From 2228abd12a3c02ed64d91e4d568c62c53775c67b Mon Sep 17 00:00:00 2001
From: Kazuhiro MUSASHI <simoom634@yahoo.co.jp>
Date: Sun, 1 Nov 2020 14:50:37 +0900
Subject: [PATCH] Set up `go-mmproxy`.

---
 .../etc/consul.d/service-go-mmproxy.json      | 12 ++++++
 .../etc/systemd/system/go-mmproxy.service     | 17 ++++++++
 cookbooks/gitea/setup-go-mmproxy.rb           | 39 +++++++++++++++++++
 3 files changed, 68 insertions(+)
 create mode 100644 cookbooks/gitea/files/etc/consul.d/service-go-mmproxy.json
 create mode 100644 cookbooks/gitea/files/etc/systemd/system/go-mmproxy.service
 create mode 100644 cookbooks/gitea/setup-go-mmproxy.rb

diff --git a/cookbooks/gitea/files/etc/consul.d/service-go-mmproxy.json b/cookbooks/gitea/files/etc/consul.d/service-go-mmproxy.json
new file mode 100644
index 0000000..f45b065
--- /dev/null
+++ b/cookbooks/gitea/files/etc/consul.d/service-go-mmproxy.json
@@ -0,0 +1,12 @@
+{
+  "service": {
+    "name": "go-mmproxy",
+    "port": 50021,
+    "check":{
+      "tcp": "localhost:50021",
+      "interval": "60s",
+      "timeout": "1s",
+      "success_before_passing": 3
+    }
+  }
+}
diff --git a/cookbooks/gitea/files/etc/systemd/system/go-mmproxy.service b/cookbooks/gitea/files/etc/systemd/system/go-mmproxy.service
new file mode 100644
index 0000000..cc14caf
--- /dev/null
+++ b/cookbooks/gitea/files/etc/systemd/system/go-mmproxy.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=go-mmproxy
+After=network.target
+
+[Service]
+Type=simple
+LimitNOFILE=65535
+ExecStartPost=/sbin/ip rule add from 127.0.0.1/8 iif lo table 123
+ExecStartPost=/sbin/ip route add local 0.0.0.0/0 dev lo table 123
+ExecStart=/usr/local/bin/go-mmproxy -l 0.0.0.0:50021 -4 127.0.0.1:10022 -v 2
+ExecStopPost=/sbin/ip rule del from 127.0.0.1/8 iif lo table 123
+ExecStopPost=/sbin/ip route del local 0.0.0.0/0 dev lo table 123
+Restart=on-failure
+RestartSec=10s
+
+[Install]
+WantedBy=multi-user.target
diff --git a/cookbooks/gitea/setup-go-mmproxy.rb b/cookbooks/gitea/setup-go-mmproxy.rb
new file mode 100644
index 0000000..f1c81e9
--- /dev/null
+++ b/cookbooks/gitea/setup-go-mmproxy.rb
@@ -0,0 +1,39 @@
+# Deploy `supervisord` config`:
+remote_file '/etc/systemd/system/go-mmproxy.service' do
+  owner  'root'
+  group  'root'
+  mode   '644'
+
+  notifies :restart, 'service[go-mmproxy]'
+end
+
+service 'go-mmproxy' do
+  action [ :enable, :restart ]
+end
+
+# Depoy `consul` service configuration for `gitea`:
+remote_file '/etc/consul.d/service-go-mmproxy.json' do
+  owner  'root'
+  group  'root'
+  mode   '644'
+
+  notifies :restart, 'service[supervisor]'
+end
+
+# Firewall settings here:
+%w( 50021/tcp ).each do |p|
+  execute "ufw allow #{p}" do
+    user 'root'
+
+    not_if "LANG=c ufw status | grep #{p}"
+
+    notifies :run, 'execute[ufw reload-or-enable]'
+  end
+end
+
+execute 'ufw reload-or-enable' do
+  user 'root'
+  command 'LANG=C ufw reload | grep skipping && ufw --force enable || exit 0'
+
+  action :nothing
+end