# # Cookbook Name:: kosmos-hubot # Recipe:: botka_freenode # # Copyright:: 2019, Kosmos Developers # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. # app_name = "botka_freenode" app_path = "/opt/#{app_name}" app_user = "hubot" app_group = "hubot" build_essential app_name do compile_time true end include_recipe "kosmos-nodejs" include_recipe "kosmos-redis" application app_path do data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name) owner app_user group app_group git do user app_user group app_group repository "https://github.com/67P/botka.git" revision "master" end file "#{app_path}/external-scripts.json" do mode "0640" owner app_user group app_group content [ "hubot-help", "hubot-redis-brain", "hubot-remotestorage-logger", "hubot-web-push-notifications", ].to_json end npm_install do user app_user end execute "systemctl daemon-reload" do command "systemctl daemon-reload" action :nothing end template "/lib/systemd/system/#{app_name}.service" do source 'nodejs.systemd.service.erb' owner 'root' group 'root' mode '0644' variables( user: app_user, group: app_group, app_dir: app_path, entry: "#{app_path}/bin/hubot -a irc", environment: { "HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info", "HUBOT_IRC_SERVER" => "irc.freenode.net", "HUBOT_IRC_ROOMS" => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#opensourcedesign,#openknot,#emberjs,#mastodon,#indieweb,#lnd", "HUBOT_IRC_NICK" => "botka", "HUBOT_IRC_NICKSERV_USERNAME" => "botka", "HUBOT_IRC_NICKSERV_PASSWORD" => data_bag['nickserv_password'], "HUBOT_IRC_UNFLOOD" => "100", "HUBOT_RSS_PRINTSUMMARY" => "false", "HUBOT_RSS_PRINTERROR" => "false", "HUBOT_RSS_IRCCOLORS" => "true", "EXPRESS_PORT" => node[app_name]['http_port'], "HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao", "HUBOT_HELP_REPLY_IN_PRIVATE" => "true", "RS_LOGGER_USER" => "kosmos@5apps.com", "RS_LOGGER_TOKEN" => data_bag['rs_logger_token'], "RS_LOGGER_SERVER_NAME" => "freenode", "RS_LOGGER_PUBLIC" => "true", "GCM_API_KEY" => data_bag['gcm_api_key'], "VAPID_SUBJECT" => "https://kosmos.org", "VAPID_PUBLIC_KEY" => data_bag['vapid_public_key'], "VAPID_PRIVATE_KEY" => data_bag['vapid_private_key'], "REDIS_URL" => "redis://localhost:6379/botka" } ) notifies :run, "execute[systemctl daemon-reload]", :delayed notifies :restart, "service[#{app_name}]", :delayed end service app_name do action [:enable, :start] end end # # Nginx reverse proxy # unless node.chef_environment == "development" include_recipe "kosmos-base::letsencrypt" include_recipe "kosmos-nginx" template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do source 'nginx_conf_hubot.erb' owner node["nginx"]["user"] mode 0640 variables express_port: node[app_name]['http_port'], server_name: node[app_name]['domain'], ssl_cert: "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem", ssl_key: "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem" notifies :reload, 'service[nginx]', :delayed end nginx_site node[app_name]['domain'] do action :enable end nginx_certbot_site node[app_name]['domain'] end