343 lines
8.8 KiB
Ruby
343 lines
8.8 KiB
Ruby
#
|
|
# Cookbook:: kosmos-akkounts
|
|
# Recipe:: default
|
|
#
|
|
require 'ipaddr'
|
|
|
|
app_name = "akkounts"
|
|
deploy_user = "deploy"
|
|
deploy_group = "deploy"
|
|
deploy_path = "/opt/#{app_name}"
|
|
credentials = Chef::EncryptedDataBagItem.load('credentials', app_name)
|
|
smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp')
|
|
|
|
group deploy_group
|
|
|
|
user deploy_user do
|
|
group deploy_group
|
|
manage_home true
|
|
shell "/bin/bash"
|
|
end
|
|
|
|
package "libpq-dev"
|
|
package "libvips"
|
|
|
|
include_recipe 'redisio::default'
|
|
include_recipe 'redisio::enable'
|
|
include_recipe 'kosmos-nodejs'
|
|
|
|
npm_package "yarn" do
|
|
version "1.22.4"
|
|
end
|
|
|
|
ruby_version = "3.3.0"
|
|
ruby_path = "/opt/ruby_build/builds/#{ruby_version}"
|
|
bundle_path = "#{ruby_path}/bin/bundle"
|
|
rails_env = node.chef_environment == "development" ? "development" : "production"
|
|
|
|
ruby_build_install 'v20240221'
|
|
ruby_build_definition ruby_version do
|
|
prefix_path ruby_path
|
|
end
|
|
|
|
postgres_readonly_host = search(:node, "role:postgresql_replica").first["knife_zero"]["host"] rescue nil
|
|
btcpay_host = search(:node, "role:btcpay").first["knife_zero"]["host"] rescue nil
|
|
lndhub_host = search(:node, "role:lndhub").first["knife_zero"]["host"] rescue nil
|
|
webhooks_allowed_ips = [lndhub_host].compact.uniq.join(',')
|
|
|
|
env = {
|
|
primary_domain: node['akkounts']['primary_domain'],
|
|
akkounts_domain: node['akkounts']['domain'],
|
|
rails_serve_static_files: true
|
|
}
|
|
|
|
smtp_server, smtp_port = smtp_credentials[:relayhost].split(":")
|
|
env[:smtp] = {
|
|
server: smtp_server,
|
|
port: smtp_port,
|
|
login: smtp_credentials[:user_name],
|
|
password: smtp_credentials[:password],
|
|
from_address: node['akkounts']['smtp']['from_address'],
|
|
domain: node['akkounts']['smtp']['domain'],
|
|
auth_method: node['akkounts']['smtp']['auth_method'],
|
|
enable_starttls: node['akkounts']['smtp']['enable_starttls']
|
|
}
|
|
|
|
env[:sentry_dsn] = credentials["sentry_dsn"]
|
|
|
|
if webhooks_allowed_ips.length > 0
|
|
env[:webhooks_allowed_ips] = webhooks_allowed_ips
|
|
end
|
|
|
|
#
|
|
# BTCPay Server
|
|
#
|
|
|
|
if btcpay_host
|
|
env[:btcpay_api_url] = "http://#{btcpay_host}:23001/api/v1"
|
|
env[:btcpay_public_url] = node['akkounts']['btcpay']['public_url']
|
|
env[:btcpay_store_id] = node['akkounts']['btcpay']['store_id']
|
|
env[:btcpay_auth_token] = credentials["btcpay_auth_token"]
|
|
end
|
|
|
|
#
|
|
# Discourse
|
|
#
|
|
|
|
env[:discourse_public_url] = "https://#{node['discourse']['domain']}"
|
|
env[:discourse_connect_secret] = credentials['discourse_connect_secret']
|
|
|
|
#
|
|
# Drone CI
|
|
#
|
|
|
|
env[:droneci_public_url] = node["droneci"]["public_url"]
|
|
|
|
#
|
|
# ejabberd
|
|
#
|
|
|
|
ejabberd_private_ip_addresses = []
|
|
search(:node, "role:ejabberd").each do |node|
|
|
ejabberd_private_ip_addresses << node["knife_zero"]["host"]
|
|
end
|
|
|
|
ejabberd_private_ip_addresses.each do |ip_address|
|
|
IPAddr.new ip_address
|
|
hostsfile_entry ip_address do
|
|
hostname 'xmpp.kosmos.local'
|
|
action :create
|
|
end
|
|
rescue IPAddr::InvalidAddressError
|
|
