From 72a7b2ed8d5c4a1880984635131db5dc73c4fb37 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Wed, 17 Apr 2019 10:06:15 +0100
Subject: [PATCH 01/54] Add hubot-schedule

Already running on the server, with a message schedule for the Kosmos
weekly calls.
---
 site-cookbooks/kosmos-hubot/recipes/hal8000.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/site-cookbooks/kosmos-hubot/recipes/hal8000.rb b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
index 11941fe..ef88bac 100644
--- a/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
@@ -61,6 +61,7 @@ application hal8000_path do
       "hubot-incoming-webhook",
       "hubot-auth",
       "hubot-kredits",
+      "hubot-schedule"
     ].to_json
   end
 

From 94cb7c8e20f1381f988c06865c27b6dfe5709c86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Thu, 18 Apr 2019 11:00:22 +0200
Subject: [PATCH 02/54] Add the id endpoint to our IPFS reverse proxy

---
 site-cookbooks/kosmos-ipfs/metadata.rb                         | 2 +-
 .../templates/default/nginx_conf_ipfs.kosmos.org.erb           | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/site-cookbooks/kosmos-ipfs/metadata.rb b/site-cookbooks/kosmos-ipfs/metadata.rb
index 36f810d..fb9b758 100644
--- a/site-cookbooks/kosmos-ipfs/metadata.rb
+++ b/site-cookbooks/kosmos-ipfs/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
 license          'MIT'
 description      'Installs/Configures kosmos-ipfs'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.1.0'
+version          '0.1.1'
 
 depends 'ipfs'
 depends 'kosmos-base'
diff --git a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
index 00ce7b9..5759129 100644
--- a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
+++ b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
@@ -33,6 +33,9 @@ server {
   location /api/v0/object/data {
     proxy_pass http://_ipfs/api/v0/object/data;
   }
+  location /api/v0/id {
+    proxy_pass http://_ipfs/api/v0/id;
+  }
 
   ssl_certificate <%= @ssl_cert %>;
   ssl_certificate_key <%= @ssl_key %>;

From 7c29957ed9cc826521d30fed1b7469d5b46d8ec5 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Fri, 19 Apr 2019 15:52:56 +0100
Subject: [PATCH 03/54] Fix and consolidate firewall rules

Most of them are already defined in the appropriate recipe. And one can
be moved. (These are currently opened on every server for no reason.)
---
 .../5apps-xmpp_server/recipes/default.rb      |  2 +-
 .../kosmos-base/recipes/firewall.rb           | 24 -------------------
 2 files changed, 1 insertion(+), 25 deletions(-)

diff --git a/site-cookbooks/5apps-xmpp_server/recipes/default.rb b/site-cookbooks/5apps-xmpp_server/recipes/default.rb
index bfb1d13..0dd353f 100644
--- a/site-cookbooks/5apps-xmpp_server/recipes/default.rb
+++ b/site-cookbooks/5apps-xmpp_server/recipes/default.rb
@@ -10,7 +10,7 @@
 unless node.chef_environment == "development"
   include_recipe "firewall"
   firewall_rule "xmpp" do
-    port     [5222, 5269]
+    port     [5222, 5269, 5281]
     protocol :tcp
     command  :allow
   end
diff --git a/site-cookbooks/kosmos-base/recipes/firewall.rb b/site-cookbooks/kosmos-base/recipes/firewall.rb
index 233a34c..96dd212 100644
--- a/site-cookbooks/kosmos-base/recipes/firewall.rb
+++ b/site-cookbooks/kosmos-base/recipes/firewall.rb
@@ -38,27 +38,3 @@ firewall_rule 'mosh' do
   protocol :udp
   command  :allow
 end
-
-firewall_rule 'prosody_http_upload' do
-  port     5281
-  protocol :tcp
-  command  :allow
-end
-
-firewall_rule 'hubot_express_hal8000' do
-  port     8080
-  protocol :tcp
-  command  :allow
-end
-
-firewall_rule 'hubot_express_botka_xmpp' do
-  port     8082
-  protocol :tcp
-  command  :allow
-end
-
-firewall_rule 'hubot_express_schlupp_xmpp' do
-  port     8083
-  protocol :tcp
-  command  :allow
-end

From 1d98bf14fe671c70990de2a5fa0860a1e698fd10 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Fri, 19 Apr 2019 17:35:29 +0100
Subject: [PATCH 04/54] Configure kosmos-github

closes #35
---
 data_bags/credentials/kredits-github.json     | 24 +++++
 nodes/barnard.kosmos.org.json                 |  9 ++
 site-cookbooks/kredits-github/CHANGELOG.md    |  6 ++
 site-cookbooks/kredits-github/LICENSE         | 20 ++++
 site-cookbooks/kredits-github/README.md       | 31 ++++++
 .../kredits-github/attributes/default.rb      |  3 +
 site-cookbooks/kredits-github/metadata.rb     | 12 +++
 .../kredits-github/recipes/default.rb         | 96 +++++++++++++++++++
 .../kredits-github/recipes/nginx.rb           | 46 +++++++++
 .../templates/default/nginx_conf.erb          | 26 +++++
 .../default/nodejs.systemd.service.erb        | 17 ++++
 11 files changed, 290 insertions(+)
 create mode 100644 data_bags/credentials/kredits-github.json
 create mode 100644 nodes/barnard.kosmos.org.json
 create mode 100644 site-cookbooks/kredits-github/CHANGELOG.md
 create mode 100644 site-cookbooks/kredits-github/LICENSE
 create mode 100644 site-cookbooks/kredits-github/README.md
 create mode 100644 site-cookbooks/kredits-github/attributes/default.rb
 create mode 100644 site-cookbooks/kredits-github/metadata.rb
 create mode 100644 site-cookbooks/kredits-github/recipes/default.rb
 create mode 100644 site-cookbooks/kredits-github/recipes/nginx.rb
 create mode 100644 site-cookbooks/kredits-github/templates/default/nginx_conf.erb
 create mode 100644 site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb

diff --git a/data_bags/credentials/kredits-github.json b/data_bags/credentials/kredits-github.json
new file mode 100644
index 0000000..cda8c04
--- /dev/null
+++ b/data_bags/credentials/kredits-github.json
@@ -0,0 +1,24 @@
+{
+  "id": "kredits-github",
+  "app_id": {
+    "encrypted_data": "DVvsNFAlZIO1NMmo1dVbA05MYdyJfPG9\n",
+    "iv": "JP4lpX3pFT8l43Hl\n",
+    "auth_tag": "EncRbtgQigRvLIfbMS+IxQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "private_key": {
+    "encrypted_data": "nV2ecoeWtL/TIM9grbsDAVh34gkaE/bJFc7qebUA9fOU40eeC7xMQst9pBZ+\nIfok2Y4Q0+ABQEKTrilfhSAOA+Hck66W2k1oNdCKXRcNb40T0Y01L77nNdzO\n0b6+uzopQ9oe2M5PF283gk8JWWQV9qED4eKpXEyU8prooA26KabXSrnsMESU\nIztULMsHNhUbDPHBRiEA6q/YUKlw8R++Sh9BcOjjeAEK+pueiARDh+yNMfJV\nomZRWfqncLlryDY6g+hbWEy5Oh+uMD8Th7zhbO//5dPOP1T6ZJjzHfhVQw+v\ng8txFD505yCBKiv70K4cHy9dF+ExFzJBcgr42gJ60gzShemZywAxOCDIc2yz\nFSEVwxGlxYRs5PLHhOT+KCaDzE7w5JmHDyMzv0j+IJnUtPPeInUUI9CNw42F\nmXygqGaY2BmJXAqYtCqEeMsZBtXijqu3TY3mmqxudupxethRrXZ9uZ0I3Ohf\nw6BCnqTw/sT3JkBxtNRQeEQvF+2G8ysXyLujkbqAyWiT+fCmS14FhisEOr8H\n6ojfRGb5iHHScG5wTwXn6tr4de9jjVk5Hrth3Rj46ZImMd1lzROPYyIcWFlS\no57Y3nmF6j7pjDBz++nInnpGlzPG+17sG4OSp6t0t93Vwkr8q9WNQjLo0Jqc\nLNaziU1ke3g+ZpKnHhUwJ2sCyVk4xvVD98hx4lhwCPzKghGQhWu6Vo2YfN79\nhSMjNw5N/3WFxdb5EuF4vYWOFitBvogPkAusZjrexlhUmGIS2qf+jlKvo6yD\nIl8CrCYZttj1UnyCuDmftIXTY9/7czBDQgq+vHlT33e7hNLHD7tFDeTEaz0t\nS+/I0+BgEnKv7aQHSSKExg3ZNc86yqfREKNsKxf4O6YiceBP7r/0qqFR6VBH\nIOQpUwK2e6cv70VmmtoEIjIpRZIOScrVVc1w2QlCj7xH9WfdEG9GSft3uHqd\nqbpegChVNuq2tEq7DoAC8ednjzbYdka4bpGJCqF6zm1c48WaL0G6VBLioi/r\nwFhCNi6AOEYkX0v3wovxME1aodfzBiu1Q6nEuzflZthr+1zERZXXaXY59VZ8\nqzWnLd5Xd/SxvvODY67fdykP90Kn94Xf+6XD9r72ch3S3ZqoWi66YFyqZ5Aa\n0LVKK+nCUwlGWjdgzcEcGx5OOyvbqm2VVnwWo2HuVk/iTzkrppF9y5nvFWUc\n6FfDdGWytkmzRH3KBZ9GKqgrIrswUmsSoIHESugVouJ+QfbFZZLLQS/0p4wH\nPFT8H8GSUvg8CEbap4JRW3R/+yspqSXipfIH5TrKr6NkyggWSE7EMNYq41eU\nuFWtwqX/z8x0SVVo+thAXkgg7KcZrZ9W4LdSGnfrx90QGZ0/K9Xs27pPY8R1\nSUNpaUc3S4Vxt28ualRBksuiIXT9AJGPGQf5UOgpOzBmDFw0GSjZdzz33tLL\n49Ymktapc6mC1FCxkJO3e+pI/I34+FcD9oiVea5v0Gg1cuuZInGJBYrq0PBE\nTaz0w2e8X/eQ2fVnQlUgmHlPcOugtoK8sLEO2+HDyBmIx9ypCfqFo6tu+MHG\nZTRp1GFmifYKUMnGvyxgo7mMFuSJtzgF/UR4PddbfX9yFAxPUTzM2Ba4s9um\nBZXKQoQB/dS9wXhmZVme9Yjq/D1d8w3wosSOcDV3apNerDxegbFqt8ugYbtQ\nmy35aHCXU560Xi1uyWBggRXsoWSsb3RZhNbTz6vsvsly9kj6pSUtxbAiwvwI\nrZuGwvNUgYHdXaHdQAqyCAiIF3KJfQGTyk2di26BZ3K8eTnP3tKbTT157Adf\nOt4e+sHhfmacjmXN9FFuOlLddOk45Y7YSRDwGgqS3NqTSo21GAPBSDqfwqkr\neG76OKxoijCMYeJQ6h0lqh8lXYO5h376BdbUMvZfiy8PzkfbCZ9j45b/jHQD\n8CSWz+T8LmQM4Mg69MZn3zAYOSrPQj9DMbwuQshqe19qRlrexRRemWATvkSO\nYchQJ2891WGn7WZ2vrd9VpEdiXdC6JmCpDfoBBJ3JcaknTrNx7VBPc/48rli\nIlso0fzzxTGIrJjFbYL38Br20/qZcXzOO+YJXuHY+n5vuZ2870yPck4r1vUX\n6HSRALY768YGSLNWwfg9sDfbOcpfxKrnrNJxF5Nz7cGN63CKm1e6GZG+vSX+\nNBkumwPGyUWtLJO+JE8l6yivOZeq01W+XOjSh8NzrQJ3Tt2XVhuqWy+ruXS0\nA9O2/tdI2pu0ed63TVaWL/ULYrfXtHtCOYyjc5ulIwX7+L9LXU2I9zmycp0u\n3eR50MpHBgGSCyk=\n",
+    "iv": "IlCQ6yNhvGFeTJlP\n",
+    "auth_tag": "bItEhCOGVHB2HMzWKuyExg==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "webhook_secret": {
+    "encrypted_data": "5aUw9uwoX7BmUXCXLjJ82VtEOAAaneldYMUnv2XJqL+XUNokmdf/tQwTjI7R\n8Ov1+sXCp2R073apPUk=\n",
+    "iv": "6VeynEodre6uhBE7\n",
+    "auth_tag": "kRGFN3q+N0NKPwoLRrtgtw==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  }
+}
\ No newline at end of file
diff --git a/nodes/barnard.kosmos.org.json b/nodes/barnard.kosmos.org.json
new file mode 100644
index 0000000..67856da
--- /dev/null
+++ b/nodes/barnard.kosmos.org.json
@@ -0,0 +1,9 @@
+{
+  "run_list": [
+    "role[base]",
+    "kredits-github"
+  ],
+  "automatic": {
+    "ipaddress": "barnard.kosmos.org"
+  }
+}
diff --git a/site-cookbooks/kredits-github/CHANGELOG.md b/site-cookbooks/kredits-github/CHANGELOG.md
new file mode 100644
index 0000000..f1e847a
--- /dev/null
+++ b/site-cookbooks/kredits-github/CHANGELOG.md
@@ -0,0 +1,6 @@
+kredits-github CHANGELOG
+========================
+
+0.1.0
+-----
+- [Râu Cao] - Initial release of kredits-github
diff --git a/site-cookbooks/kredits-github/LICENSE b/site-cookbooks/kredits-github/LICENSE
new file mode 100644
index 0000000..f3b5d1c
--- /dev/null
+++ b/site-cookbooks/kredits-github/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2019 Kosmos Developers
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/site-cookbooks/kredits-github/README.md b/site-cookbooks/kredits-github/README.md
new file mode 100644
index 0000000..39e43f5
--- /dev/null
+++ b/site-cookbooks/kredits-github/README.md
@@ -0,0 +1,31 @@
+kredits-github Cookbook
+=======================
+
+This cookbook installs [kredits-github](https://github.com/67P/kredits-github).
+
+Attributes
+----------
+
+#### kredits-github::default
+<table>
+  <tr>
+    <th>Key</th>
+    <th>Type</th>
+    <th>Description</th>
+    <th>Default</th>
+  </tr>
+  <tr>
+    <td><tt>['sockethub']['port']</tt></td>
+    <td>Integer</td>
+    <td>The local port to run sockethub on</td>
+    <td><tt>10551</tt></td>
+  </tr>
+  <tr>
+    <td><tt>['sockethub']['external_port']</tt></td>
+    <td>Integer</td>
+    <td>The external port to run sockethub on. This will also open the port on the firewall</td>
+    <td><tt>10550</tt></td>
+  </tr>
+</table>
+
+Right now the nginx vhost is hardcoded: sockethub.kosmos.org
diff --git a/site-cookbooks/kredits-github/attributes/default.rb b/site-cookbooks/kredits-github/attributes/default.rb
new file mode 100644
index 0000000..d024a64
--- /dev/null
+++ b/site-cookbooks/kredits-github/attributes/default.rb
@@ -0,0 +1,3 @@
+node.default['kredits-github']['port']          = '3000'
+node.default['kredits-github']['revision']      = 'master'
+node.default['kredits-github']['domain']        = 'kredits-github.kosmos.org'
diff --git a/site-cookbooks/kredits-github/metadata.rb b/site-cookbooks/kredits-github/metadata.rb
new file mode 100644
index 0000000..eb57f47
--- /dev/null
+++ b/site-cookbooks/kredits-github/metadata.rb
@@ -0,0 +1,12 @@
+name             'kredits-github'
+maintainer       'Kosmos'
+maintainer_email 'mail@kosmos.org'
+license          'MIT'
+description      'Installs/Configures kredits-github'
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version          '0.1.0'
+
+depends 'application_javascript'
+depends 'kosmos-nodejs'
+depends 'kosmos-nginx'
+depends 'firewall'
diff --git a/site-cookbooks/kredits-github/recipes/default.rb b/site-cookbooks/kredits-github/recipes/default.rb
new file mode 100644
index 0000000..1512879
--- /dev/null
+++ b/site-cookbooks/kredits-github/recipes/default.rb
@@ -0,0 +1,96 @@
+#
+# Cookbook Name:: sockethub
+# Recipe:: default
+#
+# The MIT License (MIT)
+#
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+include_recipe 'kosmos-nodejs'
+include_recipe 'kredits-github::nginx'
+
+app_name     = "kredits-github"
+deploy_user  = "deploy"
+deploy_group = "deploy"
+credentials  = Chef::EncryptedDataBagItem.load('credentials', app_name)
+
+group deploy_group
+
+user deploy_user do
+  group       deploy_group
+  manage_home true
+  shell       "/bin/bash"
+  comment     "deploy user"
+end
+
+path_to_deploy = "/opt/#{app_name}"
+application path_to_deploy do
+  owner deploy_user
+  group deploy_group
+
+  git do
+    user  deploy_user
+    group deploy_group
+    repository "https://github.com/67P/#{app_name}.git"
+    revision   node[app_name]['revision']
+  end
+
+  npm_install do
+    user deploy_user
+  end
+
+  execute "systemctl daemon-reload" do
+    command "systemctl daemon-reload"
+    action :nothing
+  end
+
+  file "#{path_to_deploy}/github_app_key.pem" do
+    content credentials['private_key']
+    owner deploy_user
+    group deploy_group
+    mode '0440'
+  end
+
+  template "/lib/systemd/system/#{app_name}.service" do
+    source 'nodejs.systemd.service.erb'
+    owner 'root'
+    group 'root'
+    mode '0644'
+    variables(
+      user: deploy_user,
+      group: deploy_group,
+      app_dir: path_to_deploy,
+      entry: "/usr/bin/node /usr/bin/npm start",
+      environment: {
+        'LOG_LEVEL'        => "debug",
+        'APP_ID'           => credentials['app_id'],
+        'PRIVATE_KEY_PATH' => "#{path_to_deploy}/github_app_key.pem",
+        'WEBHOOK_SECRET'   => credentials['webhook_secret'],
+      }
+    )
+    notifies :run, "execute[systemctl daemon-reload]", :delayed
+    notifies :restart, "service[#{app_name}]", :delayed
+  end
+
+  service app_name do
+    action [:enable, :start]
+  end
+end
diff --git a/site-cookbooks/kredits-github/recipes/nginx.rb b/site-cookbooks/kredits-github/recipes/nginx.rb
new file mode 100644
index 0000000..54b576a
--- /dev/null
+++ b/site-cookbooks/kredits-github/recipes/nginx.rb
@@ -0,0 +1,46 @@
+#
+# Cookbook Name:: kredits-github
+# Recipe:: nginx
+#
+# The MIT License (MIT)
+#
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+include_recipe 'kosmos-nginx'
+server_name = node['kredits-github']['domain']
+
+template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
+  source 'nginx_conf.erb'
+  owner 'www-data'
+  mode 0640
+  variables app_name:    "kredits-github",
+            nodejs_port: node['kredits-github']['port'],
+            server_name: server_name,
+            ssl_cert:    "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
+            ssl_key:     "/etc/letsencrypt/live/#{server_name}/privkey.pem"
+  notifies :reload, 'service[nginx]', :delayed
+end
+
+nginx_site server_name do
+  action :enable
+end
+
+nginx_certbot_site server_name
diff --git a/site-cookbooks/kredits-github/templates/default/nginx_conf.erb b/site-cookbooks/kredits-github/templates/default/nginx_conf.erb
new file mode 100644
index 0000000..70aefb8
--- /dev/null
+++ b/site-cookbooks/kredits-github/templates/default/nginx_conf.erb
@@ -0,0 +1,26 @@
+# Generated by Chef
+upstream _<%= @app_name %> {
+  server   localhost:<%= @nodejs_port %>;
+}
+
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+server {
+  listen 443 ssl http2;
+  add_header Strict-Transport-Security "max-age=15768000";
+
+  server_name <%= @server_name %>;
+
+  access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log json;
+  error_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.error.log warn;
+
+  gzip on;
+
+  location / {
+    proxy_buffers 1024 8k; # Increase number of buffers. Default is 8
+    proxy_pass http://_<%= @app_name %>;
+   }
+
+  ssl_certificate <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+}
+<% end -%>
diff --git a/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb b/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
new file mode 100644
index 0000000..a20fb92
--- /dev/null
+++ b/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
@@ -0,0 +1,17 @@
+[Unit]
+Description=Start nodejs app
+Requires=nginx.service
+After=nginx.service
+
+[Service]
+ExecStart=<%= @entry %>
+WorkingDirectory=<%= @app_dir %>
+User=<%= @user %>
+Group=<%= @group %>
+<% unless @environment.empty? -%>
+Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %>
+<% end -%>
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

