e6b7794e20
This allows us to use them for KVM hosts as well. Until now we had set up ufw rules manually on the two KVM hosts (draco and centaurus) Refs #244
36 lines
958 B
Ruby
36 lines
958 B
Ruby
#
|
|
# Cookbook:: kosmos-btcpayserver
|
|
# Recipe:: proxy
|
|
#
|
|
# Copyright:: 2019, Kosmos, All Rights Reserved.
|
|
#
|
|
include_recipe "kosmos-nginx"
|
|
server_name = node["kosmos-btcpayserver"]["nginx"]["server_name"]
|
|
|
|
template "#{node["nginx"]["dir"]}/sites-available/#{server_name}" do
|
|
source "nginx_conf_btcpayserver.erb"
|
|
owner node["nginx"]["user"]
|
|
mode 0640
|
|
variables btcpay_port: node["kosmos-btcpayserver"]["port"],
|
|
server_name: server_name,
|
|
ssl_cert: "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
|
|
ssl_key: "/etc/letsencrypt/live/#{server_name}/privkey.pem"
|
|
notifies :reload, "service[nginx]", :delayed
|
|
end
|
|
|
|
nginx_site server_name do
|
|
action :enable
|
|
end
|
|
|
|
nginx_certbot_site server_name
|
|
|
|
unless node.chef_environment == "development"
|
|
include_recipe "kosmos-base::firewall"
|
|
|
|
firewall_rule "btcpayserver" do
|
|
port node["kosmos-btcpayserver"]["port"]
|
|
protocol :tcp
|
|
command :allow
|
|
end
|
|
end
|