From 08e778eb964e0f55a18bd6c1d8528d80bd738e5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Fri, 3 Mar 2017 15:30:30 +0100 Subject: [PATCH] Split up kosmos config from the ipfs cookbook Also do not connect IPFS to the local network to avoid getting our server blocked by Hetzner --- site-cookbooks/ipfs/CHANGELOG.md | 7 +---- site-cookbooks/ipfs/attributes/default.rb | 19 +++++++++++++ site-cookbooks/ipfs/recipes/default.rb | 22 +++++++-------- site-cookbooks/kosmos-ipfs/CHANGELOG.md | 6 ++++ site-cookbooks/kosmos-ipfs/README.md | 11 ++++++++ site-cookbooks/kosmos-ipfs/metadata.rb | 9 ++++++ site-cookbooks/kosmos-ipfs/recipes/default.rb | 28 +++++++++++++++++++ 7 files changed, 85 insertions(+), 17 deletions(-) create mode 100644 site-cookbooks/kosmos-ipfs/CHANGELOG.md create mode 100644 site-cookbooks/kosmos-ipfs/README.md create mode 100644 site-cookbooks/kosmos-ipfs/metadata.rb create mode 100644 site-cookbooks/kosmos-ipfs/recipes/default.rb diff --git a/site-cookbooks/ipfs/CHANGELOG.md b/site-cookbooks/ipfs/CHANGELOG.md index 988d28a..4b7a448 100644 --- a/site-cookbooks/ipfs/CHANGELOG.md +++ b/site-cookbooks/ipfs/CHANGELOG.md @@ -3,9 +3,4 @@ This file is used to list changes made in each version of the ipfs cookbook. ## 0.1.0 -- [your_name] - Initial release of ipfs - -- - - -Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown. - -The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown. +- [gregkare] - Initial release of ipfs diff --git a/site-cookbooks/ipfs/attributes/default.rb b/site-cookbooks/ipfs/attributes/default.rb index f565585..a810582 100644 --- a/site-cookbooks/ipfs/attributes/default.rb +++ b/site-cookbooks/ipfs/attributes/default.rb @@ -1,2 +1,21 @@ node.default['ipfs']['version'] = "0.4.5" node.default['ipfs']['checksum'] = "2d3b937596eeea98230adf9f60b2f55fdb8701a0ad50936185fe8855ba96fd46" +# Do not contact local network addresses. This will stop platforms like Hetzner +# to block your server (https://github.com/ipfs/go-ipfs/issues/1226) +node.default['ipfs']['config']['swarm']['addr_filter'] = [ + "/ip4/10.0.0.0/ipcidr/8", + "/ip4/100.64.0.0/ipcidr/10", + "/ip4/169.254.0.0/ipcidr/16", + "/ip4/172.16.0.0/ipcidr/12", + "/ip4/192.0.0.0/ipcidr/24", + "/ip4/192.0.0.0/ipcidr/29", + "/ip4/192.0.0.8/ipcidr/32", + "/ip4/192.0.0.170/ipcidr/32", + "/ip4/192.0.0.171/ipcidr/32", + "/ip4/192.0.2.0/ipcidr/24", + "/ip4/192.168.0.0/ipcidr/16", + "/ip4/198.18.0.0/ipcidr/15", + "/ip4/198.51.100.0/ipcidr/24", + "/ip4/203.0.113.0/ipcidr/24", + "/ip4/240.0.0.0/ipcidr/4" +] diff --git a/site-cookbooks/ipfs/recipes/default.rb b/site-cookbooks/ipfs/recipes/default.rb index 85e45b8..01cdee5 100644 --- a/site-cookbooks/ipfs/recipes/default.rb +++ b/site-cookbooks/ipfs/recipes/default.rb @@ -70,20 +70,20 @@ else provider Chef::Provider::Service::Systemd action [:enable] end - end -# Configure ipfs -execute "ipfs config Addresses.Gateway /ip4/127.0.0.1/tcp/9090" do +# Configure ipfs to not contact local network addresses +execute "ipfs config --json Swarm.AddrFilters '#{node['ipfs']['config']['swarm']['addr_filter'].to_json}'" do environment "IPFS_PATH" => "/home/ipfs/.ipfs" user "ipfs" - not_if "ipfs config Addresses.Gateway | grep /ip4/127.0.0.1/tcp/9090" - notifies :restart, "service[ipfs]", :delayed -end - -execute "ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '[\"kredits.kosmos.org\"]'" do - environment "IPFS_PATH" => "/home/ipfs/.ipfs" - user "ipfs" - not_if "ipfs config API.HTTPHeaders.Access-Control-Allow-Origin | grep kredits.kosmos.org" + not_if do + require 'json' + swarm_filter_config = `ipfs config Swarm.AddrFilters` + begin + JSON.parse(swarm_filter_config) == node['ipfs']['config']['swarm']['addr_filter'] + rescue JSON::ParserError + false + end + end notifies :restart, "service[ipfs]", :delayed end diff --git a/site-cookbooks/kosmos-ipfs/CHANGELOG.md b/site-cookbooks/kosmos-ipfs/CHANGELOG.md new file mode 100644 index 0000000..6115db6 --- /dev/null +++ b/site-cookbooks/kosmos-ipfs/CHANGELOG.md @@ -0,0 +1,6 @@ +# kosmos-ipfs CHANGELOG + +This file is used to list changes made in each version of the kosmos-ipfs cookbook. + +## 0.1.0 +- [gregkare] - Initial release of kosmos-ipfs diff --git a/site-cookbooks/kosmos-ipfs/README.md b/site-cookbooks/kosmos-ipfs/README.md new file mode 100644 index 0000000..25b7ca9 --- /dev/null +++ b/site-cookbooks/kosmos-ipfs/README.md @@ -0,0 +1,11 @@ +# kosmos-ipfs Cookbook + +This cookbook sets up ipfs for Kosmos + +### Chef + +- Chef 12.0 or later + +### Cookbooks + +- `default` - Install ipfs and configure it for Kosmos diff --git a/site-cookbooks/kosmos-ipfs/metadata.rb b/site-cookbooks/kosmos-ipfs/metadata.rb new file mode 100644 index 0000000..18bbdd2 --- /dev/null +++ b/site-cookbooks/kosmos-ipfs/metadata.rb @@ -0,0 +1,9 @@ +name 'kosmos-ipfs' +maintainer 'Kosmos' +maintainer_email 'mail@kosmos.org' +license 'All rights reserved' +description 'Installs/Configures kosmos-ipfs' +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version '0.1.0' + +depends 'ipfs' diff --git a/site-cookbooks/kosmos-ipfs/recipes/default.rb b/site-cookbooks/kosmos-ipfs/recipes/default.rb new file mode 100644 index 0000000..3d0a4f2 --- /dev/null +++ b/site-cookbooks/kosmos-ipfs/recipes/default.rb @@ -0,0 +1,28 @@ +# +# Cookbook Name:: kosmos-ipfs +# Recipe:: default +# +# Copyright 2017, Kosmos +# +# All rights reserved - Do Not Redistribute +# + +include_recipe "ipfs" + +# Configure ipfs + +# The default gateway is already used by kosmos' hubot (8080) +execute "ipfs config Addresses.Gateway /ip4/127.0.0.1/tcp/9090" do + environment "IPFS_PATH" => "/home/ipfs/.ipfs" + user "ipfs" + not_if "ipfs config Addresses.Gateway | grep /ip4/127.0.0.1/tcp/9090" + notifies :restart, "service[ipfs]", :delayed +end + +# Set up CORS headers +execute "ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '[\"kredits.kosmos.org\"]'" do + environment "IPFS_PATH" => "/home/ipfs/.ipfs" + user "ipfs" + not_if "ipfs config API.HTTPHeaders.Access-Control-Allow-Origin | grep kredits.kosmos.org" + notifies :restart, "service[ipfs]", :delayed +end