From e62393e4438d4da648c325573dbb43056b8302b3 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Fri, 19 Apr 2019 18:52:44 +0100
Subject: [PATCH 05/54] Update cookbook README

---
 site-cookbooks/kredits-github/README.md | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/site-cookbooks/kredits-github/README.md b/site-cookbooks/kredits-github/README.md
index 39e43f5..37a7626 100644
--- a/site-cookbooks/kredits-github/README.md
+++ b/site-cookbooks/kredits-github/README.md
@@ -15,16 +15,22 @@ Attributes
     <th>Default</th>
   </tr>
   <tr>
-    <td><tt>['sockethub']['port']</tt></td>
-    <td>Integer</td>
-    <td>The local port to run sockethub on</td>
-    <td><tt>10551</tt></td>
+    <td><tt>['kredits-github']['port']</tt></td>
+    <td>String</td>
+    <td>The local port that kredits-github is running on</td>
+    <td><tt>3000</tt></td>
   </tr>
   <tr>
-    <td><tt>['sockethub']['external_port']</tt></td>
-    <td>Integer</td>
-    <td>The external port to run sockethub on. This will also open the port on the firewall</td>
-    <td><tt>10550</tt></td>
+    <td><tt>['kredits-github']['revision']</tt></td>
+    <td>String</td>
+    <td>Git revision/branch to deploy</td>
+    <td><tt>master</tt></td>
+  </tr>
+  <tr>
+    <td><tt>['kredits-github']['domain']</tt></td>
+    <td>String</td>
+    <td>Domain name for requests to the app</td>
+    <td><tt>kredits-github.kosmos.org</tt></td>
   </tr>
 </table>
 

From f26edab7ad040472a5278c45a063a0fd85b9174c Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Sat, 20 Apr 2019 09:25:27 +0100
Subject: [PATCH 06/54] Fix nginx template

It refused to accept connections when the header directive was before
the server_name one.
---
 .../kredits-github/templates/default/nginx_conf.erb         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/site-cookbooks/kredits-github/templates/default/nginx_conf.erb b/site-cookbooks/kredits-github/templates/default/nginx_conf.erb
index 70aefb8..257de71 100644
--- a/site-cookbooks/kredits-github/templates/default/nginx_conf.erb
+++ b/site-cookbooks/kredits-github/templates/default/nginx_conf.erb
@@ -6,8 +6,6 @@ upstream _<%= @app_name %> {
 <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
 server {
   listen 443 ssl http2;
-  add_header Strict-Transport-Security "max-age=15768000";
-
   server_name <%= @server_name %>;
 
   access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log json;
@@ -15,10 +13,12 @@ server {
 
   gzip on;
 
+  add_header Strict-Transport-Security "max-age=15768000";
+
   location / {
     proxy_buffers 1024 8k; # Increase number of buffers. Default is 8
     proxy_pass http://_<%= @app_name %>;
-   }
+  }
 
   ssl_certificate <%= @ssl_cert %>;
   ssl_certificate_key <%= @ssl_key %>;

From 2658b90c5b7b2d00fb89516caffb4704cea3f955 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Sat, 20 Apr 2019 09:34:37 +0100
Subject: [PATCH 07/54] Set log level to info

Now that everything works, we don't need detailed output for every
GitHub payload anymore.
---
 site-cookbooks/kredits-github/recipes/default.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/site-cookbooks/kredits-github/recipes/default.rb b/site-cookbooks/kredits-github/recipes/default.rb
index 1512879..283a2b9 100644
--- a/site-cookbooks/kredits-github/recipes/default.rb
+++ b/site-cookbooks/kredits-github/recipes/default.rb
@@ -80,7 +80,7 @@ application path_to_deploy do
       app_dir: path_to_deploy,
       entry: "/usr/bin/node /usr/bin/npm start",
       environment: {
-        'LOG_LEVEL'        => "debug",
+        'LOG_LEVEL'        => "info",
         'APP_ID'           => credentials['app_id'],
         'PRIVATE_KEY_PATH' => "#{path_to_deploy}/github_app_key.pem",
         'WEBHOOK_SECRET'   => credentials['webhook_secret'],

From 3b2a3bf3fa24027ca56e73b414b3980519d3f6d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 23 Apr 2019 10:33:31 +0200
Subject: [PATCH 08/54] Replace reference to sockethub, remove comment that's
 not relevant

---
 site-cookbooks/kredits-github/README.md          | 2 --
 site-cookbooks/kredits-github/recipes/default.rb | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/site-cookbooks/kredits-github/README.md b/site-cookbooks/kredits-github/README.md
index 37a7626..2bf8f4b 100644
--- a/site-cookbooks/kredits-github/README.md
+++ b/site-cookbooks/kredits-github/README.md
@@ -33,5 +33,3 @@ Attributes
     <td><tt>kredits-github.kosmos.org</tt></td>
   </tr>
 </table>
-
-Right now the nginx vhost is hardcoded: sockethub.kosmos.org
diff --git a/site-cookbooks/kredits-github/recipes/default.rb b/site-cookbooks/kredits-github/recipes/default.rb
index 283a2b9..954c990 100644
--- a/site-cookbooks/kredits-github/recipes/default.rb
+++ b/site-cookbooks/kredits-github/recipes/default.rb
@@ -1,5 +1,5 @@
 #
-# Cookbook Name:: sockethub
+# Cookbook Name:: kredits-github
 # Recipe:: default
 #
 # The MIT License (MIT)

From bafa24351a602f249436b4bb7fd608bafd7796ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 23 Apr 2019 11:14:33 +0200
Subject: [PATCH 09/54] Remove firewall rule that is already defined

---
 site-cookbooks/kosmos-hubot/recipes/default.rb | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/site-cookbooks/kosmos-hubot/recipes/default.rb b/site-cookbooks/kosmos-hubot/recipes/default.rb
index 30c7091..65bcf67 100644
--- a/site-cookbooks/kosmos-hubot/recipes/default.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/default.rb
@@ -5,15 +5,6 @@
 # Copyright 2017-2018, Kosmos
 #
 
-unless node.chef_environment == "development"
-  include_recipe 'firewall'
-  firewall_rule 'hubot_express_hal8000_freenode' do
-    port     8080
-    protocol :tcp
-    command  :allow
-  end
-end
-
 include_recipe "kosmos-nodejs"
 include_recipe "kosmos-redis"
 

From 47d2ebe409cf4bfb84a27073d5e0e56f512bc901 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 23 Apr 2019 11:15:06 +0200
Subject: [PATCH 10/54] Add missing firewall rule for botka on freenode

---
 site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
index 65c2779..4024294 100644
--- a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
@@ -118,4 +118,11 @@ unless node.chef_environment == "development"
   end
 
   nginx_certbot_site express_domain
+
+  include_recipe "firewall"
+  firewall_rule 'hubot_express_botka_freenode' do
+    port     express_port
+    protocol :tcp
+    command  :allow
+  end
 end

From 1d0f66adc4664da89370705cf3f79e37219fefec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 23 Apr 2019 11:25:16 +0200
Subject: [PATCH 11/54] Remove an unused dependency on the firewall cookbook

---
 site-cookbooks/kredits-github/metadata.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/site-cookbooks/kredits-github/metadata.rb b/site-cookbooks/kredits-github/metadata.rb
index eb57f47..fdcf098 100644
--- a/site-cookbooks/kredits-github/metadata.rb
+++ b/site-cookbooks/kredits-github/metadata.rb
@@ -9,4 +9,3 @@ version          '0.1.0'
 depends 'application_javascript'
 depends 'kosmos-nodejs'
 depends 'kosmos-nginx'
-depends 'firewall'

From fabbe398a2e50aa9aa459e27a1327053992187f6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 23 Apr 2019 11:28:23 +0200
Subject: [PATCH 12/54] Remove the nginx recipe inclusion and the dependency on
 nginx in the service

The nginx vhost should be set up after the app is deployed. The node app
doesn't need nginx to run
---
 site-cookbooks/kredits-github/recipes/default.rb                | 1 -
 .../kredits-github/templates/default/nodejs.systemd.service.erb | 2 --
 2 files changed, 3 deletions(-)

diff --git a/site-cookbooks/kredits-github/recipes/default.rb b/site-cookbooks/kredits-github/recipes/default.rb
index 954c990..d452416 100644
--- a/site-cookbooks/kredits-github/recipes/default.rb
+++ b/site-cookbooks/kredits-github/recipes/default.rb
@@ -25,7 +25,6 @@
 # THE SOFTWARE.
 
 include_recipe 'kosmos-nodejs'
-include_recipe 'kredits-github::nginx'
 
 app_name     = "kredits-github"
 deploy_user  = "deploy"
diff --git a/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb b/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
index a20fb92..68f7a05 100644
--- a/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
+++ b/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
@@ -1,7 +1,5 @@
 [Unit]
 Description=Start nodejs app
-Requires=nginx.service
-After=nginx.service
 
 [Service]
 ExecStart=<%= @entry %>

From 451d182ca92022e2aa3dc347cd25d1db4a6825d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 23 Apr 2019 11:30:59 +0200
Subject: [PATCH 13/54] Add kredits_github role for the node app and the nginx
 vhost

---
 roles/kredits_github.rb | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 roles/kredits_github.rb

diff --git a/roles/kredits_github.rb b/roles/kredits_github.rb
new file mode 100644
index 0000000..57f3d88
--- /dev/null
+++ b/roles/kredits_github.rb
@@ -0,0 +1,6 @@
+name "kredits_github"
+
+run_list %w(
+  kredits-github::default
+  kredits-github::nginx
+)

From 79023a65f24b86a3fd357a3db7d3cb60e34852a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 23 Apr 2019 11:40:33 +0200
Subject: [PATCH 14/54] Move the environment variables to an EnvironmentFile

---
 .../kredits-github/recipes/default.rb         | 24 ++++++++++++++-----
 .../default/nodejs.systemd.service.erb        |  4 +---
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/site-cookbooks/kredits-github/recipes/default.rb b/site-cookbooks/kredits-github/recipes/default.rb
index d452416..a79626f 100644
--- a/site-cookbooks/kredits-github/recipes/default.rb
+++ b/site-cookbooks/kredits-github/recipes/default.rb
@@ -41,6 +41,7 @@ user deploy_user do
 end
 
 path_to_deploy = "/opt/#{app_name}"
+environment_file = "/home/deploy/.kredits-github_environment"
 application path_to_deploy do
   owner deploy_user
   group deploy_group
@@ -66,6 +67,22 @@ application path_to_deploy do
     owner deploy_user
     group deploy_group
     mode '0440'
+    sensitive true
+  end
+
+  env = {
+    'LOG_LEVEL'        => "info",
+    'APP_ID'           => credentials['app_id'],
+    'PRIVATE_KEY_PATH' => "#{path_to_deploy}/github_app_key.pem",
+    'WEBHOOK_SECRET'   => credentials['webhook_secret'],
+  }
+
+  file environment_file do
+    content env.sort.map {|k, v| "#{k}=#{v}" }.join("\n")
+    owner deploy_user
+    owner deploy_group
+    mode '0440'
+    sensitive true
   end
 
   template "/lib/systemd/system/#{app_name}.service" do
@@ -78,12 +95,7 @@ application path_to_deploy do
       group: deploy_group,
       app_dir: path_to_deploy,
       entry: "/usr/bin/node /usr/bin/npm start",
-      environment: {
-        'LOG_LEVEL'        => "info",
-        'APP_ID'           => credentials['app_id'],
-        'PRIVATE_KEY_PATH' => "#{path_to_deploy}/github_app_key.pem",
-        'WEBHOOK_SECRET'   => credentials['webhook_secret'],
-      }
+      environment_file: environment_file
     )
     notifies :run, "execute[systemctl daemon-reload]", :delayed
     notifies :restart, "service[#{app_name}]", :delayed
diff --git a/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb b/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
index 68f7a05..fb11e4b 100644
--- a/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
+++ b/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
@@ -6,9 +6,7 @@ ExecStart=<%= @entry %>
 WorkingDirectory=<%= @app_dir %>
 User=<%= @user %>
 Group=<%= @group %>
-<% unless @environment.empty? -%>
-Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %>
-<% end -%>
+EnvironmentFile=<%= @environment_file %>
 Restart=always
 
