Merge branch 'master' into feature/http_upload_service

clients/akkounts-1.json

@@ -0,0 +1,4 @@
+{
+  "name": "akkounts-1",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LKcqydrG3zgtmThEg+q\nOcw8QvIB2usMkF4kNMFeqhhdr2q/AtRcq4RJ0u0MiZbkHduGWfG9QZpjmbFZcEke\nURJbddqSDPHFAtrK2+BpcMqNN/mSp59f4MJf6wdLnBoeZCF5pCCXibyj+/754Ly+\nEJNiB1sf1Lu82YW2YM7iLhOLk1QQD2DTfBGbj9swdPrgKK+1npQ4A7O8sOB5gDjb\n9QVLCvCEoYFi+9is0vw/YryEr6tfnNw+CroP2uDfyVfWznF8oPUuttAcHgqDA3CV\n7lCRk9yVt1FKwuq2lFcsMqZ7wO4EoxpzCz/XTnpFPFvgeVinyXjSPsQCBAdwJe5T\nWQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

data_bags/credentials/akkounts.json

@@ -0,0 +1,17 @@
+{
+  "id": "akkounts",
+  "postgresql_password": {
+    "encrypted_data": "Vt/jXxrJPbJbEl8Nw9EdVymoId21hdzHxA0zwEfAkA==\n",
+    "iv": "rV3dOjUhPsrdhF59\n",
+    "auth_tag": "GwuMLjf5zqTxLUIKb7ZKjA==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "rails_master_key": {
+    "encrypted_data": "GjtdLy59dThzWYbEUD9Ss4G9vC3tcVgWDWLz3AoUl/jjJfSP2ym7ErjYwJhl\nE+1J2T3+\n",
+    "iv": "7PJXyCr2ozJHsMWZ\n",
+    "auth_tag": "nuW914Rh3Cn+ldGMc1JdGw==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  }
+}

nodes/akkounts-1.json

@@ -0,0 +1,74 @@
+{
+  "name": "akkounts-1",
+  "normal": {
+    "knife_zero": {
+      "host": "10.147.20.144"
+    }
+  },
+  "automatic": {
+    "fqdn": "akkounts-1",
+    "os": "linux",
+    "os_version": "5.4.0-54-generic",
+    "hostname": "akkounts-1",
+    "ipaddress": "192.168.122.160",
+    "roles": [
+
+    ],
+    "recipes": [
+      "kosmos-base",
+      "kosmos-base::default",
+      "kosmos-akkounts",
+      "kosmos-akkounts::default",
+      "kosmos-akkounts::nginx",
+      "apt::default",
+      "timezone_iii::default",
+      "timezone_iii::debian",
+      "ntp::default",
+      "ntp::apparmor",
+      "kosmos-base::systemd_emails",
+      "apt::unattended-upgrades",
+      "kosmos-base::firewall",
+      "kosmos-postfix::default",
+      "postfix::default",
+      "postfix::_common",
+      "postfix::_attributes",
+      "postfix::sasl_auth",
+      "hostname::default",
+      "kosmos-nodejs::default",
+      "nodejs::nodejs_from_package",
+      "nodejs::repo",
+      "nodejs::npm",
+      "nodejs::install",
+      "kosmos-nginx::default",
+      "nginx::default",
+      "nginx::package",
+      "nginx::ohai_plugin",
+      "nginx::repo",
+      "nginx::commons",
+      "nginx::commons_dir",
+      "nginx::commons_script",
+      "nginx::commons_conf",
+      "git::default",
+      "git::package",
+      "kosmos-base::letsencrypt"
+    ],
+    "platform": "ubuntu",
+    "platform_version": "20.04",
+    "cloud": null,
+    "chef_packages": {
+      "chef": {
+        "version": "15.14.0",
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib"
+      },
+      "ohai": {
+        "version": "15.12.0",
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
+      }
+    }
+  },
+  "run_list": [
+    "recipe[kosmos-base]",
+    "recipe[kosmos-akkounts::default]",
+    "recipe[kosmos-akkounts::nginx]"
+  ]
+}

