From 158a9c2fbe77793a708f6a0dde7cd454edd447dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 29 Nov 2023 22:26:29 +0100 Subject: [PATCH 01/95] Update postfix cookbook --- Berksfile | 2 +- Berksfile.lock | 4 +- cookbooks/postfix/.markdownlint-cli2.yaml | 5 + cookbooks/postfix/CHANGELOG.md | 194 +++++++++++++++-- cookbooks/postfix/CONTRIBUTING.md | 1 - cookbooks/postfix/LICENSE | 202 ++++++++++++++++++ cookbooks/postfix/MAINTAINERS.md | 15 -- cookbooks/postfix/README.md | 77 +++++-- cookbooks/postfix/attributes/default.rb | 50 +++-- cookbooks/postfix/chefignore | 115 ++++++++++ cookbooks/postfix/metadata.json | 46 +++- cookbooks/postfix/metadata.rb | 20 ++ cookbooks/postfix/recipes/_attributes.rb | 38 +--- cookbooks/postfix/recipes/_common.rb | 109 ++++++++-- cookbooks/postfix/recipes/access.rb | 4 +- cookbooks/postfix/recipes/aliases.rb | 4 +- cookbooks/postfix/recipes/client.rb | 7 +- cookbooks/postfix/recipes/default.rb | 2 +- cookbooks/postfix/recipes/maps.rb | 13 +- .../postfix/recipes/relay_restrictions.rb | 8 +- cookbooks/postfix/recipes/sasl_auth.rb | 10 +- cookbooks/postfix/recipes/server.rb | 2 +- cookbooks/postfix/recipes/transports.rb | 8 +- cookbooks/postfix/recipes/virtual_aliases.rb | 4 +- .../recipes/virtual_aliases_domains.rb | 4 +- cookbooks/postfix/renovate.json | 17 ++ .../templates/{default => }/access.erb | 0 .../templates/{default => }/aliases.erb | 0 .../postfix/templates/default/sasl_passwd.erb | 4 - cookbooks/postfix/templates/mailer.erb | 10 + .../templates/{default => }/main.cf.erb | 0 .../{default => }/manifest-postfix.xml.erb | 0 .../postfix/templates/{default => }/maps.erb | 0 .../templates/{default => }/master.cf.erb | 0 .../templates/{default => }/port_smtp.erb | 0 .../postfix/templates/recipient_canonical.erb | 9 + .../{default => }/relay_restrictions.erb | 0 cookbooks/postfix/templates/sasl_passwd.erb | 8 + .../{default => }/sender_canonical.erb | 0 .../templates/{default => }/smtp_generic.erb | 0 .../templates/{default => }/transport.erb | 0 .../{default => }/virtual_aliases.erb | 0 .../{default => }/virtual_aliases_domains.erb | 0 43 files changed, 836 insertions(+), 156 deletions(-) create mode 100644 cookbooks/postfix/.markdownlint-cli2.yaml delete mode 100644 cookbooks/postfix/CONTRIBUTING.md create mode 100644 cookbooks/postfix/LICENSE delete mode 100644 cookbooks/postfix/MAINTAINERS.md create mode 100644 cookbooks/postfix/chefignore create mode 100644 cookbooks/postfix/metadata.rb create mode 100644 cookbooks/postfix/renovate.json rename cookbooks/postfix/templates/{default => }/access.erb (100%) rename cookbooks/postfix/templates/{default => }/aliases.erb (100%) delete mode 100644 cookbooks/postfix/templates/default/sasl_passwd.erb create mode 100644 cookbooks/postfix/templates/mailer.erb rename cookbooks/postfix/templates/{default => }/main.cf.erb (100%) rename cookbooks/postfix/templates/{default => }/manifest-postfix.xml.erb (100%) rename cookbooks/postfix/templates/{default => }/maps.erb (100%) rename cookbooks/postfix/templates/{default => }/master.cf.erb (100%) rename cookbooks/postfix/templates/{default => }/port_smtp.erb (100%) create mode 100644 cookbooks/postfix/templates/recipient_canonical.erb rename cookbooks/postfix/templates/{default => }/relay_restrictions.erb (100%) create mode 100644 cookbooks/postfix/templates/sasl_passwd.erb rename cookbooks/postfix/templates/{default => }/sender_canonical.erb (100%) rename cookbooks/postfix/templates/{default => }/smtp_generic.erb (100%) rename cookbooks/postfix/templates/{default => }/transport.erb (100%) rename cookbooks/postfix/templates/{default => }/virtual_aliases.erb (100%) rename cookbooks/postfix/templates/{default => }/virtual_aliases_domains.erb (100%) diff --git a/Berksfile b/Berksfile index eef1c52..ec09e0e 100644 --- a/Berksfile +++ b/Berksfile @@ -32,7 +32,7 @@ cookbook 'ntp', '= 3.4.0' cookbook 'ohai', '~> 5.2.5' cookbook 'openssl', '~> 8.5.5' cookbook 'php', '~> 8.0.0' -cookbook 'postfix', '= 5.0.2' +cookbook 'postfix', '~> 6.0.26' cookbook 'timezone_iii', '= 1.0.4' cookbook 'ulimit', '~> 1.0.0' cookbook 'users', '~> 5.3.1' diff --git a/Berksfile.lock b/Berksfile.lock index f15885a..cf6ade6 100644 --- a/Berksfile.lock +++ b/Berksfile.lock @@ -28,7 +28,7 @@ DEPENDENCIES ohai (~> 5.2.5) openssl (~> 8.5.5) php (~> 8.0.0) - postfix (= 5.0.2) + postfix (~> 6.0.26) redisio (~> 6.4.1) ruby_build (~> 2.5.0) timezone_iii (= 1.0.4) @@ -89,7 +89,7 @@ GRAPH openssl (8.5.5) php (8.0.1) yum-epel (>= 0.0.0) - postfix (5.0.2) + postfix (6.0.26) redisio (6.4.1) selinux (>= 0.0.0) ruby_build (2.5.0) diff --git a/cookbooks/postfix/.markdownlint-cli2.yaml b/cookbooks/postfix/.markdownlint-cli2.yaml new file mode 100644 index 0000000..6fa8e77 --- /dev/null +++ b/cookbooks/postfix/.markdownlint-cli2.yaml @@ -0,0 +1,5 @@ +config: + ul-indent: false # MD007 + line-length: false # MD013 + no-duplicate-heading: false # MD024 + reference-links-images: false # MD052 diff --git a/cookbooks/postfix/CHANGELOG.md b/cookbooks/postfix/CHANGELOG.md index 415b74c..1b7f2b2 100644 --- a/cookbooks/postfix/CHANGELOG.md +++ b/cookbooks/postfix/CHANGELOG.md @@ -2,6 +2,176 @@ This file is used to list changes made in each version of the postfix cookbook. +## 6.0.26 - *2023-10-03* + +- add installation of postfix addon packages for RHEL 8 + +## 6.0.25 - *2023-10-03* + +Fix markdown + +## 6.0.24 - *2023-09-28* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.23 - *2023-09-04* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.22 - *2023-08-29* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.21 - *2023-05-17* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.20 - *2023-04-17* + +Fix CI permissions + +## 6.0.19 - *2023-04-17* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.18 - *2023-04-07* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.17 - *2023-04-01* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.16 - *2023-04-01* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.15 - *2023-04-01* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.14 - *2023-03-20* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.13 - *2023-03-15* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.12 - *2023-02-23* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.11 - *2023-02-16* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.10 - *2023-02-14* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.9 - *2023-02-14* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.8 - *2022-12-08* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.7 - *2022-02-03* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.6 - *2022-02-02* + +- Update tested platforms +- Remove delivery and move to calling RSpec directly via a reusable workflow + +## 6.0.5 - *2022-01-08* + +- resolved cookstyle error: test/integration/helpers/serverspec/spec_helper.rb:9:21 convention: `Style/FileRead` + +## 6.0.4 - *2021-08-19* + +## 6.0.3 - *2021-08-19* + +- Fixed TLS configuration + +## 6.0.2 - *2021-06-30* + +- Make sure we write the main.conf and master.conf before we try to use any commands (like postmap) + +## 6.0.1 - *2021-06-01* + +## 6.0.0 - *2020-11-23* + +- Disabled SSLv3 by default + +## 5.4.1 - 2020-10-20 + +- Ensure all postmap files are rebuilt immediately if needed + +## 5.4.0 - 2020-10-11 + +### Changed + +- Sous Chefs Adoption +- Update to use Sous Chefs GH workflow +- Update README to sous-chefs +- Update metadata.rb to Sous Chefs +- Update test-kitchen to Sous Chefs + +### Added + +- Standardise files with files in sous-chefs/repo-management +- Add Ubuntu 20.04 testing + +### Fixed + +- Cookstyle fixes +- ChefSpec fixes +- Yamllint fixes +- MDL fixes +- Fix OpenSUSE installation issues + +### Removed + +- Remove EL 6 testing +- Remove Amazon Linux 1 testing + +## 5.3.1 (2018-07-24) + +- Fixed sbin issue with Chef13 + +## 5.3.0 (2018-05-23) + +- support multiple sasl_passwd entries +- Add `packages` attribute so different postfix packages can be installed +- add ability to set network connection port for a remote relayhost + +## 5.2.1 (2017-11-22) + +- Properly support FreeBSD +- Do not run service restart for solaris which fails + +## 5.2.0 (2017-08-07) + +- Lazily evaluate the config template variables to allow overrides to properly apply +- Avoid Chefspec deprecation warnings + +## 5.1.1 (2017-07-28) + +- Fix support for Amazon Linux on Chef 13 +- Expand testing to cover Debian 9 in Travis + +## 5.1.0 (2017-07-28) + +- Add an option to allow recipient canonical maps + +## 5.0.3 (2017-06-26) + +- Correct attribute line for use_relay_restrictions_maps to prevent converge failures + ## 5.0.2 (2017-05-17) - Fix use_relay_restrictions_maps attribute misspelling in attributes file @@ -117,51 +287,51 @@ Reverting #37 - [COOK-3418] Virtual Domain Support PR - duplicate of #55 ### Bug -- **[COOK-4357](https://tickets.chef.io/browse/COOK-4357)** - postfix::sasl_auth recipe fails to converge +- postfix::sasl_auth recipe fails to converge ## v3.1.0 (2014-02-19) ### Bug -- **[COOK-4322](https://tickets.chef.io/browse/COOK-4322)** - Postfix cookbook has incorrect default path for sasl_passwd +- Postfix cookbook has incorrect default path for sasl_passwd ### New Feature -- **[COOK-4086](https://tickets.chef.io/browse/COOK-4086)** - use conf_dir attribute for sasl recipe, and add omnios support -- **[COOK-2551](https://tickets.chef.io/browse/COOK-2551)** - Support creating the sender_canonical map file +- use conf_dir attribute for sasl recipe, and add omnios support +- Support creating the sender_canonical map file ## v3.0.4 ### Bug -- **[COOK-3824](https://tickets.chef.io/browse/COOK-3824)** - main.cf.erb mishandles lists +- main.cf.erb mishandles lists ### Improvement -- **[COOK-3822](https://tickets.chef.io/browse/COOK-3822)** - postfix cookbook readme has an incorrect example +- postfix cookbook readme has an incorrect example - Got rubocop errors down to 32 ### New Feature -- **[COOK-2551](https://tickets.chef.io/browse/COOK-2551)** - Support creating the sender_canonical map file +- Support creating the sender_canonical map file ## v3.0.2 ### Bug -- **[COOK-3617](https://tickets.chef.io/browse/COOK-3617)** - Fix error when no there is no FQDN -- **[COOK-3530](https://tickets.chef.io/browse/COOK-3530)** - Update `client.rb` after 3.0.0 refactor -- **[COOK-2499](https://tickets.chef.io/browse/COOK-2499)** - Do not use resource cloning +- Fix error when no there is no FQDN +- Update `client.rb` after 3.0.0 refactor +- Do not use resource cloning ### Improvement -- **[COOK-3116](https://tickets.chef.io/browse/COOK-3116)** - Add SmartOS support +- Add SmartOS support ## v3.0.0 ### Improvement -- **[COOK-3328](https://tickets.chef.io/browse/COOK-3328)** - Postfix main/master and attributes refactor +- Postfix main/master and attributes refactor **Breaking changes**: diff --git a/cookbooks/postfix/CONTRIBUTING.md b/cookbooks/postfix/CONTRIBUTING.md deleted file mode 100644 index cd21578..0000000 --- a/cookbooks/postfix/CONTRIBUTING.md +++ /dev/null @@ -1 +0,0 @@ -Please refer to diff --git a/cookbooks/postfix/LICENSE b/cookbooks/postfix/LICENSE new file mode 100644 index 0000000..8f71f43 --- /dev/null +++ b/cookbooks/postfix/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/cookbooks/postfix/MAINTAINERS.md b/cookbooks/postfix/MAINTAINERS.md deleted file mode 100644 index 645ed14..0000000 --- a/cookbooks/postfix/MAINTAINERS.md +++ /dev/null @@ -1,15 +0,0 @@ - - -# Maintainers - -This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead. - -# Project Maintainer -* [Tim Smith](https://github.com/tas50) - -# Maintainers -* [Jennifer Davis](https://github.com/sigje) -* [Tim Smith](https://github.com/tas50) -* [Thom May](https://github.com/thommay) diff --git a/cookbooks/postfix/README.md b/cookbooks/postfix/README.md index 3531da4..e7dc535 100644 --- a/cookbooks/postfix/README.md +++ b/cookbooks/postfix/README.md @@ -1,19 +1,28 @@ # postfix Cookbook -[![Build Status](https://travis-ci.org/chef-cookbooks/postfix.svg?branch=master)](https://travis-ci.org/chef-cookbooks/postfix) [![Cookbook Version](https://img.shields.io/cookbook/v/postfix.svg)](https://supermarket.chef.io/cookbooks/postfix) +[![Cookbook Version](https://img.shields.io/cookbook/v/postfix.svg)](https://supermarket.chef.io/cookbooks/postfix) +[![CI State](https://github.com/sous-chefs/postfix/workflows/ci/badge.svg)](https://github.com/sous-chefs/postfix/actions?query=workflow%3Aci) +[![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers) +[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors) +[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0) Installs and configures postfix for client or outbound relayhost, or to do SASL authentication. On RHEL-family systems, sendmail will be replaced with postfix. +## Maintainers + +This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF). + ## Requirements ### Platforms -- Ubuntu 12.04+ -- Debian 7.0+ -- RHEL/CentOS/Scientific 5.7+, 6.2+ +- Ubuntu +- Debian +- RHEL/CentOS/Scientific - Amazon Linux (as of AMIs created after 4/9/2012) +- FreeBSD May work on other platforms with or without modification. @@ -33,6 +42,7 @@ See `attributes/default.rb` for default values. - `node['postfix']['mail_type']` - Sets the kind of mail configuration. `master` will set up a server (relayhost). - `node['postfix']['relayhost_role']` - name of a role used for search in the client recipe. +- `node['postfix']['relayhost_port']` - listening network port of the relayhost. - `node['postfix']['multi_environment_relay']` - set to true if nodes should not constrain search for the relayhost in their own environment. - `node['postfix']['use_procmail']` - set to true if nodes should use procmail as the delivery agent. - `node['postfix']['use_alias_maps']` - set to true if you want the cookbook to use/configure alias maps @@ -43,7 +53,7 @@ See `attributes/default.rb` for default values. - `node['postfix']['aliases']` - hash of aliases to create with `recipe[postfix::aliases]`, see below under **Recipes** for more information. - `node['postfix']['transports']` - hash of transports to create with `recipe[postfix::transports]`, see below under **Recipes** for more information. - `node['postfix']['access']` - hash of access to create with `recipe[postfix::access]`, see below under **Recipes** for more information. -- `node['postfix']['virtual_aliases']` - hash of virtual_aliases to create with `recipe[postfix::virtual_aliases]`, see below under __Recipes__ for more information. +- `node['postfix']['virtual_aliases']` - hash of virtual_aliases to create with `recipe[postfix::virtual_aliases]`, see below under **Recipes** for more information. - `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix' - `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix' @@ -75,10 +85,20 @@ This change in namespace to `node['postfix']['main']` should allow for greater f - `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file - `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous - `node['postfix']['main']['relayhost']` - Set to empty string -- `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty -- `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty. - `node['postfix']['sender_canonical_map_entries']` - (hash with key value pairs); default not configured. Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config. - `node['postfix']['smtp_generic_map_entries']` - (hash with key value pairs); default not configured. Setup generic postfix maps. See `man 5 generic`. If has at least one value, then will be enabled in config. +- `node['postfix']['recipient_canonical_map_entries']` - (hash with key value pairs); default not configured. Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config. +- `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty. You can only use this until the current version. The new syntax is below. +- `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty. You can only use this until the current version. The new syntax is below. +- `node['postfix']['sasl']` = ```json { + "relayhost1" => { + 'username' => 'foo', + 'password' => 'bar' + }, + "relayhost2" => { + ... + } + }``` - You must set the following attribute, otherwise the attribute will default to empty Example of json role config, for setup *_map_entries: @@ -331,8 +351,14 @@ override_attributes( "smtp_sasl_auth_enable" => "yes" }, "sasl" => { - "smtp_sasl_passwd" => "your_password", - "smtp_sasl_user_name" => "your_username" + "relayhost1" => { + "username" => "your_password", + "password" => "your_username" + }, + "relayhost2" => { + ... + }, + ... } } ) @@ -425,22 +451,27 @@ override_attributes( ) ``` -## License & Authors +## Contributors -**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io)) +This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false) -**Copyright:** 2009-2016, Chef Software, Inc. +### Backers -``` -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at +Thank you to all our backers! - http://www.apache.org/licenses/LICENSE-2.0 +![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40) -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -``` +### Sponsors + +Support this project by becoming a sponsor. Your logo will show up here with a link to your website. + +![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100) diff --git a/cookbooks/postfix/attributes/default.rb b/cookbooks/postfix/attributes/default.rb index d467072..6ec3d88 100644 --- a/cookbooks/postfix/attributes/default.rb +++ b/cookbooks/postfix/attributes/default.rb @@ -1,5 +1,5 @@ # Author:: Joshua Timberman -# Copyright:: 2009-2017, Chef Software, Inc. +# Copyright:: 2009-2019, Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,12 +14,15 @@ # See the License for the specific language governing permissions and # limitations under the License. +default['postfix']['packages'] = %w(postfix) + # Generic cookbook attributes default['postfix']['mail_type'] = 'client' default['postfix']['relayhost_role'] = 'relayhost' +default['postfix']['relayhost_port'] = '25' default['postfix']['multi_environment_relay'] = false default['postfix']['use_procmail'] = false -default['postfix']['use_alias_maps'] = (node['platform'] == 'freebsd') +default['postfix']['use_alias_maps'] = platform?('freebsd') default['postfix']['use_transport_maps'] = false default['postfix']['use_access_maps'] = false default['postfix']['use_virtual_aliases'] = false @@ -33,6 +36,7 @@ default['postfix']['main_template_source'] = 'postfix' default['postfix']['master_template_source'] = 'postfix' default['postfix']['sender_canonical_map_entries'] = {} default['postfix']['smtp_generic_map_entries'] = {} +default['postfix']['recipient_canonical_map_entries'] = {} default['postfix']['access_db_type'] = 'hash' default['postfix']['aliases_db_type'] = 'hash' default['postfix']['transport_db_type'] = 'hash' @@ -84,6 +88,10 @@ default['postfix']['main']['myorigin'] = '$myhostname' default['postfix']['main']['mydestination'] = [node['postfix']['main']['myhostname'], node['hostname'], 'localhost.localdomain', 'localhost'].compact default['postfix']['main']['smtpd_use_tls'] = 'yes' default['postfix']['main']['smtp_use_tls'] = 'yes' +default['postfix']['main']['smtpd_tls_mandatory_protocols'] = '!SSLv2,!SSLv3' +default['postfix']['main']['smtp_tls_mandatory_protocols'] = '!SSLv2,!SSLv3' +default['postfix']['main']['smtpd_tls_protocols'] = '!SSLv2,!SSLv3' +default['postfix']['main']['smtp_tls_protocols'] = '!SSLv2,!SSLv3' default['postfix']['main']['smtp_sasl_auth_enable'] = 'no' default['postfix']['main']['mailbox_size_limit'] = 0 default['postfix']['main']['mynetworks'] = nil @@ -99,6 +107,11 @@ when 'smartos' default['postfix']['cafile'] = '/opt/local/etc/postfix/cacert.pem' when 'rhel' default['postfix']['cafile'] = '/etc/pki/tls/cert.pem' +when 'amazon' + default['postfix']['cafile'] = '/etc/pki/tls/cert.pem' +when 'suse' + default['postfix']['main']['setgid_group'] = 'maildrop' + default['postfix']['main']['daemon_directory'] = '/usr/lib/postfix/bin' else default['postfix']['cafile'] = "#{node['postfix']['conf_dir']}/cacert.pem" end @@ -374,27 +387,24 @@ default['postfix']['master']['bsmtp']['command'] = 'pipe' default['postfix']['master']['bsmtp']['args'] = ['flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient'] # OS Aliases -default['postfix']['aliases'] = case node['platform'] - when 'freebsd' +default['postfix']['aliases'] = if platform?('freebsd') { - 'MAILER-DAEMON' => 'postmaster', - 'bin' => 'root', - 'daemon' => 'root', - 'named' => 'root', - 'nobody' => 'root', - 'uucp' => 'root', - 'www' => 'root', - 'ftp-bugs' => 'root', - 'postfix' => 'root', - 'manager' => 'root', - 'dumper' => 'root', - 'operator' => 'root', - 'abuse' => 'postmaster', + 'MAILER-DAEMON' => 'postmaster', + 'bin' => 'root', + 'daemon' => 'root', + 'named' => 'root', + 'nobody' => 'root', + 'uucp' => 'root', + 'www' => 'root', + 'ftp-bugs' => 'root', + 'postfix' => 'root', + 'manager' => 'root', + 'dumper' => 'root', + 'operator' => 'root', + 'abuse' => 'postmaster', } else {} end -if node['postfix']['use_relay_restrictions_maps'] - default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" -end +default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps'] diff --git a/cookbooks/postfix/chefignore b/cookbooks/postfix/chefignore new file mode 100644 index 0000000..a27b0b2 --- /dev/null +++ b/cookbooks/postfix/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen*.yml +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/cookbooks/postfix/metadata.json b/cookbooks/postfix/metadata.json index e535f33..1bbe467 100644 --- a/cookbooks/postfix/metadata.json +++ b/cookbooks/postfix/metadata.json @@ -1 +1,45 @@ -{"name":"postfix","version":"5.0.2","description":"Installs and configures postfix for client or outbound relayhost, or to do SASL auth","long_description":"# postfix Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/postfix.svg?branch=master)](https://travis-ci.org/chef-cookbooks/postfix) [![Cookbook Version](https://img.shields.io/cookbook/v/postfix.svg)](https://supermarket.chef.io/cookbooks/postfix)\n\nInstalls and configures postfix for client or outbound relayhost, or to do SASL authentication.\n\nOn RHEL-family systems, sendmail will be replaced with postfix.\n\n## Requirements\n\n### Platforms\n\n- Ubuntu 12.04+\n- Debian 7.0+\n- RHEL/CentOS/Scientific 5.7+, 6.2+\n- Amazon Linux (as of AMIs created after 4/9/2012)\n\nMay work on other platforms with or without modification.\n\n### Chef\n\n- Chef 12.1+\n\n### Cookbooks\n\n- none\n\n## Attributes\n\nSee `attributes/default.rb` for default values.\n\n### Generic cookbook attributes\n\n- `node['postfix']['mail_type']` - Sets the kind of mail configuration. `master` will set up a server (relayhost).\n- `node['postfix']['relayhost_role']` - name of a role used for search in the client recipe.\n- `node['postfix']['multi_environment_relay']` - set to true if nodes should not constrain search for the relayhost in their own environment.\n- `node['postfix']['use_procmail']` - set to true if nodes should use procmail as the delivery agent.\n- `node['postfix']['use_alias_maps']` - set to true if you want the cookbook to use/configure alias maps\n- `node['postfix']['use_transport_maps']` - set to true if you want the cookbook to use/configure transport maps\n- `node['postfix']['use_access_maps']` - set to true if you want the cookbook to use/configure access maps\n- `node['postfix']['use_virtual_aliases']` - set to true if you want the cookbook to use/configure virtual alias maps\n- `node['postfix']['use_relay_restrictions_maps']` - set to true if you want the cookbook to use/configure a list of domains to which postfix will allow relay\n- `node['postfix']['aliases']` - hash of aliases to create with `recipe[postfix::aliases]`, see below under **Recipes** for more information.\n- `node['postfix']['transports']` - hash of transports to create with `recipe[postfix::transports]`, see below under **Recipes** for more information.\n- `node['postfix']['access']` - hash of access to create with `recipe[postfix::access]`, see below under **Recipes** for more information.\n- `node['postfix']['virtual_aliases']` - hash of virtual_aliases to create with `recipe[postfix::virtual_aliases]`, see below under __Recipes__ for more information.\n- `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix'\n- `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix'\n\n### main.cf and sasl_passwd template attributes\n\nThe main.cf template has been simplified to include any attributes in the `node['postfix']['main']` data structure. The following attributes are still included with this cookbook to maintain some semblance of backwards compatibility.\n\nThis change in namespace to `node['postfix']['main']` should allow for greater flexibility, given the large number of configuration variables for the postfix daemon. All of these cookbook attributes correspond to the option of the same name in `/etc/postfix/main.cf`.\n\n- `node['postfix']['main']['biff']` - (yes/no); default no\n- `node['postfix']['main']['append_dot_mydomain']` - (yes/no); default no\n- `node['postfix']['main']['myhostname']` - defaults to fqdn from Ohai\n- `node['postfix']['main']['mydomain']` - defaults to domain from Ohai\n- `node['postfix']['main']['myorigin']` - defaults to $myhostname\n- `node['postfix']['main']['mynetworks']` - default is nil, which forces Postfix to default to loopback addresses.\n- `node['postfix']['main']['inet_interfaces']` - set to `loopback-only`, or `all` for server recipe\n- `node['postfix']['main']['alias_maps']` - set to `hash:/etc/aliases`\n- `node['postfix']['main']['mailbox_size_limit']` - set to `0` (disabled)\n- `node['postfix']['main']['mydestination']` - default fqdn, hostname, localhost.localdomain, localhost\n- `node['postfix']['main']['smtpd_use_tls']` - (yes/no); default yes. See conditional cert/key attributes.\n- `node['postfix']['main']['smtpd_tls_cert_file']` - conditional attribute, set to full path of server's x509 certificate.\n- `node['postfix']['main']['smtpd_tls_key_file']` - conditional attribute, set to full path of server's private key\n- `node['postfix']['main']['smtpd_tls_CAfile']` - set to platform specific CA bundle\n- `node['postfix']['main']['smtpd_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`\n- `node['postfix']['main']['smtp_use_tls']` - (yes/no); default yes. See following conditional attributes.\n- `node['postfix']['main']['smtp_tls_CAfile']` - set to platform specific CA bundle\n- `node['postfix']['main']['smtp_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`\n- `node['postfix']['main']['smtp_sasl_auth_enable']` - (yes/no); default no. If enabled, see following conditional attributes.\n- `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file\n- `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous\n- `node['postfix']['main']['relayhost']` - Set to empty string\n- `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty\n- `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty.\n- `node['postfix']['sender_canonical_map_entries']` - (hash with key value pairs); default not configured. Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config.\n- `node['postfix']['smtp_generic_map_entries']` - (hash with key value pairs); default not configured. Setup generic postfix maps. See `man 5 generic`. If has at least one value, then will be enabled in config.\n\nExample of json role config, for setup *_map_entries:\n\n`postfix : {`\n\n`...`\n\n`\"smtp_generic_map_entries\" : { \"root@youinternaldomain.local\" : \"admin@example.com\", \"admin@youinternaldomain.local\" : \"admin@example.com\" }`\n\n`}`\n\n### master.cf template attributes\n\nThe master.cf template has been changed to allow full customization of the file content. For purpose of backwards compatibility default attributes generate the same master.cf. But via `node['postfix']['master']` data structure in your role for instance it can be completelly rewritten.\n\nExamples of json role config, for customize master.cf:\n\n`postfix : {`\n\n`...`\n\nturn some services off or on:\n\n```json\n \"master\" : {\n \"smtps\": {\n \"active\": true\n },\n \"old-cyrus\": {\n \"active\": false\n },\n \"cyrus\": {\n \"active\": false\n },\n \"uucp\": {\n \"active\": false\n },\n \"ifmail\": {\n \"active\": false\n },\n```\n\n`...` define you own service:\n\n```json\n \"spamfilter\": {\n \"comment\": \"My own spamfilter\",\n \"active\": true,\n \"order\": 590,\n \"type\": \"unix\",\n \"unpriv\": false,\n \"chroot\": false,\n \"command\": \"pipe\",\n \"args\": [\"flags=Rq user=spamd argv=/usr/bin/spamfilter.sh -oi -f ${sender} ${recipient}\"]\n }\n```\n\n`...`\n\n`}` `}`\n\nThe possible service hash fields and their meanings: hash key - have to be unique, unless you wish to override default definition.\n\nField | Mandatory | Description\n------- | --------- | --------------------------------------------------------------------\nactive | Yes | Boolean. Defines whether or not the service needs to be in master.cf\ncomment | No | String. If you would like to add a comment line before service line\norder | Yes | Integer. Number to define the order of lines in the file\ntype | Yes | String. Type of the service (inet, unix, fifo)\nprivate | No | Boolean. If present replaced by `y` or `n`, otherwise by `-`\nunpriv | No | Boolean. If present replaced by `y` or `n`, otherwise by `-`\nchroot | No | Boolean. If present replaced by `y` or `n`, otherwise by `-`\nwakeup | No | String. If present value placed in file, otherwise replaced by `-`\nmaxproc | No | String. If present value placed in file, otherwise replaced by `-`\ncommand | Yes | String. The command to be executed.\nargs | Yes | Array of Strings. Arguments passed to command.\n\nFor more information about meaning of the fields consult `master (5)` manual: \n\n## Recipes\n\n### default\n\nInstalls the postfix package and manages the service and the main configuration files (`/etc/postfix/main.cf` and `/etc/postfix/master.cf`). See **Usage** and **Examples** to see how to affect behavior of this recipe through configuration. Depending on the `node['postfix']['use_alias_maps']`, `node['postfix']['use_transport_maps']`, `node['postfix']['use_access_maps']` and `node['postfix']['use_virtual_aliases']` attributes the default recipe can call additional recipes to manage additional postfix configuration files\n\nFor a more dynamic approach to discovery for the relayhost, see the `client` and `server` recipes below.\n\n### client\n\nUse this recipe to have nodes automatically search for the mail relay based which node has the `node['postfix']['relayhost_role']` role. Sets the `node['postfix']['main']['relayhost']` attribute to the first result from the search.\n\nIncludes the default recipe to install, configure and start postfix.\n\nDoes not work with `chef-solo`.\n\n### sasl_auth\n\nSets up the system to authenticate with a remote mail relay using SASL authentication.\n\n### server\n\nTo use Chef Server search to automatically detect a node that is the relayhost, use this recipe in a role that will be relayhost. By default, the role should be \"relayhost\" but you can change the attribute `node['postfix']['relayhost_role']` to modify this.\n\n**Note** This recipe will set the `node['postfix']['mail_type']` to \"master\" with an override attribute.\n\n### maps\n\nGeneral recipe to manage any number of any type postfix lookup tables. You can replace with it recipes like `transport` or `virtual_aliases`, but what is more important - you can create any kinds of maps, which has no own recipe, including database lookup maps configuration. `maps` is a hash keys of which is a lookup table type and value is another hash with filenames as the keys and hash with file content as the value. File content is an any number of key/value pairs which meaning depends on lookup table type. Examlle:\n\n```json\n \"override_attributes\": {\n \"postfix\": {\n \"maps\": {\n \"hash\": {\n \"/etc/postfix/vmailbox\": {\n \"john@example.com\": \"ok\",\n \"john@example.net\": \"ok\",\n },\n \"/etc/postfix/virtual\": {\n \"postmaster@example.com\": \"john@example.com\",\n \"postmaster@example.net\": \"john@example.net\",\n \"root@mail.example.net\": \"john@example.net\"\n },\n \"/etc/postfix/envelope_senders\": {\n \"@example.com\": \"john@example.com\",\n \"@example.net\": \"john@example.net\"\n },\n \"/etc/postfix/relay_recipients\": {\n \"john@example.net\": \"ok\",\n \"john@example.com\": \"ok\",\n \"admin@example.com\": \"ok\",\n }\n },\n \"pgsql\": {\n \"/etc/postfix/pgtest\": {\n \"hosts\": \"db.local:2345\",\n \"user\": \"postfix\",\n \"password\": \"test\",\n \"dbname\": \"postdb\",\n \"query\": \"SELECT replacement FROM aliases WHERE mailbox = '%s'\"\n }\n }\n }\n }\n```\n\nTo use these files in your configuration reference them in `node['postfix']['main']`, for instance:\n\n```json\n \"postfix\": {\n \"main\": {\n \"smtpd_sender_login_maps\": \"hash:/etc/postfix/envelope_senders\",\n \"relay_recipient_maps\": \"hash:/etc/postfix/relay_recipients\",\n \"virtual_mailbox_maps\": \"hash:/etc/postfix/vmailbox\",\n \"virtual_alias_maps\": \"hash:/etc/postfix/virtual\",\n }\n }\n```\n\n### aliases\n\nManage `/etc/aliases` with this recipe. Currently only Ubuntu 10.04 platform has a template for the aliases file. Add your aliases template to the `templates/default` or to the appropriate platform+version directory per the File Specificity rules for templates. Then specify a hash of aliases for the `node['postfix']['aliases']` attribute.\n\nArrays are supported as alias values, since postfix supports comma separated values per alias, simply specify your alias as an array to use this handy feature.\n\n### aliases\n\nManage `/etc/aliases` with this recipe.\n\n### transports\n\nManage `/etc/postfix/transport` with this recipe.\n\n### access\n\nManage `/etc/postfix/access` with this recipe.\n\n### virtual_aliases\n\nManage `/etc/postfix/virtual` with this recipe.\n\n### relay_restrictions\n\nManage `/etc/postfix/relay_restriction` with this recipe The postfix option smtpd_relay_restrictions in main.cf will point to this hash map db.\n\n\n\n## Usage\n\nOn systems that should simply send mail directly to a relay, or out to the internet, use `recipe[postfix]` and modify the `node['postfix']['main']['relayhost']` attribute via a role.\n\nOn systems that should be the MX for a domain, set the attributes accordingly and make sure the `node['postfix']['mail_type']` attribute is `master`. See **Examples** for information on how to use `recipe[postfix::server]` to do this automatically.\n\nIf you need to use SASL authentication to send mail through your ISP (such as on a home network), use `postfix::sasl_auth` and set the appropriate attributes.\n\nFor each of these implementations, see **Examples** for role usage.\n\n### Examples\n\nThe example roles below only have the relevant postfix usage. You may have other contents depending on what you're configuring on your systems.\n\nThe `base` role is applied to all nodes in the environment.\n\n```ruby\nname \"base\"\nrun_list(\"recipe[postfix]\")\noverride_attributes(\n \"postfix\" => {\n \"mail_type\" => \"client\",\n \"main\" => {\n \"mydomain\" => \"example.com\",\n \"myorigin\" => \"example.com\",\n \"relayhost\" => \"[smtp.example.com]\",\n \"smtp_use_tls\" => \"no\"\n }\n }\n)\n```\n\nThe `relayhost` role is applied to the nodes that are relayhosts. Often this is 2 systems using a CNAME of `smtp.example.com`.\n\n```ruby\nname \"relayhost\"\nrun_list(\"recipe[postfix::server]\")\noverride_attributes(\n \"postfix\" => {\n \"mail_type\" => \"master\",\n \"main\" => {\n \"mynetworks\" => [ \"10.3.3.0/24\", \"127.0.0.0/8\" ],\n \"inet_interfaces\" => \"all\",\n \"mydomain\" => \"example.com\",\n \"myorigin\" => \"example.com\"\n }\n)\n```\n\nThe `sasl_relayhost` role is applied to the nodes that are relayhosts and require authenticating with SASL. For example this might be on a household network with an ISP that otherwise blocks direct internet access to SMTP.\n\n```ruby\nname \"sasl_relayhost\"\nrun_list(\"recipe[postfix], recipe[postfix::sasl_auth]\")\noverride_attributes(\n \"postfix\" => {\n \"mail_type\" => \"master\",\n \"main\" => {\n \"mynetworks\" => \"10.3.3.0/24\",\n \"mydomain\" => \"example.com\",\n \"myorigin\" => \"example.com\",\n \"relayhost\" => \"[smtp.comcast.net]:587\",\n \"smtp_sasl_auth_enable\" => \"yes\"\n },\n \"sasl\" => {\n \"smtp_sasl_passwd\" => \"your_password\",\n \"smtp_sasl_user_name\" => \"your_username\"\n }\n }\n)\n```\n\nFor an example of using encrypted data bags to encrypt the SASL password, see the following blog post:\n\n- \n\n#### Examples using the client & server recipes\n\nIf you'd like to use the more dynamic search based approach for discovery, use the server and client recipes. First, create a relayhost role.\n\n```ruby\nname \"relayhost\"\nrun_list(\"recipe[postfix::server]\")\noverride_attributes(\n \"postfix\" => {\n \"main\" => {\n \"mynetworks\" => \"10.3.3.0/24\",\n \"mydomain\" => \"example.com\",\n \"myorigin\" => \"example.com\"\n }\n }\n)\n```\n\nThen, add the `postfix::client` recipe to the run list of your `base` role or equivalent role for postfix clients.\n\n```ruby\nname \"base\"\nrun_list(\"recipe[postfix::client]\")\noverride_attributes(\n \"postfix\" => {\n \"mail_type\" => \"client\",\n \"main\" => {\n \"mydomain\" => \"example.com\",\n \"myorigin\" => \"example.com\"\n }\n }\n)\n```\n\nIf you wish to use a different role name for the relayhost, then also set the attribute in the `base` role. For example, `postfix_master` as the role name:\n\n```ruby\nname \"postfix_master\"\ndescription \"a role for postfix master that isn't relayhost\"\nrun_list(\"recipe[postfix::server]\")\noverride_attributes(\n \"postfix\" => {\n \"main\" => {\n \"mynetworks\" => \"10.3.3.0/24\",\n \"mydomain\" => \"example.com\",\n \"myorigin\" => \"example.com\"\n }\n }\n)\n```\n\nThe base role would look something like this:\n\n```ruby\nname \"base\"\nrun_list(\"recipe[postfix::client]\")\noverride_attributes(\n \"postfix\" => {\n \"relayhost_role\" => \"postfix_master\",\n \"mail_type\" => \"client\",\n \"main\" => {\n \"mydomain\" => \"example.com\",\n \"myorigin\" => \"example.com\"\n }\n }\n)\n```\n\nTo use relay restrictions override the relay restrictions attribute in this format:\n\n```ruby\noverride_attributes(\n \"postfix\" => {\n \"use_relay_restrictions_maps\" => true,\n \"relay_restrictions\" => {\n \"chef.io\" => \"OK\",\n \".chef.io\" => \"OK\",\n \"example.com\" => \"OK\"\n }\n }\n)\n```\n\n## License & Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2009-2016, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"ubuntu":">= 0.0.0","debian":">= 0.0.0","redhat":">= 0.0.0","centos":">= 0.0.0","amazon":">= 0.0.0","oracle":">= 0.0.0","scientific":">= 0.0.0","smartos":">= 0.0.0","fedora":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"postfix":"Installs and configures postfix","postfix::sasl_auth":"Set up postfix to auth to a server with sasl","postfix::aliases":"Manages /etc/aliases","postfix::transports":"Manages /etc/postfix/transport","postfix::access":"Manages /etc/postfix/access","postfix::virtual_aliases":"Manages /etc/postfix/virtual","postfix::client":"Searches for the relayhost based on an attribute","postfix::server":"Sets the mail_type attribute to master","postfix::maps":"Manages any number of any type postfix lookup tables"},"source_url":"https://github.com/chef-cookbooks/postfix","issues_url":"https://github.com/chef-cookbooks/postfix/issues","chef_version":[[">= 12.1"]],"ohai_version":[]} \ No newline at end of file +{ + "name": "postfix", + "description": "Installs and configures postfix for client or outbound relayhost, or to do SASL auth", + "long_description": "", + "maintainer": "Sous Chefs", + "maintainer_email": "help@sous-chefs.org", + "license": "Apache-2.0", + "platforms": { + "amazon": ">= 0.0.0", + "centos": ">= 0.0.0", + "debian": ">= 0.0.0", + "fedora": ">= 0.0.0", + "freebsd": ">= 0.0.0", + "oracle": ">= 0.0.0", + "redhat": ">= 0.0.0", + "scientific": ">= 0.0.0", + "smartos": ">= 0.0.0", + "ubuntu": ">= 0.0.0" + }, + "dependencies": { + + }, + "providing": { + + }, + "recipes": { + + }, + "version": "6.0.26", + "source_url": "https://github.com/sous-chefs/postfix", + "issues_url": "https://github.com/sous-chefs/postfix/issues", + "privacy": false, + "chef_versions": [ + [ + ">= 12.15" + ] + ], + "ohai_versions": [ + + ], + "gems": [ + + ], + "eager_load_libraries": true +} diff --git a/cookbooks/postfix/metadata.rb b/cookbooks/postfix/metadata.rb new file mode 100644 index 0000000..7289daa --- /dev/null +++ b/cookbooks/postfix/metadata.rb @@ -0,0 +1,20 @@ +name 'postfix' +maintainer 'Sous Chefs' +maintainer_email 'help@sous-chefs.org' +license 'Apache-2.0' +description 'Installs and configures postfix for client or outbound relayhost, or to do SASL auth' +version '6.0.26' +source_url 'https://github.com/sous-chefs/postfix' +issues_url 'https://github.com/sous-chefs/postfix/issues' +chef_version '>= 12.15' + +supports 'amazon' +supports 'centos' +supports 'debian' +supports 'fedora' +supports 'freebsd' +supports 'oracle' +supports 'redhat' +supports 'scientific' +supports 'smartos' +supports 'ubuntu' diff --git a/cookbooks/postfix/recipes/_attributes.rb b/cookbooks/postfix/recipes/_attributes.rb index f3ffe6e..5e7449d 100644 --- a/cookbooks/postfix/recipes/_attributes.rb +++ b/cookbooks/postfix/recipes/_attributes.rb @@ -1,4 +1,4 @@ -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,9 +13,7 @@ # limitations under the License. # -if node['postfix']['use_procmail'] - node.default_unless['postfix']['main']['mailbox_command'] = '/usr/bin/procmail -a "$EXTENSION"' -end +node.default_unless['postfix']['main']['mailbox_command'] = '/usr/bin/procmail -a "$EXTENSION"' if node['postfix']['use_procmail'] if node['postfix']['main']['smtpd_use_tls'] == 'yes' node.default_unless['postfix']['main']['smtpd_tls_cert_file'] = '/etc/ssl/certs/ssl-cert-snakeoil.pem' @@ -38,34 +36,18 @@ if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes' node.default_unless['postfix']['main']['relayhost'] = '' end -if node['postfix']['use_alias_maps'] - node.default_unless['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"] -end +node.default_unless['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps'] -if node['postfix']['use_transport_maps'] - node.default_unless['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"] -end +node.default_unless['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps'] -if node['postfix']['use_access_maps'] - node.default_unless['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"] -end +node.default_unless['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps'] -if node['postfix']['use_virtual_aliases'] - node.default_unless['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"] -end +node.default_unless['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"] if node['postfix']['use_virtual_aliases'] -if node['postfix']['use_virtual_aliases_domains'] - node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"] -end +node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"] if node['postfix']['use_virtual_aliases_domains'] -if node['postfix']['use_relay_restrictions_maps'] - default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" -end +node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps'] -if node['postfix']['master']['maildrop']['active'] - node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1 -end +node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1 if node['postfix']['master']['maildrop']['active'] -if node['postfix']['master']['cyrus']['active'] - node.default_unless['postfix']['main']['cyrus_destination_recipient_limit'] = 1 -end +node.default_unless['postfix']['main']['cyrus_destination_recipient_limit'] = 1 if node['postfix']['master']['cyrus']['active'] diff --git a/cookbooks/postfix/recipes/_common.rb b/cookbooks/postfix/recipes/_common.rb index 17d5e0e..ab3aeab 100644 --- a/cookbooks/postfix/recipes/_common.rb +++ b/cookbooks/postfix/recipes/_common.rb @@ -2,7 +2,7 @@ # Cookbook:: common # Recipe:: default # -# Copyright:: 2009-2017, Chef Software, Inc. +# Copyright:: 2009-2020, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,12 +19,19 @@ include_recipe 'postfix::_attributes' -package 'postfix' +# use multi-package when we can +if node['os'] == 'linux' + package node['postfix']['packages'] +else + node['postfix']['packages'].each do |pkg| + package pkg + end +end package 'procmail' if node['postfix']['use_procmail'] case node['platform_family'] -when 'rhel', 'fedora' +when 'rhel', 'fedora', 'amazon' service 'sendmail' do action :nothing end @@ -35,6 +42,8 @@ when 'rhel', 'fedora' notifies :start, 'service[postfix]' not_if '/usr/bin/test /etc/alternatives/mta -ef /usr/sbin/sendmail.postfix' end +when 'suse' + file '/var/adm/postfix.configured' when 'omnios' manifest_path = ::File.join(Chef::Config[:file_cache_path], 'manifest-postfix.xml') @@ -67,7 +76,68 @@ when 'omnios' execute 'load postfix manifest' do action :nothing command "svccfg import #{manifest_path}" - notifies :restart, 'service[postfix]' + notifies :restart, 'service[postfix]' unless platform_family?('solaris2') + end +when 'freebsd' + # Actions are based on docs provided by FreeBSD: + # https://www.freebsd.org/doc/handbook/mail-changingmta.html + service 'sendmail' do + action :nothing + end + + template '/etc/mail/mailer.conf' do + source 'mailer.erb' + owner 'root' + group 0 + notifies :restart, 'service[postfix]' unless platform_family?('solaris2') + end + + execute 'switch_mailer_to_postfix' do + command [ + 'sysrc', + 'sendmail_enable=NO', + 'sendmail_submit_enable=NO', + 'sendmail_outbound_enable=NO', + 'sendmail_msp_queue_enable=NO', + 'postfix_enable=YES', + ] + notifies :stop, 'service[sendmail]', :immediately + notifies :disable, 'service[sendmail]', :immediately + notifies :start, 'service[postfix]', :delayed + only_if "sysrc sendmail_enable sendmail_submit_enable sendmail_outbound_enable sendmail_msp_queue_enable | egrep -q '(YES|unknown variable)' || sysrc postfix_enable | egrep -q '(NO|unknown variable)'" + end + + execute 'disable_periodic' do + # rubocop:disable Lint/ParenthesesAsGroupedExpression + environment ({ 'RC_CONFS' => '/etc/periodic.conf' }) + command [ + 'sysrc', + 'daily_clean_hoststat_enable=NO', + 'daily_status_mail_rejects_enable=NO', + 'daily_status_include_submit_mailq=NO', + 'daily_submit_queuerun=NO', + ] + only_if "RC_CONFS=/etc/periodic.conf sysrc daily_clean_hoststat_enable daily_status_mail_rejects_enable daily_status_include_submit_mailq daily_submit_queuerun | egrep -q '(YES|unknown variable)'" + end +end + +# We need to write the config first as the below postmap immediately commands assume config is correct +# Which is not the case as ipv6 is assumed to be available by the postfix package +# And if someone wants to disable this first we need to update the config first aswell +%w( main master ).each do |cfg| + template "#{node['postfix']['conf_dir']}/#{cfg}.cf" do + source "#{cfg}.cf.erb" + owner 'root' + group node['root_group'] + mode '0644' + # restart service for solaris on chef-client has a bug + # unless condition can be removed after + # https://github.com/chef/chef/pull/6596 merge/release + notifies :restart, 'service[postfix]' unless platform_family?('solaris2') + variables( + lazy { { settings: node['postfix'][cfg] } } + ) + cookbook node['postfix']["#{cfg}_template_source"] end end @@ -81,13 +151,11 @@ unless node['postfix']['sender_canonical_map_entries'].empty? owner 'root' group node['root_group'] mode '0644' - notifies :run, 'execute[update-postfix-sender_canonical]' + notifies :run, 'execute[update-postfix-sender_canonical]', :immediately notifies :reload, 'service[postfix]' end - unless node['postfix']['main'].key?('sender_canonical_maps') - node.normal['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical" - end + node.default['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps') end execute 'update-postfix-smtp_generic' do @@ -100,28 +168,31 @@ unless node['postfix']['smtp_generic_map_entries'].empty? owner 'root' group node['root_group'] mode '0644' - notifies :run, 'execute[update-postfix-smtp_generic]' + notifies :run, 'execute[update-postfix-smtp_generic]', :immediately notifies :reload, 'service[postfix]' end - unless node['postfix']['main'].key?('smtp_generic_maps') - node.normal['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic" - end + node.default['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps') end -%w( main master ).each do |cfg| - template "#{node['postfix']['conf_dir']}/#{cfg}.cf" do - source "#{cfg}.cf.erb" +execute 'update-postfix-recipient_canonical' do + command "postmap #{node['postfix']['conf_dir']}/recipient_canonical" + action :nothing +end + +unless node['postfix']['recipient_canonical_map_entries'].empty? + template "#{node['postfix']['conf_dir']}/recipient_canonical" do owner 'root' group node['root_group'] mode '0644' - notifies :restart, 'service[postfix]' - variables(settings: node['postfix'][cfg]) - cookbook node['postfix']["#{cfg}_template_source"] + notifies :run, 'execute[update-postfix-recipient_canonical]', :immediately + notifies :reload, 'service[postfix]' end + + node.default['postfix']['main']['recipient_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps') end service 'postfix' do supports status: true, restart: true, reload: true - action :enable + action [:enable, :start] end diff --git a/cookbooks/postfix/recipes/access.rb b/cookbooks/postfix/recipes/access.rb index 62e3025..cfe5dbd 100644 --- a/cookbooks/postfix/recipes/access.rb +++ b/cookbooks/postfix/recipes/access.rb @@ -1,4 +1,4 @@ -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,5 +23,5 @@ end template node['postfix']['access_db'] do source 'access.erb' - notifies :run, 'execute[update-postfix-access]' + notifies :run, 'execute[update-postfix-access]', :immediately end diff --git a/cookbooks/postfix/recipes/aliases.rb b/cookbooks/postfix/recipes/aliases.rb index 67d6db7..f8eec97 100644 --- a/cookbooks/postfix/recipes/aliases.rb +++ b/cookbooks/postfix/recipes/aliases.rb @@ -1,4 +1,4 @@ -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,5 +25,5 @@ end template node['postfix']['aliases_db'] do source 'aliases.erb' - notifies :run, 'execute[update-postfix-aliases]' + notifies :run, 'execute[update-postfix-aliases]', :immediately end diff --git a/cookbooks/postfix/recipes/client.rb b/cookbooks/postfix/recipes/client.rb index 2231ce2..b5009a6 100644 --- a/cookbooks/postfix/recipes/client.rb +++ b/cookbooks/postfix/recipes/client.rb @@ -2,7 +2,7 @@ # Cookbook:: postfix # Recipe:: client # -# Copyright:: 2009-2017, Chef Software, Inc. +# Copyright:: 2009-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,6 +24,9 @@ end query = "role:#{node['postfix']['relayhost_role']}" relayhost = '' +# if the relayhost_port attribute is not port 25, append to the relayhost +relayhost_port = node['postfix']['relayhost_port'].to_s != '25' ? ":#{node['postfix']['relayhost_port']}" : '' + # results = [] if node.run_list.roles.include?(node['postfix']['relayhost_role']) @@ -36,6 +39,6 @@ else relayhost = results.map { |n| n['ipaddress'] }.first end -node.normal['postfix']['main']['relayhost'] = "[#{relayhost}]" +node.default['postfix']['main']['relayhost'] = "[#{relayhost}]#{relayhost_port}" include_recipe 'postfix' diff --git a/cookbooks/postfix/recipes/default.rb b/cookbooks/postfix/recipes/default.rb index 07026e4..9fed0be 100644 --- a/cookbooks/postfix/recipes/default.rb +++ b/cookbooks/postfix/recipes/default.rb @@ -2,7 +2,7 @@ # Cookbook:: postfix # Recipe:: default # -# Copyright:: 2009-2017, Chef Software, Inc. +# Copyright:: 2009-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/postfix/recipes/maps.rb b/cookbooks/postfix/recipes/maps.rb index 9c47486..35ea9ad 100644 --- a/cookbooks/postfix/recipes/maps.rb +++ b/cookbooks/postfix/recipes/maps.rb @@ -1,5 +1,4 @@ -# encoding: utf-8 -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,7 +14,11 @@ # node['postfix']['maps'].each do |type, maps| - if node['platform_family'] == 'debian' + if platform_family?('debian') + package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type) + end + + if platform?('redhat') && node['platform_version'].to_i == 8 package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type) end @@ -38,9 +41,7 @@ node['postfix']['maps'].each do |type, maps| map: content, separator: separator ) - if %w(btree cdb dbm hash sdbm).include?(type) - notifies :run, "execute[update-postmap-#{file}]" - end + notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash sdbm).include?(type) notifies :restart, 'service[postfix]' end end diff --git a/cookbooks/postfix/recipes/relay_restrictions.rb b/cookbooks/postfix/recipes/relay_restrictions.rb index c5548e4..08aabcd 100644 --- a/cookbooks/postfix/recipes/relay_restrictions.rb +++ b/cookbooks/postfix/recipes/relay_restrictions.rb @@ -1,4 +1,4 @@ -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,13 +15,15 @@ include_recipe 'postfix::_common' +postmap_command = platform_family?('rhel') ? '/usr/sbin/postmap' : 'postmap' + execute 'update-postfix-relay-restrictions' do - command "postmap #{node['postfix']['relay_restrictions_db']}" + command "#{postmap_command} #{node['postfix']['relay_restrictions_db']}" environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios') action :nothing end template node['postfix']['relay_restrictions_db'] do source 'relay_restrictions.erb' - notifies :run, 'execute[update-postfix-relay-restrictions]' + notifies :run, 'execute[update-postfix-relay-restrictions]', :immediately end diff --git a/cookbooks/postfix/recipes/sasl_auth.rb b/cookbooks/postfix/recipes/sasl_auth.rb index 38f040e..bd9c18f 100644 --- a/cookbooks/postfix/recipes/sasl_auth.rb +++ b/cookbooks/postfix/recipes/sasl_auth.rb @@ -3,7 +3,7 @@ # Cookbook:: postfix # Recipe:: sasl_auth # -# Copyright:: 2009-2017, Chef Software, Inc. +# Copyright:: 2009-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,11 +28,9 @@ case node['platform_family'] when 'debian' sasl_pkgs = %w(libsasl2-2 libsasl2-modules ca-certificates) when 'rhel' - sasl_pkgs = if node['platform_version'].to_i < 6 - %w(cyrus-sasl cyrus-sasl-plain openssl) - else - %w(cyrus-sasl cyrus-sasl-plain ca-certificates) - end + sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates) +when 'amazon' + sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates) when 'fedora' sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates) end diff --git a/cookbooks/postfix/recipes/server.rb b/cookbooks/postfix/recipes/server.rb index 2166777..eaa14a6 100644 --- a/cookbooks/postfix/recipes/server.rb +++ b/cookbooks/postfix/recipes/server.rb @@ -3,7 +3,7 @@ # Cookbook:: postfix # Recipe:: server # -# Copyright:: 2009-2017, Chef Software, Inc. +# Copyright:: 2009-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/postfix/recipes/transports.rb b/cookbooks/postfix/recipes/transports.rb index 7386caa..5436ae6 100644 --- a/cookbooks/postfix/recipes/transports.rb +++ b/cookbooks/postfix/recipes/transports.rb @@ -1,4 +1,4 @@ -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,13 +15,15 @@ include_recipe 'postfix::_common' +postmap_command = platform_family?('rhel') ? '/usr/sbin/postmap' : 'postmap' + execute 'update-postfix-transport' do - command "postmap #{node['postfix']['transport_db']}" + command "#{postmap_command} #{node['postfix']['transport_db']}" environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios') action :nothing end template node['postfix']['transport_db'] do source 'transport.erb' - notifies :run, 'execute[update-postfix-transport]' + notifies :run, 'execute[update-postfix-transport]', :immediately end diff --git a/cookbooks/postfix/recipes/virtual_aliases.rb b/cookbooks/postfix/recipes/virtual_aliases.rb index f8e9eda..7047807 100644 --- a/cookbooks/postfix/recipes/virtual_aliases.rb +++ b/cookbooks/postfix/recipes/virtual_aliases.rb @@ -1,4 +1,4 @@ -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,6 +23,6 @@ end template node['postfix']['virtual_alias_db'] do source 'virtual_aliases.erb' - notifies :run, 'execute[update-postfix-virtual-alias]' + notifies :run, 'execute[update-postfix-virtual-alias]', :immediately notifies :restart, 'service[postfix]' end diff --git a/cookbooks/postfix/recipes/virtual_aliases_domains.rb b/cookbooks/postfix/recipes/virtual_aliases_domains.rb index 067b697..3ded82d 100644 --- a/cookbooks/postfix/recipes/virtual_aliases_domains.rb +++ b/cookbooks/postfix/recipes/virtual_aliases_domains.rb @@ -1,4 +1,4 @@ -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,6 +23,6 @@ end template node['postfix']['virtual_alias_domains_db'] do source 'virtual_aliases_domains.erb' - notifies :run, 'execute[update-postfix-virtual-alias-domains]' + notifies :run, 'execute[update-postfix-virtual-alias-domains]', :immediately notifies :restart, 'service[postfix]' end diff --git a/cookbooks/postfix/renovate.json b/cookbooks/postfix/renovate.json new file mode 100644 index 0000000..7e7a8ba --- /dev/null +++ b/cookbooks/postfix/renovate.json @@ -0,0 +1,17 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["config:base"], + "packageRules": [{ + "groupName": "Actions", + "matchUpdateTypes": ["patch", "pin", "digest"], + "automerge": true, + "addLabels": ["Release: Patch", "Skip: Announcements"] + }, + { + "groupName": "Actions", + "matchUpdateTypes": ["major"], + "automerge": false, + "addLabels": ["Release: Patch", "Skip: Announcements"] + } + ] +} diff --git a/cookbooks/postfix/templates/default/access.erb b/cookbooks/postfix/templates/access.erb similarity index 100% rename from cookbooks/postfix/templates/default/access.erb rename to cookbooks/postfix/templates/access.erb diff --git a/cookbooks/postfix/templates/default/aliases.erb b/cookbooks/postfix/templates/aliases.erb similarity index 100% rename from cookbooks/postfix/templates/default/aliases.erb rename to cookbooks/postfix/templates/aliases.erb diff --git a/cookbooks/postfix/templates/default/sasl_passwd.erb b/cookbooks/postfix/templates/default/sasl_passwd.erb deleted file mode 100644 index 18f16b3..0000000 --- a/cookbooks/postfix/templates/default/sasl_passwd.erb +++ /dev/null @@ -1,4 +0,0 @@ -# Auto-generated by Chef. -# Local modifications will be overwritten. -# -<%= node['postfix']['main']['relayhost'] %> <%= @settings['smtp_sasl_user_name'] %>:<%= @settings['smtp_sasl_passwd'] %> diff --git a/cookbooks/postfix/templates/mailer.erb b/cookbooks/postfix/templates/mailer.erb new file mode 100644 index 0000000..1865157 --- /dev/null +++ b/cookbooks/postfix/templates/mailer.erb @@ -0,0 +1,10 @@ +# +# Auto-generated by Chef. +# Local modifications will be overwritten. +# +# Execute the Postfix sendmail program, named /usr/local/sbin/sendmail +# +sendmail /usr/local/sbin/sendmail +send-mail /usr/local/sbin/sendmail +mailq /usr/local/sbin/sendmail +newaliases /usr/local/sbin/sendmail diff --git a/cookbooks/postfix/templates/default/main.cf.erb b/cookbooks/postfix/templates/main.cf.erb similarity index 100% rename from cookbooks/postfix/templates/default/main.cf.erb rename to cookbooks/postfix/templates/main.cf.erb diff --git a/cookbooks/postfix/templates/default/manifest-postfix.xml.erb b/cookbooks/postfix/templates/manifest-postfix.xml.erb similarity index 100% rename from cookbooks/postfix/templates/default/manifest-postfix.xml.erb rename to cookbooks/postfix/templates/manifest-postfix.xml.erb diff --git a/cookbooks/postfix/templates/default/maps.erb b/cookbooks/postfix/templates/maps.erb similarity index 100% rename from cookbooks/postfix/templates/default/maps.erb rename to cookbooks/postfix/templates/maps.erb diff --git a/cookbooks/postfix/templates/default/master.cf.erb b/cookbooks/postfix/templates/master.cf.erb similarity index 100% rename from cookbooks/postfix/templates/default/master.cf.erb rename to cookbooks/postfix/templates/master.cf.erb diff --git a/cookbooks/postfix/templates/default/port_smtp.erb b/cookbooks/postfix/templates/port_smtp.erb similarity index 100% rename from cookbooks/postfix/templates/default/port_smtp.erb rename to cookbooks/postfix/templates/port_smtp.erb diff --git a/cookbooks/postfix/templates/recipient_canonical.erb b/cookbooks/postfix/templates/recipient_canonical.erb new file mode 100644 index 0000000..bfff5c1 --- /dev/null +++ b/cookbooks/postfix/templates/recipient_canonical.erb @@ -0,0 +1,9 @@ +# +# Auto-generated by Chef. +# Local modifications will be overwritten. +# +# See man 5 canonical for format + +<% node['postfix']['recipient_canonical_map_entries'].each do |name, value| %> +<%= name %> <%= value %> +<% end unless node['postfix']['recipient_canonical_map_entries'].nil? %> diff --git a/cookbooks/postfix/templates/default/relay_restrictions.erb b/cookbooks/postfix/templates/relay_restrictions.erb similarity index 100% rename from cookbooks/postfix/templates/default/relay_restrictions.erb rename to cookbooks/postfix/templates/relay_restrictions.erb diff --git a/cookbooks/postfix/templates/sasl_passwd.erb b/cookbooks/postfix/templates/sasl_passwd.erb new file mode 100644 index 0000000..7ead10e --- /dev/null +++ b/cookbooks/postfix/templates/sasl_passwd.erb @@ -0,0 +1,8 @@ +# Auto-generated by Chef. +# Local modifications will be overwritten. + +<% if !@settings.nil? && !@settings.empty? -%> +<% @settings.sort.map do |relayhost,value| -%> +<%= relayhost %> <%= value['username'] %>:<%= value['password'] %> +<% end -%> +<% end -%> diff --git a/cookbooks/postfix/templates/default/sender_canonical.erb b/cookbooks/postfix/templates/sender_canonical.erb similarity index 100% rename from cookbooks/postfix/templates/default/sender_canonical.erb rename to cookbooks/postfix/templates/sender_canonical.erb diff --git a/cookbooks/postfix/templates/default/smtp_generic.erb b/cookbooks/postfix/templates/smtp_generic.erb similarity index 100% rename from cookbooks/postfix/templates/default/smtp_generic.erb rename to cookbooks/postfix/templates/smtp_generic.erb diff --git a/cookbooks/postfix/templates/default/transport.erb b/cookbooks/postfix/templates/transport.erb similarity index 100% rename from cookbooks/postfix/templates/default/transport.erb rename to cookbooks/postfix/templates/transport.erb diff --git a/cookbooks/postfix/templates/default/virtual_aliases.erb b/cookbooks/postfix/templates/virtual_aliases.erb similarity index 100% rename from cookbooks/postfix/templates/default/virtual_aliases.erb rename to cookbooks/postfix/templates/virtual_aliases.erb diff --git a/cookbooks/postfix/templates/default/virtual_aliases_domains.erb b/cookbooks/postfix/templates/virtual_aliases_domains.erb similarity index 100% rename from cookbooks/postfix/templates/default/virtual_aliases_domains.erb rename to cookbooks/postfix/templates/virtual_aliases_domains.erb From fbcf1ed5e707f67d70848937adbdbb6b858268a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 1 Dec 2023 09:50:35 +0100 Subject: [PATCH 02/95] WIP Add initial cookbook and roles for email service --- roles/email_proxy.rb | 5 + roles/email_server.rb | 6 + site-cookbooks/kosmos_email/.gitignore | 25 ++ site-cookbooks/kosmos_email/CHANGELOG.md | 7 + site-cookbooks/kosmos_email/LICENSE | 20 + .../kosmos_email/attributes/default.rb | 4 + site-cookbooks/kosmos_email/chefignore | 115 +++++ .../kosmos_email/compliance/README.md | 25 ++ site-cookbooks/kosmos_email/kitchen.yml | 53 +++ site-cookbooks/kosmos_email/metadata.rb | 10 + .../kosmos_email/recipes/default.rb | 25 ++ .../kosmos_email/recipes/dovecot.rb | 84 ++++ .../kosmos_email/recipes/firewall.rb | 34 ++ .../kosmos_email/recipes/postfix.rb | 144 ++++++ .../templates/dovecot-ldap.conf.ext.erb | 151 +++++++ .../kosmos_email/templates/dovecot.conf.erb | 105 +++++ .../templates/dovecot_10-auth.conf.erb | 127 ++++++ .../templates/dovecot_10-mail.conf.erb | 421 ++++++++++++++++++ .../templates/dovecot_10-master.conf.erb | 113 +++++ .../templates/dovecot_10-ssl.conf.erb | 83 ++++ .../templates/ldap-aliases.cf.erb | 7 + .../templates/ldap-virtual-mailboxes.cf.erb | 7 + .../test/integration/default/default_test.rb | 16 + 23 files changed, 1587 insertions(+) create mode 100644 roles/email_proxy.rb create mode 100644 roles/email_server.rb create mode 100644 site-cookbooks/kosmos_email/.gitignore create mode 100644 site-cookbooks/kosmos_email/CHANGELOG.md create mode 100644 site-cookbooks/kosmos_email/LICENSE create mode 100644 site-cookbooks/kosmos_email/attributes/default.rb create mode 100644 site-cookbooks/kosmos_email/chefignore create mode 100644 site-cookbooks/kosmos_email/compliance/README.md create mode 100644 site-cookbooks/kosmos_email/kitchen.yml create mode 100644 site-cookbooks/kosmos_email/metadata.rb create mode 100644 site-cookbooks/kosmos_email/recipes/default.rb create mode 100644 site-cookbooks/kosmos_email/recipes/dovecot.rb create mode 100644 site-cookbooks/kosmos_email/recipes/firewall.rb create mode 100644 site-cookbooks/kosmos_email/recipes/postfix.rb create mode 100644 site-cookbooks/kosmos_email/templates/dovecot-ldap.conf.ext.erb create mode 100644 site-cookbooks/kosmos_email/templates/dovecot.conf.erb create mode 100644 site-cookbooks/kosmos_email/templates/dovecot_10-auth.conf.erb create mode 100644 site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb create mode 100644 site-cookbooks/kosmos_email/templates/dovecot_10-master.conf.erb create mode 100644 site-cookbooks/kosmos_email/templates/dovecot_10-ssl.conf.erb create mode 100644 site-cookbooks/kosmos_email/templates/ldap-aliases.cf.erb create mode 100644 site-cookbooks/kosmos_email/templates/ldap-virtual-mailboxes.cf.erb create mode 100644 site-cookbooks/kosmos_email/test/integration/default/default_test.rb diff --git a/roles/email_proxy.rb b/roles/email_proxy.rb new file mode 100644 index 0000000..e0030dc --- /dev/null +++ b/roles/email_proxy.rb @@ -0,0 +1,5 @@ +name "email_proxy" + +run_list %w( + kosmos_email::firewall +) diff --git a/roles/email_server.rb b/roles/email_server.rb new file mode 100644 index 0000000..fd3e781 --- /dev/null +++ b/roles/email_server.rb @@ -0,0 +1,6 @@ +name "email_server" + +run_list %w( + role[ldap_client] + kosmos_email::default +) diff --git a/site-cookbooks/kosmos_email/.gitignore b/site-cookbooks/kosmos_email/.gitignore new file mode 100644 index 0000000..f1e57b8 --- /dev/null +++ b/site-cookbooks/kosmos_email/.gitignore @@ -0,0 +1,25 @@ +.vagrant +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +gems.locked +bin/* +.bundle/* + +# test kitchen +.kitchen/ +kitchen.local.yml + +# Chef Infra +Berksfile.lock +.zero-knife.rb +Policyfile.lock.json + +.idea/ + diff --git a/site-cookbooks/kosmos_email/CHANGELOG.md b/site-cookbooks/kosmos_email/CHANGELOG.md new file mode 100644 index 0000000..b33cc1a --- /dev/null +++ b/site-cookbooks/kosmos_email/CHANGELOG.md @@ -0,0 +1,7 @@ +# kosmos_email CHANGELOG + +This file is used to list changes made in each version of the kosmos_email cookbook. + +## 0.1.0 + +Initial release. diff --git a/site-cookbooks/kosmos_email/LICENSE b/site-cookbooks/kosmos_email/LICENSE new file mode 100644 index 0000000..b28fde8 --- /dev/null +++ b/site-cookbooks/kosmos_email/LICENSE @@ -0,0 +1,20 @@ +Copyright (c) Kosmos Developers + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/site-cookbooks/kosmos_email/attributes/default.rb b/site-cookbooks/kosmos_email/attributes/default.rb new file mode 100644 index 0000000..dd60bc8 --- /dev/null +++ b/site-cookbooks/kosmos_email/attributes/default.rb @@ -0,0 +1,4 @@ +node.default["email"]["domain"] = "example.com" +node.default["email"]["hostname"] = "mail.example.com" +# node.default["email"]["user"] = "ray" +# node.default["email"]["group"] = "email" diff --git a/site-cookbooks/kosmos_email/chefignore b/site-cookbooks/kosmos_email/chefignore new file mode 100644 index 0000000..cc170ea --- /dev/null +++ b/site-cookbooks/kosmos_email/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/site-cookbooks/kosmos_email/compliance/README.md b/site-cookbooks/kosmos_email/compliance/README.md new file mode 100644 index 0000000..947be3e --- /dev/null +++ b/site-cookbooks/kosmos_email/compliance/README.md @@ -0,0 +1,25 @@ +# compliance + +This directory contains Chef InSpec profile, waiver and input objects which are used with the Chef Infra Compliance Phase. + +Detailed information on the Chef Infra Compliance Phase can be found in the [Chef Documentation](https://docs.chef.io/chef_compliance_phase/). + +```plain +./compliance +├── inputs +├── profiles +└── waivers +``` + +Use the `chef generate` command from Chef Workstation to create content for these directories: + +```sh +# Generate a Chef InSpec profile +chef generate profile PROFILE_NAME + +# Generate a Chef InSpec waiver file +chef generate waiver WAIVER_NAME + +# Generate a Chef InSpec input file +chef generate input INPUT_NAME +``` diff --git a/site-cookbooks/kosmos_email/kitchen.yml b/site-cookbooks/kosmos_email/kitchen.yml new file mode 100644 index 0000000..3e87682 --- /dev/null +++ b/site-cookbooks/kosmos_email/kitchen.yml @@ -0,0 +1,53 @@ +--- +driver: + name: dokken + chef_version: 18.2.7 + pull_platform_image: false + pull_chef_image: false + memory_limit: 2147483648 # 2GB + volumes: + # saves the apt archieves outside of the container + - /var/cache/apt/archives/:/var/cache/apt/archives/ + ## The forwarded_port port feature lets you connect to ports on the VM guest via + ## localhost on the host. + ## see also: https://www.vagrantup.com/docs/networking/forwarded_ports + # network: + # - ["forwarded_port", { guest: 4444, host: 4444 }] + +transport: + name: dokken + +provisioner: + name: dokken + # clean_dokken_sandbox: false + # You may wish to disable always updating cookbooks in CI or other testing environments. + # For example: + # always_update_cookbooks: <%= !ENV['CI'] %> + # always_update_cookbooks: false + + ## product_name and product_version specifies a specific Chef product and version to install. + ## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/ + # product_name: chef + # product_version: 16 + +verifier: + name: inspec + +platforms: + - name: ubuntu-22.04 + driver: + image: dokken/ubuntu-22.04 + privileged: true + pid_one_command: /usr/lib/systemd/systemd + intermediate_instructions: + # prevent APT from deleting the APT folder + - RUN rm /etc/apt/apt.conf.d/docker-clean + +suites: + - name: default + run_list: + - recipe[kosmos_email::default] + verifier: + inspec_tests: + - test/integration/default + attributes: diff --git a/site-cookbooks/kosmos_email/metadata.rb b/site-cookbooks/kosmos_email/metadata.rb new file mode 100644 index 0000000..cc689c3 --- /dev/null +++ b/site-cookbooks/kosmos_email/metadata.rb @@ -0,0 +1,10 @@ +name 'kosmos_email' +maintainer 'Kosmos Developers' +maintainer_email 'ops@kosmos.org' +license 'MIT' +description 'Installs/configures an email service' +version '0.1.0' +chef_version '>= 18.0' + +depends "hostname" +depends "postfix" diff --git a/site-cookbooks/kosmos_email/recipes/default.rb b/site-cookbooks/kosmos_email/recipes/default.rb new file mode 100644 index 0000000..c431328 --- /dev/null +++ b/site-cookbooks/kosmos_email/recipes/default.rb @@ -0,0 +1,25 @@ +# +# Cookbook:: kosmos_email +# Recipe:: default +# + +domain = node["email"]["domain"] +hostname = node["email"]["hostname"] +ip_addr = node["knife_zero"]["host"] + +node.override["set_fqdn"] = hostname +include_recipe "hostname" + +tls_cert_for hostname do + auth "gandi_dns" + action :create +end + +firewall_rule "private network access" do + command :allow + protocol :tcp + source "10.1.1.0/24" +end + +include_recipe 'kosmos_email::postfix' +include_recipe 'kosmos_email::dovecot' diff --git a/site-cookbooks/kosmos_email/recipes/dovecot.rb b/site-cookbooks/kosmos_email/recipes/dovecot.rb new file mode 100644 index 0000000..fff9274 --- /dev/null +++ b/site-cookbooks/kosmos_email/recipes/dovecot.rb @@ -0,0 +1,84 @@ +# +# Cookbook:: kosmos_email +# Recipe:: dovecot +# + +%w[ + dovecot-core + dovecot-imapd + dovecot-ldap + dovecot-lmtpd + dovecot-pop3d +].each do |pkg| + apt_package pkg +end + +domain = node["email"]["domain"] +hostname = node["email"]["hostname"] +ip_addr = node["knife_zero"]["host"] + +credentials = Chef::EncryptedDataBagItem.load('credentials', 'email') + +user "vmail" do + gid "mail" + system true + manage_home false +end + +template "/etc/dovecot/dovecot.conf" do + source "dovecot.conf.erb" + mode 0644 + # TODO variables protocols: "imap pop3 lmtp" + variables protocols: "imap lmtp", + # TODO find by email_proxy role + haproxy_trusted_networks: "10.1.1.167/32" + notifies :restart, "service[dovecot]", :delayed +end + +template "/etc/dovecot/dovecot-ldap.conf.ext" do + source "dovecot-ldap.conf.ext.erb" + mode 0600 + variables uris: "ldap://ldap.kosmos.local", # TODO add list of all IPs instead? + dn: credentials['ldap_dn'], + dnpass: credentials['ldap_dnpass'], + base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org", + user_attrs: "mailhome=home", + user_filter: "(&(objectClass=person)(cn=%u))", + pass_attrs: "cn=user,mailpassword=password", + pass_filter: "(&(objectClass=person)(cn=%u))", + default_pass_scheme: "BLF-CRYPT" + notifies :restart, "service[dovecot]", :delayed +end + +template "/etc/dovecot/conf.d/10-auth.conf" do + source "dovecot_10-auth.conf.erb" + mode 0644 + notifies :restart, "service[dovecot]", :delayed +end + +template "/etc/dovecot/conf.d/10-mail.conf" do + source "dovecot_10-mail.conf.erb" + mode 0644 + variables mail_uid: "vmail", + mail_gid: "mail" + notifies :restart, "service[dovecot]", :delayed +end + +template "/etc/dovecot/conf.d/10-master.conf" do + source "dovecot_10-master.conf.erb" + mode 0644 + notifies :restart, "service[dovecot]", :delayed +end + +template "/etc/dovecot/conf.d/10-ssl.conf" do + source "dovecot_10-ssl.conf.erb" + mode 0644 + variables ssl: "required", + ssl_cert: node['postfix']['main']['smtpd_tls_cert_file'], + ssl_key: node['postfix']['main']['smtpd_tls_key_file'] + notifies :restart, "service[dovecot]", :delayed +end + +service "dovecot" do + action [:enable, :start] +end diff --git a/site-cookbooks/kosmos_email/recipes/firewall.rb b/site-cookbooks/kosmos_email/recipes/firewall.rb new file mode 100644 index 0000000..d4a76c0 --- /dev/null +++ b/site-cookbooks/kosmos_email/recipes/firewall.rb @@ -0,0 +1,34 @@ +# +# Cookbook:: kosmos_email +# Recipe:: firewall +# + +firewall_rule "SMTP" do + command :allow + port 25 + protocol :tcp +end + +firewall_rule "SMTPS" do + command :allow + port 465 + protocol :tcp +end + +firewall_rule "SMTPS" do + command :allow + port 587 + protocol :tcp +end + +firewall_rule "IMAP" do + command :allow + port 143 + protocol :tcp +end + +firewall_rule "IMAPS" do + command :allow + port 993 + protocol :tcp +end diff --git a/site-cookbooks/kosmos_email/recipes/postfix.rb b/site-cookbooks/kosmos_email/recipes/postfix.rb new file mode 100644 index 0000000..3a46d3d --- /dev/null +++ b/site-cookbooks/kosmos_email/recipes/postfix.rb @@ -0,0 +1,144 @@ +# +# Cookbook:: kosmos_email +# Recipe:: postfix +# + +%w[ + postfix + postfix-ldap +].each do |pkg| + apt_package pkg +end + +domain = node["email"]["domain"] +hostname = node["email"]["hostname"] +ip_addr = node["knife_zero"]["host"] + +credentials = Chef::EncryptedDataBagItem.load('credentials', 'email') + +node.normal["postfix"]["mail_type"] = "master" +node.normal["postfix"]["use_relay_restrictions_maps"] = true +node.normal["postfix"]["relay_restrictions"] = { domain => "OK", hostname => "OK" } + +node.normal['postfix']['main']['mydomain'] = domain +node.normal['postfix']['main']['myorigin'] = domain +node.normal['postfix']['main']['myhostname'] = hostname +node.normal['postfix']['main']['mynetworks'] = ["10.1.1.0/24", "127.0.0.0/8"] +node.normal['postfix']['main']['smtpd_use_tls'] = "yes" +node.normal['postfix']['main']['smtpd_tls_cert_file'] = "/etc/letsencrypt/live/#{hostname}/fullchain.pem" +node.normal['postfix']['main']['smtpd_tls_key_file'] = "/etc/letsencrypt/live/#{hostname}/privkey.pem" +node.normal['postfix']['main']['mailbox_transport'] = "lmtp:unix:private/dovecot-lmtp" +node.normal['postfix']['main']['virtual_transport'] = "lmtp:unix:private/dovecot-lmtp" +node.normal['postfix']['main']['smtputf8_enable'] = "no" +node.normal['postfix']['main']['recipient_delimiter'] = "+" +node.normal['postfix']['main']['alias_maps'] = "hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf" +# node.normal['postfix']['main']['virtual_mailbox_maps'] = "ldap:/etc/postfix/ldap-virtual-mailboxes.cf" + +node.normal['postfix']['master'] = { + "#{ip_addr}:2525": { + "active": true, + "order": 1, + "type": "inet", + "private": false, + "maxproc": "1", + "command": "postscreen", + "args": [ + "-o postscreen_upstream_proxy_protocol=haproxy", + "-o postscreen_cache_map=btree:$data_directory/postscreen_2525_cache", + "-o syslog_name=postfix/2525" + ] + }, + "#{ip_addr}:10587": { + "active": true, + "order": 2, + "type": "inet", + "private": false, + "chroot": true, + "command": "smtpd", + "args": [ + "-o syslog_name=postfix/10587", + "-o smtpd_tls_security_level=encrypt", + "-o smtpd_tls_wrappermode=no", + "-o smtpd_sasl_auth_enable=yes", + "-o smtpd_relay_restrictions=permit_sasl_authenticated,reject", + "-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject", + "-o smtpd_sasl_type=dovecot", + "-o smtpd_sasl_path=private/auth", + "-o smtpd_upstream_proxy_protocol=haproxy", + ] + }, + "#{ip_addr}:10465": { + "active": true, + "order": 3, + "type": "inet", + "private": false, + "chroot": true, + "command": "smtpd", + "args": [ + "-o syslog_name=postfix/10465", + "-o smtpd_tls_wrappermode=yes", + "-o smtpd_sasl_auth_enable=yes", + "-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject", + "-o smtpd_sasl_type=dovecot", + "-o smtpd_sasl_path=private/auth", + "-o smtpd_upstream_proxy_protocol=haproxy", + ] + }, + "smtpd": { + "active": true, + "order": 100, + "type": "pass", + "chroot": true, + "command": "smtpd", + "args": [] + }, + "dnsblog": { + "active": true, + "order": 101, + "type": "unix", + "chroot": true, + "maxproc": "0", + "command": "dnsblog", + "args": [] + }, + "tlsproxy": { + "active": true, + "order": 102, + "type": "unix", + "chroot": true, + "maxproc": "0", + "command": "tlsproxy", + "args": [] + } +} + +template "/etc/postfix/ldap-aliases.cf" do + source "ldap-aliases.cf.erb" + mode 0600 + variables server_host: "ldap.kosmos.local", + bind_dn: credentials['ldap_dn'], + bind_pw: credentials['ldap_dnpass'], + search_base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org", + query_filter: "(&(objectClass=person)(cn=%u))", + result_attribute: "maildrop" + notifies :restart, "service[postfix]", :delayed +end + +# template "/etc/postfix/ldap-virtual-mailboxes.cf" do +# source "ldap-virtual-mailboxes.cf.erb" +# mode 0600 +# variables server_host: "ldap.kosmos.local", +# bind_dn: credentials['ldap_dn'], +# bind_pw: credentials['ldap_dnpass'], +# search_base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org", +# query_filter: "maildrop=%s", +# result_attribute: "mailhome", +# result_format: "%s/mail/" +# notifies :restart, "service[postfix]", :delayed +# end + +include_recipe 'postfix::server' + +service "postfix" do + action [:enable, :start] +end diff --git a/site-cookbooks/kosmos_email/templates/dovecot-ldap.conf.ext.erb b/site-cookbooks/kosmos_email/templates/dovecot-ldap.conf.ext.erb new file mode 100644 index 0000000..10ca936 --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/dovecot-ldap.conf.ext.erb @@ -0,0 +1,151 @@ +# This file is commonly accessed via passdb {} or userdb {} section in +# conf.d/auth-ldap.conf.ext + +# This file is opened as root, so it should be owned by root and mode 0600. +# +# http://wiki2.dovecot.org/AuthDatabase/LDAP +# +# NOTE: If you're not using authentication binds, you'll need to give +# dovecot-auth read access to userPassword field in the LDAP server. +# With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should +# already be something like this: + +# access to attribute=userPassword +# by dn="" read # add this +# by anonymous auth +# by self write +# by * none + +# Space separated list of LDAP hosts to use. host:port is allowed too. +#hosts = + +# LDAP URIs to use. You can use this instead of hosts list. Note that this +# setting isn't supported by all LDAP libraries. +uris = <%= @uris %> + +# Distinguished Name - the username used to login to the LDAP server. +# Leave it commented out to bind anonymously (useful with auth_bind=yes). +dn = <%= @dn %> + +# Password for LDAP server, if dn is specified. +dnpass = <%= @dnpass %> + +# Use SASL binding instead of the simple binding. Note that this changes +# ldap_version automatically to be 3 if it's lower. +#sasl_bind = no +# SASL mechanism name to use. +#sasl_mech = +# SASL realm to use. +#sasl_realm = +# SASL authorization ID, ie. the dnpass is for this "master user", but the +# dn is still the logged in user. Normally you want to keep this empty. +#sasl_authz_id = + +# Use TLS to connect to the LDAP server. +#tls = no +# TLS options, currently supported only with OpenLDAP: +#tls_ca_cert_file = +#tls_ca_cert_dir = +#tls_cipher_suite = +# TLS cert/key is used only if LDAP server requires a client certificate. +#tls_cert_file = +#tls_key_file = +# Valid values: never, hard, demand, allow, try +#tls_require_cert = + +# Use the given ldaprc path. +#ldaprc_path = + +# LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h. +# -1 = everything. You may need to recompile OpenLDAP with debugging enabled +# to get enough output. +#debug_level = 1 + +# Use authentication binding for verifying password's validity. This works by +# logging into LDAP server using the username and password given by client. +# The pass_filter is used to find the DN for the user. Note that the pass_attrs +# is still used, only the password field is ignored in it. Before doing any +# search, the binding is switched back to the default DN. +#auth_bind = no + +# If authentication binding is used, you can save one LDAP request per login +# if users' DN can be specified with a common template. The template can use +# the standard %variables (see user_filter). Note that you can't +# use any pass_attrs if you use this setting. +# +# If you use this setting, it's a good idea to use a different +# dovecot-ldap.conf.ext for userdb (it can even be a symlink, just as long as +# the filename is different in userdb's args). That way one connection is used +# only for LDAP binds and another connection is used for user lookups. +# Otherwise the binding is changed to the default DN before each user lookup. +# +# For example: +# auth_bind_userdn = cn=%u,ou=people,o=org +# +#auth_bind_userdn = + +# LDAP protocol version to use. Likely 2 or 3. +#ldap_version = 3 + +# LDAP base. %variables can be used here. +# For example: dc=mail, dc=example, dc=org +base = <%= @base %> + +# Dereference: never, searching, finding, always +#deref = never + +# Search scope: base, onelevel, subtree +#scope = subtree + +# User attributes are given in LDAP-name=dovecot-internal-name list. The +# internal names are: +# uid - System UID +# gid - System GID +# home - Home directory +# mail - Mail location +# +# There are also other special fields which can be returned, see +# http://wiki2.dovecot.org/UserDatabase/ExtraFields +user_attrs = <%= @user_attrs %> + +# Filter for user lookup. Some variables can be used (see +# http://wiki2.dovecot.org/Variables for full list): +# %u - username +# %n - user part in user@domain, same as %u if there's no domain +# %d - domain part in user@domain, empty if user there's no domain +user_filter = <%= @user_filter %> + +# Password checking attributes: +# user: Virtual user name (user@domain), if you wish to change the +# user-given username to something else +# password: Password, may optionally start with {type}, eg. {crypt} +# There are also other special fields which can be returned, see +# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields +pass_attrs = <%= @pass_attrs %> + +# If you wish to avoid two LDAP lookups (passdb + userdb), you can use +# userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll +# also have to include user_attrs in pass_attrs field prefixed with "userdb_" +# string. For example: +#pass_attrs = uid=user,userPassword=password,\ +# homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid + +# Filter for password lookups +pass_filter = <%= @pass_filter %> + +# Attributes and filter to get a list of all users +#iterate_attrs = uid=user +#iterate_filter = (objectClass=posixAccount) + +# Default password scheme. "{scheme}" before password overrides this. +# List of supported schemes is in: http://wiki2.dovecot.org/Authentication +default_pass_scheme = <%= @default_pass_scheme %> + +# By default all LDAP lookups are performed by the auth master process. +# If blocking=yes, auth worker processes are used to perform the lookups. +# Each auth worker process creates its own LDAP connection so this can +# increase parallelism. With blocking=no the auth master process can +# keep 8 requests pipelined for the LDAP connection, while with blocking=yes +# each connection has a maximum of 1 request running. For small systems the +# blocking=no is sufficient and uses less resources. +#blocking = no diff --git a/site-cookbooks/kosmos_email/templates/dovecot.conf.erb b/site-cookbooks/kosmos_email/templates/dovecot.conf.erb new file mode 100644 index 0000000..6b29a7f --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/dovecot.conf.erb @@ -0,0 +1,105 @@ +## Dovecot configuration file + +# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration + +# "doveconf -n" command gives a clean output of the changed settings. Use it +# instead of copy&pasting files when posting to the Dovecot mailing list. + +# '#' character and everything after it is treated as comments. Extra spaces +# and tabs are ignored. If you want to use either of these explicitly, put the +# value inside quotes, eg.: key = "# char and trailing whitespace " + +# Most (but not all) settings can be overridden by different protocols and/or +# source/destination IPs by placing the settings inside sections, for example: +# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { } + +# Default values are shown for each setting, it's not required to uncomment +# those. These are exceptions to this though: No sections (e.g. namespace {}) +# or plugin settings are added by default, they're listed only as examples. +# Paths are also just examples with the real defaults being based on configure +# options. The paths listed here are for configure --prefix=/usr +# --sysconfdir=/etc --localstatedir=/var + +# Enable installed protocols +protocols = <%= @protocols %> +#!include_try /usr/share/dovecot/protocols.d/*.protocol + +# A comma separated list of IPs or hosts where to listen in for connections. +# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. +# If you want to specify non-default ports or anything more complex, +# edit conf.d/master.conf. +#listen = *, :: + +# Base directory where to store runtime data. +#base_dir = /var/run/dovecot/ + +# Name of this instance. In multi-instance setup doveadm and other commands +# can use -i to select which instance is used (an alternative +# to -c ). The instance name is also added to Dovecot processes +# in ps output. +#instance_name = dovecot + +# Greeting message for clients. +#login_greeting = Dovecot ready. + +# Space separated list of trusted network ranges. Connections from these +# IPs are allowed to override their IP addresses and ports (for logging and +# for authentication checks). disable_plaintext_auth is also ignored for +# these networks. Typically you'd specify your IMAP proxy servers here. +#login_trusted_networks = + +# Space separated list of login access check sockets (e.g. tcpwrap) +#login_access_sockets = + +# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do +# proxying. This isn't necessary normally, but may be useful if the destination +# IP is e.g. a load balancer's IP. +#auth_proxy_self = + +# Show more verbose process titles (in ps). Currently shows user name and +# IP address. Useful for seeing who are actually using the IMAP processes +# (eg. shared mailboxes or if same uid is used for multiple accounts). +#verbose_proctitle = no + +# Should all processes be killed when Dovecot master process shuts down. +# Setting this to "no" means that Dovecot can be upgraded without +# forcing existing client connections to close (although that could also be +# a problem if the upgrade is e.g. because of a security fix). +#shutdown_clients = yes + +# If non-zero, run mail commands via this many connections to doveadm server, +# instead of running them directly in the same process. +#doveadm_worker_count = 0 +# UNIX socket or host:port used for connecting to doveadm server +#doveadm_socket_path = doveadm-server + +# Space separated list of environment variables that are preserved on Dovecot +# startup and passed down to all of its child processes. You can also give +# key=value pairs to always set specific settings. +#import_environment = TZ + +## +## Dictionary server settings +## + +# Dictionary can be used to store key=value lists. This is used by several +# plugins. The dictionary can be accessed either directly or though a +# dictionary server. The following dict block maps dictionary names to URIs +# when the server is used. These can then be referenced using URIs in format +# "proxy::". + +dict { + #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext +} + +# Most of the actual configuration gets included below. The filenames are +# first sorted by their ASCII value and parsed in that order. The 00-prefixes +# in filenames are intended to make it easier to understand the ordering. +!include conf.d/*.conf + +# A config file can also tried to be included without giving an error if +# it's not found: +!include_try local.conf + +haproxy_trusted_networks = <%= @haproxy_trusted_networks %> +haproxy_timeout = 3s diff --git a/site-cookbooks/kosmos_email/templates/dovecot_10-auth.conf.erb b/site-cookbooks/kosmos_email/templates/dovecot_10-auth.conf.erb new file mode 100644 index 0000000..f3270b1 --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/dovecot_10-auth.conf.erb @@ -0,0 +1,127 @@ +## +## Authentication processes +## + +# Disable LOGIN command and all other plaintext authentications unless +# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP +# matches the local IP (ie. you're connecting from the same computer), the +# connection is considered secure and plaintext authentication is allowed. +# See also ssl=required setting. +disable_plaintext_auth = yes + +# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that +# bsdauth and PAM require cache_key to be set for caching to be used. +#auth_cache_size = 0 +# Time to live for cached data. After TTL expires the cached record is no +# longer used, *except* if the main database lookup returns internal failure. +# We also try to handle password changes automatically: If user's previous +# authentication was successful, but this one wasn't, the cache isn't used. +# For now this works only with plaintext authentication. +#auth_cache_ttl = 1 hour +# TTL for negative hits (user not found, password mismatch). +# 0 disables caching them completely. +#auth_cache_negative_ttl = 1 hour + +# Space separated list of realms for SASL authentication mechanisms that need +# them. You can leave it empty if you don't want to support multiple realms. +# Many clients simply use the first one listed here, so keep the default realm +# first. +#auth_realms = + +# Default realm/domain to use if none was specified. This is used for both +# SASL realms and appending @domain to username in plaintext logins. +#auth_default_realm = + +# List of allowed characters in username. If the user-given username contains +# a character not listed in here, the login automatically fails. This is just +# an extra check to make sure user can't exploit any potential quote escaping +# vulnerabilities with SQL/LDAP databases. If you want to allow all characters, +# set this value to empty. +#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ + +# Username character translations before it's looked up from databases. The +# value contains series of from -> to characters. For example "#@/@" means +# that '#' and '/' characters are translated to '@'. +#auth_username_translation = + +# Username formatting before it's looked up from databases. You can use +# the standard variables here, eg. %Lu would lowercase the username, %n would +# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into +# "-AT-". This translation is done after auth_username_translation changes. +auth_username_format = %n + +# If you want to allow master users to log in by specifying the master +# username within the normal username string (ie. not using SASL mechanism's +# support for it), you can specify the separator character here. The format +# is then . UW-IMAP uses "*" as the +# separator, so that could be a good choice. +#auth_master_user_separator = + +# Username to use for users logging in with ANONYMOUS SASL mechanism +#auth_anonymous_username = anonymous + +# Maximum number of dovecot-auth worker processes. They're used to execute +# blocking passdb and userdb queries (eg. MySQL and PAM). They're +# automatically created and destroyed as needed. +#auth_worker_max_count = 30 + +# Host name to use in GSSAPI principal names. The default is to use the +# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab +# entries. +#auth_gssapi_hostname = + +# Kerberos keytab to use for the GSSAPI mechanism. Will use the system +# default (usually /etc/krb5.keytab) if not specified. You may need to change +# the auth service to run as root to be able to read this file. +#auth_krb5_keytab = + +# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and +# ntlm_auth helper. +#auth_use_winbind = no + +# Path for Samba's ntlm_auth helper binary. +#auth_winbind_helper_path = /usr/bin/ntlm_auth + +# Time to delay before replying to failed authentications. +#auth_failure_delay = 2 secs + +# Require a valid SSL client certificate or the authentication fails. +#auth_ssl_require_client_cert = no + +# Take the username from client's SSL certificate, using +# X509_NAME_get_text_by_NID() which returns the subject's DN's +# CommonName. +#auth_ssl_username_from_cert = no + +# Space separated list of wanted authentication mechanisms: +# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp +# gss-spnego +# NOTE: See also disable_plaintext_auth setting. +auth_mechanisms = plain login + +## +## Password and user databases +## + +# +# Password database is used to verify user's password (and nothing more). +# You can have multiple passdbs and userdbs. This is useful if you want to +# allow both system users (/etc/passwd) and virtual users to login without +# duplicating the system users into virtual database. +# +# +# +# User database specifies where mails are located and what user/group IDs +# own them. For single-UID configuration use "static" userdb. +# +# + +#!include auth-deny.conf.ext +#!include auth-master.conf.ext + +#!include auth-system.conf.ext +#!include auth-sql.conf.ext +!include auth-ldap.conf.ext +#!include auth-passwdfile.conf.ext +#!include auth-checkpassword.conf.ext +#!include auth-static.conf.ext diff --git a/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb b/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb new file mode 100644 index 0000000..b5b0593 --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb @@ -0,0 +1,421 @@ +## +## Mailbox locations and namespaces +## + +# Location for users' mailboxes. The default is empty, which means that Dovecot +# tries to find the mailboxes automatically. This won't work if the user +# doesn't yet have any mail, so you should explicitly tell Dovecot the full +# location. +# +# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u) +# isn't enough. You'll also need to tell Dovecot where the other mailboxes are +# kept. This is called the "root mail directory", and it must be the first +# path given in the mail_location setting. +# +# There are a few special variables you can use, eg.: +# +# %u - username +# %n - user part in user@domain, same as %u if there's no domain +# %d - domain part in user@domain, empty if there's no domain +# %h - home directory +# +# See doc/wiki/Variables.txt for full list. Some examples: +# +# mail_location = maildir:~/Maildir +# mail_location = mbox:~/mail:INBOX=/var/mail/%u +# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n +# +# +# +mail_location = mbox:~/mail:INBOX=/var/mail/%d/%u + +# If you need to set multiple mailbox locations or want to change default +# namespace settings, you can do it by defining namespace sections. +# +# You can have private, shared and public namespaces. Private namespaces +# are for user's personal mails. Shared namespaces are for accessing other +# users' mailboxes that have been shared. Public namespaces are for shared +# mailboxes that are managed by sysadmin. If you create any shared or public +# namespaces you'll typically want to enable ACL plugin also, otherwise all +# users can access all the shared mailboxes, assuming they have permissions +# on filesystem level to do so. +namespace inbox { + # Namespace type: private, shared or public + #type = private + + # Hierarchy separator to use. You should use the same separator for all + # namespaces or some clients get confused. '/' is usually a good one. + # The default however depends on the underlying mail storage format. + #separator = + + # Prefix required to access this namespace. This needs to be different for + # all namespaces. For example "Public/". + #prefix = + + # Physical location of the mailbox. This is in same format as + # mail_location, which is also the default for it. + #location = + + # There can be only one INBOX, and this setting defines which namespace + # has it. + inbox = yes + + # If namespace is hidden, it's not advertised to clients via NAMESPACE + # extension. You'll most likely also want to set list=no. This is mostly + # useful when converting from another server with different namespaces which + # you want to deprecate but still keep working. For example you can create + # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/". + #hidden = no + + # Show the mailboxes under this namespace with LIST command. This makes the + # namespace visible for clients that don't support NAMESPACE extension. + # "children" value lists child mailboxes, but hides the namespace prefix. + #list = yes + + # Namespace handles its own subscriptions. If set to "no", the parent + # namespace handles them (empty prefix should always have this as "yes") + #subscriptions = yes + + # See 15-mailboxes.conf for definitions of special mailboxes. +} + +# Example shared namespace configuration +#namespace { + #type = shared + #separator = / + + # Mailboxes are visible under "shared/user@domain/" + # %%n, %%d and %%u are expanded to the destination user. + #prefix = shared/%%u/ + + # Mail location for other users' mailboxes. Note that %variables and ~/ + # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the + # destination user's data. + #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u + + # Use the default namespace for saving subscriptions. + #subscriptions = no + + # List the shared/ namespace only if there are visible shared mailboxes. + #list = children +#} +# Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"? +#mail_shared_explicit_inbox = no + +# System user and group used to access mails. If you use multiple, userdb +# can override these by returning uid or gid fields. You can use either numbers +# or names. +mail_uid = <%= @mail_uid %> +mail_gid = <%= @mail_gid %> + +# Group to enable temporarily for privileged operations. Currently this is +# used only with INBOX when either its initial creation or dotlocking fails. +# Typically this is set to "mail" to give access to /var/mail. +mail_privileged_group = mail + +# Grant access to these supplementary groups for mail processes. Typically +# these are used to set up access to shared mailboxes. Note that it may be +# dangerous to set these if users can create symlinks (e.g. if "mail" group is +# set here, ln -s /var/mail ~/mail/var could allow a user to delete others' +# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). +#mail_access_groups = + +# Allow full filesystem access to clients. There's no access checks other than +# what the operating system does for the active UID/GID. It works with both +# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ +# or ~user/. +#mail_full_filesystem_access = no + +# Dictionary for key=value mailbox attributes. This is used for example by +# URLAUTH and METADATA extensions. +#mail_attribute_dict = + +# A comment or note that is associated with the server. This value is +# accessible for authenticated users through the IMAP METADATA server +# entry "/shared/comment". +#mail_server_comment = "" + +# Indicates a method for contacting the server administrator. According to +# RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that +# is currently not enforced. Use for example mailto:admin@example.com. This +# value is accessible for authenticated users through the IMAP METADATA server +# entry "/shared/admin". +#mail_server_admin = + +## +## Mail processes +## + +# Don't use mmap() at all. This is required if you store indexes to shared +# filesystems (NFS or clustered filesystem). +#mmap_disable = no + +# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL +# since version 3, so this should be safe to use nowadays by default. +#dotlock_use_excl = yes + +# When to use fsync() or fdatasync() calls: +# optimized (default): Whenever necessary to avoid losing important data +# always: Useful with e.g. NFS when write()s are delayed +# never: Never use it (best performance, but crashes can lose data) +#mail_fsync = optimized + +# Locking method for index files. Alternatives are fcntl, flock and dotlock. +# Dotlocking uses some tricks which may create more disk I/O than other locking +# methods. NFS users: flock doesn't work, remember to change mmap_disable. +#lock_method = fcntl + +# Directory where mails can be temporarily stored. Usually it's used only for +# mails larger than >= 128 kB. It's used by various parts of Dovecot, for +# example LDA/LMTP while delivering large mails or zlib plugin for keeping +# uncompressed mails. +#mail_temp_dir = /tmp + +# Valid UID range for users, defaults to 500 and above. This is mostly +# to make sure that users can't log in as daemons or other system users. +# Note that denying root logins is hardcoded to dovecot binary and can't +# be done even if first_valid_uid is set to 0. +#first_valid_uid = 500 +#last_valid_uid = 0 + +# Valid GID range for users, defaults to non-root/wheel. Users having +# non-valid GID as primary group ID aren't allowed to log in. If user +# belongs to supplementary groups with non-valid GIDs, those groups are +# not set. +#first_valid_gid = 1 +#last_valid_gid = 0 + +# Maximum allowed length for mail keyword name. It's only forced when trying +# to create new keywords. +#mail_max_keyword_length = 50 + +# ':' separated list of directories under which chrooting is allowed for mail +# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). +# This setting doesn't affect login_chroot, mail_chroot or auth chroot +# settings. If this setting is empty, "/./" in home dirs are ignored. +# WARNING: Never add directories here which local users can modify, that +# may lead to root exploit. Usually this should be done only if you don't +# allow shell access for users. +#valid_chroot_dirs = + +# Default chroot directory for mail processes. This can be overridden for +# specific users in user database by giving /./ in user's home directory +# (eg. /home/./user chroots into /home). Note that usually there is no real +# need to do chrooting, Dovecot doesn't allow users to access files outside +# their mail directory anyway. If your home directories are prefixed with +# the chroot directory, append "/." to mail_chroot. +#mail_chroot = + +# UNIX socket path to master authentication server to find users. +# This is used by imap (for shared users) and lda. +#auth_socket_path = /var/run/dovecot/auth-userdb + +# Directory where to look up mail plugins. +#mail_plugin_dir = /usr/lib/dovecot/modules + +# Space separated list of plugins to load for all services. Plugins specific to +# IMAP, LDA, etc. are added to this list in their own .conf files. +#mail_plugins = + +## +## Mailbox handling optimizations +## + +# Mailbox list indexes can be used to optimize IMAP STATUS commands. They are +# also required for IMAP NOTIFY extension to be enabled. +#mailbox_list_index = yes + +# Trust mailbox list index to be up-to-date. This reduces disk I/O at the cost +# of potentially returning out-of-date results after e.g. server crashes. +# The results will be automatically fixed once the folders are opened. +#mailbox_list_index_very_dirty_syncs = yes + +# Should INBOX be kept up-to-date in the mailbox list index? By default it's +# not, because most of the mailbox accesses will open INBOX anyway. +#mailbox_list_index_include_inbox = no + +# The minimum number of mails in a mailbox before updates are done to cache +# file. This allows optimizing Dovecot's behavior to do less disk writes at +# the cost of more disk reads. +#mail_cache_min_mail_count = 0 + +# When IDLE command is running, mailbox is checked once in a while to see if +# there are any new mails or other changes. This setting defines the minimum +# time to wait between those checks. Dovecot can also use inotify and +# kqueue to find out immediately when changes occur. +#mailbox_idle_check_interval = 30 secs + +# Save mails with CR+LF instead of plain LF. This makes sending those mails +# take less CPU, especially with sendfile() syscall with Linux and FreeBSD. +# But it also creates a bit more disk I/O which may just make it slower. +# Also note that if other software reads the mboxes/maildirs, they may handle +# the extra CRs wrong and cause problems. +#mail_save_crlf = no + +# Max number of mails to keep open and prefetch to memory. This only works with +# some mailbox formats and/or operating systems. +#mail_prefetch_count = 0 + +# How often to scan for stale temporary files and delete them (0 = never). +# These should exist only after Dovecot dies in the middle of saving mails. +#mail_temp_scan_interval = 1w + +# How many slow mail accesses sorting can perform before it returns failure. +# With IMAP the reply is: NO [LIMIT] Requested sort would have taken too long. +# The untagged SORT reply is still returned, but it's likely not correct. +#mail_sort_max_read_count = 0 + +protocol !indexer-worker { + # If folder vsize calculation requires opening more than this many mails from + # disk (i.e. mail sizes aren't in cache already), return failure and finish + # the calculation via indexer process. Disabled by default. This setting must + # be 0 for indexer-worker processes. + #mail_vsize_bg_after_count = 0 +} + +## +## Maildir-specific settings +## + +# By default LIST command returns all entries in maildir beginning with a dot. +# Enabling this option makes Dovecot return only entries which are directories. +# This is done by stat()ing each entry, so it causes more disk I/O. +# (For systems setting struct dirent->d_type, this check is free and it's +# done always regardless of this setting) +#maildir_stat_dirs = no + +# When copying a message, do it with hard links whenever possible. This makes +# the performance much better, and it's unlikely to have any side effects. +#maildir_copy_with_hardlinks = yes + +# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only +# when its mtime changes unexpectedly or when we can't find the mail otherwise. +#maildir_very_dirty_syncs = no + +# If enabled, Dovecot doesn't use the S= in the Maildir filenames for +# getting the mail's physical size, except when recalculating Maildir++ quota. +# This can be useful in systems where a lot of the Maildir filenames have a +# broken size. The performance hit for enabling this is very small. +#maildir_broken_filename_sizes = no + +# Always move mails from new/ directory to cur/, even when the \Recent flags +# aren't being reset. +#maildir_empty_new = no + +## +## mbox-specific settings +## + +# Which locking methods to use for locking mbox. There are four available: +# dotlock: Create .lock file. This is the oldest and most NFS-safe +# solution. If you want to use /var/mail/ like directory, the users +# will need write access to that directory. +# dotlock_try: Same as dotlock, but if it fails because of permissions or +# because there isn't enough disk space, just skip it. +# fcntl : Use this if possible. Works with NFS too if lockd is used. +# flock : May not exist in all systems. Doesn't work with NFS. +# lockf : May not exist in all systems. Doesn't work with NFS. +# +# You can use multiple locking methods; if you do the order they're declared +# in is important to avoid deadlocks if other MTAs/MUAs are using multiple +# locking methods as well. Some operating systems don't allow using some of +# them simultaneously. +# +# The Debian value for mbox_write_locks differs from upstream Dovecot. It is +# changed to be compliant with Debian Policy (section 11.6) for NFS safety. +# Dovecot: mbox_write_locks = dotlock fcntl +# Debian: mbox_write_locks = fcntl dotlock +# +#mbox_read_locks = fcntl +#mbox_write_locks = fcntl dotlock + +# Maximum time to wait for lock (all of them) before aborting. +#mbox_lock_timeout = 5 mins + +# If dotlock exists but the mailbox isn't modified in any way, override the +# lock file after this much time. +#mbox_dotlock_change_timeout = 2 mins + +# When mbox changes unexpectedly we have to fully read it to find out what +# changed. If the mbox is large this can take a long time. Since the change +# is usually just a newly appended mail, it'd be faster to simply read the +# new mails. If this setting is enabled, Dovecot does this but still safely +# fallbacks to re-reading the whole mbox file whenever something in mbox isn't +# how it's expected to be. The only real downside to this setting is that if +# some other MUA changes message flags, Dovecot doesn't notice it immediately. +# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK +# commands. +#mbox_dirty_syncs = yes + +# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE, +# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored. +#mbox_very_dirty_syncs = no + +# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK +# commands and when closing the mailbox). This is especially useful for POP3 +# where clients often delete all mails. The downside is that our changes +# aren't immediately visible to other MUAs. +#mbox_lazy_writes = yes + +# If mbox size is smaller than this (e.g. 100k), don't write index files. +# If an index file already exists it's still read, just not updated. +#mbox_min_index_size = 0 + +# Mail header selection algorithm to use for MD5 POP3 UIDLs when +# pop3_uidl_format=%m. For backwards compatibility we use apop3d inspired +# algorithm, but it fails if the first Received: header isn't unique in all +# mails. An alternative algorithm is "all" that selects all headers. +#mbox_md5 = apop3d + +## +## mdbox-specific settings +## + +# Maximum dbox file size until it's rotated. +#mdbox_rotate_size = 10M + +# Maximum dbox file age until it's rotated. Typically in days. Day begins +# from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled. +#mdbox_rotate_interval = 0 + +# When creating new mdbox files, immediately preallocate their size to +# mdbox_rotate_size. This setting currently works only in Linux with some +# filesystems (ext4, xfs). +#mdbox_preallocate_space = no + +## +## Mail attachments +## + +# sdbox and mdbox support saving mail attachments to external files, which +# also allows single instance storage for them. Other backends don't support +# this for now. + +# Directory root where to store mail attachments. Disabled, if empty. +#mail_attachment_dir = + +# Attachments smaller than this aren't saved externally. It's also possible to +# write a plugin to disable saving specific attachments externally. +#mail_attachment_min_size = 128k + +# Filesystem backend to use for saving attachments: +# posix : No SiS done by Dovecot (but this might help FS's own deduplication) +# sis posix : SiS with immediate byte-by-byte comparison during saving +# sis-queue posix : SiS with delayed comparison and deduplication +#mail_attachment_fs = sis posix + +# Hash format to use in attachment filenames. You can add any text and +# variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}. +# Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits +#mail_attachment_hash = %{sha1} + +# Settings to control adding $HasAttachment or $HasNoAttachment keywords. +# By default, all MIME parts with Content-Disposition=attachment, or inlines +# with filename parameter are consired attachments. +# add-flags - Add the keywords when saving new mails or when fetching can +# do it efficiently. +# content-type=type or !type - Include/exclude content type. Excluding will +# never consider the matched MIME part as attachment. Including will only +# negate an exclusion (e.g. content-type=!foo/* content-type=foo/bar). +# exclude-inlined - Exclude any Content-Disposition=inline MIME part. +#mail_attachment_detection_options = diff --git a/site-cookbooks/kosmos_email/templates/dovecot_10-master.conf.erb b/site-cookbooks/kosmos_email/templates/dovecot_10-master.conf.erb new file mode 100644 index 0000000..a55a9a6 --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/dovecot_10-master.conf.erb @@ -0,0 +1,113 @@ +#default_process_limit = 100 +#default_client_limit = 1000 + +# Default VSZ (virtual memory size) limit for service processes. This is mainly +# intended to catch and kill processes that leak memory before they eat up +# everything. +#default_vsz_limit = 256M + +# Login user is internally used by login processes. This is the most untrusted +# user in Dovecot system. It shouldn't have access to anything at all. +#default_login_user = dovenull + +# Internal user is used by unprivileged processes. It should be separate from +# login user, so that login processes can't disturb other processes. +#default_internal_user = dovecot + +service imap-login { + inet_listener imap { + port = 143 + } + inet_listener imaps { + port = 993 + ssl = yes + } + inet_listener imap_haproxy { + port = 10143 + haproxy = yes + } + inet_listener imaps_haproxy { + port = 10993 + ssl = yes + haproxy = yes + } + + # Number of connections to handle before starting a new process. Typically + # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 + # is faster. + #service_count = 1 + + # Number of processes to always keep waiting for more connections. + #process_min_avail = 0 + + # If you set service_count=0, you probably need to grow this. + #vsz_limit = $default_vsz_limit +} + +service pop3-login { + inet_listener pop3 { + #port = 110 + } + inet_listener pop3s { + #port = 995 + #ssl = yes + } +} + +service submission-login { + inet_listener submission { + #port = 587 + } +} + +service lmtp { + unix_listener /var/spool/postfix/private/dovecot-lmtp { + mode = 0600 + user = postfix + group = postfix + } +} + +service imap { + # Most of the memory goes to mmap()ing files. You may need to increase this + # limit if you have huge mailboxes. + #vsz_limit = $default_vsz_limit + + # Max. number of IMAP processes (connections) + #process_limit = 1024 +} + +service pop3 { + # Max. number of POP3 processes (connections) + #process_limit = 1024 +} + +service submission { + # Max. number of SMTP Submission processes (connections) + #process_limit = 1024 +} + +service auth { + unix_listener /var/spool/postfix/private/auth { + mode = 0660 + user = postfix + group = postfix + } +} + +service auth-worker { + # Auth worker process is run as root by default, so that it can access + # /etc/shadow. If this isn't necessary, the user should be changed to + # $default_internal_user. + #user = root +} + +service dict { + # If dict proxy is used, mail processes should have access to its socket. + # For example: mode=0660, group=vmail and global mail_access_groups=vmail + unix_listener dict { + #mode = 0600 + #user = + #group = + } +} diff --git a/site-cookbooks/kosmos_email/templates/dovecot_10-ssl.conf.erb b/site-cookbooks/kosmos_email/templates/dovecot_10-ssl.conf.erb new file mode 100644 index 0000000..649a26a --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/dovecot_10-ssl.conf.erb @@ -0,0 +1,83 @@ +## +## SSL settings +## + +# SSL/TLS support: yes, no, required. +ssl = <%= @ssl %> + +# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before +# dropping root privileges, so keep the key file unreadable by anyone but +# root. Included doc/mkcert.sh can be used to easily generate self-signed +# certificate, just make sure to update the domains in dovecot-openssl.cnf +ssl_cert = <<%= @ssl_cert %> +ssl_key = <<%= @ssl_key %> + +# If key file is password protected, give the password here. Alternatively +# give it when starting dovecot with -p parameter. Since this file is often +# world-readable, you may want to place this setting instead to a different +# root owned 0600 file by using ssl_key_password = +bind_dn = <%= @bind_dn %> +bind_pw = <%= @bind_pw %> + +search_base = <%= @search_base %> +query_filter = <%= @query_filter %> +result_attribute = <%= @result_attribute %> diff --git a/site-cookbooks/kosmos_email/templates/ldap-virtual-mailboxes.cf.erb b/site-cookbooks/kosmos_email/templates/ldap-virtual-mailboxes.cf.erb new file mode 100644 index 0000000..b65d8d2 --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/ldap-virtual-mailboxes.cf.erb @@ -0,0 +1,7 @@ +server_host = <%= @server_host %> +bind_dn = <%= @bind_dn %> +bind_pw = <%= @bind_pw %> + +query_filter = <%= @query_filter %> +result_attribute = <%= @result_attribute %> +result_format = <%= @result_format %> diff --git a/site-cookbooks/kosmos_email/test/integration/default/default_test.rb b/site-cookbooks/kosmos_email/test/integration/default/default_test.rb new file mode 100644 index 0000000..cd23e4f --- /dev/null +++ b/site-cookbooks/kosmos_email/test/integration/default/default_test.rb @@ -0,0 +1,16 @@ +# Chef InSpec test for recipe kosmos_email::default + +# The Chef InSpec reference, with examples and extensive documentation, can be +# found at https://docs.chef.io/inspec/resources/ + +describe package('postfix') do + it { should be_installed } +end + +# describe package('dovecot-core') do +# it { should be_installed } +# end + +describe port(25) do + it { should be_listening } +end From 51068e5259f5add096ea94455bf9d6419c52da97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 1 Dec 2023 09:58:25 +0100 Subject: [PATCH 03/95] Add email credentials --- data_bags/credentials/email.json | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 data_bags/credentials/email.json diff --git a/data_bags/credentials/email.json b/data_bags/credentials/email.json new file mode 100644 index 0000000..50f54f7 --- /dev/null +++ b/data_bags/credentials/email.json @@ -0,0 +1,17 @@ +{ + "id": "email", + "ldap_dn": { + "encrypted_data": "jMHHa8DeU4HCieF/ElOxrNJcHLRzjXGGFB1eJubtiARFpMYx+4hG\n", + "iv": "ojKHl8Va1GOj1sfr\n", + "auth_tag": "wkHLRyFF7WYllh+hXRIBJA==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "ldap_dnpass": { + "encrypted_data": "mCyzownpB0Q7BW4k7E+yXIwzSzaChPTEZHAWGiEcnXo2ioQ=\n", + "iv": "jc9/VY7AlQ5ttMm8\n", + "auth_tag": "mAZuoZOIJ4zRLdYbaetiag==\n", + "version": 3, + "cipher": "aes-256-gcm" + } +} \ No newline at end of file From 495a4231fbd9dd75aee070438b3d44e5beaf10d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 1 Dec 2023 09:59:41 +0100 Subject: [PATCH 04/95] Add mail server node --- clients/email-1.json | 4 +++ nodes/mail.kosmos.org.json | 67 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 clients/email-1.json create mode 100644 nodes/mail.kosmos.org.json diff --git a/clients/email-1.json b/clients/email-1.json new file mode 100644 index 0000000..5f0be00 --- /dev/null +++ b/clients/email-1.json @@ -0,0 +1,4 @@ +{ + "name": "email-1", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDRdvMYKRjejoFsOxS6s\n4gj0Gsaxk/j25A5VPHBcEhr+NOh8W/6NnTTHuFMaorEIl/2kscgrcwriDN7xIFmO\nz/C1+spDLPMGSWd+422KSS3fjVfByLlMwxh171RDZBlZVze7H7CIV/rxCG7Ri85y\nPvyp2rT4ioyVGyYK3e8CiXwQckpFC1ex9VRk/GR8zbCYUIw+qbTFRcl/mQuxKqWK\n22vrgAR+6OL8lcyhssmKiQ1r3GtxwJusgffw4/5S8sRR1z8OB4wiwgOWR1E36EbF\nhTBjFzPiKVjVjP/TQpUoYdnBhuD223M8nPWJl1HMVQPMjL6R2BBOF+iK0Wx9SiFD\nJwIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/mail.kosmos.org.json b/nodes/mail.kosmos.org.json new file mode 100644 index 0000000..e9b7f83 --- /dev/null +++ b/nodes/mail.kosmos.org.json @@ -0,0 +1,67 @@ +{ + "name": "mail.kosmos.org", + "chef_environment": "production", + "normal": { + "knife_zero": { + "host": "10.1.1.141" + } + }, + "automatic": { + "fqdn": "mail.kosmos.org", + "os": "linux", + "os_version": "5.15.0-1045-kvm", + "hostname": "mail", + "ipaddress": "192.168.122.127", + "roles": [ + "base", + "kvm_guest", + "email_server", + "ldap_client" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_kvm::guest", + "kosmos-dirsrv::hostsfile", + "kosmos_email", + "kosmos_email::default", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "hostname::default", + "kosmos-base::letsencrypt", + "kosmos_email::postfix", + "postfix::server", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::relay_restrictions", + "kosmos_email::dovecot" + ], + "platform": "ubuntu", + "platform_version": "22.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "18.3.0", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.3.0/lib", + "chef_effortless": null + }, + "ohai": { + "version": "18.1.4", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai" + } + } + }, + "run_list": [ + "role[base]", + "role[kvm_guest]", + "role[email_server]" + ] +} From 9d0ff358ef2d6e1a63c8f465c54b831dcd6896cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 1 Dec 2023 10:00:07 +0100 Subject: [PATCH 05/95] Only use certbot deploy hook when applicable --- site-cookbooks/kosmos-base/resources/tls_cert_for.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-base/resources/tls_cert_for.rb b/site-cookbooks/kosmos-base/resources/tls_cert_for.rb index c359ac4..02e73d2 100644 --- a/site-cookbooks/kosmos-base/resources/tls_cert_for.rb +++ b/site-cookbooks/kosmos-base/resources/tls_cert_for.rb @@ -36,8 +36,8 @@ action :create do --agree-tos \ --manual-auth-hook '#{hook_path} auth' \ --manual-cleanup-hook '#{hook_path} cleanup' \ - --deploy-hook /etc/letsencrypt/renewal-hooks/post/openresty \ --email ops@kosmos.org \ + #{node.run_list.roles.include?("openresty_proxy") ? '--deploy-hook /etc/letsencrypt/renewal-hooks/post/openresty' : nil } \ #{domains.map {|d| "-d #{d}" }.join(" ")} CMD not_if do From 335a0821712ac92a498e84d097dbb90069f7ff21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 1 Dec 2023 10:00:35 +0100 Subject: [PATCH 06/95] Put an LDAP server in the production env --- nodes/ldap-4.kosmos.org.json | 1 + 1 file changed, 1 insertion(+) diff --git a/nodes/ldap-4.kosmos.org.json b/nodes/ldap-4.kosmos.org.json index 4a7230c..f66c37e 100644 --- a/nodes/ldap-4.kosmos.org.json +++ b/nodes/ldap-4.kosmos.org.json @@ -1,5 +1,6 @@ { "name": "ldap-4.kosmos.org", + "chef_environment": "production", "normal": { "knife_zero": { "host": "10.1.1.106" From e4abfb1b756c89d57467540357ce82e7d34bd8ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 1 Dec 2023 10:01:34 +0100 Subject: [PATCH 07/95] Use more reasonable priority for attributes in recipe --- .../kosmos-postfix/recipes/default.rb | 42 ++++++------------- 1 file changed, 12 insertions(+), 30 deletions(-) diff --git a/site-cookbooks/kosmos-postfix/recipes/default.rb b/site-cookbooks/kosmos-postfix/recipes/default.rb index 8fa2c14..53e0837 100644 --- a/site-cookbooks/kosmos-postfix/recipes/default.rb +++ b/site-cookbooks/kosmos-postfix/recipes/default.rb @@ -2,39 +2,21 @@ # Cookbook Name:: kosmos-postfix # Recipe:: default # -# The MIT License (MIT) -# -# Copyright:: 2019, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. + +node.default['postfix']['main']['smtp_tls_CAfile'] = '/etc/ssl/certs/ca-certificates.crt' +node.default['postfix']['main']['smtpd_tls_CAfile'] = '/etc/ssl/certs/ca-certificates.crt' + +return if node.run_list.roles.include?("email_server") smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp') -node.override['postfix']['sasl']['smtp_sasl_user_name'] = smtp_credentials['user_name'] -node.override['postfix']['sasl']['smtp_sasl_passwd'] = smtp_credentials['password'] -node.override['postfix']['sasl_password_file'] = "#{node['postfix']['conf_dir']}/sasl_passwd" +node.default['postfix']['sasl']['smtp_sasl_user_name'] = smtp_credentials['user_name'] +node.default['postfix']['sasl']['smtp_sasl_passwd'] = smtp_credentials['password'] +node.default['postfix']['sasl_password_file'] = "#{node['postfix']['conf_dir']}/sasl_passwd" # Postfix doesn't support smtps relayhost, use STARTSSL instead -node.override['postfix']['main']['relayhost'] = smtp_credentials['relayhost'] -node.override['postfix']['main']['smtp_sasl_auth_enable'] = 'yes' -node.override['postfix']['main']['smtp_sasl_password_maps'] = "hash:#{node['postfix']['sasl_password_file']}" -node.override['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous' -node.override['postfix']['main']['smtp_tls_CAfile'] = '/etc/ssl/certs/ca-certificates.crt' -node.override['postfix']['main']['smtpd_tls_CAfile'] = '/etc/ssl/certs/ca-certificates.crt' +node.default['postfix']['main']['relayhost'] = smtp_credentials['relayhost'] +node.default['postfix']['main']['smtp_sasl_auth_enable'] = 'yes' +node.default['postfix']['main']['smtp_sasl_password_maps'] = "hash:#{node['postfix']['sasl_password_file']}" +node.default['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous' include_recipe 'postfix::default' From 89d00afd1cbfe60f5564bf842f61713605b87f8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 1 Dec 2023 10:02:11 +0100 Subject: [PATCH 08/95] Set up email proxy --- nodes/draco.kosmos.org.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json index 82b3a25..9854a65 100644 --- a/nodes/draco.kosmos.org.json +++ b/nodes/draco.kosmos.org.json @@ -26,6 +26,7 @@ "roles": [ "base", "kvm_host", + "email_proxy", "openresty_proxy", "openresty", "garage_gateway", @@ -36,6 +37,7 @@ "kosmos-base::default", "kosmos_kvm::host", "kosmos_kvm::backup", + "kosmos_email::firewall", "kosmos_openresty", "kosmos_openresty::default", "kosmos_openresty::firewall", @@ -119,6 +121,7 @@ "run_list": [ "role[base]", "role[kvm_host]", + "role[email_proxy]", "role[openresty_proxy]", "recipe[kosmos_encfs]", "recipe[kosmos-ejabberd::firewall]", From 366c0c0d3c3715c9fef2e0dd31fe4a08cec8ee59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 1 Dec 2023 10:02:25 +0100 Subject: [PATCH 09/95] Add WIP email domain and hostname --- environments/production.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/environments/production.json b/environments/production.json index 8404558..76db794 100644 --- a/environments/production.json +++ b/environments/production.json @@ -19,6 +19,10 @@ "ejabberd": { "turn_ip_address": "148.251.83.201" }, + "email": { + "domain": "mail.kosmos.org", + "hostname": "mail.kosmos.org" + }, "garage": { "replication_mode": "2", "s3_api_root_domain": "s3.kosmos.org", From ce00852bba1e948788b74ed5491b7b954a02a6da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 1 Dec 2023 12:19:21 +0100 Subject: [PATCH 10/95] Remove obsolete config file --- site-cookbooks/kosmos_email/recipes/postfix.rb | 13 ------------- .../templates/ldap-virtual-mailboxes.cf.erb | 7 ------- 2 files changed, 20 deletions(-) delete mode 100644 site-cookbooks/kosmos_email/templates/ldap-virtual-mailboxes.cf.erb diff --git a/site-cookbooks/kosmos_email/recipes/postfix.rb b/site-cookbooks/kosmos_email/recipes/postfix.rb index 3a46d3d..ef1b9e4 100644 --- a/site-cookbooks/kosmos_email/recipes/postfix.rb +++ b/site-cookbooks/kosmos_email/recipes/postfix.rb @@ -124,19 +124,6 @@ template "/etc/postfix/ldap-aliases.cf" do notifies :restart, "service[postfix]", :delayed end -# template "/etc/postfix/ldap-virtual-mailboxes.cf" do -# source "ldap-virtual-mailboxes.cf.erb" -# mode 0600 -# variables server_host: "ldap.kosmos.local", -# bind_dn: credentials['ldap_dn'], -# bind_pw: credentials['ldap_dnpass'], -# search_base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org", -# query_filter: "maildrop=%s", -# result_attribute: "mailhome", -# result_format: "%s/mail/" -# notifies :restart, "service[postfix]", :delayed -# end - include_recipe 'postfix::server' service "postfix" do diff --git a/site-cookbooks/kosmos_email/templates/ldap-virtual-mailboxes.cf.erb b/site-cookbooks/kosmos_email/templates/ldap-virtual-mailboxes.cf.erb deleted file mode 100644 index b65d8d2..0000000 --- a/site-cookbooks/kosmos_email/templates/ldap-virtual-mailboxes.cf.erb +++ /dev/null @@ -1,7 +0,0 @@ -server_host = <%= @server_host %> -bind_dn = <%= @bind_dn %> -bind_pw = <%= @bind_pw %> - -query_filter = <%= @query_filter %> -result_attribute = <%= @result_attribute %> -result_format = <%= @result_format %> From 87411274aeab26e4178d7bf9a90c2086b839323f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 3 Dec 2023 18:29:35 +0100 Subject: [PATCH 11/95] Configure email domain for production --- environments/production.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environments/production.json b/environments/production.json index 76db794..1b83e66 100644 --- a/environments/production.json +++ b/environments/production.json @@ -20,7 +20,7 @@ "turn_ip_address": "148.251.83.201" }, "email": { - "domain": "mail.kosmos.org", + "domain": "kosmos.org", "hostname": "mail.kosmos.org" }, "garage": { From 738e96f7e4c792cee28b8cfed219e4306daaf954 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 3 Dec 2023 18:31:12 +0100 Subject: [PATCH 12/95] Fix auth for SMTP submission on port 465 --- site-cookbooks/kosmos_email/recipes/postfix.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/site-cookbooks/kosmos_email/recipes/postfix.rb b/site-cookbooks/kosmos_email/recipes/postfix.rb index ef1b9e4..6d6d18e 100644 --- a/site-cookbooks/kosmos_email/recipes/postfix.rb +++ b/site-cookbooks/kosmos_email/recipes/postfix.rb @@ -78,6 +78,7 @@ node.normal['postfix']['master'] = { "-o syslog_name=postfix/10465", "-o smtpd_tls_wrappermode=yes", "-o smtpd_sasl_auth_enable=yes", + "-o smtpd_relay_restrictions=permit_sasl_authenticated,reject", "-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject", "-o smtpd_sasl_type=dovecot", "-o smtpd_sasl_path=private/auth", From 568197737a7d0be94d9ccbe9864a7fc893ce22ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 3 Dec 2023 18:31:47 +0100 Subject: [PATCH 13/95] Fix SMTP connection delay when peer hostname cannot be resolved --- site-cookbooks/kosmos_email/recipes/postfix.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/site-cookbooks/kosmos_email/recipes/postfix.rb b/site-cookbooks/kosmos_email/recipes/postfix.rb index 6d6d18e..3942dd1 100644 --- a/site-cookbooks/kosmos_email/recipes/postfix.rb +++ b/site-cookbooks/kosmos_email/recipes/postfix.rb @@ -27,6 +27,7 @@ node.normal['postfix']['main']['mynetworks'] = ["10.1.1.0/24", "127.0.0.0/8"] node.normal['postfix']['main']['smtpd_use_tls'] = "yes" node.normal['postfix']['main']['smtpd_tls_cert_file'] = "/etc/letsencrypt/live/#{hostname}/fullchain.pem" node.normal['postfix']['main']['smtpd_tls_key_file'] = "/etc/letsencrypt/live/#{hostname}/privkey.pem" +node.normal['postfix']['main']['smtpd_peername_lookup'] = "no" node.normal['postfix']['main']['mailbox_transport'] = "lmtp:unix:private/dovecot-lmtp" node.normal['postfix']['main']['virtual_transport'] = "lmtp:unix:private/dovecot-lmtp" node.normal['postfix']['main']['smtputf8_enable'] = "no" From 8a7eeb1dd9b41fa931e3429eb7f73e0471bf6118 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 3 Dec 2023 18:32:55 +0100 Subject: [PATCH 14/95] Change INBOX location --- site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb b/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb index b5b0593..8d7b41f 100644 --- a/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb +++ b/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb @@ -27,7 +27,7 @@ # # # -mail_location = mbox:~/mail:INBOX=/var/mail/%d/%u +mail_location = mbox:~/mail:INBOX=~/mail/INBOX # If you need to set multiple mailbox locations or want to change default # namespace settings, you can do it by defining namespace sections. From fbad0bf8962aa8b4d1c86e3489282ad885171cd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 3 Dec 2023 18:33:12 +0100 Subject: [PATCH 15/95] More explicit postfix configs --- site-cookbooks/kosmos_email/recipes/postfix.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/site-cookbooks/kosmos_email/recipes/postfix.rb b/site-cookbooks/kosmos_email/recipes/postfix.rb index 3942dd1..7c61475 100644 --- a/site-cookbooks/kosmos_email/recipes/postfix.rb +++ b/site-cookbooks/kosmos_email/recipes/postfix.rb @@ -24,6 +24,9 @@ node.normal['postfix']['main']['mydomain'] = domain node.normal['postfix']['main']['myorigin'] = domain node.normal['postfix']['main']['myhostname'] = hostname node.normal['postfix']['main']['mynetworks'] = ["10.1.1.0/24", "127.0.0.0/8"] +node.normal['postfix']['main']['mydestination'] = [domain, hostname, 'localhost.localdomain', 'localhost'].compact +node.normal['postfix']['main']['smtp_use_tls'] = "yes" +node.normal['postfix']['main']['smtp_tls_security_level'] = "may" node.normal['postfix']['main']['smtpd_use_tls'] = "yes" node.normal['postfix']['main']['smtpd_tls_cert_file'] = "/etc/letsencrypt/live/#{hostname}/fullchain.pem" node.normal['postfix']['main']['smtpd_tls_key_file'] = "/etc/letsencrypt/live/#{hostname}/privkey.pem" From c9ad3c2d18a562ec38ca4a199662feb1fea95020 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 4 Dec 2023 13:33:23 +0100 Subject: [PATCH 16/95] Create/configure common default mailboxes --- .../templates/dovecot_10-mail.conf.erb | 84 ++++++++++++------- 1 file changed, 52 insertions(+), 32 deletions(-) diff --git a/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb b/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb index 8d7b41f..8833f28 100644 --- a/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb +++ b/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb @@ -40,43 +40,63 @@ mail_location = mbox:~/mail:INBOX=~/mail/INBOX # users can access all the shared mailboxes, assuming they have permissions # on filesystem level to do so. namespace inbox { - # Namespace type: private, shared or public - #type = private - - # Hierarchy separator to use. You should use the same separator for all - # namespaces or some clients get confused. '/' is usually a good one. - # The default however depends on the underlying mail storage format. - #separator = - - # Prefix required to access this namespace. This needs to be different for - # all namespaces. For example "Public/". - #prefix = - - # Physical location of the mailbox. This is in same format as - # mail_location, which is also the default for it. - #location = - - # There can be only one INBOX, and this setting defines which namespace - # has it. + type = private inbox = yes - # If namespace is hidden, it's not advertised to clients via NAMESPACE - # extension. You'll most likely also want to set list=no. This is mostly - # useful when converting from another server with different namespaces which - # you want to deprecate but still keep working. For example you can create - # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/". - #hidden = no + mailbox Drafts { + special_use = \Drafts + auto = subscribe + } - # Show the mailboxes under this namespace with LIST command. This makes the - # namespace visible for clients that don't support NAMESPACE extension. - # "children" value lists child mailboxes, but hides the namespace prefix. - #list = yes + mailbox Junk { + special_use = \Junk + auto = create + } - # Namespace handles its own subscriptions. If set to "no", the parent - # namespace handles them (empty prefix should always have this as "yes") - #subscriptions = yes + mailbox spam { + special_use = \Junk + auto = no + } - # See 15-mailboxes.conf for definitions of special mailboxes. + mailbox Spam { + special_use = \Junk + auto = no + } + + mailbox Trash { + special_use = \Trash + auto = subscribe + } + + mailbox TRASH { + special_use = \Trash + auto = no + } + + mailbox Sent { + special_use = \Sent + auto = subscribe + } + + mailbox "Sent Mail" { + special_use = \Sent + auto = no + } + + mailbox "Sent Messages" { + special_use = \Sent + auto = no + } + + mailbox Archive { + special_use = \Archive + auto = create + } + + mailbox "Archives" { + special_use = \Archive + auto = no + } } # Example shared namespace configuration From 42c04538d84dd63af85f16ddef2875c01e40ea79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 4 Dec 2023 13:40:37 +0100 Subject: [PATCH 17/95] Set up DKIM signing and verification --- .../kosmos_email/recipes/default.rb | 1 + .../kosmos_email/recipes/opendkim.rb | 74 +++++++++++++++++++ .../kosmos_email/recipes/postfix.rb | 5 +- .../kosmos_email/templates/opendkim.conf.erb | 59 +++++++++++++++ .../templates/opendkim_default.erb | 31 ++++++++ .../templates/opendkim_keytable.erb | 1 + .../templates/opendkim_signingtable.erb | 1 + 7 files changed, 171 insertions(+), 1 deletion(-) create mode 100644 site-cookbooks/kosmos_email/recipes/opendkim.rb create mode 100644 site-cookbooks/kosmos_email/templates/opendkim.conf.erb create mode 100644 site-cookbooks/kosmos_email/templates/opendkim_default.erb create mode 100644 site-cookbooks/kosmos_email/templates/opendkim_keytable.erb create mode 100644 site-cookbooks/kosmos_email/templates/opendkim_signingtable.erb diff --git a/site-cookbooks/kosmos_email/recipes/default.rb b/site-cookbooks/kosmos_email/recipes/default.rb index c431328..d775dfa 100644 --- a/site-cookbooks/kosmos_email/recipes/default.rb +++ b/site-cookbooks/kosmos_email/recipes/default.rb @@ -21,5 +21,6 @@ firewall_rule "private network access" do source "10.1.1.0/24" end +include_recipe 'kosmos_email::opendkim' include_recipe 'kosmos_email::postfix' include_recipe 'kosmos_email::dovecot' diff --git a/site-cookbooks/kosmos_email/recipes/opendkim.rb b/site-cookbooks/kosmos_email/recipes/opendkim.rb new file mode 100644 index 0000000..1447895 --- /dev/null +++ b/site-cookbooks/kosmos_email/recipes/opendkim.rb @@ -0,0 +1,74 @@ +# +# Cookbook:: kosmos_email +# Recipe:: opendkim +# + +%w[ + opendkim + opendkim-tools +].each do |pkg| + apt_package pkg +end + +domain = node["email"]["domain"] +selector = "mail" +socket = "inet:12301@localhost" + +template "/etc/opendkim.conf" do + source "opendkim.conf.erb" + mode 0644 + variables domain: domain, + selector: selector, + socket: socket + notifies :restart, "service[opendkim]", :delayed +end + +template "/etc/default/opendkim" do + source "opendkim_default.erb" + mode 0644 + variables socket: socket + notifies :restart, "service[opendkim]", :delayed +end + +directory "/run/opendkim" do + owner "opendkim" + group "opendkim" + action :create +end + +directory "/etc/opendkim" + +template "/etc/opendkim/keytable" do + source "opendkim_keytable.erb" + mode 0644 + variables domain: domain, + selector: selector + notifies :restart, "service[opendkim]", :delayed +end + +template "/etc/opendkim/signingtable" do + source "opendkim_signingtable.erb" + mode 0644 + variables domain: domain, + selector: selector + notifies :restart, "service[opendkim]", :delayed +end + +directory "/etc/opendkim/keys/#{domain}" do + recursive true +end + +execute "Create DKIM keys" do + cwd "/etc/opendkim/keys/#{domain}" + command "opendkim-genkey -s #{selector} -d #{domain}" + creates "/etc/opendkim/keys/#{domain}/#{selector}.private" +end + +file "/etc/opendkim/keys/#{domain}/#{selector}.private" do + owner "opendkim" + group "opendkim" +end + +service "opendkim" do + action [:enable, :start] +end diff --git a/site-cookbooks/kosmos_email/recipes/postfix.rb b/site-cookbooks/kosmos_email/recipes/postfix.rb index 7c61475..1e9475c 100644 --- a/site-cookbooks/kosmos_email/recipes/postfix.rb +++ b/site-cookbooks/kosmos_email/recipes/postfix.rb @@ -36,7 +36,10 @@ node.normal['postfix']['main']['virtual_transport'] = "lmtp:unix:private/dovecot node.normal['postfix']['main']['smtputf8_enable'] = "no" node.normal['postfix']['main']['recipient_delimiter'] = "+" node.normal['postfix']['main']['alias_maps'] = "hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf" -# node.normal['postfix']['main']['virtual_mailbox_maps'] = "ldap:/etc/postfix/ldap-virtual-mailboxes.cf" +node.normal['postfix']['main']['milter_protocol'] = "2" +node.normal['postfix']['main']['milter_default_action'] = "accept" +node.normal['postfix']['main']['smtpd_milters'] = "inet:localhost:12301" +node.normal['postfix']['main']['non_smtpd_milters'] = "inet:localhost:12301" node.normal['postfix']['master'] = { "#{ip_addr}:2525": { diff --git a/site-cookbooks/kosmos_email/templates/opendkim.conf.erb b/site-cookbooks/kosmos_email/templates/opendkim.conf.erb new file mode 100644 index 0000000..9616128 --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/opendkim.conf.erb @@ -0,0 +1,59 @@ +# This is a basic configuration for signing and verifying. It can easily be +# adapted to suit a basic installation. See opendkim.conf(5) and +# /usr/share/doc/opendkim/examples/opendkim.conf.sample for complete +# documentation of available configuration parameters. + +Syslog yes +SyslogSuccess yes +LogWhy yes + +AutoRestart yes +AutoRestartRate 10/1h + +# Common signing and verification parameters. In Debian, the "From" header is +# oversigned, because it is often the identity key used by reputation systems +# and thus somewhat security sensitive. +Canonicalization relaxed/simple +Mode sv +#SubDomains no +OversignHeaders From + +# Signing domain, selector, and key (required). For example, perform signing +# for domain "example.com" with selector "2020" (2020._domainkey.example.com), +# using the private key stored in /etc/dkimkeys/example.private. More granular +# setup options can be found in /usr/share/doc/opendkim/README.opendkim. +Domain <%= @domain %> +Selector <%= @selector %> +#KeyFile /etc/dkimkeys/example.private + +# In Debian, opendkim runs as user "opendkim". A umask of 007 is required when +# using a local socket with MTAs that access the socket as a non-privileged +# user (for example, Postfix). You may need to add user "postfix" to group +# "opendkim" in that case. +UserID opendkim +UMask 007 + +# Socket for the MTA connection (required). If the MTA is inside a chroot jail, +# it must be ensured that the socket is accessible. In Debian, Postfix runs in +# a chroot in /var/spool/postfix, therefore a Unix socket would have to be +# configured as shown on the last line below. +Socket local:/run/opendkim/opendkim.sock +#Socket inet:8891@localhost +#Socket inet:8891 +#Socket local:/var/spool/postfix/opendkim/opendkim.sock + +PidFile /run/opendkim/opendkim.pid + +# Hosts for which to sign rather than verify, default is 127.0.0.1. See the +# OPERATION section of opendkim(8) for more information. +#InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12 + +KeyTable refile:/etc/opendkim/keytable +SigningTable refile:/etc/opendkim/signingtable + +# The trust anchor enables DNSSEC. In Debian, the trust anchor file is provided +# by the package dns-root-data. +TrustAnchorFile /usr/share/dns/root.key +#Nameservers 127.0.0.1 + +Socket <%= @socket %> diff --git a/site-cookbooks/kosmos_email/templates/opendkim_default.erb b/site-cookbooks/kosmos_email/templates/opendkim_default.erb new file mode 100644 index 0000000..08e9032 --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/opendkim_default.erb @@ -0,0 +1,31 @@ +# NOTE: This is a legacy configuration file. It is not used by the opendkim +# systemd service. Please use the corresponding configuration parameters in +# /etc/opendkim.conf instead. +# +# Previously, one would edit the default settings here, and then execute +# /lib/opendkim/opendkim.service.generate to generate systemd override files at +# /etc/systemd/system/opendkim.service.d/override.conf and +# /etc/tmpfiles.d/opendkim.conf. While this is still possible, it is now +# recommended to adjust the settings directly in /etc/opendkim.conf. +# +#DAEMON_OPTS="" +# Change to /var/spool/postfix/run/opendkim to use a Unix socket with +# postfix in a chroot: +#RUNDIR=/var/spool/postfix/run/opendkim +RUNDIR=/run/opendkim +# +# Uncomment to specify an alternate socket +# Note that setting this will override any Socket value in opendkim.conf +# default: +#SOCKET=local:$RUNDIR/opendkim.sock +# listen on all interfaces on port 54321: +#SOCKET=inet:54321 +# listen on loopback on port 12345: +#SOCKET=inet:12345@localhost +# listen on 192.0.2.1 on port 12345: +#SOCKET=inet:12345@192.0.2.1 +SOCKET=<%= @socket %> +USER=opendkim +GROUP=opendkim +PIDFILE=$RUNDIR/$NAME.pid +EXTRAAFTER= diff --git a/site-cookbooks/kosmos_email/templates/opendkim_keytable.erb b/site-cookbooks/kosmos_email/templates/opendkim_keytable.erb new file mode 100644 index 0000000..9935194 --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/opendkim_keytable.erb @@ -0,0 +1 @@ +<%= @selector %>._domainkey.<%= @domain %> <%= @domain %>:<%= @selector %>:/etc/opendkim/keys/<%= @domain %>/mail.private diff --git a/site-cookbooks/kosmos_email/templates/opendkim_signingtable.erb b/site-cookbooks/kosmos_email/templates/opendkim_signingtable.erb new file mode 100644 index 0000000..5f21353 --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/opendkim_signingtable.erb @@ -0,0 +1 @@ +*@<%= @domain %> <%= @selector %>._domainkey.<%= @domain %> From c746b38ebfdbca5c7a2b5cb8a83a2a39e64978d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Tue, 5 Dec 2023 14:19:52 +0100 Subject: [PATCH 18/95] Update node info --- nodes/mail.kosmos.org.json | 1 + 1 file changed, 1 insertion(+) diff --git a/nodes/mail.kosmos.org.json b/nodes/mail.kosmos.org.json index e9b7f83..0e7f7b0 100644 --- a/nodes/mail.kosmos.org.json +++ b/nodes/mail.kosmos.org.json @@ -36,6 +36,7 @@ "kosmos-postfix::default", "hostname::default", "kosmos-base::letsencrypt", + "kosmos_email::opendkim", "kosmos_email::postfix", "postfix::server", "postfix::default", From b1763cd032ed50227fd8d6b9546944732be03f60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Tue, 5 Dec 2023 18:04:57 +0100 Subject: [PATCH 19/95] Pattern-match node names for VM backup exclusion --- environments/production.json | 6 +++--- site-cookbooks/kosmos_kvm/recipes/backup.rb | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/environments/production.json b/environments/production.json index 8404558..cdc5ada 100644 --- a/environments/production.json +++ b/environments/production.json @@ -45,9 +45,9 @@ "kosmos_kvm": { "backup": { "nodes_excluded": [ - "garage-2", "garage-3", "garage-4", - "postgres-5", - "rsk-mainnet-2", "rsk-testnet-3" + "garage-", + "rsk-", + "postgres-5" ] } }, diff --git a/site-cookbooks/kosmos_kvm/recipes/backup.rb b/site-cookbooks/kosmos_kvm/recipes/backup.rb index e2da98a..ae49929 100644 --- a/site-cookbooks/kosmos_kvm/recipes/backup.rb +++ b/site-cookbooks/kosmos_kvm/recipes/backup.rb @@ -54,7 +54,7 @@ end vm_domains = search(:node, "role:kvm_guest").map{|n| n["hostname"] } \ & `virsh list --name`.strip.chomp.split("\n") -vm_domains.reject! { |d| node["kosmos_kvm"]["backup"]["nodes_excluded"].include?(d) } +vm_domains.reject! { |d| node["kosmos_kvm"]["backup"]["nodes_excluded"].any?{ |n| d.match?(/^#{n}/) } } template "/root/backups/backup_all_vms.sh" do source "backup_all_vms.sh.erb" From 769ac4a08194ed3dce044da68a4b9ae8cb8696ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Tue, 5 Dec 2023 18:09:44 +0100 Subject: [PATCH 20/95] Support node-specific borg repo config --- data_bags/credentials/borg.json | 25 +++++++++++++-------- site-cookbooks/kosmos_kvm/recipes/backup.rb | 12 ++++++++-- 2 files changed, 26 insertions(+), 11 deletions(-) diff --git a/data_bags/credentials/borg.json b/data_bags/credentials/borg.json index 25b875b..3fd251c 100644 --- a/data_bags/credentials/borg.json +++ b/data_bags/credentials/borg.json @@ -1,23 +1,30 @@ { "id": "borg", "ssh_key": { - "encrypted_data": "znPXuD/hMY4+1eihuSx1sB/QKohd92B8/TkZd5g+J+uH1yedbeKosc+q7fJT\njlFy0ebySS5URB1O5ij4/YbulnhcNhYb5/ozf6GnhBl2VlmQD0fdE+NlSlGf\nB6nM+qbvtR9V2sAtaVaugILHy4jD/y1jBnh3VyoKtiLG9WrPe1Q5gwTxEDLi\nn7qpcamZt1D5QB+6kMpVqAmL4oV0oFervfrRcf1QyR0vriwdAMz2+iuQ6/Cq\nyRSDkuaGChrX3W8hd+WkaQaU3ak6A2Ih9iO8MIa9j75FpzCDnBl0A1WLvzeC\ngILDFT0J1eSnDhAZfpOPZxCkaGB6ueop1BwWGhtmDZns1IdKccKRhK56i7BC\nGaJv8nDYxmSq90RYZdhnmbVPCyNrbcj+Pkun+N/us7WE2mYZZTXXy0CE1WMC\n0xglisNS06ODTToD8dmv3wLqeS4yk0Ws9JypWxjUS0NGc9k/uGa5MGIBxJfm\nsi4X0ZaoxMPHmNnOCMMIC0MQE82tBtA3tM2mxd6rohgtdtpo9cxsKWW2Pu3O\nW6Wq/A3d4X/9+LbjQKe48gqCeuZXanJxniBtdm2Z08Yi30/lQRwhauGXP1FT\nyot2FVZLLdTHaDHdcaUjU8A/NJsS+DRPWT8xAk1w1jVPytQMZUrPUYbjPXTu\nhqj24Qyyxb836y23hVCNrrRJg35Mb/mHy8LEbxJ1cxoekAR8d5r+yR5UF72j\nDLg+7fEqzIoSqjFB5Ho2hemTzajxwD2d+FATxQN7C+T1LBenDE/cw0HTKV/H\nnjPvb+bLfhCVb0xdkTlFlnF4WUn32tEQhTGrXefQcSV94Go75MoegIflwNo4\nnOsEOeD9VSwRKqsJ82pjRFaGr7HovakeqE/itruvEKGKn+53Sc9xVRgnyve7\nsQ0vdbVSsH6dBQJYDgSUdNNU9PXbqRqbk3CqFpQAEaxoy6mE9oPK89Mdx9mF\no9B8G291d1GvaOSvJjvlzlWmqUCYhQLR+HTeHf+5gp1dSJRlL3b55m1x7PCC\nB4Ma6XLo9gdF/XXGfZE98vg/MJ5w0JjLYouU/v8BaHNWdrxo5MEoky246LmL\ntLY57TbfGu8HTmvScir43hevIC4JqDHJhUQrz3vmd1yFcUBgWIqEYv6guU8K\nW9cYS+LBwbKDg7uXOx93P5pgPzMZbS0aBPt0QCwIwGmhQTPba+WWh6rPwNkl\nV4HRG0TgFJ8skgKWLhEMOYC02KRT/ve+OJ1LawqIK5BsMK81KoX2Drf7Oyba\nOkekMHsA9T6woSjIBTouKIz8r09vkJe9W/0pN7Y/NtE+y+FuZlKC1peafc3x\nE4ZhNotHtyAydsB6NgxpjkBNxUsVe+DlTyGCzEis/pG2XREUniiqd5DhbPKM\nH9EkXiRrtvrmD792ca8lGfMYTNOcoLD1vRlzFmHCjE7NOKAZ4lEwZWEGnxwp\nIEJFCScdPmDxK0uqMw2DaEjlAVblg1EOcs1xG4JwOcY/aWkuslp2MrmOIh7a\nSUdlr+SBi7faEMIslG24s3noDD4DFU5CQSb0ErH6j02VsUi90QYrm9XCkfEl\n2OcbvC9KICmKEj1mxvTQLBALtyTJGXIOzPbxp/Dw2a9o/WnsWDaXhTcLGqdu\nNn3ghESEb1G+pYHJa7lJ62RSQTpRp19gpdUS8SRhqwUkceFCnuuFST3SmspU\ngpjY8xsRZ3h9fzI/ob1nan5pXnzZCf76X7bGL3DqNlpq1SkdGI5NaN7ko42u\nkPafYy6MiAU6lYvg4G4pobJu8qnGcX9Wuf4K2Jl7niOQTUDIwjyrd+1uI9S2\nn5rLmwhQFxPrT/FuLg3nYAohrnAuMDXFQ13XO0q9smaSZDXPheGdTxT4HRTE\nkN1oAvvmhtVbBqNbKBY09Dn1khiUa3mIineJ6wuKS1buiTDlLGiSPAXhaJRB\naplbJLGjtBXSGiAuxHEb2l/G/kIa71R7Vc7h2fYzAXFbPhApllEof43cZVtM\n9kN1m2bshbAG2boD51jb9P4C9H73ICJXGDAUVvScgYAIs4YnCVFIPdmU6dP+\nd4yZTM9bxuezUI2sj6cpWcq8H9+skZjRY+J2vKH/twAaWcnxLUxKfLuUAWNy\nH63iRIAhaWfl3k6dhPbYFnsxrrch99NuMTAEyE5vykiCMg8WlCmittteGyIq\nfOs9eFaoNRkf4Qh5IrOUoPhXO/8Jw7eY3aK2bQvGuutlfxOYsFJWjK3qT7RQ\nAeyv639jDn1W3vvOlFX5+Xx8R5IZLVdElAe39y6rgw27pMZT+IJew/j5EF2j\nsinxUvARi98wW+NP8WXV5CMFXh2JnmxfTLvdsWHJlB/XyktIiJE4KaHlNIaV\nxLdKmarS3hS31DQmpB2LDGPp8QFyV9kY0gvE282A1Fs0w01pByKDcMmvr3pD\nHh40DfYt4ZTJGnLP69IKt3328KEeMlHqns22zZuAidMus1o6k4YkF1WNpZn2\nSdXVG0hcdnvRC4qKdVv+TBFuPSy68cdwPeHs612hcezoHi2pbTkM2YKDJ75m\nvqaBzdpSDcuKVovuwBt3/guHoLD2ipRM0EfZ208aKiuOuYXwGD3PPm5WKUvd\nBSiZw7p37QY6zYh0/bTN2FumftYWz7mrZL4pFIcd8m/tSlU537+TnCbPm1KT\nWFVFBonxsyhHnZC4X0YQQTZ0V9TKCGWdVUgRxZwwQ/0acxFe1j1bqVnDBxR6\nH98xnEPvEh6bHpHujwcdCKTN4AbIJcFVKuCyvl/OtzMBjUXVKOAZcRS42TvY\nkhzQXiOOKqoE29aNDtQ/VRC8s1aN6L6xCorlCcBBurMcmDdJy+r4YUrNqmEA\nZQwFecRXxwzguk6GR3m8RzY1iDRSqm+yCMqjWKx6eycV91izjXbueT45g3Hn\nSqw2cw6rowGZUEcP3vRdHyxsJSEG2kPvU9JLzgkCwUovtlbdHee2JkV9TdkF\nzEMxjA9B5mxPp5lMFj8jhHhzDmZRxpW/EUBZCkZh5SVbGeg6qTFKRS6zZPYC\nkfv0XICx154cOj0TsW4QHxTHLOV9r93HIPihZDHg2udN7JhYfwsO4RbwDQEv\nxumaM3NTGrXOBxV2vtYSoGSQOmCd8X+gXKxKtTeaV4rCm2aIGVsdfeYQTNSD\nrBxetCJdGB0DrEAr/9bJ5RS2CB9JmEa4ktMHEFTmvTqhWu4Ye2TJBC+H/yqP\nNrYQ4+5lYnZ4BuvxKBvhbH52UURqG27NwQXmFd/h3NlI5GVi5tveRO1+3F1j\ncMTgj49UCB2SNndcJDkK9z7kSBdnmtNo3m3/K9wucw9NxH7sM0yrgeQupbrU\nlgsobzoGluvBijJlp6A7qy4AoOsDGoo4gevK23CR8XN+droGY2RGWThWGuPZ\np7hsG/0f6ICQmU8ARsj/Civ9EbGe/2ZnlHafBtRhmfpZp2/Y7UxX6pmcNARB\nj8Gmr9DWiUXKUBtIkiBSTr7keRF8GuaXSc4pz1phKuAhngy7rYuMhqQr7Sw0\nJCk7cwdvZdq/erjtIh/AHJOPboUCalsLfTdMJguuocUuQr+SEg==\n", - "iv": "3uagVTqoXUcWvs9W\n", - "auth_tag": "s3wlsnLRHCI2NjC6/ZwbiQ==\n", + "encrypted_data": "oK6Q98lJxmXGtnV9EjkgXmcObYt4eHlI6DMTRVrKn5zEBTBH7e66oXpx1nW9\nyvbxrDkJsgAEsx5ty3ktVwGgziZIGB9AnXbtVw0C/uQZ/omNtzL+J7l7MTHS\nfdUboBX2U3WI7oO+DPVHcfSB9ua5OqSdxw+arYjMd2iJUJ3EL5W6OcUfmYEz\nytmcqIol0/3f0xJ02Zj1YejZ3LTcZ2NG3nYFe0V5VJXBCtYeBnvFqpTkaRvm\nB1BdzslaFTWpjlNbOFjSWkl/Ky98En9I2nPFghgwr0W2/niTo5jcdS6wpNGt\nZKRSoF7ShJVlwMW+82WY5XdAJQFUuCDXroaOlu101dz1capzvcAow7J3I+Pm\nd3ylMal41sPiDRaUdLeFFkcinXZpu3PmCwehISDB4adVQMVkicUiusNjMqlU\nX5Dp7ALCJKkl0TMRTDho5+RqWYRNN8XJ6cxTsy3WrXND6ytw50A2fakT/Nds\n3qAWWuKh0HExVvQXJoB/uej0BIC37HNJg4OeD/oOCStoTD9D7an2SkP9Qopg\n7yBYMLqS2lOI8/avCDI/bwkPlIe0LtKomcNuE33bGeasrO4Hqi/v4R2Fzx3C\ntelWtWoKX+aJUylCBOEf11Xbkfm5BV6WitrfkAMfLwa+vBvMYbRp+58L8uVx\nNvjCYqrSArKcTHh6FdqFmljj/Lssfn5Y0EaRJ0oA/i+4XhnyNNDC52LyjVbY\ne2399bX/SAxh4MeJM4CbCn1qEELioQJznJhnt8jmCEHbMJ7s34ewJWMaPfAa\n6Tl2QGxsbSqHDkcINdxl6MIy/v2NInIH8Wjo/AlSoU9fjWlxPafE40f27/8v\nGQdXRNM5/BbADrSr2MFPTqJdTSKjC8a3m6LaHJg6sON+JtsAmflV2mZ2qKhg\n1klfj9Qvr2MwC5a6xseuAbpQoAVfle/+iQI3l5hYxaSanCPUzwkD5RSL/YfX\nwWxT9WmkC7+iHif5ZkZ4YwMSdt+NJcULqYGot2f+gugYFsYGvdGc+8UVH6wM\n1W/iLOZU4KZ1wAZvoh/rMiZN3Z5yUMHc0LDUY+1pZSBylPauvrkjVRYSD9K+\n+KX1gkvwsgn3+AVqZZ2Kqlj/6oFqdXdEHnbqZAhWBRmNrHu5lcrc4QUmaSqN\n+UlWLXfK5FGBaGVm6Bzz2tHzUTNjxrJKkrx1WK6pm/qGFiRsCMDJMJtLyD0/\n0g6vtD8jf2OYZudayGOHQhfTrQRD3ByAhjeprXTc4sUxt2ogLN+23FIaswbE\nAcL9R/un1Ym7OPUBE3KNJ9GE524Op9I+7XPr9JEC2R9DqVcm6XYbS5u7YB5g\n5W1OK0KX3AC1dt8Tkezp+Rp3nV86UUJFCQcWUXc51+lNk31BUtuUGIGbnFdZ\nm9m5xlNmApvQ/25y0Nbw2QhmB/4l8Aqj+OGXLHWLv2DFfxwxUfyUZCzYg1XS\nTFr58cDSCmHFMkJDPzY6YBasgPMSRgdZDdJMXSumpO5wqygcgqtT9LiT073X\n2DfG1tIAx2F4H1HuxAnLygQxVf33eGJVMJbPuDCo2G2uvJYfj2zJJQsBsBgZ\n5XD1rEyjLuekfLysn2G3ZMLczWSn2oyvxt/+gUGhfij84YsQp415W+7LJY+1\nd+3F7+qyYnOE2uTzmqk63IZ9sSPIM8seXUKrWd95KtjKG/zvILW5ksye3X3R\nwsVSeu/+tATxZhFH0bdgo+vcZB+CA8IhUqdjigKTSQo3O/CMqPn2yKhY9j3D\nBabR6Vo1Ip68n6dfbZ/DtrPmcm+XD8fxflm0Ssx/vbRsiPn2zwPDWek92TKP\n8Y9rD8t+H6hoDKXLJZWpJPhAtnjJWkpY4qVErtoDQ5yfViuC+qlfpoRlRa4R\nQsiSYERhqeXZeWLMk/hwoEx32DhgOwLhfX6NP5j1vXNeRfBc9zvj+V1Izhkt\naQLy+8z1gvHKMjWy9TLvLjFT3XyJY4ePlVUCJJ9DGCjBO8tuwcNt6ZGfjwv7\nrorBDF8BeBQFhv/Cd+B78Avc8BptLXFscPHt2a31X4sFbrrDh5g0ZylD7xLB\nj45jID4tLHrgHRZ5aRIzBO1OhNUONMJuNZ+XlXAFx2bjx09HZq1cYfKimHg5\nM5um+/h8X202wr9shY1HguzuGCBlDAv4X1Qjoz12B4U1FY9c665AmC5iJaWN\nm/PFXwPa4aynOTdJrhmPRcnqI8WzDbS4/EedzpKCSn1WcHe52oMtXcC8yLAD\nM1BOcpPXWXCFc9NNOHcq5bBAB/+4sVGnBDKMUisiVGeLCck5BePH2loLdezF\nRcDEZ5uXyLWypzHLmRODRCeJcP/LaI6dAHyeRF3IYXMR/nls21wzE1+6nEpI\n6YUxdCiFPaZxDKuZzjolsACBbU+vb1lGOmj2aR0VQxg+UlPLl78/jj6ZIqKj\n11Atoxz6rVrm1kAkYSArDs6AH9xt+B33rlwloIeChLbNFpHJJbvJlcmR+q67\nMbgb1Dz0tKESxzjlep+N17+KpFtbHdGBkwLhEFphFekoUQjOgLQKhmJRRN0+\nsvLY4/Yg6hmxJdeRZgRusFRcc3fnPrE9S+ms5nJ1MWSCzCfhhVLb8N7KB2h5\nYRQlB68mrI0PaBAaDiJsUuSujadvx42UWRQSmLssbf9DhY8Lr4HaP3qag7Hv\ntAZfzlQ1MGgDQ0EN3ctllhqQS8493/ToioarYulmWyYHPYNvV9qZlQm0//Tv\nutSHzmW5N/iIA3MuSHn36IWZeuAEnhMfm0RjVMh8Pb+05xc/Vebeg1yXMVFL\njDE02Sd37RtYx96Xvc14q5hnpxnBiOyUynmi3kjafb5WH5Wb6fpEuWxlSwyO\nR9EKIh6MOmdAXaVC+3gglsaO7DbPK6mNSE8zkI1dYleDHRs6m/UER2imaUlg\nkItsSuqDRzpeMoNZjs+9ATdFXClpgKKoyw8Okl/CapKVzdco2lRP9MLF61Al\nAA9ndyHiQOf0ttHv3rCLuCZ/+KBZNCn6ur65ykDbuivloZm/oCm7b1nGj7do\nPwB+QD4YxlNB+5OFOS7+KuiWafC5LUqsnjWoAQOmRLDCbQWPA3hkMs/dL4EO\n7NYtI+Ibmh81qOHPe4W/txkQi4fc+uxw/3cXT1pobvAnT4x28AxZxJqyIvDp\nwmoMYIpG68GjChZrKj6wyEVhc+N/7JyUbKZjuJymzzKWwhTWPN+qoIlDigxb\n7xrr8P+FtoLOcdwb5nr4JJ2T4Z/0oa4uIgYcIdBgI2AMHkpsT3eOXyqEO620\nWEyGmLCDAv/nbFn0QNBsDC386N4Dnic893r127SQHgo7Ln2rZg4+Ia3m+ADs\n1NWN1WLtD7AiRmegsZRcFp9UrBLyUo/EGGDzkRtWmw01HuLYRLMpvvhN/W9G\nekpLadu/+gZ+HMKzlG6LL9GC3cbiJSdd3gowL/eIbFnsifbiixW3kKDlWUxF\nekQ2jF1lcGhLJ5VnVsgTL0ASKUhHBSSY4GVahAz4je35dJ7BgPqKN+DYx3aO\nLDWU/0iENp0o5eIIP4p+4wW58OTpbkC3L8hOrC8Bi59PmYlKtg==\n", + "iv": "bhJZlhYQTG/xAvuY\n", + "auth_tag": "oqYQGqNaSFqpxfoJi/oOBQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "passphrase": { - "encrypted_data": "wzSJQ+VfZuXmqrL3xW/LxiUvF/B6EYHAQtmhrJjt2oMT1G2OEgp5\n", - "iv": "BqTyfQwKKCTOn3q3\n", - "auth_tag": "sh1e8UuQSrq1o5G0O5fXCA==\n", + "encrypted_data": "5n1l4Mi3ik1RgcF+c71fQbTS1kAOgNaGEcpdKV11uDbzHDVuw21S\n", + "iv": "N+AVJrfPxoRJlWOO\n", + "auth_tag": "x5Wr3zuJhCXzTIl3gAOA0w==\n", "version": 3, "cipher": "aes-256-gcm" }, "repository": { - "encrypted_data": "Ezc5YMp0VM82dlq0+ikk2xZeqNHi+XETlsc2cDlFG/NxY408JO3ErPDEa9d9\nzud+jcCt/01GKqPdslGhP3jsUUb/f3kWMkTWqGkyWXV1121E0uHwyrva62NT\n5A==\n", - "iv": "QtNBUjJ5NrQS0JD7\n", - "auth_tag": "ZQImzlvHWwX1OsxMZK1jGA==\n", + "encrypted_data": "Jz0IoAeeeF5lXMTgpkanRqshOxUW0IAJ8tUYFEQckWB13tmsEwNd+val8g+d\nkQ6NQMg8oLRtPbDOi6bTgmTykFrYW5JS5EiD2/ynQQktWA/ZIxnyuoHocX+A\naw==\n", + "iv": "BGl1aUBCHzuG61H+\n", + "auth_tag": "mlYt/CKamtPZTaESlG/lFA==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "nodes": { + "encrypted_data": "v9vXGwyAu2fqj5blo/6Jeht3R7SLlxMSWCuC2nTlURBODz9fled1z/LAoABc\nOaVLXKrgHYUnYgriSF7Q9zemrRnrcsPmqKFVLKqNDIjjyd1LnxwdopG9EGxD\nKNVY3GQI1L511kY+0ahZj6OJ63o0MSccysabSnptWNHCsD2eFh+77oMpYfYy\n3OWWLOT4kzK1lbNDmI8IM6JywLE=\n", + "iv": "r4LctfXGF86FNXbZ\n", + "auth_tag": "P01f5Vcxz8EyY6BohQWzOA==\n", "version": 3, "cipher": "aes-256-gcm" } diff --git a/site-cookbooks/kosmos_kvm/recipes/backup.rb b/site-cookbooks/kosmos_kvm/recipes/backup.rb index ae49929..09b6e9a 100644 --- a/site-cookbooks/kosmos_kvm/recipes/backup.rb +++ b/site-cookbooks/kosmos_kvm/recipes/backup.rb @@ -7,6 +7,14 @@ apt_package "borgbackup" borg_credentials = data_bag_item("credentials", "borg") +if borg_credentials["nodes"].keys.include?(node.name) + passphrase = borg_credentials["nodes"][node.name]["passphrase"] + repository = borg_credentials["nodes"][node.name]["repository"] +else + passphrase = borg_credentials["passphrase"] + repository = borg_credentials["repository"] +end + file "/root/.ssh/borg_rsa" do content borg_credentials["ssh_key"] mode '0600' @@ -15,8 +23,8 @@ end file "/root/.borg_credentials.env" do content <<-EOF BORG_RSH='ssh -i /root/.ssh/borg_rsa' -BORG_PASSPHRASE=#{borg_credentials["passphrase"]} -BORG_REPO='#{borg_credentials["repository"]}' +BORG_PASSPHRASE=#{passphrase} +BORG_REPO='#{repository}' EOF end From 7805182457abf183096422d5c2f7f3d814f2f2a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Tue, 5 Dec 2023 18:16:15 +0100 Subject: [PATCH 21/95] Change borg backup default interval to 3 hrs --- site-cookbooks/kosmos_kvm/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos_kvm/attributes/default.rb b/site-cookbooks/kosmos_kvm/attributes/default.rb index 08bc201..4783c7e 100644 --- a/site-cookbooks/kosmos_kvm/attributes/default.rb +++ b/site-cookbooks/kosmos_kvm/attributes/default.rb @@ -7,6 +7,6 @@ node.default["kosmos_kvm"]["host"]["qemu_base_image"] = { } # A systemd.timer OnCalendar config value -node.default["kosmos_kvm"]["backup"]["schedule"] = "daily" +node.default["kosmos_kvm"]["backup"]["schedule"] = "0/3:00" # Node/VM names excluded from backups node.default["kosmos_kvm"]["backup"]["nodes_excluded"] = [] From 4dbc960eed94d3ed42132f704dce1bbafbf93c21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Tue, 5 Dec 2023 18:19:48 +0100 Subject: [PATCH 22/95] Switch ejabberd node handling TURN Should use the same outgoing IP as for incoming --- site-cookbooks/kosmos-ejabberd/recipes/nginx.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-ejabberd/recipes/nginx.rb b/site-cookbooks/kosmos-ejabberd/recipes/nginx.rb index 9514014..1aded5c 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/nginx.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/nginx.rb @@ -19,7 +19,7 @@ end openresty_stream "ejabberd" do template "nginx_conf_streams.erb" - variables ejabberd_hosts: ["10.1.1.113"], + variables ejabberd_hosts: ["10.1.1.123"], stun_turn_port: node["ejabberd"]["stun_turn_port"], turn_min_port: node["ejabberd"]["turn_min_port"], turn_max_port: node["ejabberd"]["turn_max_port"] From cc6cebb8a2e7325f8b667a1574474aa0d5fa356e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Tue, 5 Dec 2023 18:20:27 +0100 Subject: [PATCH 23/95] Increase TURN throughput allowance --- site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb index 87a84a0..4d44c30 100644 --- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb +++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb @@ -106,8 +106,10 @@ auth_method: sql default_db: sql shaper: - normal: 1000 - fast: 50000 + normal: + rate: 3000 + burst_size: 20000 + fast: 100000 max_fsm_queue: 10000 From e3c4bf89695817c7e15e906392182c9759ab2493 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Tue, 5 Dec 2023 18:21:26 +0100 Subject: [PATCH 24/95] Update node config --- nodes/her.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nodes/her.json b/nodes/her.json index 4c59378..43402f3 100644 --- a/nodes/her.json +++ b/nodes/her.json @@ -1,5 +1,6 @@ { "name": "her", + "chef_environment": "production", "normal": { "knife_zero": { "host": "10.1.1.222" @@ -19,6 +20,7 @@ "kosmos-base", "kosmos-base::default", "kosmos_kvm::host", + "kosmos_kvm::backup", "apt::default", "timezone_iii::default", "timezone_iii::debian", From b3f2ca415ea0c35fc55fc56465df575e8b02097b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 6 Dec 2023 12:12:00 +0100 Subject: [PATCH 25/95] Set up SpamAssassin Scan incoming and outgoing email for spam. Use a local Unbound for DNS, so we don't run into blocks for RBL queries. --- Berksfile | 1 + Berksfile.lock | 2 + cookbooks/unbound/CHANGELOG.md | 64 ++++++ cookbooks/unbound/LICENSE | 201 ++++++++++++++++++ cookbooks/unbound/README.md | 78 +++++++ cookbooks/unbound/chefignore | 115 ++++++++++ cookbooks/unbound/kitchen.dokken.yml | 56 +++++ cookbooks/unbound/libraries/helpers.rb | 59 +++++ cookbooks/unbound/libraries/template.rb | 26 +++ cookbooks/unbound/metadata.json | 42 ++++ cookbooks/unbound/metadata.rb | 13 ++ cookbooks/unbound/recipes/default.rb | 25 +++ cookbooks/unbound/renovate.json | 6 + .../resources/config_authority_zone.rb | 93 ++++++++ cookbooks/unbound/resources/config_cachedb.rb | 67 ++++++ cookbooks/unbound/resources/config_dns64.rb | 58 +++++ .../unbound/resources/config_dnscrypt.rb | 80 +++++++ cookbooks/unbound/resources/config_dnstap.rb | 116 ++++++++++ .../resources/config_dynamic_library.rb | 48 +++++ .../unbound/resources/config_forward_zone.rb | 80 +++++++ .../unbound/resources/config_python_script.rb | 53 +++++ .../resources/config_remote_control.rb | 77 +++++++ .../unbound/resources/config_rpz_zone.rb | 98 +++++++++ cookbooks/unbound/resources/config_server.rb | 58 +++++ .../unbound/resources/config_stub_zone.rb | 84 ++++++++ cookbooks/unbound/resources/config_view.rb | 68 ++++++ cookbooks/unbound/resources/package.rb | 36 ++++ .../resources/partials/_config_file.rb | 122 +++++++++++ cookbooks/unbound/resources/service.rb | 69 ++++++ .../default/partials/_generic_config.erb | 22 ++ .../templates/default/unbound.conf.erb | 5 + nodes/mail.kosmos.org.json | 2 + .../kosmos_email/attributes/default.rb | 3 +- site-cookbooks/kosmos_email/metadata.rb | 1 + .../kosmos_email/recipes/default.rb | 2 + .../kosmos_email/recipes/postfix.rb | 5 +- .../kosmos_email/recipes/spamassassin.rb | 34 +++ .../kosmos_email/templates/spamass-milter.erb | 28 +++ .../templates/spamassassin_default.erb | 33 +++ .../templates/spamassassin_local.cf.erb | 119 +++++++++++ 40 files changed, 2145 insertions(+), 4 deletions(-) create mode 100644 cookbooks/unbound/CHANGELOG.md create mode 100644 cookbooks/unbound/LICENSE create mode 100644 cookbooks/unbound/README.md create mode 100644 cookbooks/unbound/chefignore create mode 100644 cookbooks/unbound/kitchen.dokken.yml create mode 100644 cookbooks/unbound/libraries/helpers.rb create mode 100644 cookbooks/unbound/libraries/template.rb create mode 100644 cookbooks/unbound/metadata.json create mode 100644 cookbooks/unbound/metadata.rb create mode 100644 cookbooks/unbound/recipes/default.rb create mode 100644 cookbooks/unbound/renovate.json create mode 100644 cookbooks/unbound/resources/config_authority_zone.rb create mode 100644 cookbooks/unbound/resources/config_cachedb.rb create mode 100644 cookbooks/unbound/resources/config_dns64.rb create mode 100644 cookbooks/unbound/resources/config_dnscrypt.rb create mode 100644 cookbooks/unbound/resources/config_dnstap.rb create mode 100644 cookbooks/unbound/resources/config_dynamic_library.rb create mode 100644 cookbooks/unbound/resources/config_forward_zone.rb create mode 100644 cookbooks/unbound/resources/config_python_script.rb create mode 100644 cookbooks/unbound/resources/config_remote_control.rb create mode 100644 cookbooks/unbound/resources/config_rpz_zone.rb create mode 100644 cookbooks/unbound/resources/config_server.rb create mode 100644 cookbooks/unbound/resources/config_stub_zone.rb create mode 100644 cookbooks/unbound/resources/config_view.rb create mode 100644 cookbooks/unbound/resources/package.rb create mode 100644 cookbooks/unbound/resources/partials/_config_file.rb create mode 100644 cookbooks/unbound/resources/service.rb create mode 100644 cookbooks/unbound/templates/default/partials/_generic_config.erb create mode 100644 cookbooks/unbound/templates/default/unbound.conf.erb create mode 100644 site-cookbooks/kosmos_email/recipes/spamassassin.rb create mode 100644 site-cookbooks/kosmos_email/templates/spamass-milter.erb create mode 100644 site-cookbooks/kosmos_email/templates/spamassassin_default.erb create mode 100644 site-cookbooks/kosmos_email/templates/spamassassin_local.cf.erb diff --git a/Berksfile b/Berksfile index ec09e0e..e82e5ed 100644 --- a/Berksfile +++ b/Berksfile @@ -37,6 +37,7 @@ cookbook 'timezone_iii', '= 1.0.4' cookbook 'ulimit', '~> 1.0.0' cookbook 'users', '~> 5.3.1' cookbook 'zerotier', '~> 1.0.7' +cookbook 'unbound', '~> 3.0.2' # openresty dependency cookbook 'jemalloc', '~> 0.1.7' diff --git a/Berksfile.lock b/Berksfile.lock index cf6ade6..c3bab6f 100644 --- a/Berksfile.lock +++ b/Berksfile.lock @@ -33,6 +33,7 @@ DEPENDENCIES ruby_build (~> 2.5.0) timezone_iii (= 1.0.4) ulimit (~> 1.0.0) + unbound (~> 3.0.2) users (~> 5.3.1) yum zerotier (~> 1.0.7) @@ -99,6 +100,7 @@ GRAPH seven_zip (4.2.2) timezone_iii (1.0.4) ulimit (1.0.0) + unbound (3.0.2) users (5.3.1) windows (7.0.2) yum (7.4.13) diff --git a/cookbooks/unbound/CHANGELOG.md b/cookbooks/unbound/CHANGELOG.md new file mode 100644 index 0000000..ce0a267 --- /dev/null +++ b/cookbooks/unbound/CHANGELOG.md @@ -0,0 +1,64 @@ +# CHANGELOG + +This file is used to list changes made in each version of the unbound cookbook. + +## 3.0.2 - *2023-10-02* + +- Update Ci files and remove CircleCI config + +## 3.0.1 - *2022-09-30* + +- Add missing `fallback-enable` setting to `config_authority_zone` + +## 3.0.0 - *2022-04-04* + +- Add separate configuration resources +- Default recipe now only runs installation +- Refactor configuration template to be Hash driven + +## 2.0.3 - *2022-03-04* + +- resolved cookstyle error: .delivery/project.toml:2:8 convention: `Style/StringLiterals` +- resolved cookstyle error: .delivery/project.toml:4:10 convention: `Style/StringLiterals` +- resolved cookstyle error: .delivery/project.toml:5:13 convention: `Style/StringLiterals` +- resolved cookstyle error: .delivery/project.toml:6:10 convention: `Style/StringLiterals` +- resolved cookstyle error: .delivery/project.toml:7:9 convention: `Style/StringLiterals` +- resolved cookstyle error: .delivery/project.toml:8:14 convention: `Style/StringLiterals` +- resolved cookstyle error: .delivery/project.toml:9:11 convention: `Style/StringLiterals` + +## 2.0.2 - *2021-08-31* + +- Standardise files with files in sous-chefs/repo-management + +## 2.0.1 - *2021-06-01* + +- Updated tests folder to match other cookbooks +- Updated spec platform to supported version + +## 2.0.0 - 2020-05-05 + +- Upgraded to circleci for testing +- Minimum Chef Infra Client version is now **13.0** +- Removed unused long_description metadata.rb field +- Simplify overly complex platform logic +- Migrate to actions for testing + +## [1.0.1] + +- Simplify logic with root_group +- Fix `root_group` not using new_resource +- Use strings for file modes +- Resolve foodcritic warnings in the `rr` resource +- Fix platform_family logic on the service Update platforms. +- Use dokken images for travis testing. +- Don't test on debian-8/9 and centos-6 as these services don't currently start. +- Account for a list of forward-addrs / effectively disable remote control (#27) + +## [1.0.0] + +- Add new custom resources `unbound_install` & `unbound_configure` + +## [0.1.1] + +- Adding support and kitchen testing for forward_zone generation +- Updating to use Sous Chefs guidelines diff --git a/cookbooks/unbound/LICENSE b/cookbooks/unbound/LICENSE new file mode 100644 index 0000000..11069ed --- /dev/null +++ b/cookbooks/unbound/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/unbound/README.md b/cookbooks/unbound/README.md new file mode 100644 index 0000000..700cf8a --- /dev/null +++ b/cookbooks/unbound/README.md @@ -0,0 +1,78 @@ +# Unbound Cookbook + +[![Cookbook Version](https://img.shields.io/cookbook/v/unbound.svg)](https://supermarket.chef.io/cookbooks/unbound) +[![Build Status](https://img.shields.io/circleci/project/github/sous-chefs/unbound/master.svg)](https://circleci.com/gh/sous-chefs/unbound) +[![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers) +[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors) +[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0) + +Installs and manages the unbound DNS server. + +- [http://unbound.net](http://unbound.net) + +## Maintainers + +This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF). + +## Requirements + +### Platform + +A platform with unbound available as a native package. The following platforms have unbound packaged, but note that the filesystem locations are not consistent and at this time only Linux + FHS is supported. + +- Ubuntu/Debian +- Red Hat/CentOS/Fedora (requires EPEL) +- FreeBSD + +### Chef + +- Chef 16 + +## Resources + +- [unbound_config_authority_zone](documentation/unbound_config_authority_zone.md) +- [unbound_config_cachedb](documentation/unbound_config_cachedb.md) +- [unbound_config_dns64](documentation/unbound_config_dns64.md) +- [unbound_config_dnscrypt](documentation/unbound_config_dnscrypt.md) +- [unbound_config_dnstap](documentation/unbound_config_dnstap.md) +- [unbound_config_dynamic_library](documentation/unbound_config_dynamic_library.md) +- [unbound_config_forward_zone](documentation/unbound_config_forward_zone.md) +- [unbound_config_python_script](documentation/unbound_config_python_script.md) +- [unbound_config_remote_control](documentation/unbound_config_remote_control.md) +- [unbound_config_rpz_zone](documentation/unbound_config_rpz_zone.md) +- [unbound_config_server](documentation/unbound_config_server.md) +- [unbound_config_stub_zone](documentation/unbound_config_stub_zone.md) +- [unbound_config_view](documentation/unbound_config_view.md) +- [unbound_package](documentation/unbound_package.md) +- [unbound_service](documentation/unbound_service.md) + +## Recipes + +### default + +Installs unbound using defaults. + +## Contributors + +This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false) + +### Backers + +Thank you to all our backers! + +![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40) + +### Sponsors + +Support this project by becoming a sponsor. Your logo will show up here with a link to your website. + +![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100) diff --git a/cookbooks/unbound/chefignore b/cookbooks/unbound/chefignore new file mode 100644 index 0000000..cc170ea --- /dev/null +++ b/cookbooks/unbound/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/cookbooks/unbound/kitchen.dokken.yml b/cookbooks/unbound/kitchen.dokken.yml new file mode 100644 index 0000000..46cae69 --- /dev/null +++ b/cookbooks/unbound/kitchen.dokken.yml @@ -0,0 +1,56 @@ +--- +driver: + name: dokken + privileged: true + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + +transport: + name: dokken + +provisioner: + name: dokken + +platforms: + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-stream-8 + driver: + image: dokken/centos-stream-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: fedora-latest + driver: + image: dokken/fedora-latest + pid_one_command: /usr/lib/systemd/systemd + + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-10 + driver: + image: dokken/debian-10 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-11 + driver: + image: dokken/debian-11 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update +... diff --git a/cookbooks/unbound/libraries/helpers.rb b/cookbooks/unbound/libraries/helpers.rb new file mode 100644 index 0000000..bb46228 --- /dev/null +++ b/cookbooks/unbound/libraries/helpers.rb @@ -0,0 +1,59 @@ +# +# Cookbook:: unbound +# Library:: helpers +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module Unbound + module Cookbook + module Helpers + def default_config_dir + return '/etc/unbound' if %i(unbound_config unbound_configure unbound_config_server).include?(declared_type) + + return '/etc/unbound/unbound.conf.d' if platform?('debian', 'ubuntu') + + case declared_type + when :unbound_config_local + '/etc/unbound/local.d' + when :unbound_config_key + '/etc/unbound/keys.d' + else + '/etc/unbound/conf.d' + end + end + + def default_includes_dir + case node['platform_family'] + when 'rhel', 'fedora' + %w(/etc/unbound/conf.d/*.conf /etc/unbound/local.d/*.conf) + when 'debian' + %w(/etc/unbound/unbound.conf.d/*.conf) + else + raise "Unsupported platform family #{node['platform_family']}" + end + end + + def unbound_yes_no?(value) + case value + when true + 'yes' + when false + 'no' + when 'yes', 'YES', 'no', 'NO' + value.downcase + end + end + end + end +end diff --git a/cookbooks/unbound/libraries/template.rb b/cookbooks/unbound/libraries/template.rb new file mode 100644 index 0000000..acc3c62 --- /dev/null +++ b/cookbooks/unbound/libraries/template.rb @@ -0,0 +1,26 @@ +# +# Cookbook:: unbound +# Library:: template +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +module Unbound + module Cookbook + module TemplateHelpers + def template_partial_indent(output, level, spaces = 2) + output.split("\n").each { |l| l.prepend(' ' * (level * spaces)) }.join("\n") + end + end + end +end diff --git a/cookbooks/unbound/metadata.json b/cookbooks/unbound/metadata.json new file mode 100644 index 0000000..560d7e2 --- /dev/null +++ b/cookbooks/unbound/metadata.json @@ -0,0 +1,42 @@ +{ + "name": "unbound", + "description": "Manages unbound DNS resolver", + "long_description": "", + "maintainer": "Sous Chefs", + "maintainer_email": "help@sous-chefs.org", + "license": "Apache-2.0", + "platforms": { + "debian": ">= 0.0.0", + "ubuntu": ">= 0.0.0", + "centos": ">= 0.0.0", + "redhat": ">= 0.0.0", + "scientific": ">= 0.0.0", + "oracle": ">= 0.0.0", + "amazon": ">= 0.0.0" + }, + "dependencies": { + + }, + "providing": { + + }, + "recipes": { + + }, + "version": "3.0.2", + "source_url": "https://github.com/sous-chefs/unbound", + "issues_url": "https://github.com/sous-chefs/unbound/issues", + "privacy": false, + "chef_versions": [ + [ + ">= 16" + ] + ], + "ohai_versions": [ + + ], + "gems": [ + + ], + "eager_load_libraries": true +} diff --git a/cookbooks/unbound/metadata.rb b/cookbooks/unbound/metadata.rb new file mode 100644 index 0000000..7e52ea9 --- /dev/null +++ b/cookbooks/unbound/metadata.rb @@ -0,0 +1,13 @@ +name 'unbound' +maintainer 'Sous Chefs' +maintainer_email 'help@sous-chefs.org' +license 'Apache-2.0' +description 'Manages unbound DNS resolver' +version '3.0.2' +issues_url 'https://github.com/sous-chefs/unbound/issues' +source_url 'https://github.com/sous-chefs/unbound' +chef_version '>= 16' + +%w(debian ubuntu centos redhat scientific oracle amazon).each do |os| + supports os +end diff --git a/cookbooks/unbound/recipes/default.rb b/cookbooks/unbound/recipes/default.rb new file mode 100644 index 0000000..28e20ef --- /dev/null +++ b/cookbooks/unbound/recipes/default.rb @@ -0,0 +1,25 @@ +# +# Cookbook:: unbound +# Recipe:: default +# +# Copyright:: 2011, Joshua Timberman +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +log 'v3_warning' do + message 'Version 3.0.0 of this cookbook removed all configuration actions from the default recipe' + level :warn +end + +unbound_package 'unbound' diff --git a/cookbooks/unbound/renovate.json b/cookbooks/unbound/renovate.json new file mode 100644 index 0000000..39a2b6e --- /dev/null +++ b/cookbooks/unbound/renovate.json @@ -0,0 +1,6 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base" + ] +} diff --git a/cookbooks/unbound/resources/config_authority_zone.rb b/cookbooks/unbound/resources/config_authority_zone.rb new file mode 100644 index 0000000..6ea9626 --- /dev/null +++ b/cookbooks/unbound/resources/config_authority_zone.rb @@ -0,0 +1,93 @@ +# +# Cookbook:: unbound +# Resource:: config_authority_zone +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +provides :unbound_config_auth_zone + +use 'partials/_config_file' + +property :config_file, String, + default: lazy { "#{config_dir}/authority-zone-#{name}.conf" }, + desired_state: false, + description: 'Set to override unbound configuration file.' + +property :zone_name, String, + default: lazy { name } + +property :primary, [String, Array], + coerce: proc { |p| Array(p) } + +property :master, [String, Array], + coerce: proc { |p| Array(p) } + +property :url, [String, Array], + coerce: proc { |p| Array(p) } + +property :allow_notify, [String, Array], + coerce: proc { |p| Array(p) } + +property :fallback_enabled, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :for_downstream, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :for_upstream, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :zonemd_check, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :zonemd_reject_absence, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :zonefile, String + +load_current_value do |new_resource| + current_value_does_not_exist! unless ::File.exist?(new_resource.config_file) + + if ::File.exist?(new_resource.config_file) + owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name + group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name + mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1] + end +end + +action_class do + def do_template_action + zone_config = { + 'name' => new_resource.zone_name, + 'primary' => new_resource.primary.dup, + 'master' => new_resource.master.dup, + 'url' => new_resource.url.dup, + 'allow-notify' => new_resource.allow_notify.dup, + 'fallback-enabled' => new_resource.fallback_enabled, + 'for-downstream' => new_resource.for_downstream, + 'for-upstream' => new_resource.for_upstream, + 'zonemd-check' => new_resource.zonemd_check, + 'zonemd-reject-absence' => new_resource.zonemd_reject_absence, + 'zonefile' => new_resource.zonefile, + }.compact + + config = { + 'auth-zone' => zone_config, + } + + perform_config_action(config) + end +end diff --git a/cookbooks/unbound/resources/config_cachedb.rb b/cookbooks/unbound/resources/config_cachedb.rb new file mode 100644 index 0000000..1c415b7 --- /dev/null +++ b/cookbooks/unbound/resources/config_cachedb.rb @@ -0,0 +1,67 @@ +# +# Cookbook:: unbound +# Resource:: config_cachedb +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +use 'partials/_config_file' + +property :config_file, String, + default: lazy { "#{config_dir}/cachedb.conf" }, + desired_state: false, + description: 'Set to override unbound configuration file.' + +property :backend, String + +property :secret_seed, String + +property :redis_server_host, String + +property :redis_server_port, Integer + +property :redis_timeout, Integer + +property :redis_expire_records, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +load_current_value do |new_resource| + current_value_does_not_exist! unless ::File.exist?(new_resource.config_file) + + if ::File.exist?(new_resource.config_file) + owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name + group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name + mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1] + end +end + +action_class do + def do_template_action + cachedb_config = { + 'backend' => new_resource.backend, + 'secret-seed' => new_resource.secret_seed, + 'redis-server-host' => new_resource.redis_server_host, + 'redis-server-port' => new_resource.redis_server_port, + 'redis-timeout' => new_resource.redis_timeout, + 'redis-expire-records' => new_resource.redis_expire_records, + }.compact + + config = { + 'cachedb' => cachedb_config, + } + + perform_config_action(config) + end +end diff --git a/cookbooks/unbound/resources/config_dns64.rb b/cookbooks/unbound/resources/config_dns64.rb new file mode 100644 index 0000000..4c4a9e5 --- /dev/null +++ b/cookbooks/unbound/resources/config_dns64.rb @@ -0,0 +1,58 @@ +# +# Cookbook:: unbound +# Resource:: config_dns64 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +use 'partials/_config_file' + +property :config_file, String, + default: lazy { "#{config_dir}/dns64.conf" }, + desired_state: false, + description: 'Set to override unbound configuration file.' + +property :dns64_prefix, String + +property :dns64_synthall, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :dns64_ignore_aaaa, String + +load_current_value do |new_resource| + current_value_does_not_exist! unless ::File.exist?(new_resource.config_file) + + if ::File.exist?