251 lines
7.2 KiB
Ruby
251 lines
7.2 KiB
Ruby
#
|
|
# Cookbook:: kosmos-akkounts
|
|
# Recipe:: default
|
|
#
|
|
require 'ipaddr'
|
|
|
|
app_name = "akkounts"
|
|
deploy_user = "deploy"
|
|
deploy_group = "deploy"
|
|
deploy_path = "/opt/#{app_name}"
|
|
credentials = Chef::EncryptedDataBagItem.load('credentials', app_name)
|
|
smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp')
|
|
|
|
group deploy_group
|
|
|
|
user deploy_user do
|
|
group deploy_group
|
|
manage_home true
|
|
shell "/bin/bash"
|
|
end
|
|
|
|
package "libpq-dev"
|
|
|
|
include_recipe 'redisio::default'
|
|
include_recipe 'redisio::enable'
|
|
include_recipe 'kosmos-nodejs'
|
|
|
|
npm_package "yarn" do
|
|
version "1.22.4"
|
|
end
|
|
|
|
ruby_version = "2.7.5"
|
|
bundle_path = "/opt/ruby_build/builds/#{ruby_version}/bin/bundle"
|
|
rails_env = node.chef_environment == "development" ? "development" : "production"
|
|
|
|
postgres_readonly_host = search(:node, "role:postgresql_replica").first["knife_zero"]["host"] rescue nil
|
|
btcpay_host = search(:node, "role:btcpay").first["knife_zero"]["host"] rescue nil
|
|
lndhub_host = search(:node, "role:lndhub").first["knife_zero"]["host"] rescue nil
|
|
webhooks_allowed_ips = [lndhub_host].compact.uniq.join(',')
|
|
|
|
env = {
|
|
akkounts_domain: node['akkounts']['domain'],
|
|
rails_serve_static_files: true
|
|
}
|
|
|
|
smtp_server, smtp_port = smtp_credentials[:relayhost].split(":")
|
|
env[:smtp] = {
|
|
server: smtp_server,
|
|
port: smtp_port,
|
|
login: smtp_credentials[:user_name],
|
|
password: smtp_credentials[:password],
|
|
from_address: node['akkounts']['smtp']['from_address'],
|
|
domain: node['akkounts']['smtp']['domain'],
|
|
auth_method: node['akkounts']['smtp']['auth_method'],
|
|
enable_starttls: node['akkounts']['smtp']['enable_starttls']
|
|
}
|
|
|
|
env[:sentry_dsn] = credentials["sentry_dsn"]
|
|
|
|
if webhooks_allowed_ips.length > 0
|
|
env[:webhooks_allowed_ips] = webhooks_allowed_ips
|
|
end
|
|
|
|
if btcpay_host
|
|
env[:btcpay_api_url] = "http://#{btcpay_host}:23001/api/v1"
|
|
end
|
|
|
|
env[:discourse_public_url] = node['akkounts']['discourse']['public_url']
|
|
env[:discourse_connect_secret] = credentials['discourse_connect_secret']
|
|
|
|
if lndhub_host
|
|
node.override["akkounts"]["lndhub"]["api_url"] = "http://#{lndhub_host}:3026"
|
|
env[:lndhub_legacy_api_url] = node["akkounts"]["lndhub"]["api_url"]
|
|
env[:lndhub_api_url] = node["akkounts"]["lndhub"]["api_url"]
|
|
env[:lndhub_public_url] = node["akkounts"]["lndhub"]["public_url"]
|
|
env[:lndhub_public_key] = node["akkounts"]["lndhub"]["public_key"]
|
|
if postgres_readonly_host
|
|
env[:lndhub_admin_ui] = true
|
|
env[:lndhub_pg_host] = postgres_readonly_host
|
|
env[:lndhub_pg_database] = node['akkounts']['lndhub']['postgres_db']
|
|
env[:lndhub_pg_username] = credentials['postgresql_username']
|
|
env[:lndhub_pg_password] = credentials['postgresql_password']
|
|
end
|
|
end
|
|
|
|
ejabberd_private_ip_addresses = []
|
|
search(:node, "role:ejabberd").each do |node|
|
|
ejabberd_private_ip_addresses << node["knife_zero"]["host"]
|
|
end
|
|
|
|
ejabberd_private_ip_addresses.each do |ip_address|
|
|
IPAddr.new ip_address
|
|
hostsfile_entry ip_address do
|
|
hostname 'xmpp.kosmos.local'
|
|
action :create
|
|
end
|
|
rescue IPAddr::InvalidAddressError
|
|
ejabberd_private_ip_addresses.delete! ip_address
|
|
next
|
|
end
|
|
|
|
if ejabberd_private_ip_addresses.size > 0
|
|
env[:ejabberd_api_url] = "http://xmpp.kosmos.local/api"
|
|
end
|
|
|
|
systemd_unit "akkounts.service" do
|
|
content({
|
|
Unit: {
|
|
Description: "Kosmos Accounts",
|
|
Documentation: ["https://gitea.kosmos.org/kosmos/akkounts"],
|
|
Requires: "redis@6379.service",
|
|
After: "syslog.target network.target"
|
|
},
|
|
Service: {
|
|
Type: "simple",
|
|
User: deploy_user,