site-cookbooks/kosmos-akkounts/attributes/default.rb

@@ -1,3 +1,4 @@
-node.default['akkounts-api']['revision'] = 'master'
-node.default['akkounts-api']['port'] = 3200
-node.default['akkounts-api']['server_name'] = 'api.accounts.kosmos.org'
+node.default['akkounts']['repo'] = 'https://gitea.kosmos.org/kosmos/akkounts.git'
+node.default['akkounts']['revision'] = 'master'
+node.default['akkounts']['port'] = 3000
+node.default['akkounts']['domain'] = 'accounts.kosmos.org'

site-cookbooks/kosmos-akkounts/metadata.rb

@@ -2,13 +2,16 @@ name 'kosmos-akkounts'
 maintainer 'Kosmos Developers'
 maintainer_email 'mail@kosmos.org'
 license 'MIT'
-description 'Installs/Configures kosmos-akkounts'
-long_description 'Installs/Configures kosmos-akkounts'
-version '0.1.0'
+description 'Installs/configures kosmos-akkounts'
+long_description 'Installs/configures kosmos-akkounts'
+version '0.2.0'
 chef_version '>= 14.0'
 
-depends 'application_javascript'
-depends 'application_git'
-depends 'kosmos-nodejs'
-depends 'kosmos-mastodon'
 depends 'kosmos-nginx'
+depends "kosmos-nodejs"
+depends "poise-ruby-build"
+depends "application"
+depends 'application_git'
+depends "postgresql"
+depends "kosmos-postgresql"
+depends "backup"

site-cookbooks/kosmos-akkounts/recipes/default.rb

@@ -3,8 +3,7 @@
 # Recipe:: default
 #
 # The MIT License (MIT)
-#
-# Copyright:: 2019, Kosmos Developers
+# Copyright:: 2020, Kosmos Developers
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -23,12 +22,11 @@
 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
-
-include_recipe 'kosmos-nodejs'
-
-app_name     = "akkounts-api"
+#
+app_name     = "akkounts"
 deploy_user  = "deploy"
 deploy_group = "deploy"
+deploy_path  = "/opt/#{app_name}"
 credentials  = Chef::EncryptedDataBagItem.load('credentials', app_name)
 
 group deploy_group
@@ -37,75 +35,110 @@ user deploy_user do
   group       deploy_group
   manage_home true
   shell       "/bin/bash"
-  comment     "deploy user"
 end
 
-path_to_deploy = "/opt/#{app_name}"
-application path_to_deploy do
+package "libpq-dev"
+
+include_recipe 'kosmos-nodejs'
+
+npm_package "yarn" do
+  version "1.22.4"
+end
+
+ruby_version = "2.6.6"
+bundle_path = "/opt/ruby_build/builds/#{ruby_version}/bin/bundle"
+rails_env = node.chef_environment == "development" ? "development" : "production"
+
+systemd_unit "akkounts.service" do
+  content({
+    Unit: {
+      Description: "Kosmos account management",
+      Documentation: ["https://gitea.kosmos.org/kosmos/akkounts"],
+      After: "network.target"
+    },
+    Service: {
+      Type: "simple",
+      User: deploy_user,
+      WorkingDirectory: deploy_path,
+      Environment: "RAILS_ENV=#{rails_env}",
+      ExecStart: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid",
+      ExecStop: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid stop",
+      ExecReload: "#{bundle_path} exec pumactl -F config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid phased-restart",
+      PIDFile: "#{deploy_path}/tmp/puma.pid",
+      TimeoutSec: "10",
+      Restart: "always",
+    },
+    Install: {
+      WantedBy: "multi-user.target"
+    }
+  })
+  verify false
+  triggers_reload true
+  action [:create, :enable]
+end
+
+application deploy_path do
   owner deploy_user
   group deploy_group
 
   # Take care of application restarts manually, in the git resource
   action_on_update false
 
+  environment "HOME" => deploy_path,
+              "PATH" => "/opt/ruby_build/builds/#{ruby_version}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
+
+  ruby_runtime ruby_version do
+    provider :ruby_build
+    version ruby_version
+  end
+
   git do
-    user  deploy_user
-    group deploy_group
-    repository "https://github.com/67P/#{app_name}.git"
-    revision   node[app_name]['revision']
-    # Restart service on deployments
-    notifies :restart, "application[#{path_to_deploy}]", :delayed
-  end
-
-  npm_install do
     user deploy_user
+    group deploy_group
+    repository node[app_name]["repo"]
+    revision node[app_name]["revision"]
+    # Restart services on deployments
+    notifies :restart, "application[#{deploy_path}]", :delayed
   end
 