ejabberd_private_ip_addresses.delete! ip_address
|
|
next
|
|
end
|
|
|
|
if ejabberd_private_ip_addresses.size > 0
|
|
env[:ejabberd_api_url] = "http://xmpp.kosmos.local/api"
|
|
env[:ejabberd_admin_url] = node['akkounts']['ejabberd']['admin_url']
|
|
end
|
|
|
|
#
|
|
# Gitea
|
|
#
|
|
|
|
env[:gitea_public_url] = "https://#{node['gitea']['domain']}"
|
|
|
|
#
|
|
# lndhub.go
|
|
#
|
|
|
|
if lndhub_host
|
|
node.override["akkounts"]["lndhub"]["api_url"] = "http://#{lndhub_host}:3026"
|
|
env[:lndhub_legacy_api_url] = node["akkounts"]["lndhub"]["api_url"]
|
|
env[:lndhub_api_url] = node["akkounts"]["lndhub"]["api_url"]
|
|
env[:lndhub_admin_token] = credentials["lndhub_admin_token"]
|
|
env[:lndhub_public_url] = node["akkounts"]["lndhub"]["public_url"]
|
|
env[:lndhub_public_key] = node["akkounts"]["lndhub"]["public_key"]
|
|
if postgres_readonly_host
|
|
env[:lndhub_admin_ui] = true
|
|
env[:lndhub_pg_host] = postgres_readonly_host
|
|
env[:lndhub_pg_database] = node['akkounts']['lndhub']['postgres_db']
|
|
env[:lndhub_pg_username] = credentials['postgresql_username']
|
|
env[:lndhub_pg_password] = credentials['postgresql_password']
|
|
end
|
|
end
|
|
|
|
#
|
|
# Mastodon
|
|
#
|
|
|
|
env[:mastodon_public_url] = "https://#{node['kosmos-mastodon']['domain']}"
|
|
env[:mastodon_address_domain] = node['kosmos-mastodon']['user_address_domain']
|
|
|
|
#
|
|
# MediaWiki
|
|
#
|
|
|
|
env[:mediawiki_public_url] = node['mediawiki']['url']
|
|
|
|
#
|
|
# Nostr
|
|
#
|
|
|
|
env[:nostr_private_key] = credentials['nostr_private_key']
|
|
env[:nostr_public_key] = node['akkounts']['nostr']['public_key']
|
|
env[:nostr_relay_url] = node['akkounts']['nostr']['relay_url']
|
|
|
|
#
|
|
# remoteStorage / Liquor Cabinet
|
|
#
|
|
|
|
env[:rs_storage_url] = "https://#{node['liquor-cabinet']['domain']}"
|
|
|
|
rs_redis_host = search(:node, "role:redis_server").first["knife_zero"]["host"] rescue nil
|
|
rs_redis_port = node['liquor-cabinet']['redis_port']
|
|
rs_redis_db = node['liquor-cabinet']['redis_db']
|
|
if rs_redis_host
|
|
env[:rs_redis_url] = "redis://#{rs_redis_host}:#{rs_redis_port}/#{rs_redis_db}"
|
|
end
|
|
|
|
#
|
|
# S3
|
|
#
|
|
|
|
if node['akkounts']['s3_enabled']
|
|
env[:s3_enabled] = true
|
|
env[:s3_endpoint] = node['akkounts']['s3_endpoint']
|
|
env[:s3_region] = node['akkounts']['s3_region']
|
|
env[:s3_bucket] = node['akkounts']['s3_bucket']
|
|
env[:s3_alias_host] = node['akkounts']['s3_alias_host']
|
|
env[:s3_access_key] = credentials['s3_access_key']
|
|
env[:s3_secret_key] = credentials['s3_secret_key']
|
|
end
|
|
|
|
#
|
|
# Akkounts Deployment
|
|
#
|
|
|
|
systemd_unit "akkounts.service" do
|
|
content({
|
|
Unit: {
|
|
Description: "Kosmos Accounts",
|
|
Documentation: ["https://gitea.kosmos.org/kosmos/akkounts"],
|
|
Requires: "redis@6379.service",
|
|
After: "syslog.target network.target"
|
|
},
|
|
Service: {
|
|
Type: "simple",
|
|
User: deploy_user,
|
|
WorkingDirectory: deploy_path,
|
|
Environment: "RAILS_ENV=#{rails_env}",
|
|
ExecStart: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid",
|
|
ExecStop: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid stop",
|
|
ExecReload: "#{bundle_path} exec pumactl -F config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid phased-restart",
