#
# Cookbook Name:: sockethub
# Recipe:: proxy
#
# Copyright 2015, Kosmos
#
# All rights reserved - Do Not Redistribute
#

firewall_rule 'sockethub' do
  port     node['sockethub']['external_port'].to_i
  protocol :tcp
  command  :allow
end

include_recipe 'kosmos-nginx'

data_bag_item = Chef::EncryptedDataBagItem.load('certificates', 'wildcard_kosmos_org')

ssl_cert_path = "/etc/ssl/private/wildcard.kosmos.org.crt"
file ssl_cert_path do
  content   data_bag_item['ssl_cert']
  mode      0600
  owner     'www-data'
  sensitive true
end

ssl_key_path = "/etc/ssl/private/wildcard.kosmos.org.key"
file ssl_key_path do
  content   data_bag_item['ssl_key']
  mode      0600
  owner     'www-data'
  sensitive true
end

template "#{node['nginx']['dir']}/sites-available/sockethub" do
  source 'nginx_conf_sockethub.erb'
  owner 'www-data'
  mode 0640
  variables sockethub_port:          node['sockethub']['port'],
            sockethub_external_port: node['sockethub']['external_port'],
            server_name:             'sockethub.kosmos.org',
            ssl_cert:                ssl_cert_path,
            ssl_key:                 ssl_key_path
  notifies :reload, 'service[nginx]', :delayed
end

nginx_site 'sockethub' do
  enable true
end