162 lines
5.6 KiB
Ruby
162 lines
5.6 KiB
Ruby
#
|
|
# Cookbook Name:: kosmos-hubot
|
|
# Recipe:: hal8000_xmpp
|
|
#
|
|
|
|
app_name = "hal8000_xmpp"
|
|
app_path = "/opt/#{app_name}"
|
|
app_user = "hubot"
|
|
app_group = "hubot"
|
|
|
|
build_essential app_name do
|
|
compile_time true
|
|
end
|
|
|
|
include_recipe 'redisio::default'
|
|
include_recipe 'redisio::enable'
|
|
include_recipe "kosmos-nodejs"
|
|
include_recipe "kosmos-hubot::_user"
|
|
|
|
# Needed for hubot-kredits
|
|
include_recipe "kosmos-ipfs"
|
|
|
|
unless node.chef_environment == "development"
|
|
include_recipe 'firewall'
|
|
firewall_rule 'ipfs_swarm_p2p' do
|
|
port 4001
|
|
protocol :tcp
|
|
command :allow
|
|
end
|
|
end
|
|
|
|
application app_path do
|
|
data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
|
|
|
|
owner app_user
|
|
group app_group
|
|
|
|
git do
|
|
user app_user
|
|
group app_group
|
|
repository "https://gitea.kosmos.org/kosmos/hal8000.git"
|
|
revision "master"
|
|
end
|
|
|
|
file "#{app_path}/external-scripts.json" do
|
|
mode "0640"
|
|
owner app_user
|
|
group app_group
|
|
content node[app_name]['hubot_scripts'].to_json
|
|
end
|
|
|
|
npm_install do
|
|
user app_user
|
|
end
|
|
|
|
file "#{app_path}/node_modules/hubot-kredits/.env" do
|
|
mode "0600"
|
|
owner app_user
|
|
group app_group
|
|
content <<-EOF
|
|
GITEA_TOKEN=#{data_bag['gitea_token']}
|
|
GITHUB_TOKEN=#{data_bag['github_token']}
|
|
KREDITS_PROVIDER_URL=#{node[app_name]['kredits']['provider_url']}
|
|
IPFS_API_HOST=#{node[app_name]['kredits']['ipfs_host']}
|
|
IPFS_API_PORT=#{node[app_name]['kredits']['ipfs_port']}
|
|
IPFS_API_PROTOCOL=#{node[app_name]['kredits']['ipfs_protocol']}
|
|
KREDITS_WALLET_PATH=../../#{node[app_name]['kredits']['wallet_path']}
|
|
KREDITS_WALLET_PASSWORD=#{data_bag['kredits_wallet_password']}
|
|
EOF
|
|
end
|
|
|
|
execute "systemctl daemon-reload" do
|
|
command "systemctl daemon-reload"
|
|
action :nothing
|
|
end
|
|
|
|
template "/lib/systemd/system/#{app_name}.service" do
|
|
source 'nodejs.systemd.service.erb'
|
|
owner 'root'
|
|
group 'root'
|
|
mode '0644'
|
|
variables(
|
|
user: app_user,
|
|
group: app_user,
|
|
app_dir: app_path,
|
|
entry: "#{app_path}/bin/hubot -a xmpp --name hal8000",
|
|
environment: {
|
|
"HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info",
|
|
"HUBOT_XMPP_USERNAME" => "hal8000@kosmos.org/hubot",
|
|
"HUBOT_XMPP_PASSWORD" => data_bag['xmpp_password'],
|
|
"HUBOT_XMPP_HOST" => "xmpp.kosmos.org",
|
|
"HUBOT_XMPP_ROOMS" => node[app_name]['rooms'].join(','),
|
|
"HUBOT_AUTH_ADMIN" => node[app_name]['auth_admins'].join(','),
|
|
"HUBOT_RSS_PRINTSUMMARY" => "false",
|
|
"HUBOT_RSS_PRINTERROR" => "false",
|
|
"HUBOT_RSS_IRCCOLORS" => "true",
|
|
"HUBOT_PLUSPLUS_POINTS_TERM" => "karma,karma",
|
|
"HUBOT_RSS_HEADER" => "Update:",
|
|
"HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
|
|
"REDIS_URL" => "redis://localhost:6379/#{app_name}",
|
|
"EXPRESS_PORT" => node[app_name]['http_port'],
|
|
"WEBHOOK_TOKEN" => data_bag['webhook_token'],
|
|
"IPFS_API_HOST" => node[app_name]['kredits']['ipfs_host'],
|
|
"IPFS_API_PORT" => node[app_name]['kredits']['ipfs_port'],
|
|
"IPFS_API_PROTOCOL" => node[app_name]['kredits']['ipfs_protocol'],
|
|
"KREDITS_WEB_URL" => node[app_name]['kredits']['web_url'],
|
|
"KREDITS_ROOM" => node[app_name]['kredits']['room'],
|
|
"KREDITS_WEBHOOK_TOKEN" => data_bag['kredits_webhook_token'],
|
|
"KREDITS_PROVIDER_URL" => node[app_name]['kredits']['provider_url'],
|
|
"KREDITS_NETWORK_ID" => node[app_name]['kredits']['network_id'],
|
|
"KREDITS_WALLET_PATH" => node[app_name]['kredits']['wallet_path'],
|
|
"KREDITS_WALLET_PASSWORD" => data_bag['kredits_wallet_password'],
|
|
"KREDITS_MEDIAWIKI_URL" => node[app_name]['kredits']['mediawiki_url'],
|
|
"KREDITS_GITHUB_REPO_BLACKLIST" => node[app_name]['kredits']['github_repo_blacklist'],
|
|
"KREDITS_GITEA_REPO_BLACKLIST" => node[app_name]['kredits']['gitea_repo_blacklist'],
|
|
"KREDITS_GRANT_HOST" => node[app_name]['domain'],
|
|
"KREDITS_GRANT_PROTOCOL" => "https",
|
|
"KREDITS_SESSION_SECRET" => data_bag['kredits_session_secret'],
|
|
"KREDITS_GITHUB_KEY" => data_bag['kredits_github_key'],
|
|
"KREDITS_GITHUB_SECRET" => data_bag['kredits_github_secret'],
|
|
"KREDITS_ZOOM_JWT" => data_bag['kredits_zoom_jwt'],
|
|
"KREDITS_ZOOM_MEETING_WHITELIST" => "414901303,82557072771"
|
|
}
|
|
)
|
|
notifies :run, "execute[systemctl daemon-reload]", :delayed
|
|
notifies :restart, "service[#{app_name}]", :delayed
|
|
end
|
|
|
|
cookbook_file "#{app_path}/wallet.json" do
|
|
source "wallet.json"
|
|
end
|
|
|
|
service app_name do
|
|
action [:enable, :start]
|
|
end
|
|
end
|
|
|
|
#
|
|
# Nginx reverse proxy
|
|
#
|
|
unless node.chef_environment == "development"
|
|
include_recipe "kosmos-base::letsencrypt"
|
|
include_recipe "kosmos-nginx"
|
|
|
|
template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
|
|
source 'nginx_conf_hubot.erb'
|
|
owner node["nginx"]["user"]
|
|
mode 0640
|
|
variables express_port: node[app_name]['http_port'],
|
|
server_name: node[app_name]['domain'],
|
|
ssl_cert: "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
|
|
ssl_key: "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
|
|
notifies :reload, 'service[nginx]', :delayed
|
|
end
|
|
|
|
nginx_site node[app_name]['domain'] do
|
|
action :enable
|
|
end
|
|
|
|
nginx_certbot_site node[app_name]['domain']
|
|
end
|