59 lines
		
	
	
		
			1.6 KiB
		
	
	
	
		
			Ruby
		
	
	
	
	
	
			
		
		
	
	
			59 lines
		
	
	
		
			1.6 KiB
		
	
	
	
		
			Ruby
		
	
	
	
	
	
| #
 | |
| # Cookbook Name:: kosmos-mastodon
 | |
| # Recipe:: nginx
 | |
| #
 | |
| 
 | |
| mastodon_path = node["kosmos-mastodon"]["directory"]
 | |
| server_name   = node["kosmos-mastodon"]["server_name"]
 | |
| 
 | |
| node.override['nginx']['server_names_hash_bucket_size'] = 128
 | |
| include_recipe "kosmos-nginx"
 | |
| 
 | |
| directory "#{node['nginx']['dir']}/snippets" do
 | |
|   action :create
 | |
|   owner 'www-data'
 | |
|   mode 0640
 | |
| end
 | |
| 
 | |
| template "#{node['nginx']['dir']}/snippets/mastodon.conf" do
 | |
|   source 'nginx_conf_shared.erb'
 | |
|   owner 'www-data'
 | |
|   mode 0640
 | |
|   variables streaming_port: node["kosmos-mastodon"]["streaming_port"],
 | |
|             puma_port:      node["kosmos-mastodon"]["puma_port"],
 | |
|             mastodon_path:  mastodon_path
 | |
|   notifies :reload, 'service[nginx]', :delayed
 | |
| end
 | |
| 
 | |
| onion_address = File.read("/var/lib/tor/mastodon/hostname").strip rescue nil
 | |
| 
 | |
| template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
 | |
|   source 'nginx_conf_mastodon.erb'
 | |
|   owner 'www-data'
 | |
|   mode 0640
 | |
|   variables server_name:         server_name,
 | |
|             ssl_cert:            "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
 | |
|             ssl_key:             "/etc/letsencrypt/live/#{server_name}/privkey.pem",
 | |
|             shared_config_path:  "#{node['nginx']['dir']}/snippets/mastodon.conf",
 | |
|             onion_address:       onion_address
 | |
|   notifies :reload, 'service[nginx]', :delayed
 | |
| end
 | |
| 
 | |
| # Legacy vhost
 | |
| nginx_site "mastodon" do
 | |
|   action :disable
 | |
| end
 | |
| 
 | |
| nginx_site server_name do
 | |
|   action :enable
 | |
| end
 | |
| 
 | |
| nginx_certbot_site server_name
 | |
| 
 | |
| #
 | |
| # Tor hidden service
 | |
| #
 | |
| # The attributes for the hidden service are set in attributes/default.rb, due
 | |
| # to the way the tor-full cookbook builds the path to the hidden service dir
 | |
| include_recipe "tor-full"
 |