 [Install]

From ecf5870195669a2e6d01eeaa4b93c215e77cdc79 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 23 Apr 2019 11:41:12 +0200
Subject: [PATCH 15/54] Only add the Let's Encrypt set up when not in the dev
 environment

---
 site-cookbooks/kredits-github/recipes/nginx.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/site-cookbooks/kredits-github/recipes/nginx.rb b/site-cookbooks/kredits-github/recipes/nginx.rb
index 54b576a..1ebec48 100644
--- a/site-cookbooks/kredits-github/recipes/nginx.rb
+++ b/site-cookbooks/kredits-github/recipes/nginx.rb
@@ -43,4 +43,4 @@ nginx_site server_name do
   action :enable
 end
 
-nginx_certbot_site server_name
+nginx_certbot_site server_name unless node.chef_environment == "development"

From f5051d63522a04b6d452997f2da4ab7ccbab549c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 23 Apr 2019 14:12:16 +0200
Subject: [PATCH 16/54] Revert "Move the environment variables to an
 EnvironmentFile"

This reverts commit 79023a65f24b86a3fd357a3db7d3cb60e34852a9.
---
 .../kredits-github/recipes/default.rb         | 24 +++++--------------
 .../default/nodejs.systemd.service.erb        |  4 +++-
 2 files changed, 9 insertions(+), 19 deletions(-)

diff --git a/site-cookbooks/kredits-github/recipes/default.rb b/site-cookbooks/kredits-github/recipes/default.rb
index a79626f..d452416 100644
--- a/site-cookbooks/kredits-github/recipes/default.rb
+++ b/site-cookbooks/kredits-github/recipes/default.rb
@@ -41,7 +41,6 @@ user deploy_user do
 end
 
 path_to_deploy = "/opt/#{app_name}"
-environment_file = "/home/deploy/.kredits-github_environment"
 application path_to_deploy do
   owner deploy_user
   group deploy_group
@@ -67,22 +66,6 @@ application path_to_deploy do
     owner deploy_user
     group deploy_group
     mode '0440'
-    sensitive true
-  end
-
-  env = {
-    'LOG_LEVEL'        => "info",
-    'APP_ID'           => credentials['app_id'],
-    'PRIVATE_KEY_PATH' => "#{path_to_deploy}/github_app_key.pem",
-    'WEBHOOK_SECRET'   => credentials['webhook_secret'],
-  }
-
-  file environment_file do
-    content env.sort.map {|k, v| "#{k}=#{v}" }.join("\n")
-    owner deploy_user
-    owner deploy_group
-    mode '0440'
-    sensitive true
   end
 
   template "/lib/systemd/system/#{app_name}.service" do
@@ -95,7 +78,12 @@ application path_to_deploy do
       group: deploy_group,
       app_dir: path_to_deploy,
       entry: "/usr/bin/node /usr/bin/npm start",
-      environment_file: environment_file
+      environment: {
+        'LOG_LEVEL'        => "info",
+        'APP_ID'           => credentials['app_id'],
+        'PRIVATE_KEY_PATH' => "#{path_to_deploy}/github_app_key.pem",
+        'WEBHOOK_SECRET'   => credentials['webhook_secret'],
+      }
     )
     notifies :run, "execute[systemctl daemon-reload]", :delayed
     notifies :restart, "service[#{app_name}]", :delayed
diff --git a/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb b/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
index fb11e4b..68f7a05 100644
--- a/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
+++ b/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
@@ -6,7 +6,9 @@ ExecStart=<%= @entry %>
 WorkingDirectory=<%= @app_dir %>
 User=<%= @user %>
 Group=<%= @group %>
-EnvironmentFile=<%= @environment_file %>
+<% unless @environment.empty? -%>
+Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %>
+<% end -%>
 Restart=always
 
 [Install]

From 2cf611279bad5725094f3ec5a716ac66f730f8b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 23 Apr 2019 14:12:55 +0200
Subject: [PATCH 17/54] Make the systemd unit for kredits-github not world
 readable

This way the environment variables are kept secret. Only root can read
`/proc/$ID/environ`
---
 site-cookbooks/kredits-github/recipes/default.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/site-cookbooks/kredits-github/recipes/default.rb b/site-cookbooks/kredits-github/recipes/default.rb
index d452416..5412cf5 100644
--- a/site-cookbooks/kredits-github/recipes/default.rb
+++ b/site-cookbooks/kredits-github/recipes/default.rb
@@ -72,7 +72,7 @@ application path_to_deploy do
     source 'nodejs.systemd.service.erb'
     owner 'root'
     group 'root'
-    mode '0644'
+    mode '0640'
     variables(
       user: deploy_user,
       group: deploy_group,

From d162233e8dda85ddc5acf9d1f3925f941fa3e233 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Wed, 24 Apr 2019 17:50:45 +0100
Subject: [PATCH 18/54] Add Gitea config for hal8000

---
 .../kosmos-hubot/attributes/default.rb        |  1 +
 .../kosmos-hubot/recipes/hal8000.rb           | 55 ++++++++++---------
 2 files changed, 29 insertions(+), 27 deletions(-)

diff --git a/site-cookbooks/kosmos-hubot/attributes/default.rb b/site-cookbooks/kosmos-hubot/attributes/default.rb
index e67c2d1..9d27894 100644
--- a/site-cookbooks/kosmos-hubot/attributes/default.rb
+++ b/site-cookbooks/kosmos-hubot/attributes/default.rb
@@ -7,3 +7,4 @@ node.default['hal8000']['kredits']['network_id']    = '4'
 node.default['hal8000']['kredits']['wallet_path']   = 'wallet.json'
 node.default['hal8000']['kredits']['mediawiki_url'] = 'https://wiki.kosmos.org/'
 node.default['hal8000']['kredits']['github_repo_blacklist'] = '67P/test-one-two'
+node.default['hal8000']['kredits']['gitea_repo_blacklist']  = 'kosmos/test-one-two'
diff --git a/site-cookbooks/kosmos-hubot/recipes/hal8000.rb b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
index ef88bac..4b78f71 100644
--- a/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
@@ -85,33 +85,34 @@ application hal8000_path do
       app_dir: hal8000_path,
       entry: "#{hal8000_path}/bin/hubot -a irc",
       environment: {
-        # "HUBOT_LOG_LEVEL"           => "error",
-        "HUBOT_IRC_SERVER"            => "irc.freenode.net",
-        "HUBOT_IRC_ROOMS"             => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub",
-        "HUBOT_IRC_NICK"              => "hal8000",
-        "HUBOT_IRC_NICKSERV_USERNAME" => "hal8000",
-        "HUBOT_IRC_NICKSERV_PASSWORD" => hal8000_freenode_data_bag_item['nickserv_password'],
-        "HUBOT_IRC_UNFLOOD"           => "100",
-        "HUBOT_RSS_PRINTSUMMARY"      => "false",
-        "HUBOT_RSS_PRINTERROR"        => "false",
-        "HUBOT_RSS_IRCCOLORS"         => "true",
-        "HUBOT_PLUSPLUS_POINTS_TERM"  => "karma,karma",
-        "EXPRESS_PORT"                => "8080",
-        "HUBOT_RSS_HEADER"            => "Update:",
-        "HUBOT_AUTH_ADMIN"            => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao",
-        "HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
-        "WEBHOOK_TOKEN"               => hal8000_freenode_data_bag_item['webhook_token'],
-        "IPFS_API_HOST"               => node['hal8000']['kredits']['ipfs_host'],
-        "IPFS_API_PORT"               => node['hal8000']['kredits']['ipfs_port'],
-        "IPFS_API_PROTOCOL"           => node['hal8000']['kredits']['ipfs_protocol'],
-        "KREDITS_ROOM"                => node['hal8000']['kredits']['room'],
-        "KREDITS_WEBHOOK_TOKEN"       => hal8000_freenode_data_bag_item['kredits_webhook_token'],
-        "KREDITS_PROVIDER_URL"        => node['hal8000']['kredits']['provider_url'],
-        "KREDITS_NETWORK_ID"          => node['hal8000']['kredits']['network_id'],
-        "KREDITS_WALLET_PATH"         => node['hal8000']['kredits']['wallet_path'],
-        "KREDITS_WALLET_PASSWORD"     => hal8000_freenode_data_bag_item['kredits_wallet_password'],
-        "KREDITS_MEDIAWIKI_URL"       => node['hal8000']['kredits']['mediawiki_url'],
-        "KREDITS_GITHUB_REPO_BLACKLIST" => node['hal8000']['kredits']['github_repo_blacklist']
+        # "HUBOT_LOG_LEVEL"             => "error",
+        "HUBOT_IRC_SERVER"              => "irc.freenode.net",
+        "HUBOT_IRC_ROOMS"               => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub",
+        "HUBOT_IRC_NICK"                => "hal8000",
+        "HUBOT_IRC_NICKSERV_USERNAME"   => "hal8000",
+        "HUBOT_IRC_NICKSERV_PASSWORD"   => hal8000_freenode_data_bag_item['nickserv_password'],
+        "HUBOT_IRC_UNFLOOD"             => "100",
+        "HUBOT_RSS_PRINTSUMMARY"        => "false",
+        "HUBOT_RSS_PRINTERROR"          => "false",
+        "HUBOT_RSS_IRCCOLORS"           => "true",
+        "HUBOT_PLUSPLUS_POINTS_TERM"    => "karma,karma",
+        "EXPRESS_PORT"                  => "8080",
+        "HUBOT_RSS_HEADER"              => "Update:",
+        "HUBOT_AUTH_ADMIN"              => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao",
+        "HUBOT_HELP_REPLY_IN_PRIVATE"   => "true",
+        "WEBHOOK_TOKEN"                 => hal8000_freenode_data_bag_item['webhook_token'],
+        "IPFS_API_HOST"                 => node['hal8000']['kredits']['ipfs_host'],
+        "IPFS_API_PORT"                 => node['hal8000']['kredits']['ipfs_port'],
+        "IPFS_API_PROTOCOL"             => node['hal8000']['kredits']['ipfs_protocol'],
+        "KREDITS_ROOM"                  => node['hal8000']['kredits']['room'],
+        "KREDITS_WEBHOOK_TOKEN"         => hal8000_freenode_data_bag_item['kredits_webhook_token'],
+        "KREDITS_PROVIDER_URL"          => node['hal8000']['kredits']['provider_url'],
+        "KREDITS_NETWORK_ID"            => node['hal8000']['kredits']['network_id'],
+        "KREDITS_WALLET_PATH"           => node['hal8000']['kredits']['wallet_path'],
+        "KREDITS_WALLET_PASSWORD"       => hal8000_freenode_data_bag_item['kredits_wallet_password'],
+        "KREDITS_MEDIAWIKI_URL"         => node['hal8000']['kredits']['mediawiki_url'],
+        "KREDITS_GITHUB_REPO_BLACKLIST" => node['hal8000']['kredits']['github_repo_blacklist'],
+        "KREDITS_GITEA_REPO_BLACKLIST"  => node['hal8000']['kredits']['gitea_repo_blacklist']
       }
     )
     notifies :run, "execute[systemctl daemon-reload]", :delayed

From c186ebf703c1242d417e8fbc33587dd37704cce0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Thu, 25 Apr 2019 19:20:16 +0200
Subject: [PATCH 19/54] Update go-ipfs to 0.4.20

https://github.com/ipfs/go-ipfs/blob/v0.4.20/CHANGELOG.md
---
 site-cookbooks/kosmos-ipfs/metadata.rb        | 2 +-
 site-cookbooks/kosmos-ipfs/recipes/default.rb | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/site-cookbooks/kosmos-ipfs/metadata.rb b/site-cookbooks/kosmos-ipfs/metadata.rb
index fb9b758..046fb4c 100644
--- a/site-cookbooks/kosmos-ipfs/metadata.rb
+++ b/site-cookbooks/kosmos-ipfs/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
 license          'MIT'
 description      'Installs/Configures kosmos-ipfs'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.1.1'
+version          '0.1.2'
 
 depends 'ipfs'
 depends 'kosmos-base'
diff --git a/site-cookbooks/kosmos-ipfs/recipes/default.rb b/site-cookbooks/kosmos-ipfs/recipes/default.rb
index 7ee0e95..b61e129 100644
--- a/site-cookbooks/kosmos-ipfs/recipes/default.rb
+++ b/site-cookbooks/kosmos-ipfs/recipes/default.rb
@@ -24,8 +24,8 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-node.override['ipfs']['version'] = '0.4.18'
-node.override['ipfs']['checksum'] = '21e6c44c0fa8edf91a727f1e8257342a4c3a879462e656861b0a179e1f6a03f6'
+node.override['ipfs']['version'] = '0.4.20'
+node.override['ipfs']['checksum'] = '155dbdb2d7a9b8df38feccf48eb925cf9ab650754dc51994aa1e0bda1c1f9123'
 include_recipe "ipfs"
 
 # Configure ipfs

From ed8a8f1225dfdd41dbb26e6476c38bfd592f5015 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Fri, 26 Apr 2019 15:58:37 +0200
Subject: [PATCH 20/54] Update the ipfs cookbook to set a maximum number of
 files

The default is too low and was treated like a low disk space alert by
ipfs and ipfs-cluster, set it to 64000

Closes #44
---
 Berksfile      | 2 +-
 Berksfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Berksfile b/Berksfile
index 5f06173..190ad23 100644
--- a/Berksfile
+++ b/Berksfile
@@ -55,4 +55,4 @@ cookbook 'homebrew',               '= 3.0.0'
 cookbook 'mariadb',                '= 0.3.1'
 cookbook 'ipfs',
          git: 'https://github.com/67P/ipfs-cookbook.git',
-         ref: 'v0.1.2'
+         ref: 'v0.1.3'
diff --git a/Berksfile.lock b/Berksfile.lock
index e1f5daa..7200bd8 100644
--- a/Berksfile.lock
+++ b/Berksfile.lock
@@ -19,8 +19,8 @@ DEPENDENCIES
   hostsfile (= 2.4.5)
   ipfs
     git: https://github.com/67P/ipfs-cookbook.git
-    revision: 78d3edfd78c56a25494ac84528e152762f38b3be
-    ref: v0.1.2
+    revision: c6853c4d09fe9ff1f15b69b57116ba5f8d0ed939
+    ref: v0.1.3
   logrotate (= 2.2.0)
   mariadb (= 0.3.1)
   mediawiki
@@ -100,7 +100,7 @@ GRAPH
   hostname (0.4.2)
     hostsfile (>= 0.0.0)
   hostsfile (2.4.5)
-  ipfs (0.1.2)
+  ipfs (0.1.3)
     ark (>= 0.0.0)
   logrotate (2.2.0)
   mariadb (0.3.1)

From 696d7cd561ed2084c66b405234e04c248e00a2cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Fri, 26 Apr 2019 16:54:02 +0200
Subject: [PATCH 21/54] Set up kosmos-hubot to use ipfs-cluster

That way a new document will be added and pinned on all members of the
cluster

Fixes #46
---
 site-cookbooks/kosmos-hubot/attributes/default.rb | 4 +++-
 site-cookbooks/kosmos-hubot/metadata.rb           | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/site-cookbooks/kosmos-hubot/attributes/default.rb b/site-cookbooks/kosmos-hubot/attributes/default.rb
index 9d27894..69ecded 100644
--- a/site-cookbooks/kosmos-hubot/attributes/default.rb
+++ b/site-cookbooks/kosmos-hubot/attributes/default.rb
@@ -1,5 +1,7 @@
 node.default['hal8000']['kredits']['ipfs_host']     = 'localhost'
-node.default['hal8000']['kredits']['ipfs_port']     = '5001'
+# Use the running ipfs-cluster, so adding documents adds and pins them on all
+# members of the cluster
+node.default['hal8000']['kredits']['ipfs_port']     = '9095'
 node.default['hal8000']['kredits']['ipfs_protocol'] = 'http'
 node.default['hal8000']['kredits']['room']          = '#kosmos'
 node.default['hal8000']['kredits']['provider_url']  = 'https://rinkeby.infura.io/v3/c5e74367261d475ab935e2f0e726482f'
diff --git a/site-cookbooks/kosmos-hubot/metadata.rb b/site-cookbooks/kosmos-hubot/metadata.rb
index bbd1a5b..6458988 100644
--- a/site-cookbooks/kosmos-hubot/metadata.rb
+++ b/site-cookbooks/kosmos-hubot/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
 license          'MIT'
 description      'Configures Kosmos chat bots'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.1.0'
+version          '0.1.1'
 
 depends 'kosmos-nodejs'
 depends 'kosmos-redis'