-  execute "systemctl daemon-reload" do
-    command "systemctl daemon-reload"
-    action :nothing
-  end
-
-  smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp')
-
-  template "#{path_to_deploy}/.env" do
-    source "dotenv.erb"
-    sensitive true
+  file "#{deploy_path}/config/master.key" do
+    content credentials['rails_master_key']
+    mode '0400'
     owner deploy_user
     group deploy_group
-    variables btcpay_url: "https://btcpay.kosmos.org",
-              btcpay_privkey: credentials["btcpay_privkey"],
-              btcpay_merchant: credentials["btcpay_merchant"],
-              btcpay_store_id: credentials["btcpay_store_id"],
-              btcpay_webhook_host: "https://#{node[app_name]["server_name"]}",
-              btcpay_webhook_token: credentials["btcpay_webhook_token"],
-              smtp_host: "smtp.mailgun.org",
-              smtp_use_tls: true,
-              smtp_username: smtp_credentials['user_name'],
-              smtp_password: smtp_credentials['password'],
-              mastodon_host: "https://#{node["kosmos-mastodon"]["server_name"]}",
-              mastodon_auth_token: credentials["mastodon_auth_token"]
-    mode '0440'
-    # Restart service when the config changes
-    notifies :restart, "application[#{path_to_deploy}]", :delayed
   end
 
-  template "/lib/systemd/system/#{app_name}.service" do
-    source 'nodejs.systemd.service.erb'
-    owner 'root'
-    group 'root'
-    mode '0640'
-    variables(
-      user: deploy_user,
-      group: deploy_group,
-      app_dir: path_to_deploy,
-      entry: "/usr/bin/env node release/index.js"
-    )
-    notifies :run, "execute[systemctl daemon-reload]", :delayed
-    notifies :restart, "service[#{app_name}]", :delayed
+  execute "bundle install" do
+    environment "HOME" => deploy_path
+    user deploy_user
+    cwd deploy_path
+    command "/opt/ruby_build/builds/#{ruby_version}/bin/bundle install --without development,test --deployment"
   end
 
-  service app_name do
+  execute "yarn install" do
+    environment "HOME" => deploy_path, "NODE_ENV" => "production"
+    user deploy_user
+    cwd deploy_path
+    command "yarn install --pure-lockfile"
+  end
+
+  execute 'rake db:migrate' do
+    environment "RAILS_ENV" => rails_env, "HOME" => deploy_path
+    user deploy_user
+    group deploy_group
+    cwd deploy_path
+    command "PATH=\"/opt/ruby_build/builds/#{ruby_version}/bin:$PATH\" bundle exec rake db:migrate"
+  end
+
+  execute 'rake assets:precompile' do
+    environment "RAILS_ENV" => rails_env, "HOME" => deploy_path
+    user deploy_user
+    group deploy_group
+    cwd deploy_path
+    command "PATH=\"/opt/ruby_build/builds/#{ruby_version}/bin:$PATH\" bundle exec rake assets:precompile"
+  end
+
+  service "akkounts" do
     action [:enable, :start]
   end
 end

site-cookbooks/kosmos-akkounts/recipes/nginx.rb

@@ -4,7 +4,7 @@
 #
 # The MIT License (MIT)
 #
-# Copyright:: 2019, Kosmos Developers
+# Copyright:: 2020, Kosmos Developers
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -25,22 +25,23 @@
 # THE SOFTWARE.
 
 include_recipe "kosmos-nginx"
-app_name     = "akkounts-api"
-server_name = node[app_name]["server_name"]
+app_name    = "akkounts"
+domain      = node[app_name]["domain"]
 
-template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
+template "#{node['nginx']['dir']}/sites-available/#{domain}" do
   source "nginx_conf_#{app_name}.erb"
   owner 'www-data'
   mode 0640
-  variables port:          node[app_name]['port'],
-            server_name:             server_name,
-            ssl_cert:                "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
-            ssl_key:                 "/etc/letsencrypt/live/#{server_name}/privkey.pem"
+  variables port: node[app_name]['port'],
+            domain: domain,
+            root_dir: "/opt/#{app_name}/public",
+            ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
+            ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
   notifies :reload, 'service[nginx]', :delayed
 end
 
