],
     "recipes": [
       "kosmos-base",
@@ -25,6 +26,8 @@
       "kosmos_gitea::default",
       "kosmos_gitea::backup",
       "kosmos-postgresql::replica",
+      "kosmos_discourse",
+      "kosmos_discourse::default",
       "apt::default",
       "timezone_iii::default",
       "timezone_iii::debian",
@@ -73,6 +76,7 @@
     "recipe[kosmos-base]",
     "recipe[kosmos_encfs]",
     "role[gitea]",
-    "role[postgresql_replica]"
+    "role[postgresql_replica]",
+    "role[discourse]"
   ]
 }

roles/discourse.rb

@@ -0,0 +1,5 @@
+name "discourse"
+
+run_list %w(
+  kosmos_discourse::default
+)

site-cookbooks/kosmos_discourse/.gitignore

@@ -0,0 +1,22 @@
+.vagrant
+*~
+*#
+.#*
+\#*#
+.*.sw[a-z]
+*.un~
+
+# Bundler
+Gemfile.lock
+gems.locked
+bin/*
+.bundle/*
+
+# test kitchen
+.kitchen/
+kitchen.local.yml
+
+# Chef
+Berksfile.lock
+.zero-knife.rb
+Policyfile.lock.json

site-cookbooks/kosmos_discourse/CHANGELOG.md

@@ -0,0 +1,7 @@
+# kosmos_discourse CHANGELOG
+
+This file is used to list changes made in each version of the kosmos_discourse cookbook.
+
+# 0.1.0
+
+Initial release.

site-cookbooks/kosmos_discourse/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Kosmos Developers
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

site-cookbooks/kosmos_discourse/README.md

@@ -0,0 +1,4 @@
+# kosmos_discourse
+
+TODO: Enter the cookbook description here.
+

site-cookbooks/kosmos_discourse/chefignore

@@ -0,0 +1,110 @@
+# Put files/directories that should be ignored in this file when uploading
+# to a Chef Infra Server or Supermarket.
+# Lines that start with '# ' are comments.
+
+# OS generated files #
+######################
+.DS_Store
+ehthumbs.db
+Icon?
+nohup.out
+Thumbs.db
+
+# SASS #
+########
+.sass-cache
+
+# EDITORS #
+###########
+.#*
+.project
+.settings
+*_flymake
+*_flymake.*
+*.bak
+*.sw[a-z]
+*.tmproj
+*~
+\#*
+mkmf.log
+REVISION
+TAGS*
+tmtags
+
+## COMPILED ##
+##############
+*.class
+*.com
+*.dll
+*.exe
+*.o
+*.pyc
+*.so
+*/rdoc/
+a.out
+
+# Testing #
+###########
+.circleci/*
+.codeclimate.yml
+.foodcritic
+.kitchen*
+.rspec
+.rubocop.yml
+.travis.yml
+.watchr
+azure-pipelines.yml
+examples/*
+features/*
+Guardfile
+kitchen.yml*
+Procfile
+Rakefile
+spec/*
+spec/*
+spec/fixtures/*
+test/*
+
+# SCM #
+#######
+.git
+.gitattributes
+.gitconfig
+.github/*
+.gitignore
+.gitmodules
+.svn
+*/.bzr/*
+*/.git
+*/.hg/*
+*/.svn/*
+
+# Berkshelf #
+#############
+Berksfile
+Berksfile.lock
+cookbooks/*
+tmp
+
+# Bundler #
+###########
+vendor/*
+Gemfile
+Gemfile.lock
+
+# Policyfile #
+##############
+Policyfile.rb
+Policyfile.lock.json
+
+# Cookbooks #
+#############
+CHANGELOG*
+CONTRIBUTING*
+TESTING*
+CODE_OF_CONDUCT*
+
+# Vagrant #
+###########
+.vagrant
+Vagrantfile

site-cookbooks/kosmos_discourse/metadata.rb

@@ -0,0 +1,10 @@
+name 'kosmos_discourse'
+maintainer 'Kosmos Developers'
+maintainer_email 'you@example.com'
+license 'MIT'
+description 'Installs/Configures kosmos_discourse'
+long_description 'Installs/Configures kosmos_discourse'
+version '0.1.0'
+chef_version '>= 14.0'
+
+depends "kosmos-nginx"

site-cookbooks/kosmos_discourse/recipes/default.rb

@@ -0,0 +1,74 @@
+#
+# Cookbook:: kosmos_discourse
+# Recipe:: default
+#
+# The MIT License (MIT)
+#
+# Copyright:: 2020, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+package "docker-compose"
+domain = "community.kosmos.org"
+deploy_path = "/opt/discourse"
+
+repo = "https://github.com/discourse/discourse_docker"
+
+git deploy_path do
+  repository repo
+  revision "master"
+end
+
+systemd_unit "discourse.service" do
+  content({Unit: {
+             Description: "discourse service with docker compose",
+             Requires: "docker.service",
+             After: "docker.service",
+           },
+           Service: {
+             Type: "oneshot",
+             RemainAfterExit: "true",
+             WorkingDirectory: deploy_path,
+             Environment: "SUPERVISED=true",
+             ExecStart: "#{deploy_path}/launcher start app",
+             ExecStop: "#{deploy_path}/launcher stop app",
+           },
+           Install: {
+             WantedBy: "multi-user.target"
+           }})
+  action [:create, :enable]
+end
+
+template "#{node['nginx']['dir']}/sites-available/#{domain}" do
+  source "nginx_conf.erb"
+  owner 'www-data'
+  mode 0640
+  variables server_name:   domain,
+            ssl_cert:      "/etc/letsencrypt/live/#{domain}/fullchain.pem",
+            ssl_key:       "/etc/letsencrypt/live/#{domain}/privkey.pem",
+            upstream_port: 3001
+
+  notifies :reload, 'service[nginx]', :delayed
+end
+
+nginx_site domain do
+  action :enable
+end
+
+nginx_certbot_site domain

site-cookbooks/kosmos_discourse/templates/nginx_conf.erb

@@ -0,0 +1,34 @@
+# Generated by Chef
+upstream _discourse {
+  server   localhost:<%= @upstream_port %>;
+}
+
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+server {
+  server_name <%= @server_name %>;
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  ssl_certificate     <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+
+  add_header Strict-Transport-Security "max-age=31536000";
+
+  # Send real IP to the Docker container
+  set_real_ip_from 127.0.0.1;
+  set_real_ip_from 172.17.0.1;
+  real_ip_header X-Forwarded-For;
+
+  client_max_body_size 20M;
+
+  location / {
+    # Increase number of buffers. Default is 8
+    proxy_buffers 1024 8k;
+
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    proxy_pass http://_discourse;
+    proxy_http_version 1.1;
+  }
+}
+<% end -%>