164 lines
6.0 KiB
Ruby
164 lines
6.0 KiB
Ruby
#
|
|
# Cookbook Name:: kosmos-hubot
|
|
# Recipe:: hal8000_xmpp
|
|
#
|
|
# Copyright:: 2019, Kosmos Developers
|
|
#
|
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
# of this software and associated documentation files (the "Software"), to deal
|
|
# in the Software without restriction, including without limitation the rights
|
|
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
# copies of the Software, and to permit persons to whom the Software is
|
|
# furnished to do so, subject to the following conditions:
|
|
#
|
|
# The above copyright notice and this permission notice shall be included in
|
|
# all copies or substantial portions of the Software.
|
|
#
|
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
# THE SOFTWARE.
|
|
#
|
|
app_name = "hal8000_xmpp"
|
|
app_path = "/opt/#{app_name}"
|
|
app_user = "hubot"
|
|
app_group = "hubot"
|
|
|
|
build_essential app_name do
|
|
compile_time true
|
|
end
|
|
|
|
include_recipe "kosmos-nodejs"
|
|
include_recipe "kosmos-redis"
|
|
include_recipe "kosmos-hubot::_user"
|
|
|
|
# Needed for hubot-kredits
|
|
include_recipe "kosmos-ipfs"
|
|
|
|
unless node.chef_environment == "development"
|
|
include_recipe 'firewall'
|
|
firewall_rule 'ipfs_swarm_p2p' do
|
|
port 4001
|
|
protocol :tcp
|
|
command :allow
|
|
end
|
|
end
|
|
|
|
application app_path do
|
|
data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
|
|
|
|
owner app_user
|
|
group app_group
|
|
|
|
git do
|
|
user app_user
|
|
group app_group
|
|
repository "https://github.com/67P/hal8000.git"
|
|
revision "master"
|
|
end
|
|
|
|
file "#{app_path}/external-scripts.json" do
|
|
mode "0640"
|
|
owner app_user
|
|
group app_group
|
|
content node[app_name]['hubot_scripts'].to_json
|
|
end
|
|
|
|
npm_install do
|
|
user app_user
|
|
end
|
|
|
|
execute "systemctl daemon-reload" do
|
|
command "systemctl daemon-reload"
|
|
action :nothing
|
|
end
|
|
|
|
template "/lib/systemd/system/#{app_name}.service" do
|
|
source 'nodejs.systemd.service.erb'
|
|
owner 'root'
|
|
group 'root'
|
|
mode '0644'
|
|
variables(
|
|
user: app_user,
|
|
group: app_user,
|
|
app_dir: app_path,
|
|
entry: "#{app_path}/bin/hubot -a xmpp --name hal8000",
|
|
environment: {
|
|
"HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info",
|
|
"HUBOT_XMPP_USERNAME" => "hal8000@kosmos.org/hubot",
|
|
"HUBOT_XMPP_PASSWORD" => data_bag['xmpp_password'],
|
|
"HUBOT_XMPP_HOST" => "xmpp.kosmos.org",
|
|
"HUBOT_XMPP_ROOMS" => node[app_name]['rooms'].join(','),
|
|
"HUBOT_AUTH_ADMIN" => node[app_name]['auth_admins'].join(','),
|
|
"HUBOT_RSS_PRINTSUMMARY" => "false",
|
|
"HUBOT_RSS_PRINTERROR" => "false",
|
|
"HUBOT_RSS_IRCCOLORS" => "true",
|
|
"HUBOT_PLUSPLUS_POINTS_TERM" => "karma,karma",
|
|
"HUBOT_RSS_HEADER" => "Update:",
|
|
"HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
|
|
"REDIS_URL" => "redis://localhost:6379/#{app_name}",
|
|
"EXPRESS_PORT" => node[app_name]['http_port'],
|
|
"WEBHOOK_TOKEN" => data_bag['webhook_token'],
|
|
"IPFS_API_HOST" => node[app_name]['kredits']['ipfs_host'],
|
|
"IPFS_API_PORT" => node[app_name]['kredits']['ipfs_port'],
|
|
"IPFS_API_PROTOCOL" => node[app_name]['kredits']['ipfs_protocol'],
|
|
"KREDITS_WEB_URL" => node[app_name]['kredits']['web_url'],
|
|
"KREDITS_ROOM" => node[app_name]['kredits']['room'],
|
|
"KREDITS_WEBHOOK_TOKEN" => data_bag['kredits_webhook_token'],
|
|
"KREDITS_PROVIDER_URL" => node[app_name]['kredits']['provider_url'],
|
|
"KREDITS_NETWORK_ID" => node[app_name]['kredits']['network_id'],
|
|
"KREDITS_WALLET_PATH" => node[app_name]['kredits']['wallet_path'],
|
|
"KREDITS_WALLET_PASSWORD" => data_bag['kredits_wallet_password'],
|
|
"KREDITS_MEDIAWIKI_URL" => node[app_name]['kredits']['mediawiki_url'],
|
|
"KREDITS_GITHUB_REPO_BLACKLIST" => node[app_name]['kredits']['github_repo_blacklist'],
|
|
"KREDITS_GITEA_REPO_BLACKLIST" => node[app_name]['kredits']['gitea_repo_blacklist'],
|
|
"KREDITS_GRANT_HOST" => node[app_name]['domain'],
|
|
"KREDITS_GRANT_PROTOCOL" => "https",
|
|
"KREDITS_SESSION_SECRET" => data_bag['kredits_session_secret'],
|
|
"KREDITS_GITHUB_KEY" => data_bag['kredits_github_key'],
|
|
"KREDITS_GITHUB_SECRET" => data_bag['kredits_github_secret'],
|
|
"KREDITS_ZOOM_JWT" => data_bag['kredits_zoom_jwt'],
|
|
"KREDITS_ZOOM_MEETING_WHITELIST" => "414901303"
|
|
}
|
|
)
|
|
notifies :run, "execute[systemctl daemon-reload]", :delayed
|
|
notifies :restart, "service[#{app_name}]", :delayed
|
|
end
|
|
|
|
cookbook_file "#{app_path}/wallet.json" do
|
|
source "wallet.json"
|
|
end
|
|
|
|
service app_name do
|
|
action [:enable, :start]
|
|
end
|
|
end
|
|
|
|
#
|
|
# Nginx reverse proxy
|
|
#
|
|
unless node.chef_environment == "development"
|
|
include_recipe "kosmos-base::letsencrypt"
|
|
include_recipe "kosmos-nginx"
|
|
|
|
template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
|
|
source 'nginx_conf_hubot.erb'
|
|
owner node["nginx"]["user"]
|
|
mode 0640
|
|
variables express_port: node[app_name]['http_port'],
|
|
server_name: node[app_name]['domain'],
|
|
ssl_cert: "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
|
|
ssl_key: "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
|
|
notifies :reload, 'service[nginx]', :delayed
|
|
end
|
|
|
|
nginx_site node[app_name]['domain'] do
|
|
action :enable
|
|
end
|
|
|
|
nginx_certbot_site node[app_name]['domain']
|
|
end
|