From 61607f77c4f67aa1274c5fca8f3d9be4bff5ddcc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 30 Apr 2019 12:58:10 +0200
Subject: [PATCH 22/54] Update ipfs-cluster to 0.10.1

ipfs-cluster-ctl commands such as `pin rm` now work

Closes #48
---
 site-cookbooks/kosmos-ipfs/metadata.rb        | 2 +-
 site-cookbooks/kosmos-ipfs/recipes/cluster.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/site-cookbooks/kosmos-ipfs/metadata.rb b/site-cookbooks/kosmos-ipfs/metadata.rb
index 046fb4c..0803761 100644
--- a/site-cookbooks/kosmos-ipfs/metadata.rb
+++ b/site-cookbooks/kosmos-ipfs/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
 license          'MIT'
 description      'Installs/Configures kosmos-ipfs'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.1.2'
+version          '0.1.3'
 
 depends 'ipfs'
 depends 'kosmos-base'
diff --git a/site-cookbooks/kosmos-ipfs/recipes/cluster.rb b/site-cookbooks/kosmos-ipfs/recipes/cluster.rb
index 82a3478..5de8619 100644
--- a/site-cookbooks/kosmos-ipfs/recipes/cluster.rb
+++ b/site-cookbooks/kosmos-ipfs/recipes/cluster.rb
@@ -24,7 +24,7 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-node.override['ipfs']['cluster']['version'] = '0.9.0'
+node.override['ipfs']['cluster']['version'] = '0.10.1'
 
 include_recipe "ipfs::cluster"
 include_recipe "ipfs::cluster_service"

From 9284b4fe85f0b039f9fcaf6299d4653fe801e4d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Thu, 2 May 2019 11:33:53 +0200
Subject: [PATCH 23/54] Add the missing kredits-web::nginx recipe for barnard

This was causing the firewall rules for ports 80 and 443 to be deleted

Refs #35
---
 nodes/barnard.kosmos.org.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nodes/barnard.kosmos.org.json b/nodes/barnard.kosmos.org.json
index 67856da..3dfacc5 100644
--- a/nodes/barnard.kosmos.org.json
+++ b/nodes/barnard.kosmos.org.json
@@ -1,7 +1,8 @@
 {
   "run_list": [
     "role[base]",
-    "kredits-github"
+    "kredits-github",
+    "kredits-github::nginx"
   ],
   "automatic": {
     "ipaddress": "barnard.kosmos.org"

From 64a3444c40a6d303378c96ca6352055f7638021e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Thu, 2 May 2019 12:40:38 +0200
Subject: [PATCH 24/54] Use the kredits_github role on barnard

This sets up the app and its nginx reverse proxy
---
 nodes/barnard.kosmos.org.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/nodes/barnard.kosmos.org.json b/nodes/barnard.kosmos.org.json
index 3dfacc5..f2a8ce5 100644
--- a/nodes/barnard.kosmos.org.json
+++ b/nodes/barnard.kosmos.org.json
@@ -1,8 +1,7 @@
 {
   "run_list": [
     "role[base]",
-    "kredits-github",
-    "kredits-github::nginx"
+    "role[kredits_github]"
   ],
   "automatic": {
     "ipaddress": "barnard.kosmos.org"

From 5bb34554a7327d643efda3d0c61423edb6d2f248 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Fri, 3 May 2019 10:55:02 +0200
Subject: [PATCH 25/54] The nginx_certbot_site resource does nothing in the dev
 environment

No need to check for the environment in recipes that use the resource

Closes #54
---
 site-cookbooks/kosmos-mediawiki/recipes/default.rb          | 2 +-
 site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb | 2 ++
 site-cookbooks/kredits-github/recipes/nginx.rb              | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/site-cookbooks/kosmos-mediawiki/recipes/default.rb b/site-cookbooks/kosmos-mediawiki/recipes/default.rb
index 488f14d..9503785 100644
--- a/site-cookbooks/kosmos-mediawiki/recipes/default.rb
+++ b/site-cookbooks/kosmos-mediawiki/recipes/default.rb
@@ -101,7 +101,7 @@ nginx_site server_name do
   action :enable
 end
 
-nginx_certbot_site server_name unless node.chef_environment == "development"
+nginx_certbot_site server_name
 
 #
 # Extensions
diff --git a/site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb b/site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb
index de6fc30..de17158 100644
--- a/site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb
+++ b/site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb
@@ -6,6 +6,8 @@ property :domain, String, name_property: true
 property :site, String
 
 action :create do
+  return if node.chef_environment == "development"
+
   include_recipe "kosmos-nginx"
 
   domain = new_resource.domain
diff --git a/site-cookbooks/kredits-github/recipes/nginx.rb b/site-cookbooks/kredits-github/recipes/nginx.rb
index 1ebec48..54b576a 100644
--- a/site-cookbooks/kredits-github/recipes/nginx.rb
+++ b/site-cookbooks/kredits-github/recipes/nginx.rb
@@ -43,4 +43,4 @@ nginx_site server_name do
   action :enable
 end
 
-nginx_certbot_site server_name unless node.chef_environment == "development"
+nginx_certbot_site server_name

From 37aa87df5e66c2af4da2d55361b2bab02b67f742 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Fri, 3 May 2019 10:58:39 +0200
Subject: [PATCH 26/54] Add a missing dependency on the zlib1g-dev for the
 backup gem

Fixes #56
---
 site-cookbooks/backup/metadata.rb        | 2 +-
 site-cookbooks/backup/recipes/default.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/site-cookbooks/backup/metadata.rb b/site-cookbooks/backup/metadata.rb
index fb8bbce..d364631 100644
--- a/site-cookbooks/backup/metadata.rb
+++ b/site-cookbooks/backup/metadata.rb
@@ -3,7 +3,7 @@ maintainer_email 'mail@kosmos.org'
 license          'MIT'
 description      "Installs/configures backup via the Backup gem"
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
-version "0.5.0"
+version "0.5.1"
 name "backup"
 
 depends 'logrotate'
diff --git a/site-cookbooks/backup/recipes/default.rb b/site-cookbooks/backup/recipes/default.rb
index bf6db5a..a7f215b 100644
--- a/site-cookbooks/backup/recipes/default.rb
+++ b/site-cookbooks/backup/recipes/default.rb
@@ -26,7 +26,7 @@
 build_essential 'backup gem'
 
 # Don't try to install packages on older Ubuntu, the repositories are 404
-package ["ruby", "ruby-dev"] if node[:platform_version].to_f >= 16.04
+package ["ruby", "ruby-dev", "zlib1g-dev"] if node[:platform_version].to_f >= 16.04
 
 gem_package 'backup' do
   version '5.0.0.beta.2'

From 4fe3b8e8e7a2f29ce5958f131b11281d71f6818c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 7 May 2019 14:10:07 +0200
Subject: [PATCH 27/54] Move botka and hal8000 from dev to barnard

Refs #51
---
 nodes/barnard.kosmos.org.json | 4 +++-
 nodes/dev.kosmos.org.json     | 1 -
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/nodes/barnard.kosmos.org.json b/nodes/barnard.kosmos.org.json
index f2a8ce5..d1aa027 100644
--- a/nodes/barnard.kosmos.org.json
+++ b/nodes/barnard.kosmos.org.json
@@ -1,7 +1,9 @@
 {
   "run_list": [
     "role[base]",
-    "role[kredits_github]"
+    "role[kredits_github]",
+    "kosmos-ipfs::cluster",
+    "kosmos-hubot"
   ],
   "automatic": {
     "ipaddress": "barnard.kosmos.org"
diff --git a/nodes/dev.kosmos.org.json b/nodes/dev.kosmos.org.json
index d9d39ae..5d6bac0 100644
--- a/nodes/dev.kosmos.org.json
+++ b/nodes/dev.kosmos.org.json
@@ -2,7 +2,6 @@
   "run_list": [
     "role[base]",
     "kosmos-redis",
-    "kosmos-hubot",
     "5apps-xmpp_server",
     "5apps-hubot::xmpp_schlupp",
     "5apps-hubot::xmpp_botka",

From 4b0818177daefbfec113007a985dfc7a295aa3fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 7 May 2019 14:35:53 +0200
Subject: [PATCH 28/54] Use an unreleased version of our ipfs cookbook to lower
 RAM usage

---
 Berksfile      | 2 +-
 Berksfile.lock | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Berksfile b/Berksfile
index 190ad23..57bd762 100644
--- a/Berksfile
+++ b/Berksfile
@@ -55,4 +55,4 @@ cookbook 'homebrew',               '= 3.0.0'
 cookbook 'mariadb',                '= 0.3.1'
 cookbook 'ipfs',
          git: 'https://github.com/67P/ipfs-cookbook.git',
-         ref: 'v0.1.3'
+         ref: 'feature/reduce_memory_usage'
diff --git a/Berksfile.lock b/Berksfile.lock
index 7200bd8..f3b43e5 100644
--- a/Berksfile.lock
+++ b/Berksfile.lock
@@ -19,8 +19,8 @@ DEPENDENCIES
   hostsfile (= 2.4.5)
   ipfs
     git: https://github.com/67P/ipfs-cookbook.git
-    revision: c6853c4d09fe9ff1f15b69b57116ba5f8d0ed939
-    ref: v0.1.3
+    revision: 76d60b87dda0b4fb1693fc1693e88d4582a584b2
+    ref: feature
   logrotate (= 2.2.0)
   mariadb (= 0.3.1)
   mediawiki

From 14f0fbc7bef72ec79ea4fc8c83badd621a8a17b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 7 May 2019 14:41:57 +0200
Subject: [PATCH 29/54] Use the last commit of the ipfs PR

---
 Berksfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Berksfile.lock b/Berksfile.lock
index f3b43e5..1d1458f 100644
--- a/Berksfile.lock
+++ b/Berksfile.lock
@@ -19,7 +19,7 @@ DEPENDENCIES
   hostsfile (= 2.4.5)
   ipfs
     git: https://github.com/67P/ipfs-cookbook.git
-    revision: 76d60b87dda0b4fb1693fc1693e88d4582a584b2
+    revision: 5303612854159bd1e37690d6408a1d8a3f2597a3
     ref: feature
   logrotate (= 2.2.0)
   mariadb (= 0.3.1)

From 36e8950eba25b0aa6c52c9632540e1c6dc373eee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 7 May 2019 14:56:40 +0200
Subject: [PATCH 30/54] Update ipfs again, to fix a bug in the ipfs_config
 resource

It could not handle integers
---
 Berksfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Berksfile.lock b/Berksfile.lock
index 1d1458f..da37d29 100644
--- a/Berksfile.lock
+++ b/Berksfile.lock
@@ -19,7 +19,7 @@ DEPENDENCIES
   hostsfile (= 2.4.5)
   ipfs
     git: https://github.com/67P/ipfs-cookbook.git
-    revision: 5303612854159bd1e37690d6408a1d8a3f2597a3
+    revision: 5aa50ecc7eca5c7f113492057ca3bc8158e5154c
     ref: feature
   logrotate (= 2.2.0)
   mariadb (= 0.3.1)

From c4d5a2c6bbbcbd53acead785157456947a8d3908 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Tue, 7 May 2019 14:57:47 +0200
Subject: [PATCH 31/54] Remove the ipfs cluster recipe from dev's run list

---
 nodes/dev.kosmos.org.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/nodes/dev.kosmos.org.json b/nodes/dev.kosmos.org.json
index 5d6bac0..041142f 100644
--- a/nodes/dev.kosmos.org.json
+++ b/nodes/dev.kosmos.org.json
@@ -7,8 +7,7 @@
     "5apps-hubot::xmpp_botka",
     "kosmos-mastodon",
     "kosmos-mastodon::nginx",
-    "sockethub::_firewall",
-    "kosmos-ipfs::cluster"
+    "sockethub::_firewall"
   ],
   "normal": {
     "postgresql": {

From 9811490aada70ef3e6e4c051ff695b6e31f59617 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Tue, 7 May 2019 15:11:26 +0200
Subject: [PATCH 32/54] Add self-contained maintenance web page

This can be used for any of our services when doing planned maintenance
or migrations.
---
 .../files/default/maintenance.html            | 40 +++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 site-cookbooks/kosmos-base/files/default/maintenance.html

