# # Cookbook Name:: kosmos-hubot # Recipe:: hal8000_xmpp # # Copyright:: 2019, Kosmos Developers # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. # app_name = "hal8000_xmpp" app_path = "/opt/#{app_name}" app_user = "hubot" app_group = "hubot" build_essential app_name do compile_time true end include_recipe "kosmos-nodejs" include_recipe "kosmos-redis" include_recipe "kosmos-hubot::_user" # Needed for hubot-kredits include_recipe "kosmos-ipfs" unless node.chef_environment == "development" include_recipe 'firewall' firewall_rule 'ipfs_swarm_p2p' do port 4001 protocol :tcp command :allow end end application app_path do data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name) owner app_user group app_group git do user app_user group app_group repository "https://github.com/67P/hal8000.git" revision "master" end file "#{app_path}/external-scripts.json" do mode "0640" owner app_user group app_group content node[app_name]['hubot_scripts'].to_json end npm_install do user app_user end execute "systemctl daemon-reload" do command "systemctl daemon-reload" action :nothing end template "/lib/systemd/system/#{app_name}.service" do source 'nodejs.systemd.service.erb' owner 'root' group 'root' mode '0644' variables( user: app_user, group: app_user, app_dir: app_path, entry: "#{app_path}/bin/hubot -a xmpp --name hal8000", environment: { "HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info", "HUBOT_XMPP_USERNAME" => "hal8000@kosmos.org/hubot", "HUBOT_XMPP_PASSWORD" => data_bag['xmpp_password'], "HUBOT_XMPP_HOST" => "xmpp.kosmos.org", "HUBOT_XMPP_ROOMS" => node[app_name]['rooms'].join(','), "HUBOT_AUTH_ADMIN" => node[app_name]['auth_admins'].join(','), "HUBOT_RSS_PRINTSUMMARY" => "false", "HUBOT_RSS_PRINTERROR" => "false", "HUBOT_RSS_IRCCOLORS" => "true", "HUBOT_PLUSPLUS_POINTS_TERM" => "karma,karma", "HUBOT_RSS_HEADER" => "Update:", "HUBOT_HELP_REPLY_IN_PRIVATE" => "true", "REDIS_URL" => "redis://localhost:6379/#{app_name}", "EXPRESS_PORT" => node[app_name]['http_port'], "WEBHOOK_TOKEN" => data_bag['webhook_token'], "GITEA_TOKEN" => data_bag['gitea_token'], "GITHUB_TOKEN" => data_bag['github_token'], "IPFS_API_HOST" => node[app_name]['kredits']['ipfs_host'], "IPFS_API_PORT" => node[app_name]['kredits']['ipfs_port'], "IPFS_API_PROTOCOL" => node[app_name]['kredits']['ipfs_protocol'], "KREDITS_WEB_URL" => node[app_name]['kredits']['web_url'], "KREDITS_ROOM" => node[app_name]['kredits']['room'], "KREDITS_WEBHOOK_TOKEN" => data_bag['kredits_webhook_token'], "KREDITS_PROVIDER_URL" => node[app_name]['kredits']['provider_url'], "KREDITS_NETWORK_ID" => node[app_name]['kredits']['network_id'], "KREDITS_WALLET_PATH" => node[app_name]['kredits']['wallet_path'], "KREDITS_WALLET_PASSWORD" => data_bag['kredits_wallet_password'], "KREDITS_MEDIAWIKI_URL" => node[app_name]['kredits']['mediawiki_url'], "KREDITS_GITHUB_REPO_BLACKLIST" => node[app_name]['kredits']['github_repo_blacklist'], "KREDITS_GITEA_REPO_BLACKLIST" => node[app_name]['kredits']['gitea_repo_blacklist'], "KREDITS_GRANT_HOST" => node[app_name]['domain'], "KREDITS_GRANT_PROTOCOL" => "https", "KREDITS_SESSION_SECRET" => data_bag['kredits_session_secret'], "KREDITS_GITHUB_KEY" => data_bag['kredits_github_key'], "KREDITS_GITHUB_SECRET" => data_bag['kredits_github_secret'], "KREDITS_ZOOM_JWT" => data_bag['kredits_zoom_jwt'], "KREDITS_ZOOM_MEETING_WHITELIST" => "414901303,82557072771" } ) notifies :run, "execute[systemctl daemon-reload]", :delayed notifies :restart, "service[#{app_name}]", :delayed end cookbook_file "#{app_path}/wallet.json" do source "wallet.json" end service app_name do action [:enable, :start] end end # # Nginx reverse proxy # unless node.chef_environment == "development" include_recipe "kosmos-base::letsencrypt" include_recipe "kosmos-nginx" template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do source 'nginx_conf_hubot.erb' owner node["nginx"]["user"] mode 0640 variables express_port: node[app_name]['http_port'], server_name: node[app_name]['domain'], ssl_cert: "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem", ssl_key: "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem" notifies :reload, 'service[nginx]', :delayed end nginx_site node[app_name]['domain'] do action :enable end nginx_certbot_site node[app_name]['domain'] end