Split up kosmos config from the ipfs cookbook

Also do not connect IPFS to the local network to avoid getting our server blocked by Hetzner
2017-03-03 15:30:30 +01:00 · 2017-03-03 15:30:30 +01:00 · 08e778eb96
parent 88700f89c7
commit 08e778eb96
7 changed files with 85 additions and 17 deletions
--- a/site-cookbooks/ipfs/CHANGELOG.md
+++ b/site-cookbooks/ipfs/CHANGELOG.md
@ -3,9 +3,4 @@
 This file is used to list changes made in each version of the ipfs cookbook.

 ## 0.1.0
- [your_name] - Initial release of ipfs
-
- - -
-Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown.
-
-The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown.
+- [gregkare] - Initial release of ipfs
--- a/site-cookbooks/ipfs/attributes/default.rb
+++ b/site-cookbooks/ipfs/attributes/default.rb
@ -1,2 +1,21 @@
 node.default['ipfs']['version'] = "0.4.5"
 node.default['ipfs']['checksum'] = "2d3b937596eeea98230adf9f60b2f55fdb8701a0ad50936185fe8855ba96fd46"
+# Do not contact local network addresses. This will stop platforms like Hetzner
+# to block your server (https://github.com/ipfs/go-ipfs/issues/1226)
+node.default['ipfs']['config']['swarm']['addr_filter'] = [
+  "/ip4/10.0.0.0/ipcidr/8",
+  "/ip4/100.64.0.0/ipcidr/10",
+  "/ip4/169.254.0.0/ipcidr/16",
+  "/ip4/172.16.0.0/ipcidr/12",
+  "/ip4/192.0.0.0/ipcidr/24",
+  "/ip4/192.0.0.0/ipcidr/29",
+  "/ip4/192.0.0.8/ipcidr/32",
+  "/ip4/192.0.0.170/ipcidr/32",
+  "/ip4/192.0.0.171/ipcidr/32",
+  "/ip4/192.0.2.0/ipcidr/24",
+  "/ip4/192.168.0.0/ipcidr/16",
+  "/ip4/198.18.0.0/ipcidr/15",
+  "/ip4/198.51.100.0/ipcidr/24",
+  "/ip4/203.0.113.0/ipcidr/24",
+  "/ip4/240.0.0.0/ipcidr/4"
+]
--- a/site-cookbooks/ipfs/recipes/default.rb
+++ b/site-cookbooks/ipfs/recipes/default.rb
@ -70,20 +70,20 @@ else
    provider Chef::Provider::Service::Systemd
    action [:enable]
  end
-
 end

-# Configure ipfs
-execute "ipfs config Addresses.Gateway /ip4/127.0.0.1/tcp/9090" do
+# Configure ipfs to not contact local network addresses
+execute "ipfs config --json Swarm.AddrFilters '#{node['ipfs']['config']['swarm']['addr_filter'].to_json}'" do
  environment "IPFS_PATH" => "/home/ipfs/.ipfs"
  user "ipfs"
-  not_if "ipfs config Addresses.Gateway | grep /ip4/127.0.0.1/tcp/9090"
-  notifies :restart, "service[ipfs]", :delayed
-end
-
-execute "ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '[\"kredits.kosmos.org\"]'" do
-  environment "IPFS_PATH" => "/home/ipfs/.ipfs"
-  user "ipfs"
-  not_if "ipfs config API.HTTPHeaders.Access-Control-Allow-Origin | grep kredits.kosmos.org"
+  not_if do
+    require 'json'
+    swarm_filter_config = `ipfs config Swarm.AddrFilters`
+    begin
+      JSON.parse(swarm_filter_config) == node['ipfs']['config']['swarm']['addr_filter']
+    rescue JSON::ParserError
+      false
+    end
+  end
  notifies :restart, "service[ipfs]", :delayed
 end
--- a/site-cookbooks/kosmos-ipfs/CHANGELOG.md
+++ b/site-cookbooks/kosmos-ipfs/CHANGELOG.md
@ -0,0 +1,6 @@
+# kosmos-ipfs CHANGELOG
+
+This file is used to list changes made in each version of the kosmos-ipfs cookbook.
+
+## 0.1.0
+- [gregkare] - Initial release of kosmos-ipfs
--- a/site-cookbooks/kosmos-ipfs/README.md
+++ b/site-cookbooks/kosmos-ipfs/README.md
@ -0,0 +1,11 @@
+# kosmos-ipfs Cookbook
+
+This cookbook sets up ipfs for Kosmos
+
+### Chef
+
+- Chef 12.0 or later
+
+### Cookbooks
+
+- `default` - Install ipfs and configure it for Kosmos
--- a/site-cookbooks/kosmos-ipfs/metadata.rb
+++ b/site-cookbooks/kosmos-ipfs/metadata.rb
@ -0,0 +1,9 @@
+name             'kosmos-ipfs'
+maintainer       'Kosmos'
+maintainer_email 'mail@kosmos.org'
+license          'All rights reserved'
+description      'Installs/Configures kosmos-ipfs'
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version          '0.1.0'
+
+depends 'ipfs'
--- a/site-cookbooks/kosmos-ipfs/recipes/default.rb
+++ b/site-cookbooks/kosmos-ipfs/recipes/default.rb
@ -0,0 +1,28 @@
+#
+# Cookbook Name:: kosmos-ipfs
+# Recipe:: default
+#
+# Copyright 2017, Kosmos
+#
+# All rights reserved - Do Not Redistribute
+#
+
+include_recipe "ipfs"
+
+# Configure ipfs
+
+# The default gateway is already used by kosmos' hubot (8080)
+execute "ipfs config Addresses.Gateway /ip4/127.0.0.1/tcp/9090" do
+  environment "IPFS_PATH" => "/home/ipfs/.ipfs"
+  user "ipfs"
+  not_if "ipfs config Addresses.Gateway | grep /ip4/127.0.0.1/tcp/9090"
+  notifies :restart, "service[ipfs]", :delayed
+end
+
+# Set up CORS headers
+execute "ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '[\"kredits.kosmos.org\"]'" do
+  environment "IPFS_PATH" => "/home/ipfs/.ipfs"
+  user "ipfs"
+  not_if "ipfs config API.HTTPHeaders.Access-Control-Allow-Origin | grep kredits.kosmos.org"
+  notifies :restart, "service[ipfs]", :delayed
+end