# # Cookbook Name:: 5apps-hubot # Recipe:: xmpp_schlupp # # Copyright 2016, Kosmos # # All rights reserved - Do Not Redistribute # express_port = 8083 express_domain = "hubot.5apps.com" unless node.chef_environment == "development" include_recipe "firewall" firewall_rule 'hubot_express_schlupp_xmpp' do port express_port protocol :tcp command :allow end end group "hubot" do gid 48268 end user "hubot" do system true manage_home true comment "hubot user" uid 48268 gid 48268 shell "/bin/bash" end schlupp_xmpp_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', '5apps_schlupp_xmpp') schlupp_xmpp_path = "/opt/schlupp_xmpp" application schlupp_xmpp_path do owner "hubot" group "hubot" git do user "hubot" group "hubot" repository "git@gitlab.com:5apps/schlupp.git" revision "master" deploy_key schlupp_xmpp_data_bag_item['deploy_key'] end file "external-scripts.json" do mode "0640" owner "hubot" group "hubot" content [ "hubot-auth", "hubot-help", "hubot-redis-brain", "hubot-rules", "hubot-shipit", "hubot-plusplus", "hubot-tell", "hubot-seen", "hubot-rss-reader", "hubot-incoming-webhook", "hubot-yubikey-invalidation", ].to_json end npm_install do user "hubot" end execute "systemctl daemon-reload" do command "systemctl daemon-reload" action :nothing end template "/lib/systemd/system/schlupp_xmpp_nodejs.service" do source 'nodejs.systemd.service.erb' owner 'root' group 'root' mode '0644' variables( user: "hubot", group: "hubot", app_dir: schlupp_xmpp_path, entry: "#{schlupp_xmpp_path}/bin/hubot -a xmpp --name schlupp", environment: { "HUBOT_XMPP_USERNAME" => "schlupp@5apps.com/hubot", "HUBOT_XMPP_PASSWORD" => schlupp_xmpp_data_bag_item['password'], "HUBOT_XMPP_ROOMS" => "5info@muc.5apps.com,5ops@muc.5apps.com,core@muc.5apps.com,deploy@muc.5apps.com,storage@muc.5apps.com,watercooler@muc.5apps.com,hilti@muc.5apps.com,test@muc.5apps.com,gymapp@muc.5apps.com,solarisbank@muc.5apps.com", "HUBOT_XMPP_HOST" => "xmpp.5apps.com", "HUBOT_RSS_PRINTSUMMARY" => "false", "EXPRESS_PORT" => express_port, "HUBOT_RSS_HEADER" => "Update:", "HUBOT_AUTH_ADMIN" => "basti,garret,greg", "REDIS_URL" => "redis://localhost:6379/5apps_schlupp_xmpp", "WEBHOOK_TOKEN" => schlupp_xmpp_data_bag_item['webhook_token'], "AIRTABLE_API_KEY" => schlupp_xmpp_data_bag_item['airtable_api_key'], "GITHUB_TOKEN" => schlupp_xmpp_data_bag_item['github_token'], "AWS_ACCESS_KEY_ID" => schlupp_xmpp_data_bag_item['aws_access_key_id'], "AWS_SECRET_ACCESS_KEY" => schlupp_xmpp_data_bag_item['aws_secret_access_key'] } ) notifies :run, "execute[systemctl daemon-reload]", :delayed notifies :restart, "service[schlupp_xmpp_nodejs]", :delayed end service "schlupp_xmpp_nodejs" do action [:enable, :start] end end # # Nginx reverse proxy # unless node.chef_environment == "development" include_recipe "kosmos-base::letsencrypt" end include_recipe 'kosmos-nginx' directory "/var/www/#{express_domain}/.well-known/acme-challenge" do owner node["nginx"]["user"] group node["nginx"]["group"] recursive true action :create end template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do source 'nginx_conf_hubot.erb' owner node["nginx"]["user"] mode 0640 variables express_port: express_port, server_name: express_domain, ssl_cert: "/etc/letsencrypt/live/#{express_domain}/fullchain.pem", ssl_key: "/etc/letsencrypt/live/#{express_domain}/privkey.pem" notifies :reload, 'service[nginx]', :delayed end nginx_site express_domain do enable true end unless node.chef_environment == "development" execute "letsencrypt cert for #{express_domain}" do command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n" cwd "/usr/local/certbot" not_if { File.exist? "/etc/letsencrypt/live/#{express_domain}/fullchain.pem" } notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{express_domain}]", :immediately end end