(new_resource.config_file) + owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name + group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name + mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1] + end +end + +action_class do + def do_template_action + dns64_config = { + 'dns64-prefix' => new_resource.dns64_prefix, + 'dns64-synthall' => new_resource.dns64_synthall, + 'dns64-ignore-aaaa' => new_resource.dns64_ignore_aaaa, + }.compact + + config = { + 'server' => dns64_config, + } + + perform_config_action(config) + end +end diff --git a/cookbooks/unbound/resources/config_dnscrypt.rb b/cookbooks/unbound/resources/config_dnscrypt.rb new file mode 100644 index 0000000..f6ebff8 --- /dev/null +++ b/cookbooks/unbound/resources/config_dnscrypt.rb @@ -0,0 +1,80 @@ +# +# Cookbook:: unbound +# Resource:: config_dnscrypt +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +use 'partials/_config_file' + +property :config_file, String, + default: lazy { "#{config_dir}/dnscrypt.conf" }, + desired_state: false, + description: 'Set to override unbound configuration file.' + +property :dnscrypt_enable, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :dnscrypt_port, Integer + +property :dnscrypt_provider, [String, Array], + coerce: proc { |p| Array(p) } + +property :dnscrypt_secret_key, String + +property :dnscrypt_provider_cert, String + +property :dnscrypt_provider_cert_rotated, String + +property :dnscrypt_shared_secret_cache_size, String + +property :dnscrypt_shared_secret_cache_slabs, Integer + +property :dnscrypt_nonce_cache_size, String + +property :dnscrypt_nonce_cache_slabs, Integer + +load_current_value do |new_resource| + current_value_does_not_exist! unless ::File.exist?(new_resource.config_file) + + if ::File.exist?(new_resource.config_file) + owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name + group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name + mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1] + end +end + +action_class do + def do_template_action + dnscrypt_config = { + 'dnscrypt-enable' => new_resource.dnscrypt_enable, + 'dnscrypt-port' => new_resource.dnscrypt_port, + 'dnscrypt-provider' => new_resource.dnscrypt_provider.dup, + 'dnscrypt-secret-key' => new_resource.dnscrypt_secret_key, + 'dnscrypt-provider-cert' => new_resource.dnscrypt_provider_cert, + 'dnscrypt-provider-cert-rotated' => new_resource.dnscrypt_provider_cert_rotated, + 'dnscrypt-shared-secret-cache-size' => new_resource.dnscrypt_shared_secret_cache_size, + 'dnscrypt-shared-secret-cache-slabs' => new_resource.dnscrypt_shared_secret_cache_slabs, + 'dnscrypt-nonce-cache-size' => new_resource.dnscrypt_nonce_cache_size, + 'dnscrypt-nonce-cache-slabs' => new_resource.dnscrypt_nonce_cache_slabs, + }.compact + + config = { + 'dnscrypt' => dnscrypt_config, + } + + perform_config_action(config) + end +end diff --git a/cookbooks/unbound/resources/config_dnstap.rb b/cookbooks/unbound/resources/config_dnstap.rb new file mode 100644 index 0000000..60c2d0f --- /dev/null +++ b/cookbooks/unbound/resources/config_dnstap.rb @@ -0,0 +1,116 @@ +# +# Cookbook:: unbound +# Resource:: config_dnstap +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +use 'partials/_config_file' + +property :config_file, String, + default: lazy { "#{config_dir}/dnstap.conf" }, + desired_state: false, + description: 'Set to override unbound configuration file.' + +property :dnstap_enable, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :dnstap_bidirectional, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :dnstap_socket_path, String + +property :dnstap_ip, String + +property :dnstap_tls, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :dnstap_tls_server_name, String + +property :dnstap_tls_cert_bundle, String + +property :dnstap_tls_client_key_file, String + +property :dnstap_tls_client_cert_file, String + +property :dnstap_send_identity, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :dnstap_send_version, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :dnstap_identity, String + +property :dnstap_version, String + +property :dnstap_log_resolver_query_messages, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :dnstap_log_resolver_response_messages, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :dnstap_log_client_query_messages, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :dnstap_log_client_response_messages, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :dnstap_log_forwarder_query_messages, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :dnstap_log_forwarder_response_messages, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +load_current_value do |new_resource| + current_value_does_not_exist! unless ::File.exist?(new_resource.config_file) + + if ::File.exist?(new_resource.config_file) + owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name + group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name + mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1] + end +end + +action_class do + def do_template_action + zone_config = { + 'dnstap-enable' => new_resource.dnstap_enable, + 'dnstap-bidirectional' => new_resource.dnstap_bidirectional, + 'dnstap-socket-path' => new_resource.dnstap_socket_path, + 'dnstap-ip' => new_resource.dnstap_ip, + 'dnstap-tls' => new_resource.dnstap_tls, + 'dnstap-tls-server-name' => new_resource.dnstap_tls_server_name, + 'dnstap-tls-cert-bundle' => new_resource.dnstap_tls_cert_bundle, + 'dnstap-tls-client-key-file' => new_resource.dnstap_tls_client_key_file, + 'dnstap-tls-client-cert-file' => new_resource.dnstap_tls_client_cert_file, + 'dnstap-send-identity' => new_resource.dnstap_send_identity, + 'dnstap-send-version' => new_resource.dnstap_send_version, + 'dnstap-identity' => new_resource.dnstap_identity, + 'dnstap-version' => new_resource.dnstap_version, + 'dnstap-log-resolver-query-messages' => new_resource.dnstap_log_resolver_query_messages, + 'dnstap-log-resolver-response-messages' => new_resource.dnstap_log_resolver_response_messages, + 'dnstap-log-client-query-messages' => new_resource.dnstap_log_client_query_messages, + 'dnstap-log-client-response-messages' => new_resource.dnstap_log_client_response_messages, + 'dnstap-log-forwarder-query-messages' => new_resource.dnstap_log_forwarder_query_messages, + 'dnstap-log-forwarder-response-messages' => new_resource.dnstap_log_forwarder_response_messages, + }.compact + + config = { + 'dnstap' => zone_config, + } + + perform_config_action(config) + end +end diff --git a/cookbooks/unbound/resources/config_dynamic_library.rb b/cookbooks/unbound/resources/config_dynamic_library.rb new file mode 100644 index 0000000..8500454 --- /dev/null +++ b/cookbooks/unbound/resources/config_dynamic_library.rb @@ -0,0 +1,48 @@ +# +# Cookbook:: unbound +# Resource:: config_dynamic_library +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +use 'partials/_config_file' + +property :config_file, String, + default: lazy { "#{config_dir}/dyn-lib-#{name}.conf" }, + desired_state: false, + description: 'Set to override unbound configuration file.' + +property :dynlib_file, [String, Array], + coerce: proc { |p| Array(p) } + +load_current_value do |new_resource| + current_value_does_not_exist! unless ::File.exist?(new_resource.config_file) + + if ::File.exist?(new_resource.config_file) + owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name + group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name + mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1] + end +end + +action_class do + def do_template_action + config = { + 'dynlib-file' => new_resource.dynlib_file.dup, + } + + perform_config_action(config) + end +end diff --git a/cookbooks/unbound/resources/config_forward_zone.rb b/cookbooks/unbound/resources/config_forward_zone.rb new file mode 100644 index 0000000..05d9eb7 --- /dev/null +++ b/cookbooks/unbound/resources/config_forward_zone.rb @@ -0,0 +1,80 @@ +# +# Cookbook:: unbound +# Resource:: config_forward_zone +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +use 'partials/_config_file' + +property :config_file, String, + default: lazy { "#{config_dir}/forward-zone-#{name}.conf" }, + desired_state: false, + description: 'Set to override unbound configuration file.' + +property :zone_name, String, + default: lazy { name } + +property :forward_host, [String, Array], + coerce: proc { |p| Array(p) } + +property :forward_addr, [String, Array], + coerce: proc { |p| Array(p) } + +property :forward_first, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :forward_tls_upstream, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :forward_ssl_upstream, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :forward_tcp_upstream, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :forward_no_cache, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +load_current_value do |new_resource| + current_value_does_not_exist! unless ::File.exist?(new_resource.config_file) + + if ::File.exist?(new_resource.config_file) + owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name + group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name + mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1] + end +end + +action_class do + def do_template_action + zone_config = { + 'name' => new_resource.zone_name, + 'forward-host' => new_resource.forward_host.dup, + 'forward-addr' => new_resource.forward_addr.dup, + 'forward-first' => new_resource.forward_first, + 'forward-tls-upstream' => new_resource.forward_tls_upstream, + 'forward-ssl-upstream' => new_resource.forward_ssl_upstream, + 'forward-tcp-upstream' => new_resource.forward_tcp_upstream, + 'forward-no-cache' => new_resource.forward_no_cache, + }.compact + + config = { + 'forward-zone' => zone_config, + } + + perform_config_action(config) + end +end diff --git a/cookbooks/unbound/resources/config_python_script.rb b/cookbooks/unbound/resources/config_python_script.rb new file mode 100644 index 0000000..d9a5923 --- /dev/null +++ b/cookbooks/unbound/resources/config_python_script.rb @@ -0,0 +1,53 @@ +# +# Cookbook:: unbound +# Resource:: config_python_script +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +use 'partials/_config_file' + +property :config_file, String, + default: lazy { "#{config_dir}/python-script-#{name}.conf" }, + desired_state: false, + description: 'Set to override unbound configuration file.' + +property :python_script, [String, Array], + coerce: proc { |p| Array(p) }, + required: true + +load_current_value do |new_resource| + current_value_does_not_exist! unless ::File.exist?(new_resource.config_file) + + if ::File.exist?(new_resource.config_file) + owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name + group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name + mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1] + end +end + +action_class do + def do_template_action + declare_resource(:package, 'python3-unbound') + + config = { + 'python' => { + 'python-script' => new_resource.python_script.dup, + }, + } + + perform_config_action(config) + end +end diff --git a/cookbooks/unbound/resources/config_remote_control.rb b/cookbooks/unbound/resources/config_remote_control.rb new file mode 100644 index 0000000..6042ef6 --- /dev/null +++ b/cookbooks/unbound/resources/config_remote_control.rb @@ -0,0 +1,77 @@ +# +# Cookbook:: unbound +# Resource:: config_remote_control +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +use 'partials/_config_file' + +property :config_file, String, + default: lazy { "#{config_dir}/remote-control.conf" }, + desired_state: false, + description: 'Set to override unbound configuration file.' + +property :control_enable, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :control_interface, [String, Array], + coerce: proc { |p| Array(p) } + +property :control_port, Integer + +property :control_use_cert, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :control_key_file, String + +property :control_cert_file, String + +property :server, String + +property :server_key_file, String + +property :server_cert_file, String + +load_current_value do |new_resource| + current_value_does_not_exist! unless ::File.exist?(new_resource.config_file) + + if ::File.exist?(new_resource.config_file) + owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name + group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name + mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1] + end +end + +action_class do + def do_template_action + remote_control = { + 'control-enable' => new_resource.control_enable, + 'control-interface' => new_resource.control_interface.dup, + 'control-port' => new_resource.control_port, + 'control-use-cert' => new_resource.control_use_cert, + 'control-key-file' => new_resource.control_key_file, + 'control-cert-file' => new_resource.control_cert_file, + 'server-key-file' => new_resource.server_key_file, + 'server-cert-file' => new_resource.server_cert_file, + }.compact + + config = { + 'remote-control' => remote_control, + } + + perform_config_action(config) + end +end diff --git a/cookbooks/unbound/resources/config_rpz_zone.rb b/cookbooks/unbound/resources/config_rpz_zone.rb new file mode 100644 index 0000000..2e8292a --- /dev/null +++ b/cookbooks/unbound/resources/config_rpz_zone.rb @@ -0,0 +1,98 @@ +# +# Cookbook:: unbound +# Resource:: config_rpz_zone +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +use 'partials/_config_file' + +property :config_file, String, + default: lazy { "#{config_dir}/rpz-zone-#{name}.conf" }, + desired_state: false, + description: 'Set to override unbound configuration file.' + +property :zone_name, String, + default: lazy { name } + +property :primary, [String, Array], + coerce: proc { |p| Array(p) } + +property :master, [String, Array], + coerce: proc { |p| Array(p) } + +property :url, [String, Array], + coerce: proc { |p| Array(p) } + +property :allow_notify, [String, Array], + coerce: proc { |p| Array(p) } + +property :zonefile, String + +property :rpz_action_override, [String, Symbol], + equal_to: %w(nxdomain nodata passthru drop disabled cname), + coerce: proc { |p| p.to_s } + +property :rpz_cname_override, String + +property :rpz_log, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :rpz_log_name, String + +property :rpz_signal_nxdomain_ra, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :for_downstream, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :tags, [String, Array], + coerce: proc { |p| "\"#{p.to_a.join(' ')} \"" } + +load_current_value do |new_resource| + current_value_does_not_exist! unless ::File.exist?(new_resource.config_file) + + if ::File.exist?(new_resource.config_file) + owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name + group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name + mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1] + end +end + +action_class do + def do_template_action + zone_config = { + 'name' => new_resource.zone_name, + 'primary' => new_resource.primary.dup, + 'master' => new_resource.master.dup, + 'url' => new_resource.url.dup, + 'allow-notify' => new_resource.allow_notify.dup, + 'zonefile' => new_resource.zonefile, + 'rpz-action-override' => new_resource.rpz_action_override, + 'rpz-cname-override' => new_resource.rpz_cname_override, + 'rpz-log' => new_resource.rpz_log, + 'rpz-log-name' => new_resource.rpz_log_name, + 'rpz-signal-nxfomain-ra' => new_resource.rpz_signal_nxdomain_ra, + 'for-downstream' => new_resource.for_downstream, + 'tags' => new_resource.tags.dup, + }.compact + + config = { + 'rpz' => zone_config, + } + + perform_config_action(config) + end +end diff --git a/cookbooks/unbound/resources/config_server.rb b/cookbooks/unbound/resources/config_server.rb new file mode 100644 index 0000000..0e58d7e --- /dev/null +++ b/cookbooks/unbound/resources/config_server.rb @@ -0,0 +1,58 @@ +# +# Cookbook:: unbound +# Resource:: config_server +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +provides :unbound_config_server +provides :unbound_configure +provides :unbound_config + +use 'partials/_config_file' + +property :config_file, String, + default: lazy { "#{config_dir}/unbound.conf" }, + desired_state: false, + description: 'Set to override unbound configuration file.' + +property :include, [String, Array], + default: lazy { default_includes_dir }, + coerce: proc { |p| Array(p) } + +property :server, Hash, + default: {}, + description: 'Server configuration as a Hash' + +load_current_value do |new_resource| + current_value_does_not_exist! unless ::File.exist?(new_resource.config_file) + + if ::File.exist?(new_resource.config_file) + owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name + group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name + mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1] + end +end + +action_class do + def do_template_action + config = { + 'include' => new_resource.include.dup, + 'server' => new_resource.server.dup, + }.compact + + perform_config_action(config) + end +end diff --git a/cookbooks/unbound/resources/config_stub_zone.rb b/cookbooks/unbound/resources/config_stub_zone.rb new file mode 100644 index 0000000..2a74fa5 --- /dev/null +++ b/cookbooks/unbound/resources/config_stub_zone.rb @@ -0,0 +1,84 @@ +# +# Cookbook:: unbound +# Resource:: config_stub_zone +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +use 'partials/_config_file' + +property :config_file, String, + default: lazy { "#{config_dir}/stub-zone-#{name}.conf" }, + desired_state: false, + description: 'Set to override unbound configuration file.' + +property :zone_name, String, + default: lazy { name } + +property :stub_host, [String, Array], + coerce: proc { |p| Array(p) } + +property :stub_addr, [String, Array], + coerce: proc { |p| Array(p) } + +property :stub_prime, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :stub_first, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :stub_tls_upstream, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :stub_ssl_upstream, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :stub_tcp_upstream, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +property :stub_no_cache, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +load_current_value do |new_resource| + current_value_does_not_exist! unless ::File.exist?(new_resource.config_file) + + if ::File.exist?(new_resource.config_file) + owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name + group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name + mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1] + end +end + +action_class do + def do_template_action + zone_config = { + 'name' => new_resource.zone_name, + 'stub-host' => new_resource.stub_host.dup, + 'stub-addr' => new_resource.stub_addr.dup, + 'stub-prime' => new_resource.stub_prime, + 'stub-first' => new_resource.stub_first, + 'stub-tls-upstream' => new_resource.stub_tls_upstream, + 'stub-ssl-upstream' => new_resource.stub_ssl_upstream, + 'stub-tcp-upstream' => new_resource.stub_tcp_upstream, + 'stub-no-cache' => new_resource.stub_no_cache, + }.compact + + config = { + 'stub-zone' => zone_config, + } + + perform_config_action(config) + end +end diff --git a/cookbooks/unbound/resources/config_view.rb b/cookbooks/unbound/resources/config_view.rb new file mode 100644 index 0000000..67f602b --- /dev/null +++ b/cookbooks/unbound/resources/config_view.rb @@ -0,0 +1,68 @@ +# +# Cookbook:: unbound +# Resource:: config_view +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +use 'partials/_config_file' + +property :config_file, String, + default: lazy { "#{config_dir}/view-#{name}.conf" }, + desired_state: false, + description: 'Set to override unbound configuration file.' + +property :zone_name, String, + default: lazy { name } + +property :local_zone, [String, Array], + coerce: proc { |p| Array(p) } + +property :local_data, [String, Array], + coerce: proc { |p| Array(p) } + +property :local_data_ptr, [String, Array], + coerce: proc { |p| Array(p) } + +property :view_first, [String, true, false], + coerce: proc { |p| unbound_yes_no?(p) } + +load_current_value do |new_resource| + current_value_does_not_exist! unless ::File.exist?(new_resource.config_file) + + if ::File.exist?(new_resource.config_file) + owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name + group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name + mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1] + end +end + +action_class do + def do_template_action + zone_config = { + 'name' => new_resource.zone_name, + 'local-zone' => new_resource.local_zone.dup, + 'local-data' => new_resource.local_data.dup, + 'local-data-ptr' => new_resource.local_data_ptr.dup, + 'view-first' => new_resource.view_first, + }.compact + + config = { + 'view' => zone_config, + } + + perform_config_action(config) + end +end diff --git a/cookbooks/unbound/resources/package.rb b/cookbooks/unbound/resources/package.rb new file mode 100644 index 0000000..faff561 --- /dev/null +++ b/cookbooks/unbound/resources/package.rb @@ -0,0 +1,36 @@ +# +# Cookbook:: unbound +# Resource:: package +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +provides :unbound_install + +property :packages, [String, Array], + coerce: proc { |p| p.is_a?(Array) ? p : [ p ] }, + default: %w(unbound), + description: 'Unbound packages to install.' + +action_class do + def do_package_action(action) + package 'unbound' do + package_name new_resource.packages + action action + end + end +end + +%i(install upgrade remove).each { |pkg_action| action(pkg_action) { do_package_action(action) } } diff --git a/cookbooks/unbound/resources/partials/_config_file.rb b/cookbooks/unbound/resources/partials/_config_file.rb new file mode 100644 index 0000000..eae83b2 --- /dev/null +++ b/cookbooks/unbound/resources/partials/_config_file.rb @@ -0,0 +1,122 @@ +# +# Cookbook:: unbound +# Resource:: _config_file +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +include Unbound::Cookbook::Helpers + +property :owner, String, + default: 'root', + description: 'Set to override config file owner. Defaults to root.' + +property :group, String, + default: 'unbound', + description: 'Set to override config file group. Defaults to unbound.' + +property :mode, String, + default: '0640', + description: 'Set to override config file mode. Defaults to 0640.' + +property :directory_mode, String, + default: '0750', + description: 'Set to override config directory mode. Defaults to 0750.' + +property :config_dir, String, + default: lazy { default_config_dir }, + desired_state: false, + description: 'Set to override unbound configuration directory.' + +property :config_file, String, + default: lazy { "#{config_dir}/#{name}.conf" }, + desired_state: false, + description: 'Set to override unbound configuration file.' + +property :cookbook, String, + default: 'unbound', + desired_state: false, + description: 'Template source cookbook for the unbound configuration file.' + +property :template, String, + default: 'unbound.conf.erb', + desired_state: false, + description: 'Template source file for the unbound configuration file.' + +property :sensitive, [true, false], + desired_state: false, + description: 'Ensure that sensitive resource data is not output by Chef Infra Client.' + +property :sort, [true, false], + default: true + +property :template_properties, Hash, + default: {} + +property :extra_options, Hash, + default: {} + +action_class do + def deepsort? + return if defined?(DeepSort) + + begin + Gem::Specification.find_by_name('deepsort') + rescue Gem::MissingSpecError + declare_resource(:chef_gem, 'deepsort') + end + + require 'deepsort' + + true + end + + def perform_config_action(config) + directory new_resource.config_dir do + owner new_resource.owner + group new_resource.group + mode new_resource.directory_mode + + recursive true + + action new_resource.action.eql?(:delete) ? :delete : :create + end + + config.merge!(new_resource.extra_options.dup) unless new_resource.extra_options.empty? + + if new_resource.sort + deepsort? + config.deep_sort! + end + + template new_resource.config_file do + cookbook new_resource.cookbook + source new_resource.template + + owner new_resource.owner + group new_resource.group + mode new_resource.mode + sensitive new_resource.sensitive + + helpers(Unbound::Cookbook::TemplateHelpers) + + variables(content: config) + + action new_resource.action + end + end +end + +%i(create create_if_missing delete).each { |action_type| action(action_type) { do_template_action } } diff --git a/cookbooks/unbound/resources/service.rb b/cookbooks/unbound/resources/service.rb new file mode 100644 index 0000000..3797275 --- /dev/null +++ b/cookbooks/unbound/resources/service.rb @@ -0,0 +1,69 @@ +# +# Cookbook:: unbound +# Resource:: service +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +unified_mode true + +property :service_name, String, + default: 'unbound', + description: 'The service name to perform actions upon' + +property :config_test, [true, false], + default: true, + description: 'Perform configuration file test before performing service action' + +property :config_test_fail_action, Symbol, + equal_to: %i(raise log), + default: :raise, + description: 'Action to perform upon configuration test failure.' + +action_class do + def perform_config_test + cmd = shell_out('/usr/sbin/unbound-checkconf') + cmd.error! + rescue Mixlib::ShellOut::ShellCommandFailed + if new_resource.config_test_fail_action.eql?(:log) + Chef::Log.error("Configuration test failed, #{new_resource.service_name} #{action} action aborted!\n\n"\ + "Error\n-----\n#{cmd.stderr}") + else + raise "Configuration test failed, #{new_resource.service_name} #{action} action aborted!\n\n"\ + "Error\n-----\nAction: #{action}\n#{cmd.stderr}" + end + end + + def do_service_action(service_action) + with_run_context(:root) do + if %i(start restart reload).include?(service_action) + if new_resource.config_test + perform_config_test + Chef::Log.info("Configuration test passed, creating #{new_resource.service_name} #{new_resource.declared_type} resource with action #{service_action}") + else + Chef::Log.info("Configuration test disabled, creating #{new_resource.service_name} #{new_resource.declared_type} resource with action #{service_action}") + end + + declare_resource(:service, new_resource.service_name) { delayed_action(service_action) } + else + declare_resource(:service, new_resource.service_name) { action(service_action) } + end + end + end +end + +%i(start stop restart reload enable disable).each { |action_type| action(action_type) { do_service_action(action_type) } } + +action :test do + converge_by('Performing configuration test') { perform_config_test } +end diff --git a/cookbooks/unbound/templates/default/partials/_generic_config.erb b/cookbooks/unbound/templates/default/partials/_generic_config.erb new file mode 100644 index 0000000..9cb367f --- /dev/null +++ b/cookbooks/unbound/templates/default/partials/_generic_config.erb @@ -0,0 +1,22 @@ +<% unless @content.nil? -%> +<% @content.each do |key, value| %> +<% case value %> +<% when nil %> +<%= key %> +<% when String, Numeric %> +<%= key %><% if @separator %><%= @separator %><% end %> <%= value %> +<% when Array %> +<% value.each do |val| %> +<% if val.is_a?(Hash) %> +<%= key %><% if @separator %><%= @separator %><% end %> +<%= template_partial_indent(render('partials/_generic_config.erb', cookbook: 'unbound', variables: { content: val, separator: ':' }), 1, 2) %> +<% else %> +<%= key %><% if @separator %><%= @separator %><% end %> <%= val %> +<% end %> +<% end %> +<% when Hash %> +<%= key %><% if @separator %><%= @separator %><% end %> +<%= template_partial_indent(render('partials/_generic_config.erb', cookbook: 'unbound', variables: { content: value, separator: ':' }), 1, 2) %> +<% end %> +<% end %> +<% end %> diff --git a/cookbooks/unbound/templates/default/unbound.conf.erb b/cookbooks/unbound/templates/default/unbound.conf.erb new file mode 100644 index 0000000..763be29 --- /dev/null +++ b/cookbooks/unbound/templates/default/unbound.conf.erb @@ -0,0 +1,5 @@ +# +# Generated by Chef Infra for <%= node['fqdn'] %> +# Do NOT modify this file by hand, any changes will be overwritten. + +<%= render('partials/_generic_config.erb', cookbook: 'unbound', variables: { content: @content, separator: ':' }) %> diff --git a/nodes/mail.kosmos.org.json b/nodes/mail.kosmos.org.json index 0e7f7b0..2e384ef 100644 --- a/nodes/mail.kosmos.org.json +++ b/nodes/mail.kosmos.org.json @@ -36,7 +36,9 @@ "kosmos-postfix::default", "hostname::default", "kosmos-base::letsencrypt", + "unbound::default", "kosmos_email::opendkim", + "kosmos_email::spamassassin", "kosmos_email::postfix", "postfix::server", "postfix::default", diff --git a/site-cookbooks/kosmos_email/attributes/default.rb b/site-cookbooks/kosmos_email/attributes/default.rb index dd60bc8..0276203 100644 --- a/site-cookbooks/kosmos_email/attributes/default.rb +++ b/site-cookbooks/kosmos_email/attributes/default.rb @@ -1,4 +1,3 @@ node.default["email"]["domain"] = "example.com" node.default["email"]["hostname"] = "mail.example.com" -# node.default["email"]["user"] = "ray" -# node.default["email"]["group"] = "email" +node.default["email"]["report_contact"] = "abuse@example.com" diff --git a/site-cookbooks/kosmos_email/metadata.rb b/site-cookbooks/kosmos_email/metadata.rb index cc689c3..71cf8ef 100644 --- a/site-cookbooks/kosmos_email/metadata.rb +++ b/site-cookbooks/kosmos_email/metadata.rb @@ -7,4 +7,5 @@ version '0.1.0' chef_version '>= 18.0' depends "hostname" +depends "unbound" depends "postfix" diff --git a/site-cookbooks/kosmos_email/recipes/default.rb b/site-cookbooks/kosmos_email/recipes/default.rb index d775dfa..96eced0 100644 --- a/site-cookbooks/kosmos_email/recipes/default.rb +++ b/site-cookbooks/kosmos_email/recipes/default.rb @@ -21,6 +21,8 @@ firewall_rule "private network access" do source "10.1.1.0/24" end +include_recipe 'unbound' include_recipe 'kosmos_email::opendkim' +include_recipe 'kosmos_email::spamassassin' include_recipe 'kosmos_email::postfix' include_recipe 'kosmos_email::dovecot' diff --git a/site-cookbooks/kosmos_email/recipes/postfix.rb b/site-cookbooks/kosmos_email/recipes/postfix.rb index 1e9475c..69b7b57 100644 --- a/site-cookbooks/kosmos_email/recipes/postfix.rb +++ b/site-cookbooks/kosmos_email/recipes/postfix.rb @@ -36,9 +36,10 @@ node.normal['postfix']['main']['virtual_transport'] = "lmtp:unix:private/dovecot node.normal['postfix']['main']['smtputf8_enable'] = "no" node.normal['postfix']['main']['recipient_delimiter'] = "+" node.normal['postfix']['main']['alias_maps'] = "hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf" -node.normal['postfix']['main']['milter_protocol'] = "2" +node.normal['postfix']['main']['smtpd_sender_login_maps'] = "ldap:/etc/postfix/ldap-username-aliases.cf" +node.normal['postfix']['main']['milter_protocol'] = "6" node.normal['postfix']['main']['milter_default_action'] = "accept" -node.normal['postfix']['main']['smtpd_milters'] = "inet:localhost:12301" +node.normal['postfix']['main']['smtpd_milters'] = "inet:localhost:12301 local:spamass/spamass.sock" node.normal['postfix']['main']['non_smtpd_milters'] = "inet:localhost:12301" node.normal['postfix']['master'] = { diff --git a/site-cookbooks/kosmos_email/recipes/spamassassin.rb b/site-cookbooks/kosmos_email/recipes/spamassassin.rb new file mode 100644 index 0000000..3971c62 --- /dev/null +++ b/site-cookbooks/kosmos_email/recipes/spamassassin.rb @@ -0,0 +1,34 @@ +# +# Cookbook:: kosmos_email +# Recipe:: spamassassin +# + +%w[ + spamassassin + spamc + spamass-milter +].each do |pkg| + apt_package pkg +end + +domain = node["email"]["domain"] +report_contact = node["email"]["report_contact"] + +template "/etc/default/spamassassin" do + source "spamassassin_default.erb" + mode 0644 + variables options: "-u debian-spamd --nouser-config --max-children 10" + notifies :restart, "service[spamassassin]", :delayed +end + +template "/etc/spamassassin/local.cf" do + source "spamassassin_local.cf.erb" + mode 0644 + variables whitelist_auth: "*@#{domain}", + report_contact: report_contact + notifies :restart, "service[spamassassin]", :delayed +end + +service "spamassassin" do + action [:enable, :start] +end diff --git a/site-cookbooks/kosmos_email/templates/spamass-milter.erb b/site-cookbooks/kosmos_email/templates/spamass-milter.erb new file mode 100644 index 0000000..8922fb5 --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/spamass-milter.erb @@ -0,0 +1,28 @@ +# spamass-milt startup defaults + +# OPTIONS are passed directly to spamass-milter. +# man spamass-milter for details + +# Non-standard configuration notes: +# See README.Debian if you use the -x option with sendmail +# You should not pass the -d option in OPTIONS; use SOCKET for that. + +# Default, use the spamass-milter user as the default user, ignore +# messages from localhost +OPTIONS="-u spamass-milter -i 127.0.0.1" + +# Reject emails with spamassassin scores > 15. +#OPTIONS="${OPTIONS} -r 15" + +# Do not modify Subject:, Content-Type: or body. +#OPTIONS="${OPTIONS} -m" + +###################################### +# If /usr/sbin/postfix is executable, the following are set by +# default. You can override them by uncommenting and changing them +# here. +###################################### +# SOCKET="/var/spool/postfix/spamass/spamass.sock" +# SOCKETOWNER="postfix:postfix" +# SOCKETMODE="0660" +###################################### diff --git a/site-cookbooks/kosmos_email/templates/spamassassin_default.erb b/site-cookbooks/kosmos_email/templates/spamassassin_default.erb new file mode 100644 index 0000000..624688a --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/spamassassin_default.erb @@ -0,0 +1,33 @@ +# /etc/default/spamassassin +# Duncan Findlay + +# WARNING: please read README.spamd before using. +# There may be security risks. + +# Prior to version 3.4.2-1, spamd could be enabled by setting +# ENABLED=1 in this file. This is no longer supported. Instead, please +# use the update-rc.d command, invoked for example as "update-rc.d +# spamassassin enable", to enable the spamd service. + +# Options +# See man spamd for possible options. The -d option is automatically added. + +# SpamAssassin uses a preforking model, so be careful! You need to +# make sure --max-children is not set to anything higher than 5, +# unless you know what you're doing. + +OPTIONS="<%= @options %>" + +# Pid file +# Where should spamd write its PID to file? If you use the -u or +# --username option above, this needs to be writable by that user. +# Otherwise, the init script will not be able to shut spamd down. +PIDFILE="/var/run/spamd.pid" + +# Set nice level of spamd +#NICE="--nicelevel 15" + +# Cronjob +# Set to anything but 0 to enable the cron job to automatically update +# spamassassin's rules on a nightly basis +CRON=0 diff --git a/site-cookbooks/kosmos_email/templates/spamassassin_local.cf.erb b/site-cookbooks/kosmos_email/templates/spamassassin_local.cf.erb new file mode 100644 index 0000000..c196054 --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/spamassassin_local.cf.erb @@ -0,0 +1,119 @@ +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# Only a small subset of options are listed below +# +########################################################################### + +dns_available yes +dns_server 127.0.0.1 + +whitelist_auth <%= @whitelist_auth %> + +# A 'contact address' users should contact for more info. (replaces +# _CONTACTADDRESS_ in the report template) +report_contact <%= @report_contact %> + + +# Add *****SPAM***** to the Subject header of spam e-mails +# +# rewrite_header Subject *****SPAM***** + + +# Save spam messages as a message/rfc822 MIME attachment instead of +# modifying the original message (0: off, 2: use text/plain instead) +# +# report_safe 1 + + +# Set which networks or hosts are considered 'trusted' by your mail +# server (i.e. not spammers) +# +# trusted_networks 212.17.35. + + +# Set file-locking method (flock is not safe over NFS, but is faster) +# +# lock_method flock + + +# Set the threshold at which a message is considered spam (default: 5.0) +# +# required_score 5.0 + + +# Use Bayesian classifier (default: 1) +# +# use_bayes 1 + + +# Bayesian classifier auto-learning (default: 1) +# +# bayes_auto_learn 1 + + +# Set headers which may provide inappropriate cues to the Bayesian +# classifier +# +# bayes_ignore_header X-Bogosity +# bayes_ignore_header X-Spam-Flag +# bayes_ignore_header X-Spam-Status + + +# Whether to decode non- UTF-8 and non-ASCII textual parts and recode +# them to UTF-8 before the text is given over to rules processing. +# +# normalize_charset 1 + +# Textual body scan limit (default: 50000) +# +# Amount of data per email text/* mimepart, that will be run through body +# rules. This enables safer and faster scanning of large messages, +# perhaps having very large textual attachments. There should be no need +# to change this well tested default. +# +# body_part_scan_size 50000 + +# Textual rawbody data scan limit (default: 500000) +# +# Amount of data per email text/* mimepart, that will be run through +# rawbody rules. +# +# rawbody_part_scan_size 500000 + +# Some shortcircuiting, if the plugin is enabled +# +ifplugin Mail::SpamAssassin::Plugin::Shortcircuit +# +# default: strongly-whitelisted mails are *really* whitelisted now, if the +# shortcircuiting plugin is active, causing early exit to save CPU load. +# Uncomment to turn this on +# +# SpamAssassin tries hard not to launch DNS queries before priority -100. +# If you want to shortcircuit without launching unneeded queries, make +# sure such rule priority is below -100. These examples are already: +# +# shortcircuit USER_IN_WHITELIST on +# shortcircuit USER_IN_DEF_WHITELIST on +# shortcircuit USER_IN_ALL_SPAM_TO on +# shortcircuit SUBJECT_IN_WHITELIST on + +# the opposite; blacklisted mails can also save CPU +# +# shortcircuit USER_IN_BLACKLIST on +# shortcircuit USER_IN_BLACKLIST_TO on +# shortcircuit SUBJECT_IN_BLACKLIST on + +# if you have taken the time to correctly specify your "trusted_networks", +# this is another good way to save CPU +# +# shortcircuit ALL_TRUSTED on + +# and a well-trained bayes DB can save running rules, too +# +# shortcircuit BAYES_99 spam +# shortcircuit BAYES_00 ham + +endif # Mail::SpamAssassin::Plugin::Shortcircuit From 5a4cdf9c3060b6e93452031d43a0c0b7f8dd1b3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 6 Dec 2023 12:27:38 +0100 Subject: [PATCH 26/95] Prevent local users from impersonating other local users --- site-cookbooks/kosmos_email/recipes/postfix.rb | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos_email/recipes/postfix.rb b/site-cookbooks/kosmos_email/recipes/postfix.rb index 69b7b57..d8892bd 100644 --- a/site-cookbooks/kosmos_email/recipes/postfix.rb +++ b/site-cookbooks/kosmos_email/recipes/postfix.rb @@ -68,8 +68,9 @@ node.normal['postfix']['master'] = { "-o smtpd_tls_security_level=encrypt", "-o smtpd_tls_wrappermode=no", "-o smtpd_sasl_auth_enable=yes", + "-o smtpd_sender_restrictions=reject_sender_login_mismatch", "-o smtpd_relay_restrictions=permit_sasl_authenticated,reject", - "-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject", + "-o smtpd_recipient_restrictions=permit_mynetworks,reject_sender_login_mismatch,permit_sasl_authenticated,reject", "-o smtpd_sasl_type=dovecot", "-o smtpd_sasl_path=private/auth", "-o smtpd_upstream_proxy_protocol=haproxy", @@ -87,6 +88,7 @@ node.normal['postfix']['master'] = { "-o smtpd_tls_wrappermode=yes", "-o smtpd_sasl_auth_enable=yes", "-o smtpd_relay_restrictions=permit_sasl_authenticated,reject", + "-o smtpd_sender_restrictions=reject_sender_login_mismatch", "-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject", "-o smtpd_sasl_type=dovecot", "-o smtpd_sasl_path=private/auth", @@ -133,6 +135,18 @@ template "/etc/postfix/ldap-aliases.cf" do notifies :restart, "service[postfix]", :delayed end +template "/etc/postfix/ldap-username-aliases.cf" do + source "ldap-aliases.cf.erb" + mode 0600 + variables server_host: "ldap.kosmos.local", + bind_dn: credentials['ldap_dn'], + bind_pw: credentials['ldap_dnpass'], + search_base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org", + query_filter: "(&(objectClass=person)(cn=%u))", + result_attribute: "cn" + notifies :restart, "service[postfix]", :delayed +end + include_recipe 'postfix::server' service "postfix" do From ca580bcfe24af523fabc931bc991aa124af05c91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 7 Dec 2023 09:37:37 +0100 Subject: [PATCH 27/95] Set email report contact in production --- environments/production.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/environments/production.json b/environments/production.json index 68e9acc..ae7ba44 100644 --- a/environments/production.json +++ b/environments/production.json @@ -21,7 +21,8 @@ }, "email": { "domain": "kosmos.org", - "hostname": "mail.kosmos.org" + "hostname": "mail.kosmos.org", + "report_contact": "abuse@kosmos.org" }, "garage": { "replication_mode": "2", From 10dd3bf16ef918e8156e615814cadcddf7bb7bcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 7 Dec 2023 09:55:29 +0100 Subject: [PATCH 28/95] Add new RSK testnet node, don't serve from current one --- clients/rsk-testnet-5.json | 4 +++ nodes/rsk-testnet-4.json | 3 +- nodes/rsk-testnet-5.json | 61 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 clients/rsk-testnet-5.json create mode 100644 nodes/rsk-testnet-5.json diff --git a/clients/rsk-testnet-5.json b/clients/rsk-testnet-5.json new file mode 100644 index 0000000..827f2f7 --- /dev/null +++ b/clients/rsk-testnet-5.json @@ -0,0 +1,4 @@ +{ + "name": "rsk-testnet-5", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/UHlgcSeh9Do7CTCKXC\n/4/aO2OvT+ijDVmrMYCNtE4sMeuFqKPnV1zxJZmRm4VNhkSQDkdWYD+6XvuFYW60\nyjB/N6D5lLlyjG4HD6fTkfh0K6f7t5mOYV7o4T59OoA3cBZuSROjtWmJ8jEFJ+k9\nII2kcyhPQcFN01ckzvZKRSPbVRccMoc+AKTjB3ZUfs/ERtlVoDrK4jEHluXOxUJO\nBKCcLonjJuLlpRLh7QfKrKFcR4idn5Ir43R6aSUesI/ipKwKsXnR3Bu7vXp74VF3\nMJ3EkdSBG+qJzy51fbRfQiUPAr/vSoVQZwW7FkIhIqqLkMaYCymn7qKfTGujoNU7\nlwIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/rsk-testnet-4.json b/nodes/rsk-testnet-4.json index fb05180..21ab8f2 100644 --- a/nodes/rsk-testnet-4.json +++ b/nodes/rsk-testnet-4.json @@ -55,7 +55,6 @@ }, "run_list": [ "role[base]", - "role[kvm_guest]", - "role[rskj_testnet]" + "role[kvm_guest]" ] } diff --git a/nodes/rsk-testnet-5.json b/nodes/rsk-testnet-5.json new file mode 100644 index 0000000..9df65b3 --- /dev/null +++ b/nodes/rsk-testnet-5.json @@ -0,0 +1,61 @@ +{ + "name": "rsk-testnet-5", + "normal": { + "knife_zero": { + "host": "10.1.1.194" + } + }, + "automatic": { + "fqdn": "rsk-testnet-5", + "os": "linux", + "os_version": "5.4.0-1103-kvm", + "hostname": "rsk-testnet-5", + "ipaddress": "192.168.122.171", + "roles": [ + "base", + "kvm_guest", + "rskj_testnet" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_kvm::guest", + "kosmos_rsk::rskj", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default", + "kosmos_rsk::firewall", + "firewall::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "18.3.0", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.3.0/lib", + "chef_effortless": null + }, + "ohai": { + "version": "18.1.4", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai" + } + } + }, + "run_list": [ + "role[base]", + "role[kvm_guest]", + "role[rskj_testnet]" + ] +} From e8880ded9053e85d610379baafd35fe1702cd240 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 7 Dec 2023 10:37:09 +0100 Subject: [PATCH 29/95] Remove vagrant (dev) node config files No need for sharing them, since the actual roles etc. are defined in the Vagrantfile. --- nodes/vagrant-node-bitcoin.json | 7796 ------------------------------ nodes/vagrant-openresty.json | 7933 ------------------------------- 2 files changed, 15729 deletions(-) delete mode 100644 nodes/vagrant-node-bitcoin.json delete mode 100644 nodes/vagrant-openresty.json diff --git a/nodes/vagrant-node-bitcoin.json b/nodes/vagrant-node-bitcoin.json deleted file mode 100644 index 36855f0..0000000 --- a/nodes/vagrant-node-bitcoin.json +++ /dev/null @@ -1,7796 +0,0 @@ -{ - "name": "vagrant-node-bitcoin", - "chef_environment": "development", - "override": { - "nodejs": { - "repo": "https://deb.nodesource.com/node_14.x", - "package_action": { - "nodejs": "upgrade" - } - }, - "kosmos-mastodon": { - "elasticsearch": { - "allocated_memory": "128m" - } - }, - "kosmos-dirsrv": { - "master_hostname": "localhost" - }, - "bitcoin": { - "username": "vagrant", - "usergroup": "vagrant", - "conf": { - "testnet": 1, - "irc": 1, - "dnsseed": 1, - "upnp": 1, - "checkblocks": 10, - "checklevel": 1, - "txindex": 1, - "whitelist": "127.0.0.1", - "listen": 1, - "server": 1, - "rpcport": 8332, - "rpcssl": 0, - "rpcuser": "bitcoind", - "rpcbind": "127.0.0.1:8336", - "port": 8335, - "gen": 0, - "zmqpubrawblock": "tcp://127.0.0.1:8337", - "zmqpubrawtx": "tcp://127.0.0.1:8338" - } - } - }, - "normal": { - "tags": [ - - ] - }, - "default": { - "poise-service": { - "provider": "auto", - "options": { - - } - }, - "poise-archive": { - "seven_zip": { - "version": "16.04", - "url": "http://www.7-zip.org/a/7z%{version_tag}%{arch_tag}.exe" - } - }, - "poise-javascript": { - "provider": "auto", - "options": { - - }, - "install_nodejs": true, - "install_iojs": false - }, - "ark": { - "apache_mirror": "http://apache.mirrors.tds.net", - "prefix_root": "/usr/local", - "prefix_bin": "/usr/local/bin", - "prefix_home": "/usr/local", - "tar": null, - "sevenzip_binary": null, - "package_dependencies": [ - "libtool", - "autoconf", - "make", - "unzip", - "rsync", - "gcc", - "autogen", - "shtool", - "pkg-config" - ] - }, - "logrotate": { - "package": { - "name": "logrotate", - "source": null, - "version": null, - "provider": null, - "action": "upgrade" - }, - "directory": "/etc/logrotate.d", - "cron": { - "install": false, - "name": "logrotate", - "command": "/usr/sbin/logrotate /etc/logrotate.conf", - "minute": 35, - "hour": 2 - }, - "global": { - "weekly": true, - "rotate": 4, - "create": "", - "/var/log/wtmp": { - "missingok": true, - "monthly": true, - "create": "0664 root utmp", - "rotate": 1 - }, - "/var/log/btmp": { - "missingok": true, - "monthly": true, - "create": "0660 root utmp", - "rotate": 1 - } - } - }, - "backup": { - "dir": "/usr/local/lib/backup", - "default_model": true, - "compression": { - "best": true, - "fast": false - }, - "user": "backup", - "archives": { - - }, - "mysql": { - "databases": [ - - ], - "username": "root", - "host": "localhost" - }, - "postgresql": { - "databases": { - - }, - "username": "postgres", - "host": "localhost", - "port": 5432 - }, - "redis": { - "databases": [ - - ], - "host": "localhost", - "invoke_save": false, - "dump_dir": "/var/lib/redis" - }, - "orbit": { - "keep": 10 - }, - "cron": { - "hour": "05", - "minute": "7" - }, - "s3": { - "keep": 15, - "bucket": "kosmos-dev-backups" - } - }, - "firewall": { - "allow_ssh": false, - "allow_winrm": false, - "allow_mosh": false, - "allow_loopback": false, - "allow_icmp": false, - "firewalld": { - "permanent": false - }, - "iptables": { - "defaults": { - "policy": { - "input": "DROP", - "forward": "DROP", - "output": "ACCEPT" - }, - "ruleset": { - "*filter": 1, - ":INPUT DROP": 2, - ":FORWARD DROP": 3, - ":OUTPUT ACCEPT": 4, - "COMMIT_FILTER": 100 - } - } - }, - "ubuntu_iptables": false, - "redhat7_iptables": false, - "allow_established": true, - "ipv6_enabled": true, - "ufw": { - "defaults": { - "ipv6": "yes", - "manage_builtins": "no", - "ipt_sysctl": "/etc/ufw/sysctl.conf", - "ipt_modules": "nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns", - "policy": { - "input": "DROP", - "output": "ACCEPT", - "forward": "DROP", - "application": "SKIP" - } - } - }, - "windows": { - "defaults": { - "policy": { - "input": "blockinbound", - "output": "allowoutbound" - } - } - } - }, - "git": { - "prefix": "/usr/local", - "version": "2.17.1", - "url": "https://nodeload.github.com/git/git/tar.gz/v%{version}", - "checksum": "690f12cc5691e5adaf2dd390eae6f5acce68ae0d9bd9403814f8a1433833f02a", - "use_pcre": false, - "server": { - "base_path": "/srv/git", - "export_all": true - } - }, - "golang": { - "scm": true, - "scm_packages": [ - "git", - "mercurial", - "bzr" - ], - "install_dir": "/usr/local", - "gopath": "/opt/go", - "gobin": "/opt/go/bin", - "packages": [ - - ] - }, - "msys2": { - "url": "http://downloads.sourceforge.net/project/msys2/Base/x86_64/msys2-base-x86_64-20160205.tar.xz", - "checksum": "7e97e2af042e1b6f62cf0298fe84839014ef3d4a3e7825cffc6931c66cc0fc20" - }, - "build-essential": { - "compile_time": false, - "msys2": { - "path": "\\msys2" - } - }, - "yum-epel": { - "repos": [ - - ] - }, - "yum": { - "epel-debuginfo": { - "repositoryid": "epel-debuginfo", - "description": "Extra Packages for 20 - $basearch - Debug", - "mirrorlist": "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-20&arch=$basearch", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-20", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-modular-debuginfo": { - "repositoryid": "epel-modular-debuginfo", - "description": "Extra Packages for Enterprise Linux Modular $releasever - $basearch - Debug", - "mirrorlist": "https://mirrors.fedoraproject.org/metalink?repo=epel-modular-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-modular-source": { - "repositoryid": "epel-modular-source", - "description": "Extra Packages for Enterprise Linux Modular $releasever - $basearch - Source", - "mirrorlist": "https://mirrors.fedoraproject.org/metalink?repo=epel-modular-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-modular": { - "repositoryid": "epel-modular", - "description": "Extra Packages for Enterprise Linux Modular $releasever - $basearch", - "mirrorlist": "https://mirrors.fedoraproject.org/metalink?repo=epel-modular-$releasever&arch=$basearch&infra=$infra&content=$contentdir", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-next-debuginfo": { - "repositoryid": "epel-next-debuginfo", - "description": "Extra Packages for 20 - $basearch - Next - Debug", - "mirrorlist": "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-next-debug-20&arch=$basearch", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-20", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-next-source": { - "repositoryid": "epel-next-source", - "description": "Extra Packages for 20 $basearch - Next -Source", - "mirrorlist": "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-next-source-20&arch=$basearch", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-20", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-next-testing-debuginfo": { - "repositoryid": "epel-next-testing-debuginfo", - "description": "Extra Packages for 20 - $basearch - Next - Testing Debug", - "mirrorlist": "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-testing-next-debug-20&arch=$basearch", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-20", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-next-testing-source": { - "repositoryid": "epel-next-testing-source", - "description": "Extra Packages for 20 - $basearch - Next - Testing Source", - "mirrorlist": "https://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel20&arch=$basearch", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-20", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-next-testing": { - "repositoryid": "epel-next-testing", - "description": "Extra Packages for 20 - $basearch - Next - Testing", - "mirrorlist": "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-testing-next-20&arch=$basearch", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-20", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-next": { - "repositoryid": "epel-next", - "gpgcheck": true, - "description": "Extra Packages for $releasever - Next - $basearch", - "mirrorlist": "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-next-20&arch=$basearch", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-20", - "enabled": true, - "managed": true, - "make_cache": true - }, - "epel-playground-debuginfo": { - "repositoryid": "epel-playground-debuginfo", - "description": "Extra Packages for Enterprise Linux $releasever - Playground - $basearch - Debug", - "mirrorlist": "https://mirrors.fedoraproject.org/metalink?repo=playground-debug-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-playground-source": { - "repositoryid": "epel-playground-source", - "description": "Extra Packages for Enterprise Linux $releasever - Playground - $basearch - Source", - "mirrorlist": "https://mirrors.fedoraproject.org/metalink?repo=playground-source-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-playground": { - "repositoryid": "epel-playground", - "description": "Extra Packages for Enterprise Linux $releasever - Playground - $basearch", - "mirrorlist": "https://mirrors.fedoraproject.org/metalink?repo=playground-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-source": { - "repositoryid": "epel-source", - "description": "Extra Packages for 20 - $basearch - Source", - "mirrorlist": "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-20&arch=$basearch", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-20", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-testing-debuginfo": { - "repositoryid": "epel-testing-debuginfo", - "description": "Extra Packages for 20 - $basearch - Testing Debug", - "mirrorlist": "https://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel20&arch=$basearch", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-20", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-testing-modular-debuginfo": { - "repositoryid": "epel-testing-modular-debuginfo", - "description": "Extra Packages for Enterprise Linux Modular $releasever - Testing - $basearch - Debug", - "mirrorlist": "https://mirrors.fedoraproject.org/metalink?repo=testing-modular-debug-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-testing-modular-source": { - "repositoryid": "epel-testing-modular-source", - "description": "Extra Packages for Enterprise Linux Modular $releasever- Testing - $basearch - Source", - "mirrorlist": "https://mirrors.fedoraproject.org/metalink?repo=testing-modular-source-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-testing-modular": { - "repositoryid": "epel-testing-modular", - "description": "Extra Packages for Enterprise Linux Modular $releasever - Testing - $basearch", - "mirrorlist": "https://mirrors.fedoraproject.org/metalink?repo=testing-modular-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-testing-source": { - "repositoryid": "epel-testing-source", - "description": "Extra Packages for 20 - $basearch - Testing Source", - "mirrorlist": "https://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel20&arch=$basearch", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-20", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel-testing": { - "repositoryid": "epel-testing", - "description": "Extra Packages for 20 - $basearch - Testing ", - "mirrorlist": "https://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel20&arch=$basearch", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-20", - "gpgcheck": true, - "enabled": false, - "managed": false, - "make_cache": true - }, - "epel": { - "repositoryid": "epel", - "gpgcheck": true, - "description": "Extra Packages for 20 - $basearch", - "mirrorlist": "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-20&arch=$basearch", - "gpgkey": "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-20", - "enabled": true, - "managed": true, - "make_cache": true - }, - "main": { - "cachedir": "/var/cache/yum/$basearch/$releasever", - "distroverpkg": "ubuntu-release", - "alwaysprompt": null, - "assumeyes": null, - "bandwidth": null, - "bugtracker_url": null, - "clean_requirements_on_remove": null, - "color": null, - "color_list_available_downgrade": null, - "color_list_available_install": null, - "color_list_available_reinstall": null, - "color_list_available_upgrade": null, - "color_list_installed_extra": null, - "color_list_installed_newer": null, - "color_list_installed_older": null, - "color_list_installed_reinstall": null, - "color_search_match": null, - "color_update_installed": null, - "color_update_local": null, - "color_update_remote": null, - "commands": null, - "deltarpm": null, - "debuglevel": null, - "diskspacecheck": null, - "enable_group_conditionals": null, - "errorlevel": null, - "exactarch": null, - "exclude": null, - "gpgcheck": true, - "group_package_types": null, - "groupremove_leaf_only": null, - "history_list_view": null, - "history_record": null, - "history_record_packages": null, - "http_caching": null, - "ip_resolve": null, - "installonly_limit": null, - "installonlypkgs": null, - "installroot": null, - "keepalive": null, - "keepcache": false, - "kernelpkgnames": null, - "localpkg_gpgcheck": false, - "logfile": "/var/log/yum.log", - "max_retries": null, - "mdpolicy": null, - "metadata_expire": null, - "mirrorlist_expire": null, - "multilib_policy": null, - "obsoletes": null, - "overwrite_groups": null, - "password": null, - "path": "/etc/yum.conf", - "persistdir": null, - "pluginconfpath": null, - "pluginpath": null, - "plugins": null, - "protected_multilib": null, - "protected_packages": null, - "proxy": null, - "proxy_password": null, - "proxy_username": null, - "recent": null, - "repo_gpgcheck": null, - "reposdir": null, - "reset_nice": null, - "rpmverbosity": null, - "showdupesfromrepos": null, - "skip_broken": null, - "ssl_check_cert_permissions": null, - "sslcacert": null, - "sslclientcert": null, - "sslclientkey": null, - "sslverify": null, - "syslog_device": null, - "syslog_facility": null, - "syslog_ident": null, - "throttle": null, - "timeout": null, - "tolerant": false, - "tsflags": null, - "username": null - } - }, - "nginx": { - "version": "1.12.1", - "package_name": "nginx", - "port": "80", - "dir": "/etc/nginx", - "script_dir": "/usr/sbin", - "log_dir": "/var/log/nginx", - "log_dir_perm": "0750", - "binary": "/usr/sbin/nginx", - "default_root": "/var/www/nginx-default", - "ulimit": "1024", - "cleanup_runit": true, - "repo_source": "nginx", - "install_method": "package", - "user": "www-data", - "user_home": "/var/www", - "upstart": { - "runlevels": "2345", - "respawn_limit": null, - "foreground": true - }, - "group": "www-data", - "gzip": "on", - "gzip_static": "off", - "gzip_http_version": "1.0", - "gzip_comp_level": "2", - "gzip_proxied": "any", - "gzip_vary": "off", - "gzip_buffers": null, - "gzip_types": [ - "text/plain", - "text/css", - "application/x-javascript", - "text/xml", - "application/xml", - "application/rss+xml", - "application/atom+xml", - "image/svg+xml", - "text/javascript", - "application/javascript", - "application/json", - "text/mathml" - ], - "gzip_min_length": 1000, - "gzip_disable": "MSIE [1-6]\\.", - "keepalive": "on", - "keepalive_requests": 100, - "keepalive_timeout": 65, - "worker_processes": 2, - "worker_connections": 1024, - "worker_rlimit_nofile": null, - "multi_accept": false, - "event": null, - "accept_mutex_delay": null, - "server_tokens": null, - "server_names_hash_bucket_size": 64, - "variables_hash_max_size": 1024, - "variables_hash_bucket_size": 64, - "sendfile": "on", - "underscores_in_headers": null, - "tcp_nodelay": "on", - "tcp_nopush": "on", - "access_log_options": null, - "error_log_options": null, - "disable_access_log": false, - "log_formats": { - - }, - "default_site_enabled": true, - "types_hash_max_size": 2048, - "types_hash_bucket_size": 64, - "proxy_read_timeout": null, - "client_body_buffer_size": null, - "client_max_body_size": null, - "large_client_header_buffers": null, - "map_hash_max_size": null, - "proxy_buffer_size": null, - "proxy_buffers": null, - "proxy_busy_buffers_size": null, - "default": { - "modules": [ - - ] - }, - "extra_configs": { - - }, - "ohai_plugin_enabled": true, - "load_modules": [ - - ], - "auth_request": { - "url": "http://mdounin.ru/hg/ngx_http_auth_request_module/archive/662785733552.tar.gz", - "checksum": "2057bdefd2137a5000d9dbdbfca049d1ba7832ad2b9f8855a88ea5dfa70bd8c1" - }, - "devel": { - "version": "0.3.0", - "url": "https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz", - "checksum": "88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619" - }, - "echo": { - "version": "0.61", - "url": "https://github.com/openresty/echo-nginx-module/archive/v0.61.tar.gz", - "checksum": "2e6a03032555f5da1bdff2ae96c96486f447da3da37c117e0f964ae0753d22aa" - }, - "geoip": { - "path": "/srv/geoip", - "enable_city": true, - "country_dat_url": "http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz", - "country_dat_checksum": null, - "city_dat_url": "http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz", - "city_dat_checksum": null, - "lib_version": "1.6.9", - "lib_url": "https://github.com/maxmind/geoip-api-c/releases/download/v1.6.9/GeoIP-1.6.9.tar.gz", - "lib_checksum": "4b446491843de67c1af9b887da17a3e5939e0aeed4826923a5f4bf09d845096f" - }, - "headers_more": { - "version": "0.30", - "source_url": "https://github.com/openresty/headers-more-nginx-module/archive/v0.30.tar.gz", - "source_checksum": "2aad309a9313c21c7c06ee4e71a39c99d4d829e31c8b3e7d76f8c964ea8047f5" - }, - "lua": { - "version": "0.10.10", - "url": "https://github.com/chaoslawful/lua-nginx-module/archive/v0.10.10.tar.gz", - "checksum": "b4acb84e2d631035a516d61830c910ef6e6485aba86096221ec745e0dbb3fbc9" - }, - "luajit": { - "version": "2.0.4", - "url": "http://luajit.org/download/LuaJIT-2.0.4.tar.gz", - "checksum": "620fa4eb12375021bef6e4f237cbd2dd5d49e56beb414bee052c746beef1807d" - }, - "naxsi": { - "version": "0.54", - "url": "https://github.com/nbs-system/naxsi/archive/0.54.tar.gz", - "checksum": "9cc2c09405bc71f78ef26a8b6d70afcea3fccbe8125df70cb0cfc480133daba5" - }, - "openssl_source": { - "version": "1.0.2k", - "url": "http://www.openssl.org/source/openssl-1.0.2k.tar.gz" - }, - "pagespeed": { - "version": "1.11.33.2", - "url": "https://github.com/pagespeed/ngx_pagespeed/archive/release-1.11.33.2-beta.tar.gz", - "packages": { - "rhel": [ - "pcre-devel", - "zlib-devel" - ], - "debian": [ - "zlib1g-dev", - "libpcre3", - "libpcre3-dev" - ] - } - }, - "psol": { - "url": "https://dl.google.com/dl/page-speed/psol/1.11.33.2.tar.gz" - }, - "passenger": { - "version": "4.0.57", - "root": "/var/lib/gems/2.7.0/gems/passenger-4.0.57", - "ruby": "/usr/bin/ruby2.7", - "conf_file": "/etc/nginx/conf.d/mod-http-passenger.conf", - "packages": { - "rhel": [ - "ruby-devel", - "curl-devel" - ], - "fedora": [ - "ruby-devel", - "libcurl-devel" - ], - "debian": [ - "ruby-dev", - "libcurl4-gnutls-dev", - "libnginx-mod-http-passenger" - ] - }, - "install_rake": true, - "spawn_method": "smart-lv2", - "buffer_response": "on", - "max_pool_size": 6, - "min_instances": 1, - "max_instances_per_app": 0, - "pool_idle_time": 300, - "max_requests": 0, - "gem_binary": null, - "show_version_in_header": "on", - "passenger_log_file": null, - "nodejs": null - }, - "enable_rate_limiting": false, - "rate_limiting_zone_name": "default", - "rate_limiting_backoff": "10m", - "rate_limit": "1r/s", - "upstream_repository": "https://nginx.org/packages/ubuntu", - "repo_signing_key": "https://nginx.org/keys/nginx_signing.key", - "set_misc": { - "version": "0.30", - "url": "https://github.com/agentzh/set-misc-nginx-module/archive/v0.30.tar.gz", - "checksum": "59920dd3f92c2be32627121605751b52eae32b5884be09f2e4c53fb2fae8aabc" - }, - "socketproxy": { - "root": "/usr/share/nginx/apps", - "app_owner": "root", - "logname": "socketproxy", - "log_level": "error" - }, - "init_style": "systemd", - "source": { - "version": "1.12.1", - "prefix": "/opt/nginx-1.12.1", - "conf_path": "/etc/nginx/nginx.conf", - "sbin_path": "/opt/nginx-1.12.1/sbin/nginx", - "default_configure_flags": [ - "--prefix=/opt/nginx-1.12.1", - "--conf-path=/etc/nginx/nginx.conf", - "--sbin-path=/opt/nginx-1.12.1/sbin/nginx", - "--with-cc-opt=-Wno-error" - ], - "url": "http://nginx.org/download/nginx-1.12.1.tar.gz", - "checksum": "8793bf426485a30f91021b6b945a9fd8a84d87d17b566562c3797aba8fac76fb", - "modules": [ - "nginx::http_ssl_module", - "nginx::http_gzip_static_module" - ], - "use_existing_user": false - }, - "configure_flags": [ - - ], - "status": { - "port": "8090" - }, - "syslog": { - "git_repo": "https://github.com/yaoweibin/nginx_syslog_patch.git", - "git_revision": "master" - }, - "upload_progress": { - "url": "https://github.com/masterzen/nginx-upload-progress-module/tarball/v0.9.0", - "checksum": "3fb903dab595cf6656fa0fc5743a48daffbba2f6b5c554836be630800eaad4e2", - "javascript_output": true, - "zone_name": "proxied", - "zone_size": "1m" - } - }, - "openssl": { - "restart_services": [ - - ] - }, - "chocolatey": { - "upgrade": false, - "sensitive": false, - "install_vars": { - "chocolateyProxyLocation": null, - "chocolateyProxyUser": null, - "chocolateyProxyPassword": null, - "chocolateyVersion": null, - "chocolateyDownloadUrl": "https://chocolatey.org/api/v2/package/chocolatey", - "chocolateyUseWindowsCompression": null - } - }, - "nodejs": { - "install_method": "package", - "version": "10.16.3", - "prefix_url": { - "node": "https://nodejs.org/dist/" - }, - "tmpdir": "/tmp", - "source": { - "url": null, - "checksum": "db5a5e03a815b84a1266a4b48bb6a6d887175705f84fd2472f0d28e5e305a1f8" - }, - "binary": { - "url": null, - "checksum": { - "linux_x64": "2f0397bb81c1d0c9901b9aff82a933257bf60f3992227b86107111a75b9030d9", - "linux_arm64": "3bab16e7107092e43426e082ee9fd88ef0a43a35816f662f14563bcc5152600d" - }, - "append_env_path": true - }, - "make_threads": 2, - "manage_node": true, - "npm": { - "install_method": "embedded", - "version": "latest" - }, - "install_repo": true, - "repo": "https://deb.nodesource.com/node_10.x", - "keyserver": "keyserver.ubuntu.com", - "key": "1655a0ab68576280", - "packages": [ - "nodejs" - ], - "package_action": { - "default": "install" - }, - "package_options": { - "default": "" - } - }, - "ulimit": { - "pam_su_template_cookbook": null, - "users": { - - }, - "security_limits_directory": "/etc/security/limits.d", - "ulimit_overriding_sudo_file_name": "sudo", - "ulimit_overriding_sudo_file_cookbook": null - }, - "redisio": { - "redis_config": { - "template_cookbook": "redisio", - "template_source": "redis.conf.erb" - }, - "safe_install": true, - "package_install": false, - "package_name": "redis-server", - "bypass_setup": false, - "mirror": "http://download.redis.io/releases/", - "base_name": "redis-", - "artifact_type": "tar.gz", - "base_piddir": "/var/run/redis", - "version": "3.2.11", - "install_dir": null, - "job_control": "systemd", - "init.d": { - "required_start": [ - - ], - "required_stop": [ - - ] - }, - "default_settings": { - "user": "redis", - "group": "redis", - "permissions": "0644", - "homedir": "/var/lib/redis", - "shell": "/bin/false", - "systemuser": true, - "uid": null, - "ulimit": 0, - "configdir": "/etc/redis", - "name": null, - "tcpbacklog": "511", - "address": null, - "databases": "16", - "backuptype": "rdb", - "datadir": "/var/lib/redis", - "unixsocket": null, - "unixsocketperm": null, - "timeout": "0", - "keepalive": "0", - "loglevel": "notice", - "logfile": null, - "syslogenabled": "yes", - "syslogfacility": "local0", - "shutdown_save": false, - "save": null, - "stopwritesonbgsaveerror": "yes", - "rdbcompression": "yes", - "rdbchecksum": "yes", - "dbfilename": null, - "slaveof": null, - "protected_mode": null, - "masterauth": null, - "slaveservestaledata": "yes", - "slavereadonly": "yes", - "repldisklesssync": "no", - "repldisklesssyncdelay": "5", - "replpingslaveperiod": "10", - "repltimeout": "60", - "repldisabletcpnodelay": "no", - "replbacklogsize": "1mb", - "replbacklogttl": 3600, - "slavepriority": "100", - "requirepass": null, - "rename_commands": null, - "maxclients": 10000, - "maxmemory": null, - "maxmemorypolicy": null, - "maxmemorysamples": null, - "appendfilename": null, - "appendfsync": "everysec", - "noappendfsynconrewrite": "no", - "aofrewritepercentage": "100", - "aofrewriteminsize": "64mb", - "aofloadtruncated": "yes", - "luatimelimit": "5000", - "slowloglogslowerthan": "10000", - "slowlogmaxlen": "1024", - "notifykeyspaceevents": "", - "hashmaxziplistentries": "512", - "hashmaxziplistvalue": "64", - "listmaxziplistentries": "512", - "listmaxziplistvalue": "64", - "setmaxintsetentries": "512", - "zsetmaxziplistentries": "128", - "zsetmaxziplistvalue": "64", - "hllsparsemaxbytes": "3000", - "activerehasing": "yes", - "clientoutputbufferlimit": [ - [ - "normal", - "0", - "0", - "0" - ], - [ - "slave", - "256mb", - "64mb", - "60" - ], - [ - "pubsub", - "32mb", - "8mb", - "60" - ] - ], - "hz": "10", - "aofrewriteincrementalfsync": "yes", - "clusterenabled": "no", - "clusterconfigfile": null, - "clusternodetimeout": 5000, - "includes": null, - "data_bag_name": null, - "data_bag_item": null, - "data_bag_key": null, - "minslavestowrite": null, - "minslavesmaxlag": null, - "breadcrumb": true - }, - "servers": null, - "bin_path": "/usr/local/bin", - "gem": { - "name": "redis", - "version": null - }, - "sentinel_defaults": { - "user": "redis", - "configdir": "/etc/redis", - "sentinel_bind": null, - "sentinel_port": 26379, - "monitor": null, - "down_after_milliseconds": 30000, - "can-failover": "yes", - "parallel-syncs": 1, - "failover_timeout": 900000, - "loglevel": "notice", - "logfile": null, - "syslogenabled": "yes", - "syslogfacility": "local0", - "quorum_count": 2, - "data_bag_name": null, - "data_bag_item": null, - "data_bag_key": null, - "announce-ip": null, - "announce-port": null, - "notification-script": null, - "client-reconfig-script": null - }, - "sentinel": { - "manage_config": true - }, - "sentinels": null - }, - "apt": { - "cacher_dir": "/var/cache/apt-cacher-ng", - "cacher_interface": null, - "cacher_port": 3142, - "compiletime": false, - "compile_time_update": false, - "key_proxy": "", - "periodic_update_min_delay": 86400, - "launchpad_api_version": "1.0", - "unattended_upgrades": { - "enable": false, - "update_package_lists": true, - "allowed_origins": [ - "Ubuntu focal" - ], - "origins_patterns": [ - - ], - "package_blacklist": [ - - ], - "auto_fix_interrupted_dpkg": false, - "minimal_steps": false, - "install_on_shutdown": false, - "mail": null, - "sender": null, - "mail_only_on_error": true, - "remove_unused_dependencies": false, - "automatic_reboot": false, - "automatic_reboot_time": "now", - "dl_limit": null, - "random_sleep": null, - "syslog_enable": false, - "syslog_facility": "daemon", - "dpkg_options": [ - - ] - }, - "cacher_client": { - "cacher_server": { - - } - }, - "confd": { - "force_confask": false, - "force_confdef": false, - "force_confmiss": false, - "force_confnew": false, - "force_confold": false, - "install_recommends": true, - "install_suggests": false - } - }, - "tor": { - "DataDirectory": "/var/lib/tor", - "MinLogLevel": "notice", - "LogDestination": "/var/log/tor/log", - "SocksPorts": [ - "9050" - ], - "HiddenServices": { - - }, - "relay": { - "enabled": false, - "ORPort": "9001", - "Address": null, - "OutboundBindAddress": null, - "Nickname": "IDidntEditTheConfig", - "RelayBandwidthRate": null, - "RelayBandwidthBurst": null, - "ContactInfo": null, - "ExitPolicy": [ - "reject *:*" - ], - "BridgeRelay": 0, - "PublishServerDescriptor": 1, - "Directory": false, - "DirPort": "9030", - "DirPortFrontPage": null, - "MyFamily": [ - - ] - } - }, - "bitcoin": { - "version": "0.21.1", - "checksum": "caff23449220cf45753f312cefede53a9eac64000bb300797916526236b6a1e0", - "username": "satoshi", - "usergroup": "bitcoin", - "network": "mainnet", - "conf_path": "/home/satoshi/.bitcoin/bitcoin.conf", - "walletdir": "/home/satoshi/.bitcoin", - "datadir": "/mnt/data/bitcoin", - "conf": { - "irc": 1, - "dnsseed": 1, - "upnp": 1, - "checkblocks": 10, - "checklevel": 1, - "txindex": 1, - "whitelist": "127.0.0.1", - "listen": 1, - "server": 1, - "rpcssl": 0, - "rpcuser": "satoshi", - "rpcbind": "127.0.0.1:8332", - "gen": 0, - "zmqpubrawblock": "tcp://127.0.0.1:8337", - "zmqpubrawtx": "tcp://127.0.0.1:8338" - }, - "tor_enabled": true - }, - "c-lightning": { - "repo": "https://github.com/ElementsProject/lightning", - "revision": "v0.10.2", - "source_dir": "/opt/c-lightning", - "lightning_dir": "/home/vagrant/.lightning", - "alias": "ln3.kosmos.org", - "rgb": "0D4F99", - "log_level": "info", - "public_ip": "148.251.237.73" - }, - "lnd": { - "repo": "https://github.com/lightningnetwork/lnd", - "revision": "v0.14.1-beta", - "source_dir": "/opt/lnd", - "lnd_dir": "/home/vagrant/.lnd", - "alias": "ln2.kosmos.org", - "color": "#5e0c99", - "log_level": "info", - "public_ip": "148.251.237.111", - "public_port": "9735", - "port": "9736", - "minchansize": "1000000", - "basefee": "1000", - "feerate": "50", - "auto_unlock": true - }, - "boltz": { - "repo": "https://github.com/BoltzExchange/boltz-lnd.git", - "revision": "v1.2.6", - "source_dir": "/opt/boltz", - "boltz_dir": "/home/vagrant/.boltz-lnd", - "grpc_host": "127.0.0.1", - "grpc_port": "9002", - "rest_disabled": "false", - "rest_host": "127.0.0.1", - "rest_port": "9003", - "no_macaroons": "false" - }, - "rtl": { - "repo": "https://github.com/Ride-The-Lightning/RTL.git", - "revision": "v0.12.1", - "host": "10.1.1.163", - "port": "3000" - }, - "lndhub": { - "repo": "https://gitea.kosmos.org/kosmos/lndhub.git", - "revision": "master", - "port": "3023", - "domain": "lndhub.kosmos.org" - }, - "dotnet": { - "ms_packages_src_url": "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb", - "ms_packages_src_checksum": "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991" - }, - "nbxplorer": { - "repo": "https://github.com/dgarage/NBXplorer", - "revision": "v2.2.20", - "source_dir": "/opt/nbxplorer", - "config_path": "/home/vagrant/.nbxplorer/Main/settings.config", - "port": "24445" - }, - "btcpay": { - "repo": "https://github.com/btcpayserver/btcpayserver", - "revision": "v1.3.7", - "source_dir": "/opt/btcpay", - "config_path": "/home/vagrant/.btcpayserver/Main/settings.config", - "log_path": "/home/vagrant/.btcpayserver/debug.log", - "port": "23001", - "domain": "btcpay.kosmos.org", - "postgres": { - "port": 5432, - "database": "btcpayserver", - "user": "satoshi" - } - } - }, - "automatic": { - "dmi": { - "dmidecode_version": "3.2", - "smbios_version": "2.5", - "structures": { - "count": "10", - "size": "450" - }, - "table_location": "0x000E1000", - "bios": { - "all_records": [ - { - "record_id": "0x0000", - "size": "0", - "application_identifier": "BIOS Information", - "Vendor": "innotek GmbH", - "Version": "VirtualBox", - "Release Date": "12/01/2006", - "Address": "0xE0000", - "Runtime Size": "128 kB", - "ROM Size": "128 kB", - "Characteristics": { - "ACPI is supported": null - } - } - ], - "vendor": "innotek GmbH", - "version": "VirtualBox", - "release_date": "12/01/2006", - "address": "0xE0000", - "runtime_size": "128 kB", - "rom_size": "128 kB" - }, - "system": { - "all_records": [ - { - "record_id": "0x0001", - "size": "1", - "application_identifier": "System Information", - "Manufacturer": "innotek GmbH", - "Product Name": "VirtualBox", - "Version": "1.2", - "Serial Number": "0", - "UUID": "7c0b7cff-656e-41d9-9a3b-6078ef1f1049", - "Wake-up Type": "Power Switch", - "SKU Number": "Not Specified", - "Family": "Virtual Machine" - } - ], - "manufacturer": "innotek GmbH", - "product_name": "VirtualBox", - "version": "1.2", - "serial_number": "0", - "uuid": "7c0b7cff-656e-41d9-9a3b-6078ef1f1049", - "wake_up_type": "Power Switch", - "sku_number": "Not Specified", - "family": "Virtual Machine" - }, - "base_board": { - "all_records": [ - { - "record_id": "0x0008", - "size": "2", - "application_identifier": "Base Board Information", - "Manufacturer": "Oracle Corporation", - "Product Name": "VirtualBox", - "Version": "1.2", - "Serial Number": "0", - "Asset Tag": "Not Specified", - "Features": { - "Board is a hosting board": null - }, - "Location In Chassis": "Not Specified", - "Chassis Handle": "0x0003", - "Type": "Motherboard", - "Contained Object Handles": "0" - } - ], - "manufacturer": "Oracle Corporation", - "product_name": "VirtualBox", - "version": "1.2", - "serial_number": "0", - "asset_tag": "Not Specified", - "location_in_chassis": "Not Specified", - "chassis_handle": "0x0003", - "type": "Motherboard", - "contained_object_handles": "0" - }, - "chassis": { - "all_records": [ - { - "record_id": "0x0003", - "size": "3", - "application_identifier": "Chassis Information", - "Manufacturer": "Oracle Corporation", - "Type": "Other", - "Lock": "Not Present", - "Version": "Not Specified", - "Serial Number": "Not Specified", - "Asset Tag": "Not Specified", - "Boot-up State": "Safe", - "Power Supply State": "Safe", - "Thermal State": "Safe", - "Security Status": "None" - } - ], - "manufacturer": "Oracle Corporation", - "type": "Other", - "lock": "Not Present", - "version": "Not Specified", - "serial_number": "Not Specified", - "asset_tag": "Not Specified", - "boot_up_state": "Safe", - "power_supply_state": "Safe", - "thermal_state": "Safe", - "security_status": "None" - }, - "oem_strings": { - "all_records": [ - { - "record_id": "0x0002", - "size": "11", - "application_identifier": "OEM Strings", - "String 1": "vboxVer_6.1.34", - "String 2": "vboxRev_150636" - } - ], - "string_1": "vboxVer_6.1.34", - "string_2": "vboxRev_150636" - } - }, - "virtualization": { - "systems": { - "vbox": "guest" - }, - "system": "vbox", - "role": "guest" - }, - "uptime_seconds": 39, - "uptime": "39 seconds", - "idletime_seconds": 42, - "idletime": "42 seconds", - "shells": [ - "/bin/sh", - "/bin/bash", - "/usr/bin/bash", - "/bin/rbash", - "/usr/bin/rbash", - "/bin/dash", - "/usr/bin/dash", - "/usr/bin/tmux", - "/usr/bin/screen" - ], - "lsb": { - "id": "Ubuntu", - "description": "Ubuntu 20.04.4 LTS", - "release": "20.04", - "codename": "focal" - }, - "memory": { - "swap": { - "cached": "0kB", - "total": "1999868kB", - "free": "1999868kB" - }, - "hugepages": { - "total": "0", - "free": "0", - "reserved": "0", - "surplus": "0" - }, - "directmap": { - "4k": "108480kB", - "2M": "940032kB" - }, - "total": "1000068kB", - "free": "207876kB", - "available": "618524kB", - "buffers": "81692kB", - "cached": "424584kB", - "active": "314544kB", - "inactive": "308884kB", - "dirty": "7920kB", - "writeback": "0kB", - "anon_pages": "135740kB", - "mapped": "66244kB", - "slab": "127900kB", - "slab_reclaimable": "81944kB", - "slab_unreclaim": "45956kB", - "page_tables": "2532kB", - "nfs_unstable": "0kB", - "bounce": "0kB", - "commit_limit": "2499900kB", - "committed_as": "431316kB", - "vmalloc_total": "34359738367kB", - "vmalloc_used": "9308kB", - "vmalloc_chunk": "0kB", - "hugepage_size": "2048kB", - "hugetlb": "0kB" - }, - "machine_id": "c671038f014e482ba1c6686dea08c7b1", - "kernel": { - "name": "Linux", - "release": "5.4.0-107-generic", - "version": "#121-Ubuntu SMP Thu Mar 24 16:04:27 UTC 2022", - "machine": "x86_64", - "processor": "x86_64", - "os": "GNU/Linux", - "modules": { - "vboxsf": { - "size": "81920", - "refcount": "12", - "version": "6.1.34 r150636" - }, - "dm_multipath": { - "size": "32768", - "refcount": "0" - }, - "scsi_dh_rdac": { - "size": "16384", - "refcount": "0", - "version": "01.00.0000.0000" - }, - "scsi_dh_emc": { - "size": "16384", - "refcount": "0" - }, - "scsi_dh_alua": { - "size": "20480", - "refcount": "0", - "version": "2.0" - }, - "intel_rapl_msr": { - "size": "20480", - "refcount": "0" - }, - "intel_rapl_common": { - "size": "24576", - "refcount": "1" - }, - "rapl": { - "size": "20480", - "refcount": "0" - }, - "input_leds": { - "size": "16384", - "refcount": "0" - }, - "serio_raw": { - "size": "20480", - "refcount": "0" - }, - "mac_hid": { - "size": "16384", - "refcount": "0" - }, - "vboxguest": { - "size": "348160", - "refcount": "2", - "version": "6.1.34 r150636" - }, - "sch_fq_codel": { - "size": "20480", - "refcount": "3" - }, - "ipmi_devintf": { - "size": "20480", - "refcount": "0" - }, - "ipmi_msghandler": { - "size": "106496", - "refcount": "1", - "version": "39.2" - }, - "msr": { - "size": "16384", - "refcount": "0" - }, - "ip_tables": { - "size": "32768", - "refcount": "0" - }, - "x_tables": { - "size": "40960", - "refcount": "1" - }, - "autofs4": { - "size": "45056", - "refcount": "2" - }, - "btrfs": { - "size": "1261568", - "refcount": "0" - }, - "zstd_compress": { - "size": "167936", - "refcount": "1" - }, - "raid10": { - "size": "61440", - "refcount": "0" - }, - "raid456": { - "size": "155648", - "refcount": "0" - }, - "async_raid6_recov": { - "size": "24576", - "refcount": "1" - }, - "async_memcpy": { - "size": "20480", - "refcount": "2" - }, - "async_pq": { - "size": "24576", - "refcount": "2" - }, - "async_xor": { - "size": "20480", - "refcount": "3" - }, - "async_tx": { - "size": "20480", - "refcount": "5" - }, - "xor": { - "size": "24576", - "refcount": "2" - }, - "raid6_pq": { - "size": "114688", - "refcount": "4" - }, - "libcrc32c": { - "size": "16384", - "refcount": "2" - }, - "raid1": { - "size": "45056", - "refcount": "0" - }, - "raid0": { - "size": "24576", - "refcount": "0" - }, - "multipath": { - "size": "20480", - "refcount": "0" - }, - "linear": { - "size": "20480", - "refcount": "0" - }, - "crct10dif_pclmul": { - "size": "16384", - "refcount": "1" - }, - "crc32_pclmul": { - "size": "16384", - "refcount": "0" - }, - "ghash_clmulni_intel": { - "size": "16384", - "refcount": "0" - }, - "vboxvideo": { - "size": "36864", - "refcount": "1", - "version": "6.1.34 r150636" - }, - "ttm": { - "size": "106496", - "refcount": "1" - }, - "drm_kms_helper": { - "size": "184320", - "refcount": "1" - }, - "syscopyarea": { - "size": "16384", - "refcount": "1" - }, - "aesni_intel": { - "size": "372736", - "refcount": "0" - }, - "crypto_simd": { - "size": "16384", - "refcount": "1" - }, - "sysfillrect": { - "size": "16384", - "refcount": "1" - }, - "cryptd": { - "size": "24576", - "refcount": "2" - }, - "sysimgblt": { - "size": "16384", - "refcount": "1" - }, - "fb_sys_fops": { - "size": "16384", - "refcount": "1" - }, - "glue_helper": { - "size": "16384", - "refcount": "1" - }, - "psmouse": { - "size": "155648", - "refcount": "0" - }, - "drm": { - "size": "491520", - "refcount": "4" - }, - "ahci": { - "size": "40960", - "refcount": "3", - "version": "3.0" - }, - "libahci": { - "size": "32768", - "refcount": "1" - }, - "e1000": { - "size": "147456", - "refcount": "0", - "version": "7.3.21-k8-NAPI" - }, - "i2c_piix4": { - "size": "28672", - "refcount": "0" - }, - "pata_acpi": { - "size": "16384", - "refcount": "0", - "version": "0.2.3" - }, - "video": { - "size": "49152", - "refcount": "0" - } - } - }, - "os": "linux", - "os_version": "5.4.0-107-generic", - "platform": "ubuntu", - "platform_version": "20.04", - "platform_family": "debian", - "block_device": { - "loop1": { - "size": "0", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop6": { - "size": "0", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop4": { - "size": "0", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop2": { - "size": "0", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop0": { - "size": "0", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop7": { - "size": "0", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "sda": { - "size": "268435456", - "removable": "0", - "model": "VBOX HARDDISK", - "rev": "1.0", - "state": "running", - "timeout": "30", - "vendor": "ATA", - "queue_depth": "32", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop5": { - "size": "0", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop3": { - "size": "0", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - } - }, - "fips": { - "kernel": { - "enabled": false - } - }, - "systemd_paths": { - "temporary": "/tmp", - "temporary-large": "/var/tmp", - "system-binaries": "/usr/bin", - "system-include": "/usr/include", - "system-library-private": "/usr/lib", - "system-library-arch": "/usr/lib/x86_64-linux-gnu", - "system-shared": "/usr/share", - "system-configuration-factory": "/usr/share/factory/etc", - "system-state-factory": "/usr/share/factory/var", - "system-configuration": "/etc", - "system-runtime": "/run", - "system-runtime-logs": "/run/log", - "system-state-private": "/var/lib", - "system-state-logs": "/var/log", - "system-state-cache": "/var/cache", - "system-state-spool": "/var/spool", - "user-binaries": "/root/.local/bin", - "user-library-private": "/root/.local/lib", - "user-library-arch": "/root/.local/lib/x86_64-linux-gnu", - "user-shared": "/root/.local/share", - "user-configuration": "/root/.config", - "user-runtime": "/run/user/1000", - "user-state-cache": "/root/.cache", - "user": "/root", - "user-documents": "/root", - "user-music": "/root", - "user-pictures": "/root", - "user-videos": "/root", - "user-download": "/root", - "user-public": "/root", - "user-templates": "/root", - "user-desktop": "/root/Desktop", - "search-binaries": "/usr/local/sbin", - "search-binaries-default": "/usr/local/sbin", - "search-library-private": "/root/.local/lib", - "search-library-arch": "/root/.local/lib/x86_64-linux-gnu", - "search-shared": "/root/.local/share", - "search-configuration-factory": "/usr/local/share/factory/etc", - "search-state-factory": "/usr/local/share/factory/var", - "search-configuration": "/root/.config" - }, - "hostnamectl": { - "static_hostname": "ubuntu2004.localdomain", - "icon_name": "computer-vm", - "chassis": "vm", - "machine_id": "c671038f014e482ba1c6686dea08c7b1", - "boot_id": "fd129507820140cb9d17afdfd19de86b", - "virtualization": "oracle", - "operating_system": "Ubuntu 20.04.4 LTS", - "kernel": "Linux 5.4.0-107-generic", - "architecture": "x86-64" - }, - "network": { - "interfaces": { - "lo": { - "mtu": "65536", - "flags": [ - "LOOPBACK", - "UP", - "LOWER_UP" - ], - "encapsulation": "Loopback", - "addresses": { - "127.0.0.1": { - "family": "inet", - "prefixlen": "8", - "netmask": "255.0.0.0", - "scope": "Node" - } - }, - "state": "unknown" - }, - "eth0": { - "type": "eth", - "number": "0", - "mtu": "1500", - "flags": [ - "BROADCAST", - "MULTICAST", - "UP", - "LOWER_UP" - ], - "encapsulation": "Ethernet", - "addresses": { - "08:00:27:B5:F3:6E": { - "family": "lladdr" - }, - "10.0.2.15": { - "family": "inet", - "prefixlen": "24", - "netmask": "255.255.255.0", - "broadcast": "10.0.2.255", - "scope": "Global" - }, - "fe80::a00:27ff:feb5:f36e": { - "family": "inet6", - "prefixlen": "64", - "scope": "Link", - "tags": [ - - ] - } - }, - "state": "up", - "arp": { - "10.0.2.2": "52:54:00:12:35:02" - }, - "routes": [ - { - "destination": "default", - "family": "inet", - "via": "10.0.2.2", - "metric": "100", - "proto": "dhcp", - "src": "10.0.2.15" - }, - { - "destination": "10.0.2.0/24", - "family": "inet", - "scope": "link", - "proto": "kernel", - "src": "10.0.2.15" - }, - { - "destination": "10.0.2.2", - "family": "inet", - "scope": "link", - "metric": "100", - "proto": "dhcp", - "src": "10.0.2.15" - }, - { - "destination": "fe80::/64", - "family": "inet6", - "metric": "256", - "proto": "kernel" - } - ], - "link_speed": 1000, - "duplex": "Full", - "port": "Twisted Pair", - "transceiver": "internal", - "auto_negotiation": "on", - "mdi_x": "off (auto)", - "ring_params": { - "max_rx": 4096, - "max_rx_mini": 0, - "max_rx_jumbo": 0, - "max_tx": 4096, - "current_rx": 256, - "current_rx_mini": 0, - "current_rx_jumbo": 0, - "current_tx": 256 - } - }, - "eth1": { - "type": "eth", - "number": "1", - "mtu": "1500", - "flags": [ - "BROADCAST", - "MULTICAST", - "UP", - "LOWER_UP" - ], - "encapsulation": "Ethernet", - "addresses": { - "08:00:27:4C:80:A3": { - "family": "lladdr" - }, - "192.168.56.6": { - "family": "inet", - "prefixlen": "24", - "netmask": "255.255.255.0", - "broadcast": "192.168.56.255", - "scope": "Global" - }, - "fe80::a00:27ff:fe4c:80a3": { - "family": "inet6", - "prefixlen": "64", - "scope": "Link", - "tags": [ - - ] - } - }, - "state": "up", - "routes": [ - { - "destination": "192.168.56.0/24", - "family": "inet", - "scope": "link", - "proto": "kernel", - "src": "192.168.56.6" - }, - { - "destination": "fe80::/64", - "family": "inet6", - "metric": "256", - "proto": "kernel" - } - ], - "link_speed": 1000, - "duplex": "Full", - "port": "Twisted Pair", - "transceiver": "internal", - "auto_negotiation": "on", - "mdi_x": "off (auto)", - "ring_params": { - "max_rx": 4096, - "max_rx_mini": 0, - "max_rx_jumbo": 0, - "max_tx": 4096, - "current_rx": 256, - "current_rx_mini": 0, - "current_rx_jumbo": 0, - "current_tx": 256 - } - } - }, - "default_interface": "eth0", - "default_gateway": "10.0.2.2" - }, - "counters": { - "network": { - "interfaces": { - "lo": { - "tx": { - "queuelen": "1000", - "bytes": "3720", - "packets": "40", - "errors": "0", - "drop": "0", - "carrier": "0", - "collisions": "0" - }, - "rx": { - "bytes": "3720", - "packets": "40", - "errors": "0", - "drop": "0", - "overrun": "0" - } - }, - "eth0": { - "tx": { - "queuelen": "1000", - "bytes": "341414", - "packets": "2049", - "errors": "0", - "drop": "0", - "carrier": "0", - "collisions": "0" - }, - "rx": { - "bytes": "320104", - "packets": "2449", - "errors": "0", - "drop": "0", - "overrun": "0" - } - }, - "eth1": { - "tx": { - "queuelen": "1000", - "bytes": "1156", - "packets": "14", - "errors": "0", - "drop": "0", - "carrier": "0", - "collisions": "0" - }, - "rx": { - "bytes": "3300", - "packets": "55", - "errors": "0", - "drop": "0", - "overrun": "0" - } - } - } - } - }, - "ipaddress": "10.0.2.15", - "macaddress": "08:00:27:B5:F3:6E", - "ip6address": "fe80::a00:27ff:fe4c:80a3", - "languages": { - "perl": { - "version": "5.30.0", - "archname": "x86_64-linux-gnu-thread-multi" - }, - "c": { - "gcc": { - "target": "x86_64-linux-gnu", - "configured_with": "../src/configure -v --with-pkgversion='Ubuntu 9.4.0-1ubuntu1~20.04.1' --with-bugurl=file:///usr/share/doc/gcc-9/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++,gm2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-9 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none=/build/gcc-9-Av3uEd/gcc-9-9.4.0/debian/tmp-nvptx/usr,hsa --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu", - "thread_model": "posix", - "description": "gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1) ", - "version": "9.4.0" - } - }, - "ruby": { - "platform": "x86_64-linux-gnu", - "version": "2.7.0", - "release_date": "2019-12-25", - "target": "x86_64-pc-linux-gnu", - "target_cpu": "x86_64", - "target_vendor": "pc", - "target_os": "linux-gnu", - "host": "x86_64-pc-linux-gnu", - "host_cpu": "x86_64", - "host_os": "linux-gnu", - "host_vendor": "pc", - "bin_dir": "/usr/bin", - "ruby_bin": "/usr/bin/ruby2.7", - "gems_dir": "/var/lib/gems/2.7.0", - "gem_bin": "/usr/bin/gem2.7" - }, - "nodejs": { - "version": "14.19.3" - } - }, - "keys": { - "ssh": { - "host_rsa_public": "AAAAB3NzaC1yc2EAAAADAQABAAABgQDF990mm+o3JG3/02/VhJ4vsZyiJJ0uW3NyIxqMR7DLxT0HHBg4HX/A8UaXxCQRG2GSM9Xz20D74p84cyu9AVUfhkHTKezUn5iH7Agw18YKkR3o/VUnLUg7UCuZfPubx8rlQC/XODcz6v+VlSYKtO6nCMF/dFOrdKJ36Knhop5ms5z8fFgHwdZBJDIOutBXp95ikvugZ0HOST09T+n7SdNLOT551Poa27CNlBaN245CUe+X9gnBSxJwfztX+tXNxJn6t6MGR1AlNTm3oh0hrgCcCPnkdgYIdg6i0Luy6HHSM42tQHsNomhhJgX6BTl4zJ+lXMbcvrvzsTpheD4jMkNxX1PstAzCVlbTpviZ8jn79y1h4i1ACjL7WYH4bEeCmwOCMH3Vd6PAjt84YZ4BgGwWXU2NNB+++pOHNV/FJTLlGrYXEs4kj/ATAFRshroYNM1stVi+Rm01C4V/qYEa/0Oinv96QfB3RF9lTy866d+PKMhS5QH87HwBeJt5K1s5pzc=", - "host_ecdsa_public": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJghFhd76I/FRcW2HoOFUHZKccLMZbzucOjjf0O6MaRCCPcLqyP2h0hBqOScuayk8bPOLKLS+hwzSIqKiITJZlE=", - "host_ecdsa_type": "ecdsa-sha2-nistp256", - "host_ed25519_public": "AAAAC3NzaC1lZDI1NTE5AAAAIBwk+ac2ZTxsapEby5jQp8KKMuSKrwzFfL2h/11NMqb8" - } - }, - "chef_packages": { - "ohai": { - "version": "15.12.0", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" - }, - "chef": { - "version": "15.13.8", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.13.8/lib" - } - }, - "root_group": "root", - "hostname": "ubuntu2004", - "machinename": "ubuntu2004.localdomain", - "fqdn": "ubuntu2004.localdomain", - "domain": "localdomain", - "shard_seed": 8007109, - "filesystem": { - "by_device": { - "udev": { - "kb_size": "455052", - "kb_used": "0", - "kb_available": "455052", - "percent_used": "0%", - "total_inodes": "113763", - "inodes_used": "432", - "inodes_available": "113331", - "inodes_percent_used": "1%", - "fs_type": "devtmpfs", - "mount_options": [ - "rw", - "nosuid", - "noexec", - "relatime", - "size=455052k", - "nr_inodes=113763", - "mode=755" - ], - "mounts": [ - "/dev" - ] - }, - "tmpfs": { - "kb_size": "100004", - "kb_used": "0", - "kb_available": "100004", - "percent_used": "0%", - "total_inodes": "125008", - "inodes_used": "22", - "inodes_available": "124986", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "relatime", - "size=100004k", - "mode=700", - "uid=1000", - "gid=1000" - ], - "mounts": [ - "/run", - "/dev/shm", - "/run/lock", - "/sys/fs/cgroup", - "/run/user/1000" - ] - }, - "/dev/sda3": { - "kb_size": "129125532", - "kb_used": "4324236", - "kb_available": "118199056", - "percent_used": "4%", - "total_inodes": "8232960", - "inodes_used": "166382", - "inodes_available": "8066578", - "inodes_percent_used": "3%", - "fs_type": "ext4", - "mount_options": [ - "rw", - "relatime", - "errors=remount-ro" - ], - "uuid": "93e56e87-d555-49b8-ae66-eb769adcaa6e", - "mounts": [ - "/" - ] - }, - "/dev/sda1": { - "kb_size": "466664", - "kb_used": "206192", - "kb_available": "225568", - "percent_used": "48%", - "total_inodes": "124672", - "inodes_used": "316", - "inodes_available": "124356", - "inodes_percent_used": "1%", - "fs_type": "ext4", - "mount_options": [ - "rw", - "relatime" - ], - "uuid": "6ea96ce0-09f5-4ad4-b6bb-b98789081685", - "mounts": [ - "/boot" - ] - }, - "v-csc-739684c4d": { - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "mounts": [ - "/tmp/vagrant-chef/598d2b35b952f08e3f21d97a80fa7b8b/cookbooks" - ] - }, - "v-csc-1cb8244c4": { - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "mounts": [ - "/tmp/vagrant-chef/10487ca2c138d025bf56ec2f9d36b3df/cookbooks" - ] - }, - "v-cse-b51052476": { - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "mounts": [ - "/tmp/vagrant-chef/4ef9f7054db7390e352845d1b823179a/environments" - ] - }, - "v-csr-09c2592a7": { - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "mounts": [ - "/tmp/vagrant-chef/a2b3b9ec0045ddd6811a62f251a38d0b/roles" - ] - }, - "v-csdb-967c7b1df": { - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "mounts": [ - "/tmp/vagrant-chef/ee47c56074bd9d8f6bf1ffe056e04234/data_bags" - ] - }, - "v-csn-d26196e28": { - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "mounts": [ - "/tmp/vagrant-chef/f43d5826f5c6edbc529dd61f2374efd8/nodes" - ] - }, - "sysfs": { - "fs_type": "sysfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/sys" - ] - }, - "proc": { - "fs_type": "proc", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/proc" - ] - }, - "devpts": { - "fs_type": "devpts", - "mount_options": [ - "rw", - "nosuid", - "noexec", - "relatime", - "gid=5", - "mode=620", - "ptmxmode=000" - ], - "mounts": [ - "/dev/pts" - ] - }, - "securityfs": { - "fs_type": "securityfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/sys/kernel/security" - ] - }, - "cgroup2": { - "fs_type": "cgroup2", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "nsdelegate" - ], - "mounts": [ - "/sys/fs/cgroup/unified" - ] - }, - "cgroup": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "pids" - ], - "mounts": [ - "/sys/fs/cgroup/systemd", - "/sys/fs/cgroup/net_cls,net_prio", - "/sys/fs/cgroup/cpuset", - "/sys/fs/cgroup/freezer", - "/sys/fs/cgroup/devices", - "/sys/fs/cgroup/cpu,cpuacct", - "/sys/fs/cgroup/memory", - "/sys/fs/cgroup/hugetlb", - "/sys/fs/cgroup/blkio", - "/sys/fs/cgroup/rdma", - "/sys/fs/cgroup/perf_event", - "/sys/fs/cgroup/pids" - ] - }, - "pstore": { - "fs_type": "pstore", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/sys/fs/pstore" - ] - }, - "none": { - "fs_type": "bpf", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "mode=700" - ], - "mounts": [ - "/sys/fs/bpf" - ] - }, - "systemd-1": { - "fs_type": "autofs", - "mount_options": [ - "rw", - "relatime", - "fd=28", - "pgrp=1", - "timeout=0", - "minproto=5", - "maxproto=5", - "direct", - "pipe_ino=16437" - ], - "mounts": [ - "/proc/sys/fs/binfmt_misc" - ] - }, - "hugetlbfs": { - "fs_type": "hugetlbfs", - "mount_options": [ - "rw", - "relatime", - "pagesize=2M" - ], - "mounts": [ - "/dev/hugepages" - ] - }, - "mqueue": { - "fs_type": "mqueue", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/dev/mqueue" - ] - }, - "tracefs": { - "fs_type": "tracefs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/sys/kernel/tracing" - ] - }, - "debugfs": { - "fs_type": "debugfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/sys/kernel/debug" - ] - }, - "fusectl": { - "fs_type": "fusectl", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/sys/fs/fuse/connections" - ] - }, - "configfs": { - "fs_type": "configfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/sys/kernel/config" - ] - }, - "/dev/sda": { - "mounts": [ - - ] - }, - "/dev/sda2": { - "fs_type": "swap", - "uuid": "5bde3f46-fa48-4232-b33d-3a2e2a012b78", - "mounts": [ - - ] - } - }, - "by_mountpoint": { - "/dev": { - "kb_size": "455052", - "kb_used": "0", - "kb_available": "455052", - "percent_used": "0%", - "total_inodes": "113763", - "inodes_used": "432", - "inodes_available": "113331", - "inodes_percent_used": "1%", - "fs_type": "devtmpfs", - "mount_options": [ - "rw", - "nosuid", - "noexec", - "relatime", - "size=455052k", - "nr_inodes=113763", - "mode=755" - ], - "devices": [ - "udev" - ] - }, - "/run": { - "kb_size": "100008", - "kb_used": "984", - "kb_available": "99024", - "percent_used": "1%", - "total_inodes": "125008", - "inodes_used": "654", - "inodes_available": "124354", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "size=100008k", - "mode=755" - ], - "devices": [ - "tmpfs" - ] - }, - "/": { - "kb_size": "129125532", - "kb_used": "4324236", - "kb_available": "118199056", - "percent_used": "4%", - "total_inodes": "8232960", - "inodes_used": "166382", - "inodes_available": "8066578", - "inodes_percent_used": "3%", - "fs_type": "ext4", - "mount_options": [ - "rw", - "relatime", - "errors=remount-ro" - ], - "uuid": "93e56e87-d555-49b8-ae66-eb769adcaa6e", - "devices": [ - "/dev/sda3" - ] - }, - "/dev/shm": { - "kb_size": "500032", - "kb_used": "0", - "kb_available": "500032", - "percent_used": "0%", - "total_inodes": "125008", - "inodes_used": "4", - "inodes_available": "125004", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev" - ], - "devices": [ - "tmpfs" - ] - }, - "/run/lock": { - "kb_size": "5120", - "kb_used": "0", - "kb_available": "5120", - "percent_used": "0%", - "total_inodes": "125008", - "inodes_used": "4", - "inodes_available": "125004", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "size=5120k" - ], - "devices": [ - "tmpfs" - ] - }, - "/sys/fs/cgroup": { - "kb_size": "500032", - "kb_used": "0", - "kb_available": "500032", - "percent_used": "0%", - "total_inodes": "125008", - "inodes_used": "18", - "inodes_available": "124990", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "ro", - "nosuid", - "nodev", - "noexec", - "mode=755" - ], - "devices": [ - "tmpfs" - ] - }, - "/boot": { - "kb_size": "466664", - "kb_used": "206192", - "kb_available": "225568", - "percent_used": "48%", - "total_inodes": "124672", - "inodes_used": "316", - "inodes_available": "124356", - "inodes_percent_used": "1%", - "fs_type": "ext4", - "mount_options": [ - "rw", - "relatime" - ], - "uuid": "6ea96ce0-09f5-4ad4-b6bb-b98789081685", - "devices": [ - "/dev/sda1" - ] - }, - "/tmp/vagrant-chef/598d2b35b952f08e3f21d97a80fa7b8b/cookbooks": { - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "devices": [ - "v-csc-739684c4d" - ] - }, - "/tmp/vagrant-chef/10487ca2c138d025bf56ec2f9d36b3df/cookbooks": { - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "devices": [ - "v-csc-1cb8244c4" - ] - }, - "/tmp/vagrant-chef/4ef9f7054db7390e352845d1b823179a/environments": { - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "devices": [ - "v-cse-b51052476" - ] - }, - "/tmp/vagrant-chef/a2b3b9ec0045ddd6811a62f251a38d0b/roles": { - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "devices": [ - "v-csr-09c2592a7" - ] - }, - "/tmp/vagrant-chef/ee47c56074bd9d8f6bf1ffe056e04234/data_bags": { - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "devices": [ - "v-csdb-967c7b1df" - ] - }, - "/tmp/vagrant-chef/f43d5826f5c6edbc529dd61f2374efd8/nodes": { - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "devices": [ - "v-csn-d26196e28" - ] - }, - "/run/user/1000": { - "kb_size": "100004", - "kb_used": "0", - "kb_available": "100004", - "percent_used": "0%", - "total_inodes": "125008", - "inodes_used": "22", - "inodes_available": "124986", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "relatime", - "size=100004k", - "mode=700", - "uid=1000", - "gid=1000" - ], - "devices": [ - "tmpfs" - ] - }, - "/sys": { - "fs_type": "sysfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "sysfs" - ] - }, - "/proc": { - "fs_type": "proc", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "proc" - ] - }, - "/dev/pts": { - "fs_type": "devpts", - "mount_options": [ - "rw", - "nosuid", - "noexec", - "relatime", - "gid=5", - "mode=620", - "ptmxmode=000" - ], - "devices": [ - "devpts" - ] - }, - "/sys/kernel/security": { - "fs_type": "securityfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "securityfs" - ] - }, - "/sys/fs/cgroup/unified": { - "fs_type": "cgroup2", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "nsdelegate" - ], - "devices": [ - "cgroup2" - ] - }, - "/sys/fs/cgroup/systemd": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "xattr", - "name=systemd" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/pstore": { - "fs_type": "pstore", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "pstore" - ] - }, - "/sys/fs/bpf": { - "fs_type": "bpf", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "mode=700" - ], - "devices": [ - "none" - ] - }, - "/sys/fs/cgroup/net_cls,net_prio": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "net_cls", - "net_prio" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/cpuset": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "cpuset" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/freezer": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "freezer" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/devices": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "devices" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/cpu,cpuacct": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "cpu", - "cpuacct" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/memory": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "memory" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/hugetlb": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "hugetlb" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/blkio": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "blkio" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/rdma": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "rdma" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/perf_event": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "perf_event" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/pids": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "pids" - ], - "devices": [ - "cgroup" - ] - }, - "/proc/sys/fs/binfmt_misc": { - "fs_type": "autofs", - "mount_options": [ - "rw", - "relatime", - "fd=28", - "pgrp=1", - "timeout=0", - "minproto=5", - "maxproto=5", - "direct", - "pipe_ino=16437" - ], - "devices": [ - "systemd-1" - ] - }, - "/dev/hugepages": { - "fs_type": "hugetlbfs", - "mount_options": [ - "rw", - "relatime", - "pagesize=2M" - ], - "devices": [ - "hugetlbfs" - ] - }, - "/dev/mqueue": { - "fs_type": "mqueue", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "mqueue" - ] - }, - "/sys/kernel/tracing": { - "fs_type": "tracefs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "tracefs" - ] - }, - "/sys/kernel/debug": { - "fs_type": "debugfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "debugfs" - ] - }, - "/sys/fs/fuse/connections": { - "fs_type": "fusectl", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "fusectl" - ] - }, - "/sys/kernel/config": { - "fs_type": "configfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "configfs" - ] - } - }, - "by_pair": { - "udev,/dev": { - "device": "udev", - "kb_size": "455052", - "kb_used": "0", - "kb_available": "455052", - "percent_used": "0%", - "mount": "/dev", - "total_inodes": "113763", - "inodes_used": "432", - "inodes_available": "113331", - "inodes_percent_used": "1%", - "fs_type": "devtmpfs", - "mount_options": [ - "rw", - "nosuid", - "noexec", - "relatime", - "size=455052k", - "nr_inodes=113763", - "mode=755" - ] - }, - "tmpfs,/run": { - "device": "tmpfs", - "kb_size": "100008", - "kb_used": "984", - "kb_available": "99024", - "percent_used": "1%", - "mount": "/run", - "total_inodes": "125008", - "inodes_used": "654", - "inodes_available": "124354", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "size=100008k", - "mode=755" - ] - }, - "/dev/sda3,/": { - "device": "/dev/sda3", - "kb_size": "129125532", - "kb_used": "4324236", - "kb_available": "118199056", - "percent_used": "4%", - "mount": "/", - "total_inodes": "8232960", - "inodes_used": "166382", - "inodes_available": "8066578", - "inodes_percent_used": "3%", - "fs_type": "ext4", - "mount_options": [ - "rw", - "relatime", - "errors=remount-ro" - ], - "uuid": "93e56e87-d555-49b8-ae66-eb769adcaa6e" - }, - "tmpfs,/dev/shm": { - "device": "tmpfs", - "kb_size": "500032", - "kb_used": "0", - "kb_available": "500032", - "percent_used": "0%", - "mount": "/dev/shm", - "total_inodes": "125008", - "inodes_used": "4", - "inodes_available": "125004", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev" - ] - }, - "tmpfs,/run/lock": { - "device": "tmpfs", - "kb_size": "5120", - "kb_used": "0", - "kb_available": "5120", - "percent_used": "0%", - "mount": "/run/lock", - "total_inodes": "125008", - "inodes_used": "4", - "inodes_available": "125004", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "size=5120k" - ] - }, - "tmpfs,/sys/fs/cgroup": { - "device": "tmpfs", - "kb_size": "500032", - "kb_used": "0", - "kb_available": "500032", - "percent_used": "0%", - "mount": "/sys/fs/cgroup", - "total_inodes": "125008", - "inodes_used": "18", - "inodes_available": "124990", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "ro", - "nosuid", - "nodev", - "noexec", - "mode=755" - ] - }, - "/dev/sda1,/boot": { - "device": "/dev/sda1", - "kb_size": "466664", - "kb_used": "206192", - "kb_available": "225568", - "percent_used": "48%", - "mount": "/boot", - "total_inodes": "124672", - "inodes_used": "316", - "inodes_available": "124356", - "inodes_percent_used": "1%", - "fs_type": "ext4", - "mount_options": [ - "rw", - "relatime" - ], - "uuid": "6ea96ce0-09f5-4ad4-b6bb-b98789081685" - }, - "v-csc-739684c4d,/tmp/vagrant-chef/598d2b35b952f08e3f21d97a80fa7b8b/cookbooks": { - "device": "v-csc-739684c4d", - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "mount": "/tmp/vagrant-chef/598d2b35b952f08e3f21d97a80fa7b8b/cookbooks", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ] - }, - "v-csc-1cb8244c4,/tmp/vagrant-chef/10487ca2c138d025bf56ec2f9d36b3df/cookbooks": { - "device": "v-csc-1cb8244c4", - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "mount": "/tmp/vagrant-chef/10487ca2c138d025bf56ec2f9d36b3df/cookbooks", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ] - }, - "v-cse-b51052476,/tmp/vagrant-chef/4ef9f7054db7390e352845d1b823179a/environments": { - "device": "v-cse-b51052476", - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "mount": "/tmp/vagrant-chef/4ef9f7054db7390e352845d1b823179a/environments", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ] - }, - "v-csr-09c2592a7,/tmp/vagrant-chef/a2b3b9ec0045ddd6811a62f251a38d0b/roles": { - "device": "v-csr-09c2592a7", - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "mount": "/tmp/vagrant-chef/a2b3b9ec0045ddd6811a62f251a38d0b/roles", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ] - }, - "v-csdb-967c7b1df,/tmp/vagrant-chef/ee47c56074bd9d8f6bf1ffe056e04234/data_bags": { - "device": "v-csdb-967c7b1df", - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "mount": "/tmp/vagrant-chef/ee47c56074bd9d8f6bf1ffe056e04234/data_bags", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ] - }, - "v-csn-d26196e28,/tmp/vagrant-chef/f43d5826f5c6edbc529dd61f2374efd8/nodes": { - "device": "v-csn-d26196e28", - "kb_size": "976235204", - "kb_used": "667525544", - "kb_available": "308709660", - "percent_used": "69%", - "mount": "/tmp/vagrant-chef/f43d5826f5c6edbc529dd61f2374efd8/nodes", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ] - }, - "tmpfs,/run/user/1000": { - "device": "tmpfs", - "kb_size": "100004", - "kb_used": "0", - "kb_available": "100004", - "percent_used": "0%", - "mount": "/run/user/1000", - "total_inodes": "125008", - "inodes_used": "22", - "inodes_available": "124986", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "relatime", - "size=100004k", - "mode=700", - "uid=1000", - "gid=1000" - ] - }, - "sysfs,/sys": { - "device": "sysfs", - "mount": "/sys", - "fs_type": "sysfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "proc,/proc": { - "device": "proc", - "mount": "/proc", - "fs_type": "proc", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "devpts,/dev/pts": { - "device": "devpts", - "mount": "/dev/pts", - "fs_type": "devpts", - "mount_options": [ - "rw", - "nosuid", - "noexec", - "relatime", - "gid=5", - "mode=620", - "ptmxmode=000" - ] - }, - "securityfs,/sys/kernel/security": { - "device": "securityfs", - "mount": "/sys/kernel/security", - "fs_type": "securityfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "cgroup2,/sys/fs/cgroup/unified": { - "device": "cgroup2", - "mount": "/sys/fs/cgroup/unified", - "fs_type": "cgroup2", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "nsdelegate" - ] - }, - "cgroup,/sys/fs/cgroup/systemd": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/systemd", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "xattr", - "name=systemd" - ] - }, - "pstore,/sys/fs/pstore": { - "device": "pstore", - "mount": "/sys/fs/pstore", - "fs_type": "pstore", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "none,/sys/fs/bpf": { - "device": "none", - "mount": "/sys/fs/bpf", - "fs_type": "bpf", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "mode=700" - ] - }, - "cgroup,/sys/fs/cgroup/net_cls,net_prio": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/net_cls,net_prio", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "net_cls", - "net_prio" - ] - }, - "cgroup,/sys/fs/cgroup/cpuset": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/cpuset", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "cpuset" - ] - }, - "cgroup,/sys/fs/cgroup/freezer": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/freezer", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "freezer" - ] - }, - "cgroup,/sys/fs/cgroup/devices": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/devices", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "devices" - ] - }, - "cgroup,/sys/fs/cgroup/cpu,cpuacct": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/cpu,cpuacct", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "cpu", - "cpuacct" - ] - }, - "cgroup,/sys/fs/cgroup/memory": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/memory", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "memory" - ] - }, - "cgroup,/sys/fs/cgroup/hugetlb": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/hugetlb", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "hugetlb" - ] - }, - "cgroup,/sys/fs/cgroup/blkio": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/blkio", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "blkio" - ] - }, - "cgroup,/sys/fs/cgroup/rdma": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/rdma", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "rdma" - ] - }, - "cgroup,/sys/fs/cgroup/perf_event": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/perf_event", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "perf_event" - ] - }, - "cgroup,/sys/fs/cgroup/pids": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/pids", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "pids" - ] - }, - "systemd-1,/proc/sys/fs/binfmt_misc": { - "device": "systemd-1", - "mount": "/proc/sys/fs/binfmt_misc", - "fs_type": "autofs", - "mount_options": [ - "rw", - "relatime", - "fd=28", - "pgrp=1", - "timeout=0", - "minproto=5", - "maxproto=5", - "direct", - "pipe_ino=16437" - ] - }, - "hugetlbfs,/dev/hugepages": { - "device": "hugetlbfs", - "mount": "/dev/hugepages", - "fs_type": "hugetlbfs", - "mount_options": [ - "rw", - "relatime", - "pagesize=2M" - ] - }, - "mqueue,/dev/mqueue": { - "device": "mqueue", - "mount": "/dev/mqueue", - "fs_type": "mqueue", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "tracefs,/sys/kernel/tracing": { - "device": "tracefs", - "mount": "/sys/kernel/tracing", - "fs_type": "tracefs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "debugfs,/sys/kernel/debug": { - "device": "debugfs", - "mount": "/sys/kernel/debug", - "fs_type": "debugfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "fusectl,/sys/fs/fuse/connections": { - "device": "fusectl", - "mount": "/sys/fs/fuse/connections", - "fs_type": "fusectl", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "configfs,/sys/kernel/config": { - "device": "configfs", - "mount": "/sys/kernel/config", - "fs_type": "configfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "/dev/sda,": { - "device": "/dev/sda" - }, - "/dev/sda2,": { - "device": "/dev/sda2", - "fs_type": "swap", - "uuid": "5bde3f46-fa48-4232-b33d-3a2e2a012b78" - } - } - }, - "sysconf": { - "LINK_MAX": 65000, - "_POSIX_LINK_MAX": 65000, - "MAX_CANON": 255, - "_POSIX_MAX_CANON": 255, - "MAX_INPUT": 255, - "_POSIX_MAX_INPUT": 255, - "NAME_MAX": 255, - "_POSIX_NAME_MAX": 255, - "PATH_MAX": 4096, - "_POSIX_PATH_MAX": 4096, - "PIPE_BUF": 4096, - "_POSIX_PIPE_BUF": 4096, - "SOCK_MAXBUF": null, - "_POSIX_ASYNC_IO": null, - "_POSIX_CHOWN_RESTRICTED": 1, - "_POSIX_NO_TRUNC": 1, - "_POSIX_PRIO_IO": null, - "_POSIX_SYNC_IO": null, - "_POSIX_VDISABLE": 0, - "ARG_MAX": 2097152, - "ATEXIT_MAX": 2147483647, - "CHAR_BIT": 8, - "CHAR_MAX": 127, - "CHAR_MIN": -128, - "CHILD_MAX": 3554, - "CLK_TCK": 100, - "INT_MAX": 2147483647, - "INT_MIN": -2147483648, - "IOV_MAX": 1024, - "LOGNAME_MAX": 256, - "LONG_BIT": 64, - "MB_LEN_MAX": 16, - "NGROUPS_MAX": 65536, - "NL_ARGMAX": 4096, - "NL_LANGMAX": 2048, - "NL_MSGMAX": 2147483647, - "NL_NMAX": 2147483647, - "NL_SETMAX": 2147483647, - "NL_TEXTMAX": 2147483647, - "NSS_BUFLEN_GROUP": 1024, - "NSS_BUFLEN_PASSWD": 1024, - "NZERO": 20, - "OPEN_MAX": 1024, - "PAGESIZE": 4096, - "PAGE_SIZE": 4096, - "PASS_MAX": 8192, - "PTHREAD_DESTRUCTOR_ITERATIONS": 4, - "PTHREAD_KEYS_MAX": 1024, - "PTHREAD_STACK_MIN": 16384, - "PTHREAD_THREADS_MAX": null, - "SCHAR_MAX": 127, - "SCHAR_MIN": -128, - "SHRT_MAX": 32767, - "SHRT_MIN": -32768, - "SSIZE_MAX": 32767, - "TTY_NAME_MAX": 32, - "TZNAME_MAX": null, - "UCHAR_MAX": 255, - "UINT_MAX": 4294967295, - "UIO_MAXIOV": 1024, - "ULONG_MAX": 18446744073709551615, - "USHRT_MAX": 65535, - "WORD_BIT": 32, - "_AVPHYS_PAGES": 45736, - "_NPROCESSORS_CONF": 2, - "_NPROCESSORS_ONLN": 2, - "_PHYS_PAGES": 250017, - "_POSIX_ARG_MAX": 2097152, - "_POSIX_ASYNCHRONOUS_IO": 200809, - "_POSIX_CHILD_MAX": 3554, - "_POSIX_FSYNC": 200809, - "_POSIX_JOB_CONTROL": 1, - "_POSIX_MAPPED_FILES": 200809, - "_POSIX_MEMLOCK": 200809, - "_POSIX_MEMLOCK_RANGE": 200809, - "_POSIX_MEMORY_PROTECTION": 200809, - "_POSIX_MESSAGE_PASSING": 200809, - "_POSIX_NGROUPS_MAX": 65536, - "_POSIX_OPEN_MAX": 1024, - "_POSIX_PII": null, - "_POSIX_PII_INTERNET": null, - "_POSIX_PII_INTERNET_DGRAM": null, - "_POSIX_PII_INTERNET_STREAM": null, - "_POSIX_PII_OSI": null, - "_POSIX_PII_OSI_CLTS": null, - "_POSIX_PII_OSI_COTS": null, - "_POSIX_PII_OSI_M": null, - "_POSIX_PII_SOCKET": null, - "_POSIX_PII_XTI": null, - "_POSIX_POLL": null, - "_POSIX_PRIORITIZED_IO": 200809, - "_POSIX_PRIORITY_SCHEDULING": 200809, - "_POSIX_REALTIME_SIGNALS": 200809, - "_POSIX_SAVED_IDS": 1, - "_POSIX_SELECT": null, - "_POSIX_SEMAPHORES": 200809, - "_POSIX_SHARED_MEMORY_OBJECTS": 200809, - "_POSIX_SSIZE_MAX": 32767, - "_POSIX_STREAM_MAX": 16, - "_POSIX_SYNCHRONIZED_IO": 200809, - "_POSIX_THREADS": 200809, - "_POSIX_THREAD_ATTR_STACKADDR": 200809, - "_POSIX_THREAD_ATTR_STACKSIZE": 200809, - "_POSIX_THREAD_PRIORITY_SCHEDULING": 200809, - "_POSIX_THREAD_PRIO_INHERIT": 200809, - "_POSIX_THREAD_PRIO_PROTECT": 200809, - "_POSIX_THREAD_ROBUST_PRIO_INHERIT": null, - "_POSIX_THREAD_ROBUST_PRIO_PROTECT": null, - "_POSIX_THREAD_PROCESS_SHARED": 200809, - "_POSIX_THREAD_SAFE_FUNCTIONS": 200809, - "_POSIX_TIMERS": 200809, - "TIMER_MAX": null, - "_POSIX_TZNAME_MAX": null, - "_POSIX_VERSION": 200809, - "_T_IOV_MAX": null, - "_XOPEN_CRYPT": null, - "_XOPEN_ENH_I18N": 1, - "_XOPEN_LEGACY": 1, - "_XOPEN_REALTIME": 1, - "_XOPEN_REALTIME_THREADS": 1, - "_XOPEN_SHM": 1, - "_XOPEN_UNIX": 1, - "_XOPEN_VERSION": 700, - "_XOPEN_XCU_VERSION": 4, - "_XOPEN_XPG2": 1, - "_XOPEN_XPG3": 1, - "_XOPEN_XPG4": 1, - "BC_BASE_MAX": 99, - "BC_DIM_MAX": 2048, - "BC_SCALE_MAX": 99, - "BC_STRING_MAX": 1000, - "CHARCLASS_NAME_MAX": 2048, - "COLL_WEIGHTS_MAX": 255, - "EQUIV_CLASS_MAX": null, - "EXPR_NEST_MAX": 32, - "LINE_MAX": 2048, - "POSIX2_BC_BASE_MAX": 99, - "POSIX2_BC_DIM_MAX": 2048, - "POSIX2_BC_SCALE_MAX": 99, - "POSIX2_BC_STRING_MAX": 1000, - "POSIX2_CHAR_TERM": 200809, - "POSIX2_COLL_WEIGHTS_MAX": 255, - "POSIX2_C_BIND": 200809, - "POSIX2_C_DEV": 200809, - "POSIX2_C_VERSION": 200809, - "POSIX2_EXPR_NEST_MAX": 32, - "POSIX2_FORT_DEV": null, - "POSIX2_FORT_RUN": null, - "_POSIX2_LINE_MAX": 2048, - "POSIX2_LINE_MAX": 2048, - "POSIX2_LOCALEDEF": 200809, - "POSIX2_RE_DUP_MAX": 32767, - "POSIX2_SW_DEV": 200809, - "POSIX2_UPE": null, - "POSIX2_VERSION": 200809, - "RE_DUP_MAX": 32767, - "PATH": "/bin:/usr/bin", - "CS_PATH": "/bin:/usr/bin", - "LFS_CFLAGS": null, - "LFS_LDFLAGS": null, - "LFS_LIBS": null, - "LFS_LINTFLAGS": null, - "LFS64_CFLAGS": "-D_LARGEFILE64_SOURCE", - "LFS64_LDFLAGS": null, - "LFS64_LIBS": null, - "LFS64_LINTFLAGS": "-D_LARGEFILE64_SOURCE", - "_XBS5_WIDTH_RESTRICTED_ENVS": "XBS5_LP64_OFF64", - "XBS5_WIDTH_RESTRICTED_ENVS": "XBS5_LP64_OFF64", - "_XBS5_ILP32_OFF32": null, - "XBS5_ILP32_OFF32_CFLAGS": null, - "XBS5_ILP32_OFF32_LDFLAGS": null, - "XBS5_ILP32_OFF32_LIBS": null, - "XBS5_ILP32_OFF32_LINTFLAGS": null, - "_XBS5_ILP32_OFFBIG": null, - "XBS5_ILP32_OFFBIG_CFLAGS": null, - "XBS5_ILP32_OFFBIG_LDFLAGS": null, - "XBS5_ILP32_OFFBIG_LIBS": null, - "XBS5_ILP32_OFFBIG_LINTFLAGS": null, - "_XBS5_LP64_OFF64": 1, - "XBS5_LP64_OFF64_CFLAGS": "-m64", - "XBS5_LP64_OFF64_LDFLAGS": "-m64", - "XBS5_LP64_OFF64_LIBS": null, - "XBS5_LP64_OFF64_LINTFLAGS": null, - "_XBS5_LPBIG_OFFBIG": null, - "XBS5_LPBIG_OFFBIG_CFLAGS": null, - "XBS5_LPBIG_OFFBIG_LDFLAGS": null, - "XBS5_LPBIG_OFFBIG_LIBS": null, - "XBS5_LPBIG_OFFBIG_LINTFLAGS": null, - "_POSIX_V6_ILP32_OFF32": null, - "POSIX_V6_ILP32_OFF32_CFLAGS": null, - "POSIX_V6_ILP32_OFF32_LDFLAGS": null, - "POSIX_V6_ILP32_OFF32_LIBS": null, - "POSIX_V6_ILP32_OFF32_LINTFLAGS": null, - "_POSIX_V6_WIDTH_RESTRICTED_ENVS": "POSIX_V6_LP64_OFF64", - "POSIX_V6_WIDTH_RESTRICTED_ENVS": "POSIX_V6_LP64_OFF64", - "_POSIX_V6_ILP32_OFFBIG": null, - "POSIX_V6_ILP32_OFFBIG_CFLAGS": null, - "POSIX_V6_ILP32_OFFBIG_LDFLAGS": null, - "POSIX_V6_ILP32_OFFBIG_LIBS": null, - "POSIX_V6_ILP32_OFFBIG_LINTFLAGS": null, - "_POSIX_V6_LP64_OFF64": 1, - "POSIX_V6_LP64_OFF64_CFLAGS": "-m64", - "POSIX_V6_LP64_OFF64_LDFLAGS": "-m64", - "POSIX_V6_LP64_OFF64_LIBS": null, - "POSIX_V6_LP64_OFF64_LINTFLAGS": null, - "_POSIX_V6_LPBIG_OFFBIG": null, - "POSIX_V6_LPBIG_OFFBIG_CFLAGS": null, - "POSIX_V6_LPBIG_OFFBIG_LDFLAGS": null, - "POSIX_V6_LPBIG_OFFBIG_LIBS": null, - "POSIX_V6_LPBIG_OFFBIG_LINTFLAGS": null, - "_POSIX_V7_ILP32_OFF32": null, - "POSIX_V7_ILP32_OFF32_CFLAGS": null, - "POSIX_V7_ILP32_OFF32_LDFLAGS": null, - "POSIX_V7_ILP32_OFF32_LIBS": null, - "POSIX_V7_ILP32_OFF32_LINTFLAGS": null, - "_POSIX_V7_WIDTH_RESTRICTED_ENVS": "POSIX_V7_LP64_OFF64", - "POSIX_V7_WIDTH_RESTRICTED_ENVS": "POSIX_V7_LP64_OFF64", - "_POSIX_V7_ILP32_OFFBIG": null, - "POSIX_V7_ILP32_OFFBIG_CFLAGS": null, - "POSIX_V7_ILP32_OFFBIG_LDFLAGS": null, - "POSIX_V7_ILP32_OFFBIG_LIBS": null, - "POSIX_V7_ILP32_OFFBIG_LINTFLAGS": null, - "_POSIX_V7_LP64_OFF64": 1, - "POSIX_V7_LP64_OFF64_CFLAGS": "-m64", - "POSIX_V7_LP64_OFF64_LDFLAGS": "-m64", - "POSIX_V7_LP64_OFF64_LIBS": null, - "POSIX_V7_LP64_OFF64_LINTFLAGS": null, - "_POSIX_V7_LPBIG_OFFBIG": null, - "POSIX_V7_LPBIG_OFFBIG_CFLAGS": null, - "POSIX_V7_LPBIG_OFFBIG_LDFLAGS": null, - "POSIX_V7_LPBIG_OFFBIG_LIBS": null, - "POSIX_V7_LPBIG_OFFBIG_LINTFLAGS": null, - "_POSIX_ADVISORY_INFO": 200809, - "_POSIX_BARRIERS": 200809, - "_POSIX_BASE": null, - "_POSIX_C_LANG_SUPPORT": null, - "_POSIX_C_LANG_SUPPORT_R": null, - "_POSIX_CLOCK_SELECTION": 200809, - "_POSIX_CPUTIME": 200809, - "_POSIX_THREAD_CPUTIME": 200809, - "_POSIX_DEVICE_SPECIFIC": null, - "_POSIX_DEVICE_SPECIFIC_R": null, - "_POSIX_FD_MGMT": null, - "_POSIX_FIFO": null, - "_POSIX_PIPE": null, - "_POSIX_FILE_ATTRIBUTES": null, - "_POSIX_FILE_LOCKING": null, - "_POSIX_FILE_SYSTEM": null, - "_POSIX_MONOTONIC_CLOCK": 200809, - "_POSIX_MULTI_PROCESS": null, - "_POSIX_SINGLE_PROCESS": null, - "_POSIX_NETWORKING": null, - "_POSIX_READER_WRITER_LOCKS": 200809, - "_POSIX_SPIN_LOCKS": 200809, - "_POSIX_REGEXP": 1, - "_REGEX_VERSION": null, - "_POSIX_SHELL": 1, - "_POSIX_SIGNALS": null, - "_POSIX_SPAWN": 200809, - "_POSIX_SPORADIC_SERVER": null, - "_POSIX_THREAD_SPORADIC_SERVER": null, - "_POSIX_SYSTEM_DATABASE": null, - "_POSIX_SYSTEM_DATABASE_R": null, - "_POSIX_TIMEOUTS": 200809, - "_POSIX_TYPED_MEMORY_OBJECTS": null, - "_POSIX_USER_GROUPS": null, - "_POSIX_USER_GROUPS_R": null, - "POSIX2_PBS": null, - "POSIX2_PBS_ACCOUNTING": null, - "POSIX2_PBS_LOCATE": null, - "POSIX2_PBS_TRACK": null, - "POSIX2_PBS_MESSAGE": null, - "SYMLOOP_MAX": null, - "STREAM_MAX": 16, - "AIO_LISTIO_MAX": null, - "AIO_MAX": null, - "AIO_PRIO_DELTA_MAX": 20, - "DELAYTIMER_MAX": 2147483647, - "HOST_NAME_MAX": 64, - "LOGIN_NAME_MAX": 256, - "MQ_OPEN_MAX": null, - "MQ_PRIO_MAX": 32768, - "_POSIX_DEVICE_IO": null, - "_POSIX_TRACE": null, - "_POSIX_TRACE_EVENT_FILTER": null, - "_POSIX_TRACE_INHERIT": null, - "_POSIX_TRACE_LOG": null, - "RTSIG_MAX": 32, - "SEM_NSEMS_MAX": null, - "SEM_VALUE_MAX": 2147483647, - "SIGQUEUE_MAX": 3554, - "FILESIZEBITS": 64, - "POSIX_ALLOC_SIZE_MIN": 4096, - "POSIX_REC_INCR_XFER_SIZE": null, - "POSIX_REC_MAX_XFER_SIZE": null, - "POSIX_REC_MIN_XFER_SIZE": 4096, - "POSIX_REC_XFER_ALIGN": 4096, - "SYMLINK_MAX": null, - "GNU_LIBC_VERSION": "glibc 2.31", - "GNU_LIBPTHREAD_VERSION": "NPTL 2.31", - "POSIX2_SYMLINKS": 1, - "LEVEL1_ICACHE_SIZE": 32768, - "LEVEL1_ICACHE_ASSOC": 8, - "LEVEL1_ICACHE_LINESIZE": 64, - "LEVEL1_DCACHE_SIZE": 32768, - "LEVEL1_DCACHE_ASSOC": 8, - "LEVEL1_DCACHE_LINESIZE": 64, - "LEVEL2_CACHE_SIZE": 262144, - "LEVEL2_CACHE_ASSOC": 4, - "LEVEL2_CACHE_LINESIZE": 64, - "LEVEL3_CACHE_SIZE": 3145728, - "LEVEL3_CACHE_ASSOC": 12, - "LEVEL3_CACHE_LINESIZE": 64, - "LEVEL4_CACHE_SIZE": 0, - "LEVEL4_CACHE_ASSOC": 0, - "LEVEL4_CACHE_LINESIZE": 0, - "IPV6": 200809, - "RAW_SOCKETS": 200809, - "_POSIX_IPV6": 200809, - "_POSIX_RAW_SOCKETS": 200809 - }, - "command": { - "ps": "ps -ef" - }, - "packages": { - "accountsservice": { - "version": "0.6.55-0ubuntu12~20.04.5", - "arch": "amd64" - }, - "adduser": { - "version": "3.118ubuntu2", - "arch": "all" - }, - "adwaita-icon-theme": { - "version": "3.36.1-2ubuntu0.20.04.2", - "arch": "all" - }, - "alsa-topology-conf": { - "version": "1.2.2-1", - "arch": "all" - }, - "alsa-ucm-conf": { - "version": "1.2.2-1ubuntu0.13", - "arch": "all" - }, - "amd64-microcode": { - "version": "3.20191218.1ubuntu1", - "arch": "amd64" - }, - "apparmor": { - "version": "2.13.3-7ubuntu5.1", - "arch": "amd64" - }, - "apport": { - "version": "2.20.11-0ubuntu27.23", - "arch": "all" - }, - "apport-symptoms": { - "version": "0.23", - "arch": "all" - }, - "apt": { - "version": "2.0.6", - "arch": "amd64" - }, - "apt-transport-https": { - "version": "2.0.8", - "arch": "all" - }, - "apt-utils": { - "version": "2.0.6", - "arch": "amd64" - }, - "at": { - "version": "3.1.23-1ubuntu1", - "arch": "amd64" - }, - "at-spi2-core": { - "version": "2.36.0-2", - "arch": "amd64" - }, - "base-files": { - "version": "11ubuntu5.5", - "arch": "amd64" - }, - "base-passwd": { - "version": "3.5.47", - "arch": "amd64" - }, - "bash": { - "version": "5.0-6ubuntu1.1", - "arch": "amd64" - }, - "bash-completion": { - "version": "1:2.10-1ubuntu1", - "arch": "all" - }, - "bc": { - "version": "1.07.1-2build1", - "arch": "amd64" - }, - "bcache-tools": { - "version": "1.0.8-3ubuntu0.1", - "arch": "amd64" - }, - "bind9-dnsutils": { - "version": "1:9.16.1-0ubuntu2.10", - "arch": "amd64" - }, - "bind9-host": { - "version": "1:9.16.1-0ubuntu2.10", - "arch": "amd64" - }, - "bind9-libs": { - "version": "1:9.16.1-0ubuntu2.10", - "arch": "amd64" - }, - "binutils": { - "version": "2.34-6ubuntu1.3", - "arch": "amd64" - }, - "binutils-common": { - "version": "2.34-6ubuntu1.3", - "arch": "amd64" - }, - "binutils-x86-64-linux-gnu": { - "version": "2.34-6ubuntu1.3", - "arch": "amd64" - }, - "bolt": { - "version": "0.9.1-2~ubuntu20.04.1", - "arch": "amd64" - }, - "bsd-mailx": { - "version": "8.1.2-0.20180807cvs-1", - "arch": "amd64" - }, - "bsdmainutils": { - "version": "11.1.2ubuntu3", - "arch": "amd64" - }, - "bsdutils": { - "version": "1:2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "btrfs-progs": { - "version": "5.4.1-2", - "arch": "amd64" - }, - "build-essential": { - "version": "12.8ubuntu1.1", - "arch": "amd64" - }, - "busybox-initramfs": { - "version": "1:1.30.1-4ubuntu6.4", - "arch": "amd64" - }, - "busybox-static": { - "version": "1:1.30.1-4ubuntu6.4", - "arch": "amd64" - }, - "byobu": { - "version": "5.133-0ubuntu1", - "arch": "all" - }, - "bzip2": { - "version": "1.0.8-2", - "arch": "amd64" - }, - "ca-certificates": { - "version": "20210119~20.04.2", - "arch": "all" - }, - "chef": { - "version": "15.13.8-1", - "arch": "amd64" - }, - "cloud-guest-utils": { - "version": "0.31-7-gd99b2d76-0ubuntu1", - "arch": "all" - }, - "cloud-initramfs-copymods": { - "version": "0.45ubuntu2", - "arch": "all" - }, - "cloud-initramfs-dyn-netconf": { - "version": "0.45ubuntu2", - "arch": "all" - }, - "command-not-found": { - "version": "20.04.6", - "arch": "all" - }, - "console-setup": { - "version": "1.194ubuntu3", - "arch": "all" - }, - "console-setup-linux": { - "version": "1.194ubuntu3", - "arch": "all" - }, - "coreutils": { - "version": "8.30-3ubuntu2", - "arch": "amd64" - }, - "cpio": { - "version": "2.13+dfsg-2ubuntu0.3", - "arch": "amd64" - }, - "cpp": { - "version": "4:9.3.0-1ubuntu2", - "arch": "amd64" - }, - "cpp-9": { - "version": "9.4.0-1ubuntu1~20.04.1", - "arch": "amd64" - }, - "crda": { - "version": "3.18-1build1", - "arch": "amd64" - }, - "cron": { - "version": "3.0pl1-136ubuntu1", - "arch": "amd64" - }, - "cryptsetup": { - "version": "2:2.2.2-3ubuntu2.4", - "arch": "amd64" - }, - "cryptsetup-bin": { - "version": "2:2.2.2-3ubuntu2.4", - "arch": "amd64" - }, - "cryptsetup-initramfs": { - "version": "2:2.2.2-3ubuntu2.4", - "arch": "all" - }, - "cryptsetup-run": { - "version": "2:2.2.2-3ubuntu2.4", - "arch": "all" - }, - "curl": { - "version": "7.68.0-1ubuntu2.11", - "arch": "amd64" - }, - "dash": { - "version": "0.5.10.2-6", - "arch": "amd64" - }, - "dbus": { - "version": "1.12.16-2ubuntu2.1", - "arch": "amd64" - }, - "dbus-user-session": { - "version": "1.12.16-2ubuntu2.1", - "arch": "amd64" - }, - "dconf-gsettings-backend": { - "version": "0.36.0-1", - "arch": "amd64" - }, - "dconf-service": { - "version": "0.36.0-1", - "arch": "amd64" - }, - "dctrl-tools": { - "version": "2.24-3", - "arch": "amd64" - }, - "debconf": { - "version": "1.5.73", - "arch": "all" - }, - "debconf-i18n": { - "version": "1.5.73", - "arch": "all" - }, - "debianutils": { - "version": "4.9.1", - "arch": "amd64" - }, - "diffutils": { - "version": "1:3.7-3", - "arch": "amd64" - }, - "dirmngr": { - "version": "2.2.19-3ubuntu2.1", - "arch": "amd64" - }, - "distro-info": { - "version": "0.23ubuntu1", - "arch": "amd64" - }, - "distro-info-data": { - "version": "0.43ubuntu1.9", - "arch": "all" - }, - "dkms": { - "version": "2.8.1-5ubuntu2", - "arch": "all" - }, - "dmeventd": { - "version": "2:1.02.167-1ubuntu1", - "arch": "amd64" - }, - "dmidecode": { - "version": "3.2-3", - "arch": "amd64" - }, - "dmsetup": { - "version": "2:1.02.167-1ubuntu1", - "arch": "amd64" - }, - "dosfstools": { - "version": "4.1-2", - "arch": "amd64" - }, - "dpkg": { - "version": "1.19.7ubuntu3", - "arch": "amd64" - }, - "dpkg-dev": { - "version": "1.19.7ubuntu3", - "arch": "all" - }, - "e2fsprogs": { - "version": "1.45.5-2ubuntu1", - "arch": "amd64" - }, - "ed": { - "version": "1.16-1", - "arch": "amd64" - }, - "eject": { - "version": "2.1.5+deb1+cvs20081104-14", - "arch": "amd64" - }, - "ethtool": { - "version": "1:5.4-1", - "arch": "amd64" - }, - "fakeroot": { - "version": "1.24-1", - "arch": "amd64" - }, - "fdisk": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "file": { - "version": "1:5.38-4", - "arch": "amd64" - }, - "finalrd": { - "version": "6~ubuntu20.04.1", - "arch": "all" - }, - "findutils": { - "version": "4.7.0-1ubuntu1", - "arch": "amd64" - }, - "fontconfig": { - "version": "2.13.1-2ubuntu3", - "arch": "amd64" - }, - "fontconfig-config": { - "version": "2.13.1-2ubuntu3", - "arch": "all" - }, - "fonts-dejavu-core": { - "version": "2.37-1", - "arch": "all" - }, - "fonts-lato": { - "version": "2.0-2", - "arch": "all" - }, - "fonts-ubuntu-console": { - "version": "0.83-4ubuntu1", - "arch": "all" - }, - "friendly-recovery": { - "version": "0.2.41ubuntu0.20.04.1", - "arch": "all" - }, - "ftp": { - "version": "0.17-34.1", - "arch": "amd64" - }, - "fuse": { - "version": "2.9.9-3", - "arch": "amd64" - }, - "fwupd": { - "version": "1.7.5-3~20.04.1", - "arch": "amd64" - }, - "fwupd-signed": { - "version": "1.27.1ubuntu7+1.2-2~20.04.1", - "arch": "amd64" - }, - "g++": { - "version": "4:9.3.0-1ubuntu2", - "arch": "amd64" - }, - "g++-9": { - "version": "9.4.0-1ubuntu1~20.04.1", - "arch": "amd64" - }, - "gawk": { - "version": "1:5.0.1+dfsg-1", - "arch": "amd64" - }, - "gcc": { - "version": "4:9.3.0-1ubuntu2", - "arch": "amd64" - }, - "gcc-10-base": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "gcc-9": { - "version": "9.4.0-1ubuntu1~20.04.1", - "arch": "amd64" - }, - "gcc-9-base": { - "version": "9.4.0-1ubuntu1~20.04.1", - "arch": "amd64" - }, - "gdisk": { - "version": "1.0.5-1", - "arch": "amd64" - }, - "gettext-base": { - "version": "0.19.8.1-10build1", - "arch": "amd64" - }, - "gir1.2-glib-2.0": { - "version": "1.64.1-1~ubuntu20.04.1", - "arch": "amd64" - }, - "gir1.2-packagekitglib-1.0": { - "version": "1.1.13-2ubuntu1.1", - "arch": "amd64" - }, - "git": { - "version": "1:2.25.1-1ubuntu3.3", - "arch": "amd64" - }, - "git-man": { - "version": "1:2.25.1-1ubuntu3.3", - "arch": "all" - }, - "glib-networking": { - "version": "2.64.2-1ubuntu0.1", - "arch": "amd64" - }, - "glib-networking-common": { - "version": "2.64.2-1ubuntu0.1", - "arch": "all" - }, - "glib-networking-services": { - "version": "2.64.2-1ubuntu0.1", - "arch": "amd64" - }, - "gnupg": { - "version": "2.2.19-3ubuntu2.1", - "arch": "all" - }, - "gnupg-l10n": { - "version": "2.2.19-3ubuntu2.1", - "arch": "all" - }, - "gnupg-utils": { - "version": "2.2.19-3ubuntu2.1", - "arch": "amd64" - }, - "gpg": { - "version": "2.2.19-3ubuntu2.1", - "arch": "amd64" - }, - "gpg-agent": { - "version": "2.2.19-3ubuntu2.1", - "arch": "amd64" - }, - "gpg-wks-client": { - "version": "2.2.19-3ubuntu2.1", - "arch": "amd64" - }, - "gpg-wks-server": { - "version": "2.2.19-3ubuntu2.1", - "arch": "amd64" - }, - "gpgconf": { - "version": "2.2.19-3ubuntu2.1", - "arch": "amd64" - }, - "gpgsm": { - "version": "2.2.19-3ubuntu2.1", - "arch": "amd64" - }, - "gpgv": { - "version": "2.2.19-3ubuntu2.1", - "arch": "amd64" - }, - "grep": { - "version": "3.4-1", - "arch": "amd64" - }, - "groff-base": { - "version": "1.22.4-4build1", - "arch": "amd64" - }, - "grub-common": { - "version": "2.04-1ubuntu26.15", - "arch": "amd64" - }, - "grub-gfxpayload-lists": { - "version": "0.7", - "arch": "amd64" - }, - "grub-pc": { - "version": "2.04-1ubuntu26.15", - "arch": "amd64" - }, - "grub-pc-bin": { - "version": "2.04-1ubuntu26.15", - "arch": "amd64" - }, - "grub2-common": { - "version": "2.04-1ubuntu26.15", - "arch": "amd64" - }, - "gsettings-desktop-schemas": { - "version": "3.36.0-1ubuntu1", - "arch": "all" - }, - "gtk-update-icon-cache": { - "version": "3.24.20-0ubuntu1.1", - "arch": "amd64" - }, - "guile-2.2-libs": { - "version": "2.2.7+1-4", - "arch": "amd64" - }, - "gzip": { - "version": "1.10-0ubuntu4.1", - "arch": "amd64" - }, - "haveged": { - "version": "1.9.1-6ubuntu1", - "arch": "amd64" - }, - "hdparm": { - "version": "9.58+ds-4", - "arch": "amd64" - }, - "hicolor-icon-theme": { - "version": "0.17-2", - "arch": "all" - }, - "hostname": { - "version": "3.23", - "arch": "amd64" - }, - "htop": { - "version": "2.2.0-2build1", - "arch": "amd64" - }, - "humanity-icon-theme": { - "version": "0.6.15", - "arch": "all" - }, - "ifplugd": { - "version": "0.28-19.4", - "arch": "amd64" - }, - "ifupdown": { - "version": "0.8.35ubuntu1", - "arch": "amd64" - }, - "info": { - "version": "6.7.0.dfsg.2-5", - "arch": "amd64" - }, - "init": { - "version": "1.57", - "arch": "amd64" - }, - "init-system-helpers": { - "version": "1.57", - "arch": "all" - }, - "initramfs-tools": { - "version": "0.136ubuntu6.7", - "arch": "all" - }, - "initramfs-tools-bin": { - "version": "0.136ubuntu6.7", - "arch": "amd64" - }, - "initramfs-tools-core": { - "version": "0.136ubuntu6.7", - "arch": "all" - }, - "install-info": { - "version": "6.7.0.dfsg.2-5", - "arch": "amd64" - }, - "installation-report": { - "version": "2.62ubuntu1", - "arch": "all" - }, - "intel-microcode": { - "version": "3.20210608.0ubuntu0.20.04.1", - "arch": "amd64" - }, - "iproute2": { - "version": "5.5.0-1ubuntu1", - "arch": "amd64" - }, - "iptables": { - "version": "1.8.4-3ubuntu2", - "arch": "amd64" - }, - "iputils-ping": { - "version": "3:20190709-3", - "arch": "amd64" - }, - "iputils-tracepath": { - "version": "3:20190709-3", - "arch": "amd64" - }, - "irqbalance": { - "version": "1.6.0-3ubuntu1", - "arch": "amd64" - }, - "isc-dhcp-client": { - "version": "4.4.1-2.1ubuntu5.20.04.2", - "arch": "amd64" - }, - "isc-dhcp-common": { - "version": "4.4.1-2.1ubuntu5.20.04.2", - "arch": "amd64" - }, - "iso-codes": { - "version": "4.4-1", - "arch": "all" - }, - "iucode-tool": { - "version": "2.3.1-1", - "arch": "amd64" - }, - "iw": { - "version": "5.4-1", - "arch": "amd64" - }, - "javascript-common": { - "version": "11", - "arch": "all" - }, - "jq": { - "version": "1.6-1ubuntu0.20.04.1", - "arch": "amd64" - }, - "kbd": { - "version": "2.0.4-4ubuntu2", - "arch": "amd64" - }, - "keyboard-configuration": { - "version": "1.194ubuntu3", - "arch": "all" - }, - "klibc-utils": { - "version": "2.0.7-1ubuntu5.1", - "arch": "amd64" - }, - "kmod": { - "version": "27-1ubuntu2", - "arch": "amd64" - }, - "kpartx": { - "version": "0.8.3-1ubuntu2", - "arch": "amd64" - }, - "krb5-locales": { - "version": "1.17-6ubuntu4.1", - "arch": "all" - }, - "landscape-common": { - "version": "19.12-0ubuntu4.3", - "arch": "amd64" - }, - "language-pack-en": { - "version": "1:20.04+20220211", - "arch": "all" - }, - "language-pack-en-base": { - "version": "1:20.04+20220211", - "arch": "all" - }, - "language-pack-gnome-en": { - "version": "1:20.04+20220211", - "arch": "all" - }, - "language-pack-gnome-en-base": { - "version": "1:20.04+20220211", - "arch": "all" - }, - "language-selector-common": { - "version": "0.204.2", - "arch": "all" - }, - "laptop-detect": { - "version": "0.16", - "arch": "all" - }, - "less": { - "version": "551-1ubuntu0.1", - "arch": "amd64" - }, - "libaccountsservice0": { - "version": "0.6.55-0ubuntu12~20.04.5", - "arch": "amd64" - }, - "libacl1": { - "version": "2.2.53-6", - "arch": "amd64" - }, - "libaio1": { - "version": "0.3.112-5", - "arch": "amd64" - }, - "libalgorithm-diff-perl": { - "version": "1.19.03-2", - "arch": "all" - }, - "libalgorithm-diff-xs-perl": { - "version": "0.04-6", - "arch": "amd64" - }, - "libalgorithm-merge-perl": { - "version": "0.08-3", - "arch": "all" - }, - "libapparmor1": { - "version": "2.13.3-7ubuntu5.1", - "arch": "amd64" - }, - "libappstream4": { - "version": "0.12.10-2", - "arch": "amd64" - }, - "libapt-pkg6.0": { - "version": "2.0.6", - "arch": "amd64" - }, - "libarchive13": { - "version": "3.4.0-2ubuntu1.2", - "arch": "amd64" - }, - "libargon2-1": { - "version": "0~20171227-0.2", - "arch": "amd64" - }, - "libasan5": { - "version": "9.4.0-1ubuntu1~20.04.1", - "arch": "amd64" - }, - "libasn1-8-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1", - "arch": "amd64" - }, - "libasound2": { - "version": "1.2.2-2.1ubuntu2.5", - "arch": "amd64" - }, - "libasound2-data": { - "version": "1.2.2-2.1ubuntu2.5", - "arch": "all" - }, - "libassuan0": { - "version": "2.5.3-7ubuntu2", - "arch": "amd64" - }, - "libatasmart4": { - "version": "0.19-5", - "arch": "amd64" - }, - "libatk-bridge2.0-0": { - "version": "2.34.2-0ubuntu2~20.04.1", - "arch": "amd64" - }, - "libatk1.0-0": { - "version": "2.35.1-1ubuntu2", - "arch": "amd64" - }, - "libatk1.0-data": { - "version": "2.35.1-1ubuntu2", - "arch": "all" - }, - "libatm1": { - "version": "1:2.5.1-4", - "arch": "amd64" - }, - "libatomic1": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libatspi2.0-0": { - "version": "2.36.0-2", - "arch": "amd64" - }, - "libattr1": { - "version": "1:2.4.48-5", - "arch": "amd64" - }, - "libaudit-common": { - "version": "1:2.8.5-2ubuntu6", - "arch": "all" - }, - "libaudit1": { - "version": "1:2.8.5-2ubuntu6", - "arch": "amd64" - }, - "libavahi-client3": { - "version": "0.7-4ubuntu7.1", - "arch": "amd64" - }, - "libavahi-common-data": { - "version": "0.7-4ubuntu7.1", - "arch": "amd64" - }, - "libavahi-common3": { - "version": "0.7-4ubuntu7.1", - "arch": "amd64" - }, - "libbinutils": { - "version": "2.34-6ubuntu1.3", - "arch": "amd64" - }, - "libblkid1": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "libblockdev-crypto2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libblockdev-fs2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libblockdev-loop2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libblockdev-part-err2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libblockdev-part2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libblockdev-swap2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libblockdev-utils2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libblockdev2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libbrotli1": { - "version": "1.0.7-6ubuntu0.1", - "arch": "amd64" - }, - "libbsd0": { - "version": "0.10.0-1", - "arch": "amd64" - }, - "libbz2-1.0": { - "version": "1.0.8-2", - "arch": "amd64" - }, - "libc-bin": { - "version": "2.31-0ubuntu9.7", - "arch": "amd64" - }, - "libc-dev-bin": { - "version": "2.31-0ubuntu9.9", - "arch": "amd64" - }, - "libc6": { - "version": "2.31-0ubuntu9.9", - "arch": "amd64" - }, - "libc6-dev": { - "version": "2.31-0ubuntu9.9", - "arch": "amd64" - }, - "libcairo-gobject2": { - "version": "1.16.0-4ubuntu1", - "arch": "amd64" - }, - "libcairo2": { - "version": "1.16.0-4ubuntu1", - "arch": "amd64" - }, - "libcanberra0": { - "version": "0.30-7ubuntu1", - "arch": "amd64" - }, - "libcap-ng0": { - "version": "0.7.9-2.1build1", - "arch": "amd64" - }, - "libcap2": { - "version": "1:2.32-1", - "arch": "amd64" - }, - "libcap2-bin": { - "version": "1:2.32-1", - "arch": "amd64" - }, - "libcbor0.6": { - "version": "0.6.0-0ubuntu1", - "arch": "amd64" - }, - "libcc1-0": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libcolord2": { - "version": "1.4.4-2", - "arch": "amd64" - }, - "libcom-err2": { - "version": "1.45.5-2ubuntu1", - "arch": "amd64" - }, - "libcrypt-dev": { - "version": "1:4.4.10-10ubuntu4", - "arch": "amd64" - }, - "libcrypt1": { - "version": "1:4.4.10-10ubuntu4", - "arch": "amd64" - }, - "libcryptsetup12": { - "version": "2:2.2.2-3ubuntu2.4", - "arch": "amd64" - }, - "libctf-nobfd0": { - "version": "2.34-6ubuntu1.3", - "arch": "amd64" - }, - "libctf0": { - "version": "2.34-6ubuntu1.3", - "arch": "amd64" - }, - "libcups2": { - "version": "2.3.1-9ubuntu1.1", - "arch": "amd64" - }, - "libcurl3-gnutls": { - "version": "7.68.0-1ubuntu2.7", - "arch": "amd64" - }, - "libcurl4": { - "version": "7.68.0-1ubuntu2.11", - "arch": "amd64" - }, - "libdaemon0": { - "version": "0.14-7", - "arch": "amd64" - }, - "libdatrie1": { - "version": "0.2.12-3", - "arch": "amd64" - }, - "libdb5.3": { - "version": "5.3.28+dfsg1-0.6ubuntu2", - "arch": "amd64" - }, - "libdbus-1-3": { - "version": "1.12.16-2ubuntu2.1", - "arch": "amd64" - }, - "libdconf1": { - "version": "0.36.0-1", - "arch": "amd64" - }, - "libdebconfclient0": { - "version": "0.251ubuntu1", - "arch": "amd64" - }, - "libdevmapper-event1.02.1": { - "version": "2:1.02.167-1ubuntu1", - "arch": "amd64" - }, - "libdevmapper1.02.1": { - "version": "2:1.02.167-1ubuntu1", - "arch": "amd64" - }, - "libdns-export1109": { - "version": "1:9.11.16+dfsg-3~ubuntu1", - "arch": "amd64" - }, - "libdouble-conversion3": { - "version": "3.1.5-4ubuntu1", - "arch": "amd64" - }, - "libdpkg-perl": { - "version": "1.19.7ubuntu3", - "arch": "all" - }, - "libdrm-amdgpu1": { - "version": "2.4.107-8ubuntu1~20.04.2", - "arch": "amd64" - }, - "libdrm-common": { - "version": "2.4.107-8ubuntu1~20.04.2", - "arch": "all" - }, - "libdrm-intel1": { - "version": "2.4.107-8ubuntu1~20.04.2", - "arch": "amd64" - }, - "libdrm-nouveau2": { - "version": "2.4.107-8ubuntu1~20.04.2", - "arch": "amd64" - }, - "libdrm-radeon1": { - "version": "2.4.107-8ubuntu1~20.04.2", - "arch": "amd64" - }, - "libdrm2": { - "version": "2.4.107-8ubuntu1~20.04.2", - "arch": "amd64" - }, - "libdw1": { - "version": "0.176-1.1build1", - "arch": "amd64" - }, - "libedit2": { - "version": "3.1-20191231-1", - "arch": "amd64" - }, - "libefiboot1": { - "version": "37-2ubuntu2.2", - "arch": "amd64" - }, - "libefivar1": { - "version": "37-2ubuntu2.2", - "arch": "amd64" - }, - "libegl-mesa0": { - "version": "21.2.6-0ubuntu0.1~20.04.2", - "arch": "amd64" - }, - "libegl1": { - "version": "1.3.2-1~ubuntu0.20.04.2", - "arch": "amd64" - }, - "libelf1": { - "version": "0.176-1.1build1", - "arch": "amd64" - }, - "libepoxy0": { - "version": "1.5.4-1", - "arch": "amd64" - }, - "liberror-perl": { - "version": "0.17029-1", - "arch": "all" - }, - "libestr0": { - "version": "0.1.10-2.1", - "arch": "amd64" - }, - "libevdev2": { - "version": "1.9.0+dfsg-1ubuntu0.2", - "arch": "amd64" - }, - "libevent-2.1-7": { - "version": "2.1.11-stable-1", - "arch": "amd64" - }, - "libevent-core-2.1-7": { - "version": "2.1.11-stable-1", - "arch": "amd64" - }, - "libevent-pthreads-2.1-7": { - "version": "2.1.11-stable-1", - "arch": "amd64" - }, - "libexpat1": { - "version": "2.2.9-1ubuntu0.4", - "arch": "amd64" - }, - "libexpat1-dev": { - "version": "2.2.9-1ubuntu0.4", - "arch": "amd64" - }, - "libext2fs2": { - "version": "1.45.5-2ubuntu1", - "arch": "amd64" - }, - "libfakeroot": { - "version": "1.24-1", - "arch": "amd64" - }, - "libfastjson4": { - "version": "0.99.8-2", - "arch": "amd64" - }, - "libfdisk1": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "libffi7": { - "version": "3.3-4", - "arch": "amd64" - }, - "libfido2-1": { - "version": "1.3.1-1ubuntu2", - "arch": "amd64" - }, - "libfile-fcntllock-perl": { - "version": "0.22-3build4", - "arch": "amd64" - }, - "libfl2": { - "version": "2.6.4-6.2", - "arch": "amd64" - }, - "libfontconfig1": { - "version": "2.13.1-2ubuntu3", - "arch": "amd64" - }, - "libfreetype6": { - "version": "2.10.1-2ubuntu0.1", - "arch": "amd64" - }, - "libfribidi0": { - "version": "1.0.8-2ubuntu0.1", - "arch": "amd64" - }, - "libfuse2": { - "version": "2.9.9-3", - "arch": "amd64" - }, - "libfwupd2": { - "version": "1.7.5-3~20.04.1", - "arch": "amd64" - }, - "libfwupdplugin1": { - "version": "1.5.11-0ubuntu1~20.04.2", - "arch": "amd64" - }, - "libfwupdplugin5": { - "version": "1.7.5-3~20.04.1", - "arch": "amd64" - }, - "libgbm1": { - "version": "21.2.6-0ubuntu0.1~20.04.2", - "arch": "amd64" - }, - "libgc1c2": { - "version": "1:7.6.4-0.4ubuntu1", - "arch": "amd64" - }, - "libgcab-1.0-0": { - "version": "1.4-1", - "arch": "amd64" - }, - "libgcc-9-dev": { - "version": "9.4.0-1ubuntu1~20.04.1", - "arch": "amd64" - }, - "libgcc-s1": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libgcrypt20": { - "version": "1.8.5-5ubuntu1.1", - "arch": "amd64" - }, - "libgdbm-compat4": { - "version": "1.18.1-5", - "arch": "amd64" - }, - "libgdbm6": { - "version": "1.18.1-5", - "arch": "amd64" - }, - "libgdk-pixbuf2.0-0": { - "version": "2.40.0+dfsg-3ubuntu0.2", - "arch": "amd64" - }, - "libgdk-pixbuf2.0-bin": { - "version": "2.40.0+dfsg-3ubuntu0.2", - "arch": "amd64" - }, - "libgdk-pixbuf2.0-common": { - "version": "2.40.0+dfsg-3ubuntu0.2", - "arch": "all" - }, - "libgirepository-1.0-1": { - "version": "1.64.1-1~ubuntu20.04.1", - "arch": "amd64" - }, - "libgl1": { - "version": "1.3.2-1~ubuntu0.20.04.2", - "arch": "amd64" - }, - "libgl1-mesa-dri": { - "version": "21.2.6-0ubuntu0.1~20.04.2", - "arch": "amd64" - }, - "libglapi-mesa": { - "version": "21.2.6-0ubuntu0.1~20.04.2", - "arch": "amd64" - }, - "libglib2.0-0": { - "version": "2.64.6-1~ubuntu20.04.4", - "arch": "amd64" - }, - "libglib2.0-bin": { - "version": "2.64.6-1~ubuntu20.04.4", - "arch": "amd64" - }, - "libglib2.0-data": { - "version": "2.64.6-1~ubuntu20.04.4", - "arch": "all" - }, - "libglvnd0": { - "version": "1.3.2-1~ubuntu0.20.04.2", - "arch": "amd64" - }, - "libglx-mesa0": { - "version": "21.2.6-0ubuntu0.1~20.04.2", - "arch": "amd64" - }, - "libglx0": { - "version": "1.3.2-1~ubuntu0.20.04.2", - "arch": "amd64" - }, - "libgmp-dev": { - "version": "2:6.2.0+dfsg-4", - "arch": "amd64" - }, - "libgmp10": { - "version": "2:6.2.0+dfsg-4", - "arch": "amd64" - }, - "libgmpxx4ldbl": { - "version": "2:6.2.0+dfsg-4", - "arch": "amd64" - }, - "libgnutls30": { - "version": "3.6.13-2ubuntu1.6", - "arch": "amd64" - }, - "libgomp1": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libgpg-error0": { - "version": "1.37-1", - "arch": "amd64" - }, - "libgpgme11": { - "version": "1.13.1-7ubuntu2", - "arch": "amd64" - }, - "libgpm2": { - "version": "1.20.7-5", - "arch": "amd64" - }, - "libgraphite2-3": { - "version": "1.3.13-11build1", - "arch": "amd64" - }, - "libgsasl7": { - "version": "1.8.1-1", - "arch": "amd64" - }, - "libgssapi-krb5-2": { - "version": "1.17-6ubuntu4.1", - "arch": "amd64" - }, - "libgssapi3-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1", - "arch": "amd64" - }, - "libgstreamer1.0-0": { - "version": "1.16.2-2", - "arch": "amd64" - }, - "libgtk-3-0": { - "version": "3.24.20-0ubuntu1.1", - "arch": "amd64" - }, - "libgtk-3-bin": { - "version": "3.24.20-0ubuntu1.1", - "arch": "amd64" - }, - "libgtk-3-common": { - "version": "3.24.20-0ubuntu1.1", - "arch": "all" - }, - "libgudev-1.0-0": { - "version": "1:233-1", - "arch": "amd64" - }, - "libgusb2": { - "version": "0.3.4-0.1", - "arch": "amd64" - }, - "libharfbuzz0b": { - "version": "2.6.4-1ubuntu4", - "arch": "amd64" - }, - "libhavege1": { - "version": "1.9.1-6ubuntu1", - "arch": "amd64" - }, - "libhcrypto4-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1", - "arch": "amd64" - }, - "libheimbase1-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1", - "arch": "amd64" - }, - "libheimntlm0-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1", - "arch": "amd64" - }, - "libhogweed5": { - "version": "3.5.1+really3.5.1-2ubuntu0.2", - "arch": "amd64" - }, - "libhx509-5-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1", - "arch": "amd64" - }, - "libice6": { - "version": "2:1.0.10-0ubuntu1", - "arch": "amd64" - }, - "libicu66": { - "version": "66.1-2ubuntu2.1", - "arch": "amd64" - }, - "libidn11": { - "version": "1.33-2.2ubuntu2", - "arch": "amd64" - }, - "libidn2-0": { - "version": "2.2.0-2", - "arch": "amd64" - }, - "libinput-bin": { - "version": "1.15.5-1ubuntu0.3", - "arch": "amd64" - }, - "libinput10": { - "version": "1.15.5-1ubuntu0.3", - "arch": "amd64" - }, - "libip4tc2": { - "version": "1.8.4-3ubuntu2", - "arch": "amd64" - }, - "libip6tc2": { - "version": "1.8.4-3ubuntu2", - "arch": "amd64" - }, - "libisc-export1105": { - "version": "1:9.11.16+dfsg-3~ubuntu1", - "arch": "amd64" - }, - "libisl22": { - "version": "0.22.1-1", - "arch": "amd64" - }, - "libisns0": { - "version": "0.97-3", - "arch": "amd64" - }, - "libitm1": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libjbig0": { - "version": "2.1-3.1build1", - "arch": "amd64" - }, - "libjcat1": { - "version": "0.1.4-0ubuntu0.20.04.1", - "arch": "amd64" - }, - "libjpeg-turbo8": { - "version": "2.0.3-0ubuntu1.20.04.1", - "arch": "amd64" - }, - "libjpeg8": { - "version": "8c-2ubuntu8", - "arch": "amd64" - }, - "libjq1": { - "version": "1.6-1ubuntu0.20.04.1", - "arch": "amd64" - }, - "libjs-jquery": { - "version": "3.3.1~dfsg-3", - "arch": "all" - }, - "libjson-c4": { - "version": "0.13.1+dfsg-7ubuntu0.3", - "arch": "amd64" - }, - "libjson-glib-1.0-0": { - "version": "1.4.4-2ubuntu2", - "arch": "amd64" - }, - "libjson-glib-1.0-common": { - "version": "1.4.4-2ubuntu2", - "arch": "all" - }, - "libk5crypto3": { - "version": "1.17-6ubuntu4.1", - "arch": "amd64" - }, - "libkeyutils1": { - "version": "1.6-6ubuntu1", - "arch": "amd64" - }, - "libklibc": { - "version": "2.0.7-1ubuntu5.1", - "arch": "amd64" - }, - "libkmod2": { - "version": "27-1ubuntu2", - "arch": "amd64" - }, - "libkrb5-26-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1", - "arch": "amd64" - }, - "libkrb5-3": { - "version": "1.17-6ubuntu4.1", - "arch": "amd64" - }, - "libkrb5support0": { - "version": "1.17-6ubuntu4.1", - "arch": "amd64" - }, - "libksba8": { - "version": "1.3.5-2", - "arch": "amd64" - }, - "libkyotocabinet16v5": { - "version": "1.2.76-4.2build1", - "arch": "amd64" - }, - "liblcms2-2": { - "version": "2.9-4", - "arch": "amd64" - }, - "libldap-2.4-2": { - "version": "2.4.49+dfsg-2ubuntu1.8", - "arch": "amd64" - }, - "libldap-common": { - "version": "2.4.49+dfsg-2ubuntu1.8", - "arch": "all" - }, - "libllvm12": { - "version": "1:12.0.0-3ubuntu1~20.04.5", - "arch": "amd64" - }, - "liblmdb0": { - "version": "0.9.24-1", - "arch": "amd64" - }, - "liblocale-gettext-perl": { - "version": "1.07-4", - "arch": "amd64" - }, - "liblockfile-bin": { - "version": "1.16-1.1", - "arch": "amd64" - }, - "liblockfile1": { - "version": "1.16-1.1", - "arch": "amd64" - }, - "liblsan0": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libltdl7": { - "version": "2.4.6-14", - "arch": "amd64" - }, - "liblua5.2-0": { - "version": "5.2.4-1.1build3", - "arch": "amd64" - }, - "liblvm2cmd2.03": { - "version": "2.03.07-1ubuntu1", - "arch": "amd64" - }, - "liblz4-1": { - "version": "1.9.2-2ubuntu0.20.04.1", - "arch": "amd64" - }, - "liblzma5": { - "version": "5.2.4-1ubuntu1.1", - "arch": "amd64" - }, - "liblzo2-2": { - "version": "2.10-2", - "arch": "amd64" - }, - "libmagic-mgc": { - "version": "1:5.38-4", - "arch": "amd64" - }, - "libmagic1": { - "version": "1:5.38-4", - "arch": "amd64" - }, - "libmailutils6": { - "version": "1:3.7-2.1", - "arch": "amd64" - }, - "libmaxminddb0": { - "version": "1.4.2-0ubuntu1.20.04.1", - "arch": "amd64" - }, - "libmbim-glib4": { - "version": "1.24.8-1~20.04", - "arch": "amd64" - }, - "libmbim-proxy": { - "version": "1.24.8-1~20.04", - "arch": "amd64" - }, - "libmm-glib0": { - "version": "1.16.6-2~20.04.1", - "arch": "amd64" - }, - "libmnl0": { - "version": "1.0.4-2", - "arch": "amd64" - }, - "libmount1": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "libmpc3": { - "version": "1.1.0-1", - "arch": "amd64" - }, - "libmpdec2": { - "version": "2.4.2-3", - "arch": "amd64" - }, - "libmpfr6": { - "version": "4.0.2-1", - "arch": "amd64" - }, - "libmspack0": { - "version": "0.10.1-2", - "arch": "amd64" - }, - "libmtdev1": { - "version": "1.1.5-1.1", - "arch": "amd64" - }, - "libmysqlclient21": { - "version": "8.0.29-0ubuntu0.20.04.3", - "arch": "amd64" - }, - "libncurses6": { - "version": "6.2-0ubuntu2", - "arch": "amd64" - }, - "libncursesw6": { - "version": "6.2-0ubuntu2", - "arch": "amd64" - }, - "libnetfilter-conntrack3": { - "version": "1.0.7-2", - "arch": "amd64" - }, - "libnetplan0": { - "version": "0.104-0ubuntu2~20.04.1", - "arch": "amd64" - }, - "libnettle7": { - "version": "3.5.1+really3.5.1-2ubuntu0.2", - "arch": "amd64" - }, - "libnewt0.52": { - "version": "0.52.21-4ubuntu2", - "arch": "amd64" - }, - "libnfnetlink0": { - "version": "1.0.1-3build1", - "arch": "amd64" - }, - "libnftnl11": { - "version": "1.1.5-1", - "arch": "amd64" - }, - "libnghttp2-14": { - "version": "1.40.0-1build1", - "arch": "amd64" - }, - "libnl-3-200": { - "version": "3.4.0-1", - "arch": "amd64" - }, - "libnl-genl-3-200": { - "version": "3.4.0-1", - "arch": "amd64" - }, - "libnpth0": { - "version": "1.6-1", - "arch": "amd64" - }, - "libnspr4": { - "version": "2:4.25-1", - "arch": "amd64" - }, - "libnss-systemd": { - "version": "245.4-4ubuntu3.17", - "arch": "amd64" - }, - "libnss3": { - "version": "2:3.49.1-1ubuntu1.6", - "arch": "amd64" - }, - "libntfs-3g883": { - "version": "1:2017.3.23AR.3-3ubuntu1.1", - "arch": "amd64" - }, - "libntlm0": { - "version": "1.5-2ubuntu0.1", - "arch": "amd64" - }, - "libnuma1": { - "version": "2.0.12-1", - "arch": "amd64" - }, - "libogg0": { - "version": "1.3.4-0ubuntu1", - "arch": "amd64" - }, - "libonig5": { - "version": "6.9.4-1", - "arch": "amd64" - }, - "libopts25": { - "version": "1:5.18.16-3", - "arch": "amd64" - }, - "libp11-kit0": { - "version": "0.23.20-1ubuntu0.1", - "arch": "amd64" - }, - "libpackagekit-glib2-18": { - "version": "1.1.13-2ubuntu1.1", - "arch": "amd64" - }, - "libpam-cap": { - "version": "1:2.32-1", - "arch": "amd64" - }, - "libpam-modules": { - "version": "1.3.1-5ubuntu4.3", - "arch": "amd64" - }, - "libpam-modules-bin": { - "version": "1.3.1-5ubuntu4.3", - "arch": "amd64" - }, - "libpam-runtime": { - "version": "1.3.1-5ubuntu4.3", - "arch": "all" - }, - "libpam-systemd": { - "version": "245.4-4ubuntu3.17", - "arch": "amd64" - }, - "libpam0g": { - "version": "1.3.1-5ubuntu4.3", - "arch": "amd64" - }, - "libpango-1.0-0": { - "version": "1.44.7-2ubuntu4", - "arch": "amd64" - }, - "libpangocairo-1.0-0": { - "version": "1.44.7-2ubuntu4", - "arch": "amd64" - }, - "libpangoft2-1.0-0": { - "version": "1.44.7-2ubuntu4", - "arch": "amd64" - }, - "libparted-fs-resize0": { - "version": "3.3-4ubuntu0.20.04.1", - "arch": "amd64" - }, - "libparted2": { - "version": "3.3-4ubuntu0.20.04.1", - "arch": "amd64" - }, - "libpcap0.8": { - "version": "1.9.1-3", - "arch": "amd64" - }, - "libpci3": { - "version": "1:3.6.4-1ubuntu0.20.04.1", - "arch": "amd64" - }, - "libpciaccess0": { - "version": "0.16-0ubuntu1", - "arch": "amd64" - }, - "libpcre2-16-0": { - "version": "10.34-7", - "arch": "amd64" - }, - "libpcre2-8-0": { - "version": "10.34-7", - "arch": "amd64" - }, - "libpcre3": { - "version": "2:8.39-12build1", - "arch": "amd64" - }, - "libperl5.30": { - "version": "5.30.0-9ubuntu0.2", - "arch": "amd64" - }, - "libpipeline1": { - "version": "1.5.2-2build1", - "arch": "amd64" - }, - "libpixman-1-0": { - "version": "0.38.4-0ubuntu1", - "arch": "amd64" - }, - "libplymouth5": { - "version": "0.9.4git20200323-0ubuntu6.2", - "arch": "amd64" - }, - "libpng16-16": { - "version": "1.6.37-2", - "arch": "amd64" - }, - "libpolkit-agent-1-0": { - "version": "0.105-26ubuntu1.3", - "arch": "amd64" - }, - "libpolkit-gobject-1-0": { - "version": "0.105-26ubuntu1.3", - "arch": "amd64" - }, - "libpopt0": { - "version": "1.16-14", - "arch": "amd64" - }, - "libprocps8": { - "version": "2:3.3.16-1ubuntu2.3", - "arch": "amd64" - }, - "libprotobuf17": { - "version": "3.6.1.3-2ubuntu5", - "arch": "amd64" - }, - "libproxy1v5": { - "version": "0.4.15-10ubuntu1.2", - "arch": "amd64" - }, - "libpsl5": { - "version": "0.21.0-1ubuntu1", - "arch": "amd64" - }, - "libpython3-dev": { - "version": "3.8.2-0ubuntu2", - "arch": "amd64" - }, - "libpython3-stdlib": { - "version": "3.8.2-0ubuntu2", - "arch": "amd64" - }, - "libpython3.8": { - "version": "3.8.10-0ubuntu1~20.04.4", - "arch": "amd64" - }, - "libpython3.8-dev": { - "version": "3.8.10-0ubuntu1~20.04.4", - "arch": "amd64" - }, - "libpython3.8-minimal": { - "version": "3.8.10-0ubuntu1~20.04.4", - "arch": "amd64" - }, - "libpython3.8-stdlib": { - "version": "3.8.10-0ubuntu1~20.04.4", - "arch": "amd64" - }, - "libqmi-glib5": { - "version": "1.28.6-1~20.04.1", - "arch": "amd64" - }, - "libqmi-proxy": { - "version": "1.28.6-1~20.04.1", - "arch": "amd64" - }, - "libqt5core5a": { - "version": "5.12.8+dfsg-0ubuntu2.1", - "arch": "amd64" - }, - "libqt5dbus5": { - "version": "5.12.8+dfsg-0ubuntu2.1", - "arch": "amd64" - }, - "libqt5designer5": { - "version": "5.12.8-0ubuntu1", - "arch": "amd64" - }, - "libqt5gui5": { - "version": "5.12.8+dfsg-0ubuntu2.1", - "arch": "amd64" - }, - "libqt5help5": { - "version": "5.12.8-0ubuntu1", - "arch": "amd64" - }, - "libqt5network5": { - "version": "5.12.8+dfsg-0ubuntu2.1", - "arch": "amd64" - }, - "libqt5printsupport5": { - "version": "5.12.8+dfsg-0ubuntu2.1", - "arch": "amd64" - }, - "libqt5sql5": { - "version": "5.12.8+dfsg-0ubuntu2.1", - "arch": "amd64" - }, - "libqt5sql5-sqlite": { - "version": "5.12.8+dfsg-0ubuntu2.1", - "arch": "amd64" - }, - "libqt5svg5": { - "version": "5.12.8-0ubuntu1", - "arch": "amd64" - }, - "libqt5test5": { - "version": "5.12.8+dfsg-0ubuntu2.1", - "arch": "amd64" - }, - "libqt5widgets5": { - "version": "5.12.8+dfsg-0ubuntu2.1", - "arch": "amd64" - }, - "libqt5xml5": { - "version": "5.12.8+dfsg-0ubuntu2.1", - "arch": "amd64" - }, - "libquadmath0": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libreadline5": { - "version": "5.2+dfsg-3build3", - "arch": "amd64" - }, - "libreadline8": { - "version": "8.0-4", - "arch": "amd64" - }, - "librest-0.7-0": { - "version": "0.8.1-1", - "arch": "amd64" - }, - "libroken18-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1", - "arch": "amd64" - }, - "librsvg2-2": { - "version": "2.48.9-1ubuntu0.20.04.1", - "arch": "amd64" - }, - "librsvg2-common": { - "version": "2.48.9-1ubuntu0.20.04.1", - "arch": "amd64" - }, - "librtmp1": { - "version": "2.4+20151223.gitfa8646d.1-2build1", - "arch": "amd64" - }, - "libruby2.7": { - "version": "2.7.0-5ubuntu1.6", - "arch": "amd64" - }, - "libsasl2-2": { - "version": "2.1.27+dfsg-2ubuntu0.1", - "arch": "amd64" - }, - "libsasl2-modules": { - "version": "2.1.27+dfsg-2ubuntu0.1", - "arch": "amd64" - }, - "libsasl2-modules-db": { - "version": "2.1.27+dfsg-2ubuntu0.1", - "arch": "amd64" - }, - "libseccomp2": { - "version": "2.5.1-1ubuntu1~20.04.2", - "arch": "amd64" - }, - "libsecp256k1-0": { - "version": "0.1~20170810-2", - "arch": "amd64" - }, - "libsecp256k1-dev": { - "version": "0.1~20170810-2", - "arch": "amd64" - }, - "libselinux1": { - "version": "3.0-1build2", - "arch": "amd64" - }, - "libsemanage-common": { - "version": "3.0-1build2", - "arch": "all" - }, - "libsemanage1": { - "version": "3.0-1build2", - "arch": "amd64" - }, - "libsensors-config": { - "version": "1:3.6.0-2ubuntu1", - "arch": "all" - }, - "libsensors5": { - "version": "1:3.6.0-2ubuntu1", - "arch": "amd64" - }, - "libsepol1": { - "version": "3.0-1", - "arch": "amd64" - }, - "libsgutils2-2": { - "version": "1.44-1ubuntu2", - "arch": "amd64" - }, - "libsigsegv2": { - "version": "2.12-2", - "arch": "amd64" - }, - "libslang2": { - "version": "2.3.2-4", - "arch": "amd64" - }, - "libsm6": { - "version": "2:1.2.3-1", - "arch": "amd64" - }, - "libsmartcols1": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "libsmbios-c2": { - "version": "2.4.3-1", - "arch": "amd64" - }, - "libsodium23": { - "version": "1.0.18-1", - "arch": "amd64" - }, - "libsoup-gnome2.4-1": { - "version": "2.70.0-1", - "arch": "amd64" - }, - "libsoup2.4-1": { - "version": "2.70.0-1", - "arch": "amd64" - }, - "libsqlite3-0": { - "version": "3.31.1-4ubuntu0.2", - "arch": "amd64" - }, - "libss2": { - "version": "1.45.5-2ubuntu1", - "arch": "amd64" - }, - "libssh-4": { - "version": "0.9.3-2ubuntu2.2", - "arch": "amd64" - }, - "libssl1.1": { - "version": "1.1.1f-1ubuntu2.12", - "arch": "amd64" - }, - "libstdc++-9-dev": { - "version": "9.4.0-1ubuntu1~20.04.1", - "arch": "amd64" - }, - "libstdc++6": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libstemmer0d": { - "version": "0+svn585-2", - "arch": "amd64" - }, - "libsystemd0": { - "version": "245.4-4ubuntu3.17", - "arch": "amd64" - }, - "libtasn1-6": { - "version": "4.16.0-2", - "arch": "amd64" - }, - "libtcl8.6": { - "version": "8.6.10+dfsg-1", - "arch": "amd64" - }, - "libtdb1": { - "version": "1.4.3-0ubuntu0.20.04.1", - "arch": "amd64" - }, - "libtext-charwidth-perl": { - "version": "0.04-10", - "arch": "amd64" - }, - "libtext-iconv-perl": { - "version": "1.7-7", - "arch": "amd64" - }, - "libtext-wrapi18n-perl": { - "version": "0.06-9", - "arch": "all" - }, - "libthai-data": { - "version": "0.1.28-3", - "arch": "all" - }, - "libthai0": { - "version": "0.1.28-3", - "arch": "amd64" - }, - "libtiff5": { - "version": "4.1.0+git191117-2ubuntu0.20.04.3", - "arch": "amd64" - }, - "libtinfo6": { - "version": "6.2-0ubuntu2", - "arch": "amd64" - }, - "libtsan0": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libtss2-esys0": { - "version": "2.3.2-1", - "arch": "amd64" - }, - "libubsan1": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libuchardet0": { - "version": "0.0.6-3build1", - "arch": "amd64" - }, - "libudev1": { - "version": "245.4-4ubuntu3.16", - "arch": "amd64" - }, - "libudisks2-0": { - "version": "2.8.4-1ubuntu2", - "arch": "amd64" - }, - "libunistring2": { - "version": "0.9.10-2", - "arch": "amd64" - }, - "libunwind8": { - "version": "1.2.1-9build1", - "arch": "amd64" - }, - "liburcu6": { - "version": "0.11.1-2", - "arch": "amd64" - }, - "libusb-1.0-0": { - "version": "2:1.0.23-2build1", - "arch": "amd64" - }, - "libutempter0": { - "version": "1.1.6-4", - "arch": "amd64" - }, - "libuuid1": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "libuv1": { - "version": "1.34.2-1ubuntu1.3", - "arch": "amd64" - }, - "libvolume-key1": { - "version": "0.3.12-3.1", - "arch": "amd64" - }, - "libvorbis0a": { - "version": "1.3.6-2ubuntu1", - "arch": "amd64" - }, - "libvorbisfile3": { - "version": "1.3.6-2ubuntu1", - "arch": "amd64" - }, - "libvulkan1": { - "version": "1.2.131.2-1", - "arch": "amd64" - }, - "libwacom-bin": { - "version": "1.3-2ubuntu3", - "arch": "amd64" - }, - "libwacom-common": { - "version": "1.3-2ubuntu3", - "arch": "all" - }, - "libwacom2": { - "version": "1.3-2ubuntu3", - "arch": "amd64" - }, - "libwayland-client0": { - "version": "1.18.0-1", - "arch": "amd64" - }, - "libwayland-cursor0": { - "version": "1.18.0-1", - "arch": "amd64" - }, - "libwayland-egl1": { - "version": "1.18.0-1", - "arch": "amd64" - }, - "libwayland-server0": { - "version": "1.18.0-1", - "arch": "amd64" - }, - "libwebp6": { - "version": "0.6.1-2ubuntu0.20.04.1", - "arch": "amd64" - }, - "libwind0-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1", - "arch": "amd64" - }, - "libwrap0": { - "version": "7.6.q-30", - "arch": "amd64" - }, - "libx11-6": { - "version": "2:1.6.9-2ubuntu1.2", - "arch": "amd64" - }, - "libx11-data": { - "version": "2:1.6.9-2ubuntu1.2", - "arch": "all" - }, - "libx11-xcb1": { - "version": "2:1.6.9-2ubuntu1.2", - "arch": "amd64" - }, - "libxau6": { - "version": "1:1.0.9-0ubuntu1", - "arch": "amd64" - }, - "libxcb-dri2-0": { - "version": "1.14-2", - "arch": "amd64" - }, - "libxcb-dri3-0": { - "version": "1.14-2", - "arch": "amd64" - }, - "libxcb-glx0": { - "version": "1.14-2", - "arch": "amd64" - }, - "libxcb-icccm4": { - "version": "0.4.1-1.1", - "arch": "amd64" - }, - "libxcb-image0": { - "version": "0.4.0-1build1", - "arch": "amd64" - }, - "libxcb-keysyms1": { - "version": "0.4.0-1build1", - "arch": "amd64" - }, - "libxcb-present0": { - "version": "1.14-2", - "arch": "amd64" - }, - "libxcb-randr0": { - "version": "1.14-2", - "arch": "amd64" - }, - "libxcb-render-util0": { - "version": "0.3.9-1build1", - "arch": "amd64" - }, - "libxcb-render0": { - "version": "1.14-2", - "arch": "amd64" - }, - "libxcb-shape0": { - "version": "1.14-2", - "arch": "amd64" - }, - "libxcb-shm0": { - "version": "1.14-2", - "arch": "amd64" - }, - "libxcb-sync1": { - "version": "1.14-2", - "arch": "amd64" - }, - "libxcb-util1": { - "version": "0.4.0-0ubuntu3", - "arch": "amd64" - }, - "libxcb-xfixes0": { - "version": "1.14-2", - "arch": "amd64" - }, - "libxcb-xinerama0": { - "version": "1.14-2", - "arch": "amd64" - }, - "libxcb-xinput0": { - "version": "1.14-2", - "arch": "amd64" - }, - "libxcb-xkb1": { - "version": "1.14-2", - "arch": "amd64" - }, - "libxcb1": { - "version": "1.14-2", - "arch": "amd64" - }, - "libxcomposite1": { - "version": "1:0.4.5-1", - "arch": "amd64" - }, - "libxcursor1": { - "version": "1:1.2.0-2", - "arch": "amd64" - }, - "libxdamage1": { - "version": "1:1.1.5-2", - "arch": "amd64" - }, - "libxdmcp6": { - "version": "1:1.1.3-0ubuntu1", - "arch": "amd64" - }, - "libxext6": { - "version": "2:1.3.4-0ubuntu1", - "arch": "amd64" - }, - "libxfixes3": { - "version": "1:5.0.3-2", - "arch": "amd64" - }, - "libxi6": { - "version": "2:1.7.10-0ubuntu1", - "arch": "amd64" - }, - "libxinerama1": { - "version": "2:1.1.4-2", - "arch": "amd64" - }, - "libxkbcommon-x11-0": { - "version": "0.10.0-1", - "arch": "amd64" - }, - "libxkbcommon0": { - "version": "0.10.0-1", - "arch": "amd64" - }, - "libxml2": { - "version": "2.9.10+dfsg-5ubuntu0.20.04.2", - "arch": "amd64" - }, - "libxmlb1": { - "version": "0.1.15-2ubuntu1~20.04.1", - "arch": "amd64" - }, - "libxmlsec1": { - "version": "1.2.28-2", - "arch": "amd64" - }, - "libxmlsec1-openssl": { - "version": "1.2.28-2", - "arch": "amd64" - }, - "libxmuu1": { - "version": "2:1.1.3-0ubuntu1", - "arch": "amd64" - }, - "libxrandr2": { - "version": "2:1.5.2-0ubuntu1", - "arch": "amd64" - }, - "libxrender1": { - "version": "1:0.9.10-1", - "arch": "amd64" - }, - "libxshmfence1": { - "version": "1.3-1", - "arch": "amd64" - }, - "libxslt1.1": { - "version": "1.1.34-4", - "arch": "amd64" - }, - "libxtables12": { - "version": "1.8.4-3ubuntu2", - "arch": "amd64" - }, - "libxtst6": { - "version": "2:1.2.3-1", - "arch": "amd64" - }, - "libxxf86vm1": { - "version": "1:1.1.4-1build1", - "arch": "amd64" - }, - "libyaml-0-2": { - "version": "0.2.2-1", - "arch": "amd64" - }, - "libzstd1": { - "version": "1.4.4+dfsg-3ubuntu0.1", - "arch": "amd64" - }, - "linux-base": { - "version": "4.5ubuntu3.7", - "arch": "all" - }, - "linux-cloud-tools-5.4.0-107": { - "version": "5.4.0-107.121", - "arch": "amd64" - }, - "linux-cloud-tools-5.4.0-107-generic": { - "version": "5.4.0-107.121", - "arch": "amd64" - }, - "linux-cloud-tools-5.4.0-42": { - "version": "5.4.0-42.46", - "arch": "amd64" - }, - "linux-cloud-tools-5.4.0-42-generic": { - "version": "5.4.0-42.46", - "arch": "amd64" - }, - "linux-cloud-tools-common": { - "version": "5.4.0-107.121", - "arch": "all" - }, - "linux-cloud-tools-generic": { - "version": "5.4.0.107.111", - "arch": "amd64" - }, - "linux-cloud-tools-virtual": { - "version": "5.4.0.107.111", - "arch": "amd64" - }, - "linux-firmware": { - "version": "1.187.29", - "arch": "all" - }, - "linux-generic": { - "version": "5.4.0.107.111", - "arch": "amd64" - }, - "linux-headers-5.4.0-107": { - "version": "5.4.0-107.121", - "arch": "all" - }, - "linux-headers-5.4.0-107-generic": { - "version": "5.4.0-107.121", - "arch": "amd64" - }, - "linux-headers-5.4.0-42": { - "version": "5.4.0-42.46", - "arch": "all" - }, - "linux-headers-5.4.0-42-generic": { - "version": "5.4.0-42.46", - "arch": "amd64" - }, - "linux-headers-generic": { - "version": "5.4.0.107.111", - "arch": "amd64" - }, - "linux-image-5.4.0-107-generic": { - "version": "5.4.0-107.121", - "arch": "amd64" - }, - "linux-image-5.4.0-42-generic": { - "version": "5.4.0-42.46", - "arch": "amd64" - }, - "linux-image-generic": { - "version": "5.4.0.107.111", - "arch": "amd64" - }, - "linux-libc-dev": { - "version": "5.4.0-110.124", - "arch": "amd64" - }, - "linux-modules-5.4.0-107-generic": { - "version": "5.4.0-107.121", - "arch": "amd64" - }, - "linux-modules-5.4.0-42-generic": { - "version": "5.4.0-42.46", - "arch": "amd64" - }, - "linux-modules-extra-5.4.0-107-generic": { - "version": "5.4.0-107.121", - "arch": "amd64" - }, - "linux-modules-extra-5.4.0-42-generic": { - "version": "5.4.0-42.46", - "arch": "amd64" - }, - "linux-tools-5.4.0-42": { - "version": "5.4.0-42.46", - "arch": "amd64" - }, - "linux-tools-5.4.0-42-generic": { - "version": "5.4.0-42.46", - "arch": "amd64" - }, - "linux-tools-common": { - "version": "5.4.0-107.121", - "arch": "all" - }, - "locales": { - "version": "2.31-0ubuntu9.7", - "arch": "all" - }, - "login": { - "version": "1:4.8.1-1ubuntu5.20.04.1", - "arch": "amd64" - }, - "logrotate": { - "version": "3.14.0-4ubuntu3", - "arch": "amd64" - }, - "logsave": { - "version": "1.45.5-2ubuntu1", - "arch": "amd64" - }, - "lsb-base": { - "version": "11.1.0ubuntu2", - "arch": "all" - }, - "lsb-release": { - "version": "11.1.0ubuntu2", - "arch": "all" - }, - "lshw": { - "version": "02.18.85-0.3ubuntu2.20.04.1", - "arch": "amd64" - }, - "lsof": { - "version": "4.93.2+dfsg-1ubuntu0.20.04.1", - "arch": "amd64" - }, - "ltrace": { - "version": "0.7.3-6.1ubuntu1", - "arch": "amd64" - }, - "lvm2": { - "version": "2.03.07-1ubuntu1", - "arch": "amd64" - }, - "lxd-agent-loader": { - "version": "0.4", - "arch": "all" - }, - "lz4": { - "version": "1.9.2-2ubuntu0.20.04.1", - "arch": "amd64" - }, - "mailutils": { - "version": "1:3.7-2.1", - "arch": "amd64" - }, - "mailutils-common": { - "version": "1:3.7-2.1", - "arch": "all" - }, - "make": { - "version": "4.2.1-1.2", - "arch": "amd64" - }, - "man-db": { - "version": "2.9.1-1", - "arch": "amd64" - }, - "manpages": { - "version": "5.05-1", - "arch": "all" - }, - "manpages-dev": { - "version": "5.05-1", - "arch": "all" - }, - "mawk": { - "version": "1.3.4.20200120-2", - "arch": "amd64" - }, - "mdadm": { - "version": "4.1-5ubuntu1.2", - "arch": "amd64" - }, - "mesa-vulkan-drivers": { - "version": "21.2.6-0ubuntu0.1~20.04.2", - "arch": "amd64" - }, - "mime-support": { - "version": "3.64ubuntu1", - "arch": "all" - }, - "mlocate": { - "version": "0.26-3ubuntu3", - "arch": "amd64" - }, - "modemmanager": { - "version": "1.16.6-2~20.04.1", - "arch": "amd64" - }, - "mosh": { - "version": "1.3.2-2.1build3", - "arch": "amd64" - }, - "motd-news-config": { - "version": "11ubuntu5.5", - "arch": "all" - }, - "mount": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "mtr-tiny": { - "version": "0.93-1", - "arch": "amd64" - }, - "multipath-tools": { - "version": "0.8.3-1ubuntu2", - "arch": "amd64" - }, - "mysql-common": { - "version": "5.8+1.0.5ubuntu2", - "arch": "all" - }, - "nano": { - "version": "4.8-1ubuntu1", - "arch": "amd64" - }, - "ncurses-base": { - "version": "6.2-0ubuntu2", - "arch": "all" - }, - "ncurses-bin": { - "version": "6.2-0ubuntu2", - "arch": "amd64" - }, - "ncurses-term": { - "version": "6.2-0ubuntu2", - "arch": "all" - }, - "netbase": { - "version": "6.1", - "arch": "all" - }, - "netcat-openbsd": { - "version": "1.206-1ubuntu1", - "arch": "amd64" - }, - "netplan.io": { - "version": "0.104-0ubuntu2~20.04.1", - "arch": "amd64" - }, - "networkd-dispatcher": { - "version": "2.1-2~ubuntu20.04.1", - "arch": "all" - }, - "nodejs": { - "version": "14.19.3-deb-1nodesource1", - "arch": "amd64" - }, - "ntfs-3g": { - "version": "1:2017.3.23AR.3-3ubuntu1.1", - "arch": "amd64" - }, - "ntp": { - "version": "1:4.2.8p12+dfsg-3ubuntu4.20.04.1", - "arch": "amd64" - }, - "open-iscsi": { - "version": "2.0.874-7.1ubuntu6.2", - "arch": "amd64" - }, - "open-vm-tools": { - "version": "2:11.3.0-2ubuntu0~ubuntu20.04.2", - "arch": "amd64" - }, - "openssh-client": { - "version": "1:8.2p1-4ubuntu0.4", - "arch": "amd64" - }, - "openssh-server": { - "version": "1:8.2p1-4ubuntu0.4", - "arch": "amd64" - }, - "openssh-sftp-server": { - "version": "1:8.2p1-4ubuntu0.4", - "arch": "amd64" - }, - "openssl": { - "version": "1.1.1f-1ubuntu2.12", - "arch": "amd64" - }, - "os-prober": { - "version": "1.74ubuntu2", - "arch": "amd64" - }, - "overlayroot": { - "version": "0.45ubuntu2", - "arch": "all" - }, - "packagekit": { - "version": "1.1.13-2ubuntu1.1", - "arch": "amd64" - }, - "packagekit-tools": { - "version": "1.1.13-2ubuntu1.1", - "arch": "amd64" - }, - "parted": { - "version": "3.3-4ubuntu0.20.04.1", - "arch": "amd64" - }, - "passwd": { - "version": "1:4.8.1-1ubuntu5.20.04.1", - "arch": "amd64" - }, - "pastebinit": { - "version": "1.5.1-1", - "arch": "all" - }, - "patch": { - "version": "2.7.6-6", - "arch": "amd64" - }, - "pci.ids": { - "version": "0.0~2020.03.20-1", - "arch": "all" - }, - "pciutils": { - "version": "1:3.6.4-1ubuntu0.20.04.1", - "arch": "amd64" - }, - "perl": { - "version": "5.30.0-9ubuntu0.2", - "arch": "amd64" - }, - "perl-base": { - "version": "5.30.0-9ubuntu0.2", - "arch": "amd64" - }, - "perl-modules-5.30": { - "version": "5.30.0-9ubuntu0.2", - "arch": "all" - }, - "pinentry-curses": { - "version": "1.1.0-3build1", - "arch": "amd64" - }, - "plymouth": { - "version": "0.9.4git20200323-0ubuntu6.2", - "arch": "amd64" - }, - "plymouth-theme-ubuntu-text": { - "version": "0.9.4git20200323-0ubuntu6.2", - "arch": "amd64" - }, - "policykit-1": { - "version": "0.105-26ubuntu1.3", - "arch": "amd64" - }, - "pollinate": { - "version": "4.33-3ubuntu1.20.04.1", - "arch": "all" - }, - "popularity-contest": { - "version": "1.69ubuntu1", - "arch": "all" - }, - "postfix": { - "version": "3.4.13-0ubuntu1.2", - "arch": "amd64" - }, - "powermgmt-base": { - "version": "1.36", - "arch": "all" - }, - "procps": { - "version": "2:3.3.16-1ubuntu2.3", - "arch": "amd64" - }, - "psmisc": { - "version": "23.3-1", - "arch": "amd64" - }, - "publicsuffix": { - "version": "20200303.0012-1", - "arch": "all" - }, - "python-apt-common": { - "version": "2.0.0ubuntu0.20.04.7", - "arch": "all" - }, - "python-pip-whl": { - "version": "20.0.2-5ubuntu1.6", - "arch": "all" - }, - "python3": { - "version": "3.8.2-0ubuntu2", - "arch": "amd64" - }, - "python3-apport": { - "version": "2.20.11-0ubuntu27.23", - "arch": "all" - }, - "python3-apt": { - "version": "2.0.0ubuntu0.20.04.7", - "arch": "amd64" - }, - "python3-attr": { - "version": "19.3.0-2", - "arch": "all" - }, - "python3-automat": { - "version": "0.8.0-1ubuntu1", - "arch": "all" - }, - "python3-blinker": { - "version": "1.4+dfsg1-0.3ubuntu1", - "arch": "all" - }, - "python3-certifi": { - "version": "2019.11.28-1", - "arch": "all" - }, - "python3-cffi-backend": { - "version": "1.14.0-1build1", - "arch": "amd64" - }, - "python3-chardet": { - "version": "3.0.4-4build1", - "arch": "all" - }, - "python3-click": { - "version": "7.0-3", - "arch": "all" - }, - "python3-colorama": { - "version": "0.4.3-1build1", - "arch": "all" - }, - "python3-commandnotfound": { - "version": "20.04.6", - "arch": "all" - }, - "python3-configobj": { - "version": "5.0.6-4", - "arch": "all" - }, - "python3-constantly": { - "version": "15.1.0-1build1", - "arch": "all" - }, - "python3-cryptography": { - "version": "2.8-3ubuntu0.1", - "arch": "amd64" - }, - "python3-dbus": { - "version": "1.2.16-1build1", - "arch": "amd64" - }, - "python3-debconf": { - "version": "1.5.73", - "arch": "all" - }, - "python3-debian": { - "version": "0.1.36ubuntu1", - "arch": "all" - }, - "python3-dev": { - "version": "3.8.2-0ubuntu2", - "arch": "amd64" - }, - "python3-distro": { - "version": "1.4.0-1", - "arch": "all" - }, - "python3-distro-info": { - "version": "0.23ubuntu1", - "arch": "all" - }, - "python3-distupgrade": { - "version": "1:20.04.37", - "arch": "all" - }, - "python3-distutils": { - "version": "3.8.10-0ubuntu1~20.04", - "arch": "all" - }, - "python3-entrypoints": { - "version": "0.3-2ubuntu1", - "arch": "all" - }, - "python3-gdbm": { - "version": "3.8.10-0ubuntu1~20.04", - "arch": "amd64" - }, - "python3-gi": { - "version": "3.36.0-1", - "arch": "amd64" - }, - "python3-hamcrest": { - "version": "1.9.0-3", - "arch": "all" - }, - "python3-httplib2": { - "version": "0.14.0-1ubuntu1", - "arch": "all" - }, - "python3-hyperlink": { - "version": "19.0.0-1", - "arch": "all" - }, - "python3-idna": { - "version": "2.8-1", - "arch": "all" - }, - "python3-incremental": { - "version": "16.10.1-3.2", - "arch": "all" - }, - "python3-jwt": { - "version": "1.7.1-2ubuntu2", - "arch": "all" - }, - "python3-keyring": { - "version": "18.0.1-2ubuntu1", - "arch": "all" - }, - "python3-launchpadlib": { - "version": "1.10.13-1", - "arch": "all" - }, - "python3-lazr.restfulclient": { - "version": "0.14.2-2build1", - "arch": "all" - }, - "python3-lazr.uri": { - "version": "1.0.3-4build1", - "arch": "all" - }, - "python3-lib2to3": { - "version": "3.8.10-0ubuntu1~20.04", - "arch": "all" - }, - "python3-minimal": { - "version": "3.8.2-0ubuntu2", - "arch": "amd64" - }, - "python3-nacl": { - "version": "1.3.0-5", - "arch": "amd64" - }, - "python3-netifaces": { - "version": "0.10.4-1ubuntu4", - "arch": "amd64" - }, - "python3-newt": { - "version": "0.52.21-4ubuntu2", - "arch": "amd64" - }, - "python3-oauthlib": { - "version": "3.1.0-1ubuntu2", - "arch": "all" - }, - "python3-openssl": { - "version": "19.0.0-1build1", - "arch": "all" - }, - "python3-pexpect": { - "version": "4.6.0-1build1", - "arch": "all" - }, - "python3-pip": { - "version": "20.0.2-5ubuntu1.6", - "arch": "all" - }, - "python3-pkg-resources": { - "version": "45.2.0-1", - "arch": "all" - }, - "python3-problem-report": { - "version": "2.20.11-0ubuntu27.23", - "arch": "all" - }, - "python3-ptyprocess": { - "version": "0.6.0-1ubuntu1", - "arch": "all" - }, - "python3-pyasn1": { - "version": "0.4.2-3build1", - "arch": "all" - }, - "python3-pyasn1-modules": { - "version": "0.2.1-0.2build1", - "arch": "all" - }, - "python3-pymacaroons": { - "version": "0.13.0-3", - "arch": "all" - }, - "python3-pyqt5": { - "version": "5.14.1+dfsg-3build1", - "arch": "amd64" - }, - "python3-requests": { - "version": "2.22.0-2ubuntu1", - "arch": "all" - }, - "python3-requests-unixsocket": { - "version": "0.2.0-2", - "arch": "all" - }, - "python3-secretstorage": { - "version": "2.3.1-2ubuntu1", - "arch": "all" - }, - "python3-service-identity": { - "version": "18.1.0-5build1", - "arch": "all" - }, - "python3-setuptools": { - "version": "45.2.0-1", - "arch": "all" - }, - "python3-simplejson": { - "version": "3.16.0-2ubuntu2", - "arch": "amd64" - }, - "python3-sip": { - "version": "4.19.21+dfsg-1build1", - "arch": "amd64" - }, - "python3-six": { - "version": "1.14.0-2", - "arch": "all" - }, - "python3-software-properties": { - "version": "0.99.9.8", - "arch": "all" - }, - "python3-systemd": { - "version": "234-3build2", - "arch": "amd64" - }, - "python3-twisted": { - "version": "18.9.0-11ubuntu0.20.04.2", - "arch": "all" - }, - "python3-twisted-bin": { - "version": "18.9.0-11ubuntu0.20.04.2", - "arch": "amd64" - }, - "python3-update-manager": { - "version": "1:20.04.10.10", - "arch": "all" - }, - "python3-urllib3": { - "version": "1.25.8-2ubuntu0.1", - "arch": "all" - }, - "python3-wadllib": { - "version": "1.3.3-3build1", - "arch": "all" - }, - "python3-wheel": { - "version": "0.34.2-1", - "arch": "all" - }, - "python3-yaml": { - "version": "5.3.1-1ubuntu0.1", - "arch": "amd64" - }, - "python3-zope.interface": { - "version": "4.7.1-1", - "arch": "amd64" - }, - "python3.8": { - "version": "3.8.10-0ubuntu1~20.04.4", - "arch": "amd64" - }, - "python3.8-dev": { - "version": "3.8.10-0ubuntu1~20.04.4", - "arch": "amd64" - }, - "python3.8-minimal": { - "version": "3.8.10-0ubuntu1~20.04.4", - "arch": "amd64" - }, - "qt5-gtk-platformtheme": { - "version": "5.12.8+dfsg-0ubuntu2.1", - "arch": "amd64" - }, - "qttranslations5-l10n": { - "version": "5.12.8-0ubuntu1", - "arch": "all" - }, - "rake": { - "version": "13.0.1-4", - "arch": "all" - }, - "readline-common": { - "version": "8.0-4", - "arch": "all" - }, - "rsync": { - "version": "3.1.3-8ubuntu0.3", - "arch": "amd64" - }, - "rsyslog": { - "version": "8.2001.0-1ubuntu1.1", - "arch": "amd64" - }, - "ruby": { - "version": "1:2.7+1", - "arch": "amd64" - }, - "ruby-minitest": { - "version": "5.13.0-1", - "arch": "all" - }, - "ruby-net-telnet": { - "version": "0.1.1-2", - "arch": "all" - }, - "ruby-power-assert": { - "version": "1.1.7-1", - "arch": "all" - }, - "ruby-test-unit": { - "version": "3.3.5-1", - "arch": "all" - }, - "ruby-xmlrpc": { - "version": "0.3.0-2", - "arch": "all" - }, - "ruby2.7": { - "version": "2.7.0-5ubuntu1.6", - "arch": "amd64" - }, - "rubygems-integration": { - "version": "1.16", - "arch": "all" - }, - "run-one": { - "version": "1.17-0ubuntu1", - "arch": "all" - }, - "sbsigntool": { - "version": "0.9.2-2ubuntu1", - "arch": "amd64" - }, - "screen": { - "version": "4.8.0-1ubuntu0.1", - "arch": "amd64" - }, - "secureboot-db": { - "version": "1.5", - "arch": "amd64" - }, - "sed": { - "version": "4.7-1", - "arch": "amd64" - }, - "sensible-utils": { - "version": "0.0.12+nmu1", - "arch": "all" - }, - "sg3-utils": { - "version": "1.44-1ubuntu2", - "arch": "amd64" - }, - "sg3-utils-udev": { - "version": "1.44-1ubuntu2", - "arch": "all" - }, - "shared-mime-info": { - "version": "1.15-1", - "arch": "amd64" - }, - "snapd": { - "version": "2.54.3+20.04.1ubuntu0.2", - "arch": "amd64" - }, - "sntp": { - "version": "1:4.2.8p12+dfsg-3ubuntu4.20.04.1", - "arch": "amd64" - }, - "software-properties-common": { - "version": "0.99.9.8", - "arch": "all" - }, - "sosreport": { - "version": "4.3-1ubuntu0.20.04.1", - "arch": "amd64" - }, - "sound-theme-freedesktop": { - "version": "0.8-2ubuntu1", - "arch": "all" - }, - "squashfs-tools": { - "version": "1:4.4-1ubuntu0.3", - "arch": "amd64" - }, - "ssh-import-id": { - "version": "5.10-0ubuntu1", - "arch": "all" - }, - "ssl-cert": { - "version": "1.0.39", - "arch": "all" - }, - "strace": { - "version": "5.5-3ubuntu1", - "arch": "amd64" - }, - "sudo": { - "version": "1.8.31-1ubuntu1.2", - "arch": "amd64" - }, - "sysstat": { - "version": "12.2.0-2ubuntu0.1", - "arch": "amd64" - }, - "systemd": { - "version": "245.4-4ubuntu3.17", - "arch": "amd64" - }, - "systemd-sysv": { - "version": "245.4-4ubuntu3.17", - "arch": "amd64" - }, - "systemd-timesyncd": { - "version": "245.4-4ubuntu3.16", - "arch": "amd64" - }, - "sysvinit-utils": { - "version": "2.96-2.1ubuntu1", - "arch": "amd64" - }, - "tar": { - "version": "1.30+dfsg-7ubuntu0.20.04.2", - "arch": "amd64" - }, - "tasksel": { - "version": "3.34ubuntu16", - "arch": "all" - }, - "tasksel-data": { - "version": "3.34ubuntu16", - "arch": "all" - }, - "tcpdump": { - "version": "4.9.3-4ubuntu0.1", - "arch": "amd64" - }, - "telnet": { - "version": "0.17-41.2build1", - "arch": "amd64" - }, - "thin-provisioning-tools": { - "version": "0.8.5-4build1", - "arch": "amd64" - }, - "time": { - "version": "1.7-25.1build1", - "arch": "amd64" - }, - "tmux": { - "version": "3.0a-2ubuntu0.3", - "arch": "amd64" - }, - "tpm-udev": { - "version": "0.4", - "arch": "all" - }, - "tzdata": { - "version": "2022a-0ubuntu0.20.04", - "arch": "all" - }, - "ubuntu-advantage-tools": { - "version": "27.7~20.04.1", - "arch": "amd64" - }, - "ubuntu-keyring": { - "version": "2020.02.11.4", - "arch": "all" - }, - "ubuntu-minimal": { - "version": "1.450.2", - "arch": "amd64" - }, - "ubuntu-mono": { - "version": "19.04-0ubuntu3", - "arch": "all" - }, - "ubuntu-release-upgrader-core": { - "version": "1:20.04.37", - "arch": "all" - }, - "ubuntu-server": { - "version": "1.450.2", - "arch": "amd64" - }, - "ubuntu-standard": { - "version": "1.450.2", - "arch": "amd64" - }, - "ucf": { - "version": "3.0038+nmu1", - "arch": "all" - }, - "udev": { - "version": "245.4-4ubuntu3.16", - "arch": "amd64" - }, - "udisks2": { - "version": "2.8.4-1ubuntu2", - "arch": "amd64" - }, - "ufw": { - "version": "0.36-6ubuntu1", - "arch": "all" - }, - "unattended-upgrades": { - "version": "2.3ubuntu0.1", - "arch": "all" - }, - "unzip": { - "version": "6.0-25ubuntu1", - "arch": "amd64" - }, - "update-manager-core": { - "version": "1:20.04.10.10", - "arch": "all" - }, - "update-notifier-common": { - "version": "3.192.30.10", - "arch": "all" - }, - "usb-modeswitch": { - "version": "2.5.2+repack0-2ubuntu3", - "arch": "amd64" - }, - "usb-modeswitch-data": { - "version": "20191128-3", - "arch": "all" - }, - "usb.ids": { - "version": "2020.03.19-1", - "arch": "all" - }, - "usbutils": { - "version": "1:012-2", - "arch": "amd64" - }, - "util-linux": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "uuid-runtime": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "vim": { - "version": "2:8.1.2269-1ubuntu5.7", - "arch": "amd64" - }, - "vim-common": { - "version": "2:8.1.2269-1ubuntu5.7", - "arch": "all" - }, - "vim-nox": { - "version": "2:8.1.2269-1ubuntu5.7", - "arch": "amd64" - }, - "vim-runtime": { - "version": "2:8.1.2269-1ubuntu5.7", - "arch": "all" - }, - "vim-tiny": { - "version": "2:8.1.2269-1ubuntu5.7", - "arch": "amd64" - }, - "wget": { - "version": "1.20.3-1ubuntu2", - "arch": "amd64" - }, - "whiptail": { - "version": "0.52.21-4ubuntu2", - "arch": "amd64" - }, - "wireless-regdb": { - "version": "2021.08.28-0ubuntu1~20.04.1", - "arch": "all" - }, - "x11-common": { - "version": "1:7.7+19ubuntu14", - "arch": "all" - }, - "xauth": { - "version": "1:1.1-0ubuntu1", - "arch": "amd64" - }, - "xdg-user-dirs": { - "version": "0.17-2ubuntu1", - "arch": "amd64" - }, - "xfsprogs": { - "version": "5.3.0-1ubuntu2", - "arch": "amd64" - }, - "xkb-data": { - "version": "2.29-2", - "arch": "all" - }, - "xxd": { - "version": "2:8.1.2269-1ubuntu5.7", - "arch": "amd64" - }, - "xz-utils": { - "version": "5.2.4-1ubuntu1.1", - "arch": "amd64" - }, - "zerofree": { - "version": "1.1.1-1", - "arch": "amd64" - }, - "zip": { - "version": "3.0-11build1", - "arch": "amd64" - }, - "zlib1g": { - "version": "1:1.2.11.dfsg-2ubuntu1.3", - "arch": "amd64" - }, - "zlib1g-dev": { - "version": "1:1.2.11.dfsg-2ubuntu1.3", - "arch": "amd64" - } - }, - "cloud": null, - "ohai_time": 