e0fb84e56c
Also adds a new garage gateway role, which only allows RPC (inter-node) traffic to Garage.
53 lines
1.2 KiB
Ruby
53 lines
1.2 KiB
Ruby
#
|
|
# Cookbook:: kosmos_gitea
|
|
# Recipe:: nginx
|
|
#
|
|
|
|
include_recipe "kosmos-nginx"
|
|
|
|
domain = node["gitea"]["nginx"]["domain"]
|
|
|
|
# upstream_ip_addresses = []
|
|
# search(:node, "role:gitea").each do |n|
|
|
# upstream_ip_addresses << n["knife_zero"]["host"]
|
|
# end
|
|
begin
|
|
upstream_ip_address = search(:node, "role:gitea").first["knife_zero"]["host"]
|
|
rescue
|
|
Chef::Log.warn('No server with "gitea" role. Stopping here.')
|
|
return
|
|
end
|
|
|
|
nginx_certbot_site domain
|
|
|
|
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
|
|
source "nginx_conf_web.erb"
|
|
owner 'www-data'
|
|
mode 0640
|
|
variables server_name: domain,
|
|
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
|
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
|
|
upstream_host: upstream_ip_address,
|
|
upstream_port: node["gitea"]["port"]
|
|
|
|
notifies :reload, 'service[nginx]', :delayed
|
|
end
|
|
|
|
nginx_site domain do
|
|
action :enable
|
|
end
|
|
|
|
template "#{node['nginx']['dir']}/streams-available/ssh" do
|
|
source "nginx_conf_ssh.erb"
|
|
owner 'www-data'
|
|
mode 0640
|
|
variables domain: domain,
|
|
upstream_host: upstream_ip_address
|
|
|
|
notifies :reload, 'service[nginx]', :delayed
|
|
end
|
|
|
|
nginx_stream "ssh" do
|
|
action :enable
|
|
end
|