kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
chef/site-cookbooks/5apps-hubot/recipes/xmpp_schlupp.rb
Greg Karékinian 892d02bf2d Deploy XMPP schlupp's master branch again
2017-05-17 12:13:43 +02:00

148 lines
4.4 KiB
Ruby
Raw Blame History

#
# Cookbook Name:: 5apps-hubot
# Recipe:: xmpp_schlupp
#
# Copyright 2016, Kosmos
#
# All rights reserved - Do Not Redistribute
#
express_port = 8083
unless node.chef_environment == "development"
include_recipe "firewall"
firewall_rule 'hubot_express_schlupp_xmpp' do
port express_port
protocol :tcp
command :allow
end
end
group "hubot" do
gid 48268
end
user "hubot" do
system true
manage_home true
comment "hubot user"
uid 48268
gid 48268
shell "/bin/bash"
end
schlupp_xmpp_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', '5apps_schlupp_xmpp')
schlupp_xmpp_path = "/opt/schlupp_xmpp"
application schlupp_xmpp_path do
owner "hubot"
group "hubot"
git do
user "hubot"
group "hubot"
repository "git@gitlab.com:5apps/schlupp.git"
revision "master"
deploy_key schlupp_xmpp_data_bag_item['deploy_key']
end
file "external-scripts.json" do
mode "0640"
owner "hubot"
group "hubot"
content [
"hubot-auth",
"hubot-help",
"hubot-redis-brain",
"hubot-rules",
"hubot-shipit",
"hubot-plusplus",
"hubot-tell",
"hubot-seen",
"hubot-rss-reader",
"hubot-incoming-webhook",
"hubot-yubikey-invalidation",
].to_json
end
npm_install do
user "hubot"
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
template "/lib/systemd/system/schlupp_xmpp_nodejs.service" do
source 'nodejs.systemd.service.erb'
owner 'root'
group 'root'
mode '0644'
variables(
user: "hubot",
group: "hubot",
app_dir: schlupp_xmpp_path,
entry: "#{schlupp_xmpp_path}/bin/hubot -a xmpp --name schlupp",
environment: { "HUBOT_XMPP_USERNAME" => "schlupp@5apps.com/hubot",
"HUBOT_XMPP_PASSWORD" => schlupp_xmpp_data_bag_item['password'],
"HUBOT_XMPP_ROOMS" => "5info@muc.5apps.com,5ops@muc.5apps.com,core@muc.5apps.com,deploy@muc.5apps.com,storage@muc.5apps.com,watercooler@muc.5apps.com,hilti@muc.5apps.com,test@muc.5apps.com,gymapp@muc.5apps.com",
"HUBOT_XMPP_HOST" => "xmpp.5apps.com",
"HUBOT_RSS_PRINTSUMMARY" => "false",
"EXPRESS_PORT" => express_port,
"HUBOT_RSS_HEADER" => "Update:",
"HUBOT_AUTH_ADMIN" => "basti,garret,greg",
"REDIS_URL" => "redis://localhost:6379/5apps_schlupp_xmpp",
"RS_OPS_TOKEN" => schlupp_xmpp_data_bag_item['rs_ops_token'],
"WEBHOOK_TOKEN" => schlupp_xmpp_data_bag_item['webhook_token'],
"AIRTABLE_API_KEY" => schlupp_xmpp_data_bag_item['airtable_api_key'],
"GITHUB_TOKEN" => schlupp_xmpp_data_bag_item['github_token'] }
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[schlupp_xmpp_nodejs]", :delayed
end
service "schlupp_xmpp_nodejs" do
action [:enable, :start]
end
end
# nginx reverse proxy
unless node.chef_environment == "development"
include_recipe "kosmos-base::letsencrypt"
end
include_recipe 'kosmos-nginx'
directory "/var/www/hubot.5apps.com/.well-known/acme-challenge" do
owner node["nginx"]["user"]
group node["nginx"]["group"]
recursive true
action :create
end
template "#{node['nginx']['dir']}/sites-available/hubot.5apps.com" do
source 'nginx_conf_hubot.5apps.com.erb'
owner node["nginx"]["user"]
mode 0640
variables express_port: express_port,
server_name: 'hubot.5apps.com',
ssl_cert: "/etc/letsencrypt/live/hubot.5apps.com/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/hubot.5apps.com/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site 'hubot.5apps.com' do
enable true
end
unless node.chef_environment == "development"
execute "letsencrypt cert for hubot.5apps.com" do
command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/hubot.5apps.com -d hubot.5apps.com -n"
cwd "/usr/local/certbot"
not_if { File.exist? "/etc/letsencrypt/live/hubot.5apps.com/fullchain.pem" }
notifies :create, "template[#{node['nginx']['dir']}/sites-available/hubot.5apps.com]", :immediately
end
end
Reference in New Issue View Git Blame Copy Permalink