nodes/centaurus.kosmos.org.json

@@ -30,6 +30,7 @@
       "kosmos_discourse::default",
       "kosmos_drone",
       "kosmos_drone::default",
+      "kosmos_assets::nginx_site",
       "kosmos_kvm::host",
       "kosmos-ejabberd::firewall",
       "kosmos_zerotier::firewall",
@@ -81,6 +82,7 @@
     "role[gitea]",
     "role[discourse]",
     "role[drone]",
+    "recipe[kosmos_assets::nginx_site]",
     "recipe[kosmos_kvm::host]",
     "recipe[kosmos-ejabberd::firewall]",
     "recipe[kosmos_zerotier::firewall]"

site-cookbooks/kosmos-nginx/recipes/with_perl.rb

@@ -1,3 +1,8 @@
+#
+# Cookbook Name:: kosmos-nginx
+# Recipe:: with_perl
+#
+
 node.override['nginx']['default_site_enabled'] = false
 node.override['nginx']['server_tokens']        = 'off'
 

site-cookbooks/kosmos_assets/attributes/default.rb

@@ -0,0 +1,3 @@
+node.default["kosmos_assets"]["domain"] = "assets.kosmos.org"
+node.default["kosmos_assets"]["repo"] = "https://gitea.kosmos.org/kosmos/assets.kosmos.org.git"
+node.default["kosmos_assets"]["revision"] = "master"

site-cookbooks/kosmos_assets/metadata.rb

@@ -0,0 +1,10 @@
+name 'kosmos_assets'
+maintainer 'Kosmos'
+maintainer_email 'ops@kosmos.org'
+license 'MIT'
+description 'Configures static asset Web hosting'
+long_description 'Configures static asset Web hosting'
+version '1.0.0'
+chef_version '>= 15.10' if respond_to?(:chef_version)
+
+depends "kosmos-nginx"

site-cookbooks/kosmos_assets/recipes/nginx_site.rb

@@ -0,0 +1,38 @@
+#
+# Cookbook:: kosmos_assets
+# Recipe:: nginx_site
+#
+
+include_recipe "kosmos-nginx"
+
+domain = node["kosmos_assets"]["domain"]
+
+nginx_certbot_site domain
+
+directory "/var/www/#{domain}/site" do
+  user node["nginx"]["user"]
+  group node["nginx"]["group"]
+  mode "0755"
+end
+
+git "/var/www/#{domain}/site" do
+  user node["nginx"]["user"]
+  group node["nginx"]["group"]
+  repository node["kosmos_assets"]["repo"]
+  revision node["kosmos_assets"]["revision"]
+  action :sync
+end
+
+template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
+  source "nginx_conf_assets.erb"
+  owner node["nginx"]["user"]
+  mode 0640
+  variables domain: domain,
+            ssl_cert:    "/etc/letsencrypt/live/#{domain}/fullchain.pem",
+            ssl_key:     "/etc/letsencrypt/live/#{domain}/privkey.pem"
+  notifies :reload, "service[nginx]", :delayed
+end
+
+nginx_site domain do
+  action :enable
+end

site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb

@@ -0,0 +1,25 @@
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+# Generated by Chef
+
+server {
+  listen 443 ssl http2;
+  server_name <%= @domain %>;
+
+  root /var/www/<%= @domain %>/site;
+
+  access_log off;
+  gzip_static on;
+  gzip_comp_level 5;
+
+  location ~* .(css)$ {
+    expires 1d;
+  }
+
+  location ~* .(woff|woff2)$ {
+    expires max;
+  }
+
+  ssl_certificate     <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+}
+<% end -%>