chef/site-cookbooks/kosmos_strfry/recipes/policies.rb

#
# Cookbook Name:: kosmos_strfry
# Recipe:: policies
#

include_recipe "deno"

#
# config
#

ldap_credentials = Chef::EncryptedDataBagItem.load('credentials', 'dirsrv')

extras_dir = node["strfry"]["extras_dir"]

directory extras_dir do
  owner node["strfry"]["user"]
  group node["strfry"]["group"]
  mode "0755"
end

env = {
  ldap_url: 'ldap://ldap.kosmos.local:389', # requires "ldap_client" role
  ldap_bind_dn: ldap_credentials["service_dn"],
  ldap_password: ldap_credentials["service_password"],
  ldap_search_dn: node["strfry"]["ldap_search_dn"],
  whitelist_pubkeys: node["strfry"]["known_pubkeys"].values.join(",")
}

template "#{extras_dir}/.env" do
  source 'env.erb'
  owner node["strfry"]["user"]
  group node["strfry"]["group"]
  mode 0600
  sensitive true
  variables config: env
  notifies :restart, "service[strfry]", :delayed
end

#
# strfry deno scripts
#

base_url = "https://gitea.kosmos.org/kosmos/akkounts/raw/branch/live/extras/strfry"

remote_file "#{extras_dir}/deno.json" do
  source "#{base_url}/deno.json"
  owner node["strfry"]["user"]
  group node["strfry"]["group"]
  mode "0644"
  notifies :restart, "service[strfry]", :delayed
end

remote_file "#{extras_dir}/deno.lock" do
  source "#{base_url}/deno.lock"
  owner node["strfry"]["user"]
  group node["strfry"]["group"]
  mode "0644"
  notifies :restart, "service[strfry]", :delayed
end

remote_file "#{extras_dir}/strfry-policy.ts" do
  source "#{base_url}/strfry-policy.ts"
  owner node["strfry"]["user"]
  group node["strfry"]["group"]
  mode "0755"
  notifies :restart, "service[strfry]", :delayed
end

remote_file "#{extras_dir}/ldap-policy.ts" do
  source "#{base_url}/ldap-policy.ts"
  owner node["strfry"]["user"]
  group node["strfry"]["group"]
  mode "0644"
  notifies :restart, "service[strfry]", :delayed
end

remote_file "#{extras_dir}/strfry-sync.ts" do
  source "#{base_url}/strfry-sync.ts"
  owner node["strfry"]["user"]
  group node["strfry"]["group"]
  mode "0644"
end