kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
chef/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
Greg Karékinian 36e046ea73 Run certbot using the binary provided by the Ubuntu PPA
2019-03-14 10:52:44 +01:00

130 lines
4.3 KiB
Ruby
Raw Blame History

#
# Cookbook Name:: kosmos-hubot
# Recipe:: botka_freenode
#
# Copyright 2017-2018, Kosmos
#
include_recipe "kosmos-nodejs"
include_recipe "kosmos-redis"
botka_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'botka_freenode')
botka_freenode_path = "/opt/botka_freenode"
application botka_freenode_path do
owner "hubot"
group "hubot"
git do
user "hubot"
group "hubot"
repository "https://github.com/67P/botka.git"
revision "master"
end
file "#{name}/external-scripts.json" do
mode "0640"
owner "hubot"
group "hubot"
content [
"hubot-help",
"hubot-redis-brain",
"hubot-remotestorage-logger",
"hubot-web-push-notifications",
].to_json
end
npm_install do
user "hubot"
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
template "/lib/systemd/system/botka_freenode_nodejs.service" do
source 'nodejs.systemd.service.erb'
owner 'root'
group 'root'
mode '0644'
variables(
user: "hubot",
group: "hubot",
app_dir: botka_freenode_path,
entry: "#{botka_freenode_path}/bin/hubot -a irc",
environment: {
"HUBOT_IRC_SERVER" => "irc.freenode.net",
"HUBOT_IRC_ROOMS" => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#opensourcedesign,#openknot,#emberjs,#mastodon,#indieweb,#lnd",
"HUBOT_IRC_NICK" => "botka",
"HUBOT_IRC_NICKSERV_USERNAME" => "botka",
"HUBOT_IRC_NICKSERV_PASSWORD" => botka_freenode_data_bag_item['nickserv_password'],
"HUBOT_IRC_UNFLOOD" => "100",
"HUBOT_RSS_PRINTSUMMARY" => "false",
"HUBOT_RSS_PRINTERROR" => "false",
"HUBOT_RSS_IRCCOLORS" => "true",
# "HUBOT_LOG_LEVEL" => "error",
"EXPRESS_PORT" => "8081",
"HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao",
"RS_LOGGER_USER" => "kosmos@5apps.com",
"RS_LOGGER_TOKEN" => botka_freenode_data_bag_item['rs_logger_token'],
"RS_LOGGER_SERVER_NAME" => "freenode",
"RS_LOGGER_PUBLIC" => "true",
"GCM_API_KEY" => botka_freenode_data_bag_item['gcm_api_key'],
"VAPID_SUBJECT" => "https://kosmos.org",
"VAPID_PUBLIC_KEY" => botka_freenode_data_bag_item['vapid_public_key'],
"VAPID_PRIVATE_KEY" => botka_freenode_data_bag_item['vapid_private_key'],
"REDIS_URL" => "redis://localhost:6379/botka"
}
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[botka_freenode_nodejs]", :delayed
end
service "botka_freenode_nodejs" do
action [:enable, :start]
end
end
#
# Nginx reverse proxy
#
unless node.chef_environment == "development"
express_port = 8081
express_domain = "freenode.botka.kosmos.org"
include_recipe "kosmos-base::letsencrypt"
include_recipe 'kosmos-nginx'
directory "/var/www/#{express_domain}/.well-known/acme-challenge" do
owner node["nginx"]["user"]
group node["nginx"]["group"]
recursive true
action :create
end
template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
source 'nginx_conf_hubot.erb'
owner node["nginx"]["user"]
mode 0640
variables express_port: express_port,
server_name: express_domain,
ssl_cert: "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site express_domain do
enable true
end
# FIXME This doesn't actually work on the first run. Apparently nginx is not
# reloaded after adding the vhost or sth, because it does work on the second
# run.
execute "letsencrypt cert for #{express_domain}" do
command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n"
not_if { File.exist? "/etc/letsencrypt/live/#{express_domain}/fullchain.pem" }
notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{express_domain}]", :immediately
end
end
Reference in New Issue View Git Blame Copy Permalink