1653315595.8568022, - "cpu": { - "0": { - "vendor_id": "GenuineIntel", - "family": "6", - "model": "78", - "model_name": "Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz", - "stepping": "3", - "mhz": "2496.006", - "cache_size": "3072 KB", - "physical_id": "0", - "core_id": "0", - "cores": "2", - "flags": [ - "fpu", - "vme", - "de", - "pse", - "tsc", - "msr", - "pae", - "mce", - "cx8", - "apic", - "sep", - "mtrr", - "pge", - "mca", - "cmov", - "pat", - "pse36", - "clflush", - "mmx", - "fxsr", - "sse", - "sse2", - "ht", - "syscall", - "nx", - "rdtscp", - "lm", - "constant_tsc", - "rep_good", - "nopl", - "xtopology", - "nonstop_tsc", - "cpuid", - "tsc_known_freq", - "pni", - "pclmulqdq", - "ssse3", - "cx16", - "pcid", - "sse4_1", - "sse4_2", - "x2apic", - "movbe", - "popcnt", - "aes", - "xsave", - "avx", - "rdrand", - "hypervisor", - "lahf_lm", - "abm", - "3dnowprefetch", - "invpcid_single", - "pti", - "fsgsbase", - "avx2", - "invpcid", - "rdseed", - "clflushopt", - "md_clear", - "flush_l1d", - "arch_capabilities" - ] - }, - "1": { - "vendor_id": "GenuineIntel", - "family": "6", - "model": "78", - "model_name": "Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz", - "stepping": "3", - "mhz": "2496.006", - "cache_size": "3072 KB", - "physical_id": "0", - "core_id": "1", - "cores": "2", - "flags": [ - "fpu", - "vme", - "de", - "pse", - "tsc", - "msr", - "pae", - "mce", - "cx8", - "apic", - "sep", - "mtrr", - "pge", - "mca", - "cmov", - "pat", - "pse36", - "clflush", - "mmx", - "fxsr", - "sse", - "sse2", - "ht", - "syscall", - "nx", - "rdtscp", - "lm", - "constant_tsc", - "rep_good", - "nopl", - "xtopology", - "nonstop_tsc", - "cpuid", - "tsc_known_freq", - "pni", - "pclmulqdq", - "ssse3", - "cx16", - "pcid", - "sse4_1", - "sse4_2", - "x2apic", - "movbe", - "popcnt", - "aes", - "xsave", - "avx", - "rdrand", - "hypervisor", - "lahf_lm", - "abm", - "3dnowprefetch", - "invpcid_single", - "pti", - "fsgsbase", - "avx2", - "invpcid", - "rdseed", - "clflushopt", - "md_clear", - "flush_l1d", - "arch_capabilities" - ] - }, - "total": 2, - "real": 1, - "cores": 2 - }, - "init_package": "systemd", - "time": { - "timezone": "UTC" - }, - "virtualbox": { - "host": { - "revision": "150636", - "version": "6.1.34" - }, - "guest": { - "guest_additions_version": "6.1.34", - "guest_additions_revision": "150636" - } - }, - "chef_guid": "f39dc6ff-af2e-46f2-a642-790d1abbed4b", - "name": "vagrant-node-bitcoin", - "chef_environment": "development", - "recipes": [ - "kosmos-bitcoin::electrum", - "kosmos-bitcoin::yap", - "kosmos-bitcoin::_user", - "kosmos-nodejs::default", - "nodejs::nodejs_from_package", - "nodejs::repo" - ], - "expanded_run_list": [ - "kosmos-bitcoin::electrum", - "kosmos-bitcoin::yap" - ], - "roles": [ - - ], - "cookbooks": { - "kosmos-bitcoin": { - "version": "0.1.0" - }, - "ark": { - "version": "6.0.3" - }, - "backup": { - "version": "0.5.1" - }, - "git": { - "version": "10.0.0" - }, - "golang": { - "version": "5.3.1" - }, - "kosmos-nginx": { - "version": "0.3.2" - }, - "kosmos-nodejs": { - "version": "0.1.1" - }, - "firewall": { - "version": "2.6.5" - }, - "application_javascript": { - "version": "1.0.0" - }, - "tor-full": { - "version": "0.2.0" - }, - "redisio": { - "version": "5.0.0" - }, - "seven_zip": { - "version": "4.2.2" - }, - "logrotate": { - "version": "2.2.0" - }, - "mysql": { - "version": "8.7.4" - }, - "nginx": { - "version": "9.0.0" - }, - "openssl": { - "version": "8.5.5" - }, - "nodejs": { - "version": "7.3.3" - }, - "chef-sugar": { - "version": "3.3.0" - }, - "poise": { - "version": "2.8.2" - }, - "application": { - "version": "5.2.0" - }, - "poise-javascript": { - "version": "1.2.1" - }, - "poise-service": { - "version": "1.5.2" - }, - "apt": { - "version": "7.3.0" - }, - "yum": { - "version": "7.2.0" - }, - "ulimit": { - "version": "1.0.0" - }, - "selinux_policy": { - "version": "2.4.3" - }, - "build-essential": { - "version": "8.2.1" - }, - "ohai": { - "version": "5.2.5" - }, - "yum-epel": { - "version": "4.2.3" - }, - "chocolatey": { - "version": "3.0.0" - }, - "poise-languages": { - "version": "2.1.2" - }, - "mingw": { - "version": "2.1.3" - }, - "poise-archive": { - "version": "1.5.0" - } - } - }, - "run_list": [ - "recipe[kosmos-bitcoin::electrum]", - "recipe[kosmos-bitcoin::yap]" - ] -} \ No newline at end of file diff --git a/nodes/vagrant-openresty.json b/nodes/vagrant-openresty.json deleted file mode 100644 index d7c13cf..0000000 --- a/nodes/vagrant-openresty.json +++ /dev/null @@ -1,7933 +0,0 @@ -{ - "name": "vagrant-openresty", - "chef_environment": "development", - "override": { - "apt": { - "unattended_upgrades": { - "allowed_origins": [ - "${distro_id}:${distro_codename}-security", - "${distro_id}:${distro_codename}-updates" - ], - "mail": "ops@kosmos.org", - "syslog_enable": true - } - }, - "openresty": { - "or_modules": { - "luajit": true - }, - "server_names_hash_bucket_size": 128 - }, - "tor": { - "HiddenServices": { - "web": { - "HiddenServicePorts": [ - "80 127.0.0.1:80", - "443 127.0.0.1:443" - ] - } - } - }, - "kosmos-mastodon": { - "elasticsearch": { - "allocated_memory": "128m" - } - }, - "kosmos-dirsrv": { - "master_hostname": "localhost" - }, - "bitcoin": { - "username": "vagrant", - "usergroup": "vagrant", - "conf": { - "testnet": 1, - "irc": 1, - "dnsseed": 1, - "upnp": 1, - "checkblocks": 10, - "checklevel": 1, - "txindex": 1, - "whitelist": "127.0.0.1", - "listen": 1, - "server": 1, - "rpcport": 8332, - "rpcssl": 0, - "rpcuser": "bitcoind", - "rpcbind": "127.0.0.1:8336", - "port": 8335, - "gen": 0, - "zmqpubrawblock": "tcp://127.0.0.1:8337", - "zmqpubrawtx": "tcp://127.0.0.1:8338" - } - } - }, - "normal": { - "tags": [ - - ], - "openresty": { - "listen_ip": "192.168.56.7" - } - }, - "default": { - "audit": { - "inspec_backend_cache": true, - "reporter": null, - "fetcher": null, - "insecure": null, - "quiet": true, - "profiles": { - - }, - "inputs": { - - }, - "attributes": { - - }, - "waiver_file": null, - "json_file": { - "location": "/var/chef/compliance_reports/compliance-20230719080032.json" - }, - "run_time_limit": 1.0, - "result_message_limit": 10000, - "result_include_backtrace": false, - "control_results_limit": 50, - "chef_node_attribute_enabled": true, - "compliance_phase": false, - "interval": { - "enabled": false, - "time": 1440 - } - }, - "apt": { - "cacher_dir": "/var/cache/apt-cacher-ng", - "cacher_interface": null, - "cacher_port": 3142, - "compiletime": false, - "compile_time_update": false, - "key_proxy": "", - "periodic_update_min_delay": 86400, - "launchpad_api_version": "1.0", - "unattended_upgrades": { - "enable": false, - "update_package_lists": true, - "allowed_origins": [ - "Ubuntu focal" - ], - "origins_patterns": [ - - ], - "package_blacklist": [ - - ], - "auto_fix_interrupted_dpkg": false, - "minimal_steps": false, - "install_on_shutdown": false, - "mail": null, - "sender": null, - "mail_only_on_error": true, - "remove_unused_dependencies": false, - "automatic_reboot": false, - "automatic_reboot_time": "now", - "dl_limit": null, - "random_sleep": null, - "syslog_enable": false, - "syslog_facility": "daemon", - "dpkg_options": [ - - ] - }, - "cacher_client": { - "cacher_server": { - - } - }, - "confd": { - "force_confask": false, - "force_confdef": false, - "force_confmiss": false, - "force_confnew": false, - "force_confold": false, - "install_recommends": true, - "install_suggests": false - } - }, - "firewall": { - "allow_ssh": false, - "allow_winrm": false, - "allow_mosh": false, - "allow_loopback": false, - "allow_icmp": false, - "firewalld": { - "permanent": false - }, - "iptables": { - "defaults": { - "policy": { - "input": "DROP", - "forward": "DROP", - "output": "ACCEPT" - }, - "ruleset": { - "*filter": 1, - ":INPUT DROP": 2, - ":FORWARD DROP": 3, - ":OUTPUT ACCEPT": 4, - "COMMIT_FILTER": 100 - } - } - }, - "ubuntu_iptables": false, - "redhat7_iptables": false, - "allow_established": true, - "ipv6_enabled": true, - "ufw": { - "defaults": { - "ipv6": "yes", - "manage_builtins": "no", - "ipt_sysctl": "/etc/ufw/sysctl.conf", - "ipt_modules": "nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns", - "policy": { - "input": "DROP", - "output": "ACCEPT", - "forward": "DROP", - "application": "SKIP" - } - } - }, - "windows": { - "defaults": { - "policy": { - "input": "blockinbound", - "output": "allowoutbound" - } - } - } - }, - "hostsfile": { - "path": null - }, - "hostname_cookbook": { - "hostsfile_ip": "127.0.1.1", - "hostsfile_aliases": [ - - ], - "hostsfile_include_hostname_in_aliases": true, - "append_hostsfile_ip": true - }, - "postfix": { - "mail_type": "client", - "relayhost_role": "relayhost", - "multi_environment_relay": false, - "use_procmail": false, - "use_alias_maps": false, - "use_transport_maps": false, - "use_access_maps": false, - "use_virtual_aliases": false, - "use_virtual_aliases_domains": false, - "use_relay_restrictions_maps": false, - "transports": { - - }, - "access": { - - }, - "virtual_aliases": { - - }, - "virtual_aliases_domains": { - - }, - "main_template_source": "postfix", - "master_template_source": "postfix", - "sender_canonical_map_entries": { - - }, - "smtp_generic_map_entries": { - - }, - "access_db_type": "hash", - "aliases_db_type": "hash", - "transport_db_type": "hash", - "virtual_alias_db_type": "hash", - "virtual_alias_domains_db_type": "hash", - "conf_dir": "/etc/postfix", - "aliases_db": "/etc/aliases", - "transport_db": "/etc/postfix/transport", - "access_db": "/etc/postfix/access", - "virtual_alias_db": "/etc/postfix/virtual", - "virtual_alias_domains_db": "/etc/postfix/virtual_domains", - "relay_restrictions_db": "/etc/postfix/relay_restrictions", - "main": { - "biff": "no", - "append_dot_mydomain": "no", - "myhostname": "vagrant", - "mydomain": "vagrant", - "myorigin": "$myhostname", - "mydestination": [ - "vagrant", - "vagrant", - "localhost.localdomain", - "localhost" - ], - "smtpd_use_tls": "yes", - "smtp_use_tls": "yes", - "smtp_sasl_auth_enable": "no", - "mailbox_size_limit": 0, - "mynetworks": null, - "inet_interfaces": "loopback-only" - }, - "cafile": "/etc/ssl/certs/ca-certificates.crt", - "master": { - "smtp": { - "active": true, - "order": 10, - "type": "inet", - "private": false, - "chroot": false, - "command": "smtpd", - "args": [ - - ] - }, - "submission": { - "active": false, - "order": 20, - "type": "inet", - "private": false, - "chroot": false, - "command": "smtpd", - "args": [ - "-o smtpd_enforce_tls=yes", - " -o smtpd_sasl_auth_enable=yes", - "-o smtpd_client_restrictions=permit_sasl_authenticated,reject" - ] - }, - "smtps": { - "active": false, - "order": 30, - "type": "inet", - "private": false, - "chroot": false, - "command": "smtpd", - "args": [ - "-o smtpd_tls_wrappermode=yes", - "-o smtpd_sasl_auth_enable=yes", - "-o smtpd_client_restrictions=permit_sasl_authenticated,reject" - ] - }, - "628": { - "active": false, - "order": 40, - "type": "inet", - "private": false, - "chroot": false, - "command": "qmqpdd", - "args": [ - - ] - }, - "pickup": { - "active": true, - "order": 50, - "type": "fifo", - "private": false, - "chroot": false, - "wakeup": "60", - "maxproc": "1", - "command": "pickup", - "args": [ - - ] - }, - "cleanup": { - "active": true, - "order": 60, - "type": "unix", - "private": false, - "chroot": false, - "maxproc": "0", - "command": "cleanup", - "args": [ - - ] - }, - "qmgr": { - "active": true, - "order": 70, - "type": "fifo", - "private": false, - "chroot": false, - "wakeup": "300", - "maxproc": "1", - "command": "qmgr", - "args": [ - - ] - }, - "tlsmgr": { - "active": true, - "order": 80, - "type": "unix", - "chroot": false, - "wakeup": "1000?", - "maxproc": "1", - "command": "tlsmgr", - "args": [ - - ] - }, - "rewrite": { - "active": true, - "order": 90, - "type": "unix", - "chroot": false, - "command": "trivial-rewrite", - "args": [ - - ] - }, - "bounce": { - "active": true, - "order": 100, - "type": "unix", - "chroot": false, - "maxproc": "0", - "command": "bounce", - "args": [ - - ] - }, - "defer": { - "active": true, - "order": 110, - "type": "unix", - "chroot": false, - "maxproc": "0", - "command": "bounce", - "args": [ - - ] - }, - "trace": { - "active": true, - "order": 120, - "type": "unix", - "chroot": false, - "maxproc": "0", - "command": "bounce", - "args": [ - - ] - }, - "verify": { - "active": true, - "order": 130, - "type": "unix", - "chroot": false, - "maxproc": "1", - "command": "verify", - "args": [ - - ] - }, - "flush": { - "active": true, - "order": 140, - "type": "unix", - "private": false, - "chroot": false, - "wakeup": "1000?", - "maxproc": "0", - "command": "flush", - "args": [ - - ] - }, - "proxymap": { - "active": true, - "order": 150, - "type": "unix", - "chroot": false, - "command": "proxymap", - "args": [ - - ] - }, - "smtpunix": { - "service": "smtp", - "active": true, - "order": 160, - "type": "unix", - "chroot": false, - "maxproc": "500", - "command": "smtp", - "args": [ - - ] - }, - "relay": { - "active": true, - "comment": "When relaying mail as backup MX, disable fallback_relay to avoid MX loops", - "order": 170, - "type": "unix", - "chroot": false, - "command": "smtp", - "args": [ - "-o smtp_fallback_relay=" - ] - }, - "showq": { - "active": true, - "order": 180, - "type": "unix", - "private": false, - "chroot": false, - "command": "showq", - "args": [ - - ] - }, - "error": { - "active": true, - "order": 190, - "type": "unix", - "chroot": false, - "command": "error", - "args": [ - - ] - }, - "discard": { - "active": true, - "order": 200, - "type": "unix", - "chroot": false, - "command": "discard", - "args": [ - - ] - }, - "local": { - "active": true, - "order": 210, - "type": "unix", - "unpriv": false, - "chroot": false, - "command": "local", - "args": [ - - ] - }, - "virtual": { - "active": true, - "order": 220, - "type": "unix", - "unpriv": false, - "chroot": false, - "command": "virtual", - "args": [ - - ] - }, - "lmtp": { - "active": true, - "order": 230, - "type": "unix", - "chroot": false, - "command": "lmtp", - "args": [ - - ] - }, - "anvil": { - "active": true, - "order": 240, - "type": "unix", - "chroot": false, - "maxproc": "1", - "command": "anvil", - "args": [ - - ] - }, - "scache": { - "active": true, - "order": 250, - "type": "unix", - "chroot": false, - "maxproc": "1", - "command": "scache", - "args": [ - - ] - }, - "maildrop": { - "active": true, - "comment": "See the Postfix MAILDROP_README file for details. To main.cf will be added: maildrop_destination_recipient_limit=1", - "order": 510, - "type": "unix", - "unpriv": false, - "chroot": false, - "command": "pipe", - "args": [ - "flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}" - ] - }, - "old-cyrus": { - "active": false, - "comment": "The Cyrus deliver program has changed incompatibly, multiple times.", - "order": 520, - "type": "unix", - "unpriv": false, - "chroot": false, - "command": "pipe", - "args": [ - "flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}" - ] - }, - "cyrus": { - "active": true, - "comment": "Cyrus 2.1.5 (Amos Gouaux). To main.cf will be added: cyrus_destination_recipient_limit=1", - "order": 530, - "type": "unix", - "unpriv": false, - "chroot": false, - "command": "pipe", - "args": [ - "user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}" - ] - }, - "uucp": { - "active": true, - "comment": "See the Postfix UUCP_README file for configuration details.", - "order": 540, - "type": "unix", - "unpriv": false, - "chroot": false, - "command": "pipe", - "args": [ - "flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)" - ] - }, - "ifmail": { - "active": false, - "order": 550, - "type": "unix", - "unpriv": false, - "chroot": false, - "command": "pipe", - "args": [ - "flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)" - ] - }, - "bsmtp": { - "active": true, - "order": 560, - "type": "unix", - "unpriv": false, - "chroot": false, - "command": "pipe", - "args": [ - "flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient" - ] - } - }, - "aliases": { - - } - }, - "ntp": { - "servers": [ - "0.pool.ntp.org", - "1.pool.ntp.org", - "2.pool.ntp.org", - "3.pool.ntp.org" - ], - "peers": [ - - ], - "restrictions": [ - - ], - "tinker": { - "panic": 0, - "allan": 1500, - "dispersion": 15, - "step": 0.128, - "stepout": 900 - }, - "restrict_default": "kod notrap nomodify nopeer noquery", - "packages": [ - "ntp" - ], - "service": "ntp", - "varlibdir": "/var/lib/ntp", - "driftfile": "/var/lib/ntp/ntp.drift", - "logfile": null, - "conffile": "/etc/ntp.conf", - "statsdir": "/var/log/ntpstats/", - "conf_owner": "root", - "conf_group": "root", - "var_owner": "ntp", - "var_group": "ntp", - "leapfile": "/etc/ntp.leapseconds", - "sync_clock": false, - "sync_hw_clock": false, - "listen": null, - "listen_network": null, - "ignore": null, - "apparmor_enabled": true, - "monitor": false, - "statistics": true, - "conf_restart_immediate": false, - "keys": null, - "trustedkey": null, - "requestkey": null, - "disable_tinker_panic_on_virtualization_guest": true, - "peer": { - "key": null, - "use_iburst": true, - "use_burst": false, - "minpoll": 6, - "maxpoll": 10 - }, - "server": { - "prefer": "", - "use_iburst": true, - "use_burst": false, - "minpoll": 6, - "maxpoll": 10 - }, - "orphan": { - "enabled": false, - "stratum": 5 - }, - "localhost": { - "noquery": false - }, - "use_cmos": false - }, - "timezone_iii": { - "timezone": "Etc/UTC", - "tzdata_dir": "/usr/share/zoneinfo", - "localtime_path": "/etc/localtime", - "use_symlink": false - }, - "msys2": { - "url": "http://downloads.sourceforge.net/project/msys2/Base/x86_64/msys2-base-x86_64-20160205.tar.xz", - "checksum": "7e97e2af042e1b6f62cf0298fe84839014ef3d4a3e7825cffc6931c66cc0fc20" - }, - "build-essential": { - "compile_time": false, - "msys2": { - "path": "\\msys2" - } - }, - "git": { - "prefix": "/usr/local", - "version": "2.17.1", - "url": "https://nodeload.github.com/git/git/tar.gz/v%{version}", - "checksum": "690f12cc5691e5adaf2dd390eae6f5acce68ae0d9bd9403814f8a1433833f02a", - "use_pcre": false, - "server": { - "base_path": "/srv/git", - "export_all": true - } - }, - "jemalloc": { - "version": "5.1.0", - "url": "https://github.com/jemalloc/jemalloc/releases/download/5.1.0/jemalloc-5.1.0.tar.bz2", - "checksum": "5396e61cc6103ac393136c309fae09e44d74743c86f90e266948c50f3dbb7268", - "configure": { - "munmap": true, - "lazy_lock": true, - "xmalloc": false, - "dss": false, - "mremap": false, - "stats": false, - "profiling": false, - "valgrind": false - } - }, - "logrotate": { - "package": { - "name": "logrotate", - "source": null, - "version": null, - "provider": null, - "action": "upgrade" - }, - "directory": "/etc/logrotate.d", - "cron": { - "install": false, - "name": "logrotate", - "command": "/usr/sbin/logrotate /etc/logrotate.conf", - "minute": 35, - "hour": 2 - }, - "global": { - "weekly": true, - "rotate": 4, - "create": "", - "/var/log/wtmp": { - "missingok": true, - "monthly": true, - "create": "0664 root utmp", - "rotate": 1 - }, - "/var/log/btmp": { - "missingok": true, - "monthly": true, - "create": "0660 root utmp", - "rotate": 1 - } - } - }, - "yum": { - "main": { - "cachedir": "/var/cache/yum/$basearch/$releasever", - "distroverpkg": "ubuntu-release", - "alwaysprompt": null, - "assumeyes": null, - "bandwidth": null, - "best": null, - "bugtracker_url": null, - "clean_requirements_on_remove": null, - "color": null, - "color_list_available_downgrade": null, - "color_list_available_install": null, - "color_list_available_reinstall": null, - "color_list_available_upgrade": null, - "color_list_installed_extra": null, - "color_list_installed_newer": null, - "color_list_installed_older": null, - "color_list_installed_reinstall": null, - "color_search_match": null, - "color_update_installed": null, - "color_update_local": null, - "color_update_remote": null, - "commands": null, - "deltarpm": null, - "debuglevel": null, - "diskspacecheck": null, - "enable_group_conditionals": null, - "errorlevel": null, - "exactarch": null, - "exclude": null, - "excludepkgs": null, - "gpgcheck": true, - "group_package_types": null, - "groupremove_leaf_only": null, - "history_list_view": null, - "history_record": null, - "history_record_packages": null, - "http_caching": null, - "ip_resolve": null, - "installonly_limit": null, - "installonlypkgs": null, - "installroot": null, - "keepalive": null, - "keepcache": false, - "kernelpkgnames": null, - "localpkg_gpgcheck": false, - "logfile": "/var/log/yum.log", - "max_retries": null, - "mdpolicy": null, - "metadata_expire": null, - "mirrorlist_expire": null, - "multilib_policy": null, - "obsoletes": null, - "overwrite_groups": null, - "password": null, - "path": "/etc/yum.conf", - "persistdir": null, - "pluginconfpath": null, - "pluginpath": null, - "plugins": null, - "protected_multilib": null, - "protected_packages": null, - "proxy": null, - "proxy_password": null, - "proxy_username": null, - "recent": null, - "repo_gpgcheck": null, - "reposdir": null, - "reset_nice": null, - "rpmverbosity": null, - "showdupesfromrepos": null, - "skip_broken": null, - "skip_if_unavailable": null, - "ssl_check_cert_permissions": null, - "sslcacert": null, - "sslclientcert": null, - "sslclientkey": null, - "sslverify": null, - "syslog_device": null, - "syslog_facility": null, - "syslog_ident": null, - "throttle": null, - "timeout": null, - "tolerant": false, - "tsflags": null, - "username": null - } - }, - "openresty": { - "source": { - "version": "1.13.6.2", - "file_prefix": "openresty", - "checksum": "946e1958273032db43833982e2cec0766154a9b5cb8e67868944113208ff2942", - "name": "%{file_prefix}-%{version}", - "url": "https://openresty.org/download/%{name}.tar.gz", - "conf_path": "/etc/nginx/nginx.conf", - "prefix": "/usr/local/openresty", - "state": "/etc/chef_state.d", - "path": "/var/chef/cache", - "default_configure_flags": [ - "--prefix=/usr/share", - "--conf-path=/etc/nginx/nginx.conf", - "--sbin-path=/usr/sbin/nginx", - "--error-log-path=/var/log/nginx/error.log", - "--http-log-path=/var/log/nginx/access.log", - "--pid-path=/var/run/nginx.pid", - "--lock-path=/var/run/nginx.lock", - "--http-client-body-temp-path=/var/cache/nginx/client_temp", - "--http-proxy-temp-path=/var/cache/nginx/proxy_temp", - "--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp", - "--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp", - "--http-scgi-temp-path=/var/cache/nginx/scgi_temp", - "--with-ipv6", - "--with-md5-asm", - "--with-sha1-asm", - "--without-http_ssi_module", - "--without-mail_smtp_module", - "--without-mail_imap_module", - "--without-mail_pop3_module" - ] - }, - "dir": "/etc/openresty", - "log_dir": "/var/log/nginx/logs", - "cache_dir": "/var/cache/nginx", - "run_dir": "/var/run", - "binary": "/usr/local/openresty/nginx/sbin/nginx", - "pid": "/usr/local/openresty/nginx/logs/nginx.pid", - "modules": [ - "http_ssl_module", - "http_gzip_static_module", - "http_gunzip_module", - "http_stub_status_module", - "http_secure_link_module", - "http_realip_module", - "http_flv_module", - "http_mp4_module", - "cache_purge_module" - ], - "extra_modules": [ - - ], - "configure_flags": [ - - ], - "user": "www-data", - "group": "www-data", - "user_system": true, - "user_shell": "/bin/false", - "user_home": "/var/www", - "ipv6": true, - "gzip": "on", - "gzip_http_version": "1.0", - "gzip_comp_level": "2", - "gzip_proxied": "any", - "gzip_vary": "off", - "gzip_buffers": null, - "gzip_types": [ - "text/plain", - "text/css", - "application/x-javascript", - "text/xml", - "application/xml", - "application/xml+rss", - "text/javascript", - "application/javascript", - "application/json", - "font/truetype", - "font/opentype", - "application/vnd.ms-fontobject", - "image/svg+xml" - ], - "keepalive": "on", - "keepalive_timeout": 5, - "keepalive_requests": 100, - "worker_processes": 2, - "worker_auto_affinity": true, - "worker_connections": 4096, - "worker_rlimit_nofile": null, - "multi_accept": false, - "try_aio": false, - "event": "epoll", - "server_names_hash_bucket_size": 64, - "client_max_body_size": "32M", - "client_body_buffer_size": "8K", - "large_client_header_buffers": "32 32k", - "types_hash_max_size": 2048, - "types_hash_bucket_size": 64, - "variables_hash_max_size": 1024, - "variables_hash_bucket_size": 64, - "open_file_cache": { - "max": 1000, - "inactive": "20s", - "valid": "30s", - "min_uses": "8", - "errors": "on" - }, - "log_formats": { - "main": "$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\"" - }, - "logrotate": true, - "logrotate_days": 7, - "logrotate_options": [ - "missingok", - "delaycompress", - "notifempty", - "compress", - "sharedscripts" - ], - "disable_access_log": true, - "default_site_enabled": false, - "custom_pcre": true, - "link_to_jemalloc": false, - "max_subrequests": 201, - "generate_dhparams": true, - "resolver": null, - "resolver_ttl": "10s", - "lua_package_path": null, - "lua_package_cpath": null, - "cache_purge": { - "version": "2.3", - "url": "https://codeload.github.com/FRiCKLE/ngx_cache_purge/tar.gz/2.3", - "checksum": "cb7d5f22919c613f1f03341a1aeb960965269302e9eb23425ccaabd2f5dcbbec" - }, - "pcre": { - "version": "8.41", - "url": "https://sourceforge.net/projects/pcre/files/pcre/8.41/pcre-8.41.tar.bz2/download", - "checksum": "e62c7eac5ae7c0e7286db61ff82912e1c0b7a0c13706616e94a7dd729321b530" - }, - "luarocks": { - "version": "3.9.2", - "url": "https://luarocks.org/releases/luarocks-3.9.2.tar.gz", - "checksum": "bca6e4ecc02c203e070acdb5f586045d45c078896f6236eb46aa33ccd9b94edb", - "default_rocks": { - - } - }, - "or_modules": { - "luajit": true, - "luajit_binary": "2.1.0-beta1", - "iconv": true, - "drizzle": false, - "postgres": false - }, - "realip": { - "header": "X-Forwarded-For", - "addresses": [ - "127.0.0.1" - ], - "recursive": false - }, - "service": { - "recipe": "openresty::service_init", - "resource": "service[openresty]", - "restart_on_update": true, - "start_on_boot": true, - "defaults_file_template": "nginx.sysconfig.erb", - "defaults_file_cookbook": "openresty" - }, - "status": { - "url": "/nginx-status", - "allowed_ips": [ - - ] - }, - "upload_progress": { - "url": "https://github.com/masterzen/nginx-upload-progress-module/archive/v0.9.0.tar.gz", - "checksum": "93e29b9b437a2e34713de54c2861ea51151624aca09f73f9f44d1caaff01a6b1" - }, - "worker_cpu_affinity": "01 10" - }, - "kosmos_assets": { - "domain": "assets.kosmos.org", - "repo": "https://gitea.kosmos.org/kosmos/assets.kosmos.org.git", - "revision": "master" - } - }, - "automatic": { - "kernel": { - "name": "Linux", - "release": "5.4.0-144-generic", - "version": "#161-Ubuntu SMP Fri Feb 3 14:49:04 UTC 2023", - "machine": "x86_64", - "processor": "x86_64", - "os": "GNU/Linux", - "modules": { - "vboxvideo": { - "size": "36864", - "refcount": "0", - "version": "7.0.6 r155176" - }, - "vboxsf": { - "size": "81920", - "refcount": "13", - "version": "7.0.6 r155176" - }, - "dm_multipath": { - "size": "32768", - "refcount": "0" - }, - "scsi_dh_rdac": { - "size": "16384", - "refcount": "0", - "version": "01.00.0000.0000" - }, - "scsi_dh_emc": { - "size": "16384", - "refcount": "0" - }, - "scsi_dh_alua": { - "size": "20480", - "refcount": "0", - "version": "2.0" - }, - "binfmt_misc": { - "size": "24576", - "refcount": "1" - }, - "intel_rapl_msr": { - "size": "20480", - "refcount": "0" - }, - "joydev": { - "size": "24576", - "refcount": "0" - }, - "intel_rapl_common": { - "size": "24576", - "refcount": "1" - }, - "rapl": { - "size": "20480", - "refcount": "0" - }, - "input_leds": { - "size": "16384", - "refcount": "0" - }, - "serio_raw": { - "size": "20480", - "refcount": "0" - }, - "vboxguest": { - "size": "360448", - "refcount": "3", - "version": "7.0.6 r155176" - }, - "mac_hid": { - "size": "16384", - "refcount": "0" - }, - "sch_fq_codel": { - "size": "20480", - "refcount": "3" - }, - "ramoops": { - "size": "28672", - "refcount": "0" - }, - "reed_solomon": { - "size": "24576", - "refcount": "1" - }, - "msr": { - "size": "16384", - "refcount": "0" - }, - "efi_pstore": { - "size": "16384", - "refcount": "0" - }, - "ip_tables": { - "size": "32768", - "refcount": "0" - }, - "x_tables": { - "size": "40960", - "refcount": "1" - }, - "autofs4": { - "size": "45056", - "refcount": "2" - }, - "btrfs": { - "size": "1265664", - "refcount": "0" - }, - "zstd_compress": { - "size": "167936", - "refcount": "1" - }, - "raid10": { - "size": "61440", - "refcount": "0" - }, - "raid456": { - "size": "155648", - "refcount": "0" - }, - "async_raid6_recov": { - "size": "24576", - "refcount": "1" - }, - "async_memcpy": { - "size": "20480", - "refcount": "2" - }, - "async_pq": { - "size": "24576", - "refcount": "2" - }, - "async_xor": { - "size": "20480", - "refcount": "3" - }, - "async_tx": { - "size": "20480", - "refcount": "5" - }, - "xor": { - "size": "24576", - "refcount": "2" - }, - "raid6_pq": { - "size": "114688", - "refcount": "4" - }, - "libcrc32c": { - "size": "16384", - "refcount": "2" - }, - "raid1": { - "size": "45056", - "refcount": "0" - }, - "raid0": { - "size": "24576", - "refcount": "0" - }, - "multipath": { - "size": "20480", - "refcount": "0" - }, - "linear": { - "size": "20480", - "refcount": "0" - }, - "crct10dif_pclmul": { - "size": "16384", - "refcount": "1" - }, - "crc32_pclmul": { - "size": "16384", - "refcount": "0" - }, - "ghash_clmulni_intel": { - "size": "16384", - "refcount": "0" - }, - "aesni_intel": { - "size": "372736", - "refcount": "0" - }, - "crypto_simd": { - "size": "16384", - "refcount": "1" - }, - "cryptd": { - "size": "24576", - "refcount": "2" - }, - "glue_helper": { - "size": "16384", - "refcount": "1" - }, - "vmwgfx": { - "size": "299008", - "refcount": "2", - "version": "2.15.0.0" - }, - "ttm": { - "size": "106496", - "refcount": "2" - }, - "drm_kms_helper": { - "size": "184320", - "refcount": "2" - }, - "psmouse": { - "size": "155648", - "refcount": "0" - }, - "syscopyarea": { - "size": "16384", - "refcount": "1" - }, - "sysfillrect": { - "size": "16384", - "refcount": "1" - }, - "sysimgblt": { - "size": "16384", - "refcount": "1" - }, - "ahci": { - "size": "40960", - "refcount": "2", - "version": "3.0" - }, - "fb_sys_fops": { - "size": "16384", - "refcount": "1" - }, - "libahci": { - "size": "32768", - "refcount": "1" - }, - "drm": { - "size": "495616", - "refcount": "6" - }, - "video": { - "size": "57344", - "refcount": "0" - }, - "i2c_piix4": { - "size": "28672", - "refcount": "0" - }, - "e1000": { - "size": "147456", - "refcount": "0", - "version": "7.3.21-k8-NAPI" - }, - "pata_acpi": { - "size": "16384", - "refcount": "0", - "version": "0.2.3" - } - } - }, - "memory": { - "swap": { - "cached": "188kB", - "total": "2097148kB", - "free": "2096624kB" - }, - "hugepages": { - "total": "0", - "free": "0", - "reserved": "0", - "surplus": "0" - }, - "directmap": { - "4k": "131008kB", - "2M": "917504kB" - }, - "total": "1000112kB", - "free": "110268kB", - "available": "577532kB", - "buffers": "50124kB", - "cached": "516772kB", - "active": "359056kB", - "inactive": "360580kB", - "dirty": "1384kB", - "writeback": "0kB", - "anon_pages": "171096kB", - "mapped": "83584kB", - "slab": "107816kB", - "slab_reclaimable": "49416kB", - "slab_unreclaim": "58400kB", - "page_tables": "2584kB", - "nfs_unstable": "0kB", - "bounce": "0kB", - "commit_limit": "2597204kB", - "committed_as": "688268kB", - "vmalloc_total": "34359738367kB", - "vmalloc_used": "28600kB", - "vmalloc_chunk": "0kB", - "hugepage_size": "2048kB", - "hugetlb": "0kB" - }, - "network": { - "interfaces": { - "lo": { - "mtu": "65536", - "flags": [ - "LOOPBACK", - "UP", - "LOWER_UP" - ], - "encapsulation": "Loopback", - "addresses": { - "127.0.0.1": { - "family": "inet", - "prefixlen": "8", - "netmask": "255.0.0.0", - "scope": "Node" - }, - "::1": { - "family": "inet6", - "prefixlen": "128", - "scope": "Node", - "tags": [ - - ] - } - }, - "state": "unknown", - "routes": [ - { - "destination": "::1", - "family": "inet6", - "metric": "256", - "proto": "kernel" - } - ] - }, - "eth0": { - "type": "eth", - "number": "0", - "mtu": "1500", - "flags": [ - "BROADCAST", - "MULTICAST", - "UP", - "LOWER_UP" - ], - "encapsulation": "Ethernet", - "addresses": { - "08:00:27:1F:3F:CD": { - "family": "lladdr" - }, - "10.0.2.15": { - "family": "inet", - "prefixlen": "24", - "netmask": "255.255.255.0", - "broadcast": "10.0.2.255", - "scope": "Global" - }, - "fe80::a00:27ff:fe1f:3fcd": { - "family": "inet6", - "prefixlen": "64", - "scope": "Link", - "tags": [ - - ] - } - }, - "state": "up", - "arp": { - "10.0.2.3": "52:54:00:12:35:03", - "10.0.2.2": "52:54:00:12:35:02" - }, - "routes": [ - { - "destination": "default", - "family": "inet", - "via": "10.0.2.2", - "metric": "100", - "proto": "dhcp", - "src": "10.0.2.15" - }, - { - "destination": "10.0.2.0/24", - "family": "inet", - "scope": "link", - "proto": "kernel", - "src": "10.0.2.15" - }, - { - "destination": "10.0.2.2", - "family": "inet", - "scope": "link", - "metric": "100", - "proto": "dhcp", - "src": "10.0.2.15" - }, - { - "destination": "fe80::/64", - "family": "inet6", - "metric": "256", - "proto": "kernel" - } - ], - "link_speed": 1000, - "duplex": "Full", - "port": "Twisted Pair", - "transceiver": "internal", - "auto_negotiation": "on", - "mdi_x": "off (auto)", - "ring_params": { - "max_rx": 4096, - "max_rx_mini": 0, - "max_rx_jumbo": 0, - "max_tx": 4096, - "current_rx": 256, - "current_rx_mini": 0, - "current_rx_jumbo": 0, - "current_tx": 256 - }, - "channel_params": { - - }, - "coalesce_params": { - "adaptive_rx": "off", - "adaptive_tx": "off", - "stats-block-usecs": 0, - "sample-interval": 0, - "pkt-rate-low": 0, - "pkt-rate-high": 0, - "rx-usecs": 0, - "rx-frames": 0, - "rx-usecs-irq": 0, - "rx-frames-irq": 0, - "tx-usecs": 0, - "tx-frames": 0, - "tx-usecs-irq": 0, - "tx-frames-irq": 0, - "rx-usecs-low": 0, - "rx-frames-low": 0, - "tx-usecs-low": 0, - "tx-frames-low": 0, - "rx-usecs-high": 0, - "rx-frames-high": 0, - "tx-usecs-high": 0, - "tx-frames-high": 0 - }, - "offload_params": { - "rx-checksumming": "off", - "tx-checksumming": "on", - "tx-checksum-ipv4": "off", - "tx-checksum-ip-generic": "on", - "tx-checksum-ipv6": "off", - "tx-checksum-fcoe-crc": "off", - "tx-checksum-sctp": "off", - "scatter-gather": "on", - "tx-scatter-gather": "on", - "tx-scatter-gather-fraglist": "off", - "tcp-segmentation-offload": "on", - "tx-tcp-segmentation": "on", - "tx-tcp-ecn-segmentation": "off", - "tx-tcp-mangleid-segmentation": "off", - "tx-tcp6-segmentation": "off", - "generic-segmentation-offload": "on", - "generic-receive-offload": "on", - "large-receive-offload": "off", - "rx-vlan-offload": "on", - "tx-vlan-offload": "on", - "ntuple-filters": "off", - "receive-hashing": "off", - "highdma": "off", - "rx-vlan-filter": "on", - "vlan-challenged": "off", - "tx-lockless": "off", - "netns-local": "off", - "tx-gso-robust": "off", - "tx-fcoe-segmentation": "off", - "tx-gre-segmentation": "off", - "tx-gre-csum-segmentation": "off", - "tx-ipxip4-segmentation": "off", - "tx-ipxip6-segmentation": "off", - "tx-udp_tnl-segmentation": "off", - "tx-udp_tnl-csum-segmentation": "off", - "tx-gso-partial": "off", - "tx-sctp-segmentation": "off", - "tx-esp-segmentation": "off", - "tx-udp-segmentation": "off", - "fcoe-mtu": "off", - "tx-nocache-copy": "off", - "loopback": "off", - "rx-fcs": "off", - "rx-all": "off", - "tx-vlan-stag-hw-insert": "off", - "rx-vlan-stag-hw-parse": "off", - "rx-vlan-stag-filter": "off", - "l2-fwd-offload": "off", - "hw-tc-offload": "off", - "esp-hw-offload": "off", - "esp-tx-csum-hw-offload": "off", - "rx-udp_tunnel-port-offload": "off", - "tls-hw-tx-offload": "off", - "tls-hw-rx-offload": "off", - "rx-gro-hw": "off", - "tls-hw-record": "off" - }, - "driver_info": { - "driver": "e1000", - "version": "7.3.21-k8-NAPI", - "firmware-version": "", - "expansion-rom-version": "", - "bus-info": "0000:00:03.0", - "supports-statistics": "yes", - "supports-test": "yes", - "supports-eeprom-access": "yes", - "supports-register-dump": "yes", - "supports-priv-flags": "no" - }, - "pause_params": { - "autonegotiate": true, - "rx": true, - "tx": false - } - }, - "eth1": { - "type": "eth", - "number": "1", - "mtu": "1500", - "flags": [ - "BROADCAST", - "MULTICAST", - "UP", - "LOWER_UP" - ], - "encapsulation": "Ethernet", - "addresses": { - "08:00:27:AE:F5:6C": { - "family": "lladdr" - }, - "192.168.56.7": { - "family": "inet", - "prefixlen": "24", - "netmask": "255.255.255.0", - "broadcast": "192.168.56.255", - "scope": "Global" - }, - "fe80::a00:27ff:feae:f56c": { - "family": "inet6", - "prefixlen": "64", - "scope": "Link", - "tags": [ - - ] - } - }, - "state": "up", - "routes": [ - { - "destination": "192.168.56.0/24", - "family": "inet", - "scope": "link", - "proto": "kernel", - "src": "192.168.56.7" - }, - { - "destination": "fe80::/64", - "family": "inet6", - "metric": "256", - "proto": "kernel" - } - ], - "link_speed": 1000, - "duplex": "Full", - "port": "Twisted Pair", - "transceiver": "internal", - "auto_negotiation": "on", - "mdi_x": "off (auto)", - "ring_params": { - "max_rx": 4096, - "max_rx_mini": 0, - "max_rx_jumbo": 0, - "max_tx": 4096, - "current_rx": 256, - "current_rx_mini": 0, - "current_rx_jumbo": 0, - "current_tx": 256 - }, - "channel_params": { - - }, - "coalesce_params": { - "adaptive_rx": "off", - "adaptive_tx": "off", - "stats-block-usecs": 0, - "sample-interval": 0, - "pkt-rate-low": 0, - "pkt-rate-high": 0, - "rx-usecs": 0, - "rx-frames": 0, - "rx-usecs-irq": 0, - "rx-frames-irq": 0, - "tx-usecs": 0, - "tx-frames": 0, - "tx-usecs-irq": 0, - "tx-frames-irq": 0, - "rx-usecs-low": 0, - "rx-frames-low": 0, - "tx-usecs-low": 0, - "tx-frames-low": 0, - "rx-usecs-high": 0, - "rx-frames-high": 0, - "tx-usecs-high": 0, - "tx-frames-high": 0 - }, - "offload_params": { - "rx-checksumming": "off", - "tx-checksumming": "on", - "tx-checksum-ipv4": "off", - "tx-checksum-ip-generic": "on", - "tx-checksum-ipv6": "off", - "tx-checksum-fcoe-crc": "off", - "tx-checksum-sctp": "off", - "scatter-gather": "on", - "tx-scatter-gather": "on", - "tx-scatter-gather-fraglist": "off", - "tcp-segmentation-offload": "on", - "tx-tcp-segmentation": "on", - "tx-tcp-ecn-segmentation": "off", - "tx-tcp-mangleid-segmentation": "off", - "tx-tcp6-segmentation": "off", - "generic-segmentation-offload": "on", - "generic-receive-offload": "on", - "large-receive-offload": "off", - "rx-vlan-offload": "on", - "tx-vlan-offload": "on", - "ntuple-filters": "off", - "receive-hashing": "off", - "highdma": "off", - "rx-vlan-filter": "on", - "vlan-challenged": "off", - "tx-lockless": "off", - "netns-local": "off", - "tx-gso-robust": "off", - "tx-fcoe-segmentation": "off", - "tx-gre-segmentation": "off", - "tx-gre-csum-segmentation": "off", - "tx-ipxip4-segmentation": "off", - "tx-ipxip6-segmentation": "off", - "tx-udp_tnl-segmentation": "off", - "tx-udp_tnl-csum-segmentation": "off", - "tx-gso-partial": "off", - "tx-sctp-segmentation": "off", - "tx-esp-segmentation": "off", - "tx-udp-segmentation": "off", - "fcoe-mtu": "off", - "tx-nocache-copy": "off", - "loopback": "off", - "rx-fcs": "off", - "rx-all": "off", - "tx-vlan-stag-hw-insert": "off", - "rx-vlan-stag-hw-parse": "off", - "rx-vlan-stag-filter": "off", - "l2-fwd-offload": "off", - "hw-tc-offload": "off", - "esp-hw-offload": "off", - "esp-tx-csum-hw-offload": "off", - "rx-udp_tunnel-port-offload": "off", - "tls-hw-tx-offload": "off", - "tls-hw-rx-offload": "off", - "rx-gro-hw": "off", - "tls-hw-record": "off" - }, - "driver_info": { - "driver": "e1000", - "version": "7.3.21-k8-NAPI", - "firmware-version": "", - "expansion-rom-version": "", - "bus-info": "0000:00:08.0", - "supports-statistics": "yes", - "supports-test": "yes", - "supports-eeprom-access": "yes", - "supports-register-dump": "yes", - "supports-priv-flags": "no" - }, - "pause_params": { - "autonegotiate": true, - "rx": true, - "tx": false - } - } - }, - "default_interface": "eth0", - "default_gateway": "10.0.2.2" - }, - "counters": { - "network": { - "interfaces": { - "lo": { - "tx": { - "queuelen": "1000", - "bytes": "7862", - "packets": "82", - "errors": "0", - "drop": "0", - "carrier": "0", - "collisions": "0" - }, - "rx": { - "bytes": "7862", - "packets": "82", - "errors": "0", - "drop": "0", - "overrun": "0" - } - }, - "eth0": { - "tx": { - "queuelen": "1000", - "bytes": "844859", - "packets": "5817", - "errors": "0", - "drop": "0", - "carrier": "0", - "collisions": "0" - }, - "rx": { - "bytes": "14775901", - "packets": "15223", - "errors": "0", - "drop": "0", - "overrun": "0" - } - }, - "eth1": { - "tx": { - "queuelen": "1000", - "bytes": "1506", - "packets": "19", - "errors": "0", - "drop": "0", - "carrier": "0", - "collisions": "0" - }, - "rx": { - "bytes": "11752", - "packets": "113", - "errors": "0", - "drop": "0", - "overrun": "0" - } - } - } - } - }, - "IPAddress": "10.0.2.2", - "ipaddress": "10.0.2.15", - "macaddress": "08:00:27:1F:3F:CD", - "ip6address": "fe80::a00:27ff:fe1f:3fcd", - "lsb": { - "id": "Ubuntu", - "description": "Ubuntu 20.04.6 LTS", - "release": "20.04", - "codename": "focal" - }, - "os": "linux", - "os_version": "5.4.0-144-generic", - "platform": "ubuntu", - "platform_version": "20.04", - "platform_family": "debian", - "uptime_seconds": 414, - "uptime": "6 minutes 54 seconds", - "idletime_seconds": 682, - "idletime": "11 minutes 22 seconds", - "dmi": { - "dmidecode_version": "3.2", - "smbios_version": "2.5", - "structures": { - "count": "10", - "size": "455" - }, - "table_location": "0x000E1000", - "bios": { - "all_records": [ - { - "record_id": "0x0000", - "size": "0", - "application_identifier": "BIOS Information", - "Vendor": "innotek GmbH", - "Version": "VirtualBox", - "Release Date": "12/01/2006", - "Address": "0xE0000", - "Runtime Size": "128 kB", - "ROM Size": "128 kB", - "Characteristics": { - "ACPI is supported": null - } - } - ], - "vendor": "innotek GmbH", - "version": "VirtualBox", - "release_date": "12/01/2006", - "address": "0xE0000", - "runtime_size": "128 kB", - "rom_size": "128 kB" - }, - "system": { - "all_records": [ - { - "record_id": "0x0001", - "size": "1", - "application_identifier": "System Information", - "Manufacturer": "innotek GmbH", - "Product Name": "VirtualBox", - "Version": "1.2", - "Serial Number": "0", - "UUID": "794bf05e-6c2f-c049-9676-cf9933edd148", - "Wake-up Type": "Power Switch", - "SKU Number": "Not Specified", - "Family": "Virtual Machine" - } - ], - "manufacturer": "innotek GmbH", - "product_name": "VirtualBox", - "version": "1.2", - "serial_number": "0", - "uuid": "794bf05e-6c2f-c049-9676-cf9933edd148", - "wake_up_type": "Power Switch", - "sku_number": "Not Specified", - "family": "Virtual Machine" - }, - "base_board": { - "all_records": [ - { - "record_id": "0x0008", - "size": "2", - "application_identifier": "Base Board Information", - "Manufacturer": "Oracle Corporation", - "Product Name": "VirtualBox", - "Version": "1.2", - "Serial Number": "0", - "Asset Tag": "Not Specified", - "Features": { - "Board is a hosting board": null - }, - "Location In Chassis": "Not Specified", - "Chassis Handle": "0x0003", - "Type": "Motherboard", - "Contained Object Handles": "0" - } - ], - "manufacturer": "Oracle Corporation", - "product_name": "VirtualBox", - "version": "1.2", - "serial_number": "0", - "asset_tag": "Not Specified", - "location_in_chassis": "Not Specified", - "chassis_handle": "0x0003", - "type": "Motherboard", - "contained_object_handles": "0" - }, - "chassis": { - "all_records": [ - { - "record_id": "0x0003", - "size": "3", - "application_identifier": "Chassis Information", - "Manufacturer": "Oracle Corporation", - "Type": "Other", - "Lock": "Not Present", - "Version": "Not Specified", - "Serial Number": "Not Specified", - "Asset Tag": "Not Specified", - "Boot-up State": "Safe", - "Power Supply State": "Safe", - "Thermal State": "Safe", - "Security Status": "None" - } - ], - "manufacturer": "Oracle Corporation", - "type": "Other", - "lock": "Not Present", - "version": "Not Specified", - "serial_number": "Not Specified", - "asset_tag": "Not Specified", - "boot_up_state": "Safe", - "power_supply_state": "Safe", - "thermal_state": "Safe", - "security_status": "None" - }, - "oem_strings": { - "all_records": [ - { - "record_id": "0x0002", - "size": "11", - "application_identifier": "OEM Strings", - "String 1": "vboxVer_7.0.8", - "String 2": "vboxRev_156879" - } - ], - "string_1": "vboxVer_7.0.8", - "string_2": "vboxRev_156879" - } - }, - "cpu": { - "numa_node_cpus": { - "0": [ - 0, - 1 - ] - }, - "vulnerability": { - "itlb_multihit": "KVM: Vulnerable", - "l1tf": "Mitigation; PTE Inversion", - "mds": "Mitigation; Clear CPU buffers; SMT Host state unknown", - "meltdown": "Mitigation; PTI", - "mmio_stale_data": "Unknown: No mitigations", - "retbleed": "Not affected", - "spec_store_bypass": "Vulnerable", - "spectre_v1": "Mitigation; usercopy/swapgs barriers and __user pointer sanitization", - "spectre_v2": "Mitigation; Retpolines, STIBP disabled, RSB filling, PBRSB-eIBRS Not affected", - "srbds": "Unknown: Dependent on hypervisor status", - "tsx_async_abort": "Not affected" - }, - "architecture": "x86_64", - "cpu_opmodes": [ - "32-bit", - "64-bit" - ], - "byte_order": "little endian", - "address_sizes": [ - "39 bits physical", - "48 bits virtual" - ], - "cpus": 2, - "cpus_online": 2, - "threads_per_core": 1, - "cores_per_socket": 2, - "sockets": 1, - "numa_nodes": 1, - "vendor_id": "GenuineIntel", - "family": "6", - "model": "61", - "model_name": "Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz", - "stepping": "4", - "mhz": "3109.596", - "bogomips": "6219.19", - "hypervisor_vendor": "KVM", - "virtualization_type": "full", - "l1d_cache": "64 KiB", - "l1i_cache": "64 KiB", - "l2_cache": "512 KiB", - "l3_cache": "8 MiB", - "flags": [ - "3dnowprefetch", - "abm", - "aes", - "apic", - "avx", - "avx2", - "bmi1", - "bmi2", - "clflush", - "cmov", - "constant_tsc", - "cpuid", - "cx16", - "cx8", - "de", - "flush_l1d", - "fpu", - "fsgsbase", - "fxsr", - "ht", - "hypervisor", - "invpcid", - "invpcid_single", - "lahf_lm", - "lm", - "mca", - "mce", - "md_clear", - "mmx", - "movbe", - "msr", - "mtrr", - "nonstop_tsc", - "nopl", - "nx", - "pae", - "pat", - "pcid", - "pclmulqdq", - "pge", - "pni", - "popcnt", - "pse", - "pse36", - "pti", - "rdrand", - "rdseed", - "rdtscp", - "rep_good", - "sep", - "sse", - "sse2", - "sse4_1", - "sse4_2", - "ssse3", - "syscall", - "tsc", - "tsc_known_freq", - "vme", - "x2apic", - "xsave", - "xtopology" - ], - "0": { - "vendor_id": "GenuineIntel", - "family": "6", - "model": "61", - "model_name": "Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz", - "stepping": "4", - "mhz": "3109.596", - "bogomips": "6219.19", - "cache_size": "4096 KB", - "physical_id": "0", - "core_id": "0", - "cores": "2", - "flags": [ - "3dnowprefetch", - "abm", - "aes", - "apic", - "avx", - "avx2", - "bmi1", - "bmi2", - "clflush", - "cmov", - "constant_tsc", - "cpuid", - "cx16", - "cx8", - "de", - "flush_l1d", - "fpu", - "fsgsbase", - "fxsr", - "ht", - "hypervisor", - "invpcid", - "invpcid_single", - "lahf_lm", - "lm", - "mca", - "mce", - "md_clear", - "mmx", - "movbe", - "msr", - "mtrr", - "nonstop_tsc", - "nopl", - "nx", - "pae", - "pat", - "pcid", - "pclmulqdq", - "pge", - "pni", - "popcnt", - "pse", - "pse36", - "pti", - "rdrand", - "rdseed", - "rdtscp", - "rep_good", - "sep", - "sse", - "sse2", - "sse4_1", - "sse4_2", - "ssse3", - "syscall", - "tsc", - "tsc_known_freq", - "vme", - "x2apic", - "xsave", - "xtopology" - ] - }, - "1": { - "vendor_id": "GenuineIntel", - "family": "6", - "model": "61", - "model_name": "Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz", - "stepping": "4", - "mhz": "3109.596", - "bogomips": "6219.19", - "cache_size": "4096 KB", - "physical_id": "0", - "core_id": "1", - "cores": "2", - "flags": [ - "3dnowprefetch", - "abm", - "aes", - "apic", - "avx", - "avx2", - "bmi1", - "bmi2", - "clflush", - "cmov", - "constant_tsc", - "cpuid", - "cx16", - "cx8", - "de", - "flush_l1d", - "fpu", - "fsgsbase", - "fxsr", - "ht", - "hypervisor", - "invpcid", - "invpcid_single", - "lahf_lm", - "lm", - "mca", - "mce", - "md_clear", - "mmx", - "movbe", - "msr", - "mtrr", - "nonstop_tsc", - "nopl", - "nx", - "pae", - "pat", - "pcid", - "pclmulqdq", - "pge", - "pni", - "popcnt", - "pse", - "pse36", - "pti", - "rdrand", - "rdseed", - "rdtscp", - "rep_good", - "sep", - "sse", - "sse2", - "sse4_1", - "sse4_2", - "ssse3", - "syscall", - "tsc", - "tsc_known_freq", - "vme", - "x2apic", - "xsave", - "xtopology" - ] - }, - "total": 2, - "real": 1, - "cores": 2 - }, - "virtualization": { - "systems": { - "vbox": "guest", - "kvm": "guest" - }, - "system": "vbox", - "role": "guest" - }, - "languages": { - "c": { - "gcc": { - "target": "x86_64-linux-gnu", - "configured_with": "../src/configure -v --with-pkgversion='Ubuntu 9.4.0-1ubuntu1~20.04.1' --with-bugurl=file:///usr/share/doc/gcc-9/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++,gm2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-9 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none=/build/gcc-9-Av3uEd/gcc-9-9.4.0/debian/tmp-nvptx/usr,hsa --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu", - "thread_model": "posix", - "description": "gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1) ", - "version": "9.4.0" - }, - "glibc": { - "version": "2.31", - "description": "ldd (Ubuntu GLIBC 2.31-0ubuntu9.9) 2.31" - } - }, - "perl": { - "version": "5.30.0", - "archname": "x86_64-linux-gnu-thread-multi" - }, - "ruby": { - "platform": "x86_64-linux", - "version": "3.1.2", - "release_date": "2022-04-12", - "target": "x86_64-pc-linux-gnu", - "target_cpu": "x86_64", - "target_vendor": "pc", - "target_os": "linux", - "host": "x86_64-pc-linux-gnu", - "host_cpu": "x86_64", - "host_os": "linux", - "host_vendor": "pc", - "bin_dir": "/opt/chef/embedded/bin", - "ruby_bin": "/opt/chef/embedded/bin/ruby", - "gem_bin": "/opt/chef/embedded/bin/gem", - "gems_dir": "/opt/chef/embedded/lib/ruby/gems/3.1.0" - } - }, - "chef_packages": { - "chef": { - "version": "18.2.7", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.2.7/lib", - "chef_effortless": null - }, - "ohai": { - "version": "18.1.4", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai" - } - }, - "hostname": "vagrant", - "machinename": "vagrant", - "fqdn": "vagrant", - "domain": null, - "cloud": null, - "command": { - "ps": "ps -ef" - }, - "filesystem": { - "by_device": { - "udev": { - "kb_size": "453936", - "kb_used": "0", - "kb_available": "453936", - "percent_used": "0%", - "total_inodes": "113484", - "inodes_used": "446", - "inodes_available": "113038", - "inodes_percent_used": "1%", - "fs_type": "devtmpfs", - "mount_options": [ - "rw", - "nosuid", - "noexec", - "relatime", - "size=453936k", - "nr_inodes=113484", - "mode=755" - ], - "mounts": [ - "/dev" - ] - }, - "tmpfs": { - "kb_size": "100008", - "kb_used": "0", - "kb_available": "100008", - "percent_used": "0%", - "total_inodes": "125014", - "inodes_used": "22", - "inodes_available": "124992", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "size=100012k", - "mode=755" - ], - "mounts": [ - "/run", - "/dev/shm", - "/run/lock", - "/sys/fs/cgroup", - "/run/user/1000", - "/run/snapd/ns" - ] - }, - "/dev/mapper/ubuntu--vg-ubuntu--lv": { - "kb_size": "31811408", - "kb_used": "4713468", - "kb_available": "25456468", - "percent_used": "16%", - "total_inodes": "2031616", - "inodes_used": "82131", - "inodes_available": "1949485", - "inodes_percent_used": "5%", - "fs_type": "ext4", - "mount_options": [ - "rw", - "relatime" - ], - "uuid": "5094cad6-67e0-4355-91b0-1b227e8543c5", - "mounts": [ - "/" - ] - }, - "/dev/loop0": { - "kb_size": "45440", - "kb_used": "45440", - "kb_available": "0", - "percent_used": "100%", - "total_inodes": "7578", - "inodes_used": "7578", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs", - "mounts": [ - "/snap/certbot/3024" - ] - }, - "/dev/loop1": { - "kb_size": "65024", - "kb_used": "65024", - "kb_available": "0", - "percent_used": "100%", - "total_inodes": "11995", - "inodes_used": "11995", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs", - "mounts": [ - "/snap/core20/1974" - ] - }, - "/dev/loop2": { - "kb_size": "69504", - "kb_used": "69504", - "kb_available": "0", - "percent_used": "100%", - "total_inodes": "802", - "inodes_used": "802", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs", - "mounts": [ - "/snap/lxd/22753" - ] - }, - "/dev/loop3": { - "kb_size": "63488", - "kb_used": "63488", - "kb_available": "0", - "percent_used": "100%", - "total_inodes": "11796", - "inodes_used": "11796", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs", - "mounts": [ - "/snap/core20/1611" - ] - }, - "/dev/loop4": { - "kb_size": "94080", - "kb_used": "94080", - "kb_available": "0", - "percent_used": "100%", - "total_inodes": "815", - "inodes_used": "815", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs", - "mounts": [ - "/snap/lxd/24061" - ] - }, - "/dev/loop5": { - "kb_size": "54656", - "kb_used": "54656", - "kb_available": "0", - "percent_used": "100%", - "total_inodes": "658", - "inodes_used": "658", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs", - "mounts": [ - "/snap/snapd/19457" - ] - }, - "/dev/sda2": { - "kb_size": "1992552", - "kb_used": "110144", - "kb_available": "1761168", - "percent_used": "6%", - "total_inodes": "131072", - "inodes_used": "312", - "inodes_available": "130760", - "inodes_percent_used": "1%", - "fs_type": "ext4", - "mount_options": [ - "rw", - "relatime" - ], - "uuid": "05435722-8e7e-40aa-b5d2-5184c0b6689d", - "mounts": [ - "/boot" - ] - }, - "v-csr-524d6d9d7": { - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "mounts": [ - "/tmp/vagrant-chef/684bf08740e3486eec20b3ab375f8262/roles" - ] - }, - "v-csn-37ac661fe": { - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "mounts": [ - "/tmp/vagrant-chef/e22fc1e54e0cb90e0934d8af18a90cca/nodes" - ] - }, - "v-csc-5f687d06d": { - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "mounts": [ - "/tmp/vagrant-chef/27bd5a87181d76e5a2018d762cc8de6c/cookbooks" - ] - }, - "v-csdb-14da598b0": { - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "mounts": [ - "/tmp/vagrant-chef/b00e039380287d2cafe248125e394aed/data_bags" - ] - }, - "v-cse-7e50697ec": { - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "mounts": [ - "/tmp/vagrant-chef/23f3d0294d42a3fd5366f42df05cb82e/environments" - ] - }, - "v-csc-cae6835df": { - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "mounts": [ - "/tmp/vagrant-chef/b09427e72b6807d57c9e510b8fa49441/cookbooks" - ] - }, - "vagrant": { - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "mounts": [ - "/vagrant" - ] - }, - "sysfs": { - "fs_type": "sysfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/sys" - ] - }, - "proc": { - "fs_type": "proc", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/proc" - ] - }, - "devpts": { - "fs_type": "devpts", - "mount_options": [ - "rw", - "nosuid", - "noexec", - "relatime", - "gid=5", - "mode=620", - "ptmxmode=000" - ], - "mounts": [ - "/dev/pts" - ] - }, - "securityfs": { - "fs_type": "securityfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/sys/kernel/security" - ] - }, - "cgroup2": { - "fs_type": "cgroup2", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "nsdelegate" - ], - "mounts": [ - "/sys/fs/cgroup/unified" - ] - }, - "cgroup": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "freezer" - ], - "mounts": [ - "/sys/fs/cgroup/systemd", - "/sys/fs/cgroup/pids", - "/sys/fs/cgroup/cpu,cpuacct", - "/sys/fs/cgroup/net_cls,net_prio", - "/sys/fs/cgroup/memory", - "/sys/fs/cgroup/perf_event", - "/sys/fs/cgroup/hugetlb", - "/sys/fs/cgroup/devices", - "/sys/fs/cgroup/rdma", - "/sys/fs/cgroup/cpuset", - "/sys/fs/cgroup/blkio", - "/sys/fs/cgroup/freezer" - ] - }, - "pstore": { - "fs_type": "pstore", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/sys/fs/pstore" - ] - }, - "none": { - "fs_type": "bpf", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "mode=700" - ], - "mounts": [ - "/sys/fs/bpf" - ] - }, - "systemd-1": { - "fs_type": "autofs", - "mount_options": [ - "rw", - "relatime", - "fd=29", - "pgrp=1", - "timeout=0", - "minproto=5", - "maxproto=5", - "direct", - "pipe_ino=16317" - ], - "mounts": [ - "/proc/sys/fs/binfmt_misc" - ] - }, - "mqueue": { - "fs_type": "mqueue", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/dev/mqueue" - ] - }, - "hugetlbfs": { - "fs_type": "hugetlbfs", - "mount_options": [ - "rw", - "relatime", - "pagesize=2M" - ], - "mounts": [ - "/dev/hugepages" - ] - }, - "debugfs": { - "fs_type": "debugfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/sys/kernel/debug" - ] - }, - "tracefs": { - "fs_type": "tracefs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/sys/kernel/tracing" - ] - }, - "fusectl": { - "fs_type": "fusectl", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/sys/fs/fuse/connections" - ] - }, - "configfs": { - "fs_type": "configfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/sys/kernel/config" - ] - }, - "binfmt_misc": { - "fs_type": "binfmt_misc", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "mounts": [ - "/proc/sys/fs/binfmt_misc" - ] - }, - "/var/lib/snapd/snaps/certbot_3024.snap": { - "fs_type": "squashfs", - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ], - "mounts": [ - "/snap/certbot/3024" - ] - }, - "/var/lib/snapd/snaps/core20_1974.snap": { - "fs_type": "squashfs", - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ], - "mounts": [ - "/snap/core20/1974" - ] - }, - "/var/lib/snapd/snaps/lxd_22753.snap": { - "fs_type": "squashfs", - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ], - "mounts": [ - "/snap/lxd/22753" - ] - }, - "/var/lib/snapd/snaps/core20_1611.snap": { - "fs_type": "squashfs", - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ], - "mounts": [ - "/snap/core20/1611" - ] - }, - "/var/lib/snapd/snaps/lxd_24061.snap": { - "fs_type": "squashfs", - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ], - "mounts": [ - "/snap/lxd/24061" - ] - }, - "/var/lib/snapd/snaps/snapd_19457.snap": { - "fs_type": "squashfs", - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ], - "mounts": [ - "/snap/snapd/19457" - ] - }, - "nsfs": { - "fs_type": "nsfs", - "mount_options": [ - "rw" - ], - "mounts": [ - "/run/snapd/ns/lxd.mnt" - ] - }, - "/vagrant": { - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "mounts": [ - "/vagrant" - ] - }, - "/dev/sda": { - "mounts": [ - - ] - }, - "/dev/sda1": { - "mounts": [ - - ] - }, - "/dev/sda3": { - "fs_type": "LVM2_member", - "uuid": "X1YpA1-Q38y-9ju0-fv0c-h2fy-EtLc-OrxBy5", - "mounts": [ - - ] - } - }, - "by_mountpoint": { - "/dev": { - "kb_size": "453936", - "kb_used": "0", - "kb_available": "453936", - "percent_used": "0%", - "total_inodes": "113484", - "inodes_used": "446", - "inodes_available": "113038", - "inodes_percent_used": "1%", - "fs_type": "devtmpfs", - "mount_options": [ - "rw", - "nosuid", - "noexec", - "relatime", - "size=453936k", - "nr_inodes=113484", - "mode=755" - ], - "devices": [ - "udev" - ] - }, - "/run": { - "kb_size": "100012", - "kb_used": "1084", - "kb_available": "98928", - "percent_used": "2%", - "total_inodes": "125014", - "inodes_used": "742", - "inodes_available": "124272", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "size=100012k", - "mode=755" - ], - "devices": [ - "tmpfs" - ] - }, - "/": { - "kb_size": "31811408", - "kb_used": "4713468", - "kb_available": "25456468", - "percent_used": "16%", - "total_inodes": "2031616", - "inodes_used": "82131", - "inodes_available": "1949485", - "inodes_percent_used": "5%", - "fs_type": "ext4", - "mount_options": [ - "rw", - "relatime" - ], - "uuid": "5094cad6-67e0-4355-91b0-1b227e8543c5", - "devices": [ - "/dev/mapper/ubuntu--vg-ubuntu--lv" - ] - }, - "/dev/shm": { - "kb_size": "500056", - "kb_used": "0", - "kb_available": "500056", - "percent_used": "0%", - "total_inodes": "125014", - "inodes_used": "1", - "inodes_available": "125013", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev" - ], - "devices": [ - "tmpfs" - ] - }, - "/run/lock": { - "kb_size": "5120", - "kb_used": "0", - "kb_available": "5120", - "percent_used": "0%", - "total_inodes": "125014", - "inodes_used": "4", - "inodes_available": "125010", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "size=5120k" - ], - "devices": [ - "tmpfs" - ] - }, - "/sys/fs/cgroup": { - "kb_size": "500056", - "kb_used": "0", - "kb_available": "500056", - "percent_used": "0%", - "total_inodes": "125014", - "inodes_used": "18", - "inodes_available": "124996", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "ro", - "nosuid", - "nodev", - "noexec", - "mode=755" - ], - "devices": [ - "tmpfs" - ] - }, - "/snap/certbot/3024": { - "kb_size": "45440", - "kb_used": "45440", - "kb_available": "0", - "percent_used": "100%", - "total_inodes": "7578", - "inodes_used": "7578", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs", - "devices": [ - "/dev/loop0", - "/var/lib/snapd/snaps/certbot_3024.snap" - ], - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ] - }, - "/snap/core20/1974": { - "kb_size": "65024", - "kb_used": "65024", - "kb_available": "0", - "percent_used": "100%", - "total_inodes": "11995", - "inodes_used": "11995", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs", - "devices": [ - "/dev/loop1", - "/var/lib/snapd/snaps/core20_1974.snap" - ], - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ] - }, - "/snap/lxd/22753": { - "kb_size": "69504", - "kb_used": "69504", - "kb_available": "0", - "percent_used": "100%", - "total_inodes": "802", - "inodes_used": "802", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs", - "devices": [ - "/dev/loop2", - "/var/lib/snapd/snaps/lxd_22753.snap" - ], - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ] - }, - "/snap/core20/1611": { - "kb_size": "63488", - "kb_used": "63488", - "kb_available": "0", - "percent_used": "100%", - "total_inodes": "11796", - "inodes_used": "11796", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs", - "devices": [ - "/dev/loop3", - "/var/lib/snapd/snaps/core20_1611.snap" - ], - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ] - }, - "/snap/lxd/24061": { - "kb_size": "94080", - "kb_used": "94080", - "kb_available": "0", - "percent_used": "100%", - "total_inodes": "815", - "inodes_used": "815", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs", - "devices": [ - "/dev/loop4", - "/var/lib/snapd/snaps/lxd_24061.snap" - ], - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ] - }, - "/snap/snapd/19457": { - "kb_size": "54656", - "kb_used": "54656", - "kb_available": "0", - "percent_used": "100%", - "total_inodes": "658", - "inodes_used": "658", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs", - "devices": [ - "/dev/loop5", - "/var/lib/snapd/snaps/snapd_19457.snap" - ], - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ] - }, - "/boot": { - "kb_size": "1992552", - "kb_used": "110144", - "kb_available": "1761168", - "percent_used": "6%", - "total_inodes": "131072", - "inodes_used": "312", - "inodes_available": "130760", - "inodes_percent_used": "1%", - "fs_type": "ext4", - "mount_options": [ - "rw", - "relatime" - ], - "uuid": "05435722-8e7e-40aa-b5d2-5184c0b6689d", - "devices": [ - "/dev/sda2" - ] - }, - "/tmp/vagrant-chef/684bf08740e3486eec20b3ab375f8262/roles": { - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "devices": [ - "v-csr-524d6d9d7" - ] - }, - "/tmp/vagrant-chef/e22fc1e54e0cb90e0934d8af18a90cca/nodes": { - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "devices": [ - "v-csn-37ac661fe" - ] - }, - "/tmp/vagrant-chef/27bd5a87181d76e5a2018d762cc8de6c/cookbooks": { - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "devices": [ - "v-csc-5f687d06d" - ] - }, - "/tmp/vagrant-chef/b00e039380287d2cafe248125e394aed/data_bags": { - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "devices": [ - "v-csdb-14da598b0" - ] - }, - "/tmp/vagrant-chef/23f3d0294d42a3fd5366f42df05cb82e/environments": { - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "devices": [ - "v-cse-7e50697ec" - ] - }, - "/tmp/vagrant-chef/b09427e72b6807d57c9e510b8fa49441/cookbooks": { - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ], - "devices": [ - "v-csc-cae6835df" - ] - }, - "/vagrant": { - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "devices": [ - "vagrant", - "/vagrant" - ], - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ] - }, - "/run/user/1000": { - "kb_size": "100008", - "kb_used": "0", - "kb_available": "100008", - "percent_used": "0%", - "total_inodes": "125014", - "inodes_used": "22", - "inodes_available": "124992", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "relatime", - "size=100008k", - "mode=700", - "uid=1000", - "gid=1000" - ], - "devices": [ - "tmpfs" - ] - }, - "/sys": { - "fs_type": "sysfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "sysfs" - ] - }, - "/proc": { - "fs_type": "proc", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "proc" - ] - }, - "/dev/pts": { - "fs_type": "devpts", - "mount_options": [ - "rw", - "nosuid", - "noexec", - "relatime", - "gid=5", - "mode=620", - "ptmxmode=000" - ], - "devices": [ - "devpts" - ] - }, - "/sys/kernel/security": { - "fs_type": "securityfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "securityfs" - ] - }, - "/sys/fs/cgroup/unified": { - "fs_type": "cgroup2", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "nsdelegate" - ], - "devices": [ - "cgroup2" - ] - }, - "/sys/fs/cgroup/systemd": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "xattr", - "name=systemd" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/pstore": { - "fs_type": "pstore", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "pstore" - ] - }, - "/sys/fs/bpf": { - "fs_type": "bpf", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "mode=700" - ], - "devices": [ - "none" - ] - }, - "/sys/fs/cgroup/pids": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "pids" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/cpu,cpuacct": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "cpu", - "cpuacct" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/net_cls,net_prio": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "net_cls", - "net_prio" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/memory": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "memory" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/perf_event": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "perf_event" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/hugetlb": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "hugetlb" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/devices": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "devices" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/rdma": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "rdma" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/cpuset": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "cpuset" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/blkio": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "blkio" - ], - "devices": [ - "cgroup" - ] - }, - "/sys/fs/cgroup/freezer": { - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "freezer" - ], - "devices": [ - "cgroup" - ] - }, - "/proc/sys/fs/binfmt_misc": { - "fs_type": "binfmt_misc", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "systemd-1", - "binfmt_misc" - ] - }, - "/dev/mqueue": { - "fs_type": "mqueue", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "mqueue" - ] - }, - "/dev/hugepages": { - "fs_type": "hugetlbfs", - "mount_options": [ - "rw", - "relatime", - "pagesize=2M" - ], - "devices": [ - "hugetlbfs" - ] - }, - "/sys/kernel/debug": { - "fs_type": "debugfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "debugfs" - ] - }, - "/sys/kernel/tracing": { - "fs_type": "tracefs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "tracefs" - ] - }, - "/sys/fs/fuse/connections": { - "fs_type": "fusectl", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "fusectl" - ] - }, - "/sys/kernel/config": { - "fs_type": "configfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ], - "devices": [ - "configfs" - ] - }, - "/run/snapd/ns": { - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "size=100012k", - "mode=755" - ], - "devices": [ - "tmpfs" - ] - }, - "/run/snapd/ns/lxd.mnt": { - "fs_type": "nsfs", - "mount_options": [ - "rw" - ], - "devices": [ - "nsfs" - ] - } - }, - "by_pair": { - "udev,/dev": { - "device": "udev", - "kb_size": "453936", - "kb_used": "0", - "kb_available": "453936", - "percent_used": "0%", - "mount": "/dev", - "total_inodes": "113484", - "inodes_used": "446", - "inodes_available": "113038", - "inodes_percent_used": "1%", - "fs_type": "devtmpfs", - "mount_options": [ - "rw", - "nosuid", - "noexec", - "relatime", - "size=453936k", - "nr_inodes=113484", - "mode=755" - ] - }, - "tmpfs,/run": { - "device": "tmpfs", - "kb_size": "100012", - "kb_used": "1084", - "kb_available": "98928", - "percent_used": "2%", - "mount": "/run", - "total_inodes": "125014", - "inodes_used": "742", - "inodes_available": "124272", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "size=100012k", - "mode=755" - ] - }, - "/dev/mapper/ubuntu--vg-ubuntu--lv,/": { - "device": "/dev/mapper/ubuntu--vg-ubuntu--lv", - "kb_size": "31811408", - "kb_used": "4713468", - "kb_available": "25456468", - "percent_used": "16%", - "mount": "/", - "total_inodes": "2031616", - "inodes_used": "82131", - "inodes_available": "1949485", - "inodes_percent_used": "5%", - "fs_type": "ext4", - "mount_options": [ - "rw", - "relatime" - ], - "uuid": "5094cad6-67e0-4355-91b0-1b227e8543c5" - }, - "tmpfs,/dev/shm": { - "device": "tmpfs", - "kb_size": "500056", - "kb_used": "0", - "kb_available": "500056", - "percent_used": "0%", - "mount": "/dev/shm", - "total_inodes": "125014", - "inodes_used": "1", - "inodes_available": "125013", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev" - ] - }, - "tmpfs,/run/lock": { - "device": "tmpfs", - "kb_size": "5120", - "kb_used": "0", - "kb_available": "5120", - "percent_used": "0%", - "mount": "/run/lock", - "total_inodes": "125014", - "inodes_used": "4", - "inodes_available": "125010", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "size=5120k" - ] - }, - "tmpfs,/sys/fs/cgroup": { - "device": "tmpfs", - "kb_size": "500056", - "kb_used": "0", - "kb_available": "500056", - "percent_used": "0%", - "mount": "/sys/fs/cgroup", - "total_inodes": "125014", - "inodes_used": "18", - "inodes_available": "124996", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "ro", - "nosuid", - "nodev", - "noexec", - "mode=755" - ] - }, - "/dev/loop0,/snap/certbot/3024": { - "device": "/dev/loop0", - "kb_size": "45440", - "kb_used": "45440", - "kb_available": "0", - "percent_used": "100%", - "mount": "/snap/certbot/3024", - "total_inodes": "7578", - "inodes_used": "7578", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs" - }, - "/dev/loop1,/snap/core20/1974": { - "device": "/dev/loop1", - "kb_size": "65024", - "kb_used": "65024", - "kb_available": "0", - "percent_used": "100%", - "mount": "/snap/core20/1974", - "total_inodes": "11995", - "inodes_used": "11995", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs" - }, - "/dev/loop2,/snap/lxd/22753": { - "device": "/dev/loop2", - "kb_size": "69504", - "kb_used": "69504", - "kb_available": "0", - "percent_used": "100%", - "mount": "/snap/lxd/22753", - "total_inodes": "802", - "inodes_used": "802", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs" - }, - "/dev/loop3,/snap/core20/1611": { - "device": "/dev/loop3", - "kb_size": "63488", - "kb_used": "63488", - "kb_available": "0", - "percent_used": "100%", - "mount": "/snap/core20/1611", - "total_inodes": "11796", - "inodes_used": "11796", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs" - }, - "/dev/loop4,/snap/lxd/24061": { - "device": "/dev/loop4", - "kb_size": "94080", - "kb_used": "94080", - "kb_available": "0", - "percent_used": "100%", - "mount": "/snap/lxd/24061", - "total_inodes": "815", - "inodes_used": "815", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs" - }, - "/dev/loop5,/snap/snapd/19457": { - "device": "/dev/loop5", - "kb_size": "54656", - "kb_used": "54656", - "kb_available": "0", - "percent_used": "100%", - "mount": "/snap/snapd/19457", - "total_inodes": "658", - "inodes_used": "658", - "inodes_available": "0", - "inodes_percent_used": "100%", - "fs_type": "squashfs" - }, - "/dev/sda2,/boot": { - "device": "/dev/sda2", - "kb_size": "1992552", - "kb_used": "110144", - "kb_available": "1761168", - "percent_used": "6%", - "mount": "/boot", - "total_inodes": "131072", - "inodes_used": "312", - "inodes_available": "130760", - "inodes_percent_used": "1%", - "fs_type": "ext4", - "mount_options": [ - "rw", - "relatime" - ], - "uuid": "05435722-8e7e-40aa-b5d2-5184c0b6689d" - }, - "v-csr-524d6d9d7,/tmp/vagrant-chef/684bf08740e3486eec20b3ab375f8262/roles": { - "device": "v-csr-524d6d9d7", - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "mount": "/tmp/vagrant-chef/684bf08740e3486eec20b3ab375f8262/roles", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ] - }, - "v-csn-37ac661fe,/tmp/vagrant-chef/e22fc1e54e0cb90e0934d8af18a90cca/nodes": { - "device": "v-csn-37ac661fe", - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "mount": "/tmp/vagrant-chef/e22fc1e54e0cb90e0934d8af18a90cca/nodes", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ] - }, - "v-csc-5f687d06d,/tmp/vagrant-chef/27bd5a87181d76e5a2018d762cc8de6c/cookbooks": { - "device": "v-csc-5f687d06d", - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "mount": "/tmp/vagrant-chef/27bd5a87181d76e5a2018d762cc8de6c/cookbooks", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ] - }, - "v-csdb-14da598b0,/tmp/vagrant-chef/b00e039380287d2cafe248125e394aed/data_bags": { - "device": "v-csdb-14da598b0", - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "mount": "/tmp/vagrant-chef/b00e039380287d2cafe248125e394aed/data_bags", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ] - }, - "v-cse-7e50697ec,/tmp/vagrant-chef/23f3d0294d42a3fd5366f42df05cb82e/environments": { - "device": "v-cse-7e50697ec", - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "mount": "/tmp/vagrant-chef/23f3d0294d42a3fd5366f42df05cb82e/environments", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ] - }, - "v-csc-cae6835df,/tmp/vagrant-chef/b09427e72b6807d57c9e510b8fa49441/cookbooks": { - "device": "v-csc-cae6835df", - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "mount": "/tmp/vagrant-chef/b09427e72b6807d57c9e510b8fa49441/cookbooks", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ] - }, - "vagrant,/vagrant": { - "device": "vagrant", - "kb_size": "488347692", - "kb_used": "479440892", - "kb_available": "8906800", - "percent_used": "99%", - "mount": "/vagrant" - }, - "tmpfs,/run/user/1000": { - "device": "tmpfs", - "kb_size": "100008", - "kb_used": "0", - "kb_available": "100008", - "percent_used": "0%", - "mount": "/run/user/1000", - "total_inodes": "125014", - "inodes_used": "22", - "inodes_available": "124992", - "inodes_percent_used": "1%", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "relatime", - "size=100008k", - "mode=700", - "uid=1000", - "gid=1000" - ] - }, - "sysfs,/sys": { - "device": "sysfs", - "mount": "/sys", - "fs_type": "sysfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "proc,/proc": { - "device": "proc", - "mount": "/proc", - "fs_type": "proc", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "devpts,/dev/pts": { - "device": "devpts", - "mount": "/dev/pts", - "fs_type": "devpts", - "mount_options": [ - "rw", - "nosuid", - "noexec", - "relatime", - "gid=5", - "mode=620", - "ptmxmode=000" - ] - }, - "securityfs,/sys/kernel/security": { - "device": "securityfs", - "mount": "/sys/kernel/security", - "fs_type": "securityfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "cgroup2,/sys/fs/cgroup/unified": { - "device": "cgroup2", - "mount": "/sys/fs/cgroup/unified", - "fs_type": "cgroup2", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "nsdelegate" - ] - }, - "cgroup,/sys/fs/cgroup/systemd": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/systemd", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "xattr", - "name=systemd" - ] - }, - "pstore,/sys/fs/pstore": { - "device": "pstore", - "mount": "/sys/fs/pstore", - "fs_type": "pstore", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "none,/sys/fs/bpf": { - "device": "none", - "mount": "/sys/fs/bpf", - "fs_type": "bpf", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "mode=700" - ] - }, - "cgroup,/sys/fs/cgroup/pids": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/pids", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "pids" - ] - }, - "cgroup,/sys/fs/cgroup/cpu,cpuacct": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/cpu,cpuacct", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "cpu", - "cpuacct" - ] - }, - "cgroup,/sys/fs/cgroup/net_cls,net_prio": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/net_cls,net_prio", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "net_cls", - "net_prio" - ] - }, - "cgroup,/sys/fs/cgroup/memory": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/memory", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "memory" - ] - }, - "cgroup,/sys/fs/cgroup/perf_event": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/perf_event", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "perf_event" - ] - }, - "cgroup,/sys/fs/cgroup/hugetlb": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/hugetlb", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "hugetlb" - ] - }, - "cgroup,/sys/fs/cgroup/devices": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/devices", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "devices" - ] - }, - "cgroup,/sys/fs/cgroup/rdma": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/rdma", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "rdma" - ] - }, - "cgroup,/sys/fs/cgroup/cpuset": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/cpuset", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "cpuset" - ] - }, - "cgroup,/sys/fs/cgroup/blkio": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/blkio", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "blkio" - ] - }, - "cgroup,/sys/fs/cgroup/freezer": { - "device": "cgroup", - "mount": "/sys/fs/cgroup/freezer", - "fs_type": "cgroup", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "freezer" - ] - }, - "systemd-1,/proc/sys/fs/binfmt_misc": { - "device": "systemd-1", - "mount": "/proc/sys/fs/binfmt_misc", - "fs_type": "autofs", - "mount_options": [ - "rw", - "relatime", - "fd=29", - "pgrp=1", - "timeout=0", - "minproto=5", - "maxproto=5", - "direct", - "pipe_ino=16317" - ] - }, - "mqueue,/dev/mqueue": { - "device": "mqueue", - "mount": "/dev/mqueue", - "fs_type": "mqueue", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "hugetlbfs,/dev/hugepages": { - "device": "hugetlbfs", - "mount": "/dev/hugepages", - "fs_type": "hugetlbfs", - "mount_options": [ - "rw", - "relatime", - "pagesize=2M" - ] - }, - "debugfs,/sys/kernel/debug": { - "device": "debugfs", - "mount": "/sys/kernel/debug", - "fs_type": "debugfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "tracefs,/sys/kernel/tracing": { - "device": "tracefs", - "mount": "/sys/kernel/tracing", - "fs_type": "tracefs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "fusectl,/sys/fs/fuse/connections": { - "device": "fusectl", - "mount": "/sys/fs/fuse/connections", - "fs_type": "fusectl", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "configfs,/sys/kernel/config": { - "device": "configfs", - "mount": "/sys/kernel/config", - "fs_type": "configfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "binfmt_misc,/proc/sys/fs/binfmt_misc": { - "device": "binfmt_misc", - "mount": "/proc/sys/fs/binfmt_misc", - "fs_type": "binfmt_misc", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime" - ] - }, - "/var/lib/snapd/snaps/certbot_3024.snap,/snap/certbot/3024": { - "device": "/var/lib/snapd/snaps/certbot_3024.snap", - "mount": "/snap/certbot/3024", - "fs_type": "squashfs", - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ] - }, - "/var/lib/snapd/snaps/core20_1974.snap,/snap/core20/1974": { - "device": "/var/lib/snapd/snaps/core20_1974.snap", - "mount": "/snap/core20/1974", - "fs_type": "squashfs", - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ] - }, - "/var/lib/snapd/snaps/lxd_22753.snap,/snap/lxd/22753": { - "device": "/var/lib/snapd/snaps/lxd_22753.snap", - "mount": "/snap/lxd/22753", - "fs_type": "squashfs", - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ] - }, - "/var/lib/snapd/snaps/core20_1611.snap,/snap/core20/1611": { - "device": "/var/lib/snapd/snaps/core20_1611.snap", - "mount": "/snap/core20/1611", - "fs_type": "squashfs", - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ] - }, - "/var/lib/snapd/snaps/lxd_24061.snap,/snap/lxd/24061": { - "device": "/var/lib/snapd/snaps/lxd_24061.snap", - "mount": "/snap/lxd/24061", - "fs_type": "squashfs", - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ] - }, - "/var/lib/snapd/snaps/snapd_19457.snap,/snap/snapd/19457": { - "device": "/var/lib/snapd/snaps/snapd_19457.snap", - "mount": "/snap/snapd/19457", - "fs_type": "squashfs", - "mount_options": [ - "ro", - "nodev", - "relatime", - "x-gdu.hide" - ] - }, - "tmpfs,/run/snapd/ns": { - "device": "tmpfs", - "mount": "/run/snapd/ns", - "fs_type": "tmpfs", - "mount_options": [ - "rw", - "nosuid", - "nodev", - "noexec", - "relatime", - "size=100012k", - "mode=755" - ] - }, - "nsfs,/run/snapd/ns/lxd.mnt": { - "device": "nsfs", - "mount": "/run/snapd/ns/lxd.mnt", - "fs_type": "nsfs", - "mount_options": [ - "rw" - ] - }, - "/vagrant,/vagrant": { - "device": "/vagrant", - "mount": "/vagrant", - "fs_type": "vboxsf", - "mount_options": [ - "rw", - "nodev", - "relatime", - "iocharset=utf8", - "uid=1000", - "gid=1000", - "_netdev" - ] - }, - "/dev/sda,": { - "device": "/dev/sda" - }, - "/dev/sda1,": { - "device": "/dev/sda1" - }, - "/dev/sda3,": { - "device": "/dev/sda3", - "fs_type": "LVM2_member", - "uuid": "X1YpA1-Q38y-9ju0-fv0c-h2fy-EtLc-OrxBy5" - } - } - }, - "fips": { - "kernel": { - "enabled": false - } - }, - "init_package": "systemd", - "keys": { - "ssh": { - "host_dsa_public": "AAAAB3NzaC1kc3MAAACBANy/rzIdmt+J5qQ7dsgf3OTW7XajGPHDirc1LHrcFVYVdWqLMQR6EpNu+dotvrKlCjhylvXNag+/2/UJnQbQViM/ZpgLh9vvN/9P7usXLlRKst3G5EWS2DQLRUhz0qoy6FAiJdd6PoPYyWP1TdmVirZ9usJYe4FcFyLDgXhQw0NvAAAAFQD15BjWt9zDJ+xWjfy2xmUnliSAqwAAAIEAuzewdfu6D3l9rtFcyox6jSEOQJHC25QKxXfbcXrUevRd8CQ5jFGHup+IxFujTli5Tmh+n/tXZ7d7Nk8XedisI9ep4qrKJjMMLbSRcqYAgH3DthzHt7CJZZEZnAZ8BtozIU8v8sNLJvDpuh9PzsucfcHUKExoa+uTGjYuxMPbI+kAAACBANfV089Ojl2StLl8Jc6mCChfDhaIr5CKsDARrUPy/+eB1AOP3/9VOL+BWBJIa+eQYpdGzpSjSFNQO0vncXZykMQTPFBejbdqqfJyied7+LLYLWVpAbUgKIFes5bkgS8410vciB1ReRiG6SQIZhsKWoFOHI4v6NBnvpjMOlisoJok", - "host_rsa_public": "AAAAB3NzaC1yc2EAAAADAQABAAABgQDnYrrHWCgE+BazpPl2QBJzId3bV+iAx8PyDCCxsZ8nWVh2u4vg0IGqvSeui76CPDMT0DbqQKF/+JwOmqg7uEbuTgJ59VROpCmhdtv1x4ZTvuTTYzBSe6YDFt5yMQ+tDoBOHLG34gLHcP1UdnuEpYdD7bcpnTuy06pMjGujCp6IdTg4VD4rEvOcB9tAIyeQNWsSTP3EQ5qZYNQZKlpC+z22KVtH7eEvHWY/FrQgV1micY1v6OUSR4rxi5VcQx8oOyCe17vHff6zKWI3dNR6gEueXyoUJIKRZqlLCrRmYDErYmQokxWRekJma+4EJH7SxpWHc7hDSsYnwyCCYSt+MjImpNoiKZaU765YW5mp1CRo1C56uj9vVAIgKY7nieAruPs2Hr+Xtf/VufGQ6HrNgsn3gLvj6HwqB5bI+WKEzaMOVvbvRZMwSgzsTjYdJkwbPHnHKUrarbgwWQTf6/R5wlVzxicR6QrMupgDBIswJzVUeFNZUG9MRZnlE+fwWQs8kIU=", - "host_ecdsa_public": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEcWoP5g2MRsO15uBbGS2IsxIh4c43or7Sjwpvbom3bVxg8EPs+f+llfirx1v6cbA54wh9idMw/WCmlF1NX/tYQ=", - "host_ecdsa_type": "ecdsa-sha2-nistp256", - "host_ed25519_public": "AAAAC3NzaC1lZDI1NTE5AAAAIPOp2x7PlK40yCf0Jmqy7+E45lTHi/3D/T8qNXUPWefU" - } - }, - "block_device": { - "dm-0": { - "size": "65003520", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop0": { - "size": "90664", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop1": { - "size": "129944", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop2": { - "size": "138880", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop3": { - "size": "126888", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop4": { - "size": "188072", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop5": { - "size": "109072", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop6": { - "size": "0", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "loop7": { - "size": "0", - "removable": "0", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - }, - "sda": { - "size": "134217728", - "removable": "0", - "model": "VBOX HARDDISK", - "rev": "1.0", - "state": "running", - "timeout": "30", - "vendor": "ATA", - "queue_depth": "32", - "rotational": "1", - "physical_block_size": "512", - "logical_block_size": "512" - } - }, - "hostnamectl": { - "static_hostname": "vagrant", - "icon_name": "computer-vm", - "chassis": "vm", - "machine_id": "c049f3c1645541c08fbb2fcb71e1ef02", - "boot_id": "943965222b594a6b8574b9228de4a98a", - "virtualization": "oracle", - "operating_system": "Ubuntu 20.04.6 LTS", - "kernel": "Linux 5.4.0-144-generic", - "architecture": "x86-64" - }, - "machine_id": "c049f3c1645541c08fbb2fcb71e1ef02", - "os_release": { - "name": "Ubuntu", - "version": "20.04.6 LTS (Focal Fossa)", - "id": "ubuntu", - "id_like": [ - "debian" - ], - "pretty_name": "Ubuntu 20.04.6 LTS", - "version_id": "20.04", - "home_url": "https://www.ubuntu.com/", - "support_url": "https://help.ubuntu.com/", - "bug_report_url": "https://bugs.launchpad.net/ubuntu/", - "privacy_policy_url": "https://www.ubuntu.com/legal/terms-and-policies/privacy-policy", - "version_codename": "focal", - "ubuntu_codename": "focal" - }, - "systemd_paths": { - "temporary": "/tmp", - "temporary-large": "/var/tmp", - "system-binaries": "/usr/bin", - "system-include": "/usr/include", - "system-library-private": "/usr/lib", - "system-library-arch": "/usr/lib/x86_64-linux-gnu", - "system-shared": "/usr/share", - "system-configuration-factory": "/usr/share/factory/etc", - "system-state-factory": "/usr/share/factory/var", - "system-configuration": "/etc", - "system-runtime": "/run", - "system-runtime-logs": "/run/log", - "system-state-private": "/var/lib", - "system-state-logs": "/var/log", - "system-state-cache": "/var/cache", - "system-state-spool": "/var/spool", - "user-binaries": "/root/.local/bin", - "user-library-private": "/root/.local/lib", - "user-library-arch": "/root/.local/lib/x86_64-linux-gnu", - "user-shared": "/root/.local/share", - "user-configuration": "/root/.config", - "user-runtime": "/run/user/1000", - "user-state-cache": "/root/.cache", - "user": "/root", - "user-documents": "/root", - "user-music": "/root", - "user-pictures": "/root", - "user-videos": "/root", - "user-download": "/root", - "user-public": "/root", - "user-templates": "/root", - "user-desktop": "/root/Desktop", - "search-binaries": "/opt/chef/embedded/bin", - "search-binaries-default": "/usr/local/sbin", - "search-library-private": "/root/.local/lib", - "search-library-arch": "/root/.local/lib/x86_64-linux-gnu", - "search-shared": "/root/.local/share", - "search-configuration-factory": "/usr/local/share/factory/etc", - "search-state-factory": "/usr/local/share/factory/var", - "search-configuration": "/root/.config" - }, - "ohai_time": 