From 348a8a9fadfa663b6b03049b25c48dfce2a2b676 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arturo=20Filast=C3=B2?= <arturo@filasto.net>
Date: Tue, 17 Sep 2024 15:16:39 -0400
Subject: [PATCH] Fix cloud-init setup of ooni_backendproxy

* Drop unattended upgrades from config since it comes with the base
  image
---
 .../templates/cloud-init.yml                  | 29 ++++++++++---------
 .../ooni_th_droplet/templates/cloud-init.yml  | 14 ---------
 2 files changed, 15 insertions(+), 28 deletions(-)

diff --git a/tf/modules/ooni_backendproxy/templates/cloud-init.yml b/tf/modules/ooni_backendproxy/templates/cloud-init.yml
index ca292a8..4966322 100644
--- a/tf/modules/ooni_backendproxy/templates/cloud-init.yml
+++ b/tf/modules/ooni_backendproxy/templates/cloud-init.yml
@@ -2,42 +2,43 @@ package_update: true
 
 packages:
   - nginx
+  - libnginx-mod-stream
 
 write_files:
   - path: /etc/nginx/sites-available/default
     content: |
-      %{ if length(wcth_addresses) > 0 }
-      upstream wcths {
-        %{ for address in wcth_addresses }
-        server ${ address };
-        %{ endfor }
-      }
       server {
-        server_name *.${ wcth_domain_suffix };
         listen 80;
 
+        server_name _;
+
         location / {
-          proxy_pass http://wcths;
+          proxy_pass ${backend_url};
           proxy_http_version 1.1;
           proxy_set_header Host \$host;
         }
+        error_log /var/log/nginx/error.log;
       }
-      %{ endif }
 
+      %{ if length(wcth_addresses) > 0 }
+      upstream wcths {
+        %{ for address in wcth_addresses }
+        server ${ address };
+        %{ endfor }
+      }
       server {
+        server_name *.${ wcth_domain_suffix };
         listen 80;
 
-        server_name _;
-
         location / {
-          proxy_pass ${backend_url};
+          proxy_pass http://wcths;
           proxy_http_version 1.1;
           proxy_set_header Host \$host;
         }
-        error_log /var/log/nginx/error.log;
       }
+      %{ endif }
 
-  - path: /etc/nginx/modules-enabled/stream.conf
+  - path: /etc/nginx/modules-enabled/99-stream.conf
     content: |
       stream {
         upstream clickhouse_backend {
diff --git a/tf/modules/ooni_th_droplet/templates/cloud-init.yml b/tf/modules/ooni_th_droplet/templates/cloud-init.yml
index 1726e30..111502e 100644
--- a/tf/modules/ooni_th_droplet/templates/cloud-init.yml
+++ b/tf/modules/ooni_th_droplet/templates/cloud-init.yml
@@ -21,22 +21,8 @@ package_update: true
 packages:
   - oohelperd
   - nginx
-  #- unattended-upgrades
 
 write_files:
-  # - path: /etc/apt/apt.conf.d/20auto-upgrades
-  #   content: |
-  #     APT::Periodic::Update-Package-Lists "1";
-  #     APT::Periodic::Unattended-Upgrade "1";
-
-  # - path: /etc/apt/apt.conf.d/50unattended-upgrades
-  #   content: |
-  #     Unattended-Upgrade::Allowed-Origins {
-  #       //"${distro_id} stable";
-  #       "${distro_id} ${distro_codename}-security";
-  #       "${distro_id} ${distro_codename}-updates";
-  #     };
-
   - path: /etc/nginx/sites-available/default
     content: |
       proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=thcache:100M