chef/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb

#
# Cookbook Name:: kosmos-hubot
# Recipe:: hal8000_xmpp
#

app_name  = "hal8000_xmpp"
app_path  = "/opt/#{app_name}"
app_user  = "hubot"
app_group = "hubot"

build_essential app_name do
  compile_time true
end

include_recipe 'redisio::default'
include_recipe 'redisio::enable'
include_recipe "kosmos-nodejs"
include_recipe "kosmos-hubot::_user"

# Needed for hubot-kredits
include_recipe "kosmos-ipfs"

unless node.chef_environment == "development"
  include_recipe 'firewall'
  firewall_rule 'ipfs_swarm_p2p' do
    port     4001
    protocol :tcp
    command  :allow
  end
end

application app_path do
  data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)

  owner app_user
  group app_group

  git do
    user       app_user
    group      app_group
    repository "https://gitea.kosmos.org/kosmos/hal8000.git"
    revision   "master"
  end

  file "#{app_path}/external-scripts.json" do
    mode  "0640"
    owner app_user
    group app_group
    content node[app_name]['hubot_scripts'].to_json
  end

  npm_install do
    user app_user
  end

  file "#{app_path}/node_modules/hubot-kredits/.env" do
    mode "0600"
    owner app_user
    group app_group
    content <<-EOF
GITEA_TOKEN=#{data_bag['gitea_token']}
GITHUB_TOKEN=#{data_bag['github_token']}
KREDITS_PROVIDER_URL=#{node[app_name]['kredits']['provider_url']}
IPFS_API_HOST=#{node[app_name]['kredits']['ipfs_host']}
IPFS_API_PORT=#{node[app_name]['kredits']['ipfs_port']}
IPFS_API_PROTOCOL=#{node[app_name]['kredits']['ipfs_protocol']}
KREDITS_WALLET_PATH=../../#{node[app_name]['kredits']['wallet_path']}
KREDITS_WALLET_PASSWORD=#{data_bag['kredits_wallet_password']}
    EOF
  end

  execute "systemctl daemon-reload" do
    command "systemctl daemon-reload"
    action :nothing
  end

  template "/lib/systemd/system/#{app_name}.service" do
    source 'nodejs.systemd.service.erb'
    owner 'root'
    group 'root'
    mode '0644'
    variables(
      user: app_user,
      group: app_user,
      app_dir: app_path,
      entry: "#{app_path}/bin/hubot -a xmpp --name hal8000",
      environment: {
        "HUBOT_LOG_LEVEL"                => node.chef_environment == "development" ? "debug" : "info",
        "HUBOT_XMPP_USERNAME"            => "hal8000@kosmos.org/hubot",
        "HUBOT_XMPP_PASSWORD"            => data_bag['xmpp_password'],
        "HUBOT_XMPP_HOST"                => "xmpp.kosmos.org",
        "HUBOT_XMPP_ROOMS"               => node[app_name]['rooms'].join(','),
        "HUBOT_AUTH_ADMIN"               => node[app_name]['auth_admins'].join(','),
        "HUBOT_RSS_PRINTSUMMARY"         => "false",
        "HUBOT_RSS_PRINTERROR"           => "false",
        "HUBOT_RSS_IRCCOLORS"            => "true",
        "HUBOT_PLUSPLUS_POINTS_TERM"     => "karma,karma",
        "HUBOT_RSS_HEADER"               => "Update:",
        "HUBOT_HELP_REPLY_IN_PRIVATE"    => "true",
        "REDIS_URL"                      => "redis://localhost:6379/#{app_name}",
        "EXPRESS_PORT"                   => node[app_name]['http_port'],
        "WEBHOOK_TOKEN"                  => data_bag['webhook_token'],
        "IPFS_API_HOST"                  => node[app_name]['kredits']['ipfs_host'],
        "IPFS_API_PORT"                  => node[app_name]['kredits']['ipfs_port'],
        "IPFS_API_PROTOCOL"              => node[app_name]['kredits']['ipfs_protocol'],
        "KREDITS_WEB_URL"                => node[app_name]['kredits']['web_url'],
        "KREDITS_ROOM"                   => node[app_name]['kredits']['room'],
        "KREDITS_WEBHOOK_TOKEN"          => data_bag['kredits_webhook_token'],
        "KREDITS_PROVIDER_URL"           => node[app_name]['kredits']['provider_url'],
        "KREDITS_NETWORK_ID"             => node[app_name]['kredits']['network_id'],
        "KREDITS_WALLET_PATH"            => node[app_name]['kredits']['wallet_path'],
        "KREDITS_WALLET_PASSWORD"        => data_bag['kredits_wallet_password'],
        "KREDITS_MEDIAWIKI_URL"          => node[app_name]['kredits']['mediawiki_url'],
        "KREDITS_GITHUB_REPO_BLACKLIST"  => node[app_name]['kredits']['github_repo_blacklist'],
        "KREDITS_GITEA_REPO_BLACKLIST"   => node[app_name]['kredits']['gitea_repo_blacklist'],
        "KREDITS_GRANT_HOST"             => node[app_name]['domain'],
        "KREDITS_GRANT_PROTOCOL"         => "https",
        "KREDITS_SESSION_SECRET"         => data_bag['kredits_session_secret'],
        "KREDITS_GITHUB_KEY"             => data_bag['kredits_github_key'],
        "KREDITS_GITHUB_SECRET"          => data_bag['kredits_github_secret'],
        "KREDITS_ZOOM_JWT"               => data_bag['kredits_zoom_jwt'],
        "KREDITS_ZOOM_MEETING_WHITELIST" => "414901303,82557072771"
      }
    )
    notifies :run, "execute[systemctl daemon-reload]", :delayed
    notifies :restart, "service[#{app_name}]", :delayed
  end

  cookbook_file "#{app_path}/wallet.json" do
    source "wallet.json"
  end

  service app_name do
    action [:enable, :start]
  end
end

#
# Nginx reverse proxy
#
unless node.chef_environment == "development"
  include_recipe "kosmos-base::letsencrypt"
  include_recipe "kosmos-nginx"

  template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
    source 'nginx_conf_hubot.erb'
    owner node["nginx"]["user"]
    mode 0640
    variables express_port: node[app_name]['http_port'],
              server_name:  node[app_name]['domain'],
              ssl_cert:     "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
              ssl_key:      "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
    notifies :reload, 'service[nginx]', :delayed
  end

  nginx_site node[app_name]['domain'] do
    action :enable
  end

  nginx_certbot_site node[app_name]['domain']
end