1689753644.3547325, - "packages": { - "accountsservice": { - "version": "0.6.55-0ubuntu12~20.04.5", - "arch": "amd64" - }, - "adduser": { - "version": "3.118ubuntu2", - "arch": "all" - }, - "alsa-topology-conf": { - "version": "1.2.2-1", - "arch": "all" - }, - "alsa-ucm-conf": { - "version": "1.2.2-1ubuntu0.13", - "arch": "all" - }, - "amd64-microcode": { - "version": "3.20191218.1ubuntu1", - "arch": "amd64" - }, - "apparmor": { - "version": "2.13.3-7ubuntu5.1", - "arch": "amd64" - }, - "apport": { - "version": "2.20.11-0ubuntu27.25", - "arch": "all" - }, - "apport-symptoms": { - "version": "0.23", - "arch": "all" - }, - "apt": { - "version": "2.0.9", - "arch": "amd64" - }, - "apt-transport-https": { - "version": "2.0.9", - "arch": "all" - }, - "apt-utils": { - "version": "2.0.9", - "arch": "amd64" - }, - "at": { - "version": "3.1.23-1ubuntu1", - "arch": "amd64" - }, - "autoconf": { - "version": "2.69-11.1", - "arch": "all" - }, - "automake": { - "version": "1:1.16.1-4ubuntu6", - "arch": "all" - }, - "autotools-dev": { - "version": "20180224.1", - "arch": "all" - }, - "base-files": { - "version": "11ubuntu5.7", - "arch": "amd64" - }, - "base-passwd": { - "version": "3.5.47", - "arch": "amd64" - }, - "bash": { - "version": "5.0-6ubuntu1.2", - "arch": "amd64" - }, - "bc": { - "version": "1.07.1-2build1", - "arch": "amd64" - }, - "bcache-tools": { - "version": "1.0.8-3ubuntu0.1", - "arch": "amd64" - }, - "bind9-dnsutils": { - "version": "1:9.16.1-0ubuntu2.12", - "arch": "amd64" - }, - "bind9-host": { - "version": "1:9.16.1-0ubuntu2.12", - "arch": "amd64" - }, - "bind9-libs": { - "version": "1:9.16.1-0ubuntu2.12", - "arch": "amd64" - }, - "binutils": { - "version": "2.34-6ubuntu1.4", - "arch": "amd64" - }, - "binutils-common": { - "version": "2.34-6ubuntu1.4", - "arch": "amd64" - }, - "binutils-doc": { - "version": "2.34-6ubuntu1.6", - "arch": "all" - }, - "binutils-x86-64-linux-gnu": { - "version": "2.34-6ubuntu1.4", - "arch": "amd64" - }, - "bison": { - "version": "2:3.5.1+dfsg-1", - "arch": "amd64" - }, - "bolt": { - "version": "0.9.1-2~ubuntu20.04.1", - "arch": "amd64" - }, - "bsd-mailx": { - "version": "8.1.2-0.20180807cvs-1", - "arch": "amd64" - }, - "bsdmainutils": { - "version": "11.1.2ubuntu3", - "arch": "amd64" - }, - "bsdutils": { - "version": "1:2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "btrfs-progs": { - "version": "5.4.1-2", - "arch": "amd64" - }, - "build-essential": { - "version": "12.8ubuntu1.1", - "arch": "amd64" - }, - "busybox-initramfs": { - "version": "1:1.30.1-4ubuntu6.4", - "arch": "amd64" - }, - "busybox-static": { - "version": "1:1.30.1-4ubuntu6.4", - "arch": "amd64" - }, - "byobu": { - "version": "5.133-0ubuntu1", - "arch": "all" - }, - "bzip2": { - "version": "1.0.8-2", - "arch": "amd64" - }, - "ca-certificates": { - "version": "20211016ubuntu0.20.04.1", - "arch": "all" - }, - "chef": { - "version": "18.2.7-1", - "arch": "amd64" - }, - "cloud-guest-utils": { - "version": "0.31-7-gd99b2d76-0ubuntu1", - "arch": "all" - }, - "cloud-init": { - "version": "22.4.2-0ubuntu0~20.04.2", - "arch": "all" - }, - "cloud-initramfs-copymods": { - "version": "0.45ubuntu2", - "arch": "all" - }, - "cloud-initramfs-dyn-netconf": { - "version": "0.45ubuntu2", - "arch": "all" - }, - "console-setup": { - "version": "1.194ubuntu3", - "arch": "all" - }, - "console-setup-linux": { - "version": "1.194ubuntu3", - "arch": "all" - }, - "coreutils": { - "version": "8.30-3ubuntu2", - "arch": "amd64" - }, - "cpio": { - "version": "2.13+dfsg-2ubuntu0.3", - "arch": "amd64" - }, - "cpp": { - "version": "4:9.3.0-1ubuntu2", - "arch": "amd64" - }, - "cpp-9": { - "version": "9.4.0-1ubuntu1~20.04.1", - "arch": "amd64" - }, - "crda": { - "version": "3.18-1build1", - "arch": "amd64" - }, - "cron": { - "version": "3.0pl1-136ubuntu1", - "arch": "amd64" - }, - "cryptsetup": { - "version": "2:2.2.2-3ubuntu2.4", - "arch": "amd64" - }, - "cryptsetup-bin": { - "version": "2:2.2.2-3ubuntu2.4", - "arch": "amd64" - }, - "cryptsetup-initramfs": { - "version": "2:2.2.2-3ubuntu2.4", - "arch": "all" - }, - "cryptsetup-run": { - "version": "2:2.2.2-3ubuntu2.4", - "arch": "all" - }, - "curl": { - "version": "7.68.0-1ubuntu2.18", - "arch": "amd64" - }, - "dash": { - "version": "0.5.10.2-6", - "arch": "amd64" - }, - "dbus": { - "version": "1.12.16-2ubuntu2.3", - "arch": "amd64" - }, - "dbus-user-session": { - "version": "1.12.16-2ubuntu2.3", - "arch": "amd64" - }, - "dconf-gsettings-backend": { - "version": "0.36.0-1", - "arch": "amd64" - }, - "dconf-service": { - "version": "0.36.0-1", - "arch": "amd64" - }, - "dctrl-tools": { - "version": "2.24-3", - "arch": "amd64" - }, - "debconf": { - "version": "1.5.73", - "arch": "all" - }, - "debconf-i18n": { - "version": "1.5.73", - "arch": "all" - }, - "debianutils": { - "version": "4.9.1", - "arch": "amd64" - }, - "diffutils": { - "version": "1:3.7-3", - "arch": "amd64" - }, - "dirmngr": { - "version": "2.2.19-3ubuntu2.2", - "arch": "amd64" - }, - "distro-info": { - "version": "0.23ubuntu1", - "arch": "amd64" - }, - "distro-info-data": { - "version": "0.43ubuntu1.11", - "arch": "all" - }, - "dkms": { - "version": "2.8.1-5ubuntu2", - "arch": "all" - }, - "dmeventd": { - "version": "2:1.02.167-1ubuntu1", - "arch": "amd64" - }, - "dmidecode": { - "version": "3.2-3", - "arch": "amd64" - }, - "dmsetup": { - "version": "2:1.02.167-1ubuntu1", - "arch": "amd64" - }, - "dosfstools": { - "version": "4.1-2", - "arch": "amd64" - }, - "dpkg": { - "version": "1.19.7ubuntu3.2", - "arch": "amd64" - }, - "dpkg-dev": { - "version": "1.19.7ubuntu3.2", - "arch": "all" - }, - "e2fsprogs": { - "version": "1.45.5-2ubuntu1.1", - "arch": "amd64" - }, - "eatmydata": { - "version": "105-7", - "arch": "all" - }, - "ed": { - "version": "1.16-1", - "arch": "amd64" - }, - "eject": { - "version": "2.1.5+deb1+cvs20081104-14", - "arch": "amd64" - }, - "ethtool": { - "version": "1:5.4-1", - "arch": "amd64" - }, - "fakeroot": { - "version": "1.24-1", - "arch": "amd64" - }, - "fdisk": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "file": { - "version": "1:5.38-4", - "arch": "amd64" - }, - "finalrd": { - "version": "6~ubuntu20.04.1", - "arch": "all" - }, - "findutils": { - "version": "4.7.0-1ubuntu1", - "arch": "amd64" - }, - "flex": { - "version": "2.6.4-6.2", - "arch": "amd64" - }, - "ftp": { - "version": "0.17-34.1", - "arch": "amd64" - }, - "fuse": { - "version": "2.9.9-3", - "arch": "amd64" - }, - "fwupd": { - "version": "1.7.9-1~20.04.1", - "arch": "amd64" - }, - "fwupd-signed": { - "version": "1.51~20.04.1+1.2-3ubuntu0.2", - "arch": "amd64" - }, - "g++": { - "version": "4:9.3.0-1ubuntu2", - "arch": "amd64" - }, - "g++-9": { - "version": "9.4.0-1ubuntu1~20.04.1", - "arch": "amd64" - }, - "gawk": { - "version": "1:5.0.1+dfsg-1", - "arch": "amd64" - }, - "gcc": { - "version": "4:9.3.0-1ubuntu2", - "arch": "amd64" - }, - "gcc-10-base": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "gcc-9": { - "version": "9.4.0-1ubuntu1~20.04.1", - "arch": "amd64" - }, - "gcc-9-base": { - "version": "9.4.0-1ubuntu1~20.04.1", - "arch": "amd64" - }, - "gdisk": { - "version": "1.0.5-1", - "arch": "amd64" - }, - "gettext": { - "version": "0.19.8.1-10build1", - "arch": "amd64" - }, - "gettext-base": { - "version": "0.19.8.1-10build1", - "arch": "amd64" - }, - "gir1.2-glib-2.0": { - "version": "1.64.1-1~ubuntu20.04.1", - "arch": "amd64" - }, - "gir1.2-packagekitglib-1.0": { - "version": "1.1.13-2ubuntu1.1", - "arch": "amd64" - }, - "git": { - "version": "1:2.25.1-1ubuntu3.10", - "arch": "amd64" - }, - "git-man": { - "version": "1:2.25.1-1ubuntu3.10", - "arch": "all" - }, - "glib-networking": { - "version": "2.64.2-1ubuntu0.1", - "arch": "amd64" - }, - "glib-networking-common": { - "version": "2.64.2-1ubuntu0.1", - "arch": "all" - }, - "glib-networking-services": { - "version": "2.64.2-1ubuntu0.1", - "arch": "amd64" - }, - "gnupg": { - "version": "2.2.19-3ubuntu2.2", - "arch": "all" - }, - "gnupg-l10n": { - "version": "2.2.19-3ubuntu2.2", - "arch": "all" - }, - "gnupg-utils": { - "version": "2.2.19-3ubuntu2.2", - "arch": "amd64" - }, - "gpg": { - "version": "2.2.19-3ubuntu2.2", - "arch": "amd64" - }, - "gpg-agent": { - "version": "2.2.19-3ubuntu2.2", - "arch": "amd64" - }, - "gpg-wks-client": { - "version": "2.2.19-3ubuntu2.2", - "arch": "amd64" - }, - "gpg-wks-server": { - "version": "2.2.19-3ubuntu2.2", - "arch": "amd64" - }, - "gpgconf": { - "version": "2.2.19-3ubuntu2.2", - "arch": "amd64" - }, - "gpgsm": { - "version": "2.2.19-3ubuntu2.2", - "arch": "amd64" - }, - "gpgv": { - "version": "2.2.19-3ubuntu2.2", - "arch": "amd64" - }, - "grep": { - "version": "3.4-1", - "arch": "amd64" - }, - "groff-base": { - "version": "1.22.4-4build1", - "arch": "amd64" - }, - "grub-common": { - "version": "2.04-1ubuntu26.16", - "arch": "amd64" - }, - "grub-gfxpayload-lists": { - "version": "0.7", - "arch": "amd64" - }, - "grub-pc": { - "version": "2.04-1ubuntu26.16", - "arch": "amd64" - }, - "grub-pc-bin": { - "version": "2.04-1ubuntu26.16", - "arch": "amd64" - }, - "grub2-common": { - "version": "2.04-1ubuntu26.16", - "arch": "amd64" - }, - "gsettings-desktop-schemas": { - "version": "3.36.0-1ubuntu1", - "arch": "all" - }, - "guile-2.2-libs": { - "version": "2.2.7+1-4", - "arch": "amd64" - }, - "gzip": { - "version": "1.10-0ubuntu4.1", - "arch": "amd64" - }, - "hdparm": { - "version": "9.58+ds-4", - "arch": "amd64" - }, - "hostname": { - "version": "3.23", - "arch": "amd64" - }, - "htop": { - "version": "2.2.0-2build1", - "arch": "amd64" - }, - "info": { - "version": "6.7.0.dfsg.2-5", - "arch": "amd64" - }, - "init": { - "version": "1.57", - "arch": "amd64" - }, - "init-system-helpers": { - "version": "1.57", - "arch": "all" - }, - "initramfs-tools": { - "version": "0.136ubuntu6.7", - "arch": "all" - }, - "initramfs-tools-bin": { - "version": "0.136ubuntu6.7", - "arch": "amd64" - }, - "initramfs-tools-core": { - "version": "0.136ubuntu6.7", - "arch": "all" - }, - "install-info": { - "version": "6.7.0.dfsg.2-5", - "arch": "amd64" - }, - "intel-microcode": { - "version": "3.20230214.0ubuntu0.20.04.1", - "arch": "amd64" - }, - "iproute2": { - "version": "5.5.0-1ubuntu1", - "arch": "amd64" - }, - "iptables": { - "version": "1.8.4-3ubuntu2", - "arch": "amd64" - }, - "iputils-ping": { - "version": "3:20190709-3", - "arch": "amd64" - }, - "iputils-tracepath": { - "version": "3:20190709-3", - "arch": "amd64" - }, - "irqbalance": { - "version": "1.6.0-3ubuntu1", - "arch": "amd64" - }, - "isc-dhcp-client": { - "version": "4.4.1-2.1ubuntu5.20.04.5", - "arch": "amd64" - }, - "isc-dhcp-common": { - "version": "4.4.1-2.1ubuntu5.20.04.5", - "arch": "amd64" - }, - "iso-codes": { - "version": "4.4-1", - "arch": "all" - }, - "iucode-tool": { - "version": "2.3.1-1", - "arch": "amd64" - }, - "iw": { - "version": "5.4-1", - "arch": "amd64" - }, - "kbd": { - "version": "2.0.4-4ubuntu2", - "arch": "amd64" - }, - "keyboard-configuration": { - "version": "1.194ubuntu3", - "arch": "all" - }, - "klibc-utils": { - "version": "2.0.7-1ubuntu5.1", - "arch": "amd64" - }, - "kmod": { - "version": "27-1ubuntu2.1", - "arch": "amd64" - }, - "kpartx": { - "version": "0.8.3-1ubuntu2.1", - "arch": "amd64" - }, - "krb5-locales": { - "version": "1.17-6ubuntu4.2", - "arch": "all" - }, - "landscape-common": { - "version": "19.12-0ubuntu4.3", - "arch": "amd64" - }, - "language-selector-common": { - "version": "0.204.2", - "arch": "all" - }, - "less": { - "version": "551-1ubuntu0.1", - "arch": "amd64" - }, - "libaccountsservice0": { - "version": "0.6.55-0ubuntu12~20.04.5", - "arch": "amd64" - }, - "libacl1": { - "version": "2.2.53-6", - "arch": "amd64" - }, - "libaio-dev": { - "version": "0.3.112-5", - "arch": "amd64" - }, - "libaio1": { - "version": "0.3.112-5", - "arch": "amd64" - }, - "libalgorithm-diff-perl": { - "version": "1.19.03-2", - "arch": "all" - }, - "libalgorithm-diff-xs-perl": { - "version": "0.04-6", - "arch": "amd64" - }, - "libalgorithm-merge-perl": { - "version": "0.08-3", - "arch": "all" - }, - "libapparmor1": { - "version": "2.13.3-7ubuntu5.1", - "arch": "amd64" - }, - "libappstream4": { - "version": "0.12.10-2", - "arch": "amd64" - }, - "libapt-pkg6.0": { - "version": "2.0.9", - "arch": "amd64" - }, - "libarchive13": { - "version": "3.4.0-2ubuntu1.2", - "arch": "amd64" - }, - "libargon2-1": { - "version": "0~20171227-0.2", - "arch": "amd64" - }, - "libasan5": { - "version": "9.4.0-1ubuntu1~20.04.1", - "arch": "amd64" - }, - "libasn1-8-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1.4", - "arch": "amd64" - }, - "libasound2": { - "version": "1.2.2-2.1ubuntu2.5", - "arch": "amd64" - }, - "libasound2-data": { - "version": "1.2.2-2.1ubuntu2.5", - "arch": "all" - }, - "libassuan0": { - "version": "2.5.3-7ubuntu2", - "arch": "amd64" - }, - "libatasmart4": { - "version": "0.19-5", - "arch": "amd64" - }, - "libatm1": { - "version": "1:2.5.1-4", - "arch": "amd64" - }, - "libatomic-ops-dev": { - "version": "7.6.10-1ubuntu2", - "arch": "amd64" - }, - "libatomic1": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libattr1": { - "version": "1:2.4.48-5", - "arch": "amd64" - }, - "libaudit-common": { - "version": "1:2.8.5-2ubuntu6", - "arch": "all" - }, - "libaudit1": { - "version": "1:2.8.5-2ubuntu6", - "arch": "amd64" - }, - "libbinutils": { - "version": "2.34-6ubuntu1.4", - "arch": "amd64" - }, - "libblkid1": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "libblockdev-crypto2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libblockdev-fs2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libblockdev-loop2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libblockdev-part-err2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libblockdev-part2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libblockdev-swap2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libblockdev-utils2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libblockdev2": { - "version": "2.23-2ubuntu3", - "arch": "amd64" - }, - "libbrotli1": { - "version": "1.0.7-6ubuntu0.1", - "arch": "amd64" - }, - "libbsd0": { - "version": "0.10.0-1", - "arch": "amd64" - }, - "libbz2-1.0": { - "version": "1.0.8-2", - "arch": "amd64" - }, - "libc-bin": { - "version": "2.31-0ubuntu9.9", - "arch": "amd64" - }, - "libc-dev-bin": { - "version": "2.31-0ubuntu9.9", - "arch": "amd64" - }, - "libc6": { - "version": "2.31-0ubuntu9.9", - "arch": "amd64" - }, - "libc6-dev": { - "version": "2.31-0ubuntu9.9", - "arch": "amd64" - }, - "libcanberra0": { - "version": "0.30-7ubuntu1", - "arch": "amd64" - }, - "libcap-ng0": { - "version": "0.7.9-2.1build1", - "arch": "amd64" - }, - "libcap2": { - "version": "1:2.32-1", - "arch": "amd64" - }, - "libcap2-bin": { - "version": "1:2.32-1", - "arch": "amd64" - }, - "libcbor0.6": { - "version": "0.6.0-0ubuntu1", - "arch": "amd64" - }, - "libcc1-0": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libcom-err2": { - "version": "1.45.5-2ubuntu1.1", - "arch": "amd64" - }, - "libcroco3": { - "version": "0.6.13-1", - "arch": "amd64" - }, - "libcrypt-dev": { - "version": "1:4.4.10-10ubuntu4", - "arch": "amd64" - }, - "libcrypt1": { - "version": "1:4.4.10-10ubuntu4", - "arch": "amd64" - }, - "libcryptsetup12": { - "version": "2:2.2.2-3ubuntu2.4", - "arch": "amd64" - }, - "libctf-nobfd0": { - "version": "2.34-6ubuntu1.4", - "arch": "amd64" - }, - "libctf0": { - "version": "2.34-6ubuntu1.4", - "arch": "amd64" - }, - "libcurl3-gnutls": { - "version": "7.68.0-1ubuntu2.16", - "arch": "amd64" - }, - "libcurl4": { - "version": "7.68.0-1ubuntu2.18", - "arch": "amd64" - }, - "libdb5.3": { - "version": "5.3.28+dfsg1-0.6ubuntu2", - "arch": "amd64" - }, - "libdbus-1-3": { - "version": "1.12.16-2ubuntu2.3", - "arch": "amd64" - }, - "libdbus-glib-1-2": { - "version": "0.110-5fakssync1", - "arch": "amd64" - }, - "libdconf1": { - "version": "0.36.0-1", - "arch": "amd64" - }, - "libdebconfclient0": { - "version": "0.251ubuntu1", - "arch": "amd64" - }, - "libdevmapper-event1.02.1": { - "version": "2:1.02.167-1ubuntu1", - "arch": "amd64" - }, - "libdevmapper1.02.1": { - "version": "2:1.02.167-1ubuntu1", - "arch": "amd64" - }, - "libdns-export1109": { - "version": "1:9.11.16+dfsg-3~ubuntu1", - "arch": "amd64" - }, - "libdpkg-perl": { - "version": "1.19.7ubuntu3.2", - "arch": "all" - }, - "libdrm-common": { - "version": "2.4.107-8ubuntu1~20.04.2", - "arch": "all" - }, - "libdrm2": { - "version": "2.4.107-8ubuntu1~20.04.2", - "arch": "amd64" - }, - "libeatmydata1": { - "version": "105-7", - "arch": "amd64" - }, - "libedit2": { - "version": "3.1-20191231-1", - "arch": "amd64" - }, - "libefiboot1": { - "version": "37-2ubuntu2.2", - "arch": "amd64" - }, - "libefivar1": { - "version": "37-2ubuntu2.2", - "arch": "amd64" - }, - "libelf1": { - "version": "0.176-1.1build1", - "arch": "amd64" - }, - "liberror-perl": { - "version": "0.17029-1", - "arch": "all" - }, - "libestr0": { - "version": "0.1.10-2.1", - "arch": "amd64" - }, - "libevdev2": { - "version": "1.9.0+dfsg-1ubuntu0.2", - "arch": "amd64" - }, - "libevent-2.1-7": { - "version": "2.1.11-stable-1", - "arch": "amd64" - }, - "libevent-core-2.1-7": { - "version": "2.1.11-stable-1", - "arch": "amd64" - }, - "libevent-pthreads-2.1-7": { - "version": "2.1.11-stable-1", - "arch": "amd64" - }, - "libexpat1": { - "version": "2.2.9-1ubuntu0.6", - "arch": "amd64" - }, - "libext2fs2": { - "version": "1.45.5-2ubuntu1.1", - "arch": "amd64" - }, - "libfakeroot": { - "version": "1.24-1", - "arch": "amd64" - }, - "libfastjson4": { - "version": "0.99.8-2", - "arch": "amd64" - }, - "libfdisk1": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "libffi7": { - "version": "3.3-4", - "arch": "amd64" - }, - "libfido2-1": { - "version": "1.3.1-1ubuntu2", - "arch": "amd64" - }, - "libfile-fcntllock-perl": { - "version": "0.22-3build4", - "arch": "amd64" - }, - "libfl-dev": { - "version": "2.6.4-6.2", - "arch": "amd64" - }, - "libfl2": { - "version": "2.6.4-6.2", - "arch": "amd64" - }, - "libfreetype6": { - "version": "2.10.1-2ubuntu0.2", - "arch": "amd64" - }, - "libfribidi0": { - "version": "1.0.8-2ubuntu0.1", - "arch": "amd64" - }, - "libfuse2": { - "version": "2.9.9-3", - "arch": "amd64" - }, - "libfwupd2": { - "version": "1.7.9-1~20.04.1", - "arch": "amd64" - }, - "libfwupdplugin1": { - "version": "1.5.11-0ubuntu1~20.04.2", - "arch": "amd64" - }, - "libfwupdplugin5": { - "version": "1.7.9-1~20.04.1", - "arch": "amd64" - }, - "libgc1c2": { - "version": "1:7.6.4-0.4ubuntu1", - "arch": "amd64" - }, - "libgcab-1.0-0": { - "version": "1.4-1", - "arch": "amd64" - }, - "libgcc-9-dev": { - "version": "9.4.0-1ubuntu1~20.04.1", - "arch": "amd64" - }, - "libgcc-s1": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libgcrypt20": { - "version": "1.8.5-5ubuntu1.1", - "arch": "amd64" - }, - "libgdbm-compat4": { - "version": "1.18.1-5", - "arch": "amd64" - }, - "libgdbm6": { - "version": "1.18.1-5", - "arch": "amd64" - }, - "libgirepository-1.0-1": { - "version": "1.64.1-1~ubuntu20.04.1", - "arch": "amd64" - }, - "libglib2.0-0": { - "version": "2.64.6-1~ubuntu20.04.4", - "arch": "amd64" - }, - "libglib2.0-bin": { - "version": "2.64.6-1~ubuntu20.04.4", - "arch": "amd64" - }, - "libglib2.0-data": { - "version": "2.64.6-1~ubuntu20.04.4", - "arch": "all" - }, - "libgmp10": { - "version": "2:6.2.0+dfsg-4ubuntu0.1", - "arch": "amd64" - }, - "libgnutls30": { - "version": "3.6.13-2ubuntu1.8", - "arch": "amd64" - }, - "libgomp1": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libgpg-error0": { - "version": "1.37-1", - "arch": "amd64" - }, - "libgpgme11": { - "version": "1.13.1-7ubuntu2", - "arch": "amd64" - }, - "libgpm2": { - "version": "1.20.7-5", - "arch": "amd64" - }, - "libgsasl7": { - "version": "1.8.1-1", - "arch": "amd64" - }, - "libgssapi-krb5-2": { - "version": "1.17-6ubuntu4.2", - "arch": "amd64" - }, - "libgssapi3-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1.4", - "arch": "amd64" - }, - "libgstreamer1.0-0": { - "version": "1.16.3-0ubuntu1.1", - "arch": "amd64" - }, - "libgudev-1.0-0": { - "version": "1:233-1", - "arch": "amd64" - }, - "libgusb2": { - "version": "0.3.4-0.1", - "arch": "amd64" - }, - "libhcrypto4-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1.4", - "arch": "amd64" - }, - "libheimbase1-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1.4", - "arch": "amd64" - }, - "libheimntlm0-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1.4", - "arch": "amd64" - }, - "libhogweed5": { - "version": "3.5.1+really3.5.1-2ubuntu0.2", - "arch": "amd64" - }, - "libhx509-5-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1.4", - "arch": "amd64" - }, - "libicu66": { - "version": "66.1-2ubuntu2.1", - "arch": "amd64" - }, - "libidn11": { - "version": "1.33-2.2ubuntu2", - "arch": "amd64" - }, - "libidn2-0": { - "version": "2.2.0-2", - "arch": "amd64" - }, - "libimobiledevice6": { - "version": "1.2.1~git20191129.9f79242-1build1", - "arch": "amd64" - }, - "libip4tc2": { - "version": "1.8.4-3ubuntu2", - "arch": "amd64" - }, - "libip6tc2": { - "version": "1.8.4-3ubuntu2", - "arch": "amd64" - }, - "libisc-export1105": { - "version": "1:9.11.16+dfsg-3~ubuntu1", - "arch": "amd64" - }, - "libisl22": { - "version": "0.22.1-1", - "arch": "amd64" - }, - "libisns0": { - "version": "0.97-3", - "arch": "amd64" - }, - "libitm1": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libjcat1": { - "version": "0.1.4-0ubuntu0.20.04.1", - "arch": "amd64" - }, - "libjson-c4": { - "version": "0.13.1+dfsg-7ubuntu0.3", - "arch": "amd64" - }, - "libjson-glib-1.0-0": { - "version": "1.4.4-2ubuntu2", - "arch": "amd64" - }, - "libjson-glib-1.0-common": { - "version": "1.4.4-2ubuntu2", - "arch": "all" - }, - "libk5crypto3": { - "version": "1.17-6ubuntu4.2", - "arch": "amd64" - }, - "libkeyutils1": { - "version": "1.6-6ubuntu1.1", - "arch": "amd64" - }, - "libklibc": { - "version": "2.0.7-1ubuntu5.1", - "arch": "amd64" - }, - "libkmod2": { - "version": "27-1ubuntu2.1", - "arch": "amd64" - }, - "libkrb5-26-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1.4", - "arch": "amd64" - }, - "libkrb5-3": { - "version": "1.17-6ubuntu4.2", - "arch": "amd64" - }, - "libkrb5support0": { - "version": "1.17-6ubuntu4.2", - "arch": "amd64" - }, - "libksba8": { - "version": "1.3.5-2ubuntu0.20.04.2", - "arch": "amd64" - }, - "libkyotocabinet16v5": { - "version": "1.2.76-4.2build1", - "arch": "amd64" - }, - "libldap-2.4-2": { - "version": "2.4.49+dfsg-2ubuntu1.9", - "arch": "amd64" - }, - "libldap-common": { - "version": "2.4.49+dfsg-2ubuntu1.9", - "arch": "all" - }, - "liblmdb0": { - "version": "0.9.24-1", - "arch": "amd64" - }, - "liblocale-gettext-perl": { - "version": "1.07-4", - "arch": "amd64" - }, - "liblockfile-bin": { - "version": "1.16-1.1", - "arch": "amd64" - }, - "liblockfile1": { - "version": "1.16-1.1", - "arch": "amd64" - }, - "liblsan0": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libltdl7": { - "version": "2.4.6-14", - "arch": "amd64" - }, - "liblvm2cmd2.03": { - "version": "2.03.07-1ubuntu1", - "arch": "amd64" - }, - "liblz4-1": { - "version": "1.9.2-2ubuntu0.20.04.1", - "arch": "amd64" - }, - "liblzma5": { - "version": "5.2.4-1ubuntu1.1", - "arch": "amd64" - }, - "liblzo2-2": { - "version": "2.10-2", - "arch": "amd64" - }, - "libmagic-mgc": { - "version": "1:5.38-4", - "arch": "amd64" - }, - "libmagic1": { - "version": "1:5.38-4", - "arch": "amd64" - }, - "libmailutils6": { - "version": "1:3.7-2.1", - "arch": "amd64" - }, - "libmaxminddb0": { - "version": "1.4.2-0ubuntu1.20.04.1", - "arch": "amd64" - }, - "libmbim-glib4": { - "version": "1.26.2-1~ubuntu20.04.1", - "arch": "amd64" - }, - "libmbim-proxy": { - "version": "1.26.2-1~ubuntu20.04.1", - "arch": "amd64" - }, - "libmm-glib0": { - "version": "1.18.6-1~ubuntu20.04.1", - "arch": "amd64" - }, - "libmnl0": { - "version": "1.0.4-2", - "arch": "amd64" - }, - "libmount1": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "libmpc3": { - "version": "1.1.0-1", - "arch": "amd64" - }, - "libmpdec2": { - "version": "2.4.2-3", - "arch": "amd64" - }, - "libmpfr6": { - "version": "4.0.2-1", - "arch": "amd64" - }, - "libmspack0": { - "version": "0.10.1-2", - "arch": "amd64" - }, - "libmysqlclient21": { - "version": "8.0.33-0ubuntu0.20.04.2", - "arch": "amd64" - }, - "libncurses-dev": { - "version": "6.2-0ubuntu2.1", - "arch": "amd64" - }, - "libncurses5-dev": { - "version": "6.2-0ubuntu2.1", - "arch": "amd64" - }, - "libncurses6": { - "version": "6.2-0ubuntu2.1", - "arch": "amd64" - }, - "libncursesw6": { - "version": "6.2-0ubuntu2.1", - "arch": "amd64" - }, - "libnetfilter-conntrack3": { - "version": "1.0.7-2", - "arch": "amd64" - }, - "libnetplan0": { - "version": "0.104-0ubuntu2~20.04.2", - "arch": "amd64" - }, - "libnettle7": { - "version": "3.5.1+really3.5.1-2ubuntu0.2", - "arch": "amd64" - }, - "libnewt0.52": { - "version": "0.52.21-4ubuntu2", - "arch": "amd64" - }, - "libnfnetlink0": { - "version": "1.0.1-3build1", - "arch": "amd64" - }, - "libnftnl11": { - "version": "1.1.5-1", - "arch": "amd64" - }, - "libnghttp2-14": { - "version": "1.40.0-1build1", - "arch": "amd64" - }, - "libnl-3-200": { - "version": "3.4.0-1ubuntu0.1", - "arch": "amd64" - }, - "libnl-genl-3-200": { - "version": "3.4.0-1ubuntu0.1", - "arch": "amd64" - }, - "libnpth0": { - "version": "1.6-1", - "arch": "amd64" - }, - "libnspr4": { - "version": "2:4.25-1", - "arch": "amd64" - }, - "libnss-systemd": { - "version": "245.4-4ubuntu3.22", - "arch": "amd64" - }, - "libnss3": { - "version": "2:3.49.1-1ubuntu1.9", - "arch": "amd64" - }, - "libntfs-3g883": { - "version": "1:2017.3.23AR.3-3ubuntu1.3", - "arch": "amd64" - }, - "libntlm0": { - "version": "1.5-2ubuntu0.1", - "arch": "amd64" - }, - "libnuma1": { - "version": "2.0.12-1", - "arch": "amd64" - }, - "libogg0": { - "version": "1.3.4-0ubuntu1", - "arch": "amd64" - }, - "libopts25": { - "version": "1:5.18.16-3", - "arch": "amd64" - }, - "libp11-kit0": { - "version": "0.23.20-1ubuntu0.1", - "arch": "amd64" - }, - "libpackagekit-glib2-18": { - "version": "1.1.13-2ubuntu1.1", - "arch": "amd64" - }, - "libpam-cap": { - "version": "1:2.32-1", - "arch": "amd64" - }, - "libpam-modules": { - "version": "1.3.1-5ubuntu4.6", - "arch": "amd64" - }, - "libpam-modules-bin": { - "version": "1.3.1-5ubuntu4.6", - "arch": "amd64" - }, - "libpam-runtime": { - "version": "1.3.1-5ubuntu4.6", - "arch": "all" - }, - "libpam-systemd": { - "version": "245.4-4ubuntu3.22", - "arch": "amd64" - }, - "libpam0g": { - "version": "1.3.1-5ubuntu4.6", - "arch": "amd64" - }, - "libparted-fs-resize0": { - "version": "3.3-4ubuntu0.20.04.1", - "arch": "amd64" - }, - "libparted2": { - "version": "3.3-4ubuntu0.20.04.1", - "arch": "amd64" - }, - "libpcap0.8": { - "version": "1.9.1-3", - "arch": "amd64" - }, - "libpci3": { - "version": "1:3.6.4-1ubuntu0.20.04.1", - "arch": "amd64" - }, - "libpcre2-8-0": { - "version": "10.34-7ubuntu0.1", - "arch": "amd64" - }, - "libpcre3": { - "version": "2:8.39-12ubuntu0.1", - "arch": "amd64" - }, - "libperl-dev": { - "version": "5.30.0-9ubuntu0.4", - "arch": "amd64" - }, - "libperl5.30": { - "version": "5.30.0-9ubuntu0.4", - "arch": "amd64" - }, - "libpipeline1": { - "version": "1.5.2-2build1", - "arch": "amd64" - }, - "libplist3": { - "version": "2.1.0-4build2", - "arch": "amd64" - }, - "libplymouth5": { - "version": "0.9.4git20200323-0ubuntu6.2", - "arch": "amd64" - }, - "libpng16-16": { - "version": "1.6.37-2", - "arch": "amd64" - }, - "libpolkit-agent-1-0": { - "version": "0.105-26ubuntu1.3", - "arch": "amd64" - }, - "libpolkit-gobject-1-0": { - "version": "0.105-26ubuntu1.3", - "arch": "amd64" - }, - "libpopt0": { - "version": "1.16-14", - "arch": "amd64" - }, - "libprocps8": { - "version": "2:3.3.16-1ubuntu2.3", - "arch": "amd64" - }, - "libprotobuf17": { - "version": "3.6.1.3-2ubuntu5.2", - "arch": "amd64" - }, - "libproxy1v5": { - "version": "0.4.15-10ubuntu1.2", - "arch": "amd64" - }, - "libpsl5": { - "version": "0.21.0-1ubuntu1", - "arch": "amd64" - }, - "libpython3-stdlib": { - "version": "3.8.2-0ubuntu2", - "arch": "amd64" - }, - "libpython3.8": { - "version": "3.8.10-0ubuntu1~20.04.6", - "arch": "amd64" - }, - "libpython3.8-minimal": { - "version": "3.8.10-0ubuntu1~20.04.6", - "arch": "amd64" - }, - "libpython3.8-stdlib": { - "version": "3.8.10-0ubuntu1~20.04.6", - "arch": "amd64" - }, - "libqmi-glib5": { - "version": "1.30.4-1~ubuntu20.04.1", - "arch": "amd64" - }, - "libqmi-proxy": { - "version": "1.30.4-1~ubuntu20.04.1", - "arch": "amd64" - }, - "libquadmath0": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libreadline-dev": { - "version": "8.0-4", - "arch": "amd64" - }, - "libreadline5": { - "version": "5.2+dfsg-3build3", - "arch": "amd64" - }, - "libreadline8": { - "version": "8.0-4", - "arch": "amd64" - }, - "libroken18-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1.4", - "arch": "amd64" - }, - "librtmp1": { - "version": "2.4+20151223.gitfa8646d.1-2build1", - "arch": "amd64" - }, - "libsasl2-2": { - "version": "2.1.27+dfsg-2ubuntu0.1", - "arch": "amd64" - }, - "libsasl2-modules": { - "version": "2.1.27+dfsg-2ubuntu0.1", - "arch": "amd64" - }, - "libsasl2-modules-db": { - "version": "2.1.27+dfsg-2ubuntu0.1", - "arch": "amd64" - }, - "libseccomp2": { - "version": "2.5.1-1ubuntu1~20.04.2", - "arch": "amd64" - }, - "libselinux1": { - "version": "3.0-1build2", - "arch": "amd64" - }, - "libsemanage-common": { - "version": "3.0-1build2", - "arch": "all" - }, - "libsemanage1": { - "version": "3.0-1build2", - "arch": "amd64" - }, - "libsepol1": { - "version": "3.0-1ubuntu0.1", - "arch": "amd64" - }, - "libsgutils2-2": { - "version": "1.44-1ubuntu2", - "arch": "amd64" - }, - "libsigsegv2": { - "version": "2.12-2", - "arch": "amd64" - }, - "libslang2": { - "version": "2.3.2-4", - "arch": "amd64" - }, - "libsmartcols1": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "libsmbios-c2": { - "version": "2.4.3-1", - "arch": "amd64" - }, - "libsodium23": { - "version": "1.0.18-1", - "arch": "amd64" - }, - "libsoup2.4-1": { - "version": "2.70.0-1", - "arch": "amd64" - }, - "libsqlite3-0": { - "version": "3.31.1-4ubuntu0.5", - "arch": "amd64" - }, - "libss2": { - "version": "1.45.5-2ubuntu1.1", - "arch": "amd64" - }, - "libssh-4": { - "version": "0.9.3-2ubuntu2.2", - "arch": "amd64" - }, - "libssl-dev": { - "version": "1.1.1f-1ubuntu2.19", - "arch": "amd64" - }, - "libssl1.1": { - "version": "1.1.1f-1ubuntu2.19", - "arch": "amd64" - }, - "libstdc++-9-dev": { - "version": "9.4.0-1ubuntu1~20.04.1", - "arch": "amd64" - }, - "libstdc++6": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libstemmer0d": { - "version": "0+svn585-2", - "arch": "amd64" - }, - "libsystemd0": { - "version": "245.4-4ubuntu3.22", - "arch": "amd64" - }, - "libtasn1-6": { - "version": "4.16.0-2", - "arch": "amd64" - }, - "libtdb1": { - "version": "1.4.5-0ubuntu0.20.04.1", - "arch": "amd64" - }, - "libtext-charwidth-perl": { - "version": "0.04-10", - "arch": "amd64" - }, - "libtext-iconv-perl": { - "version": "1.7-7", - "arch": "amd64" - }, - "libtext-wrapi18n-perl": { - "version": "0.06-9", - "arch": "all" - }, - "libtinfo6": { - "version": "6.2-0ubuntu2.1", - "arch": "amd64" - }, - "libtsan0": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libtss2-esys0": { - "version": "2.3.2-1ubuntu0.20.04.1", - "arch": "amd64" - }, - "libubsan1": { - "version": "10.3.0-1ubuntu1~20.04", - "arch": "amd64" - }, - "libuchardet0": { - "version": "0.0.6-3build1", - "arch": "amd64" - }, - "libudev1": { - "version": "245.4-4ubuntu3.20", - "arch": "amd64" - }, - "libudisks2-0": { - "version": "2.8.4-1ubuntu2", - "arch": "amd64" - }, - "libunistring2": { - "version": "0.9.10-2", - "arch": "amd64" - }, - "libunwind8": { - "version": "1.2.1-9build1", - "arch": "amd64" - }, - "libupower-glib3": { - "version": "0.99.11-1build2", - "arch": "amd64" - }, - "liburcu6": { - "version": "0.11.1-2", - "arch": "amd64" - }, - "libusb-1.0-0": { - "version": "2:1.0.23-2build1", - "arch": "amd64" - }, - "libusbmuxd6": { - "version": "2.0.1-2", - "arch": "amd64" - }, - "libutempter0": { - "version": "1.1.6-4", - "arch": "amd64" - }, - "libuuid1": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "libuv1": { - "version": "1.34.2-1ubuntu1.3", - "arch": "amd64" - }, - "libvolume-key1": { - "version": "0.3.12-3.1", - "arch": "amd64" - }, - "libvorbis0a": { - "version": "1.3.6-2ubuntu1", - "arch": "amd64" - }, - "libvorbisfile3": { - "version": "1.3.6-2ubuntu1", - "arch": "amd64" - }, - "libwind0-heimdal": { - "version": "7.7.0+dfsg-1ubuntu1.4", - "arch": "amd64" - }, - "libwrap0": { - "version": "7.6.q-30", - "arch": "amd64" - }, - "libxml2": { - "version": "2.9.10+dfsg-5ubuntu0.20.04.5", - "arch": "amd64" - }, - "libxmlb1": { - "version": "0.1.15-2ubuntu1~20.04.1", - "arch": "amd64" - }, - "libxmlb2": { - "version": "0.3.6-2build1~20.04.1", - "arch": "amd64" - }, - "libxmlsec1": { - "version": "1.2.28-2", - "arch": "amd64" - }, - "libxmlsec1-openssl": { - "version": "1.2.28-2", - "arch": "amd64" - }, - "libxslt1.1": { - "version": "1.1.34-4ubuntu0.20.04.1", - "arch": "amd64" - }, - "libxtables12": { - "version": "1.8.4-3ubuntu2", - "arch": "amd64" - }, - "libyaml-0-2": { - "version": "0.2.2-1", - "arch": "amd64" - }, - "libzstd1": { - "version": "1.4.4+dfsg-3ubuntu0.1", - "arch": "amd64" - }, - "linux-base": { - "version": "4.5ubuntu3.7", - "arch": "all" - }, - "linux-firmware": { - "version": "1.187.36", - "arch": "all" - }, - "linux-image-5.4.0-144-generic": { - "version": "5.4.0-144.161", - "arch": "amd64" - }, - "linux-image-generic": { - "version": "5.4.0.144.142", - "arch": "amd64" - }, - "linux-libc-dev": { - "version": "5.4.0-153.170", - "arch": "amd64" - }, - "linux-modules-5.4.0-144-generic": { - "version": "5.4.0-144.161", - "arch": "amd64" - }, - "linux-modules-extra-5.4.0-144-generic": { - "version": "5.4.0-144.161", - "arch": "amd64" - }, - "locales": { - "version": "2.31-0ubuntu9.9", - "arch": "all" - }, - "login": { - "version": "1:4.8.1-1ubuntu5.20.04.4", - "arch": "amd64" - }, - "logrotate": { - "version": "3.14.0-4ubuntu3", - "arch": "amd64" - }, - "logsave": { - "version": "1.45.5-2ubuntu1.1", - "arch": "amd64" - }, - "lsb-base": { - "version": "11.1.0ubuntu2", - "arch": "all" - }, - "lsb-release": { - "version": "11.1.0ubuntu2", - "arch": "all" - }, - "lshw": { - "version": "02.18.85-0.3ubuntu2.20.04.1", - "arch": "amd64" - }, - "lsof": { - "version": "4.93.2+dfsg-1ubuntu0.20.04.1", - "arch": "amd64" - }, - "ltrace": { - "version": "0.7.3-6.1ubuntu1", - "arch": "amd64" - }, - "lvm2": { - "version": "2.03.07-1ubuntu1", - "arch": "amd64" - }, - "lxd-agent-loader": { - "version": "0.4", - "arch": "all" - }, - "lz4": { - "version": "1.9.2-2ubuntu0.20.04.1", - "arch": "amd64" - }, - "m4": { - "version": "1.4.18-4", - "arch": "amd64" - }, - "mailutils": { - "version": "1:3.7-2.1", - "arch": "amd64" - }, - "mailutils-common": { - "version": "1:3.7-2.1", - "arch": "all" - }, - "make": { - "version": "4.2.1-1.2", - "arch": "amd64" - }, - "man-db": { - "version": "2.9.1-1", - "arch": "amd64" - }, - "manpages": { - "version": "5.05-1", - "arch": "all" - }, - "manpages-dev": { - "version": "5.05-1", - "arch": "all" - }, - "mawk": { - "version": "1.3.4.20200120-2", - "arch": "amd64" - }, - "mdadm": { - "version": "4.1-5ubuntu1.2", - "arch": "amd64" - }, - "mime-support": { - "version": "3.64ubuntu1", - "arch": "all" - }, - "modemmanager": { - "version": "1.18.6-1~ubuntu20.04.1", - "arch": "amd64" - }, - "mosh": { - "version": "1.3.2-2.1build3", - "arch": "amd64" - }, - "mount": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "mtr-tiny": { - "version": "0.93-1", - "arch": "amd64" - }, - "multipath-tools": { - "version": "0.8.3-1ubuntu2.1", - "arch": "amd64" - }, - "mysql-common": { - "version": "5.8+1.0.5ubuntu2", - "arch": "all" - }, - "nano": { - "version": "4.8-1ubuntu1", - "arch": "amd64" - }, - "ncurses-base": { - "version": "6.2-0ubuntu2", - "arch": "all" - }, - "ncurses-bin": { - "version": "6.2-0ubuntu2", - "arch": "amd64" - }, - "ncurses-term": { - "version": "6.2-0ubuntu2", - "arch": "all" - }, - "netbase": { - "version": "6.1", - "arch": "all" - }, - "netcat-openbsd": { - "version": "1.206-1ubuntu1", - "arch": "amd64" - }, - "netplan.io": { - "version": "0.104-0ubuntu2~20.04.2", - "arch": "amd64" - }, - "networkd-dispatcher": { - "version": "2.1-2~ubuntu20.04.3", - "arch": "all" - }, - "ntfs-3g": { - "version": "1:2017.3.23AR.3-3ubuntu1.3", - "arch": "amd64" - }, - "ntp": { - "version": "1:4.2.8p12+dfsg-3ubuntu4.20.04.1", - "arch": "amd64" - }, - "open-iscsi": { - "version": "2.0.874-7.1ubuntu6.2", - "arch": "amd64" - }, - "open-vm-tools": { - "version": "2:11.3.0-2ubuntu0~ubuntu20.04.4", - "arch": "amd64" - }, - "openresty": { - "version": "1.21.4.1-1~focal1", - "arch": "amd64" - }, - "openresty-openssl111": { - "version": "1.1.1s-1~focal1", - "arch": "amd64" - }, - "openresty-opm": { - "version": "1.21.4.1-1~focal1", - "arch": "amd64" - }, - "openresty-pcre": { - "version": "8.45-1~focal1", - "arch": "amd64" - }, - "openresty-resty": { - "version": "1.21.4.1-1~focal1", - "arch": "all" - }, - "openresty-zlib": { - "version": "1.2.13-1~focal1", - "arch": "amd64" - }, - "openssh-client": { - "version": "1:8.2p1-4ubuntu0.5", - "arch": "amd64" - }, - "openssh-server": { - "version": "1:8.2p1-4ubuntu0.5", - "arch": "amd64" - }, - "openssh-sftp-server": { - "version": "1:8.2p1-4ubuntu0.5", - "arch": "amd64" - }, - "openssl": { - "version": "1.1.1f-1ubuntu2.17", - "arch": "amd64" - }, - "os-prober": { - "version": "1.74ubuntu2", - "arch": "amd64" - }, - "overlayroot": { - "version": "0.45ubuntu2", - "arch": "all" - }, - "packagekit": { - "version": "1.1.13-2ubuntu1.1", - "arch": "amd64" - }, - "packagekit-tools": { - "version": "1.1.13-2ubuntu1.1", - "arch": "amd64" - }, - "parted": { - "version": "3.3-4ubuntu0.20.04.1", - "arch": "amd64" - }, - "passwd": { - "version": "1:4.8.1-1ubuntu5.20.04.4", - "arch": "amd64" - }, - "pastebinit": { - "version": "1.5.1-1", - "arch": "all" - }, - "patch": { - "version": "2.7.6-6", - "arch": "amd64" - }, - "pci.ids": { - "version": "0.0~2020.03.20-1", - "arch": "all" - }, - "pciutils": { - "version": "1:3.6.4-1ubuntu0.20.04.1", - "arch": "amd64" - }, - "perl": { - "version": "5.30.0-9ubuntu0.4", - "arch": "amd64" - }, - "perl-base": { - "version": "5.30.0-9ubuntu0.4", - "arch": "amd64" - }, - "perl-modules-5.30": { - "version": "5.30.0-9ubuntu0.4", - "arch": "all" - }, - "pinentry-curses": { - "version": "1.1.0-3build1", - "arch": "amd64" - }, - "plymouth": { - "version": "0.9.4git20200323-0ubuntu6.2", - "arch": "amd64" - }, - "plymouth-theme-ubuntu-text": { - "version": "0.9.4git20200323-0ubuntu6.2", - "arch": "amd64" - }, - "policykit-1": { - "version": "0.105-26ubuntu1.3", - "arch": "amd64" - }, - "pollinate": { - "version": "4.33-3ubuntu1.20.04.1", - "arch": "all" - }, - "postfix": { - "version": "3.4.13-0ubuntu1.2", - "arch": "amd64" - }, - "powermgmt-base": { - "version": "1.36", - "arch": "all" - }, - "procps": { - "version": "2:3.3.16-1ubuntu2.3", - "arch": "amd64" - }, - "psmisc": { - "version": "23.3-1", - "arch": "amd64" - }, - "publicsuffix": { - "version": "20200303.0012-1", - "arch": "all" - }, - "python-apt-common": { - "version": "2.0.1ubuntu0.20.04.1", - "arch": "all" - }, - "python3": { - "version": "3.8.2-0ubuntu2", - "arch": "amd64" - }, - "python3-apport": { - "version": "2.20.11-0ubuntu27.25", - "arch": "all" - }, - "python3-apt": { - "version": "2.0.1ubuntu0.20.04.1", - "arch": "amd64" - }, - "python3-attr": { - "version": "19.3.0-2", - "arch": "all" - }, - "python3-automat": { - "version": "0.8.0-1ubuntu1", - "arch": "all" - }, - "python3-blinker": { - "version": "1.4+dfsg1-0.3ubuntu1", - "arch": "all" - }, - "python3-certifi": { - "version": "2019.11.28-1", - "arch": "all" - }, - "python3-cffi-backend": { - "version": "1.14.0-1build1", - "arch": "amd64" - }, - "python3-chardet": { - "version": "3.0.4-4build1", - "arch": "all" - }, - "python3-click": { - "version": "7.0-3", - "arch": "all" - }, - "python3-colorama": { - "version": "0.4.3-1build1", - "arch": "all" - }, - "python3-configobj": { - "version": "5.0.6-4", - "arch": "all" - }, - "python3-constantly": { - "version": "15.1.0-1build1", - "arch": "all" - }, - "python3-cryptography": { - "version": "2.8-3ubuntu0.1", - "arch": "amd64" - }, - "python3-dbus": { - "version": "1.2.16-1build1", - "arch": "amd64" - }, - "python3-debconf": { - "version": "1.5.73", - "arch": "all" - }, - "python3-distro": { - "version": "1.4.0-1", - "arch": "all" - }, - "python3-distro-info": { - "version": "0.23ubuntu1", - "arch": "all" - }, - "python3-distutils": { - "version": "3.8.10-0ubuntu1~20.04", - "arch": "all" - }, - "python3-entrypoints": { - "version": "0.3-2ubuntu1", - "arch": "all" - }, - "python3-gdbm": { - "version": "3.8.10-0ubuntu1~20.04", - "arch": "amd64" - }, - "python3-gi": { - "version": "3.36.0-1", - "arch": "amd64" - }, - "python3-hamcrest": { - "version": "1.9.0-3", - "arch": "all" - }, - "python3-httplib2": { - "version": "0.14.0-1ubuntu1", - "arch": "all" - }, - "python3-hyperlink": { - "version": "19.0.0-1", - "arch": "all" - }, - "python3-idna": { - "version": "2.8-1", - "arch": "all" - }, - "python3-importlib-metadata": { - "version": "1.5.0-1", - "arch": "all" - }, - "python3-incremental": { - "version": "16.10.1-3.2", - "arch": "all" - }, - "python3-jinja2": { - "version": "2.10.1-2", - "arch": "all" - }, - "python3-json-pointer": { - "version": "2.0-0ubuntu1", - "arch": "all" - }, - "python3-jsonpatch": { - "version": "1.23-3", - "arch": "all" - }, - "python3-jsonschema": { - "version": "3.2.0-0ubuntu2", - "arch": "all" - }, - "python3-jwt": { - "version": "1.7.1-2ubuntu2.1", - "arch": "all" - }, - "python3-keyring": { - "version": "18.0.1-2ubuntu1", - "arch": "all" - }, - "python3-launchpadlib": { - "version": "1.10.13-1", - "arch": "all" - }, - "python3-lazr.restfulclient": { - "version": "0.14.2-2build1", - "arch": "all" - }, - "python3-lazr.uri": { - "version": "1.0.3-4build1", - "arch": "all" - }, - "python3-lib2to3": { - "version": "3.8.10-0ubuntu1~20.04", - "arch": "all" - }, - "python3-markupsafe": { - "version": "1.1.0-1build2", - "arch": "amd64" - }, - "python3-minimal": { - "version": "3.8.2-0ubuntu2", - "arch": "amd64" - }, - "python3-more-itertools": { - "version": "4.2.0-1build1", - "arch": "all" - }, - "python3-nacl": { - "version": "1.3.0-5", - "arch": "amd64" - }, - "python3-netifaces": { - "version": "0.10.4-1ubuntu4", - "arch": "amd64" - }, - "python3-newt": { - "version": "0.52.21-4ubuntu2", - "arch": "amd64" - }, - "python3-oauthlib": { - "version": "3.1.0-1ubuntu2", - "arch": "all" - }, - "python3-openssl": { - "version": "19.0.0-1build1", - "arch": "all" - }, - "python3-pexpect": { - "version": "4.6.0-1build1", - "arch": "all" - }, - "python3-pkg-resources": { - "version": "45.2.0-1ubuntu0.1", - "arch": "all" - }, - "python3-problem-report": { - "version": "2.20.11-0ubuntu27.25", - "arch": "all" - }, - "python3-ptyprocess": { - "version": "0.6.0-1ubuntu1", - "arch": "all" - }, - "python3-pyasn1": { - "version": "0.4.2-3build1", - "arch": "all" - }, - "python3-pyasn1-modules": { - "version": "0.2.1-0.2build1", - "arch": "all" - }, - "python3-pymacaroons": { - "version": "0.13.0-3", - "arch": "all" - }, - "python3-pyrsistent": { - "version": "0.15.5-1build1", - "arch": "amd64" - }, - "python3-requests": { - "version": "2.22.0-2ubuntu1", - "arch": "all" - }, - "python3-requests-unixsocket": { - "version": "0.2.0-2", - "arch": "all" - }, - "python3-secretstorage": { - "version": "2.3.1-2ubuntu1", - "arch": "all" - }, - "python3-serial": { - "version": "3.4-5.1", - "arch": "all" - }, - "python3-service-identity": { - "version": "18.1.0-5build1", - "arch": "all" - }, - "python3-setuptools": { - "version": "45.2.0-1ubuntu0.1", - "arch": "all" - }, - "python3-simplejson": { - "version": "3.16.0-2ubuntu2", - "arch": "amd64" - }, - "python3-six": { - "version": "1.14.0-2", - "arch": "all" - }, - "python3-software-properties": { - "version": "0.99.9.11", - "arch": "all" - }, - "python3-systemd": { - "version": "234-3build2", - "arch": "amd64" - }, - "python3-twisted": { - "version": "18.9.0-11ubuntu0.20.04.2", - "arch": "all" - }, - "python3-twisted-bin": { - "version": "18.9.0-11ubuntu0.20.04.2", - "arch": "amd64" - }, - "python3-urllib3": { - "version": "1.25.8-2ubuntu0.2", - "arch": "all" - }, - "python3-wadllib": { - "version": "1.3.3-3build1", - "arch": "all" - }, - "python3-yaml": { - "version": "5.3.1-1ubuntu0.1", - "arch": "amd64" - }, - "python3-zipp": { - "version": "1.0.0-1", - "arch": "all" - }, - "python3-zope.interface": { - "version": "4.7.1-1", - "arch": "amd64" - }, - "python3.8": { - "version": "3.8.10-0ubuntu1~20.04.6", - "arch": "amd64" - }, - "python3.8-minimal": { - "version": "3.8.10-0ubuntu1~20.04.6", - "arch": "amd64" - }, - "readline-common": { - "version": "8.0-4", - "arch": "all" - }, - "rsync": { - "version": "3.1.3-8ubuntu0.5", - "arch": "amd64" - }, - "rsyslog": { - "version": "8.2001.0-1ubuntu1.3", - "arch": "amd64" - }, - "run-one": { - "version": "1.17-0ubuntu1", - "arch": "all" - }, - "sbsigntool": { - "version": "0.9.2-2ubuntu1.1", - "arch": "amd64" - }, - "screen": { - "version": "4.8.0-1ubuntu0.1", - "arch": "amd64" - }, - "secureboot-db": { - "version": "1.5", - "arch": "amd64" - }, - "sed": { - "version": "4.7-1", - "arch": "amd64" - }, - "sensible-utils": { - "version": "0.0.12+nmu1", - "arch": "all" - }, - "sg3-utils": { - "version": "1.44-1ubuntu2", - "arch": "amd64" - }, - "sg3-utils-udev": { - "version": "1.44-1ubuntu2", - "arch": "all" - }, - "shared-mime-info": { - "version": "1.15-1", - "arch": "amd64" - }, - "snapd": { - "version": "2.58+20.04", - "arch": "amd64" - }, - "sntp": { - "version": "1:4.2.8p12+dfsg-3ubuntu4.20.04.1", - "arch": "amd64" - }, - "software-properties-common": { - "version": "0.99.9.11", - "arch": "all" - }, - "sosreport": { - "version": "4.4-1ubuntu0.20.04.1", - "arch": "amd64" - }, - "sound-theme-freedesktop": { - "version": "0.8-2ubuntu1", - "arch": "all" - }, - "squashfs-tools": { - "version": "1:4.4-1ubuntu0.3", - "arch": "amd64" - }, - "ssh-import-id": { - "version": "5.10-0ubuntu1", - "arch": "all" - }, - "ssl-cert": { - "version": "1.0.39", - "arch": "all" - }, - "strace": { - "version": "5.5-3ubuntu1", - "arch": "amd64" - }, - "sudo": { - "version": "1.8.31-1ubuntu1.4", - "arch": "amd64" - }, - "systemd": { - "version": "245.4-4ubuntu3.22", - "arch": "amd64" - }, - "systemd-sysv": { - "version": "245.4-4ubuntu3.22", - "arch": "amd64" - }, - "systemd-timesyncd": { - "version": "245.4-4ubuntu3.20", - "arch": "amd64" - }, - "sysvinit-utils": { - "version": "2.96-2.1ubuntu1", - "arch": "amd64" - }, - "tar": { - "version": "1.30+dfsg-7ubuntu0.20.04.3", - "arch": "amd64" - }, - "tcpdump": { - "version": "4.9.3-4ubuntu0.2", - "arch": "amd64" - }, - "telnet": { - "version": "0.17-41.2build1", - "arch": "amd64" - }, - "thermald": { - "version": "1.9.1-1ubuntu0.6", - "arch": "amd64" - }, - "thin-provisioning-tools": { - "version": "0.8.5-4build1", - "arch": "amd64" - }, - "time": { - "version": "1.7-25.1build1", - "arch": "amd64" - }, - "tmux": { - "version": "3.0a-2ubuntu0.4", - "arch": "amd64" - }, - "tpm-udev": { - "version": "0.4", - "arch": "all" - }, - "tzdata": { - "version": "2022g-0ubuntu0.20.04.1", - "arch": "all" - }, - "ubuntu-advantage-tools": { - "version": "27.13.6~20.04.1", - "arch": "amd64" - }, - "ubuntu-keyring": { - "version": "2020.02.11.4", - "arch": "all" - }, - "ubuntu-minimal": { - "version": "1.450.2", - "arch": "amd64" - }, - "ucf": { - "version": "3.0038+nmu1", - "arch": "all" - }, - "udev": { - "version": "245.4-4ubuntu3.20", - "arch": "amd64" - }, - "udisks2": { - "version": "2.8.4-1ubuntu2", - "arch": "amd64" - }, - "ufw": { - "version": "0.36-6ubuntu1", - "arch": "all" - }, - "unattended-upgrades": { - "version": "2.3ubuntu0.3", - "arch": "all" - }, - "unzip": { - "version": "6.0-25ubuntu1.1", - "arch": "amd64" - }, - "upower": { - "version": "0.99.11-1build2", - "arch": "amd64" - }, - "usb-modeswitch": { - "version": "2.5.2+repack0-2ubuntu3", - "arch": "amd64" - }, - "usb-modeswitch-data": { - "version": "20191128-3", - "arch": "all" - }, - "usb.ids": { - "version": "2020.03.19-1", - "arch": "all" - }, - "usbmuxd": { - "version": "1.1.1~git20191130.9af2b12-1", - "arch": "amd64" - }, - "util-linux": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "uuid-runtime": { - "version": "2.34-0.1ubuntu9.3", - "arch": "amd64" - }, - "vim": { - "version": "2:8.1.2269-1ubuntu5.11", - "arch": "amd64" - }, - "vim-common": { - "version": "2:8.1.2269-1ubuntu5.11", - "arch": "all" - }, - "vim-runtime": { - "version": "2:8.1.2269-1ubuntu5.11", - "arch": "all" - }, - "vim-tiny": { - "version": "2:8.1.2269-1ubuntu5.11", - "arch": "amd64" - }, - "wget": { - "version": "1.20.3-1ubuntu2", - "arch": "amd64" - }, - "whiptail": { - "version": "0.52.21-4ubuntu2", - "arch": "amd64" - }, - "wireless-regdb": { - "version": "2022.06.06-0ubuntu1~20.04.1", - "arch": "all" - }, - "xdg-user-dirs": { - "version": "0.17-2ubuntu1", - "arch": "amd64" - }, - "xfsprogs": { - "version": "5.3.0-1ubuntu2", - "arch": "amd64" - }, - "xkb-data": { - "version": "2.29-2", - "arch": "all" - }, - "xxd": { - "version": "2:8.1.2269-1ubuntu5.11", - "arch": "amd64" - }, - "xz-utils": { - "version": "5.2.4-1ubuntu1.1", - "arch": "amd64" - }, - "zerofree": { - "version": "1.1.1-1", - "arch": "amd64" - }, - "zip": { - "version": "3.0-11build1", - "arch": "amd64" - }, - "zlib1g": { - "version": "1:1.2.11.dfsg-2ubuntu1.5", - "arch": "amd64" - }, - "zlib1g-dev": { - "version": "1:1.2.11.dfsg-2ubuntu1.5", - "arch": "amd64" - } - }, - "root_group": "root", - "shard_seed": 64994497, - "shells": [ - "/bin/sh", - "/bin/bash", - "/usr/bin/bash", - "/bin/rbash", - "/usr/bin/rbash", - "/bin/dash", - "/usr/bin/dash", - "/usr/bin/tmux", - "/usr/bin/screen" - ], - "sysconf": { - "LINK_MAX": 65000, - "_POSIX_LINK_MAX": 65000, - "MAX_CANON": 255, - "_POSIX_MAX_CANON": 255, - "MAX_INPUT": 255, - "_POSIX_MAX_INPUT": 255, - "NAME_MAX": 255, - "_POSIX_NAME_MAX": 255, - "PATH_MAX": 4096, - "_POSIX_PATH_MAX": 4096, - "PIPE_BUF": 4096, - "_POSIX_PIPE_BUF": 4096, - "SOCK_MAXBUF": null, - "_POSIX_ASYNC_IO": null, - "_POSIX_CHOWN_RESTRICTED": 1, - "_POSIX_NO_TRUNC": 1, - "_POSIX_PRIO_IO": null, - "_POSIX_SYNC_IO": null, - "_POSIX_VDISABLE": 0, - "ARG_MAX": 2097152, - "ATEXIT_MAX": 2147483647, - "CHAR_BIT": 8, - "CHAR_MAX": 127, - "CHAR_MIN": -128, - "CHILD_MAX": 3546, - "CLK_TCK": 100, - "INT_MAX": 2147483647, - "INT_MIN": -2147483648, - "IOV_MAX": 1024, - "LOGNAME_MAX": 256, - "LONG_BIT": 64, - "MB_LEN_MAX": 16, - "NGROUPS_MAX": 65536, - "NL_ARGMAX": 4096, - "NL_LANGMAX": 2048, - "NL_MSGMAX": 2147483647, - "NL_NMAX": 2147483647, - "NL_SETMAX": 2147483647, - "NL_TEXTMAX": 2147483647, - "NSS_BUFLEN_GROUP": 1024, - "NSS_BUFLEN_PASSWD": 1024, - "NZERO": 20, - "OPEN_MAX": 1024, - "PAGESIZE": 4096, - "PAGE_SIZE": 4096, - "PASS_MAX": 8192, - "PTHREAD_DESTRUCTOR_ITERATIONS": 4, - "PTHREAD_KEYS_MAX": 1024, - "PTHREAD_STACK_MIN": 16384, - "PTHREAD_THREADS_MAX": null, - "SCHAR_MAX": 127, - "SCHAR_MIN": -128, - "SHRT_MAX": 32767, - "SHRT_MIN": -32768, - "SSIZE_MAX": 32767, - "TTY_NAME_MAX": 32, - "TZNAME_MAX": null, - "UCHAR_MAX": 255, - "UINT_MAX": 4294967295, - "UIO_MAXIOV": 1024, - "ULONG_MAX": 18446744073709551615, - "USHRT_MAX": 65535, - "WORD_BIT": 32, - "_AVPHYS_PAGES": 25990, - "_NPROCESSORS_CONF": 2, - "_NPROCESSORS_ONLN": 2, - "_PHYS_PAGES": 250028, - "_POSIX_ARG_MAX": 2097152, - "_POSIX_ASYNCHRONOUS_IO": 200809, - "_POSIX_CHILD_MAX": 3546, - "_POSIX_FSYNC": 200809, - "_POSIX_JOB_CONTROL": 1, - "_POSIX_MAPPED_FILES": 200809, - "_POSIX_MEMLOCK": 200809, - "_POSIX_MEMLOCK_RANGE": 200809, - "_POSIX_MEMORY_PROTECTION": 200809, - "_POSIX_MESSAGE_PASSING": 200809, - "_POSIX_NGROUPS_MAX": 65536, - "_POSIX_OPEN_MAX": 1024, - "_POSIX_PII": null, - "_POSIX_PII_INTERNET": null, - "_POSIX_PII_INTERNET_DGRAM": null, - "_POSIX_PII_INTERNET_STREAM": null, - "_POSIX_PII_OSI": null, - "_POSIX_PII_OSI_CLTS": null, - "_POSIX_PII_OSI_COTS": null, - "_POSIX_PII_OSI_M": null, - "_POSIX_PII_SOCKET": null, - "_POSIX_PII_XTI": null, - "_POSIX_POLL": null, - "_POSIX_PRIORITIZED_IO": 200809, - "_POSIX_PRIORITY_SCHEDULING": 200809, - "_POSIX_REALTIME_SIGNALS": 200809, - "_POSIX_SAVED_IDS": 1, - "_POSIX_SELECT": null, - "_POSIX_SEMAPHORES": 200809, - "_POSIX_SHARED_MEMORY_OBJECTS": 200809, - "_POSIX_SSIZE_MAX": 32767, - "_POSIX_STREAM_MAX": 16, - "_POSIX_SYNCHRONIZED_IO": 200809, - "_POSIX_THREADS": 200809, - "_POSIX_THREAD_ATTR_STACKADDR": 200809, - "_POSIX_THREAD_ATTR_STACKSIZE": 200809, - "_POSIX_THREAD_PRIORITY_SCHEDULING": 200809, - "_POSIX_THREAD_PRIO_INHERIT": 200809, - "_POSIX_THREAD_PRIO_PROTECT": 200809, - "_POSIX_THREAD_ROBUST_PRIO_INHERIT": null, - "_POSIX_THREAD_ROBUST_PRIO_PROTECT": null, - "_POSIX_THREAD_PROCESS_SHARED": 200809, - "_POSIX_THREAD_SAFE_FUNCTIONS": 200809, - "_POSIX_TIMERS": 200809, - "TIMER_MAX": null, - "_POSIX_TZNAME_MAX": null, - "_POSIX_VERSION": 200809, - "_T_IOV_MAX": null, - "_XOPEN_CRYPT": null, - "_XOPEN_ENH_I18N": 1, - "_XOPEN_LEGACY": 1, - "_XOPEN_REALTIME": 1, - "_XOPEN_REALTIME_THREADS": 1, - "_XOPEN_SHM": 1, - "_XOPEN_UNIX": 1, - "_XOPEN_VERSION": 700, - "_XOPEN_XCU_VERSION": 4, - "_XOPEN_XPG2": 1, - "_XOPEN_XPG3": 1, - "_XOPEN_XPG4": 1, - "BC_BASE_MAX": 99, - "BC_DIM_MAX": 2048, - "BC_SCALE_MAX": 99, - "BC_STRING_MAX": 1000, - "CHARCLASS_NAME_MAX": 2048, - "COLL_WEIGHTS_MAX": 255, - "EQUIV_CLASS_MAX": null, - "EXPR_NEST_MAX": 32, - "LINE_MAX": 2048, - "POSIX2_BC_BASE_MAX": 99, - "POSIX2_BC_DIM_MAX": 2048, - "POSIX2_BC_SCALE_MAX": 99, - "POSIX2_BC_STRING_MAX": 1000, - "POSIX2_CHAR_TERM": 200809, - "POSIX2_COLL_WEIGHTS_MAX": 255, - "POSIX2_C_BIND": 200809, - "POSIX2_C_DEV": 200809, - "POSIX2_C_VERSION": 200809, - "POSIX2_EXPR_NEST_MAX": 32, - "POSIX2_FORT_DEV": null, - "POSIX2_FORT_RUN": null, - "_POSIX2_LINE_MAX": 2048, - "POSIX2_LINE_MAX": 2048, - "POSIX2_LOCALEDEF": 200809, - "POSIX2_RE_DUP_MAX": 32767, - "POSIX2_SW_DEV": 200809, - "POSIX2_UPE": null, - "POSIX2_VERSION": 200809, - "RE_DUP_MAX": 32767, - "PATH": "/bin:/usr/bin", - "CS_PATH": "/bin:/usr/bin", - "LFS_CFLAGS": null, - "LFS_LDFLAGS": null, - "LFS_LIBS": null, - "LFS_LINTFLAGS": null, - "LFS64_CFLAGS": "-D_LARGEFILE64_SOURCE", - "LFS64_LDFLAGS": null, - "LFS64_LIBS": null, - "LFS64_LINTFLAGS": "-D_LARGEFILE64_SOURCE", - "_XBS5_WIDTH_RESTRICTED_ENVS": "XBS5_LP64_OFF64", - "XBS5_WIDTH_RESTRICTED_ENVS": "XBS5_LP64_OFF64", - "_XBS5_ILP32_OFF32": null, - "XBS5_ILP32_OFF32_CFLAGS": null, - "XBS5_ILP32_OFF32_LDFLAGS": null, - "XBS5_ILP32_OFF32_LIBS": null, - "XBS5_ILP32_OFF32_LINTFLAGS": null, - "_XBS5_ILP32_OFFBIG": null, - "XBS5_ILP32_OFFBIG_CFLAGS": null, - "XBS5_ILP32_OFFBIG_LDFLAGS": null, - "XBS5_ILP32_OFFBIG_LIBS": null, - "XBS5_ILP32_OFFBIG_LINTFLAGS": null, - "_XBS5_LP64_OFF64": 1, - "XBS5_LP64_OFF64_CFLAGS": "-m64", - "XBS5_LP64_OFF64_LDFLAGS": "-m64", - "XBS5_LP64_OFF64_LIBS": null, - "XBS5_LP64_OFF64_LINTFLAGS": null, - "_XBS5_LPBIG_OFFBIG": null, - "XBS5_LPBIG_OFFBIG_CFLAGS": null, - "XBS5_LPBIG_OFFBIG_LDFLAGS": null, - "XBS5_LPBIG_OFFBIG_LIBS": null, - "XBS5_LPBIG_OFFBIG_LINTFLAGS": null, - "_POSIX_V6_ILP32_OFF32": null, - "POSIX_V6_ILP32_OFF32_CFLAGS": null, - "POSIX_V6_ILP32_OFF32_LDFLAGS": null, - "POSIX_V6_ILP32_OFF32_LIBS": null, - "POSIX_V6_ILP32_OFF32_LINTFLAGS": null, - "_POSIX_V6_WIDTH_RESTRICTED_ENVS": "POSIX_V6_LP64_OFF64", - "POSIX_V6_WIDTH_RESTRICTED_ENVS": "POSIX_V6_LP64_OFF64", - "_POSIX_V6_ILP32_OFFBIG": null, - "POSIX_V6_ILP32_OFFBIG_CFLAGS": null, - "POSIX_V6_ILP32_OFFBIG_LDFLAGS": null, - "POSIX_V6_ILP32_OFFBIG_LIBS": null, - "POSIX_V6_ILP32_OFFBIG_LINTFLAGS": null, - "_POSIX_V6_LP64_OFF64": 1, - "POSIX_V6_LP64_OFF64_CFLAGS": "-m64", - "POSIX_V6_LP64_OFF64_LDFLAGS": "-m64", - "POSIX_V6_LP64_OFF64_LIBS": null, - "POSIX_V6_LP64_OFF64_LINTFLAGS": null, - "_POSIX_V6_LPBIG_OFFBIG": null, - "POSIX_V6_LPBIG_OFFBIG_CFLAGS": null, - "POSIX_V6_LPBIG_OFFBIG_LDFLAGS": null, - "POSIX_V6_LPBIG_OFFBIG_LIBS": null, - "POSIX_V6_LPBIG_OFFBIG_LINTFLAGS": null, - "_POSIX_V7_ILP32_OFF32": null, - "POSIX_V7_ILP32_OFF32_CFLAGS": null, - "POSIX_V7_ILP32_OFF32_LDFLAGS": null, - "POSIX_V7_ILP32_OFF32_LIBS": null, - "POSIX_V7_ILP32_OFF32_LINTFLAGS": null, - "_POSIX_V7_WIDTH_RESTRICTED_ENVS": "POSIX_V7_LP64_OFF64", - "POSIX_V7_WIDTH_RESTRICTED_ENVS": "POSIX_V7_LP64_OFF64", - "_POSIX_V7_ILP32_OFFBIG": null, - "POSIX_V7_ILP32_OFFBIG_CFLAGS": null, - "POSIX_V7_ILP32_OFFBIG_LDFLAGS": null, - "POSIX_V7_ILP32_OFFBIG_LIBS": null, - "POSIX_V7_ILP32_OFFBIG_LINTFLAGS": null, - "_POSIX_V7_LP64_OFF64": 1, - "POSIX_V7_LP64_OFF64_CFLAGS": "-m64", - "POSIX_V7_LP64_OFF64_LDFLAGS": "-m64", - "POSIX_V7_LP64_OFF64_LIBS": null, - "POSIX_V7_LP64_OFF64_LINTFLAGS": null, - "_POSIX_V7_LPBIG_OFFBIG": null, - "POSIX_V7_LPBIG_OFFBIG_CFLAGS": null, - "POSIX_V7_LPBIG_OFFBIG_LDFLAGS": null, - "POSIX_V7_LPBIG_OFFBIG_LIBS": null, - "POSIX_V7_LPBIG_OFFBIG_LINTFLAGS": null, - "_POSIX_ADVISORY_INFO": 200809, - "_POSIX_BARRIERS": 200809, - "_POSIX_BASE": null, - "_POSIX_C_LANG_SUPPORT": null, - "_POSIX_C_LANG_SUPPORT_R": null, - "_POSIX_CLOCK_SELECTION": 200809, - "_POSIX_CPUTIME": 200809, - "_POSIX_THREAD_CPUTIME": 200809, - "_POSIX_DEVICE_SPECIFIC": null, - "_POSIX_DEVICE_SPECIFIC_R": null, - "_POSIX_FD_MGMT": null, - "_POSIX_FIFO": null, - "_POSIX_PIPE": null, - "_POSIX_FILE_ATTRIBUTES": null, - "_POSIX_FILE_LOCKING": null, - "_POSIX_FILE_SYSTEM": null, - "_POSIX_MONOTONIC_CLOCK": 200809, - "_POSIX_MULTI_PROCESS": null, - "_POSIX_SINGLE_PROCESS": null, - "_POSIX_NETWORKING": null, - "_POSIX_READER_WRITER_LOCKS": 200809, - "_POSIX_SPIN_LOCKS": 200809, - "_POSIX_REGEXP": 1, - "_REGEX_VERSION": null, - "_POSIX_SHELL": 1, - "_POSIX_SIGNALS": null, - "_POSIX_SPAWN": 200809, - "_POSIX_SPORADIC_SERVER": null, - "_POSIX_THREAD_SPORADIC_SERVER": null, - "_POSIX_SYSTEM_DATABASE": null, - "_POSIX_SYSTEM_DATABASE_R": null, - "_POSIX_TIMEOUTS": 200809, - "_POSIX_TYPED_MEMORY_OBJECTS": null, - "_POSIX_USER_GROUPS": null, - "_POSIX_USER_GROUPS_R": null, - "POSIX2_PBS": null, - "POSIX2_PBS_ACCOUNTING": null, - "POSIX2_PBS_LOCATE": null, - "POSIX2_PBS_TRACK": null, - "POSIX2_PBS_MESSAGE": null, - "SYMLOOP_MAX": null, - "STREAM_MAX": 16, - "AIO_LISTIO_MAX": null, - "AIO_MAX": null, - "AIO_PRIO_DELTA_MAX": 20, - "DELAYTIMER_MAX": 2147483647, - "HOST_NAME_MAX": 64, - "LOGIN_NAME_MAX": 256, - "MQ_OPEN_MAX": null, - "MQ_PRIO_MAX": 32768, - "_POSIX_DEVICE_IO": null, - "_POSIX_TRACE": null, - "_POSIX_TRACE_EVENT_FILTER": null, - "_POSIX_TRACE_INHERIT": null, - "_POSIX_TRACE_LOG": null, - "RTSIG_MAX": 32, - "SEM_NSEMS_MAX": null, - "SEM_VALUE_MAX": 2147483647, - "SIGQUEUE_MAX": 3546, - "FILESIZEBITS": 64, - "POSIX_ALLOC_SIZE_MIN": 4096, - "POSIX_REC_INCR_XFER_SIZE": null, - "POSIX_REC_MAX_XFER_SIZE": null, - "POSIX_REC_MIN_XFER_SIZE": 4096, - "POSIX_REC_XFER_ALIGN": 4096, - "SYMLINK_MAX": null, - "GNU_LIBC_VERSION": "glibc 2.31", - "GNU_LIBPTHREAD_VERSION": "NPTL 2.31", - "POSIX2_SYMLINKS": 1, - "LEVEL1_ICACHE_SIZE": 32768, - "LEVEL1_ICACHE_ASSOC": 8, - "LEVEL1_ICACHE_LINESIZE": 64, - "LEVEL1_DCACHE_SIZE": 32768, - "LEVEL1_DCACHE_ASSOC": 8, - "LEVEL1_DCACHE_LINESIZE": 64, - "LEVEL2_CACHE_SIZE": 262144, - "LEVEL2_CACHE_ASSOC": 8, - "LEVEL2_CACHE_LINESIZE": 64, - "LEVEL3_CACHE_SIZE": 4194304, - "LEVEL3_CACHE_ASSOC": 16, - "LEVEL3_CACHE_LINESIZE": 64, - "LEVEL4_CACHE_SIZE": 0, - "LEVEL4_CACHE_ASSOC": 0, - "LEVEL4_CACHE_LINESIZE": 0, - "IPV6": 200809, - "RAW_SOCKETS": 200809, - "_POSIX_IPV6": 200809, - "_POSIX_RAW_SOCKETS": 200809 - }, - "time": { - "timezone": "UTC" - }, - "virtualbox": { - "host": { - "language": "en_US", - "revision": "156879", - "version": "7.0.8" - }, - "guest": { - "guest_additions_version": "7.0.6", - "guest_additions_revision": "155176" - } - }, - "chef_guid": "f8424309-f2cf-412d-af0b-c8d284b1e412", - "name": "vagrant-openresty", - "chef_environment": "development", - "recipes": [ - "kosmos-base", - "kosmos-base::default", - "kosmos_openresty", - "kosmos_openresty::default", - "kosmos_openresty::hello_world", - "kosmos_assets::nginx_site", - "apt::default", - "timezone_iii::default", - "timezone_iii::debian", - "ntp::default", - "ntp::apparmor", - "kosmos-base::systemd_emails", - "apt::unattended-upgrades", - "openresty::apt_package", - "openresty::ohai_plugin", - "openresty::commons_user", - "openresty::commons_dir", - "openresty::commons_script", - "openresty::commons_conf", - "logrotate::default", - "openresty::luarocks", - "git::default", - "git::package", - "kosmos-base::letsencrypt" - ], - "expanded_run_list": [ - "kosmos-base::default", - "kosmos_openresty::default", - "kosmos_openresty::hello_world", - "kosmos_assets::nginx_site" - ], - "roles": [ - "openresty", - "openresty_proxy" - ], - "cookbooks": { - "kosmos-base": { - "version": "0.3.0" - }, - "kosmos_openresty": { - "version": "0.1.0" - }, - "kosmos_assets": { - "version": "1.0.0" - }, - "apt": { - "version": "7.3.0" - }, - "users": { - "version": "5.3.1" - }, - "kosmos-postfix": { - "version": "0.1.0" - }, - "hostname": { - "version": "0.4.2" - }, - "firewall": { - "version": "6.2.16" - }, - "timezone_iii": { - "version": "1.0.4" - }, - "ntp": { - "version": "3.4.0" - }, - "openresty": { - "version": "0.6.2" - }, - "postfix": { - "version": "5.0.2" - }, - "hostsfile": { - "version": "3.0.1" - }, - "build-essential": { - "version": "8.2.1" - }, - "logrotate": { - "version": "2.2.0" - }, - "ohai": { - "version": "5.2.5" - }, - "yum": { - "version": "7.4.13" - }, - "git": { - "version": "10.0.0" - }, - "postgresql": { - "version": "7.1.9" - }, - "jemalloc": { - "version": "0.1.7" - }, - "seven_zip": { - "version": "4.2.2" - }, - "mingw": { - "version": "2.1.7" - } - }, - "nginx": { - "version": "1.21.4.1", - "configure_arguments": [ - "--prefix=/usr/local/openresty", - "--with-cc-opt='-O2 -DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/zlib/include -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl111/include'", - "--add-module=../ngx_devel_kit-0.3.1", - "--add-module=../echo-nginx-module-0.62", - "--add-module=../xss-nginx-module-0.06", - "--add-module=../ngx_coolkit-0.2", - "--add-module=../set-misc-nginx-module-0.33", - "--add-module=../form-input-nginx-module-0.12", - "--add-module=../encrypted-session-nginx-module-0.09", - "--add-module=../srcache-nginx-module-0.32", - "--add-module=../ngx_lua-0.10.21", - "--add-module=../ngx_lua_upstream-0.07", - "--add-module=../headers-more-nginx-module-0.33", - "--add-module=../array-var-nginx-module-0.05", - "--add-module=../memc-nginx-module-0.19", - "--add-module=../redis2-nginx-module-0.15", - "--add-module=../redis-nginx-module-0.3.9", - "--add-module=../ngx_stream_lua-0.0.11", - "--with-ld-opt='-Wl,-rpath,/usr/local/openresty/luajit/lib -L/usr/local/openresty/zlib/lib -L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl111/lib -Wl,-rpath,/usr/local/openresty/zlib/lib:/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl111/lib'", - "--with-pcre-jit", - "--with-stream", - "--with-stream_ssl_module", - "--with-stream_ssl_preread_module", - "--with-http_v2_module", - "--without-mail_pop3_module", - "--without-mail_imap_module", - "--without-mail_smtp_module", - "--with-http_stub_status_module", - "--with-http_realip_module", - "--with-http_addition_module", - "--with-http_auth_request_module", - "--with-http_secure_link_module", - "--with-http_random_index_module", - "--with-http_gzip_static_module", - "--with-http_sub_module", - "--with-http_dav_module", - "--with-http_flv_module", - "--with-http_mp4_module", - "--with-http_gunzip_module", - "--with-threads", - "--with-stream", - "--with-http_ssl_module" - ], - "prefix": "/usr/local/openresty", - "conf_path": null - } - }, - "run_list": [ - "recipe[kosmos-base]", - "role[openresty]", - "role[openresty_proxy]" - ] -} \ No newline at end of file From 69af908f6b1265334c4178e9cac50714ce8d96aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 7 Dec 2023 14:02:37 +0100 Subject: [PATCH 30/95] Virtual domain configs --- .../kosmos_email/attributes/default.rb | 8 +- .../kosmos_email/recipes/dovecot.rb | 23 +++- .../kosmos_email/recipes/postfix.rb | 75 +++++++++---- .../templates/dovecot_10-auth.conf.erb | 2 +- .../templates/dovecot_10-mail.conf.erb | 61 +--------- .../templates/dovecot_15-mailboxes.conf.erb | 106 ++++++++++++++++++ ...aliases.cf.erb => postfix_ldap-map.cf.erb} | 3 + 7 files changed, 188 insertions(+), 90 deletions(-) create mode 100644 site-cookbooks/kosmos_email/templates/dovecot_15-mailboxes.conf.erb rename site-cookbooks/kosmos_email/templates/{ldap-aliases.cf.erb => postfix_ldap-map.cf.erb} (73%) diff --git a/site-cookbooks/kosmos_email/attributes/default.rb b/site-cookbooks/kosmos_email/attributes/default.rb index 0276203..c77e52b 100644 --- a/site-cookbooks/kosmos_email/attributes/default.rb +++ b/site-cookbooks/kosmos_email/attributes/default.rb @@ -1,3 +1,5 @@ -node.default["email"]["domain"] = "example.com" -node.default["email"]["hostname"] = "mail.example.com" -node.default["email"]["report_contact"] = "abuse@example.com" +node.default["email"]["domain"] = "example.com" +node.default["email"]["hostname"] = "mail.example.com" +node.default["email"]["report_contact"] = "abuse@example.com" +node.default["email"]["ldap_host"] = "ldap.kosmos.local" +node.default["email"]["ldap_search_base"] = "cn=users,dc=kosmos,dc=org" diff --git a/site-cookbooks/kosmos_email/recipes/dovecot.rb b/site-cookbooks/kosmos_email/recipes/dovecot.rb index fff9274..9ebafd6 100644 --- a/site-cookbooks/kosmos_email/recipes/dovecot.rb +++ b/site-cookbooks/kosmos_email/recipes/dovecot.rb @@ -17,6 +17,9 @@ domain = node["email"]["domain"] hostname = node["email"]["hostname"] ip_addr = node["knife_zero"]["host"] +ldap_search_base = node["email"]["ldap_search_base"] +ldap_user_filter = "(&(objectClass=person)(mailRoutingAddress=%u))" + credentials = Chef::EncryptedDataBagItem.load('credentials', 'email') user "vmail" do @@ -41,11 +44,11 @@ template "/etc/dovecot/dovecot-ldap.conf.ext" do variables uris: "ldap://ldap.kosmos.local", # TODO add list of all IPs instead? dn: credentials['ldap_dn'], dnpass: credentials['ldap_dnpass'], - base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org", - user_attrs: "mailhome=home", - user_filter: "(&(objectClass=person)(cn=%u))", - pass_attrs: "cn=user,mailpassword=password", - pass_filter: "(&(objectClass=person)(cn=%u))", + base: ldap_search_base, + user_filter: ldap_user_filter, + user_attrs: "", + pass_filter: ldap_user_filter, + pass_attrs: "mailRoutingAddress=user,mailpassword=password", default_pass_scheme: "BLF-CRYPT" notifies :restart, "service[dovecot]", :delayed end @@ -60,7 +63,9 @@ template "/etc/dovecot/conf.d/10-mail.conf" do source "dovecot_10-mail.conf.erb" mode 0644 variables mail_uid: "vmail", - mail_gid: "mail" + mail_gid: "mail", + mail_location: "mbox:~/mail:INBOX=~/mail/INBOX", + mail_home: "/var/vmail/%d/%n" notifies :restart, "service[dovecot]", :delayed end @@ -79,6 +84,12 @@ template "/etc/dovecot/conf.d/10-ssl.conf" do notifies :restart, "service[dovecot]", :delayed end +template "/etc/dovecot/conf.d/15-mailboxes.conf" do + source "dovecot_15-mailboxes.conf.erb" + mode 0644 + notifies :restart, "service[dovecot]", :delayed +end + service "dovecot" do action [:enable, :start] end diff --git a/site-cookbooks/kosmos_email/recipes/postfix.rb b/site-cookbooks/kosmos_email/recipes/postfix.rb index d8892bd..a66dbf1 100644 --- a/site-cookbooks/kosmos_email/recipes/postfix.rb +++ b/site-cookbooks/kosmos_email/recipes/postfix.rb @@ -14,17 +14,19 @@ domain = node["email"]["domain"] hostname = node["email"]["hostname"] ip_addr = node["knife_zero"]["host"] +ldap_host = node["email"]["ldap_host"] +ldap_search_base = node["email"]["ldap_search_base"] + credentials = Chef::EncryptedDataBagItem.load('credentials', 'email') node.normal["postfix"]["mail_type"] = "master" node.normal["postfix"]["use_relay_restrictions_maps"] = true node.normal["postfix"]["relay_restrictions"] = { domain => "OK", hostname => "OK" } -node.normal['postfix']['main']['mydomain'] = domain -node.normal['postfix']['main']['myorigin'] = domain node.normal['postfix']['main']['myhostname'] = hostname +node.normal['postfix']['main']['mydomain'] = "$myhostname" +node.normal['postfix']['main']['myorigin'] = "$myhostname" node.normal['postfix']['main']['mynetworks'] = ["10.1.1.0/24", "127.0.0.0/8"] -node.normal['postfix']['main']['mydestination'] = [domain, hostname, 'localhost.localdomain', 'localhost'].compact node.normal['postfix']['main']['smtp_use_tls'] = "yes" node.normal['postfix']['main']['smtp_tls_security_level'] = "may" node.normal['postfix']['main']['smtpd_use_tls'] = "yes" @@ -35,8 +37,13 @@ node.normal['postfix']['main']['mailbox_transport'] = "lmtp:unix:private/dovecot node.normal['postfix']['main']['virtual_transport'] = "lmtp:unix:private/dovecot-lmtp" node.normal['postfix']['main']['smtputf8_enable'] = "no" node.normal['postfix']['main']['recipient_delimiter'] = "+" -node.normal['postfix']['main']['alias_maps'] = "hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf" -node.normal['postfix']['main']['smtpd_sender_login_maps'] = "ldap:/etc/postfix/ldap-username-aliases.cf" + +# node.normal['postfix']['main']['virtual_alias_domains'] = "ldap:/etc/postfix/ldap-virtual_alias_domains.cf" +node.normal['postfix']['main']['virtual_alias_maps'] = "hash:/var/vmail/aliases, ldap:/etc/postfix/ldap-virtual_alias_maps.cf" +node.normal['postfix']['main']['virtual_mailbox_domains'] = "ldap:/etc/postfix/ldap-virtual_mailbox_domains.cf" +node.normal['postfix']['main']['virtual_mailbox_maps'] = "ldap:/etc/postfix/ldap-virtual_mailbox_maps.cf" +node.normal['postfix']['main']['smtpd_sender_login_maps'] = "ldap:/etc/postfix/ldap-smtpd_sender_login_maps.cf" + node.normal['postfix']['main']['milter_protocol'] = "6" node.normal['postfix']['main']['milter_default_action'] = "accept" node.normal['postfix']['main']['smtpd_milters'] = "inet:localhost:12301 local:spamass/spamass.sock" @@ -70,7 +77,7 @@ node.normal['postfix']['master'] = { "-o smtpd_sasl_auth_enable=yes", "-o smtpd_sender_restrictions=reject_sender_login_mismatch", "-o smtpd_relay_restrictions=permit_sasl_authenticated,reject", - "-o smtpd_recipient_restrictions=permit_mynetworks,reject_sender_login_mismatch,permit_sasl_authenticated,reject", + "-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject", "-o smtpd_sasl_type=dovecot", "-o smtpd_sasl_path=private/auth", "-o smtpd_upstream_proxy_protocol=haproxy", @@ -123,27 +130,51 @@ node.normal['postfix']['master'] = { } } -template "/etc/postfix/ldap-aliases.cf" do - source "ldap-aliases.cf.erb" +ldap_default_variables = { + server_host: ldap_host, + bind_dn: credentials['ldap_dn'], + bind_pw: credentials['ldap_dnpass'], + search_base: ldap_search_base +} + +template "/etc/postfix/ldap-virtual_mailbox_domains.cf" do + source "postfix_ldap-map.cf.erb" mode 0600 - variables server_host: "ldap.kosmos.local", - bind_dn: credentials['ldap_dn'], - bind_pw: credentials['ldap_dnpass'], - search_base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org", - query_filter: "(&(objectClass=person)(cn=%u))", - result_attribute: "maildrop" + variables ldap_default_variables.merge({ + query_filter: "mailRoutingAddress=*@%s", + result_attribute: "mailRoutingAddress", + result_format: "%d" + }) notifies :restart, "service[postfix]", :delayed end -template "/etc/postfix/ldap-username-aliases.cf" do - source "ldap-aliases.cf.erb" +template "/etc/postfix/ldap-virtual_alias_maps.cf" do + source "postfix_ldap-map.cf.erb" mode 0600 - variables server_host: "ldap.kosmos.local", - bind_dn: credentials['ldap_dn'], - bind_pw: credentials['ldap_dnpass'], - search_base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org", - query_filter: "(&(objectClass=person)(cn=%u))", - result_attribute: "cn" + variables ldap_default_variables.merge({ + query_filter: "(&(mailRoutingAddress=%s)(mailForwardingAddress=*))", + result_attribute: "mailForwardingAddress" + }) + notifies :restart, "service[postfix]", :delayed +end + +template "/etc/postfix/ldap-virtual_mailbox_maps.cf" do + source "postfix_ldap-map.cf.erb" + mode 0600 + variables ldap_default_variables.merge({ + query_filter: "mailRoutingAddress=%s", + result_attribute: "mailRoutingAddress" + }) + notifies :restart, "service[postfix]", :delayed +end + +template "/etc/postfix/ldap-smtpd_sender_login_maps.cf" do + source "postfix_ldap-map.cf.erb" + mode 0600 + variables ldap_default_variables.merge({ + query_filter: "mailRoutingAddress=%s", + result_attribute: "mailRoutingAddress, mailForwardingAddress" + }) notifies :restart, "service[postfix]", :delayed end diff --git a/site-cookbooks/kosmos_email/templates/dovecot_10-auth.conf.erb b/site-cookbooks/kosmos_email/templates/dovecot_10-auth.conf.erb index f3270b1..7c079aa 100644 --- a/site-cookbooks/kosmos_email/templates/dovecot_10-auth.conf.erb +++ b/site-cookbooks/kosmos_email/templates/dovecot_10-auth.conf.erb @@ -48,7 +48,7 @@ disable_plaintext_auth = yes # the standard variables here, eg. %Lu would lowercase the username, %n would # drop away the domain if it was given, or "%n-AT-%d" would change the '@' into # "-AT-". This translation is done after auth_username_translation changes. -auth_username_format = %n +auth_username_format = %Lu # If you want to allow master users to log in by specifying the master # username within the normal username string (ie. not using SASL mechanism's diff --git a/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb b/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb index 8833f28..21c0ee2 100644 --- a/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb +++ b/site-cookbooks/kosmos_email/templates/dovecot_10-mail.conf.erb @@ -27,7 +27,9 @@ # # # -mail_location = mbox:~/mail:INBOX=~/mail/INBOX +mail_location = <%= @mail_location %> + +mail_home = <%= @mail_home %> # If you need to set multiple mailbox locations or want to change default # namespace settings, you can do it by defining namespace sections. @@ -40,63 +42,6 @@ mail_location = mbox:~/mail:INBOX=~/mail/INBOX # users can access all the shared mailboxes, assuming they have permissions # on filesystem level to do so. namespace inbox { - type = private - inbox = yes - - mailbox Drafts { - special_use = \Drafts - auto = subscribe - } - - mailbox Junk { - special_use = \Junk - auto = create - } - - mailbox spam { - special_use = \Junk - auto = no - } - - mailbox Spam { - special_use = \Junk - auto = no - } - - mailbox Trash { - special_use = \Trash - auto = subscribe - } - - mailbox TRASH { - special_use = \Trash - auto = no - } - - mailbox Sent { - special_use = \Sent - auto = subscribe - } - - mailbox "Sent Mail" { - special_use = \Sent - auto = no - } - - mailbox "Sent Messages" { - special_use = \Sent - auto = no - } - - mailbox Archive { - special_use = \Archive - auto = create - } - - mailbox "Archives" { - special_use = \Archive - auto = no - } } # Example shared namespace configuration diff --git a/site-cookbooks/kosmos_email/templates/dovecot_15-mailboxes.conf.erb b/site-cookbooks/kosmos_email/templates/dovecot_15-mailboxes.conf.erb new file mode 100644 index 0000000..a2c2c59 --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/dovecot_15-mailboxes.conf.erb @@ -0,0 +1,106 @@ +## +## Mailbox definitions +## + +# Each mailbox is specified in a separate mailbox section. The section name +# specifies the mailbox name. If it has spaces, you can put the name +# "in quotes". These sections can contain the following mailbox settings: +# +# auto: +# Indicates whether the mailbox with this name is automatically created +# implicitly when it is first accessed. The user can also be automatically +# subscribed to the mailbox after creation. The following values are +# defined for this setting: +# +# no - Never created automatically. +# create - Automatically created, but no automatic subscription. +# subscribe - Automatically created and subscribed. +# +# special_use: +# A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the +# mailbox. There are no validity checks, so you could specify anything +# you want in here, but it's not a good idea to use flags other than the +# standard ones specified in the RFC: +# +# \All - This (virtual) mailbox presents all messages in the +# user's message store. +# \Archive - This mailbox is used to archive messages. +# \Drafts - This mailbox is used to hold draft messages. +# \Flagged - This (virtual) mailbox presents all messages in the +# user's message store marked with the IMAP \Flagged flag. +# \Important - This (virtual) mailbox presents all messages in the +# user's message store deemed important to user. +# \Junk - This mailbox is where messages deemed to be junk mail +# are held. +# \Sent - This mailbox is used to hold copies of messages that +# have been sent. +# \Trash - This mailbox is used to hold messages that have been +# deleted. +# +# comment: +# Defines a default comment or note associated with the mailbox. This +# value is accessible through the IMAP METADATA mailbox entries +# "/shared/comment" and "/private/comment". Users with sufficient +# privileges can override the default value for entries with a custom +# value. + +# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf. +namespace inbox { + type = private + inbox = yes + + mailbox Drafts { + special_use = \Drafts + auto = subscribe + } + + mailbox Junk { + special_use = \Junk + auto = create + } + + mailbox spam { + special_use = \Junk + auto = no + } + + mailbox Spam { + special_use = \Junk + auto = no + } + + mailbox Trash { + special_use = \Trash + auto = subscribe + } + + mailbox TRASH { + special_use = \Trash + auto = no + } + + mailbox Sent { + special_use = \Sent + auto = subscribe + } + + mailbox "Sent Mail" { + special_use = \Sent + auto = no + } + + mailbox "Sent Messages" { + special_use = \Sent + auto = no + } + + mailbox Archive { + special_use = \Archive + auto = create + } + + mailbox "Archives" { + special_use = \Archive + auto = no + } +} diff --git a/site-cookbooks/kosmos_email/templates/ldap-aliases.cf.erb b/site-cookbooks/kosmos_email/templates/postfix_ldap-map.cf.erb similarity index 73% rename from site-cookbooks/kosmos_email/templates/ldap-aliases.cf.erb rename to site-cookbooks/kosmos_email/templates/postfix_ldap-map.cf.erb index 3b266a6..2711e0d 100644 --- a/site-cookbooks/kosmos_email/templates/ldap-aliases.cf.erb +++ b/site-cookbooks/kosmos_email/templates/postfix_ldap-map.cf.erb @@ -5,3 +5,6 @@ bind_pw = <%= @bind_pw %> search_base = <%= @search_base %> query_filter = <%= @query_filter %> result_attribute = <%= @result_attribute %> +<% if @result_format %> +result_format = <%= @result_format %> +<% end %> From 574f78f1283e6a68617352332de248c0ad220cbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 14 Dec 2023 18:12:29 +0100 Subject: [PATCH 31/95] Upgrade bitcoind, LND, CLN, RTL, NBXplorer, BTCPay Also required upgrading node.js and the .NET SDK. --- .../kosmos-bitcoin/attributes/default.rb | 16 ++++++++-------- site-cookbooks/kosmos-bitcoin/recipes/dotnet.rb | 2 +- site-cookbooks/kosmos-bitcoin/recipes/rtl.rb | 1 + 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index 8fdd455..6cc9a4e 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -1,5 +1,5 @@ -node.default['bitcoin']['version'] = '25.0' -node.default['bitcoin']['checksum'] = '5df67cf42ca3b9a0c38cdafec5bbb517da5b58d251f32c8d2a47511f9be1ebc2' +node.default['bitcoin']['version'] = '26.0' +node.default['bitcoin']['checksum'] = 'ab1d99276e28db62d1d9f3901e85ac358d7f1ebcb942d348a9c4e46f0fcdc0a1' node.default['bitcoin']['username'] = 'satoshi' node.default['bitcoin']['usergroup'] = 'bitcoin' node.default['bitcoin']['network'] = 'mainnet' @@ -31,7 +31,7 @@ node.default['bitcoin']['conf'] = { node.default['bitcoin']['tor_enabled'] = true node.default['c-lightning']['repo'] = 'https://github.com/ElementsProject/lightning' -node.default['c-lightning']['revision'] = 'v0.10.2' +node.default['c-lightning']['revision'] = 'v23.11' node.default['c-lightning']['source_dir'] = '/opt/c-lightning' node.default['c-lightning']['lightning_dir'] = "/home/#{node['bitcoin']['username']}/.lightning" node.default['c-lightning']['alias'] = 'ln3.kosmos.org' @@ -40,7 +40,7 @@ node.default['c-lightning']['log_level'] = 'info' node.default['c-lightning']['public_ip'] = '148.251.237.73' node.default['lnd']['repo'] = 'https://github.com/lightningnetwork/lnd' -node.default['lnd']['revision'] = 'v0.16.4-beta' +node.default['lnd']['revision'] = 'v0.17.3-beta' node.default['lnd']['source_dir'] = '/opt/lnd' node.default['lnd']['lnd_dir'] = "/home/#{node['bitcoin']['username']}/.lnd" node.default['lnd']['alias'] = 'ln2.kosmos.org' @@ -59,7 +59,7 @@ node.default['lnd']['tor'] = { } node.default['boltz']['repo'] = 'https://github.com/BoltzExchange/boltz-lnd.git' -node.default['boltz']['revision'] = 'v1.2.6' +node.default['boltz']['revision'] = 'v1.2.7' node.default['boltz']['source_dir'] = '/opt/boltz' node.default['boltz']['boltz_dir'] = "/home/#{node['bitcoin']['username']}/.boltz-lnd" node.default['boltz']['grpc_host'] = '127.0.0.1' @@ -70,7 +70,7 @@ node.default['boltz']['rest_port'] = '9003' node.default['boltz']['no_macaroons'] = 'false' node.default['rtl']['repo'] = 'https://github.com/Ride-The-Lightning/RTL.git' -node.default['rtl']['revision'] = 'v0.12.1' +node.default['rtl']['revision'] = 'v0.15.0' node.default['rtl']['host'] = '10.1.1.163' node.default['rtl']['port'] = '3000' @@ -98,7 +98,7 @@ node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/ node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991" node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer' -node.default['nbxplorer']['revision'] = 'v2.3.66' +node.default['nbxplorer']['revision'] = 'v2.4.3' node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer' node.default['nbxplorer']['config_path'] = "/home/#{node['bitcoin']['username']}/.nbxplorer/Main/settings.config" node.default['nbxplorer']['port'] = '24445' @@ -106,7 +106,7 @@ node.default['nbxplorer']['postgres']['database'] = 'nbxplorer' node.default['nbxplorer']['postgres']['user'] = 'nbxplorer' node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver' -node.default['btcpay']['revision'] = 'v1.11.6' +node.default['btcpay']['revision'] = 'v1.11.7' node.default['btcpay']['source_dir'] = '/opt/btcpay' node.default['btcpay']['config_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/Main/settings.config" node.default['btcpay']['log_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/debug.log" diff --git a/site-cookbooks/kosmos-bitcoin/recipes/dotnet.rb b/site-cookbooks/kosmos-bitcoin/recipes/dotnet.rb index d2478d0..d2d4f30 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/dotnet.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/dotnet.rb @@ -30,4 +30,4 @@ execute 'apt_update' do action :nothing end -apt_package 'dotnet-sdk-7.0' +apt_package 'dotnet-sdk-8.0' diff --git a/site-cookbooks/kosmos-bitcoin/recipes/rtl.rb b/site-cookbooks/kosmos-bitcoin/recipes/rtl.rb index a0592b4..42103d3 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/rtl.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/rtl.rb @@ -3,6 +3,7 @@ # Recipe:: rtl # +node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_18.x" include_recipe 'kosmos-nodejs' app_name = "rtl" From 404f492e6e6d8850eacf3f2f296e6fc8f0514faa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 14 Dec 2023 18:14:37 +0100 Subject: [PATCH 32/95] Update node info --- nodes/bitcoin-2.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodes/bitcoin-2.json b/nodes/bitcoin-2.json index 7891613..38c758f 100644 --- a/nodes/bitcoin-2.json +++ b/nodes/bitcoin-2.json @@ -8,7 +8,7 @@ "automatic": { "fqdn": "bitcoin-2", "os": "linux", - "os_version": "5.4.0-131-generic", + "os_version": "5.4.0-163-generic", "hostname": "bitcoin-2", "ipaddress": "192.168.122.148", "roles": [ From 295d95c0484827d4add83978913e89854a890a81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sat, 16 Dec 2023 11:49:35 +0100 Subject: [PATCH 33/95] Upgrade Gitea to 1.21.1 --- site-cookbooks/kosmos_gitea/attributes/default.