diff --git a/site-cookbooks/kosmos-base/files/default/maintenance.html b/site-cookbooks/kosmos-base/files/default/maintenance.html
new file mode 100644
index 0000000..1ef576c
--- /dev/null
+++ b/site-cookbooks/kosmos-base/files/default/maintenance.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Down for maintenance</title>
+    <meta content='width=device-width, minimum-scale=1.0, maximum-scale=1.0' name='viewport'>
+    <style type="text/css">
+      *              { margin: 0; padding: 0; }
+      html, body     { height: 100%; }
+      body           { display: -webkit-flex; display: flex; align-items: center; background: #232323; font-family: monospace; font-size: 16px; color: #ccc; text-align: center; text-rendering: optimizelegibility; }
+      main           { display: block; margin: 2rem auto; padding-bottom: 4rem; width: 500px; max-width: 80%; }
+      h1             { font-size: 2rem; font-weight: 500; margin-bottom: 2rem; }
+      p#logo         { margin-bottom: 3rem; }
+      p#logo img     { width: 6rem; height: 6rem; }
+      p              { line-height: 1.4em; margin-bottom: 1rem; }
+      p:last-of-type { margin-bottom: 0; }
+      nav            { display: block; padding-top: 3rem; font-size: 14px; }
+      nav ul         { display: inline; }
+      nav ul li      { display: inline; margin: 0 0.5rem; }
+      nav a          { color: #888; text-decoration: none; }
+    </style>
+  </head>
+  <body>
+    <main>
+      <p id="logo">
+        <img alt="Kosmos" src="data:image/svg+xml;base64,iVBORw0KGgoAAAANSUhEUgAAAcwAAAHMEAYAAAAIS0TFAAA/LklEQVR4nOzdd2BW5f3//zsDCCAgMpU9HICIgrhZ4t57orVqW6utddYtuIuCW0BxACIqIChLNmHIkCWyZYUhZSZsyP59f5/X+1hFIhnnPtc9no9/niUJyZsKSa6cc64rMQQAAAAAgA9YYAIAAAAAfMECEwAAAADgCxaYAAAAAABfsMAEAAAAAPiCBSYAAAAAwBcsMAEAAAAAvmCBCQAAAADwBQtMAAAAAIAvWGACAAAAAHzBAhMAAAAA4AsWmAAAAAAAX7DABAAAAAD4ggUmAAAAAMAXLDABAAAAAL5ggQkAAAAA8AULTAAAAACAL1hgAgAAAAB8wQITAAAAAOALFpgAAAAAAF+wwAQAAAAA+IIFJgAAAADAFywwAQAAAAC+YIEJAAAAAPAFC0wAAAAAgC9YYAIAAAAAfMECEwAAAADgCxaYAAAAAABfsMAEAAAAAPiCBSYAAAAAwBcsMAEAAAAAvmCBCQAAAADwBQtMAAAAAIAvWGACAH6l9HS12ha3cwAAAAAAolzpk9WpNdReU9RL6qmV/2pveH2gYwEAAAAAok57ZehJan6+ta26tr764jS18d32+5YEMBsAAAAAIPp0vV39ZYF5cJ9Vt96rPp2jVn7L3kH7cE8IAAAAAIgKd92pFrjAPKh516hLl6qPjFBr9bZ32D5ckwIAAAAAIlrbNqp3a2xhF5q/LDgnqOv6qq9+rx43QE1o5v/MAAAAAIAIVPcidV9rtagLzIJuqd22Ve3SVK26yD5ge78mBwAAAABElJTG6oKr1BIvMA/uMerGs9TPrlRvsuOzqt9ngwwq0R8DAAAAAOCcXWHsYceR+L7ALOTmQU8dq1ZeUPw/CgAAAAAgAtyRpnrPVAa20Dxo86DF76oPP6Qe85MN2KWIfyAAAAAAgBsnP6Du3asGvcAsaPOg9Q3Vl15SG9qut2weBAAAAAARquIV6upVqusF5u86Ud2yRX32WrVKlcL9+QAAgJ+SXA8AAIhk2bXUDmvV4y9yN8shNVDKl1fb2660V1Wyl3dT0+zNd79j/6NP+EcDACD+JLgeAAAQDe57T33XrhiGBjsbpWg6K+lHq9My1GFl1OFdVe8KKAAAAAAgzE7cpu49VXV+a6xPXXuH+uBOtcaN9gdODQEAAAAAwqFiRfWn91XXC8NwbR60zm65fbGj2vhuNeG5EAAAAADAD4n2SMXgQarrBWFgmwc1UXvVUBtlhgAAAAAAfnhkhOp8Aeio679VH9ql1lqhJrCnAQAAIXaRBQAUSa5tjnPL+WqpUu5mcaFiY/XCb9Q/2cLzzLlq+UfVDSnqvuXBzQYAAAAAUaVCd3WZbYbj+opixNVurU17Vb1/iFpjqRrqEgIAIPbdZN8oNO6vlnnFXtHexTQAgIjVRRk0UHW+oIv0tlXX3K4++6zawM4V5dZaAEBM2r9PTU9XZ9tPXt9ZqF5nB1dX36qymx4AxLeHh6v5tmByvpCLltoVzk3Hq+9eq9bbo/KDXQBATFhoC8mCviDmjlc3vK5+Zs+g3NVQPWGTWvZie4ftwzUpACASnJOjZj2hOl+4RWttwbn2NfXBB9RjjlG5pRYAEJW6dVOLe+vPzq/VOXPUN2wh2m6LWs6uiLLwBIDYUO16deOxqvOFWozUO49z7R3qKy+rjTeoCR1CAABEvpNvUXf8S/XrC2VWqrruz+qY9Wq38uqtt6rNT1SPOMIGalrcPwkAIAiJ9uz+UNvExvXCLGZrtyDv3KGOq6Te0katdKYasvNJAQCICInnql9uVoP+App7jurtSvjmleqls1Vv973E54v25wIAhNffPledL8Tirfbs5qoP1S6d1fppKlc6AQAR4Sr7yWhOtur6C2jOU+rGv6jDHlT/dZJ6rN2alfxi4f58AAB/tR6pZmaqrr9uxG3tkZVNf1O9Tfq8zYMS7U4hAAACdeRV6rJlqvMvmAXVNkXIqKmOsl1wvV0NT31ErVDB/mBdDvWnBQCUVJV31M222Zvzrw/0N11bTn11jXr0zSp7IgAAgtFFeek81fUXxuIuPPe1VpdUsz/PUPVke4al3CX2500NAQBKwHvEYu5+1fnXAXronqCmpanP2/mb9e9QuaUWABBW3qY73u6wzr8wlrS2ScI+u9K5ZIna8wb1qh/U2p1Ub/MKAEDhfMGzmNFV+7q4xfZe6PGe2rBfCAAA/yUlqb16qs6/EIa5eXbg9Q67cjstTe2aot6UqDb5Ui1vV0gTmoUAAP/PY8mq68/ntGTd1kPt95h6rT3LWc3uCArZD2gBACiWE+yZmowM1fUXPtfNPktd/ZH62d3q5fYT36N+VBMmhwAgrlxwgeptNuP68zX1qXalc7PdYuvt8n7iYJXNgwAARZLUUR18n+r8C12ENmeBurKW2re+evNytWFDtVQplXM+AcSahgfUA1bXn5dpeOudm/3Ky2oN79GSLiEAAA7vYrtVNPc41fUXtmhpnh2EnXG/Orm9+nfbjKjOKrXU+SEAiGrlXlXXNVBdf/6lwTQvT037RH3ezqtuYH8PuKMHAHBIR8xR19yuuv6CFu31viBv/4c63s77fKSV2sqOW0m5LQQAUSHRnlUfYZ/HXH+epY7q3VL7hfqOHWNz0hDV+3sCAMD/6Xa06vwLWKx2kZo5T11mz7b0/bf6L3sWtq3t+lejhpr8ohqqHQIAp+5LVb2FhvPPqzQiuq+eOsy+vl1juw5XraIm2LEpAIA4c355NWeA6voLVtzUdq/NzFTXfauOsgO0X2qhXlRRrW7PzCbZT4wBICin29eJ/bNV558/aWS1m+rtVvuVLSzvGKnWeUhNqBMCAMSDFHsWc659gXD+hYr+tteq2+z4lInPqE+OVVs/qlaooLLdPAC/VbhcXfyu6vzzIo2qZpyk/qeM2sReHmofAgDEsvsGqWxHHyW1TYUyH1eX3qC+vEJteYrqfWPILoAAisu71bF/I9X55z8anbUfmG6+R33Wvo416KsmPBcCAMSSo99X1/ZRnX8hoiXq/tPUH99S36uqXvG6etTfVDZnAFBY9w5U+UEk9bOb7NnNt+3r1Um2SztfnwAgynk/oX7tNdX1FxwanubY7rYr7fzOfpepF12oVrteTZwSAoDfOPURdd9e1fXnMxqb3blTfXWEWqOnyqZBABClGtjupmvvUF1/oaHBNPdHNd12sZ05U+1pmzbceovayDYlSrFjV0JNQwDiRPnW6iJ2k6VB9AF1azt1kH29ud32jqg9Q+XWWgCIEo+eqnIrFP11vVtvFy1Ue9gVz0u+V71brRO/CgGINV0U7xxE15+PaJzWnt1Mt68zfeqpxx+nhlJDAABf+XQLSa3e6qyL7de1/Hm/iE3eDyI2naCOPUv9ook6/w11q+2Gm/dscLMB8NcNtlv1F/bsXMLz7mYBPN7mQe/angP9j1XXrlXzOwc/EwDgV355JpNzz2gJmnO2us6+wA+28zz/0lg99jO1lD0TCiDyef9ud9lu1a4/z1D6m9oVzv/+VX3bHgFpukVljwEAcKyZPfOQYbu6Of/CQWOieXnq7mHqiFZqp05qwwZq6ZdDACJM2VnqgiNV159PKP3D2oJz58mqd9xOM3vEg2O8AOBwfN5lLamj2jdNvXWlv+8f+I12SrodzP2j/eR5/DnWXHv52+r+/cGNBsCkKh/WVu9q5GwSoNg228Lz/WlqX7vTZs0nqrdABQCEyYlL1V0XqM5/Iknjq4vUrP7qiipq30vVfx2ttpmg1tiuJtULAQiT6+zfZ0626vzzBKXF6ZfqTtt7YvQ69b731GPs60ti3RAAwFepytChqvMvCJQeqrbZ0LZt6pCb1BtvVOvaNwhJSSEAJVTnNnXTJtX5v39Kw9Cf71Z7tFfrfqxyay0A+ORO+8me60/4lBaluXZr7Wbb5XakHRT/oD2T0yJDTbFvmAEcXvJ56rQXVNf/zikNa2338w2fqt3Kq00HqvzgEgCKqZ5dAcpIV51/wqe0JLVncPaNVFPbqf+w41ROtCuh5cqFABTg1a6q83/PlDpoxhC17x1qU9sckSucAFBIiYnqADtfyvUndkrD2d0t1dmXqF1t98xzO6gVKqh8I4F4dtkc1btTwPW/W0pddlNltfMktd4aNeG5EABEKZ93kS1IG9vVc8wTatlLgvm4QCTIGacuPVcdmqyOfUpd0kPdYbfg5k8KbjYgaHVvVxfbAfdHdHc3CxAxOitb7Irml3YOZ+8V6pLqau4zwY4FAEUX0AIz2b6h7mW7dd613l7RLJiPD0Si3KvVLe3VZbbJ0A92xT91uDrbnlnbat9g5Cywd7Ak3BMC/kuyv89z7ZbzFhPdzQJEun2z1fm2K3qf5erQfep2O3c8dH2gYwFA5Gh0l7qZXQQpPXxtk6GdD6jTS6nerVTnnK2Wt/PYgGjy0QzV+b8zSqOpdkzKRvtBZLduapPNauLzIQCILwmT1ffsvCjnn6gpjeJmPq5+f7H6+AG1dWu1vO1aGGofAiLOI7YJnOt/R5TGQrcPVvukqWecoSZ+FQKAgAV0i+zBTjlF9XbhrPiGmzmAmDJJ2b9fXWHP7ky17fBH2ctnDlPT7dgINh2CC5c8oo58ze0cQCzaO0LtZ884d/2Tus47Pq5z8DMBQFh5z+B8abcAuv7JH6XxUG/XzmUnqt5xEee9qFZdpLJ7IYLQKFPdb8+Suf73QWlM1j6v//ev6hvz1eb/VDmPE4D/HF3B9LS1g4jHjlHLzHQ3CxCvvF1u1zdSp9uzcd/aFc8JtjDdbM/48JNv+KH8HeqPOWrDT52NAsSdnbZr+TDbTO6VOuoKe9Y/Jyf4mQDAF8k3q713qM5/0kcp/V/tDoP0surEo9TuR6i32L/fZoPUlG1qqHYIODz7e9P7GNX533dK47g77Qf+4+1KZyd7lKnWTjXhhhAARJcGfdUdR6uuP9FSSgtfb7OhH65U37IromedpVaYq4ZSQ8DvXG4/sMjJVl3/faaU/r/a8UHb7ZGKj29TW+9Vk5qHAKAAjm+R9XjPfI1co178ibtZAJTQYiXLzm1bU0+dbLtIjx6tTntJ3WpXsliAxqdathnVwrfVym+7mwXAH9v3qPpJffU1O6dzXUOVRygARMwC0/O3c9ReU93OASB88u1WrFUp6rcV1NGPqXMuV7dutbefFNxsCF6p79SJz6jnTHA3C4Ci8TYP+vJetbf9wGhZLzVvYvAzAcBv1LefjO2ye/+d3yJCKQ2s2XaL5No71MHN1Lts85fatvlQ4rkhxJIuyku20HT995BSWox6t9Tas/j9+qln2CMUSUNCAOJGhF3BTLBntrras1yPfm+vGOxkHACRYKCy41t1oT2zN9+OuZhn2+7Pu0JNO03dvcR+/0NhnxA+OHODOqmNWma1u1kA+CPLPi9PmaL2qa9OmKRurqJ6C1UACJuaN6mrPlSd/2SOUhrxzXpCXfdntYfdYtvGjlk58io1IcJ+sAYpb89y/fiW6vrvE6U0DLVHJLbZs/fe5kGt7LiU5PNCABBenduq3ick558YKaXRUztgPOtM9afl6kf2g6sbq6vVbfOhxMQQXEpV3rcfMDr/+0MpDay77U6TIXYrrbfgDLUPAYC/6t+hbvxZdf0JkFIaO80dr65uqQ44Vr34YrVmDZVnPoN18/uq99/H9d8TSmnw3f4Ptdul6vH/Vfl8DESDSL9VLFXpZs9cPbzLXt7BxTAA4oG3sNm8WZ1pC85v7dnOsU+p6+9SvW+I4I/Gd6uzL1GPvNrdLAAcm6RkDFW/3qG+f4s6x85Rz/0i2LEA/JFIX2Ca449Tp9kug1WrupsFQJyyb3Q2DlAn5qljbHOy6dPVdXeqOecEN1osKV1KndpRPe1bd7MAiEx7R6h97fNDH7vSOaebyvFWAA4r4Qb1KTvGIO8a1fUtHJRSmmcLzd271UUnqJ8eUO8eozaxty9/hxq6PoRDaar8u4+a733DGCH/vSmlEVS78LDHPv+OPFX9W2W1oZ2vnPh8CEBgouQKpqey3So1xTblOHG7u1kAoCi8zYbWNlCn2W6JY8aqM+ycz/W2IM1vEtxskaiJ/fnnXa6mdHU3C4Do5P3gb6x9nn3pZHV+f3uDLkFPBMSDKFtgeu6z7a3ffcZesNTZKABQInl27uP25up428zis7PVuXYFb4t93strG9xsLpUtqy62hWaDue5mARAb0v+pflTXaruKr6it5k0MfiYg9kTptvxf2uYbm/7udg4AKKnEqWq1HurNtpnFsJ3qHNvkbJCd6/mXz9R69dTkoeGf0YX9p6tLbnQ7B4DYcdQ76qN2K+300uqHttA8bZTKeZxASUTpFUzvloZPH1c7lXE2CQAEynv2aNPb6hy75fazjerMi9SfbSGa83Rws4XDy3ZL2xPz3c4BIPbteVgdZ3t+vGALzfmV7A3aBz0RgMBdu1DNf9bq+mFzSil11F9utT1RHW/HrXg/qT8+V02yK6bR4rovVdf//1JK46/pdu5m9+5qs2ZqUlIIQIGi9QqmqTBandpTbfG1u1kAIJLtsU0ulk9Qf7ArnHM/VefbFcLly9Udi9T86cHMV5C6tov4Ijv/rsIYd7MAiG97H1HnXKaOTFNHrVWXHqnmPRDoWECEifIFpucau1XsSzseIPl8d7MAQDTKs03Ttm1TR9sP8D6zcz/nVVS32yYZQZ0zl2SbH415Q+3YMZiPCwCFlWmPbA2wz5cvXaCuXq1yLifiS4wsMMu9qk7IUc94wt0sABBLcmw32w12xXPOHHW0nfM5xW4hW2XHAeSdEJ45HrGD1V/73l7wXHg+DgAU22Jly3XqV/YDsvftzpCFVVV2q0Vsi5EFpueWD9R+d6rcIw8A4eE9+77TdruddK86wDYV+v4SdaNtPlTSzYZOtkcgZtgtu5yLCSBa7LTPX0Nt07KXbPOg1faMfN6Xwc8EhE+MLTArzlMn2Tc+LYe7mwUA4pG38Nxmmw3NtVtrR52mTrVNhpYOVjP7F+79lrMrl1Mmq60eKdmcAODKersQ0v9Jtbs9kuA9ggBEtxi7wpf5vppnuyVeZrt9JTR0Mw8AxJuEDmp5+/zbuLF68Uy10zi141dq8k/qbrvFdredU5dnzy6F0pTsFWrdP6lt6/o5NQAEp9KV6jn2+fDyM1TvTo8Vt6re97VAdImxK5ieI+wn5V/brQgd+QcKAJHJnlXa10/dUEFdcLw6+XZ12o9qit2ZMvp09cjx4R8RAIKQf626zj4PfvON2ut+delSe8NBgY4FFFGMLjA9Z9gtB6lb1DK3uZsFAFB82XbMykbbpbGqbZZRvpubeQAgKOnp6uv2yEGvZer25m7mAf5YjC8wk19Uv5umnvatu1kAAACA4sq33WeXHa2+bMfyfTVE3X968DMBv5foeoDw8u5l/6al2zkAAACAkkiwY6GaNFE/SVNHPKy2a2tvNzjQsYCDxPgVTM9JtpnRrD1qSoq7WQAAAAC/7bHvc1+wW2fftEcKss5yMw/iVYztIluQrT+rjWxXrpNL2SuaORkHAAAA8FXp0mpHW1heaMc7hbYqaeXV/fsDHQtxJ06uYHrq91FnvqLWWOZsFAAAACD8OiurVqnP2HF+3rObWVnBj4RYFuPPYB5sbV+1/wa3cwAAAACBeE5p1F/tu1btZ98XH3108CMhlsXJLbK/SFPWNlRvrK6W51ZZAAAAxIGku9QTT1TPPFOdYhee0u04FO/7ZqBo4m2BabzzhOrlqadVs1c0cDIOAAAA4ESdOuo1D6rptknQ0p5q7kfBz4RoFme3yHry89WeS9WMDHezAAAAAK7Vtmc0e9dSP7aFZb26buZBtIrTK5iebR3U0tlq+/fUhBvdzAMAAAC4lNRRPamRetMUdVcXNS1H3b8i0LEQNeJsF9mCHPmDOrm9ehJXNAEAAIBf5B2vfmdXOG/prW5o7GYeRCoWmL9xzya1R6rKlUwAAADgVxYry+zK5j+2qxPbqvntgh8JkSTOb5E92Jo1aqdz1IqN3M0CAAAARBw7haFqa/XqB9Q8W2DOO0nNGR/sWIgUcbrJT0G2209gxo51OwcAAAAQDSrMU1+apvaz4wArs8CMU9wie0iX2XElw2w3rQT+fwIAAAAOb5Iy0I4BvPOAure1m3EQNK5gHtLEW9WZF7qdAwAAAIgqdkrD9c3USQvVy+aoycnBj4QgcWXuD51nz6gO36OmpLibBQAAAIhWOU+pvTupTz6p7vjazTwIF65g/qHJtjtWKrthAQAAAMWW/JL693vUgfeq9es7GQdhwwLzD2Wfrb5RSc06090sAAAAQNSbrJxvt8oOb6k2fMzNOPAbx5QUyoZj1bPOUht1dDcLAAAAEPVsU83qdu78Sc3VYXXUA6ODHwl+4ApmoWSOUZ+2S/oZLDABAAAA33Tor05so170kJq4zM08KC6uYBbJli1qkyZqi3R7RTMn4wAAAACxwe4UrGnfX595p7r5XXXZC2rexGDHQlFxBbNIsgeonZuqm/PczQIAAADEHLtw0yhL/dRule1WXi1XLviRUBQcU1IsCfb/W9dZ6qMcHAsAAACETZ5d2OnXT723mrr/MjfzoCBcwSyW/Hz1g5/UndPdzQIAAADEukRbt/xptfpIXTWBC2YRhmcwSyQjQ21TWj32bHezAAAAALEuoYN6ejd1lS00F9sVzVBa0BPht1hglkyasmekemMXNeFcF8MAAAAA8aHUBeqle9WK96uzL1UzPw1+Jvz/WGD6Is0eOr7oYrVWLXezAAAAAPGi1Mnq2T+orSaoY1eoe/cGP1N84xlMX2Q+ob61QM3NdTcLAAAAEHfs1tnzz1f71lcrrHcyTRxjgemrYS3VBVe5nQMAAACIS7bQvLCM+ugetfwoN+PEHxaYvtrdSn3XHjLmSiYAAADgwGTlQXt07YEP7OVdXAwTT3gGMyxWf6xetk2tUcPdLAAAAEC8Km1XMlvNVGeWVdO8N0gLdp7YxwIzLDLfVzfYPd9XZ6veQ8gAAAAAgpNykXr5UnVbA3XhRDUvL/iZYhMLzLBaZQfBHme7WrX4l7tZAAAAgHhXrrV6iT2bmWm3zs6wK535k4KfKbawwAyr/Hx1w1/Um75Vy1zoZh4AAAAA/28Z1Eg9O0vd9Dd1/g4388QONvkJxLx56ih2rwIAAAAiRtlyavfL1VZl3M0SG1hgBiLXDnx9s7Ka+am7WQAAAAD8VsU31BeT1dIvu5slurHADNTsS9X5T7idAwAAAMDvnX+M+oDdKpv4vLtZolOC6wHi05/PUz/eYC9Y6mwUAAAAAAfJzFS7pqgvd7KX93czT/Rgkx8n1kxVb7hBrXyUu1kAAAAA/Fay3Srbpo392jYDmjxZ5ViTgnCLrBM7a6m9V6r5E93NAgAAAODQEjuqD+1UO31or0h1MU004BZZp2r0VGf9R62X5mwUAAAAAIex/UT1qiPVad+5myUycQXTqc2b1V417QXtnI0CAAAA4DCqLFK979+rcCfiQXgG061UZfE+tb3tMlv7QifTAAAAACiE6t5eKherox5Q8ye5mSdycAUzImRkqL3sHu/sK93NAgAAAKBwrn9dPXebvaCLq0kiBQvMiPKZ3cs9/h63cwAAAAA4vCMvUT8bq7Zq5W6WyMACM6Jkn62+3t1+neVuFgAAAACFU22J+p49o3nUj+5mcYtnMCPShr+oV1RSjz7a3SwAAAAACqeWXTAq31Qd95SaFzebAXEFMyJlPal+PdTtHAAAAAAKL8GOgbz7Z9U7ziR+sMCMaP37q9t7up0DAAAAQOGlpKg9FqvnTbNX1HYyToBYYEa01aeq79ol9lBnZ6MAAAAAKKJqPdRP6qq18tzNEgyewYxs9rDwqlz1hlFqxfvdjAMAAACg6Cra3ioZdiVzyjJ3s4QXVzCjwvq71I/q2Avi/gBXAAAAIPr8xZ7JrFbV7RzhwwIzOrRXPrpd3bjR2SQAAAAAiqmu3Sr75Dg1cYq7WcKDW2Sjys5T1KNaqm0/sld0cDIOAAAAgKKw79ubz1FnvaquXu1mHP8luB4AxVG1rTrermS2WOFuFgAAAADFs8ouIF3+hLr0Rnez+INbZKPSNruU/tTf1KxMd7MAAAAAKJ5G89UPjlErdHc3iz+4RTaqre+otrXtjhs0cDcLAAAAgOKpbXckbqugzrRTJLxTJaIHt8jGhCvmqUPsknrST+5mAQAAAFA8/x2gtqpnvz7H3SzFwy2yMWHsWHX5ULdzAAAAACi+o29Rb7heTYy68zK