|
|
PIDFile: "#{deploy_path}/tmp/puma.pid",
|
|
TimeoutSec: "10",
|
|
Restart: "always",
|
|
},
|
|
Install: {
|
|
WantedBy: "multi-user.target"
|
|
}
|
|
})
|
|
verify false
|
|
triggers_reload true
|
|
action [:create, :enable]
|
|
end
|
|
|
|
systemd_unit "akkounts-sidekiq.service" do
|
|
content({
|
|
Unit: {
|
|
Description: "Kosmos Accounts async/background jobs",
|
|
Documentation: ["https://gitea.kosmos.org/kosmos/akkounts"],
|
|
Requires: "redis@6379.service",
|
|
After: "syslog.target network.target redis@6379.service"
|
|
},
|
|
Service: {
|
|
Type: "notify",
|
|
User: deploy_user,
|
|
WorkingDirectory: deploy_path,
|
|
Environment: "MALLOC_ARENA_MAX=2",
|
|
ExecStart: "#{bundle_path} exec sidekiq -C #{deploy_path}/config/sidekiq.yml -e #{rails_env}",
|
|
WatchdogSec: "10",
|
|
Restart: "on-failure",
|
|
RestartSec: "1",
|
|
StandardOutput: "syslog",
|
|
StandardError: "syslog",
|
|
SyslogIdentifier: "sidekiq"
|
|
},
|
|
Install: {
|
|
WantedBy: "multi-user.target"
|
|
}
|
|
})
|
|
verify false
|
|
triggers_reload true
|
|
action [:create, :enable]
|
|
end
|
|
|
|
deploy_env = {
|
|
"HOME" => deploy_path,
|
|
"PATH" => "#{ruby_path}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin",
|
|
"RAILS_ENV" => rails_env,
|
|
"NODE_ENV" => rails_env
|
|
}
|
|
|
|
git deploy_path do
|
|
repository node[app_name]["repo"]
|
|
revision node[app_name]["revision"]
|
|
user deploy_user
|
|
group deploy_group
|
|
# Restart services on deployments
|
|
notifies :run, "execute[restart #{app_name} services]", :delayed
|
|
end
|
|
|
|
execute "restart #{app_name} services" do
|
|
command "true"
|
|
action :nothing
|
|
notifies :restart, "service[#{app_name}]", :delayed
|
|
notifies :restart, "service[#{app_name}-sidekiq]", :delayed
|
|
end
|
|
|
|
file "#{deploy_path}/config/master.key" do
|
|
content credentials['rails_master_key']
|
|
mode '0400'
|
|
owner deploy_user
|
|
group deploy_group
|
|
notifies :run, "execute[restart #{app_name} services]", :delayed
|
|
end
|
|
|
|
template "#{deploy_path}/.env.#{rails_env}" do
|
|
source 'env.erb'
|
|
owner deploy_user
|
|
group deploy_group
|
|
mode 0600
|
|
sensitive true
|
|
variables config: env
|
|
notifies :run, "execute[restart #{app_name} services]", :delayed
|
|
end
|
|
|
|
execute "bundle install" do
|
|
environment deploy_env
|
|
user deploy_user
|
|
cwd deploy_path
|
|
command "bundle install --without development,test --deployment"
|
|
end
|
|
|
|
execute "yarn install" do
|
|
environment deploy_env
|
|
user deploy_user
|
|
cwd deploy_path
|
|
command "yarn install --pure-lockfile"
|
|
end
|
|
|
|
execute 'rake db:migrate' do
|
|
environment deploy_env
|
|
user deploy_user
|
|
group deploy_group
|
|
cwd deploy_path
|
|
command "bundle exec rake db:migrate"
|
|
end
|
|
|
|
execute 'rake assets:precompile' do
|
|
environment deploy_env
|
|
user deploy_user
|
|
group deploy_group
|
|
cwd deploy_path
|
|
command "bundle exec rake assets:precompile"
|
|
end
|
|
|
|
service "akkounts" do
|
|
action [:enable, :start]
|
|
end
|
|
|
|
service "akkounts-sidekiq" do
|
|
action [:enable, :start]
|
|
end
|
|
|
|
firewall_rule "akkounts_zerotier" do
|
|
command :allow
|
|
port node["akkounts"]["port"]
|
|
protocol :tcp
|
|
source "10.1.1.0/24"
|
|
end
|