-nginx_site server_name do
+nginx_site domain do
   action :enable
 end
 
-nginx_certbot_site server_name
+nginx_certbot_site domain

site-cookbooks/kosmos-akkounts/templates/dotenv.erb

@@ -1,13 +0,0 @@
-BTCPAY_URL=<%= @btcpay_url %>
-BTCPAY_PRIVKEY=<%= @btcpay_privkey %>
-BTCPAY_MERCHANT=<%= @btcpay_merchant %>
-BTCPAY_STORE_ID=<%= @btcpay_store_id %>
-BTCPAY_WEBHOOK_HOST=<%= @btcpay_webhook_host %>
-BTCPAY_WEBHOOK_TOKEN=<%= @btcpay_webhook_token %>
-SMTP_HOST=<%= @smtp_host %>
-SMTP_USE_TLS=true
-SMTP_USERNAME=<%= @smtp_username %>
-SMTP_PASSWORD=<%= @smtp_password %>
-MASTODON_HOST=<%= @mastodon_host %>
-MASTODON_AUTH_TOKEN=<%= @mastodon_auth_token %>
-PORT=<%= node['akkounts-api']['port'] %>

site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts-api.erb

@@ -1,28 +0,0 @@
-# Generated by Chef
-<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
-upstream _akkounts {
-  server   localhost:<%= @port %>;
-}
-
-server {
-  listen 443 ssl http2;
-  add_header Strict-Transport-Security "max-age=15768000";
-
-  ssl_certificate <%= @ssl_cert %>;
-  ssl_certificate_key <%= @ssl_key %>;
-
-  server_name <%= @server_name %>;
-
-  access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json;
-  error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
-
-  location / {
-    # Increase number of buffers. Default is 8
-    proxy_buffers 1024 8k;
-
-    proxy_pass http://_akkounts;
-    proxy_http_version 1.1;
-   }
-
-}
-<% end -%>

site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts.erb

@@ -0,0 +1,54 @@
+# Generated by Chef
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+upstream _akkounts {
+  server   localhost:<%= @port %>;
+}
+
+server {
+  listen 443 ssl http2;
+  add_header Strict-Transport-Security "max-age=15768000";
+
+  ssl_certificate <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+
+  server_name <%= @domain %>;
+
+  access_log <%= node[:nginx][:log_dir] %>/<%= @domain %>.access.log json;
+  error_log <%= node[:nginx][:log_dir] %>/<%= @domain %>.error.log warn;
+
+  root <%= @root_dir %>;
+
+  location ~ ^/(assets|packs|images|javascripts|stylesheets|swfs|system)/ {
+    access_log off;
+    gzip_static on;
+    expires max;
+    add_header Cache-Control public;
+  }
+
+  try_files $uri/index.html $uri @app;
+
+  location @app {
+    # an HTTP header important enough to have its own Wikipedia entry:
+    # http://en.wikipedia.org/wiki/X-Forwarded-For
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    # enable this if and only if you use HTTPS, this helps Rack
+    # set the proper protocol for doing redirects:
+    proxy_set_header X-Forwarded-Proto https;
+
+    # pass the Host: header from the client right along so redirects
+    # can be set properly within the Rack application
+    proxy_set_header Host $http_host;
+
+    # we don't want nginx trying to do something clever with
+    # redirects, we set the Host: header above already.
+    proxy_redirect off;
+
+    # Increase number of buffers. Default is 8
+    proxy_buffers 1024 8k;
+
+    proxy_pass http://_akkounts;
+    proxy_http_version 1.1;
+   }
+}
+<% end -%>

site-cookbooks/kosmos-akkounts/templates/nodejs.systemd.service.erb

@@ -1,15 +0,0 @@
-[Unit]
-Description=Start nodejs app
-
-[Service]
-ExecStart=<%= @entry %>
-WorkingDirectory=<%= @app_dir %>
-User=<%= @user %>
-Group=<%= @group %>
-<% if @environment -%>
-Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %>
-<% end -%>
-Restart=always
-
-[Install]
-WantedBy=multi-user.target