5RTYm5IxXa9dS27RxNwsAAACAkqlZU515obopz90sRcMtsjHl+HLqrEpqJc7LBAAAAKJO3lr1C+tt99nLF7mZp/C4RTamLLfzdHrvtBdMcjYKAAAAgGJKtGcwr31NPXO+u1mKhgVmbGmq9Hpf3dLM3SgAAAAASqbMcPVZewSuzAx3sxQOC8yYtPpjtX8jewFXMgEAAICoda6t2y6f63aOw2OBGZPybUHZo6e6dZC7WQAAAACUTPJ36uP71UqV3M3yx1hgxrTVt6svd1Jzc93NAgAAAKBkWtotso81UBO/cjfLoXFMSVxYa7tPXdparVbd3SwAAAAAiifhRrVhQ3XUPnXbYDfz/B4LzLiwZ426ebN6zQI1saObeQAAAAAUX0Xba6XuberAyWr+u27m+R9ukY0ro05TZ81yOwcAAACAkjvfns1sco3bOf6HBWZc2f+Y+vqVau6P7mYBAAAAUDIpZdWrst3O8T8sMOPS6NHqypPdzgEAAACg5K62BWapl9zOwQIzTu0bpX7ovWCxq0kAAAAAlNRJE9TrvrQXNHU1SYKrD4xIUKODuvAEtVoPd7MAAAAAKJmflqtnZqnpJwU9AVcw49qWVLVvQ6djAAAAAPBB4w3qdYtcTcACM67l56u9aqreMSYAAAAAoo93DOFff1aPmBP4BEF/QESi1avV/nfZCyY5GwUAAABACZ38tXp+qaA/Ms9g4lcafapOt7+I1W90NwsAAACAkhlnu8teOlvNPjvcH5ErmPiVVa3Ul3aouTnuZgEAAABQMu3skbjL1gb1EVlg4tdsO+Pep6jfTXc3CgAAAICSKV1afWK9Wu7VcH9EFpg4hP2nq29eqeZ+7m4WAAAAACXT4gH17OxwfyQWmPgDo59QV6xwOwcAAACA4vOuZP65j5oYtnUgC0z8gf2PqV/fqnIlEwAAAIheF6Wo1duH6yOwwEQhDHlBXXGL2zkAAAAAFF/lq9UzzgjXR2CBiUKYX0PtHba/iAAAAADC7jnluh3h+gAsMFEIObbb1GenqptPcDcLAAAAgJI5z76fr1rV7/fMAhNFsLmd2q+hvaCzs1EAAAAAFFO1amq7SX6/ZxaYKIrrlZ411S0D3Y0CAAAAoHgSb1JvWma/nuLbe/brHSGepNVXP+njcgoAAAAAJdHO7lCsU8ev95jk1ztCXElVVk9Qb6yuHtHcyTQAAAAAiqFcOXXZaHXuVyV9jywwUQIZ09WsF9ULVqiJ57qZBwAAAEDhJSSoNW2PlQEb1ewfiv0eSzoSEAqVLauO3q+2zXc3CwAAAICiyX5SvexydexZxX1PPIMJH+y3hWW3uWru0+5mAQAAAFA0pV5Wr7rSXtCluO+JBSZ8NC5bXVbie7cBAAAABK3jC+qRRxb3PbDAhI8OnKF+XdrtHAAAAACKrsFatUVGcd8DC0yEQd99avp2t3MAAAAAKDzvVtlOF6iJRV4vssBEGKzopPa4wV7Q2dkoAAAAAIro8n5q1XeL+jtZYCIcuii9a6s//+xsEgAAAABFVPU69fTTi/o7WWAijNbdqX60yu0cAAAAAAov6Tz1ohR7QdPC/k7OwUQA6tgC87tk+3Vdd7MAAAAAKJyFb6utbY+VzCcO9zu4gokArP9U/chbWLZzNgoAAACAQmrYUK3Zs7C/IylcowC/kqosrKJ2rKAec76TaQAAAAAUQmk7535Kc/Xw591zBRMBSr9ffbyimvm4u1kAAAAAHEYz5YwKhf0NLDDhwFS7cj7+GbdzAAAAADi8ZoPsf7Q/3FtyiywcyJ2gbi6r3rxeTTrJzTwAAAAACpa4VH3f9lbJzSvwLYMYBzi0KeeqCxe6nQMAAABAwWrao27H3Hq4t2SBCYeyz1a/au52DgAAAAAFK3+q2nzw4d6SBSYiwGe3q5snup0DAAAAwO8lLFMvXHW4t2SBiQiw1u7hfv1MNT/f3SwAAAAADq3N52rZlILeggUmIki/Burq1W7nAAAAAPB7tW9Tj+ld0FuwwEQE2dRE7dXTXtDO2SgAAAAADlLpdbXJPQW9BQtMRJJUpd9d6spOziYBAAAAcJCkF9WTCjxekAUmItCWpmpPu5LJM5kAAABA5Gi5S03ocPBrWGAign1kDw9Pnep2DgAAAAD/0+JrtcKnB7+GBSYi2M4Z6uMH1P2nuZsFAAAAgNS6RW1Q/uDXsMBEFJh9iTq8lds5AAAAAIRCKTPVYxsf/JqkoEcBii7PnsHckKzetlJNPs/NPAAAAEA8S0hVl9ZUU1O913AFE1FkzhHq3H5u5wAAAADimm3u0+QLNeGXV7DARBTJGa/2KqfmL3I3CwAAABDvmlnLtPRewgITUWjoJnXpZLdzAAAAAPHsmFJqzSHeS1hgIgrt2au+/baal+duFgAAACBelbddZGv28l7CAhNRbOB96qJ33M4BAAAAxKPkF9X6ad5LWGAiimX8S333ejXvGXezAAAAAPEmsaPaoO8vL3E1CuCfQfZ08cIqbucAAAAA4lHd27z/xQITMWDHDvXx19V99dzNAgAAAMSbxnerSc1ZYCKGjP1M/XSs2zkAAACAeFJrhVquPgtMxJC8tuq716rp6e5mAQAAAOLFkT+o5b9PcjsIEA7btqv1Vqutm9orqjsZBwAAAIhpCdZPJnEFEzHIOxfzbbuSufdid7MAAAAAsa70hWrVqiwwEcOWH61O6eV2DgAAACCWJU9Vq17PAhMxLL+d2tPO58nNdTcLAAAAEKu88zBrLmWBiTgw9g31+7Ju5wAAAABi2dEfsMBEHMh8Qu1u52TmnO1uFgAAACBWVeMZTMSTUaepM8q4nQMAAACIRUctTHA9AhC8K+erg7aopS5wNwsAAAAQK0afzjmYiENr9qgNa6gtku0VnJMJAAAAFNu2wdwiiziU9ZnawxaYGe+7mwUAAACIFeVGssBEHJuZovboYS8Y6GwUAAAAIOpVbMQCE/GsvfLBrWp6urNJAAAAgKhXZgYLTCC07k51wia3cwAAAADRrMyFLDCBX65kDmpmv27nahAAAAAgepV+mQUm8Itvm6izT3M7BwAAABCNSl3AAhP4xZ7m6mMV1AOnu5sFAAAAiDZJU1hgAr8z7Tx1zFi3cwAAAADRJDExwfUIQORq21b91m6ZLfeau1kAAACASJfXhiuYQIGmX6COPsPtHAAAAEA0yM3lCiZwWGdmquOy1PJHuJsFAAAAiFQHHuMKJnBYs0ao771nL2jibBQAAAAgYuUM4AomUGhVqqiTu6jN/uFsFAAAACDibN/OFUyg0LZvV9+tpuY/624WAAAAINIceIwrmECRVT5S/WGBWreuu1kAAACASLGyd5LrEYDoc+CAemxjtfVp7mYBAAAAIsXPpblFFii2QTeqeW3czgEAAABEgv37WGACxTa9uzpij9s5AAAAgEiQ/j4LTKDYsv6jPnm2mt7c3SwAAACAa5vb8gwmUGLbLlNr262yp+21VzRwMg4AAADgxKR8dpEFfHP8ceq0ZLXqYnezAAAAAEF75hxukQV889Ot6qd3u50DAAAAcGHLIG6RBfyTqvxo52NeuEut3sHJNAAAAEAg8vLUj17hCibgu//eo35wjJp7tbtZAAAAgHDLtUfFtnbgGUwgbFIuUkfZpj8dpribBQAAAAiXPcPVk7/hCiYQNgdGq90uV3MWuJsFAAAACJddD6l79rDABMJugh1fsrip2zkAAACAcEi/X2WBCQQg80x1aCm3cwAAAADhsG2weuAAC0wgMH2HqtuquZ0DAAAA8NOqVWruUSwwgcCkfa5232Av6OxsFAAAAMA33nnwoUEsMIHgDFL69FFXf+xsEgAAAKDEcnPVlZ28l7DABAK3yc7J7NlLzX/W3SwAAABAcWVnq+v6eS9hgQk407eBuuojt3MAAAAAxbH3VHVzE+8lLDABZ7bep75nm/5wJRMAAADRJD1d9XaRZYEJuJSqfJSiTvy7s0kAAACAIlu4ST1wl/cSFpiAc7tnqU9UUnftcjcLAAAAcFiTlDmPq/nXea9ggQlEjLlz1W92up0DAAAA+CP5+eqS6ge/JiHoUQAczikPqt8lq2VfdTcLAAAAcLC9e9QzMtVFVb3XcAUTiDgLKqszLnQ7BwAAAHAo205UN9x98GtYYAIRJ892kx00yO0cAAAAwKGstGP29uw5+DUsMIGINbiuuvJlt3MAAAAAvzb9AzVn/MGvYYEJRKxtT6ldlqi5T7ubBQAAAMix70+nF3jqAQtMIOJ9vUOdc7nbOQAAABDfdtj3pctqFvQWLDCBiLd3pNq9gpozzt0sAAAAiF/r+qkb/1rQW7DABKLGyL3qrFlu5wAAAEB8mn+lmnVWQW/BOZhA1Gljx5gMT1ErbXQ3CwAAAGJf/rXqTUPUgQW+JVcwgagzy7aDHj7CXjDd2SgAAACIA/v3q/OfPNxbssAEok5WtvrMQjXjC3ezAAAAIPatW6eu+f5wb8kCE4haafXVCfc4HQMAAAAxbvlyNSfncG/JAhOIXu2Vgd5N8O1cDQIAAIBYtniQ/Y/Uw70lC0wg6o3/r7quods5AAAAEJsWHPbKpYcFJhD1MuxZzKfs2cysJ9zNAgAAgNixv746b0thf0dSmCYBEJwNypKeags7n6hJWTfjAAAAIDYszFVf/7eam3u438EVTCBm5Jyjdq+g7n3E3SwAAACIfpPPVbOyCvs7WGACMWfWLHVEa7dzAAAAIDrljFNHjy7q72SBCcSc3DZq9+7qnofdzQIAAIDos2mTOueIov5OFphAzJp7uTok3e0cAAAAiC7Tzld3/Kuov5MFJhCz8p5Vn7N759ekuJsFAAAAkS/nWPWzs9S8/KK+BxaYQMxbfbv63DI17wt3swAAACByLTtJnbytuO+BBSYQN4bcr6aNdDsHAAAAItPYseru3cV9Dywwgbixe7j6zTdu5wAAAEBkycxUh5f4mDsWmEDcGdhFzclxOgYAAAAixOo6atF3jT0YC0wg7szvr8680O0cAAAAcGySMqylumdPSd9hQknfAYBoddYb6sg16pFvuZsFAAAAwUvvpZ79N3VZiS9AcgUTiFszHlJ7LrUXdHY2CgAAABz4do76U7Jf75EFJhC38u1co5411Q13u5sFAAAAwcn9Uf38czUvz6/3zAITiHvr71J7r7QXcCUTAAAgpm2yW2Knne/3e2aBCaC98mFtde1aZ5MAAAAgALPqqTt9P76OBSYAs/E49ZmFatZ8d7MAAAAgDOxOtSH/DdcHYIEJ4CDDyqjff+92DgAAAPhrZ2/1O9+euTwYC0wAB9k5Q/233Sp74IC7WQAAAOCfQc+pa31/9tLDOZgACpA0VZ0yWD3rTXezAAAAoPi8CwYXlFanJoXrI3EFE0ABctuog5a4nQMAAAAlM+dSdfZr4f5ILDABHMY3K9Tdu9zOAQAAgKLJe0btXUs98Hi4PyILTACHkXaa2v1ONf9ad7MAAACg8Kbbpj5fnRTUR+QZTACFVPF1ddKzasvd7mYBAABAwbKfVK+Yp44eE9RH5gomgELa9ZD6xg9q7tPuZgEAAEDBvOPmJj8f9EdmgQmgiIZmqHPnup0DAAAAv+VdAOhRQ91/etATsMAEUER7W6vd5qg5T7mbBQAAAP+zuJo6/GFXE7DABFBMI0aqM2a4nQMAACDe5X+p9uyp7m7lahIWmACKybvl4rGG6t6/uJsFAAAgni3+UO1/lts5WGACKLEZddTRtglQqLOzUQAAAOLSx7aZz55P3M7BAhNAyXVRvshTt3d0NgkAAEBc2fuIOtzZLbEHY4EJwCcT26jj3nQ7BwAAQLwYtktdPcLtHP/DAhOAT9LPU7941l7QztkoAAAAMW3nTvXV8mrete5m+S0WmAD8MkhJte2xV61yNwoAAEAs++IL9cdr3M7xeywwAfhs5xnqk7arbGamu1kAAABiyVL7gf6LQ9S8tu5mOTQWmAD8tkH5yjb7GdLc3SgAAACxwPuB/cMfqxvGupvlj7HABBAmubbpT/d56u6H3M0CAAAQzUY8rI4f73aOw0tyPQCAWLelnHrCPWqLSu5mAQAAiCb7HlXvtHXbz9+5m6VwuIIJIMxyn1HfqqzubuluFgAAgKgwUJncQ/3hB3ejFA0LTAABmTdG7Xqxmh8x22kDAABElqUfqa/8R82b6G6WomGBCSAg+depfRqoP7/pbhYAAIBI9nmu+v3NbucoOhaYAAL2sx1f8vEst3MAAABEmrR6as+r1cxq7mYpHjb5AeDI5ibqHaeppUu7mwUAAMClnBz10erqd39xN0vJcAUTgCPLl6sDB7qdAwAAwLVxdq7l55+7naPkElwPACDeNb5bnWKfj47+wN0sAAAAQUr/p9pxqvrDAnez+IMrmAAcW1lbfXCnum+fu1kAAACCsM+etbw/Xf0h6q9celhgAnCtizLwPvU922021M7FMAAAAOGTn6++ulYdcLy9oqmTccKAW2QBRJjqN6iptsBscq+7WQAAAPy04mu1dZq680Fno4QJVzABRJgttunPM3lq1pnuZgEAAPBTr45q7C0sPRxTAiBCrbTtuhv1V1tUcjcLAABASazqpN4/Td03290s4cUVTAARKnuc+qxdydy6xd0sAAAAxXHgW/VR28Rwaw93swSDBSaACJd2ifrKKtV7OB4AACBSZTZUH79L/aaTu1mCxS2yACLdVmVBttqmslq/vpNpAAAACpTfVn35bfXVamre393MEzx2kQUQZU6x8zLHjFar3eBuFgAAgF8bd5Z6bVV193B3s7jBFUwAUWbTReqe1uqFZdREbvkHAACObGik3mJ7SGz8q7tZ3OIbMgDRpr3y8Wp18DZnkwAAgDiXNV998BR12U3uZokM3CILIMrVtofmxxxQmw5yNwsAAIgvQ5qrNyxVc3PdzRIZWGACiBHN7fPZF3asSVN3owAAgBi38hv1orrqqpbuZoks3CILIEYstONLrrPzMrd3cDcLAACITT/frV7XTmVheTAWmABizNIaaq+ObucAAACxY59tLvgPuyV2QWV3s0Q2FpgAYtTbVdRlS93OAQAAolfuePUF+8H1sGHuZokOLDABxKgt96p/OU7d/g93swAAgChjt8D2W6++uUDNm+hmnOjBOZgAYtw6+0Ha7MvUdl+qR57tZh4AABC5ctPUt65XH+2j7h/sYppoxC6yAOJE4onqzTerb9stL0fxk0gAAGCmP6BeeZW6jU0Di4grmADiRL7tLrvQjjH5cYZ69QVq6VrBzwQAACLDlr+r12xS1z3mbpboxgITQLxJU1ZOUKt+r7aybcaTkgOfCAAAOLJrp3pXY3XaNHvFEifjxAA2+QEQr9or/0lRBwxwNgkAAAhY5uPqv/er33xjrxjkZJwYwjOYAPB/6tRWJ9ottI1/djcLAAAIjxzb5K9zF7VrWTW3jZNxYhBXMAHg/6zfoF5yhzr2bjV/kZNxAACAj3Y3U/9qx5d1raeysPQbVzAB4JCO6Ka+v0y9+QM1gc+bAABEjZ291eeWqm+84W6W+MBmFgBwSHseUe+rpJYurV632d6A87AAAIhY+c+qL3+q9rzH3SzxhV1kAeAPHchUx92qtrdbbGq3dDMPAAAoWH6+OtC+Xj9ZSj3wuJt54g+3egFAkbROU78tr1ap6mwUAABg8ieqX3+t3rle3fG1m3niF5v8AECRzH5Uve1jdfMJ7mYBACDeeQvLQdtUFpaucQUTAIqnqdL8JrW7bQrUMUNN5Ad4AACEzb4X1OcvUd+uou5v4GYeeFhgAoAvUmaqL5yrPnCymvydm3kAAIhFeXasyEO3qW99bq9IdTENfo9NfgDAFzkfqpM7qFlj1bbXqEk3Bz8TAACxIuds9Z2F6ispau5wN/OgICwwAcBXuavU6XasSeWn1TO62xt0CHwkAACiVqbt5v6iHTfSxW6BzeIZywjFAhMAwiJ/kjp9h9rwdLWpPbuZwCMKAAAUaO8I9XHb6+CNI9XscW7mQWGxwASAsMqar357QC1v53K1ss0Ikvg8DADAL7afqP71b2qf51TvDiFEOr6xAYBAZK9QJ3ykztmnnmBfQGt2VBOqBzsXAACRYLZdqbzGvg5O2qJ6dwQhWrDABIBA5eWpK6arn9tueOXz1VNts4LEjsHOBQBAoNop045Vr31NXTXLXp8a9EDwB+e0AYBTu21B+Uhr9e1Nan5bN/MAABBO3jEjX5ygXvOj+t9NbuaB31hgAkBEyDlHfTpHfftaNfNxN/MAAOCnA4+pXV9V79qgbr3PzTwIF3YxBICIlDRVva2T2vVitXpPN/MAAFAcW2339IdPVQdsVHMnuJkH4cYzmAAQkfI/UX+4QB36nZq8TD3Rdqctxa20AIBIcp0y1naDvf5zdVJVNX9E8CMhSCwwASCyLVEyMtRpLdTS96qNJqoVmgY7FgAAv5YzQB1n51Q+/B91mV2x9L6eIdaxwASAqJJpVy4n2Dma4+yW2TZPq9Xt+JNQh0DHAgDEqa1b1X8doz4xRt201M08cI0FJgBEp1Rls50T9nUl9SjbHKjpl2ryeYFOBQCIdU2U2f9Wb7Pjt0a8q+ZNDH4kRBIWmAAQE/bsUUfacSc/1VJbL1KPLGVvWD3QsQAAMSI7Wx1ZX71hlLrCbokNpQU8EAAACF6j9erUf6r59pPl/HxKKaX08M0+S+2yWK3yTgj4A5yDCQAxbVUd9bIV6iPl1OX2+T9/UfAzAQAiV1Z/ddQd6kVd1ecrq9v/GfhIiCqcgwkAcaniFeq9A9WHd6tVq7qZBwDgiF2ZXG6Pzj1qm8WNsmcsOa8SRcMzmAAQlzKXq9OS1XH2bM0x76uNp6mJ5wY7FwAgIJ2VkWvU6werc/6h5q8JfiQAABBjUlLUp3PU/baJg+tngCillPrTfXaFssd7auUjQ4CPeAYTAPArBw6oL69Ur7BzN2eUVvPaBD8TAKD4vM3d5l6mXmPPUv5ziJqxI/iZEMt4BhMAUAgV5qq3f6w+tFNt2NDe4LnARwIA/IHtJ6pvLlDfs2ctM1q4mQcAAOD3miqV/6ve1lKdNVPNe0Z1fQsYpZTGW3ddoL79vVrvEzXUJQQEiCuYAAAflPuT+qey6sOt1Eaf2htMDnwkAIhpWU+ow3apz9mmbItswRm6PvCRgBALTACAv7ooNZepf6qreseh1LVfs+AEgKLxnoGfdbH6Yil1/Hg1a2zwMwG/xwITABBOXZQ6q9S77YrmfdXUKlsCnwgAosrGn9Xnp6oDNqq7H3YzDwAAQORor5zaVR2Tqe7fr7p+holSSl03c7TqfX5scZLqff4EIluS6wEAAHElTdlot3QNtM0opq5XK5+i1slVS5UKbDIAcCJnnDr9r+r9ldSXzld/tiuW3udPAAAAFFLSC+rxtsDsYrsirrKFZ+7TqusrDJRSWuQuUn8+U/3Ejn066261zLAQAAAAglD+NfWKy9WRI9S9j6jOv3GklNICuul49a231KPT1QT2QkFM4i82ACAKlbJbx1raOZy3fajefLN61DvBzwQgznVW0tLUPg3UTxupaz5R8ycFOhUAAACKKuE5tYUtMD+xb+Q2f6Hm5amur2RQSmOoE9X05mrX4WrNm9RQaggAAACxIKGDWj9NfXSvOqe8mmm7Mzr/BpVSGj1tq6bVU18rpzbZrHo/6ALiG7fIAgDiSBk7j7PxPPXyOeql/1abn6hWtHPneEYKiD95dufDTy3U4fbM97g31Tn91Ixp9hu6BDUZEA34wgkAiGNJdiWi7o3q6evU9tXU09LU445Ty3cLbDQA4bZY2XuxuuR5dco2ddDD6rxOavaA4EYDohcLTAAACuSdw9ngz+rtH6m33KLWrasmvRjsXACKLtd+UPTjCeqX96pDM9TVt6s5OcHOBcQWFpgAABTeEqVytnraKPWyI9Rz7RmsY+3g9FInBzcaANNZST9JnTlT7b1CHTde3dva3j41qMEAAACAIqhoz3Ze8bg6YKO6xg5U966MON+shNJY6CJ1j93KOmaM+sAD6nH27y+ZOwyAAHEFEwCAsEk8Vz3qKLXVMPX8l9Q2uWqzf6jlywc3GxBtDjymrqqjDrLdor89TZ1/tpo9Lti5APwaC0wAAILXVEm2ZznrVVZb2K17LezlJyaqxy9Qa/dWK76hJtwY3jGBIOQ9o2Ycoy62W1y/u0Cdbbs8L7Irl+u7qwcm2TvYEPYRARQaC0wAACJXe6WUXfGsUkU953j1UtsFt+VDar1P1CNst9uk88I+IXBYuXalPsOeiVx2kzotWZ1g50v+8IOaPlXN+zKY+QD4iQUmAADRK1UpW1atUUNt+ne149HqKaXVEyao1WyzouTksE+IOJA/Uc34l7ruU3WePZM88lV1ht0ivm2w+sutrKnhnhBAcFhgAgAQu65XSn+jVlmoNmigtrArSi1sYXDqGrVxplp+tvrLQnRy2CZFJGqnZD+l7typLrZzYqfYlcbvy6mLqqpb7Bbw/aer3qY8AOIBC0wAAJCqpNhxDlWvU2uvVJvco3qbER3bWD3OFh41bDOjIy5TS10QtknhB3t2cf+36pYt6vqKqndO5PxK9mvbpGpdP3W7PRucbbu0cgUSwP+wwAQAAEWUYLt3VrBbIavZguVouyW3nh1YX3+tWne12vgutZadR1jpStXbtKisLXATetgHuuGgQmwTnPwuao53hfEUq12xXj9aXZakrrL/Dqs+Utfalez19t9l54dq1pW+TwwgbrDABAAA4Wa3TCb1UUu9o3rPjpazA++PGKVW/VqttFQ9ym7RrWgLpoqvq96xLhVtgVRprL1fW+CWtVt+U16xj3uyWsZu8SxjV2KTlx9U+3iJQwr48yxW8uyW47w8NdduNc61hfYBu8U0K8t67G+72xbUuy5U91yi7rXNmnbvVnfUUrdfbe1qvd9e/539vu/VffvUTFso5l5TwJ8DAAAAAFBCXRTvnNKkjlZ7prDU+Wrp0n9c7+1KlVK9hWmSXTH0rvQCAAAAAAAAKJJE1wMAAAAAAGIDC0wAAAAAgC9YYAIAAAAAfMECEwAAAADgCxaYAAAAAABfsMAEAAAAAPiCBSYAAAAAwBcsMAEAAAAAvmCBCQAAAADwBQtMAAAAAIAvWGACAAAAAHzBAhMAAAAA4AsWmAAAAAAAX7DABAAAAAD4ggUmAAAAAMAXLDABAAAAAL5ggQkAAAAA8AULTAAAAACAL1hgAgAAAAB8wQITAAAAAOALFpgAAAAAAF+wwAQAAAAA+IIFJgAAAADAFywwAQAAAAC+YIEJAAAAAPAFC0wAAAAAgC9YYAIAAAAAfMECEwAAAADgCxaYAAAAAABfsMAEAAAAAPiCBSYAAAAAwBcsMAEAAAAAvvj/AgAA//9tuL3sHmmIHAAAAABJRU5ErkJggg==">
+      </p>
+      <h1>Back soon</h1>
+      <p>
+        This website is currently down for maintenance.
+      </p>
+      <nav>
+        <ul>
+          <li><a href="https://kosmos.org">kosmos.org</a></li>
+          <li><a href="xmpp://kosmos@chat.kosmos.org?join">XMPP chatroom</a></li>
+          <li><a href="https://kosmos.social/@kosmos">Fediverse</a></li>
+        </ul>
+      </nav>
+    </main>
+  </body>
+</html>

