Greg greg

1 Followers · 0 Following

• Joined on 2018-11-05
• • 

Repositories Projects Packages Public Activity Starred Repositories

1

greg pushed to bugfix/postgres_issues at kosmos/chef 2020-06-08 16:23:28 +00:00

94ffd8010a Use the attribute from the encfs recipe for the data directory

greg commented on pull request kosmos/chef#166 2020-06-08 13:38:00 +00:00

Encrypt PostgreSQL data directory

postgresql is a dummy service, it only runs /bin/true. The service to disable is the content of the postgresql_service variable (postgresql@12-main), so this can be moved above

greg commented on issue kosmos/chef#175 2020-06-08 06:43:29 +00:00

Replace andromeda.kosmos.org

Moving everything bit by bit to a new server sounds good.

Regarding the name of the new server, personally I would go with Draco as it the simplest name but the other names are alright too

greg commented on pull request kosmos/chef#166 2020-06-04 17:57:14 +00:00

Encrypt PostgreSQL data directory

I have pushed a proof of concept that creates a /var/lib/local/encrypted_data encfs dir and mounts it to /mnt/data. This is done using a Systemd unit that prompts for the encryption password, and then starts the Postgresql unit. See the last commit

greg pushed to feature/pg_encfs at kosmos/chef 2020-06-04 17:55:47 +00:00

1e60722ec4 Create an initial encfs cookbook

eded62a3ec Merge branch 'master' into feature/pg_encfs

27845525da Use the same JWT_SECRET as on our previous Gitea

c8e50fd226 Install git, it is a required dependency for Gitea

2d6c514257 Add the gitea role

Compare 22 commits »

greg commented on pull request kosmos/chef#166 2020-06-04 14:32:05 +00:00

Encrypt PostgreSQL data directory

I took another look at this issue, I'm starting to think a full disk encryption setup would make more sense instead of encFS directories, something similar to https://github.com/TheReal1604/disk-encryption-hetzner/blob/master/ubuntu/ubuntu_swraid_lvm_luks.md

greg closed issue kosmos/chef#173 2020-06-02 15:58:18 +00:00

Remove all GKE resources

greg commented on issue kosmos/chef#173 2020-06-02 15:58:13 +00:00

Remove all GKE resources

Done, deleted the GKE resources, as well as the VM instances, volumes and snapshots. The billing page is showing a €2.37 bill for June for now, that should be the last charge

I also took a look at https://gitea.kosmos.org/kosmos/gitea.kosmos.org, I think we can delete the entire repo, it is all specific to the instance we were running on GKE

greg deleted branch bugfix/147-gitea_fixes from kosmos/chef 2020-06-02 14:24:17 +00:00

greg merged pull request kosmos/chef#174 2020-06-02 14:24:12 +00:00

Gitea fixes

greg pushed to master at kosmos/chef 2020-06-02 14:24:12 +00:00

db4792e836 Merge pull request 'Gitea fixes' (#174) from bugfix/147-gitea_fixes into master

ccd49aefa4 Add Gitea to the run lists for Andromeda and Centaurus

759fa52e03 Enable the certbot resource

0f10723c81 Enable secure cookies

55865c526c Add the Let's Encrypt hook dir to the config

Compare 9 commits »

greg created pull request kosmos/chef#174 2020-06-02 14:22:19 +00:00

Gitea fixes

greg pushed to bugfix/147-gitea_fixes at kosmos/chef 2020-06-02 14:20:10 +00:00

ccd49aefa4 Add Gitea to the run lists for Andromeda and Centaurus

759fa52e03 Enable the certbot resource

0f10723c81 Enable secure cookies

55865c526c Add the Let's Encrypt hook dir to the config

0c502580c2 Fix the condition for the Let's Encrypt cert in the template

greg deleted branch feature/147-gitea_cookbook from kosmos/chef 2020-06-02 09:17:02 +00:00

greg merged pull request kosmos/chef#168 2020-06-02 09:16:44 +00:00

Initial kosmos_gitea cookbook

greg merged pull request kosmos/chef#168 2020-06-02 09:16:43 +00:00

Initial kosmos_gitea cookbook

greg pushed to master at kosmos/chef 2020-06-02 09:16:43 +00:00

8342298c89 Merge branch 'feature/147-gitea_cookbook' of kosmos/chef into master

94330f2052 Comment out the COOKIE_SECURE config for now

baaae695af Merge branch 'master' into feature/147-gitea_cookbook

baa0739936 Add the backup recipe

3332a1b2e8 Write initial README

Compare 8 commits »

greg commented on pull request kosmos/chef#168 2020-06-02 08:47:35 +00:00

Initial kosmos_gitea cookbook

@raucao ^

greg commented on pull request kosmos/chef#168 2020-05-29 14:07:31 +00:00

Initial kosmos_gitea cookbook

I copied your question to #147 and answered it there. Is this PR good to merge?

greg commented on issue kosmos/chef#147 2020-05-29 13:40:25 +00:00

Prepare Gitea migration (from GKE to Kosmos server)

Copied this question from the PR:

As we're importing a database dump, the /home/git/.ssh/authorized_keys file on centaurus will be empty at first, this admin task generates the content of the file with users’ public key. It is then managed by Gitea, so new keys are automatically added, deleted keys deleted, etc

Yes, that's obvious from the original post. But what is this task? It is just English text in your post, but is it a script somewhere? How is it run?

Originally this was a maintenance task executed from the Gitea admin dashboard, so a link on https://gitea.kosmos.org/admin

I have found a better way, this is also available as a script, I have added the line to the checklist above:

$ sudo su - git -c "/usr/local/bin/gitea admin regenerate keys --config /etc/gitea/app.ini"