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos_gitea/attributes/default.rb b/site-cookbooks/kosmos_gitea/attributes/default.rb index bfc5865..44026dc 100644 --- a/site-cookbooks/kosmos_gitea/attributes/default.rb +++ b/site-cookbooks/kosmos_gitea/attributes/default.rb @@ -1,7 +1,7 @@ -gitea_version = "1.20.5" +gitea_version = "1.21.1" node.default["gitea"]["version"] = gitea_version node.default["gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64" -node.default["gitea"]["binary_checksum"] = "ae8d21f36098a62272fcfa67ecbb567d0ba6cf5aecaaab29a6b98a407d435bdf" +node.default["gitea"]["binary_checksum"] = "586b1b0df6940e847600625850ee7d766f103dc3341c1b4abfc269db57c5d826" node.default["gitea"]["working_directory"] = "/var/lib/gitea" node.default["gitea"]["port"] = 3000 node.default["gitea"]["postgresql_host"] = "localhost:5432" From 6e3fb80565663ef6346c9c568623e09e0363ba7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sat, 16 Dec 2023 19:23:09 +0100 Subject: [PATCH 34/95] Upgrade CLN --- site-cookbooks/kosmos-bitcoin/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index 6cc9a4e..d61a02a 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -31,7 +31,7 @@ node.default['bitcoin']['conf'] = { node.default['bitcoin']['tor_enabled'] = true node.default['c-lightning']['repo'] = 'https://github.com/ElementsProject/lightning' -node.default['c-lightning']['revision'] = 'v23.11' +node.default['c-lightning']['revision'] = 'v23.11.1' node.default['c-lightning']['source_dir'] = '/opt/c-lightning' node.default['c-lightning']['lightning_dir'] = "/home/#{node['bitcoin']['username']}/.lightning" node.default['c-lightning']['alias'] = 'ln3.kosmos.org' From 1576a8e731114e22dd6192ba63024778fff56941 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 17 Dec 2023 15:20:11 +0100 Subject: [PATCH 35/95] Set up coturn, switch from ejabberd in production https://github.com/coturn/coturn --- nodes/fornax.kosmos.org.json | 6 +- roles/openresty_proxy.rb | 1 - roles/turn_server.rb | 5 + .../kosmos-ejabberd/attributes/default.rb | 3 +- .../kosmos-ejabberd/recipes/coturn.rb | 38 + .../kosmos-ejabberd/recipes/default.rb | 2 +- .../templates/ejabberd.yml.erb | 10 - .../templates/turnserver.conf.erb | 708 ++++++++++++++++++ 8 files changed, 758 insertions(+), 15 deletions(-) create mode 100644 roles/turn_server.rb create mode 100644 site-cookbooks/kosmos-ejabberd/recipes/coturn.rb create mode 100644 site-cookbooks/kosmos-ejabberd/templates/turnserver.conf.erb diff --git a/nodes/fornax.kosmos.org.json b/nodes/fornax.kosmos.org.json index d304aa5..87e19be 100644 --- a/nodes/fornax.kosmos.org.json +++ b/nodes/fornax.kosmos.org.json @@ -24,7 +24,8 @@ "openresty", "garage_gateway", "tor_proxy", - "zerotier_controller" + "zerotier_controller", + "turn_server" ], "recipes": [ "kosmos-base", @@ -40,7 +41,6 @@ "kosmos_assets::nginx_site", "kosmos_discourse::nginx", "kosmos_drone::nginx", - "kosmos-ejabberd::nginx", "kosmos_garage::nginx_web", "kosmos_garage::nginx_s3", "kosmos_gitea::nginx", @@ -63,6 +63,7 @@ "kosmos_zerotier::controller", "kosmos_zerotier::firewall", "kosmos_zerotier::zncui", + "kosmos-ejabberd::coturn", "kosmos-ejabberd::firewall", "kosmos-ipfs::firewall_swarm", "sockethub::firewall", @@ -115,6 +116,7 @@ "role[kvm_host]", "role[openresty_proxy]", "role[zerotier_controller]", + "role[turn_server]", "recipe[kosmos-ejabberd::firewall]", "recipe[kosmos-ipfs::firewall_swarm]", "recipe[kosmos_zerotier::firewall]", diff --git a/roles/openresty_proxy.rb b/roles/openresty_proxy.rb index 2ecd45e..6a3e59d 100644 --- a/roles/openresty_proxy.rb +++ b/roles/openresty_proxy.rb @@ -21,7 +21,6 @@ production_run_list = %w( kosmos_assets::nginx_site kosmos_discourse::nginx kosmos_drone::nginx - kosmos-ejabberd::nginx kosmos_garage::nginx_web kosmos_garage::nginx_s3 kosmos_gitea::nginx diff --git a/roles/turn_server.rb b/roles/turn_server.rb new file mode 100644 index 0000000..34fab22 --- /dev/null +++ b/roles/turn_server.rb @@ -0,0 +1,5 @@ +name "turn_server" + +run_list %w( + kosmos-ejabberd::coturn +) diff --git a/site-cookbooks/kosmos-ejabberd/attributes/default.rb b/site-cookbooks/kosmos-ejabberd/attributes/default.rb index a603fee..7128363 100644 --- a/site-cookbooks/kosmos-ejabberd/attributes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/attributes/default.rb @@ -1,7 +1,8 @@ node.default["ejabberd"]["version"] = "23.10" node.default["ejabberd"]["package_version"] = "1" node.default["ejabberd"]["checksum"] = "1b02108c81e22ab28be84630d54061f0584b76d5c2702e598352269736b05e77" -node.default["ejabberd"]["turn_ip_address"] = nil +node.default["ejabberd"]["stun_auth_realm"] = "kosmos.org" node.default["ejabberd"]["stun_turn_port"] = 3478 node.default["ejabberd"]["turn_min_port"] = 50000 node.default["ejabberd"]["turn_max_port"] = 50050 +node.default["ejabberd"]["turn_ip_address"] = nil diff --git a/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb b/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb new file mode 100644 index 0000000..b7ee512 --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb @@ -0,0 +1,38 @@ +# +# Cookbook:: kosmos-ejabberd +# Recipe:: coturn +# + +apt_package 'coturn' + +credentials = data_bag_item("credentials", "ejabberd") + +template "/etc/turnserver.conf" do + source "turnserver.conf.erb" + mode 0644 + variables listening_port: node["ejabberd"]["stun_turn_port"], + tls_listening_port: node["ejabberd"]["stun_turn_port"], + listening_ip: node["ejabberd"]["turn_ip_address"], + relay_ip: node["ejabberd"]["turn_ip_address"], + min_port: node["ejabberd"]["turn_min_port"], + max_port: node["ejabberd"]["turn_max_port"], + static_auth_secret: credentials["stun_secret"], + realm: node["ejabberd"]["stun_auth_realm"] + notifies :restart, "service[coturn]", :delayed +end + +firewall_rule 'ejabberd_stun_turn' do + port node["ejabberd"]["stun_turn_port"] + protocol :udp + command :allow +end + +firewall_rule 'ejabberd_turn' do + port node["ejabberd"]["turn_min_port"]..node["ejabberd"]["turn_max_port"] + protocol :udp + command :allow +end + +service "coturn" do + action [:enable, :start] +end diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb index 1ab71ae..a34a7f7 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb @@ -183,7 +183,7 @@ template "/opt/ejabberd/conf/ejabberd.yml" do sensitive true variables hosts: hosts, admin_users: admin_users, - stun_auth_realm: "kosmos.org", + stun_auth_realm: node["ejabberd"]["stun_auth_realm"], stun_secret: ejabberd_credentials['stun_secret'], turn_ip_address: node["ejabberd"]["turn_ip_address"], stun_turn_port: node["ejabberd"]["stun_turn_port"], diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb index 4d44c30..79bd591 100644 --- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb +++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb @@ -87,16 +87,6 @@ listen: ## "/pub/archive": mod_http_fileserver ## register: true captcha: false - - - port: <%= @stun_turn_port %> - transport: udp - module: ejabberd_stun - auth_realm: <%= @stun_auth_realm %> - use_turn: true - tls: false - turn_ipv4_address: <%= @turn_ip_address %> - turn_min_port: <%= @turn_min_port %> - turn_max_port: <%= @turn_max_port %> s2s_use_starttls: optional diff --git a/site-cookbooks/kosmos-ejabberd/templates/turnserver.conf.erb b/site-cookbooks/kosmos-ejabberd/templates/turnserver.conf.erb new file mode 100644 index 0000000..257684d --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/templates/turnserver.conf.erb @@ -0,0 +1,708 @@ +# Coturn TURN SERVER configuration file +# +# Boolean values note: where boolean value is supposed to be used, +# you can use '0', 'off', 'no', 'false', 'f' as 'false, +# and you can use '1', 'on', 'yes', 'true', 't' as 'true' +# If the value is missed, then it means 'true'. +# + +# Listener interface device (optional, Linux only). +# NOT RECOMMENDED. +# +#listening-device=eth0 + +# TURN listener port for UDP and TCP (Default: 3478). +# Note: actually, TLS & DTLS sessions can connect to the +# "plain" TCP & UDP port(s), too - if allowed by configuration. +# +listening-port=<%= @listening_port %> + +# TURN listener port for TLS (Default: 5349). +# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS +# port(s), too - if allowed by configuration. The TURN server +# "automatically" recognizes the type of traffic. Actually, two listening +# endpoints (the "plain" one and the "tls" one) are equivalent in terms of +# functionality; but we keep both endpoints to satisfy the RFC 5766 specs. +# For secure TCP connections, we currently support SSL version 3 and +# TLS version 1.0, 1.1 and 1.2. +# For secure UDP connections, we support DTLS version 1. +# +tls-listening-port=<%= @tls_listening_port %> + +# Alternative listening port for UDP and TCP listeners; +# default (or zero) value means "listening port plus one". +# This is needed for RFC 5780 support +# (STUN extension specs, NAT behavior discovery). The TURN Server +# supports RFC 5780 only if it is started with more than one +# listening IP address of the same family (IPv4 or IPv6). +# RFC 5780 is supported only by UDP protocol, other protocols +# are listening to that endpoint only for "symmetry". +# +#alt-listening-port=0 + +# Alternative listening port for TLS and DTLS protocols. +# Default (or zero) value means "TLS listening port plus one". +# +#alt-tls-listening-port=0 + +# Listener IP address of relay server. Multiple listeners can be specified. +# If no IP(s) specified in the config file or in the command line options, +# then all IPv4 and IPv6 system IPs will be used for listening. +# +listening-ip=<%= @listening_ip %> +#listening-ip=10.207.21.238 +#listening-ip=2607:f0d0:1002:51::4 + +# Auxiliary STUN/TURN server listening endpoint. +# Aux servers have almost full TURN and STUN functionality. +# The (minor) limitations are: +# +# 1) Auxiliary servers do not have alternative ports and +# they do not support STUN RFC 5780 functionality (CHANGE REQUEST). +# +# 2) Auxiliary servers also are never returning ALTERNATIVE-SERVER reply. +# +# Valid formats are 1.2.3.4:5555 for IPv4 and [1:2::3:4]:5555 for IPv6. +# +# There may be multiple aux-server options, each will be used for listening +# to client requests. +# +#aux-server=172.17.19.110:33478 +#aux-server=[2607:f0d0:1002:51::4]:33478 + +# (recommended for older Linuxes only) +# Automatically balance UDP traffic over auxiliary servers (if configured). +# The load balancing is using the ALTERNATE-SERVER mechanism. +# The TURN client must support 300 ALTERNATE-SERVER response for this +# functionality. +# +#udp-self-balance + +# Relay interface device for relay sockets (optional, Linux only). +# NOT RECOMMENDED. +# +#relay-device=eth1 + +# Relay address (the local IP address that will be used to relay the +# packets to the peer). +# Multiple relay addresses may be used. +# The same IP(s) can be used as both listening IP(s) and relay IP(s). +# +# If no relay IP(s) specified, then the turnserver will apply the default +# policy: it will decide itself which relay addresses to be used, and it +# will always be using the client socket IP address as the relay IP address +# of the TURN session (if the requested relay address family is the same +# as the family of the client socket). +# +relay-ip=<%= @relay_ip %> +#relay-ip=2607:f0d0:1002:51::5 + +# For Amazon EC2 users: +# +# TURN Server public/private address mapping, if the server is behind NAT. +# In that situation, if a -X is used in form "-X " then that ip will be reported +# as relay IP address of all allocations. This scenario works only in a simple case +# when one single relay address is be used, and no RFC5780 functionality is required. +# That single relay address must be mapped by NAT to the 'external' IP. +# The "external-ip" value, if not empty, is returned in XOR-RELAYED-ADDRESS field. +# For that 'external' IP, NAT must forward ports directly (relayed port 12345 +# must be always mapped to the same 'external' port 12345). +# +# In more complex case when more than one IP address is involved, +# that option must be used several times, each entry must +# have form "-X ", to map all involved addresses. +# RFC5780 NAT discovery STUN functionality will work correctly, +# if the addresses are mapped properly, even when the TURN server itself +# is behind A NAT. +# +# By default, this value is empty, and no address mapping is used. +# +#external-ip=60.70.80.91 +# +#OR: +# +#external-ip=60.70.80.91/172.17.19.101 +#external-ip=60.70.80.92/172.17.19.102 + + +# Number of the relay threads to handle the established connections +# (in addition to authentication thread and the listener thread). +# If explicitly set to 0 then application runs relay process in a +# single thread, in the same thread with the listener process +# (the authentication thread will still be a separate thread). +# +# If this parameter is not set, then the default OS-dependent +# thread pattern algorithm will be employed. Usually the default +# algorithm is the most optimal, so you have to change this option +# only if you want to make some fine tweaks. +# +# In the older systems (Linux kernel before 3.9), +# the number of UDP threads is always one thread per network listening +# endpoint - including the auxiliary endpoints - unless 0 (zero) or +# 1 (one) value is set. +# +#relay-threads=0 + +# Lower and upper bounds of the UDP relay endpoints: +# (default values are 49152 and 65535) +# +min-port=<%= @min_port %> +max-port=<%= @max_port %> + +# Uncomment to run TURN server in 'normal' 'moderate' verbose mode. +# By default the verbose mode is off. +verbose + +# Uncomment to run TURN server in 'extra' verbose mode. +# This mode is very annoying and produces lots of output. +# Not recommended under any normal circumstances. +# +#Verbose + +# Uncomment to use fingerprints in the TURN messages. +# By default the fingerprints are off. +# +#fingerprint + +# Uncomment to use long-term credential mechanism. +# By default no credentials mechanism is used (any user allowed). +# +#lt-cred-mech + +# This option is opposite to lt-cred-mech. +# (TURN Server with no-auth option allows anonymous access). +# If neither option is defined, and no users are defined, +# then no-auth is default. If at least one user is defined, +# in this file or in command line or in usersdb file, then +# lt-cred-mech is default. +# +#no-auth + +# TURN REST API flag. +# (Time Limited Long Term Credential) +# Flag that sets a special authorization option that is based upon authentication secret. +# +# This feature's purpose is to support "TURN Server REST API", see +# "TURN REST API" link in the project's page +# https://github.com/coturn/coturn/ +# +# This option is used with timestamp: +# +# usercombo -> "timestamp:userid" +# turn user -> usercombo +# turn password -> base64(hmac(secret key, usercombo)) +# +# This allows TURN credentials to be accounted for a specific user id. +# If you don't have a suitable id, the timestamp alone can be used. +# This option is just turning on secret-based authentication. +# The actual value of the secret is defined either by option static-auth-secret, +# or can be found in the turn_secret table in the database (see below). +# +# Read more about it: +# - https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 +# - https://www.ietf.org/proceedings/87/slides/slides-87-behave-10.pdf +# +# Be aware that use-auth-secret overrides some part of lt-cred-mech. +# Notice that this feature depends internally on lt-cred-mech, so if you set +# use-auth-secret then it enables internally automatically lt-cred-mech option +# like if you enable both. +# +# You can use only one of the to auth mechanisms in the same time because, +# both mechanism use the username and password validation in different way. +# +# This way be aware that you can't use both auth mechnaism in the same time! +# Use in config either the lt-cred-mech or the use-auth-secret +# to avoid any confusion. +# +use-auth-secret + +# 'Static' authentication secret value (a string) for TURN REST API only. +# If not set, then the turn server +# will try to use the 'dynamic' value in turn_secret table +# in user database (if present). The database-stored value can be changed on-the-fly +# by a separate program, so this is why that other mode is 'dynamic'. +# +static-auth-secret=<%= @static_auth_secret %> + +# Server name used for +# the oAuth authentication purposes. +# The default value is the realm name. +# +#server-name=blackdow.carleon.gov + +# Flag that allows oAuth authentication. +# +#oauth + +# 'Static' user accounts for long term credentials mechanism, only. +# This option cannot be used with TURN REST API. +# 'Static' user accounts are NOT dynamically checked by the turnserver process, +# so that they can NOT be changed while the turnserver is running. +# +#user=username1:key1 +#user=username2:key2 +# OR: +#user=username1:password1 +#user=username2:password2 +# +# Keys must be generated by turnadmin utility. The key value depends +# on user name, realm, and password: +# +# Example: +# $ turnadmin -k -u ninefingers -r north.gov -p youhavetoberealistic +# Output: 0xbc807ee29df3c9ffa736523fb2c4e8ee +# ('0x' in the beginning of the key is what differentiates the key from +# password. If it has 0x then it is a key, otherwise it is a password). +# +# The corresponding user account entry in the config file will be: +# +#user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee +# Or, equivalently, with open clear password (less secure): +#user=ninefingers:youhavetoberealistic +# + +# SQLite database file name. +# +# Default file name is /var/db/turndb or /usr/local/var/db/turndb or +# /var/lib/turn/turndb. +# +#userdb=/var/db/turndb + +# PostgreSQL database connection string in the case that we are using PostgreSQL +# as the user database. +# This database can be used for long-term credential mechanism +# and it can store the secret value for secret-based timed authentication in TURN RESP API. +# See http://www.postgresql.org/docs/8.4/static/libpq-connect.html for 8.x PostgreSQL +# versions connection string format, see +# http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING +# for 9.x and newer connection string formats. +# +#psql-userdb="host= dbname= user= password= connect_timeout=30" + +# MySQL database connection string in the case that we are using MySQL +# as the user database. +# This database can be used for long-term credential mechanism +# and it can store the secret value for secret-based timed authentication in TURN RESP API. +# +# Optional connection string parameters for the secure communications (SSL): +# ca, capath, cert, key, cipher +# (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the +# command options description). +# +# Use string format as below (space separated parameters, all optional): +# +#mysql-userdb="host= dbname= user= password= port= connect_timeout= read_timeout=" + +# If you want to use in the MySQL connection string the password in encrypted format, +# then set in this option the MySQL password encryption secret key file. +# +# Warning: If this option is set, then mysql password must be set in "mysql-userdb" in encrypted format! +# If you want to use cleartext password then do not set this option! +# +# This is the file path which contain secret key of aes encryption while using password encryption. +# +#secret-key-file=/path/ + +# MongoDB database connection string in the case that we are using MongoDB +# as the user database. +# This database can be used for long-term credential mechanism +# and it can store the secret value for secret-based timed authentication in TURN RESP API. +# Use string format is described at http://hergert.me/docs/mongo-c-driver/mongoc_uri.html +# +#mongo-userdb="mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]" + +# Redis database connection string in the case that we are using Redis +# as the user database. +# This database can be used for long-term credential mechanism +# and it can store the secret value for secret-based timed authentication in TURN RESP API. +# Use string format as below (space separated parameters, all optional): +# +#redis-userdb="ip= dbname= password= port= connect_timeout=" + +# Redis status and statistics database connection string, if used (default - empty, no Redis stats DB used). +# This database keeps allocations status information, and it can be also used for publishing +# and delivering traffic and allocation event notifications. +# The connection string has the same parameters as redis-userdb connection string. +# Use string format as below (space separated parameters, all optional): +# +#redis-statsdb="ip= dbname= password= port= connect_timeout=" + +# The default realm to be used for the users when no explicit +# origin/realm relationship was found in the database, or if the TURN +# server is not using any database (just the commands-line settings +# and the userdb file). Must be used with long-term credentials +# mechanism or with TURN REST API. +# +# Note: If default realm is not specified at all, then realm falls back to the host domain name. +# If domain name is empty string, or '(None)', then it is initialized to am empty string. +# +realm=<%= @realm %> + +# The flag that sets the origin consistency +# check: across the session, all requests must have the same +# main ORIGIN attribute value (if the ORIGIN was +# initially used by the session). +# +#check-origin-consistency + +# Per-user allocation quota. +# default value is 0 (no quota, unlimited number of sessions per user). +# This option can also be set through the database, for a particular realm. +# +#user-quota=0 + +# Total allocation quota. +# default value is 0 (no quota). +# This option can also be set through the database, for a particular realm. +# +#total-quota=0 + +# Max bytes-per-second bandwidth a TURN session is allowed to handle +# (input and output network streams are treated separately). Anything above +# that limit will be dropped or temporary suppressed (within +# the available buffer limits). +# This option can also be set through the database, for a particular realm. +# +#max-bps=0 + +# +# Maximum server capacity. +# Total bytes-per-second bandwidth the TURN server is allowed to allocate +# for the sessions, combined (input and output network streams are treated separately). +# +# bps-capacity=0 + +# Uncomment if no UDP client listener is desired. +# By default UDP client listener is always started. +# +#no-udp + +# Uncomment if no TCP client listener is desired. +# By default TCP client listener is always started. +# +#no-tcp + +# Uncomment if no TLS client listener is desired. +# By default TLS client listener is always started. +# +#no-tls + +# Uncomment if no DTLS client listener is desired. +# By default DTLS client listener is always started. +# +#no-dtls + +# Uncomment if no UDP relay endpoints are allowed. +# By default UDP relay endpoints are enabled (like in RFC 5766). +# +#no-udp-relay + +# Uncomment if no TCP relay endpoints are allowed. +# By default TCP relay endpoints are enabled (like in RFC 6062). +# +#no-tcp-relay + +# Uncomment if extra security is desired, +# with nonce value having limited lifetime. +# By default, the nonce value is unique for a session, +# and has unlimited lifetime. +# Set this option to limit the nonce lifetime. +# It defaults to 600 secs (10 min) if no value is provided. After that delay, +# the client will get 438 error and will have to re-authenticate itself. +# +#stale-nonce=600 + +# Uncomment if you want to set the maximum allocation +# time before it has to be refreshed. +# Default is 3600s. +# +#max-allocate-lifetime=3600 + + +# Uncomment to set the lifetime for the channel. +# Default value is 600 secs (10 minutes). +# This value MUST not be changed for production purposes. +# +#channel-lifetime=600 + +# Uncomment to set the permission lifetime. +# Default to 300 secs (5 minutes). +# In production this value MUST not be changed, +# however it can be useful for test purposes. +# +#permission-lifetime=300 + +# Certificate file. +# Use an absolute path or path relative to the +# configuration file. +# +#cert=/usr/local/etc/turn_server_cert.pem + +# Private key file. +# Use an absolute path or path relative to the +# configuration file. +# Use PEM file format. +# +#pkey=/usr/local/etc/turn_server_pkey.pem + +# Private key file password, if it is in encoded format. +# This option has no default value. +# +#pkey-pwd=... + +# Allowed OpenSSL cipher list for TLS/DTLS connections. +# Default value is "DEFAULT". +# +#cipher-list="DEFAULT" + +# CA file in OpenSSL format. +# Forces TURN server to verify the client SSL certificates. +# By default it is not set: there is no default value and the client +# certificate is not checked. +# +# Example: +#CA-file=/etc/ssh/id_rsa.cert + +# Curve name for EC ciphers, if supported by OpenSSL +# library (TLS and DTLS). The default value is prime256v1, +# if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+, +# an optimal curve will be automatically calculated, if not defined +# by this option. +# +#ec-curve-name=prime256v1 + +# Use 566 bits predefined DH TLS key. Default size of the key is 1066. +# +#dh566 + +# Use 2066 bits predefined DH TLS key. Default size of the key is 1066. +# +#dh2066 + +# Use custom DH TLS key, stored in PEM format in the file. +# Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file. +# +#dh-file= + +# Flag to prevent stdout log messages. +# By default, all log messages are going to both stdout and to +# the configured log file. With this option everything will be +# going to the configured log only (unless the log file itself is stdout). +# +#no-stdout-log + +# Option to set the log file name. +# By default, the turnserver tries to open a log file in +# /var/log, /var/tmp, /tmp and current directories directories +# (which open operation succeeds first that file will be used). +# With this option you can set the definite log file name. +# The special names are "stdout" and "-" - they will force everything +# to the stdout. Also, the "syslog" name will force everything to +# the system log (syslog). +# In the runtime, the logfile can be reset with the SIGHUP signal +# to the turnserver process. +# +#log-file=/var/tmp/turn.log + +# Option to redirect all log output into system log (syslog). +# +syslog + +# This flag means that no log file rollover will be used, and the log file +# name will be constructed as-is, without PID and date appendage. +# This option can be used, for example, together with the logrotate tool. +# +#simple-log + +# Option to set the "redirection" mode. The value of this option +# will be the address of the alternate server for UDP & TCP service in form of +# [:]. The server will send this value in the attribute +# ALTERNATE-SERVER, with error 300, on ALLOCATE request, to the client. +# Client will receive only values with the same address family +# as the client network endpoint address family. +# See RFC 5389 and RFC 5766 for ALTERNATE-SERVER functionality description. +# The client must use the obtained value for subsequent TURN communications. +# If more than one --alternate-server options are provided, then the functionality +# can be more accurately described as "load-balancing" than a mere "redirection". +# If the port number is omitted, then the default port +# number 3478 for the UDP/TCP protocols will be used. +# Colon (:) characters in IPv6 addresses may conflict with the syntax of +# the option. To alleviate this conflict, literal IPv6 addresses are enclosed +# in square brackets in such resource identifiers, for example: +# [2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 . +# Multiple alternate servers can be set. They will be used in the +# round-robin manner. All servers in the pool are considered of equal weight and +# the load will be distributed equally. For example, if we have 4 alternate servers, +# then each server will receive 25% of ALLOCATE requests. A alternate TURN server +# address can be used more than one time with the alternate-server option, so this +# can emulate "weighting" of the servers. +# +# Examples: +#alternate-server=1.2.3.4:5678 +#alternate-server=11.22.33.44:56789 +#alternate-server=5.6.7.8 +#alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 + +# Option to set alternative server for TLS & DTLS services in form of +# :. If the port number is omitted, then the default port +# number 5349 for the TLS/DTLS protocols will be used. See the previous +# option for the functionality description. +# +# Examples: +#tls-alternate-server=1.2.3.4:5678 +#tls-alternate-server=11.22.33.44:56789 +#tls-alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 + +# Option to suppress TURN functionality, only STUN requests will be processed. +# Run as STUN server only, all TURN requests will be ignored. +# By default, this option is NOT set. +# +#stun-only + +# Option to suppress STUN functionality, only TURN requests will be processed. +# Run as TURN server only, all STUN requests will be ignored. +# By default, this option is NOT set. +# +#no-stun + +# This is the timestamp/username separator symbol (character) in TURN REST API. +# The default value is ':'. +# rest-api-separator=: + +# Flag that can be used to allow peers on the loopback addresses (127.x.x.x and ::1). +# This is an extra security measure. +# +# (To avoid any security issue that allowing loopback access may raise, +# the no-loopback-peers option is replaced by allow-loopback-peers.) +# +# Allow it only for testing in a development environment! +# In production it adds a possible security vulnerability, so for security reasons +# it is not allowed using it together with empty cli-password. +# +#allow-loopback-peers + +# Flag that can be used to disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*). +# This is an extra security measure. +# +#no-multicast-peers + +# Option to set the max time, in seconds, allowed for full allocation establishment. +# Default is 60 seconds. +# +#max-allocate-timeout=60 + +# Option to allow or ban specific ip addresses or ranges of ip addresses. +# If an ip address is specified as both allowed and denied, then the ip address is +# considered to be allowed. This is useful when you wish to ban a range of ip +# addresses, except for a few specific ips within that range. +# +# This can be used when you do not want users of the turn server to be able to access +# machines reachable by the turn server, but would otherwise be unreachable from the +# internet (e.g. when the turn server is sitting behind a NAT) +# +# Examples: +# denied-peer-ip=83.166.64.0-83.166.95.255 +# allowed-peer-ip=83.166.68.45 + +# File name to store the pid of the process. +# Default is /var/run/turnserver.pid (if superuser account is used) or +# /var/tmp/turnserver.pid . +# +#pidfile="/var/run/turnserver.pid" + +# Require authentication of the STUN Binding request. +# By default, the clients are allowed anonymous access to the STUN Binding functionality. +# +#secure-stun + +# Mobility with ICE (MICE) specs support. +# +#mobility + +# Allocate Address Family according +# If enabled then TURN server allocates address family according the TURN +# Client <=> Server communication address family. +# (By default coTURN works according RFC 6156.) +# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!! +# +#keep-address-family + + +# User name to run the process. After the initialization, the turnserver process +# will make an attempt to change the current user ID to that user. +# +#proc-user= + +# Group name to run the process. After the initialization, the turnserver process +# will make an attempt to change the current group ID to that group. +# +#proc-group= + +# Turn OFF the CLI support. +# By default it is always ON. +# See also options cli-ip and cli-port. +# +#no-cli + +#Local system IP address to be used for CLI server endpoint. Default value +# is 127.0.0.1. +# +#cli-ip=127.0.0.1 + +# CLI server port. Default is 5766. +# +#cli-port=5766 + +# CLI access password. Default is empty (no password). +# For the security reasons, it is recommended to use the encrypted +# for of the password (see the -P command in the turnadmin utility). +# +# Secure form for password 'qwerty': +# +#cli-password=$5$79a316b350311570$81df9cfb9af7f5e5a76eada31e7097b663a0670f99a3c07ded3f1c8e59c5658a +# +# Or unsecure form for the same password: +# +#cli-password=qwerty + +# Enable Web-admin support on https. By default it is Disabled. +# If it is enabled it also enables a http a simple static banner page +# with a small reminder that the admin page is available only on https. +# +#web-admin + +# Local system IP address to be used for Web-admin server endpoint. Default value is 127.0.0.1. +# +#web-admin-ip=127.0.0.1 + +# Web-admin server port. Default is 8080. +# +#web-admin-port=8080 + +# Web-admin server listen on STUN/TURN worker threads +# By default it is disabled for security resons! (Not recommended in any production environment!) +# +#web-admin-listen-on-workers + +# Server relay. NON-STANDARD AND DANGEROUS OPTION. +# Only for those applications when we want to run +# server applications on the relay endpoints. +# This option eliminates the IP permissions check on +# the packets incoming to the relay endpoints. +# +#server-relay + +# Maximum number of output sessions in ps CLI command. +# This value can be changed on-the-fly in CLI. The default value is 256. +# +#cli-max-output-sessions + +# Set network engine type for the process (for internal purposes). +# +#ne=[1|2|3] + +# Do not allow an TLS/DTLS version of protocol +# +#no-tlsv1 +#no-tlsv1_1 +#no-tlsv1_2 From ca3f06f831413bc2527c84282138adb2f09f8a78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 17 Dec 2023 17:05:06 +0100 Subject: [PATCH 36/95] Increase size of port range for TURN --- site-cookbooks/kosmos-ejabberd/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-ejabberd/attributes/default.rb b/site-cookbooks/kosmos-ejabberd/attributes/default.rb index 7128363..b428b7e 100644 --- a/site-cookbooks/kosmos-ejabberd/attributes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/attributes/default.rb @@ -4,5 +4,5 @@ node.default["ejabberd"]["checksum"] = "1b02108c81e22ab28be84630d54061f0584b76d5 node.default["ejabberd"]["stun_auth_realm"] = "kosmos.org" node.default["ejabberd"]["stun_turn_port"] = 3478 node.default["ejabberd"]["turn_min_port"] = 50000 -node.default["ejabberd"]["turn_max_port"] = 50050 +node.default["ejabberd"]["turn_max_port"] = 50999 node.default["ejabberd"]["turn_ip_address"] = nil From 8a97ebf4f80e46913c20c34a951b84f5fe0e0789 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 17 Dec 2023 17:57:49 +0100 Subject: [PATCH 37/95] Use domain instead of IP, add TLS endpoints --- environments/production.json | 2 +- .../kosmos-ejabberd/attributes/default.rb | 4 ++-- .../kosmos-ejabberd/recipes/coturn.rb | 22 +++++++++++++++---- .../kosmos-ejabberd/recipes/default.rb | 3 ++- .../templates/ejabberd.yml.erb | 16 ++++++++++++-- .../templates/turnserver.conf.erb | 6 ++--- 6 files changed, 40 insertions(+), 13 deletions(-) diff --git a/environments/production.json b/environments/production.json index cdc5ada..bb9c577 100644 --- a/environments/production.json +++ b/environments/production.json @@ -17,7 +17,7 @@ "public_url": "https://drone.kosmos.org" }, "ejabberd": { - "turn_ip_address": "148.251.83.201" + "turn_domain": "turn.kosmos.org" }, "garage": { "replication_mode": "2", diff --git a/site-cookbooks/kosmos-ejabberd/attributes/default.rb b/site-cookbooks/kosmos-ejabberd/attributes/default.rb index b428b7e..a0930f4 100644 --- a/site-cookbooks/kosmos-ejabberd/attributes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/attributes/default.rb @@ -1,8 +1,8 @@ node.default["ejabberd"]["version"] = "23.10" node.default["ejabberd"]["package_version"] = "1" node.default["ejabberd"]["checksum"] = "1b02108c81e22ab28be84630d54061f0584b76d5c2702e598352269736b05e77" -node.default["ejabberd"]["stun_auth_realm"] = "kosmos.org" +node.default["ejabberd"]["turn_domain"] = "turn.kosmos.org" node.default["ejabberd"]["stun_turn_port"] = 3478 +node.default["ejabberd"]["stun_turn_port_tls"] = 5349 node.default["ejabberd"]["turn_min_port"] = 50000 node.default["ejabberd"]["turn_max_port"] = 50999 -node.default["ejabberd"]["turn_ip_address"] = nil diff --git a/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb b/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb index b7ee512..a9b581b 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb @@ -5,19 +5,27 @@ apt_package 'coturn' +domain = node["ejabberd"]["turn_domain"] credentials = data_bag_item("credentials", "ejabberd") +tls_cert_for domain do + auth "gandi_dns" + action :create +end + template "/etc/turnserver.conf" do source "turnserver.conf.erb" mode 0644 variables listening_port: node["ejabberd"]["stun_turn_port"], - tls_listening_port: node["ejabberd"]["stun_turn_port"], - listening_ip: node["ejabberd"]["turn_ip_address"], - relay_ip: node["ejabberd"]["turn_ip_address"], + tls_listening_port: node["ejabberd"]["stun_turn_port_tls"], + listening_ip: node["ipaddress"], + relay_ip: node["ipaddress"], min_port: node["ejabberd"]["turn_min_port"], max_port: node["ejabberd"]["turn_max_port"], static_auth_secret: credentials["stun_secret"], - realm: node["ejabberd"]["stun_auth_realm"] + realm: domain, + cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", + pkey: "/etc/letsencrypt/live/#{domain}/privkey.pem" notifies :restart, "service[coturn]", :delayed end @@ -27,6 +35,12 @@ firewall_rule 'ejabberd_stun_turn' do command :allow end +firewall_rule 'ejabberd_stun_turn_tls' do + port node["ejabberd"]["stun_turn_port_tls"] + protocol :udp + command :allow +end + firewall_rule 'ejabberd_turn' do port node["ejabberd"]["turn_min_port"]..node["ejabberd"]["turn_max_port"] protocol :udp diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb index a34a7f7..9c98357 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb @@ -183,10 +183,11 @@ template "/opt/ejabberd/conf/ejabberd.yml" do sensitive true variables hosts: hosts, admin_users: admin_users, - stun_auth_realm: node["ejabberd"]["stun_auth_realm"], + stun_auth_realm: node["ejabberd"]["turn_domain"], stun_secret: ejabberd_credentials['stun_secret'], turn_ip_address: node["ejabberd"]["turn_ip_address"], stun_turn_port: node["ejabberd"]["stun_turn_port"], + stun_turn_port_tls: node["ejabberd"]["stun_turn_port_tls"], turn_min_port: node["ejabberd"]["turn_min_port"], turn_max_port: node["ejabberd"]["turn_max_port"], private_ip_address: node["knife_zero"]["host"], diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb index 79bd591..64b89df 100644 --- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb +++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb @@ -233,17 +233,29 @@ modules: secret: <%= @stun_secret %> services: - - host: <%= @turn_ip_address %> + host: <%= @turn_domain %> port: <%= @stun_turn_port %> type: stun transport: udp restricted: false - - host: <%= @turn_ip_address %> + host: <%= @turn_domain %> + port: <%= @stun_turn_port_tls %> + type: stuns + transport: udp + restricted: false + - + host: <%= @turn_domain %> port: <%= @stun_turn_port %> type: turn transport: udp restricted: true + - + host: <%= @turn_domain %> + port: <%= @stun_turn_port_tls %> + type: turns + transport: tcp + restricted: true mod_vcard: search: false mod_vcard_xupdate: {} diff --git a/site-cookbooks/kosmos-ejabberd/templates/turnserver.conf.erb b/site-cookbooks/kosmos-ejabberd/templates/turnserver.conf.erb index 257684d..cdb1054 100644 --- a/site-cookbooks/kosmos-ejabberd/templates/turnserver.conf.erb +++ b/site-cookbooks/kosmos-ejabberd/templates/turnserver.conf.erb @@ -436,14 +436,14 @@ realm=<%= @realm %> # Use an absolute path or path relative to the # configuration file. # -#cert=/usr/local/etc/turn_server_cert.pem +cert=<%= @cert %> # Private key file. # Use an absolute path or path relative to the # configuration file. # Use PEM file format. # -#pkey=/usr/local/etc/turn_server_pkey.pem +pkey=<%= @pkey %> # Private key file password, if it is in encoded format. # This option has no default value. @@ -642,7 +642,7 @@ syslog # By default it is always ON. # See also options cli-ip and cli-port. # -#no-cli +no-cli #Local system IP address to be used for CLI server endpoint. Default value # is 127.0.0.1. From ed998fc1d3ffebb6b6ddc2d31e9761bb57a5a159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 18 Dec 2023 13:22:34 +0100 Subject: [PATCH 38/95] Use TCP for TLS connections --- site-cookbooks/kosmos-ejabberd/recipes/coturn.rb | 2 +- site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb b/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb index a9b581b..b273a8c 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb @@ -37,7 +37,7 @@ end firewall_rule 'ejabberd_stun_turn_tls' do port node["ejabberd"]["stun_turn_port_tls"] - protocol :udp + protocol :tcp command :allow end diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb index 64b89df..b49ebfa 100644 --- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb +++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb @@ -242,7 +242,7 @@ modules: host: <%= @turn_domain %> port: <%= @stun_turn_port_tls %> type: stuns - transport: udp + transport: tcp restricted: false - host: <%= @turn_domain %> From 292366a77fae2f00d1a0ed45f6f3428284ba00e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 18 Dec 2023 13:23:05 +0100 Subject: [PATCH 39/95] Domain vs realm vs IP --- site-cookbooks/kosmos-ejabberd/attributes/default.rb | 1 + site-cookbooks/kosmos-ejabberd/recipes/coturn.rb | 2 +- site-cookbooks/kosmos-ejabberd/recipes/default.rb | 3 +-- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/site-cookbooks/kosmos-ejabberd/attributes/default.rb b/site-cookbooks/kosmos-ejabberd/attributes/default.rb index a0930f4..42960c5 100644 --- a/site-cookbooks/kosmos-ejabberd/attributes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/attributes/default.rb @@ -2,6 +2,7 @@ node.default["ejabberd"]["version"] = "23.10" node.default["ejabberd"]["package_version"] = "1" node.default["ejabberd"]["checksum"] = "1b02108c81e22ab28be84630d54061f0584b76d5c2702e598352269736b05e77" node.default["ejabberd"]["turn_domain"] = "turn.kosmos.org" +node.default["ejabberd"]["stun_auth_realm"] = "kosmos.org" node.default["ejabberd"]["stun_turn_port"] = 3478 node.default["ejabberd"]["stun_turn_port_tls"] = 5349 node.default["ejabberd"]["turn_min_port"] = 50000 diff --git a/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb b/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb index b273a8c..0e73322 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/coturn.rb @@ -22,8 +22,8 @@ template "/etc/turnserver.conf" do relay_ip: node["ipaddress"], min_port: node["ejabberd"]["turn_min_port"], max_port: node["ejabberd"]["turn_max_port"], + realm: node["ejabberd"]["stun_auth_realm"], static_auth_secret: credentials["stun_secret"], - realm: domain, cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", pkey: "/etc/letsencrypt/live/#{domain}/privkey.pem" notifies :restart, "service[coturn]", :delayed diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb index 9c98357..d9729f0 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb @@ -183,9 +183,8 @@ template "/opt/ejabberd/conf/ejabberd.yml" do sensitive true variables hosts: hosts, admin_users: admin_users, - stun_auth_realm: node["ejabberd"]["turn_domain"], + turn_domain: node["ejabberd"]["turn_domain"], stun_secret: ejabberd_credentials['stun_secret'], - turn_ip_address: node["ejabberd"]["turn_ip_address"], stun_turn_port: node["ejabberd"]["stun_turn_port"], stun_turn_port_tls: node["ejabberd"]["stun_turn_port_tls"], turn_min_port: node["ejabberd"]["turn_min_port"], From e1007f788635076284bbfddd3db8e9fcf19655a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 18 Dec 2023 13:23:21 +0100 Subject: [PATCH 40/95] ejabberd disco config additions --- site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb index b49ebfa..b8fd9e8 100644 --- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb +++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb @@ -230,6 +230,8 @@ modules: store_current_id: true mod_shared_roster: {} mod_stun_disco: + offer_local_services: false + credentials_lifetime: 300 secret: <%= @stun_secret %> services: - From 0d3082e1c82cd37729ca61182daed4339d862694 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 1 Jan 2024 16:13:15 +0300 Subject: [PATCH 41/95] Upgrade Gitea to 1.21.3 --- site-cookbooks/kosmos_gitea/attributes/default.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos_gitea/attributes/default.rb b/site-cookbooks/kosmos_gitea/attributes/default.rb index 44026dc..321923e 100644 --- a/site-cookbooks/kosmos_gitea/attributes/default.rb +++ b/site-cookbooks/kosmos_gitea/attributes/default.rb @@ -1,7 +1,7 @@ -gitea_version = "1.21.1" +gitea_version = "1.21.3" node.default["gitea"]["version"] = gitea_version node.default["gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64" -node.default["gitea"]["binary_checksum"] = "586b1b0df6940e847600625850ee7d766f103dc3341c1b4abfc269db57c5d826" +node.default["gitea"]["binary_checksum"] = "ccf6cc2077401e382bca0d000553a781a42c9103656bd33ef32bf093cca570eb" node.default["gitea"]["working_directory"] = "/var/lib/gitea" node.default["gitea"]["port"] = 3000 node.default["gitea"]["postgresql_host"] = "localhost:5432" From cfa7da2051333e26ce03b703ee5e87e971b954f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 8 Jan 2024 10:47:19 +0300 Subject: [PATCH 42/95] Create vmail dir on fresh systems --- site-cookbooks/kosmos_email/recipes/dovecot.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/site-cookbooks/kosmos_email/recipes/dovecot.rb b/site-cookbooks/kosmos_email/recipes/dovecot.rb index 9ebafd6..4ad1c2c 100644 --- a/site-cookbooks/kosmos_email/recipes/dovecot.rb +++ b/site-cookbooks/kosmos_email/recipes/dovecot.rb @@ -28,6 +28,11 @@ user "vmail" do manage_home false end +directory "/var/vmail" do + owner "vmail" + group "mail" +end + template "/etc/dovecot/dovecot.conf" do source "dovecot.conf.erb" mode 0644 From 98acd429de031ac7bc88488a3a9a43a0270f5b26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 8 Jan 2024 11:29:56 +0300 Subject: [PATCH 43/95] Add configs for virtual email aliases --- environments/production.json | 12 ++++++++++- .../kosmos_email/attributes/default.rb | 4 ++++ .../kosmos_email/recipes/postfix.rb | 20 +++++++++++++++---- .../templates/virtual-aliases.erb | 3 +++ 4 files changed, 34 insertions(+), 5 deletions(-) create mode 100644 site-cookbooks/kosmos_email/templates/virtual-aliases.erb diff --git a/environments/production.json b/environments/production.json index ae7ba44..ca1912e 100644 --- a/environments/production.json +++ b/environments/production.json @@ -22,7 +22,17 @@ "email": { "domain": "kosmos.org", "hostname": "mail.kosmos.org", - "report_contact": "abuse@kosmos.org" + "report_contact": "abuse@kosmos.org", + "virtual_aliases": { + "admin@kosmos.org": "ops@kosmos.org", + "ops@kosmos.org": "ops@5apps.com", + "webmaster": "mail@kosmos.org", + "hostmaster@kosmos.org": "mail@kosmos.org", + "postmaster@kosmos.org": "mail@kosmos.org", + "abuse@kosmos.org": "mail@kosmos.org", + "mail@kosmos.org": "foundation@kosmos.org", + "hackerhouse@kosmos.org": "mail@lagrange6.com" + } }, "garage": { "replication_mode": "2", diff --git a/site-cookbooks/kosmos_email/attributes/default.rb b/site-cookbooks/kosmos_email/attributes/default.rb index c77e52b..9463a3d 100644 --- a/site-cookbooks/kosmos_email/attributes/default.rb +++ b/site-cookbooks/kosmos_email/attributes/default.rb @@ -1,5 +1,9 @@ +node.default["email"]["root_directory"] = "/var/vmail" node.default["email"]["domain"] = "example.com" node.default["email"]["hostname"] = "mail.example.com" node.default["email"]["report_contact"] = "abuse@example.com" node.default["email"]["ldap_host"] = "ldap.kosmos.local" node.default["email"]["ldap_search_base"] = "cn=users,dc=kosmos,dc=org" +node.default["email"]["virtual_aliases"] = { + "admin@example.com" => "administrator@example.com" +} diff --git a/site-cookbooks/kosmos_email/recipes/postfix.rb b/site-cookbooks/kosmos_email/recipes/postfix.rb index a66dbf1..3b61533 100644 --- a/site-cookbooks/kosmos_email/recipes/postfix.rb +++ b/site-cookbooks/kosmos_email/recipes/postfix.rb @@ -12,6 +12,7 @@ end domain = node["email"]["domain"] hostname = node["email"]["hostname"] +root_dir = node["email"]["root_directory"] ip_addr = node["knife_zero"]["host"] ldap_host = node["email"]["ldap_host"] @@ -37,13 +38,10 @@ node.normal['postfix']['main']['mailbox_transport'] = "lmtp:unix:private/dovecot node.normal['postfix']['main']['virtual_transport'] = "lmtp:unix:private/dovecot-lmtp" node.normal['postfix']['main']['smtputf8_enable'] = "no" node.normal['postfix']['main']['recipient_delimiter'] = "+" - -# node.normal['postfix']['main']['virtual_alias_domains'] = "ldap:/etc/postfix/ldap-virtual_alias_domains.cf" -node.normal['postfix']['main']['virtual_alias_maps'] = "hash:/var/vmail/aliases, ldap:/etc/postfix/ldap-virtual_alias_maps.cf" +node.normal['postfix']['main']['virtual_alias_maps'] = "hash:#{root_dir}/aliases, ldap:/etc/postfix/ldap-virtual_alias_maps.cf" node.normal['postfix']['main']['virtual_mailbox_domains'] = "ldap:/etc/postfix/ldap-virtual_mailbox_domains.cf" node.normal['postfix']['main']['virtual_mailbox_maps'] = "ldap:/etc/postfix/ldap-virtual_mailbox_maps.cf" node.normal['postfix']['main']['smtpd_sender_login_maps'] = "ldap:/etc/postfix/ldap-smtpd_sender_login_maps.cf" - node.normal['postfix']['main']['milter_protocol'] = "6" node.normal['postfix']['main']['milter_default_action'] = "accept" node.normal['postfix']['main']['smtpd_milters'] = "inet:localhost:12301 local:spamass/spamass.sock" @@ -130,6 +128,20 @@ node.normal['postfix']['master'] = { } } +bash "compile_postfix_aliases" do + cwd root_dir + code "postmap #{root_dir}/aliases" + action :nothing + notifies :restart, "service[postfix]", :delayed +end + +template "#{root_dir}/aliases" do + source "virtual-aliases.erb" + mode 0755 + variables aliases: node["email"]["virtual_aliases"] + notifies :run, "bash[compile_postfix_aliases]", :immediately +end + ldap_default_variables = { server_host: ldap_host, bind_dn: credentials['ldap_dn'], diff --git a/site-cookbooks/kosmos_email/templates/virtual-aliases.erb b/site-cookbooks/kosmos_email/templates/virtual-aliases.erb new file mode 100644 index 0000000..8aa699b --- /dev/null +++ b/site-cookbooks/kosmos_email/templates/virtual-aliases.erb @@ -0,0 +1,3 @@ +<% @aliases.each do |k, v| %> +<%= "#{k}\t#{v}" %> +<% end %> From daadd9374f4d93224bb8823021741bec29aeb9ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 8 Jan 2024 11:35:04 +0300 Subject: [PATCH 44/95] Use attribute for root dir --- site-cookbooks/kosmos_email/recipes/default.rb | 12 ++++++++++++ site-cookbooks/kosmos_email/recipes/dovecot.rb | 14 ++------------ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/site-cookbooks/kosmos_email/recipes/default.rb b/site-cookbooks/kosmos_email/recipes/default.rb index 96eced0..bb80c24 100644 --- a/site-cookbooks/kosmos_email/recipes/default.rb +++ b/site-cookbooks/kosmos_email/recipes/default.rb @@ -5,11 +5,23 @@ domain = node["email"]["domain"] hostname = node["email"]["hostname"] +root_dir = node["email"]["root_directory"] ip_addr = node["knife_zero"]["host"] node.override["set_fqdn"] = hostname include_recipe "hostname" +user "vmail" do + gid "mail" + system true + manage_home false +end + +directory root_dir do + owner "vmail" + group "mail" +end + tls_cert_for hostname do auth "gandi_dns" action :create diff --git a/site-cookbooks/kosmos_email/recipes/dovecot.rb b/site-cookbooks/kosmos_email/recipes/dovecot.rb index 4ad1c2c..0a6f1f7 100644 --- a/site-cookbooks/kosmos_email/recipes/dovecot.rb +++ b/site-cookbooks/kosmos_email/recipes/dovecot.rb @@ -15,6 +15,7 @@ end domain = node["email"]["domain"] hostname = node["email"]["hostname"] +root_dir = node["email"]["root_directory"] ip_addr = node["knife_zero"]["host"] ldap_search_base = node["email"]["ldap_search_base"] @@ -22,17 +23,6 @@ ldap_user_filter = "(&(objectClass=person)(mailRoutingAddress=%u))" credentials = Chef::EncryptedDataBagItem.load('credentials', 'email') -user "vmail" do - gid "mail" - system true - manage_home false -end - -directory "/var/vmail" do - owner "vmail" - group "mail" -end - template "/etc/dovecot/dovecot.conf" do source "dovecot.conf.erb" mode 0644 @@ -70,7 +60,7 @@ template "/etc/dovecot/conf.d/10-mail.conf" do variables mail_uid: "vmail", mail_gid: "mail", mail_location: "mbox:~/mail:INBOX=~/mail/INBOX", - mail_home: "/var/vmail/%d/%n" + mail_home: "#{root_dir}/%d/%n" notifies :restart, "service[dovecot]", :delayed end From 456ec7a5fa7fc33e078a6041fcb7427c31ea96ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Tue, 9 Jan 2024 15:57:04 +0300 Subject: [PATCH 45/95] Deploy new email VM --- nodes/mail.kosmos.org.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nodes/mail.kosmos.org.json b/nodes/mail.kosmos.org.json index 2e384ef..b308e91 100644 --- a/nodes/mail.kosmos.org.json +++ b/nodes/mail.kosmos.org.json @@ -3,15 +3,15 @@ "chef_environment": "production", "normal": { "knife_zero": { - "host": "10.1.1.141" + "host": "10.1.1.95" } }, "automatic": { "fqdn": "mail.kosmos.org", "os": "linux", - "os_version": "5.15.0-1045-kvm", + "os_version": "5.15.0-1048-kvm", "hostname": "mail", - "ipaddress": "192.168.122.127", + "ipaddress": "192.168.122.131", "roles": [ "base", "kvm_guest", From c32e8bc9e5a60a22bc0672a1d3927c853889b4da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 11 Jan 2024 18:38:22 +0300 Subject: [PATCH 46/95] Add new garage nodes --- clients/garage-6.json | 4 +++ clients/garage-7.json | 4 +++ nodes/garage-6.json | 64 +++++++++++++++++++++++++++++++++++++++++++ nodes/garage-7.json | 64 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 136 insertions(+) create mode 100644 clients/garage-6.json create mode 100644 clients/garage-7.json create mode 100644 nodes/garage-6.json create mode 100644 nodes/garage-7.json diff --git a/clients/garage-6.json b/clients/garage-6.json new file mode 100644 index 0000000..2c5b767 --- /dev/null +++ b/clients/garage-6.json @@ -0,0 +1,4 @@ +{ + "name": "garage-6", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwasYgWLM8ShvirFiKRE6\nGWqc3pMlvcrk4YnWAUW5Y/H26EnyexxWNfnwlEcq8thJ3M3hs7zkoF3Yk4uqX869\n4/niYqXwYgeE1K3gzLp4K1+w3yVupYAFVFStVEHJyuMlLJ+ulDEGvNdQDuIfw7+E\nr6DcDLa1o92Eo0wL1ihYyMilduH0LdFTixL+tEBXbbPWBa3RDJJCFsRF1+UC6hAH\nzmaWL661Gdzdabxjm/FlGUYkdbDqeInZq/1GMQqv+9/DcNRkWA9H7i4Ykrfpx4/2\nRZ8xtx/DbnJVB1zYoORygFMMAkTu5E+R8ropeI7Wi77Yq0S7laiRlYQYQml3x9ak\nzQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/clients/garage-7.json b/clients/garage-7.json new file mode 100644 index 0000000..7e93b1f --- /dev/null +++ b/clients/garage-7.json @@ -0,0 +1,4 @@ +{ + "name": "garage-7", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoAigZUSwsfbBHx2PQ6W\n38Ght6eCvbpW1lsS58hTieRmRn+pgZVjvixhsBh57rUasCjaBywXk9BpNj2Foxck\nReHeoDI0RHsgniClyMrYj80y2NhoB6J8NB+cHkhdzIKplm6AH6M5xaAedtZU639a\n1nHMtpDlJhzgIYsiq1q06Aqd1w0Z9tf1RXQ1WvMDhTY4wlE5RZ2epBb6Usnlbjo2\nSqCIGIjRLmZxdsSWoiUUTlVPdUCzTNsN5G/ZVdRswhgseDmVJCIkK2Aji/XzhIrR\nh4RvUv9dhFemOVsFctJ/dQILXz5MZLUgakKf970M5R/Zggv//pqRSsYcB2UfaBpV\nLQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/garage-6.json b/nodes/garage-6.json new file mode 100644 index 0000000..6262df1 --- /dev/null +++ b/nodes/garage-6.json @@ -0,0 +1,64 @@ +{ + "name": "garage-6", + "chef_environment": "production", + "normal": { + "knife_zero": { + "host": "10.1.1.161" + } + }, + "automatic": { + "fqdn": "garage-6", + "os": "linux", + "os_version": "5.4.0-1090-kvm", + "hostname": "garage-6", + "ipaddress": "192.168.122.213", + "roles": [ + "base", + "kvm_guest", + "garage_node" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_kvm::guest", + "kosmos_garage", + "kosmos_garage::default", + "kosmos_garage::firewall_rpc", + "kosmos_garage::firewall_apis", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default", + "firewall::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "18.3.0", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.3.0/lib", + "chef_effortless": null + }, + "ohai": { + "version": "18.1.4", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai" + } + } + }, + "run_list": [ + "role[base]", + "role[kvm_guest]", + "role[garage_node]" + ] +} diff --git a/nodes/garage-7.json b/nodes/garage-7.json new file mode 100644 index 0000000..5d87c28 --- /dev/null +++ b/nodes/garage-7.json @@ -0,0 +1,64 @@ +{ + "name": "garage-7", + "chef_environment": "production", + "normal": { + "knife_zero": { + "host": "10.1.1.182" + } + }, + "automatic": { + "fqdn": "garage-7", + "os": "linux", + "os_version": "5.4.0-1090-kvm", + "hostname": "garage-7", + "ipaddress": "192.168.122.86", + "roles": [ + "base", + "kvm_guest", + "garage_node" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_kvm::guest", + "kosmos_garage", + "kosmos_garage::default", + "kosmos_garage::firewall_rpc", + "kosmos_garage::firewall_apis", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default", + "firewall::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "18.3.0", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.3.0/lib", + "chef_effortless": null + }, + "ohai": { + "version": "18.1.4", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai" + } + } + }, + "run_list": [ + "role[base]", + "role[kvm_guest]", + "role[garage_node]" + ] +} From f96faf9fa2c069a4d9cd30252f6926b5b0709dcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 24 Jan 2024 16:18:19 +0300 Subject: [PATCH 47/95] Install libvips for image manipulation in akkounts --- site-cookbooks/kosmos-akkounts/recipes/default.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb index 8772264..f79769b 100644 --- a/site-cookbooks/kosmos-akkounts/recipes/default.rb +++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb @@ -20,6 +20,7 @@ user deploy_user do end package "libpq-dev" +package "libvips" include_recipe 'redisio::default' include_recipe 'redisio::enable' From 2597e211edd97c9b989be1b21bfcbbaf075ed94d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 24 Jan 2024 16:18:50 +0300 Subject: [PATCH 48/95] Add new akkounts configs --- data_bags/credentials/akkounts.json | 44 ++++++++++++------- environments/production.json | 3 ++ .../kosmos-akkounts/attributes/default.rb | 2 + .../kosmos-akkounts/recipes/default.rb | 3 ++ 4 files changed, 37 insertions(+), 15 deletions(-) diff --git a/data_bags/credentials/akkounts.json b/data_bags/credentials/akkounts.json index 7914b0d..d9461ef 100644 --- a/data_bags/credentials/akkounts.json +++ b/data_bags/credentials/akkounts.json @@ -1,37 +1,51 @@ { "id": "akkounts", "postgresql_username": { - "encrypted_data": "W+Ia820+uYCAED9LRkQ1ZVe//56GRS5u0HrG\n", - "iv": "NpuVENC7C5FCjsEz\n", - "auth_tag": "KbqVv27nTc4qm7kzRWcjUQ==\n", + "encrypted_data": "/Idxzq83imf6o6pbmFAk7bgxg69N7/1KNhgj\n", + "iv": "34BrmVmlxzuA7IJG\n", + "auth_tag": "VyLpWDshrOd417ZiY3432w==\n", "version": 3, "cipher": "aes-256-gcm" }, "postgresql_password": { - "encrypted_data": "gPzUikJ3vBhjEzor0ie2341VPLRHNIvGvuD+HBwldw==\n", - "iv": "Jsnldm8Bx9IzXMNy\n", - "auth_tag": "63YXFGVxHn23X+/11qwTSA==\n", + "encrypted_data": "XqEmt+yu7mB6vBOUCT/5AtIptdUamfniz+PrFYCP0A==\n", + "iv": "2XdVUHkeeS1LHzMx\n", + "auth_tag": "mq0v9ikHD7pxTUrGO+VF9A==\n", "version": 3, "cipher": "aes-256-gcm" }, "sentry_dsn": { - "encrypted_data": "3aC1Nc+WiJIn+jc4HY4Rb1WAqCqEurbOLXhbah4zSIbVIaNGEKzaoC+IA+qi\nV1jAVxbE0A1w91MrGE6HNa+oMjiTMurYx7JzVBIpCm01rgo=\n", - "iv": "SxEbTBYY2Pa5BzAF\n", - "auth_tag": "zGkIpM/aeyuNm2F0I3VAcA==\n", + "encrypted_data": "u82JsPq5HvQRE2eWIbVp73LdqffyuTTylbURtM7XRJ6AXyKp1WD/iwVhNnL7\n/NKSWR24/u63WJCP4rXpW7293ZRU5UW/W3GwlOjNtbdxcaQ=\n", + "iv": "0GIV8v92dh4+Ma/Z\n", + "auth_tag": "XbuxPIZ5VxuMjw/f+usCgA==\n", "version": 3, "cipher": "aes-256-gcm" }, "rails_master_key": { - "encrypted_data": "cWOeQYNzOjgDNi7ZpkMC/jN7nSPyODYRhA6EIhhihzPxkEDt+/4HGNAhLHGK\nlJiQeRD/\n", - "iv": "Svsvx9gsO9OQs9RV\n", - "auth_tag": "mXVNNo13F6FddhWnri1yHQ==\n", + "encrypted_data": "31N79um4TTD0tuDurrZVztoSv0sxZ70paV7AhD8P4+lX8kUkfhiugCbdhst0\n12YP5v/8\n", + "iv": "l4qanaerdou8AApw\n", + "auth_tag": "yvkcM4on1EMm1LhmmZ+O+g==\n", "version": 3, "cipher": "aes-256-gcm" }, "discourse_connect_secret": { - "encrypted_data": "BQcE5fUkiqJyuOR1dR9vNyxWzgWGX1Wl1WINJDGJ1sJiajrgAspPgDt0dX5L\nhxG8CQ==\n", - "iv": "UKpt0F1FODuosQ9u\n", - "auth_tag": "MLgv0jR9MhWGmQNUkA8GUQ==\n", + "encrypted_data": "Ebs8KVEA0r4nFxYNjxxZFUWndxwoKes/9ihEgqgKLN76t6yzCUONeJZBMl0G\nXLdI8A==\n", + "iv": "ob8KBWeoHXFlZ7Nk\n", + "auth_tag": "motppQbVEhg6qyKRYpqctA==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "lndhub_admin_token": { + "encrypted_data": "I2hSF6X9L3OWbet5QWzrCyA3XyGFhFBgHh/uFr5dQ3RB\n", + "iv": "Kr8u2j5napFSamYc\n", + "auth_tag": "t93UNWomf+6WaZF7VVzTeQ==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "btcpay_auth_token": { + "encrypted_data": "0qesJ5KMvU2DlKdz7lExJWq0X9XYjpsqw61kLXWw4UNYwpNxPyFJSjbR9yKh\ntu0zMdtMB9Vur9izWBY=\n", + "iv": "gw2oAyeF2Kuvb3Em\n", + "auth_tag": "zMtos/E3e3XXeTlAY7o0lg==\n", "version": 3, "cipher": "aes-256-gcm" } diff --git a/environments/production.json b/environments/production.json index ca1912e..2dd2e79 100644 --- a/environments/production.json +++ b/environments/production.json @@ -2,6 +2,9 @@ "name": "production", "override_attributes": { "akkounts": { + "btcpay": { + "store_id": "FNJVVsrVkKaduPDAkRVchdegjwzsNhpceAdonCaXAwBX" + }, "ejabberd": { "admin_url": "https://xmpp.kosmos.org:5443/admin" }, diff --git a/site-cookbooks/kosmos-akkounts/attributes/default.rb b/site-cookbooks/kosmos-akkounts/attributes/default.rb index a3c6968..0f4ca0c 100644 --- a/site-cookbooks/kosmos-akkounts/attributes/default.rb +++ b/site-cookbooks/kosmos-akkounts/attributes/default.rb @@ -11,6 +11,8 @@ node.default['akkounts']['smtp']['domain'] = 'kosmos.org' node.default['akkounts']['smtp']['auth_method'] = 'plain' node.default['akkounts']['smtp']['enable_starttls'] = 'auto' +node.default['akkounts']['btcpay']['store_id'] = nil + node.default['akkounts']['ejabberd']['admin_url'] = nil node.default['akkounts']['lndhub']['api_url'] = nil diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb index f79769b..e80f4ba 100644 --- a/site-cookbooks/kosmos-akkounts/recipes/default.rb +++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb @@ -71,6 +71,8 @@ end if btcpay_host env[:btcpay_api_url] = "http://#{btcpay_host}:23001/api/v1" + env[:btcpay_store_id] = node['akkounts']['btcpay']['store_id'] + env[:btcpay_auth_token] = credentials["btcpay_auth_token"] end env[:discourse_public_url] = "https://#{node['discourse']['domain']}" @@ -105,6 +107,7 @@ if lndhub_host node.override["akkounts"]["lndhub"]["api_url"] = "http://#{lndhub_host}:3026" env[:lndhub_legacy_api_url] = node["akkounts"]["lndhub"]["api_url"] env[:lndhub_api_url] = node["akkounts"]["lndhub"]["api_url"] + env[:lndhub_admin_token] = credentials["lndhub_admin_token"] env[:lndhub_public_url] = node["akkounts"]["lndhub"]["public_url"] env[:lndhub_public_key] = node["akkounts"]["lndhub"]["public_key"] if postgres_readonly_host From 4b04aa7cd9fe0eab48a7d6da4128966ea1f37702 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 24 Jan 2024 16:19:04 +0300 Subject: [PATCH 49/95] Let akkounts API proxy forward all API requests ... instead of just a specific subdirectory/path --- .../kosmos-akkounts/templates/nginx_conf_akkounts_api.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts_api.erb b/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts_api.erb index 945de09..02e1112 100644 --- a/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts_api.erb +++ b/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts_api.erb @@ -18,7 +18,7 @@ server { access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log json; error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn; - location /kredits/ { + location / { add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; @@ -31,6 +31,6 @@ server { proxy_buffers 1024 8k; proxy_http_version 1.1; - proxy_pass http://_akkounts_api/api/kredits/; + proxy_pass http://_akkounts_api/api/; } } From 88e96747e3f56beee5f40e4ab3f5d0a259da3797 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 24 Jan 2024 18:11:58 +0300 Subject: [PATCH 50/95] Add Redis replica recipe and role --- roles/redis_replica.rb | 15 +++++++++++++++ roles/redis_server.rb | 3 +-- site-cookbooks/kosmos_redis/recipes/backup.rb | 11 +++++++++++ .../kosmos_redis/recipes/default.rb | 16 +++++----------- .../kosmos_redis/recipes/replica.rb | 19 +++++++++++++++++++ 5 files changed, 51 insertions(+), 13 deletions(-) create mode 100644 roles/redis_replica.rb create mode 100644 site-cookbooks/kosmos_redis/recipes/backup.rb create mode 100644 site-cookbooks/kosmos_redis/recipes/replica.rb diff --git a/roles/redis_replica.rb b/roles/redis_replica.rb new file mode 100644 index 0000000..ddcc9d1 --- /dev/null +++ b/roles/redis_replica.rb @@ -0,0 +1,15 @@ +name "redis_replica" + +run_list %w( + kosmos_redis::replica + kosmos_redis::firewall +) + +default_attributes({ + 'redisio' => { + 'default_settings' => { + 'slaveservestaledata' => 'yes', + 'slavereadonly' => 'yes' + } + } +}) diff --git a/roles/redis_server.rb b/roles/redis_server.rb index f7fb88e..e50219b 100644 --- a/roles/redis_server.rb +++ b/roles/redis_server.rb @@ -7,6 +7,7 @@ default_run_list = %w( production_run_list = %w( kosmos_redis::default kosmos_redis::firewall + kosmos_redis::backup ) env_run_lists( @@ -14,5 +15,3 @@ env_run_lists( 'development' => default_run_list, 'production' => production_run_list ) - -default_attributes({}) diff --git a/site-cookbooks/kosmos_redis/recipes/backup.rb b/site-cookbooks/kosmos_redis/recipes/backup.rb new file mode 100644 index 0000000..44041f6 --- /dev/null +++ b/site-cookbooks/kosmos_redis/recipes/backup.rb @@ -0,0 +1,11 @@ +# +# Cookbook Name:: kosmos_redis +# Recipe:: backup +# + +databases = node['redisio']['servers'].map do |server, _| + "dump-#{server['port']}" +end +node.override["backup"]["redis"]["databases"] = databases + +include_recipe "backup" diff --git a/site-cookbooks/kosmos_redis/recipes/default.rb b/site-cookbooks/kosmos_redis/recipes/default.rb index 7153aca..dfc0031 100644 --- a/site-cookbooks/kosmos_redis/recipes/default.rb +++ b/site-cookbooks/kosmos_redis/recipes/default.rb @@ -3,16 +3,10 @@ # Recipe:: default # +node.normal['redisio']['servers'] = [{ + 'port' => '6379', + 'protected_mode' => 'no' +}] + include_recipe 'redisio::default' include_recipe 'redisio::enable' - -unless node.chef_environment == "development" - include_recipe "kosmos_redis::firewall" - - # Backup the databases to S3 - databases = node['redisio']['servers'].map do |server, _| - "dump-#{server['port']}" - end - node.override["backup"]["redis"]["databases"] = databases - include_recipe "backup" -end diff --git a/site-cookbooks/kosmos_redis/recipes/replica.rb b/site-cookbooks/kosmos_redis/recipes/replica.rb new file mode 100644 index 0000000..d968c7b --- /dev/null +++ b/site-cookbooks/kosmos_redis/recipes/replica.rb @@ -0,0 +1,19 @@ +# +# Cookbook Name:: kosmos_redis +# Recipe:: replica +# + +primary_host = search(:node, 'role:redis_server').first['knife_zero']['host'] rescue nil + +if primary_host.nil? + Chef::Log.warn("No node found with 'redis_server' role. Stopping here.") + return +end + +node.normal['redisio']['servers'] = [{ + 'port' => '6379', + 'replicaof' => { 'address' => primary_host, 'port' => '6379' } +}] + +include_recipe 'redisio::default' +include_recipe 'redisio::enable' From 7d478f0183ad3e5f6d3215671048da867db70781 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 24 Jan 2024 18:12:22 +0300 Subject: [PATCH 51/95] Set up Redis replication in production --- nodes/redis-1.json | 6 ++++-- nodes/redis-2.json | 20 ++++++++++++++++---- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/nodes/redis-1.json b/nodes/redis-1.json index a5507e7..cd0fb79 100644 --- a/nodes/redis-1.json +++ b/nodes/redis-1.json @@ -1,5 +1,6 @@ { "name": "redis-1", + "chef_environment": "production", "normal": { "knife_zero": { "host": "10.1.1.225" @@ -8,7 +9,7 @@ "automatic": { "fqdn": "redis-1", "os": "linux", - "os_version": "5.4.0-1090-kvm", + "os_version": "5.4.0-1104-kvm", "hostname": "redis-1", "ipaddress": "192.168.122.83", "roles": [ @@ -22,6 +23,8 @@ "kosmos_kvm::guest", "kosmos_redis", "kosmos_redis::default", + "kosmos_redis::firewall", + "kosmos_redis::backup", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -43,7 +46,6 @@ "redisio::disable_os_default", "redisio::configure", "redisio::enable", - "kosmos_redis::firewall", "backup::default", "logrotate::default" ], diff --git a/nodes/redis-2.json b/nodes/redis-2.json index 38735df..07be0f5 100644 --- a/nodes/redis-2.json +++ b/nodes/redis-2.json @@ -1,5 +1,6 @@ { "name": "redis-2", + "chef_environment": "production", "normal": { "knife_zero": { "host": "10.1.1.208" @@ -8,17 +9,20 @@ "automatic": { "fqdn": "redis-2", "os": "linux", - "os_version": "5.4.0-1090-kvm", + "os_version": "5.4.0-1104-kvm", "hostname": "redis-2", "ipaddress": "192.168.122.98", "roles": [ "base", - "kvm_guest" + "kvm_guest", + "redis_replica" ], "recipes": [ "kosmos-base", "kosmos-base::default", "kosmos_kvm::guest", + "kosmos_redis::replica", + "kosmos_redis::firewall", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -32,7 +36,14 @@ "postfix::_common", "postfix::_attributes", "postfix::sasl_auth", - "hostname::default" + "hostname::default", + "redisio::default", + "redisio::_install_prereqs", + "redisio::install", + "redisio::ulimit", + "redisio::disable_os_default", + "redisio::configure", + "redisio::enable" ], "platform": "ubuntu", "platform_version": "20.04", @@ -51,6 +62,7 @@ }, "run_list": [ "role[base]", - "role[kvm_guest]" + "role[kvm_guest]", + "role[redis_replica]" ] } \ No newline at end of file From d3c22ea78764f3744c3a99ebd9fe90bc58c4772d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 25 Jan 2024 16:26:41 +0300 Subject: [PATCH 52/95] Add liquor_cabinet cookbook --- site-cookbooks/liquor_cabinet/.gitignore | 25 ++++ site-cookbooks/liquor_cabinet/CHANGELOG.md | 7 + site-cookbooks/liquor_cabinet/LICENSE | 21 +++ site-cookbooks/liquor_cabinet/README.md | 6 + .../liquor_cabinet/attributes/default.rb | 24 +++ site-cookbooks/liquor_cabinet/chefignore | 115 +++++++++++++++ site-cookbooks/liquor_cabinet/kitchen.yml | 37 +++++ site-cookbooks/liquor_cabinet/metadata.rb | 12 ++ .../liquor_cabinet/recipes/default.rb | 139 ++++++++++++++++++ .../liquor_cabinet/templates/config.yml.erb | 12 ++ .../liquor_cabinet/templates/rainbows.rb.erb | 32 ++++ 11 files changed, 430 insertions(+) create mode 100644 site-cookbooks/liquor_cabinet/.gitignore create mode 100644 site-cookbooks/liquor_cabinet/CHANGELOG.md create mode 100644 site-cookbooks/liquor_cabinet/LICENSE create mode 100644 site-cookbooks/liquor_cabinet/README.md create mode 100644 site-cookbooks/liquor_cabinet/attributes/default.rb create mode 100644 site-cookbooks/liquor_cabinet/chefignore create mode 100644 site-cookbooks/liquor_cabinet/kitchen.yml create mode 100644 site-cookbooks/liquor_cabinet/metadata.rb create mode 100644 site-cookbooks/liquor_cabinet/recipes/default.rb create mode 100644 site-cookbooks/liquor_cabinet/templates/config.yml.erb create mode 100644 site-cookbooks/liquor_cabinet/templates/rainbows.rb.erb diff --git a/site-cookbooks/liquor_cabinet/.gitignore b/site-cookbooks/liquor_cabinet/.gitignore new file mode 100644 index 0000000..f1e57b8 --- /dev/null +++ b/site-cookbooks/liquor_cabinet/.gitignore @@ -0,0 +1,25 @@ +.vagrant +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +gems.locked +bin/* +.bundle/* + +# test kitchen +.kitchen/ +kitchen.local.yml + +# Chef Infra +Berksfile.lock +.zero-knife.rb +Policyfile.lock.json + +.idea/ + diff --git a/site-cookbooks/liquor_cabinet/CHANGELOG.md b/site-cookbooks/liquor_cabinet/CHANGELOG.md new file mode 100644 index 0000000..feaf621 --- /dev/null +++ b/site-cookbooks/liquor_cabinet/CHANGELOG.md @@ -0,0 +1,7 @@ +# liquor_cabinet CHANGELOG + +This file is used to list changes made in each version of the liquor_cabinet cookbook. + +## 0.1.0 + +Initial release. diff --git a/site-cookbooks/liquor_cabinet/LICENSE b/site-cookbooks/liquor_cabinet/LICENSE new file mode 100644 index 0000000..a00749b --- /dev/null +++ b/site-cookbooks/liquor_cabinet/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2024 Kosmos Developers + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/site-cookbooks/liquor_cabinet/README.md b/site-cookbooks/liquor_cabinet/README.md new file mode 100644 index 0000000..1f7bc27 --- /dev/null +++ b/site-cookbooks/liquor_cabinet/README.md @@ -0,0 +1,6 @@ +# liquor_cabinet + +Installs/configures the [Liquor Cabinet][1] [remoteStorage][2] API server. + +[1]: https://gitea.kosmos.org/5apps/liquor-cabinet +[2]: https://remotestorage.io diff --git a/site-cookbooks/liquor_cabinet/attributes/default.rb b/site-cookbooks/liquor_cabinet/attributes/default.rb new file mode 100644 index 0000000..6e88013 --- /dev/null +++ b/site-cookbooks/liquor_cabinet/attributes/default.rb @@ -0,0 +1,24 @@ +node.default['liquor-cabinet']['ruby']['version'] = "3.1.4" +node.default['liquor-cabinet']['repo'] = 'https://gitea.kosmos.org/5apps/liquor-cabinet.git' +node.default['liquor-cabinet']['revision'] = 'master' +node.default['liquor-cabinet']['redis_server_role'] = 'redis_server' +node.default['liquor-cabinet']['redis_port'] = 6379 +node.default['liquor-cabinet']['redis_db'] = 1 +node.default['liquor-cabinet']['s3_endpoint'] = nil +node.default['liquor-cabinet']['s3_region'] = nil +node.default['liquor-cabinet']['s3_bucket'] = nil +node.default['liquor-cabinet']['ufw_source_allowed'] = nil +node.default['liquor-cabinet']['maintenance_mode_enabled'] = false +node.default['liquor-cabinet']['rainbows'] = { + 'port' => 3000, + 'preload_app' => true, + 'timeout' => 60, + 'worker_processes' => node['cpu']['total'], + 'worker_connections' => 100, + 'client_header_buffer_size' => 1024, + 'client_max_body_size' => 104857600, + 'client_max_header_size' => 114688, + 'copy_stream' => 'IO', + 'keepalive_requests' => 100, + 'keepalive_timeout' => 5 +} diff --git a/site-cookbooks/liquor_cabinet/chefignore b/site-cookbooks/liquor_cabinet/chefignore new file mode 100644 index 0000000..cc170ea --- /dev/null +++ b/site-cookbooks/liquor_cabinet/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/site-cookbooks/liquor_cabinet/kitchen.yml b/site-cookbooks/liquor_cabinet/kitchen.yml new file mode 100644 index 0000000..e309743 --- /dev/null +++ b/site-cookbooks/liquor_cabinet/kitchen.yml @@ -0,0 +1,37 @@ +--- +driver: + name: dokken + privileged: true # allows systemd services to start + +provisioner: + name: dokken + +transport: + name: dokken + +verifier: + name: inspec + +platforms: + # @see https://github.com/chef-cookbooks/testing_examples/blob/main/kitchen.dokken.yml + # @see https://hub.docker.com/u/dokken + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-8 + driver: + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd + +suites: + - name: default + run_list: + - recipe[liquor_cabinet::default] + verifier: + inspec_tests: + - test/integration/default + attributes: diff --git a/site-cookbooks/liquor_cabinet/metadata.rb b/site-cookbooks/liquor_cabinet/metadata.rb new file mode 100644 index 0000000..bd24a4c --- /dev/null +++ b/site-cookbooks/liquor_cabinet/metadata.rb @@ -0,0 +1,12 @@ +name 'liquor_cabinet' +maintainer 'Kosmos Developers' +maintainer_email 'ops@kosmos.org' +license 'MIT' +description 'Installs/configures the Liquor Cabinet remoteStorage API server' +version '0.1.0' +chef_version '>= 18.2' +issues_url 'https://gitea.kosmos.org/kosmos/chef/issues' +# source_url 'https://gitea.kosmos.org/kosmos/chef' + +depends 'firewall' +depends "ruby_build" diff --git a/site-cookbooks/liquor_cabinet/recipes/default.rb b/site-cookbooks/liquor_cabinet/recipes/default.rb new file mode 100644 index 0000000..ebf6b0e --- /dev/null +++ b/site-cookbooks/liquor_cabinet/recipes/default.rb @@ -0,0 +1,139 @@ +# +# Cookbook:: liquor_cabinet +# Recipe:: default +# + +app_name = "liquor-cabinet" +deploy_user = "deploy" +deploy_group = "deploy" +deploy_path = "/opt/#{app_name}" +credentials = Chef::EncryptedDataBagItem.load('credentials', app_name) + +ruby_version = node[app_name]['ruby']['version'] +ruby_path = "/opt/ruby_build/builds/#{ruby_version}" +bundle_path = "#{ruby_path}/bin/bundle" +rack_env = node.chef_environment == "production" ? "production" : "development" + +ruby_build_install 'v20231225' +ruby_build_definition ruby_version do + prefix_path ruby_path +end + +group deploy_group + +user deploy_user do + group deploy_group + manage_home true + shell "/bin/bash" +end + +directory deploy_path do + owner deploy_user + group deploy_group + mode '0750' +end + +redis_server_role = node[app_name]['redis_server_role'] +redis_host = search(:node, "role:#{redis_server_role}").first['knife_zero']['host'] rescue nil +if redis_host.nil? + Chef::Log.warn("No node found with '#{redis_server_role}' role. Stopping here.") + return +end + +git deploy_path do + repository node[app_name]['repo'] + revision node[app_name]['revision'] + user deploy_user + group deploy_group + notifies :restart, "service[#{app_name}]", :delayed +end + +directory "#{deploy_path}/tmp" do + owner deploy_user + group deploy_group + mode 0750 +end + +execute "bundle install" do + user deploy_user + cwd deploy_path + command "#{bundle_path} install --without development,test --deployment" +end + +template "#{deploy_path}/config.yml.erb" do + source 'config.yml.erb' + owner deploy_user + group deploy_group + mode '0600' + sensitive true + variables environment: rack_env, + redis_host: redis_host, + redis_port: node[app_name]['redis_port'], + redis_db: node[app_name]['redis_db'], + s3_endpoint: node[app_name]['s3_endpoint'], + s3_region: node[app_name]['s3_region'], + s3_bucket: node[app_name]['s3_bucket'], + s3_access_key: credentials['s3_access_key'], + s3_secret_key: credentials['s3_secret_key'], + maintenance_mode_enabled: node[app_name]['maintenance_mode_enabled'] + # TODO sentry_dsn: credentials['sentry_dsn'] + notifies :restart, "service[#{app_name}]", :delayed +end + +directory '/etc/rainbows' do + owner deploy_user + group deploy_group + mode '0750' +end + +template "/etc/rainbows/#{app_name}.rb" do + source 'rainbows.rb.erb' + owner deploy_user + group deploy_group + mode '0640' + variables user: deploy_user, + group: deploy_group, + app_name: app_name, + working_directory: deploy_path, + config: node[app_name]['rainbows'] + notifies :restart, "service[#{app_name}]", :delayed +end + +systemd_unit "#{app_name}.service" do + content({ + Unit: { + Description: "Liquor Cabinet remoteStorage HTTP API", + Documentation: ["https://gitea.kosmos.org/5apps/liquor-cabinet"], + After: "syslog.target network.target" + }, + Service: { + Type: "simple", + User: deploy_user, + WorkingDirectory: deploy_path, + Environment: "RACK_ENV=#{rack_env}", + ExecStart: "#{bundle_path} exec rainbows -c /etc/rainbows/#{app_name}.rb -E #{rack_env}", + PIDFile: "#{deploy_path}/tmp/rainbows.pid", + TimeoutSec: "10", + Restart: "on-failure", + }, + Install: { + WantedBy: "multi-user.target" + } + }) + verify false + triggers_reload true + action [:create, :enable] +end + +service app_name do + action [:enable, :start] +end + +if node[app_name]['ufw_source_allowed'] + firewall_rule app_name do + command :allow + protocol :tcp + port node[app_name]['rainbows']['port'] + source node[app_name]['ufw_source_allowed'] + end +end diff --git a/site-cookbooks/liquor_cabinet/templates/config.yml.erb b/site-cookbooks/liquor_cabinet/templates/config.yml.erb new file mode 100644 index 0000000..615d28d --- /dev/null +++ b/site-cookbooks/liquor_cabinet/templates/config.yml.erb @@ -0,0 +1,12 @@ +<%= @environment %>: + maintenance: <%= @maintenance_mode_enabled %> + redis: + host: <%= @redis_host %> + port: <%= @redis_port %> + db: <%= @redis_db %> + s3: + endpoint: <%= @s3_endpoint %> + region: <%= @s3_region %> + bucket: <%= @s3_bucket %> + access_key_id: <%= @s3_access_key %> + secret_key_id: <%= @s3_secret_key %> diff --git a/site-cookbooks/liquor_cabinet/templates/rainbows.rb.erb b/site-cookbooks/liquor_cabinet/templates/rainbows.rb.erb new file mode 100644 index 0000000..4cf5125 --- /dev/null +++ b/site-cookbooks/liquor_cabinet/templates/rainbows.rb.erb @@ -0,0 +1,32 @@ +## +# Rainbows config at /etc/rainbows/<%= @app_name %>.rb +# Managed by Chef - Local changes will be overwritten by Chef runs +## + +# What ports/sockets to listen on, and what options for them. +listen "<%= @config['port'] %>", { tcp_nodelay: true, backlog: 100 } + +# What the timeout for killing busy workers is, in seconds +timeout <%= @config['timeout'] %> + +# Whether the app should be pre-loaded +preload_app <%= @config['preload_app'] %> + +# How many worker processes +worker_processes <%= @config['worker_processes'] %> + +# Run forked children as specified user/group +user "<%= @user %>", "<%= @group %>" + +pid "<%= @working_directory %>/tmp/rainbows.pid" + +Rainbows! do + use :ThreadSpawn + client_header_buffer_size <%= @config['client_header_buffer_size'] %> + client_max_body_size <%= @config['client_max_body_size'] %> + client_max_header_size <%= @config['client_max_header_size'] %> + copy_stream <%= @config['copy_stream'] %> + keepalive_requests <%= @config['keepalive_requests'] %> + keepalive_timeout <%= @config['keepalive_timeout'] %> + worker_connections <%= @config['worker_connections'] %> +end From 211a613e5c21b64dcf236197ef99f3dfa17f2077 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 25 Jan 2024 16:27:31 +0300 Subject: [PATCH 53/95] Add liquor-cabinet configs, deploy to production --- data_bags/credentials/liquor-cabinet.json | 17 +++++++++++++++++ environments/production.json | 6 ++++++ nodes/lq-1.json | 19 +++++++++++++++---- nodes/lq-2.json | 19 +++++++++++++++---- roles/liquor_cabinet.rb | 5 +++++ 5 files changed, 58 insertions(+), 8 deletions(-) create mode 100644 data_bags/credentials/liquor-cabinet.json create mode 100644 roles/liquor_cabinet.rb diff --git a/data_bags/credentials/liquor-cabinet.json b/data_bags/credentials/liquor-cabinet.json new file mode 100644 index 0000000..81dc301 --- /dev/null +++ b/data_bags/credentials/liquor-cabinet.json @@ -0,0 +1,17 @@ +{ + "id": "liquor-cabinet", + "s3_access_key": { + "encrypted_data": "TKYUWVboQZUKvw4bqrKsL28dH2DGR5iDBQclAwm5I7GqkxFfkG2d91qLv+BA\n", + "iv": "B8YYzXeFGxMG34WI\n", + "auth_tag": "HOIfcpJOFYIVvf5o8lk4mg==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "s3_secret_key": { + "encrypted_data": "GRqGJkGJ/f0zQVtO0r9TcXBqlpnfC5PiwTZK8QmsqEhzQI6U67NAf62QqTgl\nGVI1h8G5ITgC3l0xVhcvH6m2bcs9fjNzFIqnhoZhzGwEt51A5Zk=\n", + "iv": "UAlmoUWLedpd79xa\n", + "auth_tag": "2F/EJhY5/59dtFFwkd106A==\n", + "version": 3, + "cipher": "aes-256-gcm" + } +} \ No newline at end of file diff --git a/environments/production.json b/environments/production.json index ca1912e..145ec3c 100644 --- a/environments/production.json +++ b/environments/production.json @@ -77,6 +77,12 @@ "mastodon.w7nooprauv6yrnhzh2ajpcnj3doinked2aaztlwfyt6u6pva2qdxqhid.onion" ] }, + "liquor-cabinet": { + "ufw_source_allowed": "10.1.1.0/24", + "s3_endpoint": "http://localhost:3900", + "s3_region": "garage", + "s3_bucket": "rs-kosmos" + }, "mediawiki": { "url": "https://wiki.kosmos.org" }, diff --git a/nodes/lq-1.json b/nodes/lq-1.json index c969a94..e3b0a26 100644 --- a/nodes/lq-1.json +++ b/nodes/lq-1.json @@ -1,5 +1,6 @@ { "name": "lq-1", + "chef_environment": "production", "normal": { "knife_zero": { "host": "10.1.1.87" @@ -8,17 +9,24 @@ "automatic": { "fqdn": "lq-1", "os": "linux", - "os_version": "5.4.0-1090-kvm", + "os_version": "5.4.0-1104-kvm", "hostname": "lq-1", "ipaddress": "192.168.122.158", "roles": [ "base", - "kvm_guest" + "kvm_guest", + "garage_gateway", + "liquor_cabinet" ], "recipes": [ "kosmos-base", "kosmos-base::default", "kosmos_kvm::guest", + "kosmos_garage", + "kosmos_garage::default", + "kosmos_garage::firewall_rpc", + "liquor_cabinet", + "liquor_cabinet::default", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -32,7 +40,8 @@ "postfix::_common", "postfix::_attributes", "postfix::sasl_auth", - "hostname::default" + "hostname::default", + "firewall::default" ], "platform": "ubuntu", "platform_version": "20.04", @@ -51,6 +60,8 @@ }, "run_list": [ "role[base]", - "role[kvm_guest]" + "role[kvm_guest]", + "role[garage_gateway]", + "role[liquor_cabinet]" ] } \ No newline at end of file diff --git a/nodes/lq-2.json b/nodes/lq-2.json index 8174bc6..65a82d5 100644 --- a/nodes/lq-2.json +++ b/nodes/lq-2.json @@ -1,5 +1,6 @@ { "name": "lq-2", + "chef_environment": "production", "normal": { "knife_zero": { "host": "10.1.1.188" @@ -8,17 +9,24 @@ "automatic": { "fqdn": "lq-2", "os": "linux", - "os_version": "5.4.0-1090-kvm", + "os_version": "5.4.0-1104-kvm", "hostname": "lq-2", "ipaddress": "192.168.122.47", "roles": [ "base", - "kvm_guest" + "kvm_guest", + "garage_gateway", + "liquor_cabinet" ], "recipes": [ "kosmos-base", "kosmos-base::default", "kosmos_kvm::guest", + "kosmos_garage", + "kosmos_garage::default", + "kosmos_garage::firewall_rpc", + "liquor_cabinet", + "liquor_cabinet::default", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -32,7 +40,8 @@ "postfix::_common", "postfix::_attributes", "postfix::sasl_auth", - "hostname::default" + "hostname::default", + "firewall::default" ], "platform": "ubuntu", "platform_version": "20.04", @@ -51,6 +60,8 @@ }, "run_list": [ "role[base]", - "role[kvm_guest]" + "role[kvm_guest]", + "role[garage_gateway]", + "role[liquor_cabinet]" ] } \ No newline at end of file diff --git a/roles/liquor_cabinet.rb b/roles/liquor_cabinet.rb new file mode 100644 index 0000000..2651a6a --- /dev/null +++ b/roles/liquor_cabinet.rb @@ -0,0 +1,5 @@ +name "liquor_cabinet" + +run_list %w( + liquor_cabinet::default +) From 715fdbc2ba5c4b7fcf45842cc3edd8a93f9b2111 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 25 Jan 2024 17:40:42 +0300 Subject: [PATCH 54/95] Node-attribute ALL THE THINGS --- site-cookbooks/liquor_cabinet/attributes/default.rb | 6 +++++- site-cookbooks/liquor_cabinet/recipes/default.rb | 8 ++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/site-cookbooks/liquor_cabinet/attributes/default.rb b/site-cookbooks/liquor_cabinet/attributes/default.rb index 6e88013..467aebb 100644 --- a/site-cookbooks/liquor_cabinet/attributes/default.rb +++ b/site-cookbooks/liquor_cabinet/attributes/default.rb @@ -1,6 +1,9 @@ -node.default['liquor-cabinet']['ruby']['version'] = "3.1.4" +node.default['liquor-cabinet']['app_name'] = "liquor-cabinet" +node.default['liquor-cabinet']['user'] = "deploy" +node.default['liquor-cabinet']['group'] = "deploy" node.default['liquor-cabinet']['repo'] = 'https://gitea.kosmos.org/5apps/liquor-cabinet.git' node.default['liquor-cabinet']['revision'] = 'master' +node.default['liquor-cabinet']['deploy_path'] = "/opt/#{node['liquor-cabinet']['app_name']}" node.default['liquor-cabinet']['redis_server_role'] = 'redis_server' node.default['liquor-cabinet']['redis_port'] = 6379 node.default['liquor-cabinet']['redis_db'] = 1 @@ -9,6 +12,7 @@ node.default['liquor-cabinet']['s3_region'] = nil node.default['liquor-cabinet']['s3_bucket'] = nil node.default['liquor-cabinet']['ufw_source_allowed'] = nil node.default['liquor-cabinet']['maintenance_mode_enabled'] = false +node.default['liquor-cabinet']['ruby']['version'] = "3.1.4" node.default['liquor-cabinet']['rainbows'] = { 'port' => 3000, 'preload_app' => true, diff --git a/site-cookbooks/liquor_cabinet/recipes/default.rb b/site-cookbooks/liquor_cabinet/recipes/default.rb index ebf6b0e..39687cd 100644 --- a/site-cookbooks/liquor_cabinet/recipes/default.rb +++ b/site-cookbooks/liquor_cabinet/recipes/default.rb @@ -3,10 +3,10 @@ # Recipe:: default # -app_name = "liquor-cabinet" -deploy_user = "deploy" -deploy_group = "deploy" -deploy_path = "/opt/#{app_name}" +app_name = node['liquor-cabinet']['app_name'] +deploy_user = node[app_name]['user'] +deploy_group = node[app_name]['group'] +deploy_path = node[app_name]['deploy_path'] credentials = Chef::EncryptedDataBagItem.load('credentials', app_name) ruby_version = node[app_name]['ruby']['version'] From a2ec41b68a67bd06a6bdd6f6ee52425355908eca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 25 Jan 2024 17:42:56 +0300 Subject: [PATCH 55/95] Add/use kosmos_liquor-cabinet cookbook --- nodes/lq-1.json | 7 +- roles/liquor_cabinet.rb | 2 +- .../kosmos_liquor-cabinet/.gitignore | 25 ++++ .../kosmos_liquor-cabinet/CHANGELOG.md | 7 ++ site-cookbooks/kosmos_liquor-cabinet/LICENSE | 21 ++++ .../kosmos_liquor-cabinet/README.md | 7 ++ .../attributes/default.rb | 0 .../kosmos_liquor-cabinet/chefignore | 115 ++++++++++++++++++ .../kosmos_liquor-cabinet/kitchen.yml | 37 ++++++ .../kosmos_liquor-cabinet/metadata.rb | 12 ++ .../kosmos_liquor-cabinet/recipes/default.rb | 6 + 11 files changed, 235 insertions(+), 4 deletions(-) create mode 100644 site-cookbooks/kosmos_liquor-cabinet/.gitignore create mode 100644 site-cookbooks/kosmos_liquor-cabinet/CHANGELOG.md create mode 100644 site-cookbooks/kosmos_liquor-cabinet/LICENSE create mode 100644 site-cookbooks/kosmos_liquor-cabinet/README.md create mode 100644 site-cookbooks/kosmos_liquor-cabinet/attributes/default.rb create mode 100644 site-cookbooks/kosmos_liquor-cabinet/chefignore create mode 100644 site-cookbooks/kosmos_liquor-cabinet/kitchen.yml create mode 100644 site-cookbooks/kosmos_liquor-cabinet/metadata.rb create mode 100644 site-cookbooks/kosmos_liquor-cabinet/recipes/default.rb diff --git a/nodes/lq-1.json b/nodes/lq-1.json index e3b0a26..574ec90 100644 --- a/nodes/lq-1.json +++ b/nodes/lq-1.json @@ -25,8 +25,8 @@ "kosmos_garage", "kosmos_garage::default", "kosmos_garage::firewall_rpc", - "liquor_cabinet", - "liquor_cabinet::default", + "kosmos_liquor-cabinet", + "kosmos_liquor-cabinet::default", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -41,7 +41,8 @@ "postfix::_attributes", "postfix::sasl_auth", "hostname::default", - "firewall::default" + "firewall::default", + "liquor_cabinet::default" ], "platform": "ubuntu", "platform_version": "20.04", diff --git a/roles/liquor_cabinet.rb b/roles/liquor_cabinet.rb index 2651a6a..9183055 100644 --- a/roles/liquor_cabinet.rb +++ b/roles/liquor_cabinet.rb @@ -1,5 +1,5 @@ name "liquor_cabinet" run_list %w( - liquor_cabinet::default + kosmos_liquor-cabinet::default ) diff --git a/site-cookbooks/kosmos_liquor-cabinet/.gitignore b/site-cookbooks/kosmos_liquor-cabinet/.gitignore new file mode 100644 index 0000000..f1e57b8 --- /dev/null +++ b/site-cookbooks/kosmos_liquor-cabinet/.gitignore @@ -0,0 +1,25 @@ +.vagrant +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +gems.locked +bin/* +.bundle/* + +# test kitchen +.kitchen/ +kitchen.local.yml + +# Chef Infra +Berksfile.lock +.zero-knife.rb +Policyfile.lock.json + +.idea/ + diff --git a/site-cookbooks/kosmos_liquor-cabinet/CHANGELOG.md b/site-cookbooks/kosmos_liquor-cabinet/CHANGELOG.md new file mode 100644 index 0000000..bc1846e --- /dev/null +++ b/site-cookbooks/kosmos_liquor-cabinet/CHANGELOG.md @@ -0,0 +1,7 @@ +# kosmos_liquor-cabinet CHANGELOG + +This file is used to list changes made in each version of the kosmos_liquor-cabinet cookbook. + +## 0.1.0 + +Initial release. diff --git a/site-cookbooks/kosmos_liquor-cabinet/LICENSE b/site-cookbooks/kosmos_liquor-cabinet/LICENSE new file mode 100644 index 0000000..a00749b --- /dev/null +++ b/site-cookbooks/kosmos_liquor-cabinet/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2024 Kosmos Developers + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/site-cookbooks/kosmos_liquor-cabinet/README.md b/site-cookbooks/kosmos_liquor-cabinet/README.md new file mode 100644 index 0000000..5c0b08f --- /dev/null +++ b/site-cookbooks/kosmos_liquor-cabinet/README.md @@ -0,0 +1,7 @@ +# kosmos_liquor-cabinet + +Installs/configures the [Liquor Cabinet][1] [remoteStorage][2] API server and +reverse proxy. + +[1]: https://gitea.kosmos.org/5apps/liquor-cabinet +[2]: https://remotestorage.io diff --git a/site-cookbooks/kosmos_liquor-cabinet/attributes/default.rb b/site-cookbooks/kosmos_liquor-cabinet/attributes/default.rb new file mode 100644 index 0000000..e69de29 diff --git a/site-cookbooks/kosmos_liquor-cabinet/chefignore b/site-cookbooks/kosmos_liquor-cabinet/chefignore new file mode 100644 index 0000000..cc170ea --- /dev/null +++ b/site-cookbooks/kosmos_liquor-cabinet/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/site-cookbooks/kosmos_liquor-cabinet/kitchen.yml b/site-cookbooks/kosmos_liquor-cabinet/kitchen.yml new file mode 100644 index 0000000..bd2abe1 --- /dev/null +++ b/site-cookbooks/kosmos_liquor-cabinet/kitchen.yml @@ -0,0 +1,37 @@ +--- +driver: + name: dokken + privileged: true # allows systemd services to start + +provisioner: + name: dokken + +transport: + name: dokken + +verifier: + name: inspec + +platforms: + # @see https://github.com/chef-cookbooks/testing_examples/blob/main/kitchen.dokken.yml + # @see https://hub.docker.com/u/dokken + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-8 + driver: + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd + +suites: + - name: default + run_list: + - recipe[kosmos_liquor-cabinet::default] + verifier: + inspec_tests: + - test/integration/default + attributes: diff --git a/site-cookbooks/kosmos_liquor-cabinet/metadata.rb b/site-cookbooks/kosmos_liquor-cabinet/metadata.rb new file mode 100644 index 0000000..1ab8e56 --- /dev/null +++ b/site-cookbooks/kosmos_liquor-cabinet/metadata.rb @@ -0,0 +1,12 @@ +name 'kosmos_liquor-cabinet' +maintainer 'Kosmos Developers' +maintainer_email 'ops@kosmos.org' +license 'MIT' +description 'Installs/configures Liquor Cabinet API and reverse proxy' +version '0.1.0' +chef_version '>= 18.2' +issues_url 'https://gitea.kosmos.org/kosmos/chef/issues' +# source_url 'https://gitea.kosmos.org/kosmos/chef' + +depends 'liquor_cabinet' +depends 'kosmos_openresty' diff --git a/site-cookbooks/kosmos_liquor-cabinet/recipes/default.rb b/site-cookbooks/kosmos_liquor-cabinet/recipes/default.rb new file mode 100644 index 0000000..1e6d8f8 --- /dev/null +++ b/site-cookbooks/kosmos_liquor-cabinet/recipes/default.