# # Cookbook Name:: kosmos-hubot # Recipe:: botka_freenode # # Copyright 2017-2018, Kosmos # include_recipe "kosmos-nodejs" include_recipe "kosmos-redis" botka_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'botka_freenode') botka_freenode_path = "/opt/botka_freenode" application botka_freenode_path do owner "hubot" group "hubot" git do user "hubot" group "hubot" repository "https://github.com/67P/botka.git" revision "master" end file "#{name}/external-scripts.json" do mode "0640" owner "hubot" group "hubot" content [ "hubot-help", "hubot-redis-brain", "hubot-remotestorage-logger", "hubot-web-push-notifications", ].to_json end npm_install do user "hubot" end execute "systemctl daemon-reload" do command "systemctl daemon-reload" action :nothing end template "/lib/systemd/system/botka_freenode_nodejs.service" do source 'nodejs.systemd.service.erb' owner 'root' group 'root' mode '0644' variables( user: "hubot", group: "hubot", app_dir: botka_freenode_path, entry: "#{botka_freenode_path}/bin/hubot -a irc", environment: { "HUBOT_IRC_SERVER" => "irc.freenode.net", "HUBOT_IRC_ROOMS" => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#opensourcedesign,#openknot,#emberjs,#mastodon,#indieweb,#lnd", "HUBOT_IRC_NICK" => "botka", "HUBOT_IRC_NICKSERV_USERNAME" => "botka", "HUBOT_IRC_NICKSERV_PASSWORD" => botka_freenode_data_bag_item['nickserv_password'], "HUBOT_IRC_UNFLOOD" => "100", "HUBOT_RSS_PRINTSUMMARY" => "false", "HUBOT_RSS_PRINTERROR" => "false", "HUBOT_RSS_IRCCOLORS" => "true", # "HUBOT_LOG_LEVEL" => "error", "EXPRESS_PORT" => "8081", "HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao", "RS_LOGGER_USER" => "kosmos@5apps.com", "RS_LOGGER_TOKEN" => botka_freenode_data_bag_item['rs_logger_token'], "RS_LOGGER_SERVER_NAME" => "freenode", "RS_LOGGER_PUBLIC" => "true", "GCM_API_KEY" => botka_freenode_data_bag_item['gcm_api_key'], "VAPID_SUBJECT" => "https://kosmos.org", "VAPID_PUBLIC_KEY" => botka_freenode_data_bag_item['vapid_public_key'], "VAPID_PRIVATE_KEY" => botka_freenode_data_bag_item['vapid_private_key'] } ) notifies :run, "execute[systemctl daemon-reload]", :delayed notifies :restart, "service[botka_freenode_nodejs]", :delayed end service "botka_freenode_nodejs" do action [:enable, :start] end end # # Nginx reverse proxy # unless node.chef_environment == "development" express_port = 8081 express_domain = "freenode.botka.kosmos.org" include_recipe "kosmos-base::letsencrypt" include_recipe 'kosmos-nginx' directory "/var/www/#{express_domain}/.well-known/acme-challenge" do owner node["nginx"]["user"] group node["nginx"]["group"] recursive true action :create end template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do source 'nginx_conf_hubot.erb' owner node["nginx"]["user"] mode 0640 variables express_port: express_port, server_name: express_domain, ssl_cert: "/etc/letsencrypt/live/#{express_domain}/fullchain.pem", ssl_key: "/etc/letsencrypt/live/#{express_domain}/privkey.pem" notifies :reload, 'service[nginx]', :delayed end nginx_site express_domain do enable true end # FIXME This doesn't actually work on the first run. Apparently nginx is not # reloaded after adding the vhost or sth, because it does work on the second # run. execute "letsencrypt cert for #{express_domain}" do command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n" cwd "/usr/local/certbot" not_if { File.exist? "/etc/letsencrypt/live/#{express_domain}/fullchain.pem" } notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{express_domain}]", :immediately end end