|
|
WorkingDirectory: deploy_path,
|
|
Environment: "RAILS_ENV=#{rails_env}",
|
|
ExecStart: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid",
|
|
ExecStop: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid stop",
|
|
ExecReload: "#{bundle_path} exec pumactl -F config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid phased-restart",
|
|
PIDFile: "#{deploy_path}/tmp/puma.pid",
|
|
TimeoutSec: "10",
|
|
Restart: "always",
|
|
},
|
|
Install: {
|
|
WantedBy: "multi-user.target"
|
|
}
|
|
})
|
|
verify false
|
|
triggers_reload true
|
|
action [:create, :enable]
|
|
end
|
|
|
|
systemd_unit "akkounts-sidekiq.service" do
|
|
content({
|
|
Unit: {
|
|
Description: "Kosmos Accounts async/background jobs",
|
|
Documentation: ["https://gitea.kosmos.org/kosmos/akkounts"],
|
|
Requires: "redis@6379.service",
|
|
After: "syslog.target network.target redis@6379.service"
|
|
},
|
|
Service: {
|
|
Type: "notify",
|
|
User: deploy_user,
|
|
WorkingDirectory: deploy_path,
|
|
Environment: "MALLOC_ARENA_MAX=2",
|
|
ExecStart: "#{bundle_path} exec sidekiq -C #{deploy_path}/config/sidekiq.yml -e production",
|
|
WatchdogSec: "10",
|
|
Restart: "on-failure",
|
|
RestartSec: "1",
|
|
StandardOutput: "syslog",
|
|
StandardError: "syslog",
|
|
SyslogIdentifier: "sidekiq"
|
|
},
|
|
Install: {
|
|
WantedBy: "multi-user.target"
|
|
}
|
|
})
|
|
verify false
|
|
triggers_reload true
|
|
action [:create, :enable]
|
|
end
|
|
|
|
application deploy_path do
|
|
owner deploy_user
|
|
group deploy_group
|
|
|
|
# Take care of application restarts manually, in the git resource
|
|
action_on_update false
|
|
|
|
environment "HOME" => deploy_path,
|
|
"PATH" => "/opt/ruby_build/builds/#{ruby_version}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
|
|
|
|
ruby_runtime ruby_version do
|
|
provider :ruby_build
|
|
version ruby_version
|
|
end
|
|
|
|
git do
|
|
user deploy_user
|
|
group deploy_group
|
|
repository node[app_name]["repo"]
|
|
revision node[app_name]["revision"]
|
|
# Restart services on deployments
|
|
notifies :restart, "application[#{deploy_path}]", :delayed
|
|
end
|
|
|
|
file "#{deploy_path}/config/master.key" do
|
|
content credentials['rails_master_key']
|
|
mode '0400'
|
|
owner deploy_user
|
|
group deploy_group
|
|
end
|
|
|
|
template "#{deploy_path}/.env.production" do
|
|
source 'env.production.erb'
|
|
owner deploy_user
|
|
group deploy_group
|
|
mode 0600
|
|
sensitive true
|
|
variables config: env
|
|
notifies :restart, "application[#{deploy_path}]", :delayed
|
|
end
|
|
|
|
execute "bundle install" do
|
|
environment "HOME" => deploy_path
|
|
user deploy_user
|
|
cwd deploy_path
|
|
command "/opt/ruby_build/builds/#{ruby_version}/bin/bundle install --without development,test --deployment"
|
|
end
|
|
|
|
execute "yarn install" do
|
|
environment "HOME" => deploy_path, "NODE_ENV" => "production"
|
|
user deploy_user
|
|
cwd deploy_path
|
|
command "yarn install --pure-lockfile"
|
|
end
|
|
|
|
execute 'rake db:migrate' do
|
|
environment "RAILS_ENV" => rails_env, "HOME" => deploy_path
|
|
user deploy_user
|
|
group deploy_group
|
|
cwd deploy_path
|
|
command "PATH=\"/opt/ruby_build/builds/#{ruby_version}/bin:$PATH\" bundle exec rake db:migrate"
|
|
end
|
|
|
|
execute 'rake assets:precompile' do
|
|
environment "RAILS_ENV" => rails_env, "HOME" => deploy_path
|
|
user deploy_user
|
|
group deploy_group
|
|
cwd deploy_path
|
|
command "PATH=\"/opt/ruby_build/builds/#{ruby_version}/bin:$PATH\" bundle exec rake assets:precompile"
|
|
end
|
|
|
|
service "akkounts" do
|
|
action [:enable, :start]
|
|
end
|
|
|
|
service "akkounts-sidekiq" do
|
|
action [:enable, :start]
|
|
end
|
|
end
|
|
|
|
firewall_rule "akkounts_zerotier" do
|
|
command :allow
|
|
port node["akkounts"]["port"]
|
|
protocol :tcp
|
|
source "10.1.1.0/24"
|
|
end
|