kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
chef/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
Greg Karékinian 17f1b2a20a Create a nginx_certbot_site resource to remove duplication 
It creates a folder, the nginx vhost for certbot and HTTP redirects, and
also runs certbot and recreates the nginx vhost that includes the TLS
cert
2019-03-15 19:03:28 +01:00

116 lines
3.6 KiB
Ruby
Raw Blame History

#
# Cookbook Name:: kosmos-hubot
# Recipe:: botka_freenode
#
# Copyright 2017-2018, Kosmos
#
include_recipe "kosmos-nodejs"
include_recipe "kosmos-redis"
botka_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'botka_freenode')
botka_freenode_path = "/opt/botka_freenode"
application botka_freenode_path do
owner "hubot"
group "hubot"
git do
user "hubot"
group "hubot"
repository "https://github.com/67P/botka.git"
revision "master"
end
file "#{name}/external-scripts.json" do
mode "0640"
owner "hubot"
group "hubot"
content [
"hubot-help",
"hubot-redis-brain",
"hubot-remotestorage-logger",
"hubot-web-push-notifications",
].to_json
end
npm_install do
user "hubot"
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
template "/lib/systemd/system/botka_freenode_nodejs.service" do
source 'nodejs.systemd.service.erb'
owner 'root'
group 'root'
mode '0644'
variables(
user: "hubot",
group: "hubot",
app_dir: botka_freenode_path,
entry: "#{botka_freenode_path}/bin/hubot -a irc",
environment: {
"HUBOT_IRC_SERVER" => "irc.freenode.net",
"HUBOT_IRC_ROOMS" => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#opensourcedesign,#openknot,#emberjs,#mastodon,#indieweb,#lnd",
"HUBOT_IRC_NICK" => "botka",
"HUBOT_IRC_NICKSERV_USERNAME" => "botka",
"HUBOT_IRC_NICKSERV_PASSWORD" => botka_freenode_data_bag_item['nickserv_password'],
"HUBOT_IRC_UNFLOOD" => "100",
"HUBOT_RSS_PRINTSUMMARY" => "false",
"HUBOT_RSS_PRINTERROR" => "false",
"HUBOT_RSS_IRCCOLORS" => "true",
# "HUBOT_LOG_LEVEL" => "error",
"EXPRESS_PORT" => "8081",
"HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao",
"RS_LOGGER_USER" => "kosmos@5apps.com",
"RS_LOGGER_TOKEN" => botka_freenode_data_bag_item['rs_logger_token'],
"RS_LOGGER_SERVER_NAME" => "freenode",
"RS_LOGGER_PUBLIC" => "true",
"GCM_API_KEY" => botka_freenode_data_bag_item['gcm_api_key'],
"VAPID_SUBJECT" => "https://kosmos.org",
"VAPID_PUBLIC_KEY" => botka_freenode_data_bag_item['vapid_public_key'],
"VAPID_PRIVATE_KEY" => botka_freenode_data_bag_item['vapid_private_key'],
"REDIS_URL" => "redis://localhost:6379/botka"
}
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[botka_freenode_nodejs]", :delayed
end
service "botka_freenode_nodejs" do
action [:enable, :start]
end
end
#
# Nginx reverse proxy
#
unless node.chef_environment == "development"
express_port = 8081
express_domain = "freenode.botka.kosmos.org"
include_recipe "kosmos-base::letsencrypt"
include_recipe "kosmos-nginx"
template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
source 'nginx_conf_hubot.erb'
owner node["nginx"]["user"]
mode 0640
variables express_port: express_port,
server_name: express_domain,
ssl_cert: "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site express_domain do
action :enable
end
nginx_certbot_site express_domain
end
Reference in New Issue View Git Blame Copy Permalink