From 36a50489d084da5628c3fd0fc642d10d990b7365 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Tue, 7 May 2019 15:41:27 +0200
Subject: [PATCH 33/54] Add maintenance page to nginx default recipe

---
 .../files/default/maintenance.html               |  0
 site-cookbooks/kosmos-nginx/recipes/default.rb   | 16 ++++++++++++++++
 2 files changed, 16 insertions(+)
 rename site-cookbooks/{kosmos-base => kosmos-nginx}/files/default/maintenance.html (100%)

diff --git a/site-cookbooks/kosmos-base/files/default/maintenance.html b/site-cookbooks/kosmos-nginx/files/default/maintenance.html
similarity index 100%
rename from site-cookbooks/kosmos-base/files/default/maintenance.html
rename to site-cookbooks/kosmos-nginx/files/default/maintenance.html
diff --git a/site-cookbooks/kosmos-nginx/recipes/default.rb b/site-cookbooks/kosmos-nginx/recipes/default.rb
index 12fb1c6..bee6c27 100644
--- a/site-cookbooks/kosmos-nginx/recipes/default.rb
+++ b/site-cookbooks/kosmos-nginx/recipes/default.rb
@@ -60,6 +60,22 @@ cookbook_file "#{node['nginx']['dir']}/conf.d/tls_config.conf" do
   notifies :restart, 'service[nginx]'
 end
 
+directory node["nginx"]["user_home"] do
+  owner node["nginx"]["user"]
+  group node["nginx"]["group"]
+  action :create
+  recursive true
+end
+
+# Maintenance page, to be copied or served when putting things in maintenance
+# mode
+cookbook_file "#{node["nginx"]["user_home"]}/maintenance.html" do
+  source "maintenance.html"
+  owner node['nginx']['user']
+  group node['nginx']['group']
+  mode "0640"
+end
+
 unless node.chef_environment == "development"
   include_recipe 'kosmos-base::firewall'
 

