kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
chef/site-cookbooks/5apps-hubot/recipes/xmpp_schlupp.rb
Greg Karékinian 17f1b2a20a Create a nginx_certbot_site resource to remove duplication 
It creates a folder, the nginx vhost for certbot and HTTP redirects, and
also runs certbot and recreates the nginx vhost that includes the TLS
cert
2019-03-15 19:03:28 +01:00

138 lines
4.0 KiB
Ruby
Raw Blame History

#
# Cookbook Name:: 5apps-hubot
# Recipe:: xmpp_schlupp
#
# Copyright 2016, Kosmos
#
# All rights reserved - Do Not Redistribute
#
express_port = 8083
express_domain = "hubot.5apps.com"
unless node.chef_environment == "development"
include_recipe "firewall"
firewall_rule 'hubot_express_schlupp_xmpp' do
port express_port
protocol :tcp
command :allow
end
end
group "hubot" do
gid 48268
end
user "hubot" do
system true
manage_home true
comment "hubot user"
uid 48268
gid 48268
shell "/bin/bash"
end
schlupp_xmpp_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', '5apps_schlupp_xmpp')
schlupp_xmpp_path = "/opt/schlupp_xmpp"
application schlupp_xmpp_path do
owner "hubot"
group "hubot"
git do
user "hubot"
group "hubot"
repository "git@gitlab.com:5apps/schlupp.git"
revision "master"
deploy_key schlupp_xmpp_data_bag_item['deploy_key']
end
file "external-scripts.json" do
mode "0640"
owner "hubot"
group "hubot"
content [
"hubot-auth",
"hubot-help",
"hubot-redis-brain",
"hubot-rules",
"hubot-shipit",
"hubot-plusplus",
"hubot-tell",
"hubot-seen",
"hubot-rss-reader",
"hubot-incoming-webhook",
"hubot-yubikey-invalidation",
].to_json
end
npm_install do
user "hubot"
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
template "/lib/systemd/system/schlupp_xmpp_nodejs.service" do
source 'nodejs.systemd.service.erb'
owner 'root'
group 'root'
mode '0644'
variables(
user: "hubot",
group: "hubot",
app_dir: schlupp_xmpp_path,
entry: "#{schlupp_xmpp_path}/bin/hubot -a xmpp --name schlupp",
environment: { "HUBOT_XMPP_USERNAME" => "schlupp@5apps.com/hubot",
"HUBOT_XMPP_PASSWORD" => schlupp_xmpp_data_bag_item['password'],
"HUBOT_XMPP_ROOMS" => "5info@muc.5apps.com,5ops@muc.5apps.com,core@muc.5apps.com,deploy@muc.5apps.com,storage@muc.5apps.com,watercooler@muc.5apps.com,hilti@muc.5apps.com,test@muc.5apps.com,gymapp@muc.5apps.com,solarisbank@muc.5apps.com",
"HUBOT_XMPP_HOST" => "xmpp.5apps.com",
"HUBOT_RSS_PRINTSUMMARY" => "false",
"EXPRESS_PORT" => express_port,
"HUBOT_RSS_HEADER" => "Update:",
"HUBOT_AUTH_ADMIN" => "basti,garret,greg",
"REDIS_URL" => "redis://localhost:6379/5apps_schlupp_xmpp",
"WEBHOOK_TOKEN" => schlupp_xmpp_data_bag_item['webhook_token'],
"AIRTABLE_API_KEY" => schlupp_xmpp_data_bag_item['airtable_api_key'],
"GITHUB_TOKEN" => schlupp_xmpp_data_bag_item['github_token'],
"AWS_ACCESS_KEY_ID" => schlupp_xmpp_data_bag_item['aws_access_key_id'],
"AWS_SECRET_ACCESS_KEY" => schlupp_xmpp_data_bag_item['aws_secret_access_key'] }
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[schlupp_xmpp_nodejs]", :delayed
end
service "schlupp_xmpp_nodejs" do
action [:enable, :start]
end
end
#
# Nginx reverse proxy
#
unless node.chef_environment == "development"
include_recipe "kosmos-base::letsencrypt"
end
include_recipe 'kosmos-nginx'
template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
source 'nginx_conf_hubot.erb'
owner node["nginx"]["user"]
mode 0640
variables express_port: express_port,
server_name: express_domain,
ssl_cert: "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site express_domain do
action :enable
end
nginx_certbot_site express_domain
Reference in New Issue View Git Blame Copy Permalink