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: kosmos_liquor-cabinet +# Recipe:: default +# + +include_recipe 'liquor_cabinet' From 6114f0f799f4f0994221c309a83f9a38bfc84ff3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 26 Jan 2024 08:15:53 +0300 Subject: [PATCH 56/95] Add liquor-cabinet proxy recipe --- .../attributes/default.rb | 4 + .../kosmos_liquor-cabinet/recipes/nginx.rb | 30 +++++++ .../templates/nginx_conf_liquor-cabinet.erb | 79 +++++++++++++++++++ 3 files changed, 113 insertions(+) create mode 100644 site-cookbooks/kosmos_liquor-cabinet/recipes/nginx.rb create mode 100644 site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb diff --git a/site-cookbooks/kosmos_liquor-cabinet/attributes/default.rb b/site-cookbooks/kosmos_liquor-cabinet/attributes/default.rb index e69de29..6c4b547 100644 --- a/site-cookbooks/kosmos_liquor-cabinet/attributes/default.rb +++ b/site-cookbooks/kosmos_liquor-cabinet/attributes/default.rb @@ -0,0 +1,4 @@ +node.default['liquor-cabinet']['app_server_role'] = 'liquor_cabinet' +node.default['liquor-cabinet']['max_upload_size'] = 100 # MB +node.default['liquor-cabinet']['server_name'] = 'storage.example.com' +node.default['liquor-cabinet']['root_redirect_url'] = 'https://example.com/storage' diff --git a/site-cookbooks/kosmos_liquor-cabinet/recipes/nginx.rb b/site-cookbooks/kosmos_liquor-cabinet/recipes/nginx.rb new file mode 100644 index 0000000..e3c1b6b --- /dev/null +++ b/site-cookbooks/kosmos_liquor-cabinet/recipes/nginx.rb @@ -0,0 +1,30 @@ +# +# Cookbook:: kosmos_liquor-cabinet +# Recipe:: nginx +# + +app_name = node['liquor-cabinet']['app_name'] +domain = node[app_name]['domain'] + +tls_cert_for domain do + auth "gandi_dns" + action :create +end + +upstream_hosts = [] +search(:node, "role:#{node[app_name]['app_server_role']}").each do |node| + upstream_hosts << node["knife_zero"]["host"] +end +upstream_hosts.push("localhost") if upstream_hosts.empty? + +openresty_site domain do + template "nginx_conf_liquor-cabinet.erb" + variables app_name: app_name, + server_name: domain, + root_redirect_url: node[app_name]['root_redirect_url'], + max_upload_size: node['liquor-cabinet']['max_upload_size'], + upstream_hosts: upstream_hosts, + upstream_port: node[app_name]['rainbows']['port'], + ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", + ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem" +end diff --git a/site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb b/site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb new file mode 100644 index 0000000..870713b --- /dev/null +++ b/site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb @@ -0,0 +1,79 @@ +# +# Generated by Chef +# +upstream _<%= @app_name %> { +<% @upstream_hosts.each do |host| -%> + server <%= host %>:<%= @upstream_port %>; +<% end -%> +} + +# TODO use cookbook attribute when enabling +# variables_hash_max_size 2048; + +server { + listen 80; + listen [::]:80; + server_name <%= @server_name %>; + # Redirect to https + location / { + return 301 https://<%= @server_name %>$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name <%= @server_name %>; + + access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log; # TODO json_liquor_cabinet; + error_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.error.log warn; + + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; + + # TODO + # log_by_lua_file "<%= @log_by_lua_file %>"; + + # We need strong ETags, disable compression + gzip off; + # brotli off; + # pagespeed off; + + # Set a large maximum upload size + client_max_body_size <%= @max_upload_size %>m; + + # TODO + # Use rate limiting (the zone is defined in + # /etc/nginx/conf.d/rate_limiting.conf) + # limit_req zone=per_ip burst=5000; + + location = / { + return 301 <%= @root_redirect_url %>; + } + + location / { + try_files $uri @proxy; + } + + location @proxy { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host $http_host; + + proxy_redirect off; + + proxy_buffering on; + # Increase number of buffers. Default is 8 + proxy_buffers 1024 8k; + + # Needed for big uploads + proxy_read_timeout 180s; + proxy_send_timeout 180s; + + proxy_pass http://_<%= @app_name %>; + + proxy_next_upstream error timeout http_502 http_500; + } + + ssl_certificate <%= @ssl_cert %>; + ssl_certificate_key <%= @ssl_key %>; +} From e10e54c12aec2c2c41dbb825c1e97ac54cd7e8cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 26 Jan 2024 08:16:26 +0300 Subject: [PATCH 57/95] Deploy liquor-cabinet proxy to production --- environments/production.json | 4 +++- nodes/draco.kosmos.org.json | 1 + nodes/fornax.kosmos.org.json | 1 + roles/openresty_proxy.rb | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/environments/production.json b/environments/production.json index 145ec3c..b924d30 100644 --- a/environments/production.json +++ b/environments/production.json @@ -81,7 +81,9 @@ "ufw_source_allowed": "10.1.1.0/24", "s3_endpoint": "http://localhost:3900", "s3_region": "garage", - "s3_bucket": "rs-kosmos" + "s3_bucket": "rs-kosmos", + "domain": "storage.kosmos.org", + "root_redirect_url": "https://accounts.kosmos.org" }, "mediawiki": { "url": "https://wiki.kosmos.org" diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json index 9854a65..34262f1 100644 --- a/nodes/draco.kosmos.org.json +++ b/nodes/draco.kosmos.org.json @@ -52,6 +52,7 @@ "kosmos_garage::nginx_s3", "kosmos_gitea::nginx", "kosmos_gitea::nginx_ssh", + "kosmos_liquor-cabinet::nginx", "kosmos_rsk::nginx_testnet", "kosmos_rsk::nginx_mainnet", "kosmos_website", diff --git a/nodes/fornax.kosmos.org.json b/nodes/fornax.kosmos.org.json index d304aa5..8744139 100644 --- a/nodes/fornax.kosmos.org.json +++ b/nodes/fornax.kosmos.org.json @@ -45,6 +45,7 @@ "kosmos_garage::nginx_s3", "kosmos_gitea::nginx", "kosmos_gitea::nginx_ssh", + "kosmos_liquor-cabinet::nginx", "kosmos_rsk::nginx_testnet", "kosmos_rsk::nginx_mainnet", "kosmos_website", diff --git a/roles/openresty_proxy.rb b/roles/openresty_proxy.rb index 2ecd45e..6779898 100644 --- a/roles/openresty_proxy.rb +++ b/roles/openresty_proxy.rb @@ -26,6 +26,7 @@ production_run_list = %w( kosmos_garage::nginx_s3 kosmos_gitea::nginx kosmos_gitea::nginx_ssh + kosmos_liquor-cabinet::nginx kosmos_rsk::nginx_testnet kosmos_rsk::nginx_mainnet kosmos_website::default From 7ab83d3d82876b8802ae909ea1a5aadf604317e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 26 Jan 2024 09:00:25 +0300 Subject: [PATCH 58/95] Section header comments for ENV vars Improve readability of recipe --- .../kosmos-akkounts/recipes/default.rb | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb index e80f4ba..af41c51 100644 --- a/site-cookbooks/kosmos-akkounts/recipes/default.rb +++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb @@ -69,17 +69,33 @@ if webhooks_allowed_ips.length > 0 env[:webhooks_allowed_ips] = webhooks_allowed_ips end +# +# BTCPay Server +# + if btcpay_host env[:btcpay_api_url] = "http://#{btcpay_host}:23001/api/v1" env[:btcpay_store_id] = node['akkounts']['btcpay']['store_id'] env[:btcpay_auth_token] = credentials["btcpay_auth_token"] end +# +# Discourse +# + env[:discourse_public_url] = "https://#{node['discourse']['domain']}" env[:discourse_connect_secret] = credentials['discourse_connect_secret'] +# +# Drone CI +# + env[:droneci_public_url] = node["droneci"]["public_url"] +# +# ejabberd +# + ejabberd_private_ip_addresses = [] search(:node, "role:ejabberd").each do |node| ejabberd_private_ip_addresses << node["knife_zero"]["host"] @@ -101,8 +117,16 @@ if ejabberd_private_ip_addresses.size > 0 env[:ejabberd_admin_url] = node['akkounts']['ejabberd']['admin_url'] end +# +# Gitea +# + env[:gitea_public_url] = "https://#{node['gitea']['domain']}" +# +# lndhub.go +# + if lndhub_host node.override["akkounts"]["lndhub"]["api_url"] = "http://#{lndhub_host}:3026" env[:lndhub_legacy_api_url] = node["akkounts"]["lndhub"]["api_url"] @@ -119,10 +143,22 @@ if lndhub_host end end +# +# Mastodon +# + env[:mastodon_public_url] = "https://#{node['kosmos-mastodon']['domain']}" +# +# MediaWiki +# + env[:mediawiki_public_url] = node['mediawiki']['url'] +# +# Akkounts Deployment +# + systemd_unit "akkounts.service" do content({ Unit: { From 98543f3e7d0b92a2e3d701b7f62c184c4776e254 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 26 Jan 2024 09:01:55 +0300 Subject: [PATCH 59/95] Configure RS integration for akkounts --- environments/production.json | 2 ++ site-cookbooks/kosmos-akkounts/recipes/default.rb | 13 +++++++++++++ 2 files changed, 15 insertions(+) diff --git a/environments/production.json b/environments/production.json index 0b458e8..e80e3b7 100644 --- a/environments/production.json +++ b/environments/production.json @@ -82,6 +82,8 @@ }, "liquor-cabinet": { "ufw_source_allowed": "10.1.1.0/24", + "redis_port": 6379, + "redis_db": 1, "s3_endpoint": "http://localhost:3900", "s3_region": "garage", "s3_bucket": "rs-kosmos", diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb index af41c51..558dc5b 100644 --- a/site-cookbooks/kosmos-akkounts/recipes/default.rb +++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb @@ -155,6 +155,19 @@ env[:mastodon_public_url] = "https://#{node['kosmos-mastodon']['domain']}" env[:mediawiki_public_url] = node['mediawiki']['url'] +# +# remoteStorage / Liquor Cabinet +# + +env[:rs_storage_url] = "https://#{node['liquor-cabinet']['domain']}" + +rs_redis_host = search(:node, "role:redis_server").first["knife_zero"]["host"] rescue nil +rs_redis_port = node['liquor-cabinet']['redis_port'] +rs_redis_db = node['liquor-cabinet']['redis_db'] +if rs_redis_host + env[:rs_redis_url] = "redis://#{rs_redis_host}:#{rs_redis_port}/#{rs_redis_db}" +end + # # Akkounts Deployment # From 5c1c63f94e73d0f82ff1831f872bca79f274f92d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 26 Jan 2024 10:40:36 +0300 Subject: [PATCH 60/95] Add S3/Garage config for akkounts --- data_bags/credentials/akkounts.json | 56 ++++++++++++------- environments/production.json | 5 +- nodes/akkounts-1.json | 6 ++ .../kosmos-akkounts/attributes/default.rb | 6 ++ .../kosmos-akkounts/recipes/default.rb | 14 +++++ 5 files changed, 64 insertions(+), 23 deletions(-) diff --git a/data_bags/credentials/akkounts.json b/data_bags/credentials/akkounts.json index d9461ef..6c754de 100644 --- a/data_bags/credentials/akkounts.json +++ b/data_bags/credentials/akkounts.json @@ -1,51 +1,65 @@ { "id": "akkounts", "postgresql_username": { - "encrypted_data": "/Idxzq83imf6o6pbmFAk7bgxg69N7/1KNhgj\n", - "iv": "34BrmVmlxzuA7IJG\n", - "auth_tag": "VyLpWDshrOd417ZiY3432w==\n", + "encrypted_data": "l00Lmdbl5xNq07XU4XmcnRxXsIJaYyMQQ6xI\n", + "iv": "yxvL6hKwlVWmdMzl\n", + "auth_tag": "mMCV9ewJW/0TfVE76WBSZw==\n", "version": 3, "cipher": "aes-256-gcm" }, "postgresql_password": { - "encrypted_data": "XqEmt+yu7mB6vBOUCT/5AtIptdUamfniz+PrFYCP0A==\n", - "iv": "2XdVUHkeeS1LHzMx\n", - "auth_tag": "mq0v9ikHD7pxTUrGO+VF9A==\n", + "encrypted_data": "Q6xWsH6bmI1GfMzme3mBRYrt3XmDwFJ7E4FjYg2Rrw==\n", + "iv": "jcQmuT7Jz3g3XE8d\n", + "auth_tag": "nNMvf9UmP6ikf1BW93QZIw==\n", "version": 3, "cipher": "aes-256-gcm" }, "sentry_dsn": { - "encrypted_data": "u82JsPq5HvQRE2eWIbVp73LdqffyuTTylbURtM7XRJ6AXyKp1WD/iwVhNnL7\n/NKSWR24/u63WJCP4rXpW7293ZRU5UW/W3GwlOjNtbdxcaQ=\n", - "iv": "0GIV8v92dh4+Ma/Z\n", - "auth_tag": "XbuxPIZ5VxuMjw/f+usCgA==\n", + "encrypted_data": "V7cqlH2baN1Ix/ggQFeo9PY6dNKKpnDECaB1cO3XuCfy74oN2ot44nbpCQTA\nUl0+1LQv/qNn/L4gmJkqZfdIXZQqhR+iTc06UJxe3aTKJDw=\n", + "iv": "HJtdKYcApwaxhTXI\n", + "auth_tag": "qyIYK9h6nciJTFXBWOjVOA==\n", "version": 3, "cipher": "aes-256-gcm" }, "rails_master_key": { - "encrypted_data": "31N79um4TTD0tuDurrZVztoSv0sxZ70paV7AhD8P4+lX8kUkfhiugCbdhst0\n12YP5v/8\n", - "iv": "l4qanaerdou8AApw\n", - "auth_tag": "yvkcM4on1EMm1LhmmZ+O+g==\n", + "encrypted_data": "KAl2Kgq1TXjOm4TNxGwZkPwJeOSNLbLLKiRdb4fTyBFfUhIGGeCS9VvV9kIb\n9sQZ6HLU\n", + "iv": "BBPvDNs6nBXDti5I\n", + "auth_tag": "yjM/0nyUwt+5SSGuLC5qWA==\n", "version": 3, "cipher": "aes-256-gcm" }, "discourse_connect_secret": { - "encrypted_data": "Ebs8KVEA0r4nFxYNjxxZFUWndxwoKes/9ihEgqgKLN76t6yzCUONeJZBMl0G\nXLdI8A==\n", - "iv": "ob8KBWeoHXFlZ7Nk\n", - "auth_tag": "motppQbVEhg6qyKRYpqctA==\n", + "encrypted_data": "YHkZGzXeK3nDHaXt3JKmGtCcvMfgvv3yHbvS2C+CLKagOIOe+0+2/CiNuh4U\nxO1Pug==\n", + "iv": "SnUxDpIMQum8ySfN\n", + "auth_tag": "Ny6I+3EoCA1s74JLjjbbyQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "lndhub_admin_token": { - "encrypted_data": "I2hSF6X9L3OWbet5QWzrCyA3XyGFhFBgHh/uFr5dQ3RB\n", - "iv": "Kr8u2j5napFSamYc\n", - "auth_tag": "t93UNWomf+6WaZF7VVzTeQ==\n", + "encrypted_data": "dJHxB80Enwkm+2aNuIrp7lILAy2J5tQaChPJCl/BHwMo\n", + "iv": "zHLtD1jTIwvjMt1l\n", + "auth_tag": "IC0adEzsS5YF5YHqabWw2A==\n", "version": 3, "cipher": "aes-256-gcm" }, "btcpay_auth_token": { - "encrypted_data": "0qesJ5KMvU2DlKdz7lExJWq0X9XYjpsqw61kLXWw4UNYwpNxPyFJSjbR9yKh\ntu0zMdtMB9Vur9izWBY=\n", - "iv": "gw2oAyeF2Kuvb3Em\n", - "auth_tag": "zMtos/E3e3XXeTlAY7o0lg==\n", + "encrypted_data": "YbM0HvgIijluKQBcgfKn6hmWvdbhr0ijR1xKc+BRZCZJsRaJBHTjCbwhH8T9\nVnBESruyjhxphtBetcc=\n", + "iv": "3107v/c2Tonx6/cP\n", + "auth_tag": "jnO9fvoXJW5gbDMRjkdMPA==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "s3_access_key": { + "encrypted_data": "PFjQKe1us12SNHlReQ4f0qctulPp4d2F3t5t+AGocp87PS/kZx77rtHQtruK\n", + "iv": "BGD8+XchqwPmhhwi\n", + "auth_tag": "XefaZKCVs8hotszALN+kxQ==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "s3_secret_key": { + "encrypted_data": "ziO35x8P1YMaSeenMNQoTWug62b5ZVLFlkMlJEFGnYjHK5qTAn6ir06WnMJC\n0zErzTZsPpcr7KpE/ipWgWHRy7qVbGnd6iVO4t9tf5NjiU2OXfA=\n", + "iv": "S3syCCxh2m+mylLu\n", + "auth_tag": "ZMkyBqXMXr3K3LGqxWvbtA==\n", "version": 3, "cipher": "aes-256-gcm" } diff --git a/environments/production.json b/environments/production.json index e80e3b7..12033e7 100644 --- a/environments/production.json +++ b/environments/production.json @@ -43,8 +43,9 @@ "s3_web_root_domain": "web.s3.kosmos.org", "s3_web_domains": [ "media.kosmos.chat", - "s3.kosmos.social", - "s3.community.kosmos.org" + "s3.accounts.kosmos.org", + "s3.community.kosmos.org", + "s3.kosmos.social" ], "xmpp_upload_bucket": "kosmos-xmpp-uploads" }, diff --git a/nodes/akkounts-1.json b/nodes/akkounts-1.json index a183843..e97d59c 100644 --- a/nodes/akkounts-1.json +++ b/nodes/akkounts-1.json @@ -17,6 +17,7 @@ "kvm_guest", "ldap_client", "sentry_client", + "garage_gateway", "akkounts", "postgresql_client" ], @@ -26,6 +27,9 @@ "kosmos_kvm::guest", "kosmos-dirsrv::hostsfile", "kosmos_sentry::client", + "kosmos_garage", + "kosmos_garage::default", + "kosmos_garage::firewall_rpc", "kosmos_postgresql::hostsfile", "kosmos-akkounts", "kosmos-akkounts::default", @@ -43,6 +47,7 @@ "postfix::_attributes", "postfix::sasl_auth", "hostname::default", + "firewall::default", "redisio::default", "redisio::_install_prereqs", "redisio::install", @@ -76,6 +81,7 @@ "role[kvm_guest]", "role[ldap_client]", "role[sentry_client]", + "role[garage_gateway]", "role[akkounts]" ] } \ No newline at end of file diff --git a/site-cookbooks/kosmos-akkounts/attributes/default.rb b/site-cookbooks/kosmos-akkounts/attributes/default.rb index 0f4ca0c..0fc749e 100644 --- a/site-cookbooks/kosmos-akkounts/attributes/default.rb +++ b/site-cookbooks/kosmos-akkounts/attributes/default.rb @@ -19,3 +19,9 @@ node.default['akkounts']['lndhub']['api_url'] = nil node.default['akkounts']['lndhub']['public_url'] = nil node.default['akkounts']['lndhub']['public_key'] = nil node.default['akkounts']['lndhub']['postgres_db'] = 'lndhub' + +node.default['akkounts']['s3_enabled'] = true +node.default['akkounts']['s3_endpoint'] = "http://localhost:3900" +node.default['akkounts']['s3_region'] = "garage" +node.default['akkounts']['s3_bucket'] = "akkounts-production" +node.default['akkounts']['s3_alias_host'] = "https://s3.accounts.kosmos.org" diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb index 558dc5b..9adc442 100644 --- a/site-cookbooks/kosmos-akkounts/recipes/default.rb +++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb @@ -168,6 +168,20 @@ if rs_redis_host env[:rs_redis_url] = "redis://#{rs_redis_host}:#{rs_redis_port}/#{rs_redis_db}" end +# +# S3 +# + +if node['akkounts']['s3_enabled'] + env[:s3_enabled] = true + env[:s3_endpoint] = node['akkounts']['s3_endpoint'] + env[:s3_region] = node['akkounts']['s3_region'] + env[:s3_bucket] = node['akkounts']['s3_bucket'] + env[:s3_alias_host] = node['akkounts']['s3_alias_host'] + env[:s3_access_key] = credentials['s3_access_key'] + env[:s3_secret_key] = credentials['s3_secret_key'] +end + # # Akkounts Deployment # From f3529015829ec6a57ef85acc66ed25ddc8a64deb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 29 Jan 2024 14:17:15 +0200 Subject: [PATCH 61/95] Consolidate akkounts well-known proxying, add Webfinger and Nostr refs #158 --- .../kosmos_website/templates/nginx_conf_website.erb | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb b/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb index 3432221..5ae24c1 100644 --- a/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb +++ b/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb @@ -18,15 +18,8 @@ server { ssl_certificate <%= @ssl_cert %>; ssl_certificate_key <%= @ssl_key %>; - location /.well-known/lnurlp/ { + location ~ ^/.well-known/(webfinger|nostr|lnurlp|keysend) { proxy_ssl_server_name on; - rewrite /.well-known/lnurlp/([^/]+) /lnurlpay/$1@kosmos.org break; - proxy_pass https://accounts.kosmos.org; - } - - location /.well-known/keysend/ { - proxy_ssl_server_name on; - rewrite /.well-known/keysend/([^/]+) /keysend/$1@kosmos.org break; proxy_pass https://accounts.kosmos.org; } } From bcaee3bb21219251f6b8c2eeb00b01813db97bd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 29 Jan 2024 18:15:36 +0200 Subject: [PATCH 62/95] Fix ActiveStorage not liking the local S3 endpoint --- site-cookbooks/kosmos-akkounts/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-akkounts/attributes/default.rb b/site-cookbooks/kosmos-akkounts/attributes/default.rb index 0fc749e..635cf40 100644 --- a/site-cookbooks/kosmos-akkounts/attributes/default.rb +++ b/site-cookbooks/kosmos-akkounts/attributes/default.rb @@ -21,7 +21,7 @@ node.default['akkounts']['lndhub']['public_key'] = nil node.default['akkounts']['lndhub']['postgres_db'] = 'lndhub' node.default['akkounts']['s3_enabled'] = true -node.default['akkounts']['s3_endpoint'] = "http://localhost:3900" +node.default['akkounts']['s3_endpoint'] = "https://s3.kosmos.org" node.default['akkounts']['s3_region'] = "garage" node.default['akkounts']['s3_bucket'] = "akkounts-production" node.default['akkounts']['s3_alias_host'] = "https://s3.accounts.kosmos.org" From 5f7701c2888226c9057e237c2e87765364ffdf7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 29 Jan 2024 18:16:07 +0200 Subject: [PATCH 63/95] Fix missing listen IP for storage proxy --- .../templates/nginx_conf_liquor-cabinet.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb b/site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb index 870713b..fb4602e 100644 --- a/site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb +++ b/site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb @@ -11,7 +11,7 @@ upstream _<%= @app_name %> { # variables_hash_max_size 2048; server { - listen 80; + listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>80; listen [::]:80; server_name <%= @server_name %>; # Redirect to https @@ -21,7 +21,7 @@ server { } server { - listen 443 ssl http2; + listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen [::]:443 ssl http2; server_name <%= @server_name %>; From 210a83a6863bcaa49acfcbe943154cc7311b9d21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 4 Feb 2024 15:47:29 +0200 Subject: [PATCH 64/95] Increase max user offline messages for ejabberd --- site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb index b8fd9e8..6c6bc4f 100644 --- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb +++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb @@ -123,7 +123,7 @@ shaper_rules: max_user_sessions: 10 max_user_offline_messages: - 5000: admin - - 100 + - 1000 c2s_shaper: - none: admin - normal From c2bd03dc23da6c1ed185de96e0c09a356323a861 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 5 Feb 2024 10:14:27 +0200 Subject: [PATCH 65/95] Update node info --- nodes/draco.kosmos.org.json | 1 - 1 file changed, 1 deletion(-) diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json index 34262f1..f07f268 100644 --- a/nodes/draco.kosmos.org.json +++ b/nodes/draco.kosmos.org.json @@ -47,7 +47,6 @@ "kosmos_assets::nginx_site", "kosmos_discourse::nginx", "kosmos_drone::nginx", - "kosmos-ejabberd::nginx", "kosmos_garage::nginx_web", "kosmos_garage::nginx_s3", "kosmos_gitea::nginx", From 6e4cc480689d6027f945adb1bab7bd125009d58f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 5 Feb 2024 14:39:12 +0200 Subject: [PATCH 66/95] Upgrade Gitea to 1.21.5 --- site-cookbooks/kosmos_gitea/attributes/default.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos_gitea/attributes/default.rb b/site-cookbooks/kosmos_gitea/attributes/default.rb index 321923e..0a4e0cd 100644 --- a/site-cookbooks/kosmos_gitea/attributes/default.rb +++ b/site-cookbooks/kosmos_gitea/attributes/default.rb @@ -1,7 +1,7 @@ -gitea_version = "1.21.3" +gitea_version = "1.21.5" node.default["gitea"]["version"] = gitea_version node.default["gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64" -node.default["gitea"]["binary_checksum"] = "ccf6cc2077401e382bca0d000553a781a42c9103656bd33ef32bf093cca570eb" +node.default["gitea"]["binary_checksum"] = "7a521914203b07c7a0613ae30d8ab229111b149a2fa219423e643cd9a039256e" node.default["gitea"]["working_directory"] = "/var/lib/gitea" node.default["gitea"]["port"] = 3000 node.default["gitea"]["postgresql_host"] = "localhost:5432" From 164b974eb8136fb90a28a6127ae495be28ef7e3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 11 Mar 2024 15:55:05 +0100 Subject: [PATCH 67/95] Switch postgresql primary, deploy new replica --- clients/postgres-4.json | 4 --- clients/postgres-6.json | 4 +++ environments/production.json | 3 +- nodes/postgres-5.json | 12 ++++++-- nodes/{postgres-4.json => postgres-6.json} | 34 +++++++++------------- 5 files changed, 29 insertions(+), 28 deletions(-) delete mode 100644 clients/postgres-4.json create mode 100644 clients/postgres-6.json rename nodes/{postgres-4.json => postgres-6.json} (62%) diff --git a/clients/postgres-4.json b/clients/postgres-4.json deleted file mode 100644 index eed891f..0000000 --- a/clients/postgres-4.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "name": "postgres-4", - "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6fPxOZeKloF/EgYvU0k\nOwv8bJjsCQcWaMTPle5//mRTszA6PM2z9RI+Mfr45qxTlsL9pQY8WJOWF6QOK31x\nszuqcr7oOjtAhrLI8f/oNDEDjcx325FqG9gNKQEAD7d4zodh+PhDe6x7GIyIS7lG\nIcD5Zre9iDwv8FGLR+5GLqS8SJOPL/wJkQ8w+N0f8YDFw81kiTta5NLhAx3fMDs0\n2kmoNlbmKlNZTtLjCfCV+/pa9oY6wycjck3GvobiFE/4cWaNkeGlPc+uAwlfmrOv\nHy0tq1XBX/BCvE5kMXmhnMT23JXjm2s2PgCLgEVGAXilXk/T597KDm+z4oBpAQma\nnQIDAQAB\n-----END PUBLIC KEY-----\n" -} \ No newline at end of file diff --git a/clients/postgres-6.json b/clients/postgres-6.json new file mode 100644 index 0000000..41355c4 --- /dev/null +++ b/clients/postgres-6.json @@ -0,0 +1,4 @@ +{ + "name": "postgres-6", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVzM0fwlimmq11jTGTko\nK87LRYSar61tNF3qVWp9axNSMa6BSxVark9eYOqY4eLh/5vJVDqXDFq30/IUWg40\nH8hHWaOEvQrP2dm/XFw1RmunfbfN9gN07TuhaT3xFD5t+jFBuOSoJ4cPnFIABuVt\nFLrjgtYYjtZe5hGE9ZPmS7o2ATM5EU9mxeQ+TkgDbr8StvSPGdZ1ykhagf1pegGU\nRIfZ+4ZKzyDUAq+fYNhIbmlm5h2gP+XdtakPy43j7n0iN1vwDgBqJ2pdaVs/GcFf\nvaztoltguoknI2NPSez1N217asTTLuth0nHxVXiKCVXnqwDjxgWmuP6X2B7VYjyc\nxQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/environments/production.json b/environments/production.json index eefe5c1..311b57e 100644 --- a/environments/production.json +++ b/environments/production.json @@ -65,8 +65,9 @@ "backup": { "nodes_excluded": [ "garage-", + "lq-", "rsk-", - "postgres-5" + "postgres-6" ] } }, diff --git a/nodes/postgres-5.json b/nodes/postgres-5.json index 7d0d29d..f118412 100644 --- a/nodes/postgres-5.json +++ b/nodes/postgres-5.json @@ -13,12 +13,20 @@ "ipaddress": "192.168.122.211", "roles": [ "base", - "kvm_guest" + "kvm_guest", + "postgresql_primary" ], "recipes": [ "kosmos-base", "kosmos-base::default", "kosmos_kvm::guest", + "kosmos_postgresql::primary", + "kosmos_postgresql::firewall", + "kosmos-bitcoin::lndhub-go_pg_db", + "kosmos-bitcoin::nbxplorer_pg_db", + "kosmos_drone::pg_db", + "kosmos_gitea::pg_db", + "kosmos-mastodon::pg_db", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -52,6 +60,6 @@ "run_list": [ "role[base]", "role[kvm_guest]", - "role[postgresql_replica]" + "role[postgresql_primary]" ] } diff --git a/nodes/postgres-4.json b/nodes/postgres-6.json similarity index 62% rename from nodes/postgres-4.json rename to nodes/postgres-6.json index 1f2352e..a57aab5 100644 --- a/nodes/postgres-4.json +++ b/nodes/postgres-6.json @@ -1,32 +1,24 @@ { - "name": "postgres-4", + "name": "postgres-6", "normal": { "knife_zero": { - "host": "10.1.1.107" + "host": "10.1.1.196" } }, "automatic": { - "fqdn": "postgres-4", + "fqdn": "postgres-6", "os": "linux", - "os_version": "5.4.0-122-generic", - "hostname": "postgres-4", - "ipaddress": "192.168.122.3", + "os_version": "5.4.0-173-generic", + "hostname": "postgres-6", + "ipaddress": "192.168.122.60", "roles": [ "base", - "kvm_guest", - "postgresql_primary" + "kvm_guest" ], "recipes": [ "kosmos-base", "kosmos-base::default", "kosmos_kvm::guest", - "kosmos_postgresql::primary", - "kosmos_postgresql::firewall", - "kosmos-bitcoin::lndhub-go_pg_db", - "kosmos-bitcoin::nbxplorer_pg_db", - "kosmos_drone::pg_db", - "kosmos_gitea::pg_db", - "kosmos-mastodon::pg_db", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -47,19 +39,19 @@ "cloud": null, "chef_packages": { "chef": { - "version": "18.3.0", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.3.0/lib", + "version": "18.4.2", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.4.2/lib", "chef_effortless": null }, "ohai": { - "version": "18.1.4", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai" + "version": "18.1.11", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai" } } }, "run_list": [ "role[base]", "role[kvm_guest]", - "role[postgresql_primary]" + "role[postgresql_replica]" ] -} \ No newline at end of file +} From 9c2aa9faaae81ef5fedd088bb38f30a706861189 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 11 Mar 2024 15:57:46 +0100 Subject: [PATCH 68/95] Add info about required, unautomated step to script --- scripts/postgresql/switch_primary.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/postgresql/switch_primary.sh b/scripts/postgresql/switch_primary.sh index 4859162..30413ba 100755 --- a/scripts/postgresql/switch_primary.sh +++ b/scripts/postgresql/switch_primary.sh @@ -21,3 +21,4 @@ bundle exec knife ssh roles:postgresql_client -a knife_zero.host "sudo sed -r \" # TODO # 1. Change roles in node configs # 2. Converge new primary +echo "You need to update the role in the '$new_primary_hostname' node config to 'postgres_primary' and converge it now." From fea65404cf25a80e2f33dbe516973d31ae40b492 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 11 Mar 2024 16:03:22 +0100 Subject: [PATCH 69/95] Deploy new garage node --- clients/garage-3.json | 4 ---- clients/garage-8.json | 4 ++++ nodes/{garage-3.json => garage-8.json} | 22 +++++++++++----------- 3 files changed, 15 insertions(+), 15 deletions(-) delete mode 100644 clients/garage-3.json create mode 100644 clients/garage-8.json rename nodes/{garage-3.json => garage-8.json} (81%) diff --git a/clients/garage-3.json b/clients/garage-3.json deleted file mode 100644 index 49ea275..0000000 --- a/clients/garage-3.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "name": "garage-3", - "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRSB8/ObjvQq6WuOVS/f\nypdX/2fLsUlt5tQ8GNuSY9rSM8gdvcXUvnPlxthZO4yvcPX85wmtBZX8fRJFdkJg\nYRCJbuVKO9sLTq8OUWXYpfU1q10FUhl034zxOMslpxVB6toirnk025vyq9jbuKP+\nYO+c40KZr67mgm0hveJfylayfiKP1HGm4HrV0maFivCgC8D+MPDDv75CsqRe5WSc\nh2CoauDJwVlhKZ92yq87ugGBhJJRUGOQZcfEvkUGj/HNAS6tuHl8YmVmhO8hBdee\nNto6RF54E1zB80R9oT/qitw23miEyUcHHVxhTR4tTWflZgd8l4wDOhX3Nf20xknu\nFQIDAQAB\n-----END PUBLIC KEY-----\n" -} \ No newline at end of file diff --git a/clients/garage-8.json b/clients/garage-8.json new file mode 100644 index 0000000..11d9696 --- /dev/null +++ b/clients/garage-8.json @@ -0,0 +1,4 @@ +{ + "name": "garage-8", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4hXODzgHsIeWxXJm/F6\nSTFJ8JC89mWru7pOFzPWenOVMHgp4UpUB4rDTwQqojsWTDiq0x3ckUyOPw3Nj0jv\nxP4MMGS4SI0oRSJKzrYYss0hgUDTOBBd+Wxn0UiNEpN/PfQo9VZj9v/jak57cz7z\n5+rpl5v27fhgUIChjsHxdy+EamvCrYc+1JhyrLOlwlt8JxkZ8UPhoeZLWAbDgGLS\nEzHWSSVtBUPK+KYmVb2OK4lB56zPfek0U3gKN+04a1650jzOit8LzE6NaT180QDv\nX+gG6tk53vSXDmkBXsQ1mtB8aF+HaEG2Pra5HyihlweCPYdJT+e28wpq6+P5l3YR\ndQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/garage-3.json b/nodes/garage-8.json similarity index 81% rename from nodes/garage-3.json rename to nodes/garage-8.json index be4db2a..3800a43 100644 --- a/nodes/garage-3.json +++ b/nodes/garage-8.json @@ -1,17 +1,17 @@ { - "name": "garage-3", + "name": "garage-8", "chef_environment": "production", "normal": { "knife_zero": { - "host": "10.1.1.39" + "host": "10.1.1.61" } }, "automatic": { - "fqdn": "garage-3", + "fqdn": "garage-8", "os": "linux", - "os_version": "5.4.0-132-generic", - "hostname": "garage-3", - "ipaddress": "192.168.122.191", + "os_version": "5.4.0-1090-kvm", + "hostname": "garage-8", + "ipaddress": "192.168.122.207", "roles": [ "base", "kvm_guest", @@ -46,13 +46,13 @@ "cloud": null, "chef_packages": { "chef": { - "version": "18.3.0", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.3.0/lib", + "version": "18.4.2", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.4.2/lib", "chef_effortless": null }, "ohai": { - "version": "18.1.4", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai" + "version": "18.1.11", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai" } } }, @@ -61,4 +61,4 @@ "role[kvm_guest]", "role[garage_node]" ] -} \ No newline at end of file +} From 023a4261cdc933e5b09a5849eca46e02125f0796 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 11 Mar 2024 16:07:32 +0100 Subject: [PATCH 70/95] Update node info --- nodes/lq-2.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nodes/lq-2.json b/nodes/lq-2.json index 65a82d5..5adfc66 100644 --- a/nodes/lq-2.json +++ b/nodes/lq-2.json @@ -25,8 +25,8 @@ "kosmos_garage", "kosmos_garage::default", "kosmos_garage::firewall_rpc", - "liquor_cabinet", - "liquor_cabinet::default", + "kosmos_liquor-cabinet", + "kosmos_liquor-cabinet::default", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -41,7 +41,8 @@ "postfix::_attributes", "postfix::sasl_auth", "hostname::default", - "firewall::default" + "firewall::default", + "liquor_cabinet::default" ], "platform": "ubuntu", "platform_version": "20.04", From c0487d0e131aeb19bfe5e7861bed735056f03420 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 11 Mar 2024 16:08:22 +0100 Subject: [PATCH 71/95] Deploy 5apps Gitea act runner --- data_bags/credentials/gitea.json | 48 ++++++++++++++++---------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/data_bags/credentials/gitea.json b/data_bags/credentials/gitea.json index 54d2324..0270eec 100644 --- a/data_bags/credentials/gitea.json +++ b/data_bags/credentials/gitea.json @@ -1,58 +1,58 @@ { "id": "gitea", "jwt_secret": { - "encrypted_data": "HHKq1HcxV9uC0aBdkn2AAA9C3dn2o8DnL2uDtZBf+epGC8sOko6/BSvsm8wV\nuG7yVmeFajgyCePSv4M8Or8=\n", - "iv": "raypiojdRL+DkiDa\n", - "auth_tag": "JZmWJyLTHNHAHNufRizL+w==\n", + "encrypted_data": "wMxs1Ec4vKRSzFtL2KuU1XfmR1t5KDx/7XBbI7V0QfgK+JwYbxU5w6feQCBE\nxOMepAXVUwU7RxPZ+hwQgPg=\n", + "iv": "F4vtuOL2B9e9LQnb\n", + "auth_tag": "NHATxHbr+3Y3Kxa68NwnjQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "internal_token": { - "encrypted_data": "VFez8gOv5hnpBkURlufdPHvfQsL+lFlL8M9vywgKEi4XrXcNlDvoKKqdtSMv\nxGuoKqF/4NFcl2X3JRwp1j5iut+Jdg5CpnVVQLWKHc022LjD7K9nRsdmiD9Q\nLsLnU1Trzqg8VZS2ryqdjI4elkgoc15lmXwJvTNgRUzDqw==\n", - "iv": "q7H4q7kBfRt4floS\n", - "auth_tag": "vyd4ZwVxeFTTfvjI4k5irQ==\n", + "encrypted_data": "mlvUtIjs6kcv7XcYCUOgOE/kDSE4Ts5G+CZuPrJapW9XwkebmyOnHJvXdihY\np/chUtar0pNB5Q16LeeZF9KrzOiDo/OXb40TPUzpsB0/607zV1z829STd4l7\nu5g4Zur13nxC9jT0zQL9QgDEobYdjgf/xu1BXxFT+Ue3lQ==\n", + "iv": "25+1a2OJYFNxdf1N\n", + "auth_tag": "aF8Gn6Mm7AwLjbR8cDnitg==\n", "version": 3, "cipher": "aes-256-gcm" }, "secret_key": { - "encrypted_data": "7tD4E/5AuxxmNdu4arWj/BBNTUv6JX+m2ITbcLfE+VE2WacsCZUEyi1d1v0B\nyujQ9bljJn3z0zV4PxKFJILKjQb35PSiA8b86X/75Y1B9Gl64ds=\n", - "iv": "gE2O5aN+Nea6VXi7\n", - "auth_tag": "3+EmAUgBBDyChRBHsUtLig==\n", + "encrypted_data": "xQuHuijNHoo2WicM2UvSGpwPHd0UilxlIl4BM2Rgyih5bdhjxB6UtUcY9uJQ\nYgxEd7y7R5+XhUAu87CEs4qAGtguDDxGtSGwgTSopvAYZewPFLw=\n", + "iv": "Kxwqagjps8kP7Dhz\n", + "auth_tag": "WGz5TzBzksf36hKPzBZTQQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "postgresql_password": { - "encrypted_data": "mWN2sTOjZ1EPUH/KAJ8owoPM7v/+IfIHEPACN7gFDrqG8dWGjfiu+fvILw==\n", - "iv": "ldm57dVSdiPnk5l3\n", - "auth_tag": "D+r/0obCYWx53vIeUDPGMQ==\n", + "encrypted_data": "ZziPtXhQM/TQBE+077smnjEPzfJOSo9Cj/CUnG/Be1AN0UAfielf68EhLg==\n", + "iv": "iBdSrY15vOc3eycF\n", + "auth_tag": "km2CkraKlpOygaz7Xy548Q==\n", "version": 3, "cipher": "aes-256-gcm" }, "s3_key_id": { - "encrypted_data": "AvlsAInGyPMvHle5YZT3EHMTG89PggqmFaddvHSQLEkvI2EycktxJ/btjGOP\n", - "iv": "qGkILPp5EWc21wwa\n", - "auth_tag": "eIpCgZAnWZR7nlllj+IXMQ==\n", + "encrypted_data": "1j0znqBgNbHMyJIf51MmfkjkpU3SPv+EL8F30mrfQ44vsGziyeiWfp91hGUM\n", + "iv": "dzJM1EX/X8Qy5KbR\n", + "auth_tag": "2YUCCFG/oTph3svFYhhYzg==\n", "version": 3, "cipher": "aes-256-gcm" }, "s3_secret_key": { - "encrypted_data": "TAo4ViF7cL+ibIuHM77irZW08ilD46S8N5BV91gc2wegvHpHqLHw5zrsDxfu\nDiJHGUfjge/NBOGN5VSKKC0nFfMJ4sLPxVSiKyON4RMBSuzSqmo=\n", - "iv": "tjK8XdaCZOdLUHyo\n", - "auth_tag": "Qu1z6e1/4gPIyaCwBjaWsw==\n", + "encrypted_data": "7P3JUyl0LsGuGi8GhSYdXHm4bQhnkGfSrbEMGyfzjSYB5hqm17kYZwNbNA0O\nIUmJ6Kq9Nby7IFTd1qFo7aA+dXuvxJD5QXO8T5E+D0xIaWMHPco=\n", + "iv": "+ivHjYpQG/3gQWAi\n", + "auth_tag": "fftxN0Z/Kfrn+oFk07jKYQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "s3_bucket": { - "encrypted_data": "NTp9+KyzlblporEwM7SEwoClXu5cI10SfVrJ/uywcf/x2l8=\n", - "iv": "TFTeQ8yKUhblmrFK\n", - "auth_tag": "L9nrXEeJhxcLO4YgGk4zpg==\n", + "encrypted_data": "98UnmjwIlLjNFQojZlQRMZAWpI/7s9xJkgvh4sU5I2jWmYk=\n", + "iv": "zLck9Dp6OP+L3BwX\n", + "auth_tag": "Zc5G6bd7CbZfDCZ31YWxMg==\n", "version": 3, "cipher": "aes-256-gcm" }, "runners": { - "encrypted_data": "yTCk4/hqw/4vEaXobdYU4vZRxErNp0GX4qDMuHwdr7UOQk2qQ8O8j44njPv2\ncKcIm6CQiip+GRuvl6+zETd8gctC0W14n5Rfep4zQbMp/BW3ypGambVk6z1m\nRnT4dMEl32rwcXG8c3w+vAFpx8smrK5iyy4ca0ZijC+eeysk4OAwn0XkvQuV\nB1Jy9CmVm9xiZ6sXaiU13tTry8A=\n", - "iv": "+biM/42g5doJNOax\n", - "auth_tag": "WwNgd6aqm26GcekYVOeBDQ==\n", + "encrypted_data": "f0RRLCrGT7LDUEXcM6m2dJ7C95UPqVZz9dfNLsYa/3SZLDcm1p4FDIy0Su6R\nrXMoAI9IdLBN7/BDMMvqkULEq3Bx5vXn+oTUsUYuKxWmvKEUhC4virOApxh6\n5GbuqcOEPKaf9lHByL+2HKdAmJMzVRGD0t78ePS2pU4H6IFnS9V1p6opOEPr\nzTJ+0PM98eQ/voFKDHGNHUqgDs2qu9wUYNmcHe1eSimFdJiOCN0Mlszu3HL0\nXkHfrGbLrcW+8Ol7dTXdDJB7WAd3R3vddoZQ+mrwzGGDeSMm+ezeMzAX\n", + "iv": "NtZ9SbbscX47BXGH\n", + "auth_tag": "ZGBzxjNFB5WPnJCpdFwtAQ==\n", "version": 3, "cipher": "aes-256-gcm" } From d19a8eebfba71e383ac08cd04e2ab8cacf7a66fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 11 Mar 2024 16:10:42 +0100 Subject: [PATCH 72/95] Update Gitea and act_runner, improve recipes --- site-cookbooks/kosmos_gitea/attributes/default.rb | 10 ++++------ site-cookbooks/kosmos_gitea/recipes/act_runner.rb | 5 ++++- site-cookbooks/kosmos_gitea/recipes/default.rb | 6 ++++-- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/site-cookbooks/kosmos_gitea/attributes/default.rb b/site-cookbooks/kosmos_gitea/attributes/default.rb index 0a4e0cd..d0672a5 100644 --- a/site-cookbooks/kosmos_gitea/attributes/default.rb +++ b/site-cookbooks/kosmos_gitea/attributes/default.rb @@ -1,7 +1,5 @@ -gitea_version = "1.21.5" -node.default["gitea"]["version"] = gitea_version -node.default["gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64" -node.default["gitea"]["binary_checksum"] = "7a521914203b07c7a0613ae30d8ab229111b149a2fa219423e643cd9a039256e" +node.default["gitea"]["version"] = "1.21.7" +node.default["gitea"]["checksum"] = "fa88e6404d3d34136bdd50c990a8c390d5e05f4cb2e31641559d14234e022bd6" node.default["gitea"]["working_directory"] = "/var/lib/gitea" node.default["gitea"]["port"] = 3000 node.default["gitea"]["postgresql_host"] = "localhost:5432" @@ -16,5 +14,5 @@ node.default["gitea"]["config"] = { } } -node.default["gitea"]["act_runner"]["download_url"] = "https://dl.gitea.com/act_runner/main/act_runner-main-linux-amd64" -node.default["gitea"]["act_runner"]["checksum"] = "577ec7c64e7458b1e97cbe61d02da1ba1f4ddf24281b175f24f65101e72c000c" +node.default["gitea"]["act_runner"]["version"] = "0.2.6" +node.default["gitea"]["act_runner"]["checksum"] = "234c2bdb871e7b0bfb84697f353395bfc7819faf9f0c0443845868b64a041057" diff --git a/site-cookbooks/kosmos_gitea/recipes/act_runner.rb b/site-cookbooks/kosmos_gitea/recipes/act_runner.rb index e34382e..0d8725c 100644 --- a/site-cookbooks/kosmos_gitea/recipes/act_runner.rb +++ b/site-cookbooks/kosmos_gitea/recipes/act_runner.rb @@ -3,6 +3,8 @@ # Recipe:: act_runner # +version = node["gitea"]["act_runner"]["version"] +download_url = "https://dl.gitea.com/act_runner/#{version}/act_runner-#{version}-linux-amd64" working_directory = node["gitea"]["working_directory"] gitea_credentials = data_bag_item("credentials", "gitea") runners = gitea_credentials["runners"] @@ -24,7 +26,7 @@ end end remote_file "/usr/local/bin/act_runner" do - source node["gitea"]["act_runner"]["download_url"] + source download_url checksum node["gitea"]["act_runner"]["checksum"] mode "0750" end @@ -66,6 +68,7 @@ act_runner register \ WorkingDirectory: runner_dir, Environment: "HOME=/root", ExecStart: "/usr/local/bin/act_runner daemon", + ExecStartPre: "/bin/sleep 3", # Wait for Gitea's API to be up when restarting at the same time Restart: "always", }, Install: { diff --git a/site-cookbooks/kosmos_gitea/recipes/default.rb b/site-cookbooks/kosmos_gitea/recipes/default.rb index b9009f5..afae849 100644 --- a/site-cookbooks/kosmos_gitea/recipes/default.rb +++ b/site-cookbooks/kosmos_gitea/recipes/default.rb @@ -3,6 +3,8 @@ # Recipe:: default # +version = node["gitea"]["version"] +download_url = "https://dl.gitea.io/gitea/#{version}/gitea-#{version}-linux-amd64" working_directory = node["gitea"]["working_directory"] git_home_directory = "/home/git" repository_root_directory = "#{git_home_directory}/gitea-repositories" @@ -107,8 +109,8 @@ template "#{config_directory}/app.ini" do end remote_file gitea_binary_path do - source node['gitea']['binary_url'] - checksum node['gitea']['binary_checksum'] + source download_url + checksum node['gitea']['checksum'] mode "0755" notifies :restart, "service[gitea]", :delayed end From 08c604962cf55615210a159eb099869f254f51ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 11 Mar 2024 16:13:30 +0100 Subject: [PATCH 73/95] Upgrade Ruby for latest akkounts release --- site-cookbooks/kosmos-akkounts/recipes/default.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb index 9adc442..9aa593d 100644 --- a/site-cookbooks/kosmos-akkounts/recipes/default.rb +++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb @@ -30,12 +30,12 @@ npm_package "yarn" do version "1.22.4" end -ruby_version = "2.7.5" +ruby_version = "3.3.0" ruby_path = "/opt/ruby_build/builds/#{ruby_version}" bundle_path = "#{ruby_path}/bin/bundle" rails_env = node.chef_environment == "development" ? "development" : "production" -ruby_build_install 'v20230615' +ruby_build_install 'v20240221' ruby_build_definition ruby_version do prefix_path ruby_path end From b4ddfd19e36ebbcacebd50d4413113ab1c709b5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 11 Mar 2024 16:13:48 +0100 Subject: [PATCH 74/95] Upgrade Ruby for latest Mastodon release --- site-cookbooks/kosmos-mastodon/recipes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb index 9c8ab3b..2ab20b0 100644 --- a/site-cookbooks/kosmos-mastodon/recipes/default.rb +++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb @@ -75,7 +75,7 @@ npm_package "yarn" do version "1.22.4" end -ruby_version = "3.0.6" +ruby_version = "3.3.0" ruby_path = "/opt/ruby_build/builds/#{ruby_version}" bundle_path = "#{ruby_path}/bin/bundle" From 21de964e1b34f8a33c867334d000b6c945a50c5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 11 Mar 2024 16:14:03 +0100 Subject: [PATCH 75/95] Upgrade nbxplorer, btcpay --- site-cookbooks/kosmos-bitcoin/attributes/default.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index d61a02a..8883d71 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -98,7 +98,7 @@ node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/ node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991" node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer' -node.default['nbxplorer']['revision'] = 'v2.4.3' +node.default['nbxplorer']['revision'] = 'v2.5.0' node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer' node.default['nbxplorer']['config_path'] = "/home/#{node['bitcoin']['username']}/.nbxplorer/Main/settings.config" node.default['nbxplorer']['port'] = '24445' @@ -106,7 +106,7 @@ node.default['nbxplorer']['postgres']['database'] = 'nbxplorer' node.default['nbxplorer']['postgres']['user'] = 'nbxplorer' node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver' -node.default['btcpay']['revision'] = 'v1.11.7' +node.default['btcpay']['revision'] = 'v1.12.5' node.default['btcpay']['source_dir'] = '/opt/btcpay' node.default['btcpay']['config_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/Main/settings.config" node.default['btcpay']['log_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/debug.log" From 4a8ab3abe346456d0766a387c930fb307103afad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 11 Mar 2024 16:15:12 +0100 Subject: [PATCH 76/95] Support letsencrypt proxy validation via CNAMEs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows to point other domains' `_acme-challenge.example.com` entries at `example.com.letsencrypt.kosmos.chat` so we can validate from our side without access to the other domain's DNS records. Used for 5apps.com XMPP for now. Can be used for others later. Co-authored-by: Greg Karékinian --- data_bags/credentials/gandi_api_5apps.json | 16 +++++-- .../kosmos-ejabberd/recipes/letsencrypt.rb | 8 ++-- .../templates/gandi_dns_certbot_hook.sh.erb | 48 ++++++++++++------- 3 files changed, 48 insertions(+), 24 deletions(-) diff --git a/data_bags/credentials/gandi_api_5apps.json b/data_bags/credentials/gandi_api_5apps.json index e3d7256..6e42ccc 100644 --- a/data_bags/credentials/gandi_api_5apps.json +++ b/data_bags/credentials/gandi_api_5apps.json @@ -1,9 +1,17 @@ { "id": "gandi_api_5apps", "key": { - "encrypted_data": "+tcD9x5MkNpf2Za5iLM7oTGrmAXxuWFEbyg4xrcWypSkSTjdIncOfD1UoIoS\nGzy1\n", - "iv": "ymls2idI/PdiRZCgsulwrA==\n", - "version": 1, - "cipher": "aes-256-cbc" + "encrypted_data": "AGYIkLdbnU3+O6OxGsFyLpZtTw531s2dbRC4Lik+8NYp3l4P0UMM2Pqf0g==\n", + "iv": "kPRHGpLwNIC3MpES\n", + "auth_tag": "wKth2tA+JxILFIKppHLDJg==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "access_token": { + "encrypted_data": "+tKKFcWV0CZ5wEB/No5hou5+p1llsUkq7AXBvfnA7xsgbpa2q8AX/2UFf9Cf\nGtd9om1CeJJtz+o4ceA=\n", + "iv": "hLJSV77DQtqXZDbV\n", + "auth_tag": "8xgyudyDk4hq16LRkykGhQ==\n", + "version": 3, + "cipher": "aes-256-gcm" } } \ No newline at end of file diff --git a/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb b/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb index 77aea83..408bb7a 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb @@ -33,11 +33,11 @@ file "/etc/letsencrypt/renewal-hooks/post/ejabberd" do group "root" end -gandi_api_data_bag_item = data_bag_item('credentials', 'gandi_api_5apps') +gandi_api_credentials = data_bag_item('credentials', 'gandi_api_5apps') template "/root/gandi_dns_certbot_hook.sh" do - variables gandi_api_key: gandi_api_data_bag_item["key"] - mode 0770 + variables access_token: gandi_api_credentials["access_token"] + mode 0700 end # Generate a Let's Encrypt cert (only if no cert has been generated before). @@ -52,7 +52,7 @@ end # Generate a Let's Encrypt cert (only if no cert has been generated before). # The systemd timer will take care of renewing execute "letsencrypt cert for 5apps xmpp" do - command "certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@5apps.com -d 5apps.com -d muc.5apps.com -d xmpp.5apps.com -d uploads.xmpp.5apps.com -n" + command "certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth letsencrypt.kosmos.chat\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup letsencrypt.kosmos.chat\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@5apps.com -d 5apps.com -d muc.5apps.com -d xmpp.5apps.com -d uploads.xmpp.5apps.com -n" not_if do File.exist?("/etc/letsencrypt/live/5apps.com/fullchain.pem") end diff --git a/site-cookbooks/kosmos-ejabberd/templates/gandi_dns_certbot_hook.sh.erb b/site-cookbooks/kosmos-ejabberd/templates/gandi_dns_certbot_hook.sh.erb index d0ed9dc..7bf1a84 100755 --- a/site-cookbooks/kosmos-ejabberd/templates/gandi_dns_certbot_hook.sh.erb +++ b/site-cookbooks/kosmos-ejabberd/templates/gandi_dns_certbot_hook.sh.erb @@ -1,6 +1,4 @@ #!/usr/bin/env bash -# - set -euf -o pipefail # ************** USAGE ************** @@ -25,10 +23,12 @@ set -euf -o pipefail # # Defaults to 30 seconds. # -GANDI_API_KEY="<%= @gandi_api_key %>" -PROVIDER_UPDATE_DELAY=30 +ACCESS_TOKEN="<%= @access_token %>" +PROVIDER_UPDATE_DELAY=10 +VALIDATION_DOMAIN="${2:-}" regex='.*\.(.*\..*)' + if [[ $CERTBOT_DOMAIN =~ $regex ]] then DOMAIN="${BASH_REMATCH[1]}" @@ -36,25 +36,41 @@ else DOMAIN="${CERTBOT_DOMAIN}" fi +if [[ -n "$VALIDATION_DOMAIN" ]] +then + if [[ $VALIDATION_DOMAIN =~ $regex ]] + then + ACME_BASE_DOMAIN="${BASH_REMATCH[1]}" + else + echo "Validation domain has to be a subdomain, but it is not: \"${VALIDATION_DOMAIN}\"" + exit 1 + fi + ACME_DOMAIN="${CERTBOT_DOMAIN}.${VALIDATION_DOMAIN}" +else + ACME_BASE_DOMAIN="${DOMAIN}" + ACME_DOMAIN="_acme-challenge.${CERTBOT_DOMAIN}" +fi + # To be invoked via Certbot's --manual-auth-hook function auth { - curl -s -D- -H "Content-Type: application/json" \ - -H "X-Api-Key: ${GANDI_API_KEY}" \ - -d "{\"rrset_name\": \"_acme-challenge.${CERTBOT_DOMAIN}.\", - \"rrset_type\": \"TXT\", - \"rrset_ttl\": 3600, - \"rrset_values\": [\"${CERTBOT_VALIDATION}\"]}" \ - "https://dns.api.gandi.net/api/v5/domains/${DOMAIN}/records" + curl -s -D- \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer ${ACCESS_TOKEN}" \ + -d "{\"rrset_name\": \"${ACME_DOMAIN}.\", + \"rrset_type\": \"TXT\", + \"rrset_ttl\": 300, + \"rrset_values\": [\"${CERTBOT_VALIDATION}\"]}" \ + "https://api.gandi.net/v5/livedns/domains/${ACME_BASE_DOMAIN}/records" - - sleep ${PROVIDER_UPDATE_DELAY} + sleep ${PROVIDER_UPDATE_DELAY} } # To be invoked via Certbot's --manual-cleanup-hook function cleanup { - curl -s -X DELETE -H "Content-Type: application/json" \ - -H "X-Api-Key: ${GANDI_API_KEY}" \ - https://dns.api.gandi.net/api/v5/domains/${DOMAIN}/records/_acme-challenge.${CERTBOT_DOMAIN}./TXT + curl -s -X DELETE \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer ${ACCESS_TOKEN}" \ + "https://api.gandi.net/v5/livedns/domains/${ACME_BASE_DOMAIN}/records/${ACME_DOMAIN}./TXT" } HANDLER=$1; shift; From 82a4af05ef32af4bd31ed62ccd51eca05f88d5d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 11 Mar 2024 16:26:14 +0100 Subject: [PATCH 77/95] Fix backup script removing image after unsuccessful pivot If pivoting the VM backing storage back to the original image fails (e.g. VM being down at that time), the script currently still deletes the hotswap image, which means that all changes since the creation of the hotswap image are lost. --- site-cookbooks/kosmos_kvm/files/backup_vm.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/site-cookbooks/kosmos_kvm/files/backup_vm.sh b/site-cookbooks/kosmos_kvm/files/backup_vm.sh index 3cf7a39..5b6fe07 100644 --- a/site-cookbooks/kosmos_kvm/files/backup_vm.sh +++ b/site-cookbooks/kosmos_kvm/files/backup_vm.sh @@ -22,8 +22,5 @@ borg create -v $REPOSITORY::$1_$(date +%F_%H-%M) \ /var/lib/libvirt/images/$1.qcow2 \ /root/backups/vm_meta/$1.xml -echo "Pivoting base image back to original" -virsh blockcommit $1 vda --pivot --base=/var/lib/libvirt/images/$1.qcow2 - -echo "Removing snapshot image" -rm /var/lib/libvirt/images/$1.hotswap.qcow2 +echo "Pivoting base image back to original, and removing the snapshot image" +virsh blockcommit $1 vda --pivot --base=/var/lib/libvirt/images/$1.qcow2 && rm /var/lib/libvirt/images/$1.hotswap.qcow2 From 25ee38fe275797a60b00110a66cc9a1e7e78bb2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 14 Mar 2024 23:04:27 +0100 Subject: [PATCH 78/95] Update kredits-ipfs-pinner --- site-cookbooks/kosmos-ipfs/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-ipfs/attributes/default.rb b/site-cookbooks/kosmos-ipfs/attributes/default.rb index e4ee1b0..7f68772 100644 --- a/site-cookbooks/kosmos-ipfs/attributes/default.rb +++ b/site-cookbooks/kosmos-ipfs/attributes/default.rb @@ -62,4 +62,4 @@ node.default['kosmos-ipfs']['ipfs']['config'] = { node.default['kosmos-ipfs']['nginx']['domain'] = "ipfs.kosmos.org" node.default['kosmos-ipfs']['nginx']['external_api_port'] = 5444 -node.default['kosmos-ipfs']['kredits-pinner']['revision'] = "v2.2.0" +node.default['kosmos-ipfs']['kredits-pinner']['revision'] = "v2.3.0" From 263eb88b724bc8012c5949af74ed7c951a13d480 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 14 Mar 2024 23:05:05 +0100 Subject: [PATCH 79/95] Add new env var for akkounts --- environments/production.json | 1 + site-cookbooks/kosmos-akkounts/attributes/default.rb | 1 + site-cookbooks/kosmos-akkounts/recipes/default.rb | 1 + 3 files changed, 3 insertions(+) diff --git a/environments/production.json b/environments/production.json index 311b57e..c99a461 100644 --- a/environments/production.json +++ b/environments/production.json @@ -3,6 +3,7 @@ "override_attributes": { "akkounts": { "btcpay": { + "public_url": "https://btcpay.kosmos.org", "store_id": "FNJVVsrVkKaduPDAkRVchdegjwzsNhpceAdonCaXAwBX" }, "ejabberd": { diff --git a/site-cookbooks/kosmos-akkounts/attributes/default.rb b/site-cookbooks/kosmos-akkounts/attributes/default.rb index 635cf40..49a3e93 100644 --- a/site-cookbooks/kosmos-akkounts/attributes/default.rb +++ b/site-cookbooks/kosmos-akkounts/attributes/default.rb @@ -11,6 +11,7 @@ node.default['akkounts']['smtp']['domain'] = 'kosmos.org' node.default['akkounts']['smtp']['auth_method'] = 'plain' node.default['akkounts']['smtp']['enable_starttls'] = 'auto' +node.default['akkounts']['btcpay']['public_url'] = nil node.default['akkounts']['btcpay']['store_id'] = nil node.default['akkounts']['ejabberd']['admin_url'] = nil diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb index 9aa593d..2a8fb0b 100644 --- a/site-cookbooks/kosmos-akkounts/recipes/default.rb +++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb @@ -75,6 +75,7 @@ end if btcpay_host env[:btcpay_api_url] = "http://#{btcpay_host}:23001/api/v1" + env[:btcpay_public_url] = node['akkounts']['btcpay']['public_url'] env[:btcpay_store_id] = node['akkounts']['btcpay']['store_id'] env[:btcpay_auth_token] = credentials["btcpay_auth_token"] end From 12b4fb37fa2e45500b6e333476ae7db5bd5c87dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 27 Mar 2024 20:12:33 +0400 Subject: [PATCH 80/95] Only allow ejabberd logins when XMPP service is enabled --- site-cookbooks/kosmos-ejabberd/recipes/default.rb | 8 +++++++- site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb index d9729f0..189a476 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb @@ -154,6 +154,11 @@ admin_users = ejabberd_credentials['admins'] hosts.each do |host| ldap_rootdn = "uid=service,ou=#{host[:name]},cn=applications,dc=kosmos,dc=org" + if host[:name] == "kosmos.org" + ldap_filter = "(&(objectClass=person)(serviceEnabled=xmpp))" + else + ldap_filter = "(objectClass=person)" + end template "/opt/ejabberd/conf/#{host[:name]}.yml" do source "vhost.yml.erb" @@ -167,7 +172,8 @@ hosts.each do |host| ldap_base: ldap_base, ldap_server: ldap_domain, ldap_rootdn: ldap_rootdn, - ldap_encryption_type: ldap_encryption_type + ldap_encryption_type: ldap_encryption_type, + ldap_filter: ldap_filter notifies :reload, "service[ejabberd]", :delayed end end diff --git a/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb index 30fd806..4424256 100644 --- a/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb +++ b/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb @@ -16,7 +16,7 @@ host_config: ldap_password: "<%= @host[:ldap_password] %>" ldap_encrypt: <%= @ldap_encryption_type %> ldap_base: "ou=<%= @host[:name] %>,<%= @ldap_base %>" - ldap_filter: "(objectClass=person)" + ldap_filter: "<%= @ldap_filter %>" <% end -%> append_host_config: From 8aebb386a48ce6da234b133f8d7ba7444b22895f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 27 Mar 2024 20:19:24 +0400 Subject: [PATCH 81/95] Configure Mastodon user address domain for akkounts --- environments/production.json | 1 + site-cookbooks/kosmos-akkounts/recipes/default.rb | 1 + 2 files changed, 2 insertions(+) diff --git a/environments/production.json b/environments/production.json index c99a461..b7c2dde 100644 --- a/environments/production.json +++ b/environments/production.json @@ -74,6 +74,7 @@ }, "kosmos-mastodon": { "domain": "kosmos.social", + "user_address_domain": "kosmos.social", "s3_endpoint": "http://localhost:3900", "s3_region": "garage", "s3_bucket": "kosmos-social", diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb index 2a8fb0b..8d11428 100644 --- a/site-cookbooks/kosmos-akkounts/recipes/default.rb +++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb @@ -149,6 +149,7 @@ end # env[:mastodon_public_url] = "https://#{node['kosmos-mastodon']['domain']}" +env[:mastodon_address_domain] = node['kosmos-mastodon']['user_address_domain'] # # MediaWiki From 83380047bb923837868dd22dce055d814275af97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 29 Mar 2024 09:28:13 +0400 Subject: [PATCH 82/95] Configure LDAP integration for Mastodon --- data_bags/credentials/mastodon.json | 80 +++++++++++-------- nodes/mastodon-3.json | 3 + .../kosmos-mastodon/recipes/default.rb | 40 +++++++--- .../kosmos-mastodon/templates/default/env.erb | 17 ++++ 4 files changed, 95 insertions(+), 45 deletions(-) diff --git a/data_bags/credentials/mastodon.json b/data_bags/credentials/mastodon.json index 145f5c1..90af0ab 100644 --- a/data_bags/credentials/mastodon.json +++ b/data_bags/credentials/mastodon.json @@ -1,79 +1,93 @@ { "id": "mastodon", "paperclip_secret": { - "encrypted_data": "orOIbqFANPCkd4sUTCyyoh4z1o6SBudgH4wKJudTo9dANaHGhWcBUFKrhZi1\nMJTBQx/d0hiDI1P2XN3h+hROCg3JJ8OClUSJH9CfN5GlbWvXh0Nhq7hqy8L3\nLAPL+uigiXI6ObrnKQoD8LeJIB46233uwaCA/7zB6gah0ExJ2DXGH6qq9JSS\nqmTFiy+hT+VHGrUo\n", - "iv": "U4E4NLYLkP0/tTTs\n", - "auth_tag": "WKQ+pDPZp7B791lhC5j3iQ==\n", + "encrypted_data": "VJn4Yd2N7qFV+nWXPjPA8Y2KEXL/gZs2gK5E3DZZc9ogFXV7RtpDtq+NKGJU\ndpR8ohtEZvkyC+iBkMAlnS1sSVKiLdQ1xXvbzkj04mYgjnLvwsZ19uVpBGwR\nt/DON7Bhe5Fw+OyrBQksqNcZQSpB9sMBfgA1IgCpdVGHQ8PmkMbFTaZZYcoF\n7gg3yUw5/0t3vRdL\n", + "iv": "X5atp/KaIurfln/u\n", + "auth_tag": "mVnBoUb5HwhXNYUddJbq8Q==\n", "version": 3, "cipher": "aes-256-gcm" }, "secret_key_base": { - "encrypted_data": "vweClhdY8SqQkK+p0OYUL2B6Fsz5eQDpEYWCtd/eRJfwwYAObbLcMWRC6MwE\neQVMw59bOqYc3RBuv/+WPLtENazA1bYCXBXQr1J6xqjJAz0Mo6KbRyxy5n78\nv8q6RSiao1VVIUXohtFlQgWeV6x5sz34bJxjlHinKvKsgiGXiuVBxYUUfzWQ\nuzrGug09cpZBqfpc\n", - "iv": "Z0/csEBH5/X1+MR+\n", - "auth_tag": "fTvBN6eovi3JVEK0ZX97Nw==\n", + "encrypted_data": "d0sNREFhzQEJhkRzielbCNBJOVAdfThv7zcYTZ1vFZ20i/mzB9GWW2nb+1yn\nNFjAq8wCLpLXn9n3FClE+WOqnAw0jwTlyScRM5lzjKI5SxHKkBQHGyFs2AF8\nqFjEvpiqxhjsc4kNOJGO8DdcyHuulXyaO9fJg8HDnU1ov1vSSuTc0ABKgycY\nMq/Xt10UXnhP8cPw\n", + "iv": "HFT7fdGQ2KRJ2NFy\n", + "auth_tag": "C55JT2msLQCoI+09VKf+Jw==\n", "version": 3, "cipher": "aes-256-gcm" }, "otp_secret": { - "encrypted_data": "o1ts1bUgPIzFQXjJ2MpBMLntWkyPxDaJAaU1K3WzmNMXnw5MVlkKKCEFVccd\nPss/MwDuBkbNPhri3ZkH48m9SiayWETVYvw5GZzcVsw4TeMu915O44lfl9tX\nW3XHU+DBps1BVH9535R4X9M1aFW4W4XfwHtS5wcrZqtVhNhS3NSgE4JpN/Dz\nFdcFAOhflnt8fIAN\n", - "iv": "QLsxmIlX1NpxMyHz\n", - "auth_tag": "j1h/PvIoqshTBN5c5IaAsA==\n", + "encrypted_data": "1iH7mUkaUzyn9dfDwMdiJ8X059qWSUO3DqivsOFfI1f44nMnzllaYPu6nh8O\nNLNCOzvsSAonhhaq1X+foOdyPIG2mGhE/juKveDD57/AdZAayHWsbsQlPC4l\nwdShz/ANrq0YZ/zOhpT2sZj1TZavW+S+JlxJFX2kP24D4dUzwG0vNj7522+Q\n9NAApJdUte1ZYF/b\n", + "iv": "00/vs5zTdoC19+pS\n", + "auth_tag": "3cjYqebMshnmWkQ3SdRcCQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "aws_access_key_id": { - "encrypted_data": "YQHUx0GugKu0AtlbGLRGocFEhTGAghWA0DUs1Nxs4Hd3bTIp4lyM\n", - "iv": "54zt2tkQhHtpY7sO\n", - "auth_tag": "ofBJx3QDsjHe66ga3nji8g==\n", + "encrypted_data": "krcfpxOrAkwZR2GP4glTaFg2dw/COw8BO8I+KICqyl4bvpL5NrB9\n", + "iv": "paoDKp6EIU8bjxzF\n", + "auth_tag": "p6Pt/tz5dgGXzW5cO06nBg==\n", "version": 3, "cipher": "aes-256-gcm" }, "aws_secret_access_key": { - "encrypted_data": "FAz6xZ+wsCz/KFA+DK6f4V04rxJt+9U/yXUGF9tvce0VqB3scH+T0KDDn1/n\nZ/0G0Tbxt2urRPbPUdI=\n", - "iv": "iapSpeM6lfDMIfNk\n", - "auth_tag": "HlkwUnNeJlOUrZ3ieN5xAQ==\n", + "encrypted_data": "aQySCT7gxeNiMMocq81KtIi+YzrZwMBeTd4LrRSN8iNEikWReJrrfagBwozy\n+Gfdw4bMGzY1dhF1Sl4=\n", + "iv": "R/hvvOvmqq/uoKbx\n", + "auth_tag": "QBJY/3+OprBXO/FSNwv2OQ==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "ldap_bind_dn": { + "encrypted_data": "wDPABdL+DlXz2WWV4XwW20kM4EWPSwc/ajBmbdYMnjFau6c76CIBpbFhrFoj\n3mwDbHz8cgOnLNvozXSV4w6N7URCN/mWWTBHNhd3ppw=\n", + "iv": "8rQ0M4LT1HbCNpq9\n", + "auth_tag": "AuO5R6WCtd75TGJNfgFSCg==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "ldap_password": { + "encrypted_data": "y0t8RuptVYiTKmUhaAWsC4c2ZzhQsYeVLeMPiQBn+Q==\n", + "iv": "mixYzDKkPSIDQ/l+\n", + "auth_tag": "DbLlZG7rlgBmyCdJ3nhSYA==\n", "version": 3, "cipher": "aes-256-gcm" }, "smtp_user_name": { - "encrypted_data": "ivB09/mCRrUaz9X4NFRBiqytjgy/vxN5Nha7gopFq5eSu9v4K9MkaLRqHh1I\nYw==\n", - "iv": "a8WKhRKsUjqBtfmn\n", - "auth_tag": "ib5WJNNaO7bRIspdACmOLw==\n", + "encrypted_data": "Ugc29HUFcirv6jOOlYNs9uvmhfwa2rG41im/MusCx0Vu0AZKcdy0krGi/kCZ\nKg==\n", + "iv": "ZlDK854w+vTNmeJe\n", + "auth_tag": "Nj95g0JMxrT419OLQIX26g==\n", "version": 3, "cipher": "aes-256-gcm" }, "smtp_password": { - "encrypted_data": "FxPz2e7fUNqcAu+DDJKlqn8rcSBLmnzigTFf5moZlQ1zz4YVl6pqHisa22Qz\nbfUx9rjU\n", - "iv": "GvRlNDV/b1WawtOP\n", - "auth_tag": "kyRCGfSJQelIwThDT4iQQQ==\n", + "encrypted_data": "D1TGjRfmM1ZeUmzwewlKXfQvvqTSzpzNlK5MKIU8dxbAH175UKn5qiemDEWe\nRYPe1LWT\n", + "iv": "D1OVfD5bMcefM5DP\n", + "auth_tag": "2E/q2gTbdXiLVnOMDeJv9w==\n", "version": 3, "cipher": "aes-256-gcm" }, "vapid_private_key": { - "encrypted_data": "DlbEAhd+SkSJoOSuwGhd5bdFlJADnT0w4u0+6m8AJoWJjoSCGAnzzmdHWT/k\nVUDkwiBCkqmEPK0oTvxnl/a8\n", - "iv": "6e0Gay7GVrQad1rI\n", - "auth_tag": "jjVundJ/ITxP/oYgEgzElg==\n", + "encrypted_data": "+87bVrbd/XvWhZH1IYusc4Hla7ZZmylptAyJf48CMG/F3SMEO33OqW2I+UWh\nSkqbxai5+GaMhvZHB8U2Clod\n", + "iv": "HVhNdFQl0TvCcjsa\n", + "auth_tag": "EEQXuQ5keOHXmchhBh+Ixw==\n", "version": 3, "cipher": "aes-256-gcm" }, "vapid_public_key": { - "encrypted_data": "+m37w/eWYqdEjsEYQw27FvQC+37ucruOFjZAjo0OgCwA0SoVz4VHX2eSA2AK\njX4CnM91cY4e/WG/ZHKlOMN1PftyQn2bdGaw35nXDanep8z0ROa01JEEi5DE\nUFRKvBmPInTeR6xvemuj7GM=\n", - "iv": "loYbGrAsWGLUZ+BK\n", - "auth_tag": "lAfpEEVQq+n7MLLm/kpmIA==\n", + "encrypted_data": "nBm1lXbn1+Kzol95+QSEjsUI/n7ObhdEqEyfYcVSP/LiLy57KOBQDu6CjSMz\n+PN9yEP4lOjtscqHS29jTC2vi3PSui9XpOFHRxFBnDuyKxczrnID2KlLCNRQ\n228G3VRgFIMAWMYKACgzUk0=\n", + "iv": "xHrVl+4JGkQbfUW3\n", + "auth_tag": "rfFoBMocq17YiDSlOCvWqw==\n", "version": 3, "cipher": "aes-256-gcm" }, "s3_key_id": { - "encrypted_data": "4B8OQ0iVCCna4FvC+EuS5prEUWaHRm1+tzXGmFoCQ4WZfhUA1HwT3x651e/R\n", - "iv": "1/zGwcQPQQQCiXIs\n", - "auth_tag": "siK9ph1q3/VVEycy91wkqQ==\n", + "encrypted_data": "pq0+VZhjoxzLuyY34f23wOmuks9Wevt8Wu6muKZAsZMSuU0iJvlRoK/65Qa0\n", + "iv": "QTxO+IfYcpI170ON\n", + "auth_tag": "4ZHva2iBYgDv6DyhMRRXzA==\n", "version": 3, "cipher": "aes-256-gcm" }, "s3_secret_key": { - "encrypted_data": "BSAc8dE/rQUiVvTGV6Ee/ZUDpq4HZlpoaCZ+lbQAbcnxui4ib0OTLPFwhVJ9\n4OQWahtSzkqxMc6MKWpadLT1a3oTnvnae9b3u40X5b2P3VyZYCM=\n", - "iv": "bqw8GTqLMTs5vD5n\n", - "auth_tag": "+e48L1lYVNda7VE3uLOAHA==\n", + "encrypted_data": "YMZqKtOXDPAME8IWWC+lO8TsxHMzawlbTju9z/Hcb5DnQAOy82QufTN90m73\n/xikUboAdKcA5YGn0mkm+Rt/ygVR6DFirYV3kwi2M3qyGVJifug=\n", + "iv": "9AwabheRFOgC8IKR\n", + "auth_tag": "iU2kkA1q8OsblN5jaZrWGQ==\n", "version": 3, "cipher": "aes-256-gcm" } diff --git a/nodes/mastodon-3.json b/nodes/mastodon-3.json index 7bc96ba..1cd9134 100644 --- a/nodes/mastodon-3.json +++ b/nodes/mastodon-3.json @@ -14,6 +14,7 @@ "ipaddress": "192.168.122.161", "roles": [ "kvm_guest", + "ldap_client", "garage_gateway", "mastodon", "postgresql_client" @@ -22,6 +23,7 @@ "kosmos-base", "kosmos-base::default", "kosmos_kvm::guest", + "kosmos-dirsrv::hostsfile", "kosmos_garage", "kosmos_garage::default", "kosmos_garage::firewall_rpc", @@ -84,6 +86,7 @@ "run_list": [ "recipe[kosmos-base]", "role[kvm_guest]", + "role[ldap_client]", "role[garage_gateway]", "role[mastodon]" ] diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb index 2ab20b0..5c2d3cb 100644 --- a/site-cookbooks/kosmos-mastodon/recipes/default.rb +++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb @@ -44,7 +44,7 @@ end elasticsearch_service 'elasticsearch' -postgresql_data_bag_item = data_bag_item('credentials', 'postgresql') +postgresql_credentials = data_bag_item('credentials', 'postgresql') mastodon_path = node["kosmos-mastodon"]["directory"] mastodon_user = "mastodon" @@ -168,7 +168,22 @@ execute "restart mastodon services" do notifies :restart, "service[mastodon-streaming]", :delayed end -mastodon_credentials = data_bag_item('credentials', 'mastodon') +credentials = data_bag_item('credentials', 'mastodon') + +ldap_config = { + host: "ldap.kosmos.local", + port: 389, + method: "plain", + base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org", + bind_dn: credentials["ldap_bind_dn"], + password: credentials["ldap_password"], + uid: "cn", + mail: "mail", + search_filter: "(&(|(cn=%{email})(mail=%{email}))(serviceEnabled=mastodon))", + uid_conversion_enabled: "true", + uid_conversion_search: "-", + uid_conversion_replace: "_" +} template "#{mastodon_path}/.env.#{rails_env}" do source "env.erb" @@ -178,21 +193,22 @@ template "#{mastodon_path}/.env.#{rails_env}" do variables redis_url: node["kosmos-mastodon"]["redis_url"], domain: node["kosmos-mastodon"]["domain"], alternate_domains: node["kosmos-mastodon"]["alternate_domains"], - paperclip_secret: mastodon_credentials['paperclip_secret'], - secret_key_base: mastodon_credentials['secret_key_base'], - otp_secret: mastodon_credentials['otp_secret'], - smtp_login: mastodon_credentials['smtp_user_name'], - smtp_password: mastodon_credentials['smtp_password'], + paperclip_secret: credentials['paperclip_secret'], + secret_key_base: credentials['secret_key_base'], + otp_secret: credentials['otp_secret'], + ldap: ldap_config, + smtp_login: credentials['smtp_user_name'], + smtp_password: credentials['smtp_password'], smtp_from_address: "mail@#{node['kosmos-mastodon']['domain']}", s3_endpoint: node["kosmos-mastodon"]["s3_endpoint"], s3_region: node["kosmos-mastodon"]["s3_region"], s3_bucket: node["kosmos-mastodon"]["s3_bucket"], s3_alias_host: node["kosmos-mastodon"]["s3_alias_host"], - aws_access_key_id: mastodon_credentials['s3_key_id'], - aws_secret_access_key: mastodon_credentials['s3_secret_key'], - vapid_private_key: mastodon_credentials['vapid_private_key'], - vapid_public_key: mastodon_credentials['vapid_public_key'], - db_pass: postgresql_data_bag_item['mastodon_user_password'], + aws_access_key_id: credentials['s3_key_id'], + aws_secret_access_key: credentials['s3_secret_key'], + vapid_private_key: credentials['vapid_private_key'], + vapid_public_key: credentials['vapid_public_key'], + db_pass: postgresql_credentials['mastodon_user_password'], db_host: "pg.kosmos.local", default_locale: node["kosmos-mastodon"]["default_locale"], allowed_private_addresses: node["kosmos-mastodon"]["allowed_private_addresses"], diff --git a/site-cookbooks/kosmos-mastodon/templates/default/env.erb b/site-cookbooks/kosmos-mastodon/templates/default/env.erb index e81a6fa..4e1fae1 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/env.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/env.erb @@ -29,6 +29,23 @@ SMTP_LOGIN=<%= @smtp_login %> SMTP_PASSWORD=<%= @smtp_password %> SMTP_FROM_ADDRESS=<%= @smtp_from_address %> +<% if @ldap %> +# LDAP configuration +LDAP_ENABLED=true +LDAP_HOST=<%= @ldap[:host] %> +LDAP_PORT=<%= @ldap[:port] %> +LDAP_METHOD='<%= @ldap[:method] %>' +LDAP_BASE='<%= @ldap[:base] %>' +LDAP_BIND_DN='<%= @ldap[:bind_dn] %>' +LDAP_PASSWORD='<%= @ldap[:password] %>' +LDAP_UID=<%= @ldap[:uid] %> +LDAP_MAIL=<%= @ldap[:mail] %> +LDAP_SEARCH_FILTER='<%= @ldap[:search_filter] %>' +LDAP_UID_CONVERSION_ENABLED=<%= @ldap[:uid_conversion_enabled] %> +LDAP_UID_CONVERSION_SEARCH=<%= @ldap[:uid_conversion_search] %> +LDAP_UID_CONVERSION_REPLACE=<%= @ldap[:uid_conversion_replace] %> +<% end %> + # Optional asset host for multi-server setups # CDN_HOST=assets.example.com From 45159ad4e7de33309f03eb092ddc9698ae34a6da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 31 Mar 2024 08:27:20 +0400 Subject: [PATCH 83/95] Resolve Mastodon addresses as Lightning Address --- .../templates/default/nginx_conf_mastodon.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb index 11d23a3..a0a3739 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb @@ -32,6 +32,11 @@ server { <% if @onion_address %> add_header Onion-Location https://mastodon.<%= @onion_address %>$request_uri; <% end %> + + location ~ ^/.well-known/(lnurlp|keysend) { + proxy_ssl_server_name on; + proxy_pass https://accounts.kosmos.org; + } } <% if @onion_address %> From b248ef70dbc55371541c34f6e92aa09842f9a6c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 7 Apr 2024 13:10:10 +0300 Subject: [PATCH 84/95] Upgrade Gitea to 1.21.10 --- site-cookbooks/kosmos_gitea/attributes/default.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos_gitea/attributes/default.rb b/site-cookbooks/kosmos_gitea/attributes/default.rb index d0672a5..23aae50 100644 --- a/site-cookbooks/kosmos_gitea/attributes/default.rb +++ b/site-cookbooks/kosmos_gitea/attributes/default.rb @@ -1,5 +1,5 @@ -node.default["gitea"]["version"] = "1.21.7" -node.default["gitea"]["checksum"] = "fa88e6404d3d34136bdd50c990a8c390d5e05f4cb2e31641559d14234e022bd6" +node.default["gitea"]["version"] = "1.21.10" +node.default["gitea"]["checksum"] = "17eb858f3ef2b7cdb649286e6a9cc050f9d949606327a7d6f27aaba49fc3b492" node.default["gitea"]["working_directory"] = "/var/lib/gitea" node.default["gitea"]["port"] = 3000 node.default["gitea"]["postgresql_host"] = "localhost:5432" From 6931fe05d07e4ee1c3cebcf317a4a6939ac0b429 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 7 Apr 2024 13:16:19 +0300 Subject: [PATCH 85/95] Hide Gitea version and load times in footer --- site-cookbooks/kosmos_gitea/templates/default/app.ini.erb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb b/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb index e676409..5c79bba 100644 --- a/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb +++ b/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb @@ -112,3 +112,7 @@ MINIO_USE_SSL=<%= c["use_ssl"] %> [actions] ENABLED = true <% end %> + +[other] +SHOW_FOOTER_VERSION = false +SHOW_FOOTER_TEMPLATE_LOAD_TIME = false From 4cbda69a6b1b5c43654464900ae6e1774746dce1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 26 Apr 2024 12:24:17 +0200 Subject: [PATCH 86/95] Add support for proxy domain validation to tls_cert resource --- .../kosmos-base/resources/tls_cert_for.rb | 20 +++++-- .../default/gandi_dns_certbot_hook.sh.erb | 57 ++++++++++++------- .../templates/gandi_dns_certbot_hook.sh.erb | 11 ++-- .../kosmos-mastodon/recipes/nginx.rb | 1 + 4 files changed, 59 insertions(+), 30 deletions(-) diff --git a/site-cookbooks/kosmos-base/resources/tls_cert_for.rb b/site-cookbooks/kosmos-base/resources/tls_cert_for.rb index 02e73d2..b1f92fc 100644 --- a/site-cookbooks/kosmos-base/resources/tls_cert_for.rb +++ b/site-cookbooks/kosmos-base/resources/tls_cert_for.rb @@ -3,6 +3,7 @@ provides :tls_cert_for property :domain, [String, Array], name_property: true property :auth, [String, NilClass], default: nil +property :acme_domain, [String, NilClass], default: nil default_action :create @@ -17,13 +18,22 @@ action :create do case new_resource.auth when "gandi_dns" - gandi_api_data_bag_item = data_bag_item('credentials', 'gandi_api_5apps') + gandi_api_credentials = data_bag_item('credentials', 'gandi_api_5apps') hook_path = "/root/gandi_dns_certbot_hook.sh" + hook_auth_command = "#{hook_path} auth" + hook_cleanup_command = "#{hook_path} cleanup" + + if new_resource.acme_domain + hook_auth_command += " #{new_resource.acme_domain}" + hook_cleanup_command += " #{new_resource.acme_domain}" + end + template hook_path do cookbook "kosmos-base" - variables gandi_api_key: gandi_api_data_bag_item["key"] - mode 0770 + variables access_token: gandi_api_credentials["access_token"] + mode 0700 + sensitive true end # Generate a Let's Encrypt cert (only if no cert has been generated before). @@ -34,8 +44,8 @@ action :create do --preferred-challenges dns \ --manual-public-ip-logging-ok \ --agree-tos \ - --manual-auth-hook '#{hook_path} auth' \ - --manual-cleanup-hook '#{hook_path} cleanup' \ + --manual-auth-hook '#{hook_auth_command}' \ + --manual-cleanup-hook '#{hook_cleanup_command}' \ --email ops@kosmos.org \ #{node.run_list.roles.include?("openresty_proxy") ? '--deploy-hook /etc/letsencrypt/renewal-hooks/post/openresty' : nil } \ #{domains.map {|d| "-d #{d}" }.join(" ")} diff --git a/site-cookbooks/kosmos-base/templates/default/gandi_dns_certbot_hook.sh.erb b/site-cookbooks/kosmos-base/templates/default/gandi_dns_certbot_hook.sh.erb index 4c59a11..2a5f0eb 100755 --- a/site-cookbooks/kosmos-base/templates/default/gandi_dns_certbot_hook.sh.erb +++ b/site-cookbooks/kosmos-base/templates/default/gandi_dns_certbot_hook.sh.erb @@ -1,21 +1,16 @@ #!/usr/bin/env bash -# - set -euf -o pipefail # ************** USAGE ************** # -# Example usage (with this hook file saved in /root/): +# Example usage: # -# sudo su - # certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos -d "5apps.com" -d muc.5apps.com -d "xmpp.5apps.com" \ # --manual-auth-hook "/root/letsencrypt_hook.sh auth" --manual-cleanup-hook "/root/letsencrypt_hook.sh cleanup" # -# This hook requires configuration, continue reading. -# # ************** CONFIGURATION ************** # -# GANDI_API_KEY: Your Gandi Live API key +# ACCESS_TOKEN: Your Gandi Live API key # # PROVIDER_UPDATE_DELAY: # How many seconds to wait after updating your DNS records. This may be required, @@ -25,10 +20,16 @@ set -euf -o pipefail # # Defaults to 30 seconds. # -GANDI_API_KEY="<%= @gandi_api_key %>" +# VALIDATION_DOMAIN: +# Domain to create ACME DNS entries on. Use this when redirecting ACME subdomains +# from the original domain to a proxy validation domain that we control. +# +ACCESS_TOKEN="<%= @access_token %>" PROVIDER_UPDATE_DELAY=10 +VALIDATION_DOMAIN="${2:-}" regex='.*\.(.*\..*)' + if [[ $CERTBOT_DOMAIN =~ $regex ]] then DOMAIN="${BASH_REMATCH[1]}" @@ -36,25 +37,41 @@ else DOMAIN="${CERTBOT_DOMAIN}" fi +if [[ -n "$VALIDATION_DOMAIN" ]] +then + if [[ $VALIDATION_DOMAIN =~ $regex ]] + then + ACME_BASE_DOMAIN="${BASH_REMATCH[1]}" + else + echo "Validation domain has to be a subdomain, but it is not: \"${VALIDATION_DOMAIN}\"" + exit 1 + fi + ACME_DOMAIN="${CERTBOT_DOMAIN}.${VALIDATION_DOMAIN}" +else + ACME_BASE_DOMAIN="${DOMAIN}" + ACME_DOMAIN="_acme-challenge.${CERTBOT_DOMAIN}" +fi + # To be invoked via Certbot's --manual-auth-hook function auth { - curl -s -D- -H "Content-Type: application/json" \ - -H "X-Api-Key: ${GANDI_API_KEY}" \ - -d "{\"rrset_name\": \"_acme-challenge.${CERTBOT_DOMAIN}.\", - \"rrset_type\": \"TXT\", - \"rrset_ttl\": 3600, - \"rrset_values\": [\"${CERTBOT_VALIDATION}\"]}" \ - "https://dns.api.gandi.net/api/v5/domains/${DOMAIN}/records" + curl -s -D- \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer ${ACCESS_TOKEN}" \ + -d "{\"rrset_name\": \"${ACME_DOMAIN}.\", + \"rrset_type\": \"TXT\", + \"rrset_ttl\": 300, + \"rrset_values\": [\"${CERTBOT_VALIDATION}\"]}" \ + "https://api.gandi.net/v5/livedns/domains/${ACME_BASE_DOMAIN}/records" - - sleep ${PROVIDER_UPDATE_DELAY} + sleep ${PROVIDER_UPDATE_DELAY} } # To be invoked via Certbot's --manual-cleanup-hook function cleanup { - curl -s -X DELETE -H "Content-Type: application/json" \ - -H "X-Api-Key: ${GANDI_API_KEY}" \ - https://dns.api.gandi.net/api/v5/domains/${DOMAIN}/records/_acme-challenge.${CERTBOT_DOMAIN}./TXT + curl -s -X DELETE \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer ${ACCESS_TOKEN}" \ + "https://api.gandi.net/v5/livedns/domains/${ACME_BASE_DOMAIN}/records/${ACME_DOMAIN}./TXT" } HANDLER=$1; shift; diff --git a/site-cookbooks/kosmos-ejabberd/templates/gandi_dns_certbot_hook.sh.erb b/site-cookbooks/kosmos-ejabberd/templates/gandi_dns_certbot_hook.sh.erb index 7bf1a84..2a5f0eb 100755 --- a/site-cookbooks/kosmos-ejabberd/templates/gandi_dns_certbot_hook.sh.erb +++ b/site-cookbooks/kosmos-ejabberd/templates/gandi_dns_certbot_hook.sh.erb @@ -3,17 +3,14 @@ set -euf -o pipefail # ************** USAGE ************** # -# Example usage (with this hook file saved in /root/): +# Example usage: # -# sudo su - # certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos -d "5apps.com" -d muc.5apps.com -d "xmpp.5apps.com" \ # --manual-auth-hook "/root/letsencrypt_hook.sh auth" --manual-cleanup-hook "/root/letsencrypt_hook.sh cleanup" # -# This hook requires configuration, continue reading. -# # ************** CONFIGURATION ************** # -# GANDI_API_KEY: Your Gandi Live API key +# ACCESS_TOKEN: Your Gandi Live API key # # PROVIDER_UPDATE_DELAY: # How many seconds to wait after updating your DNS records. This may be required, @@ -23,6 +20,10 @@ set -euf -o pipefail # # Defaults to 30 seconds. # +# VALIDATION_DOMAIN: +# Domain to create ACME DNS entries on. Use this when redirecting ACME subdomains +# from the original domain to a proxy validation domain that we control. +# ACCESS_TOKEN="<%= @access_token %>" PROVIDER_UPDATE_DELAY=10 VALIDATION_DOMAIN="${2:-}" diff --git a/site-cookbooks/kosmos-mastodon/recipes/nginx.rb b/site-cookbooks/kosmos-mastodon/recipes/nginx.rb index 405be3a..bcb1d83 100644 --- a/site-cookbooks/kosmos-mastodon/recipes/nginx.rb +++ b/site-cookbooks/kosmos-mastodon/recipes/nginx.rb @@ -34,6 +34,7 @@ end tls_cert_for server_name do auth "gandi_dns" + acme_domain "letsencrypt.kosmos.org" action :create end From 989185f95123eb521f9c6eec5fb211067e5641aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Tue, 30 Apr 2024 12:23:36 +0200 Subject: [PATCH 87/95] Support proxy domain validation for Garage web domains Also rename the data bag item --- data_bags/credentials/gandi_api.json | 24 +++++++++++++++++++ data_bags/credentials/gandi_api_5apps.json | 17 ------------- .../kosmos-base/resources/tls_cert_for.rb | 2 +- .../kosmos-ejabberd/recipes/letsencrypt.rb | 2 +- .../kosmos_garage/recipes/nginx_web.rb | 6 +++++ site-cookbooks/sockethub/recipes/proxy.rb | 4 ++-- 6 files changed, 34 insertions(+), 21 deletions(-) create mode 100644 data_bags/credentials/gandi_api.json delete mode 100644 data_bags/credentials/gandi_api_5apps.json diff --git a/data_bags/credentials/gandi_api.json b/data_bags/credentials/gandi_api.json new file mode 100644 index 0000000..cf08cef --- /dev/null +++ b/data_bags/credentials/gandi_api.json @@ -0,0 +1,24 @@ +{ + "id": "gandi_api", + "key": { + "encrypted_data": "d3/rJMX6B9GuzUt0/mIk/lgQ3qGyQdbNXH6UEm3ZX7DeSl+rbW9FPJCRWg==\n", + "iv": "15YVAYla7PqqVOab\n", + "auth_tag": "xQSq+ld6SDOAER07N4ZkUQ==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "access_token": { + "encrypted_data": "geQwcNosiJZmqbbMpD/I+a2yueBzpV6C8Rb7vrCD8kR161ZRjvqLe+g/1XpT\n2/65wKYDMTrdto1I030=\n", + "iv": "1sj58eyooOZ8FTYn\n", + "auth_tag": "yBNfgWXaToc06VDLly/HUw==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "domains": { + "encrypted_data": "p5rIQTyCE+0d4HIuA4GKEAFekh7qEC4xe9Rm/kP0DyzY83FO0/4uKIvYoZRB\n", + "iv": "LWlx98NSS1/ngCH1\n", + "auth_tag": "FID+x/LjTZ3cgQV5U2xZLA==\n", + "version": 3, + "cipher": "aes-256-gcm" + } +} \ No newline at end of file diff --git a/data_bags/credentials/gandi_api_5apps.json b/data_bags/credentials/gandi_api_5apps.json deleted file mode 100644 index 6e42ccc..0000000 --- a/data_bags/credentials/gandi_api_5apps.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "id": "gandi_api_5apps", - "key": { - "encrypted_data": "AGYIkLdbnU3+O6OxGsFyLpZtTw531s2dbRC4Lik+8NYp3l4P0UMM2Pqf0g==\n", - "iv": "kPRHGpLwNIC3MpES\n", - "auth_tag": "wKth2tA+JxILFIKppHLDJg==\n", - "version": 3, - "cipher": "aes-256-gcm" - }, - "access_token": { - "encrypted_data": "+tKKFcWV0CZ5wEB/No5hou5+p1llsUkq7AXBvfnA7xsgbpa2q8AX/2UFf9Cf\nGtd9om1CeJJtz+o4ceA=\n", - "iv": "hLJSV77DQtqXZDbV\n", - "auth_tag": "8xgyudyDk4hq16LRkykGhQ==\n", - "version": 3, - "cipher": "aes-256-gcm" - } -} \ No newline at end of file diff --git a/site-cookbooks/kosmos-base/resources/tls_cert_for.rb b/site-cookbooks/kosmos-base/resources/tls_cert_for.rb index b1f92fc..0f56f29 100644 --- a/site-cookbooks/kosmos-base/resources/tls_cert_for.rb +++ b/site-cookbooks/kosmos-base/resources/tls_cert_for.rb @@ -18,7 +18,7 @@ action :create do case new_resource.auth when "gandi_dns" - gandi_api_credentials = data_bag_item('credentials', 'gandi_api_5apps') + gandi_api_credentials = data_bag_item('credentials', 'gandi_api') hook_path = "/root/gandi_dns_certbot_hook.sh" hook_auth_command = "#{hook_path} auth" diff --git a/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb b/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb index 408bb7a..872f060 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb @@ -33,7 +33,7 @@ file "/etc/letsencrypt/renewal-hooks/post/ejabberd" do group "root" end -gandi_api_credentials = data_bag_item('credentials', 'gandi_api_5apps') +gandi_api_credentials = data_bag_item('credentials', 'gandi_api') template "/root/gandi_dns_certbot_hook.sh" do variables access_token: gandi_api_credentials["access_token"] diff --git a/site-cookbooks/kosmos_garage/recipes/nginx_web.rb b/site-cookbooks/kosmos_garage/recipes/nginx_web.rb index 27919e3..f7a6823 100644 --- a/site-cookbooks/kosmos_garage/recipes/nginx_web.rb +++ b/site-cookbooks/kosmos_garage/recipes/nginx_web.rb @@ -3,6 +3,8 @@ # Recipe:: nginx_web # +gandi_api_credentials = data_bag_item('credentials', 'gandi_api') + file "#{node['openresty']['dir']}/conf.d/garage.conf" do content <<-EOF upstream garage_web { @@ -40,8 +42,12 @@ end # node['garage']['s3_web_domains'].each do |domain_name| + second_level_domain = domain_name.match(/(?:.*\.)?([^.]+\.[^.]+)$/) { $1 } + proxy_validation = !gandi_api_credentials["domains"].include?(second_level_domain) + tls_cert_for domain_name do auth "gandi_dns" + acme_domain "letsencrypt.kosmos.org" if proxy_validation action :create end diff --git a/site-cookbooks/sockethub/recipes/proxy.rb b/site-cookbooks/sockethub/recipes/proxy.rb index a62b5fd..17744f7 100644 --- a/site-cookbooks/sockethub/recipes/proxy.rb +++ b/site-cookbooks/sockethub/recipes/proxy.rb @@ -24,10 +24,10 @@ file "/etc/letsencrypt/renewal-hooks/post/nginx" do group "root" end -gandi_api_data_bag_item = data_bag_item('credentials', 'gandi_api_5apps') +gandi_api_credentials = data_bag_item('credentials', 'gandi_api') template "/root/gandi_dns_certbot_hook.sh" do - variables gandi_api_key: gandi_api_data_bag_item["key"] + variables gandi_api_key: gandi_api_credentials["key"] mode 0770 end From b77df3d0db4a391ac15f711caf00ac0530532844 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 16 May 2024 14:34:09 +0200 Subject: [PATCH 88/95] Update email aliases --- environments/production.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/environments/production.json b/environments/production.json index b7c2dde..ebd383d 100644 --- a/environments/production.json +++ b/environments/production.json @@ -34,8 +34,7 @@ "hostmaster@kosmos.org": "mail@kosmos.org", "postmaster@kosmos.org": "mail@kosmos.org", "abuse@kosmos.org": "mail@kosmos.org", - "mail@kosmos.org": "foundation@kosmos.org", - "hackerhouse@kosmos.org": "mail@lagrange6.com" + "mail@kosmos.org": "foundation@kosmos.org" } }, "garage": { From 6f287f14efdf1f5c01b1c3d7aae8b86e9cce9acb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 2 Jun 2024 23:01:49 +0200 Subject: [PATCH 89/95] Deploy `live` branch --- site-cookbooks/kosmos-akkounts/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-akkounts/attributes/default.rb b/site-cookbooks/kosmos-akkounts/attributes/default.rb index 49a3e93..8516913 100644 --- a/site-cookbooks/kosmos-akkounts/attributes/default.rb +++ b/site-cookbooks/kosmos-akkounts/attributes/default.rb @@ -1,5 +1,5 @@ node.default['akkounts']['repo'] = 'https://gitea.kosmos.org/kosmos/akkounts.git' -node.default['akkounts']['revision'] = 'master' +node.default['akkounts']['revision'] = 'live' node.default['akkounts']['port'] = 3000 node.default['akkounts']['domain'] = 'accounts.kosmos.org' node.default['akkounts']['primary_domain'] = 'kosmos.org' From d31440d2357080739109a55726c235936034cbf5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 2 Jun 2024 23:02:22 +0200 Subject: [PATCH 90/95] Add CORS headers to kosmos.social LNURL paths --- .../kosmos-mastodon/templates/default/nginx_conf_mastodon.erb | 1 + 1 file changed, 1 insertion(+) diff --git a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb index a0a3739..e0d404d 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb @@ -34,6 +34,7 @@ server { <% end %> location ~ ^/.well-known/(lnurlp|keysend) { + add_header 'Access-Control-Allow-Origin' '*'; proxy_ssl_server_name on; proxy_pass https://accounts.kosmos.org; } From d878b4208ea3e97583bce840b237ad810d73fcd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 2 Jun 2024 23:03:06 +0200 Subject: [PATCH 91/95] Configure akkounts for nostr zaps --- data_bags/credentials/akkounts.json | 61 +++++++++++-------- environments/production.json | 3 + .../kosmos-akkounts/attributes/default.rb | 2 + .../kosmos-akkounts/recipes/default.rb | 7 +++ 4 files changed, 46 insertions(+), 27 deletions(-) diff --git a/data_bags/credentials/akkounts.json b/data_bags/credentials/akkounts.json index 6c754de..a59beae 100644 --- a/data_bags/credentials/akkounts.json +++ b/data_bags/credentials/akkounts.json @@ -1,65 +1,72 @@ { "id": "akkounts", "postgresql_username": { - "encrypted_data": "l00Lmdbl5xNq07XU4XmcnRxXsIJaYyMQQ6xI\n", - "iv": "yxvL6hKwlVWmdMzl\n", - "auth_tag": "mMCV9ewJW/0TfVE76WBSZw==\n", + "encrypted_data": "bDlOkEmhvMgyVzPeTNUzYnzRLf3T9cc0cDxt\n", + "iv": "GCCUoqU5pxQ7fGkv\n", + "auth_tag": "Q7mrSHIBluMe3CGVmoR86Q==\n", "version": 3, "cipher": "aes-256-gcm" }, "postgresql_password": { - "encrypted_data": "Q6xWsH6bmI1GfMzme3mBRYrt3XmDwFJ7E4FjYg2Rrw==\n", - "iv": "jcQmuT7Jz3g3XE8d\n", - "auth_tag": "nNMvf9UmP6ikf1BW93QZIw==\n", + "encrypted_data": "wD0HtdsNe/hl4ZaOy8hyr2k4z8TXQrrSja3KNVE47w==\n", + "iv": "tb5yz8WDer0CsGvJ\n", + "auth_tag": "/+K2anuCff/6M7Pu70Smqw==\n", "version": 3, "cipher": "aes-256-gcm" }, "sentry_dsn": { - "encrypted_data": "V7cqlH2baN1Ix/ggQFeo9PY6dNKKpnDECaB1cO3XuCfy74oN2ot44nbpCQTA\nUl0+1LQv/qNn/L4gmJkqZfdIXZQqhR+iTc06UJxe3aTKJDw=\n", - "iv": "HJtdKYcApwaxhTXI\n", - "auth_tag": "qyIYK9h6nciJTFXBWOjVOA==\n", + "encrypted_data": "jCz681x0WVixHYZUb62TO+1cgyJMiJ2UMqWcaztx57yDBOIiKW3oSZjuXdhP\n9WCesfXQF/lgzITZno3IKDqzlKjWgbGLC75y8FLguxidCHI=\n", + "iv": "IRNOzN/hLwg1iqax\n", + "auth_tag": "eg9dWnEK04JDb94e4CFa9Q==\n", "version": 3, "cipher": "aes-256-gcm" }, "rails_master_key": { - "encrypted_data": "KAl2Kgq1TXjOm4TNxGwZkPwJeOSNLbLLKiRdb4fTyBFfUhIGGeCS9VvV9kIb\n9sQZ6HLU\n", - "iv": "BBPvDNs6nBXDti5I\n", - "auth_tag": "yjM/0nyUwt+5SSGuLC5qWA==\n", + "encrypted_data": "nUB77VLRp41rluH7hLBwQqPtnh/HsmfLr2VbcIZHWawL3o2TGuY+mj648f9L\n7XsEpgqY\n", + "iv": "fpdbDitqTRHxEKiv\n", + "auth_tag": "I44fn8Ott3L/Y5LYr56U/Q==\n", "version": 3, "cipher": "aes-256-gcm" }, "discourse_connect_secret": { - "encrypted_data": "YHkZGzXeK3nDHaXt3JKmGtCcvMfgvv3yHbvS2C+CLKagOIOe+0+2/CiNuh4U\nxO1Pug==\n", - "iv": "SnUxDpIMQum8ySfN\n", - "auth_tag": "Ny6I+3EoCA1s74JLjjbbyQ==\n", + "encrypted_data": "ENtMn+1XTVFmdEZw7LU6WGoMbSZY654ggm3vPACGfFgqo6r0LhG60c5OTdqv\nZvT5/Q==\n", + "iv": "bL1BmvRhgxFqSM1P\n", + "auth_tag": "sEBZzGWwwYFHn+4B4SsyCA==\n", "version": 3, "cipher": "aes-256-gcm" }, "lndhub_admin_token": { - "encrypted_data": "dJHxB80Enwkm+2aNuIrp7lILAy2J5tQaChPJCl/BHwMo\n", - "iv": "zHLtD1jTIwvjMt1l\n", - "auth_tag": "IC0adEzsS5YF5YHqabWw2A==\n", + "encrypted_data": "4LPGFoARzI8UYnsJPIk8sax/rAA16pUULEZWn86e2C7L\n", + "iv": "nvjXrOwgfgutwEVw\n", + "auth_tag": "A89RUf1sdcS3FVscNPWYLg==\n", "version": 3, "cipher": "aes-256-gcm" }, "btcpay_auth_token": { - "encrypted_data": "YbM0HvgIijluKQBcgfKn6hmWvdbhr0ijR1xKc+BRZCZJsRaJBHTjCbwhH8T9\nVnBESruyjhxphtBetcc=\n", - "iv": "3107v/c2Tonx6/cP\n", - "auth_tag": "jnO9fvoXJW5gbDMRjkdMPA==\n", + "encrypted_data": "ky5iWYF06os0Ek6vIRzWqMTekqJhCOh/Q9DTDIeKhSyk8TnT3O71lCNEt1F5\nXCNq6ux3V6oyHVLWj0o=\n", + "iv": "zk6WnxsY89oNW1F9\n", + "auth_tag": "FAIMXKvQ1T7QKezVSNJbwQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "s3_access_key": { - "encrypted_data": "PFjQKe1us12SNHlReQ4f0qctulPp4d2F3t5t+AGocp87PS/kZx77rtHQtruK\n", - "iv": "BGD8+XchqwPmhhwi\n", - "auth_tag": "XefaZKCVs8hotszALN+kxQ==\n", + "encrypted_data": "KfhfEGwPjOonlz6rpnNTinXFPqX/sIbqQn/aby0UDi/G/7cvEcOiNcCkfuSz\n", + "iv": "Q3rg06v6K9pUDLDY\n", + "auth_tag": "G5ugdlJ896KtYtObKLclJA==\n", "version": 3, "cipher": "aes-256-gcm" }, "s3_secret_key": { - "encrypted_data": "ziO35x8P1YMaSeenMNQoTWug62b5ZVLFlkMlJEFGnYjHK5qTAn6ir06WnMJC\n0zErzTZsPpcr7KpE/ipWgWHRy7qVbGnd6iVO4t9tf5NjiU2OXfA=\n", - "iv": "S3syCCxh2m+mylLu\n", - "auth_tag": "ZMkyBqXMXr3K3LGqxWvbtA==\n", + "encrypted_data": "N8s1OoDrYXHjqSydQA0kY7dd68Aelq4+/cgmJlYfP92u4YA17V4TR7fsvQZL\nkqjuUSClNYPc0XiCwf/5gxVirE9AO6OmmvSV7lUyu4hcEY6unrU=\n", + "iv": "bXzIVWnX6V0P6PRb\n", + "auth_tag": "1EOjCfsX9P6ETjUsgBvBsA==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "nostr_private_key": { + "encrypted_data": "Sf8PEyQ0sqcgxddSlIDxLOVzPjOkTFObsYuTgcxkbEV7igrati4e8QVVUEBD\n1yoLJXelp8jlCr28Ectci29jc53gYSMTLSQsw97uYas2R0dGCqQ=\n", + "iv": "+1CIUyvIUOveLrY4\n", + "auth_tag": "GDqS+IuAIfMBmHIeFXaV7A==\n", "version": 3, "cipher": "aes-256-gcm" } diff --git a/environments/production.json b/environments/production.json index ebd383d..4f84064 100644 --- a/environments/production.json +++ b/environments/production.json @@ -12,6 +12,9 @@ "lndhub": { "public_url": "https://lndhub.kosmos.org", "public_key": "024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946" + }, + "nostr": { + "public_key": "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a" } }, "discourse": { diff --git a/site-cookbooks/kosmos-akkounts/attributes/default.rb b/site-cookbooks/kosmos-akkounts/attributes/default.rb index 8516913..8c8ad69 100644 --- a/site-cookbooks/kosmos-akkounts/attributes/default.rb +++ b/site-cookbooks/kosmos-akkounts/attributes/default.rb @@ -21,6 +21,8 @@ node.default['akkounts']['lndhub']['public_url'] = nil node.default['akkounts']['lndhub']['public_key'] = nil node.default['akkounts']['lndhub']['postgres_db'] = 'lndhub' +node.default['akkounts']['nostr']['public_key'] = nil + node.default['akkounts']['s3_enabled'] = true node.default['akkounts']['s3_endpoint'] = "https://s3.kosmos.org" node.default['akkounts']['s3_region'] = "garage" diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb index 8d11428..2dd0a2b 100644 --- a/site-cookbooks/kosmos-akkounts/recipes/default.rb +++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb @@ -157,6 +157,13 @@ env[:mastodon_address_domain] = node['kosmos-mastodon']['user_address_domain'] env[:mediawiki_public_url] = node['mediawiki']['url'] +# +# Nostr +# + +env[:nostr_private_key] = credentials['nostr_private_key'] +env[:nostr_public_key] = node['akkounts']['nostr']['public_key'] + # # remoteStorage / Liquor Cabinet # From 2b6f81c5d6ee77a8d08a487ef3246596fdba0339 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 2 Jun 2024 23:17:16 +0200 Subject: [PATCH 92/95] Upgrade Gitea to 1.22 --- site-cookbooks/kosmos_gitea/attributes/default.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos_gitea/attributes/default.rb b/site-cookbooks/kosmos_gitea/attributes/default.rb index 23aae50..73292e4 100644 --- a/site-cookbooks/kosmos_gitea/attributes/default.rb +++ b/site-cookbooks/kosmos_gitea/attributes/default.rb @@ -1,5 +1,5 @@ -node.default["gitea"]["version"] = "1.21.10" -node.default["gitea"]["checksum"] = "17eb858f3ef2b7cdb649286e6a9cc050f9d949606327a7d6f27aaba49fc3b492" +node.default["gitea"]["version"] = "1.22.0" +node.default["gitea"]["checksum"] = "a31086f073cb9592d28611394b2de3655db515d961e4fdcf5b549cb40753ef3d" node.default["gitea"]["working_directory"] = "/var/lib/gitea" node.default["gitea"]["port"] = 3000 node.default["gitea"]["postgresql_host"] = "localhost:5432" From 0c29fad404b27fe83b24d4d6220bac76d0db721a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 5 Jun 2024 15:49:27 +0200 Subject: [PATCH 93/95] Remove superfluous license header MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Greg Karékinian --- .../kosmos-base/recipes/letsencrypt.rb | 21 ------------------- 1 file changed, 21 deletions(-) diff --git a/site-cookbooks/kosmos-base/recipes/letsencrypt.rb b/site-cookbooks/kosmos-base/recipes/letsencrypt.rb index e13c3db..22b0939 100644 --- a/site-cookbooks/kosmos-base/recipes/letsencrypt.rb +++ b/site-cookbooks/kosmos-base/recipes/letsencrypt.rb @@ -2,27 +2,6 @@ # Cookbook Name:: kosmos-base # Recipe:: letsencrypt # -# The MIT License (MIT) -# -# Copyright:: 2019, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. unless platform?('ubuntu') raise "This recipe only supports Ubuntu installs" From cfb379741e32f5dbb147ee4aca9e61177aa95003 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 5 Jun 2024 15:50:28 +0200 Subject: [PATCH 94/95] Add imap and smtp subdomains to mail server cert MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit closes #543 Co-authored-by: Greg Karékinian --- site-cookbooks/kosmos_email/recipes/default.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/site-cookbooks/kosmos_email/recipes/default.rb b/site-cookbooks/kosmos_email/recipes/default.rb index bb80c24..462ea1a 100644 --- a/site-cookbooks/kosmos_email/recipes/default.rb +++ b/site-cookbooks/kosmos_email/recipes/default.rb @@ -7,6 +7,7 @@ domain = node["email"]["domain"] hostname = node["email"]["hostname"] root_dir = node["email"]["root_directory"] ip_addr = node["knife_zero"]["host"] +extra_hostnames = ["smtp.#{domain}", "imap.#{domain}"] node.override["set_fqdn"] = hostname include_recipe "hostname" @@ -23,6 +24,7 @@ directory root_dir do end tls_cert_for hostname do + domain ([hostname]+extra_hostnames) auth "gandi_dns" action :create end From ff313525c86c91bbe9dcf194d1249ba56d198d03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 5 Jun 2024 16:43:20 +0200 Subject: [PATCH 95/95] Reload postfix and dovecot on cert renewal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit closes #552 Co-authored-by: Greg Karékinian --- .../kosmos-base/resources/tls_cert_for.rb | 16 +++++++++++++++- site-cookbooks/kosmos_email/recipes/default.rb | 1 + 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-base/resources/tls_cert_for.rb b/site-cookbooks/kosmos-base/resources/tls_cert_for.rb index 0f56f29..c633166 100644 --- a/site-cookbooks/kosmos-base/resources/tls_cert_for.rb +++ b/site-cookbooks/kosmos-base/resources/tls_cert_for.rb @@ -3,6 +3,7 @@ provides :tls_cert_for property :domain, [String, Array], name_property: true property :auth, [String, NilClass], default: nil +property :deploy_hook, [String, NilClass], default: nil property :acme_domain, [String, NilClass], default: nil default_action :create @@ -36,6 +37,19 @@ action :create do sensitive true end + if new_resource.deploy_hook + deploy_hook_path = "/etc/letsencrypt/renewal-hooks/#{domains.first}" + + file deploy_hook_path do + content new_resource.deploy_hook + mode 0755 + owner "root" + group "root" + end + elsif node.run_list.roles.include?("openresty_proxy") + deploy_hook_path = "/etc/letsencrypt/renewal-hooks/post/openresty" + end + # Generate a Let's Encrypt cert (only if no cert has been generated before). # The systemd timer will take care of renewing execute "letsencrypt cert for #{domains.join(', ')}" do @@ -47,7 +61,7 @@ action :create do --manual-auth-hook '#{hook_auth_command}' \ --manual-cleanup-hook '#{hook_cleanup_command}' \ --email ops@kosmos.org \ - #{node.run_list.roles.include?("openresty_proxy") ? '--deploy-hook /etc/letsencrypt/renewal-hooks/post/openresty' : nil } \ + #{"--deploy-hook #{deploy_hook_path}" if defined?(deploy_hook_path)} \ #{domains.map {|d| "-d #{d}" }.join(" ")} CMD not_if do diff --git a/site-cookbooks/kosmos_email/recipes/default.rb b/site-cookbooks/kosmos_email/recipes/default.rb index 462ea1a..01f85a3 100644 --- a/site-cookbooks/kosmos_email/recipes/default.rb +++ b/site-cookbooks/kosmos_email/recipes/default.rb @@ -26,6 +26,7 @@ end tls_cert_for hostname do domain ([hostname]+extra_hostnames) auth "gandi_dns" + deploy_hook "systemctl reload postfix.service && systemctl reload dovecot.service" action :create end