Greg greg
  • Joined on 2018-11-05
greg commented on pull request kosmos/chef#181 2020-06-11 14:27:11 +00:00
Add PostgreSQL primary support to the kosmos-ejabberd cookbook

Replication is a special right, this is defined here for replicas:

postgresql_access "#{replica[:hostname]} replication" do
access_type "host"
access_db "replication"
access_user "replication"
access_addr "#{replica[:ipaddress]}/32"
access_method "md5"
notifies :reload, "service[#{postgresql_service}]", :immediately
end
.

A server connecting to the PostgreSQL primary as a client is not necessarily a replica, but as you said it could be done for all databases at once. I had the idea of definining each database as we need a recipe anyway to create the postgreSQL user and database for each service. Allowing access to all databases for a server could be done as part of the primary recipe, however it means the list of all services that use PostgreSQL would live there instead of the recipe for the service. I'm not opposed to doing that, I just thought doing it per database was clearer.

greg pushed to feature/180-ejabberd_pg_primary at kosmos/chef 2020-06-11 07:01:25 +00:00
26097a7584 Use the correct database name for the access rights
greg created pull request kosmos/chef#181 2020-06-10 16:45:44 +00:00
Add PostgreSQL primary support to the kosmos-ejabberd cookbook
greg pushed to feature/180-ejabberd_pg_primary at kosmos/chef 2020-06-10 16:44:18 +00:00
1a6ce44758 Create a minimalist ejabberd role for development
2c21d6255b Add PostgreSQL primary support to the kosmos-ejabberd cookbook
091a46e972 Do not pass the pgsql_password variable to ejabberd.yml
greg opened issue kosmos/chef#180 2020-06-10 16:36:05 +00:00
Add PostgreSQL primary server support to the ejabberd cookbook
greg created pull request kosmos/chef#179 2020-06-10 12:44:50 +00:00
Fix PostgreSQL issues with encrypted data directory
greg pushed to bugfix/postgres_issues at kosmos/chef 2020-06-10 12:42:15 +00:00
a0db6adaf2 Pass the data_directory to the postgresql_server_conf resource
e3e726097f Do not enable the postgresql@12-main service
dba6629869 Use the attribute from the encfs recipe for the data directory
229e9cfbd2 Add the kosmos_encfs recipe to centaurus
ef74b28261 Pass the data_directory to the postgresql_server_conf resource
Compare 8 commits »
greg pushed to bugfix/postgres_issues at kosmos/chef 2020-06-08 16:40:39 +00:00
ef74b28261 Pass the data_directory to the postgresql_server_conf resource
9e2b131d99 Do not enable the postgresql@12-main service
Compare 2 commits »
greg pushed to bugfix/postgres_issues at kosmos/chef 2020-06-08 16:23:28 +00:00
94ffd8010a Use the attribute from the encfs recipe for the data directory
greg commented on pull request kosmos/chef#166 2020-06-08 13:38:00 +00:00
Encrypt PostgreSQL data directory

postgresql is a dummy service, it only runs /bin/true. The service to disable is the content of the postgresql_service variable (postgresql@12-main), so this can be moved above

greg commented on issue kosmos/chef#175 2020-06-08 06:43:29 +00:00
Replace andromeda.kosmos.org

Moving everything bit by bit to a new server sounds good.

Regarding the name of the new server, personally I would go with Draco as it the simplest name but the other names are alright too

greg commented on pull request kosmos/chef#166 2020-06-04 17:57:14 +00:00
Encrypt PostgreSQL data directory

I have pushed a proof of concept that creates a /var/lib/local/encrypted_data encfs dir and mounts it to /mnt/data. This is done using a Systemd unit that prompts for the encryption password, and then starts the Postgresql unit. See the last commit

greg pushed to feature/pg_encfs at kosmos/chef 2020-06-04 17:55:47 +00:00
1e60722ec4 Create an initial encfs cookbook
eded62a3ec Merge branch 'master' into feature/pg_encfs
27845525da Use the same JWT_SECRET as on our previous Gitea
c8e50fd226 Install git, it is a required dependency for Gitea
2d6c514257 Add the gitea role
Compare 22 commits »
greg commented on pull request kosmos/chef#166 2020-06-04 14:32:05 +00:00
Encrypt PostgreSQL data directory

I took another look at this issue, I'm starting to think a full disk encryption setup would make more sense instead of encFS directories, something similar to https://github.com/TheReal1604/disk-encryption-hetzner/blob/master/ubuntu/ubuntu_swraid_lvm_luks.md

greg closed issue kosmos/chef#173 2020-06-02 15:58:18 +00:00
Remove all GKE resources
greg commented on issue kosmos/chef#173 2020-06-02 15:58:13 +00:00
Remove all GKE resources

Done, deleted the GKE resources, as well as the VM instances, volumes and snapshots. The billing page is showing a €2.37 bill for June for now, that should be the last charge

I also took a look at https://gitea.kosmos.org/kosmos/gitea.kosmos.org, I think we can delete the entire repo, it is all specific to the instance we were running on GKE

greg deleted branch bugfix/147-gitea_fixes from kosmos/chef 2020-06-02 14:24:17 +00:00
greg pushed to master at kosmos/chef 2020-06-02 14:24:12 +00:00
db4792e836 Merge pull request 'Gitea fixes' (#174) from bugfix/147-gitea_fixes into master
ccd49aefa4 Add Gitea to the run lists for Andromeda and Centaurus
759fa52e03 Enable the certbot resource
0f10723c81 Enable secure cookies
55865c526c Add the Let's Encrypt hook dir to the config
Compare 9 commits »
greg merged pull request kosmos/chef#174 2020-06-02 14:24:12 +00:00
Gitea fixes
greg created pull request kosmos/chef#174 2020-06-02 14:22:19 +00:00
Gitea fixes