chef/site-cookbooks/kosmos_gitea/recipes/nginx.rb

#
# Cookbook:: kosmos_gitea
# Recipe:: nginx
#

include_recipe "kosmos-nginx"

domain = node["gitea"]["domain"]

# upstream_ip_addresses = []
# search(:node, "role:gitea").each do |n|
#   upstream_ip_addresses << n["knife_zero"]["host"]
# end
begin
  upstream_ip_address = search(:node, "role:gitea").first["knife_zero"]["host"]
rescue
  Chef::Log.warn('No server with "gitea" role. Stopping here.')
  return
end

nginx_certbot_site domain

template "#{node['nginx']['dir']}/sites-available/#{domain}" do
  source "nginx_conf_web.erb"
  owner 'www-data'
  mode 0640
  variables server_name:   domain,
            ssl_cert:      "/etc/letsencrypt/live/#{domain}/fullchain.pem",
            ssl_key:       "/etc/letsencrypt/live/#{domain}/privkey.pem",
            upstream_host: upstream_ip_address,
            upstream_port: node["gitea"]["port"]

  notifies :reload, 'service[nginx]', :delayed
end

nginx_site domain do
  action :enable
end

template "#{node['nginx']['dir']}/streams-available/ssh" do
  source "nginx_conf_ssh.erb"
  owner 'www-data'
  mode 0640
  variables domain: domain,
            upstream_host: upstream_ip_address

  notifies :reload, 'service[nginx]', :delayed
end

nginx_stream "ssh" do
  action :enable
end