From 1ee2b5ad41a5a27892435e81317dd3b035572902 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Tue, 7 May 2019 15:49:01 +0200
Subject: [PATCH 34/54] Add maintenance page feature to Mastodon nginx site

---
 .../templates/default/nginx_conf_mastodon.erb                | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
index 297c858..6068844 100644
--- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
+++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
@@ -35,6 +35,11 @@ server {
   add_header Strict-Transport-Security "max-age=31536000";
 
   location / {
+    # If the maintenance file is present, show maintenance page
+    if (-f <%= @mastodon_path %>/public/maintenance.html) {
+      return 503;
+    }
+
     try_files $uri @proxy;
   }
 

From 99a677ec4785a04a262a26adef22db103d32f1a9 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Tue, 7 May 2019 15:52:58 +0200
Subject: [PATCH 35/54] Configure maintenance error page for 503

---
 .../templates/default/nginx_conf_mastodon.erb                | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
index 6068844..80bb668 100644
--- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
+++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
@@ -36,7 +36,7 @@ server {
 
   location / {
     # If the maintenance file is present, show maintenance page
-    if (-f <%= @mastodon_path %>/public/maintenance.html) {
+    if (-f /maintenance.html) {
       return 503;
     }
 
@@ -88,5 +88,6 @@ server {
     tcp_nodelay on;
   }
 
-  error_page 500 501 502 503 504 /500.html;
+  error_page 500 501 502 504 /500.html;
+  error_page 503 /maintenance.html;
 }

From 89027f1f32db88bff7cde388b595da9acc76b2c3 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Tue, 7 May 2019 16:10:23 +0200
Subject: [PATCH 36/54] Fix maintenance page paths

---
 .../templates/default/nginx_conf_mastodon.erb              | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
index 80bb668..895a81b 100644
--- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
+++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
@@ -36,7 +36,7 @@ server {
 
   location / {
     # If the maintenance file is present, show maintenance page
-    if (-f /maintenance.html) {
+    if (-f <%= @mastodon_path %>/public/maintenance.html) {
       return 503;
     }
 
@@ -90,4 +90,9 @@ server {
 
   error_page 500 501 502 504 /500.html;
   error_page 503 /maintenance.html;
+
+  location = /maintenance.html {
+    root <%= @mastodon_path %>/public;
+  }
+
 }

From 81192f7277233b16ddfb2d6de7116e9229283a55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Wed, 8 May 2019 12:26:47 +0200
Subject: [PATCH 37/54] Fix the backup config format to work with backup 5

---
 site-cookbooks/backup/templates/default/config.rb.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/site-cookbooks/backup/templates/default/config.rb.erb b/site-cookbooks/backup/templates/default/config.rb.erb
index dec61a8..1123f80 100644
--- a/site-cookbooks/backup/templates/default/config.rb.erb
+++ b/site-cookbooks/backup/templates/default/config.rb.erb
@@ -1,7 +1,7 @@
 # encoding: utf-8
 
 ##
-# Backup v4.x Configuration
+# Backup v5.x Configuration
 #
 # Documentation: http://backup.github.io/backup
 # Issue Tracker: https://github.com/backup/backup/issues

From 7271065c5b64edb9def0afba17010e0fa7a2de60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Wed, 8 May 2019 16:58:31 +0200
Subject: [PATCH 38/54] Add names to the execute resources

---
 site-cookbooks/kosmos-mastodon/recipes/default.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb
index 48d0665..5c82721 100644
--- a/site-cookbooks/kosmos-mastodon/recipes/default.rb
+++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb
@@ -152,14 +152,14 @@ application mastodon_path do
               db_pass: postgresql_data_bag_item['mastodon_user_password']
   end
 
-  execute do
+  execute "bundle install" do
     environment "HOME" => mastodon_path
     user mastodon_user
     cwd mastodon_path
     command "/opt/ruby_build/builds/#{ruby_version}/bin/bundle install --without development,test --deployment"
   end
 
-  execute do
+  execute "yarn install" do
     environment "HOME" => mastodon_path
     user mastodon_user
     cwd mastodon_path

From 90815bb274154ae70d82ff921a6afe7f74f51965 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Wed, 8 May 2019 16:58:47 +0200
Subject: [PATCH 39/54] Fix the postgresql credentials for the backup
 attributes

---
 site-cookbooks/kosmos-mastodon/recipes/default.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb
index 5c82721..a9c866f 100644
--- a/site-cookbooks/kosmos-mastodon/recipes/default.rb
+++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb
@@ -212,7 +212,7 @@ unless node.chef_environment == "development"
   node.override["backup"]["postgresql"]["host"]     = "localhost"
   unless platform?('ubuntu') && node[:platform_version].to_f < 18.04
     node.override["backup"]["postgresql"]["username"] = "mastodon"
-    node.override["backup"]["postgresql"]["password"] = postgres_password
+    node.override["backup"]["postgresql"]["password"] = postgresql_data_bag_item['mastodon_user_password']
   else
     node.override["backup"]["postgresql"]["username"] = "postgres"
     node.override["backup"]["postgresql"]["password"] = node['postgresql']['password']['postgres']

From 1e7f21bd41f3b8621653debcce3803f203468095 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Wed, 8 May 2019 17:00:07 +0200
Subject: [PATCH 40/54] Remove the mastodon recipes from dev

---
 nodes/dev.kosmos.org.json | 2 --
 1 file changed, 2 deletions(-)

diff --git a/nodes/dev.kosmos.org.json b/nodes/dev.kosmos.org.json
index 041142f..ce3f02e 100644
--- a/nodes/dev.kosmos.org.json
+++ b/nodes/dev.kosmos.org.json
@@ -5,8 +5,6 @@
     "5apps-xmpp_server",
     "5apps-hubot::xmpp_schlupp",
     "5apps-hubot::xmpp_botka",
-    "kosmos-mastodon",
-    "kosmos-mastodon::nginx",
     "sockethub::_firewall"
   ],
   "normal": {

From ba8b73a4dd1c134f1420eb49e58166b8e6101eed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Wed, 8 May 2019 17:00:23 +0200
Subject: [PATCH 41/54] Add mastodon to andromeda

---
 nodes/andromeda.kosmos.org.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nodes/andromeda.kosmos.org.json b/nodes/andromeda.kosmos.org.json
index 37486f8..5ff1f3c 100644
--- a/nodes/andromeda.kosmos.org.json
+++ b/nodes/andromeda.kosmos.org.json
@@ -6,7 +6,8 @@
     "kosmos-mediawiki",
     "sockethub",
     "sockethub::proxy",
-    "kosmos-btcpayserver::proxy"
+    "kosmos-btcpayserver::proxy",
+    "role[mastodon]"
   ],
   "automatic": {
     "ipaddress": "andromeda.kosmos.org"

From 6b38396c3c01c035ad8c07c04d66a4a98970baf9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Wed, 8 May 2019 17:53:36 +0200
Subject: [PATCH 42/54] Remove the 5apps hubots from dev

---
 nodes/dev.kosmos.org.json | 2 --
 1 file changed, 2 deletions(-)

diff --git a/nodes/dev.kosmos.org.json b/nodes/dev.kosmos.org.json
index ce3f02e..32e0f3d 100644
--- a/nodes/dev.kosmos.org.json
+++ b/nodes/dev.kosmos.org.json
@@ -3,8 +3,6 @@
     "role[base]",
     "kosmos-redis",
     "5apps-xmpp_server",
-    "5apps-hubot::xmpp_schlupp",
-    "5apps-hubot::xmpp_botka",
     "sockethub::_firewall"
   ],
   "normal": {

From 584aab76a771ece3ed3f5c5459dfc21281bfaee9 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Thu, 9 May 2019 23:28:39 +0200
Subject: [PATCH 43/54] Add hal8000_xmpp recipe

Also, configure express ports in attributes, so they are both easy to
see at once, as well as override per node/env.
---
 data_bags/credentials/hal8000_xmpp.json       |  31 ++++
 .../kosmos-hubot/attributes/default.rb        |  47 ++++--
 .../kosmos-hubot/recipes/botka_freenode.rb    |   6 +-
 .../kosmos-hubot/recipes/hal8000.rb           |  24 +++-
 .../kosmos-hubot/recipes/hal8000_xmpp.rb      | 136 ++++++++++++++++++
 5 files changed, 227 insertions(+), 17 deletions(-)
 create mode 100644 data_bags/credentials/hal8000_xmpp.json
 create mode 100644 site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb

diff --git a/data_bags/credentials/hal8000_xmpp.json b/data_bags/credentials/hal8000_xmpp.json
new file mode 100644
index 0000000..c9eccfa
--- /dev/null
+++ b/data_bags/credentials/hal8000_xmpp.json
@@ -0,0 +1,31 @@
+{
+  "id": "hal8000_xmpp",
+  "xmpp_password": {
+    "encrypted_data": "7pE9C6Tdjeg7ZFjtwzgPzC4ekSgPzN18A5ia5awJnKA=\n",
+    "iv": "p3RqfadD1sPKEof3\n",
+    "auth_tag": "4zYf0anagoLn5bF3Rt95BQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "webhook_token": {
+    "encrypted_data": "T6zu7cd5/PXZP56PwjIo5XIjUOJQQSvobvgIekCIB3SgyWQr\n",
+    "iv": "LwCkuGJP2eZC8S4Y\n",
+    "auth_tag": "qH5ckddELQR32z3oYxELMg==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "kredits_webhook_token": {
+    "encrypted_data": "W6xJKRCsoX6qY3QJW/kR5I7Y9LNS1L5zB6X1oLzE71soQ/Y=\n",
+    "iv": "Piw00LKQysN3AVJN\n",
+    "auth_tag": "BwH/mJoBtqhA5wNXwFUM6w==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "kredits_wallet_password": {
+    "encrypted_data": "dFKch6Gjt9oN21w15EeHvho1/f7+mZlKe/aOtoHJtmCgbw==\n",
+    "iv": "GCueL9BRmLFqlmDw\n",
+    "auth_tag": "Yq3nOeQenXz+c6VoLhZbQw==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  }
+}
\ No newline at end of file
diff --git a/site-cookbooks/kosmos-hubot/attributes/default.rb b/site-cookbooks/kosmos-hubot/attributes/default.rb
index 69ecded..9e089b0 100644
--- a/site-cookbooks/kosmos-hubot/attributes/default.rb
+++ b/site-cookbooks/kosmos-hubot/attributes/default.rb
@@ -1,12 +1,39 @@
-node.default['hal8000']['kredits']['ipfs_host']     = 'localhost'
+node.default['hal8000']['http_port']        = 8080
+node.default['botka_freenode']['http_port'] = 8081
+node.default['hal8000_xmpp']['http_port']   = 8082
+
+node.default['hal8000_xmpp']['hubot_scripts'] = [
+  "hubot-help",
+  "hubot-read-tweet",
+  "hubot-redis-brain",
+  "hubot-rules",
+  "hubot-shipit",
+  "hubot-plusplus",
+  "hubot-tell",
+  "hubot-seen",
+  "hubot-rss-reader",
+  "hubot-incoming-webhook",
+  "hubot-auth",
+  "hubot-kredits",
+  "hubot-schedule"
+]
+
+node.default['hal8000_xmpp']['rooms'] = [
+  'kosmos@chat.kosmos.org'
+  # 'kosmos-dev@chat.kosmos.org',
+]
+
+node.default['hal8000_xmpp']['auth_admins'] = []
+
+node.default['hal8000_xmpp']['kredits']['ipfs_host']     = 'localhost'
 # Use the running ipfs-cluster, so adding documents adds and pins them on all
 # members of the cluster
-node.default['hal8000']['kredits']['ipfs_port']     = '9095'
-node.default['hal8000']['kredits']['ipfs_protocol'] = 'http'
-node.default['hal8000']['kredits']['room']          = '#kosmos'
-node.default['hal8000']['kredits']['provider_url']  = 'https://rinkeby.infura.io/v3/c5e74367261d475ab935e2f0e726482f'
-node.default['hal8000']['kredits']['network_id']    = '4'
-node.default['hal8000']['kredits']['wallet_path']   = 'wallet.json'
-node.default['hal8000']['kredits']['mediawiki_url'] = 'https://wiki.kosmos.org/'
-node.default['hal8000']['kredits']['github_repo_blacklist'] = '67P/test-one-two'
-node.default['hal8000']['kredits']['gitea_repo_blacklist']  = 'kosmos/test-one-two'
+node.default['hal8000_xmpp']['kredits']['ipfs_port']     = '9095'
+node.default['hal8000_xmpp']['kredits']['ipfs_protocol'] = 'http'
+node.default['hal8000_xmpp']['kredits']['room']          = 'kosmos@chat.kosmos.org'
+node.default['hal8000_xmpp']['kredits']['provider_url']  = 'https://rinkeby.infura.io/v3/c5e74367261d475ab935e2f0e726482f'
+node.default['hal8000_xmpp']['kredits']['network_id']    = '4'
+node.default['hal8000_xmpp']['kredits']['wallet_path']   = 'wallet.json'
+node.default['hal8000_xmpp']['kredits']['mediawiki_url'] = 'https://wiki.kosmos.org/'
+node.default['hal8000_xmpp']['kredits']['github_repo_blacklist'] = '67P/test-one-two'
+node.default['hal8000_xmpp']['kredits']['gitea_repo_blacklist']  = 'kosmos/test-one-two'
diff --git a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
index 4024294..05868fa 100644
--- a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
@@ -68,7 +68,7 @@ application botka_freenode_path do
         "HUBOT_RSS_PRINTERROR"        => "false",
         "HUBOT_RSS_IRCCOLORS"         => "true",
         # "HUBOT_LOG_LEVEL"             => "error",
-        "EXPRESS_PORT"                => "8081",
+        "EXPRESS_PORT"                => node[app_name]['http_port'],
         "HUBOT_AUTH_ADMIN"            => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao",
         "HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
         "RS_LOGGER_USER"              => "kosmos@5apps.com",
@@ -95,18 +95,16 @@ end
 # Nginx reverse proxy
 #
 unless node.chef_environment == "development"
-  express_port = 8081
   express_domain = "freenode.botka.kosmos.org"
 
   include_recipe "kosmos-base::letsencrypt"
-
   include_recipe "kosmos-nginx"
 
   template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
     source 'nginx_conf_hubot.erb'
     owner node["nginx"]["user"]
     mode 0640
-    variables express_port: express_port,
+    variables express_port: node[app_name]['http_port'],
               server_name:  express_domain,
               ssl_cert:     "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
               ssl_key:      "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
diff --git a/site-cookbooks/kosmos-hubot/recipes/hal8000.rb b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
index 4b78f71..26d3199 100644
--- a/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
@@ -2,7 +2,25 @@
 # Cookbook Name:: kosmos-hubot
 # Recipe:: hal8000
 #
-# Copyright 2017-2018, Kosmos
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
 #
 
 build_essential 'hal8000' do
@@ -19,7 +37,7 @@ include_recipe "kosmos-ipfs"
 unless node.chef_environment == "development"
   include_recipe 'firewall'
   firewall_rule 'hubot_express_hal8000_freenode' do
-    port     8080
+    port     node['hal8000']['http_port']
     protocol :tcp
     command  :allow
   end
@@ -96,7 +114,7 @@ application hal8000_path do
         "HUBOT_RSS_PRINTERROR"          => "false",
         "HUBOT_RSS_IRCCOLORS"           => "true",
         "HUBOT_PLUSPLUS_POINTS_TERM"    => "karma,karma",
-        "EXPRESS_PORT"                  => "8080",
+        "EXPRESS_PORT"                  => node['hal8000']['http_port'],
         "HUBOT_RSS_HEADER"              => "Update:",
         "HUBOT_AUTH_ADMIN"              => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao",
         "HUBOT_HELP_REPLY_IN_PRIVATE"   => "true",
diff --git a/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb b/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
new file mode 100644
index 0000000..fd2fc75
--- /dev/null
+++ b/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
@@ -0,0 +1,136 @@
+#
+# Cookbook Name:: kosmos-hubot
+# Recipe:: hal8000_xmpp
+#
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#
+app_name  = "hal8000_xmpp"
+app_path  = "/opt/#{app_name}"
+app_user  = "hubot"
+app_group = "hubot"
+
+build_essential app_name do
+  compile_time true
+end
+
+include_recipe "kosmos-nodejs"
+include_recipe "kosmos-redis"
+include_recipe "kosmos-hubot::_user"
+
+# Needed for hubot-kredits
+include_recipe "kosmos-ipfs"
+
+application app_path do
+  data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
+
+  owner app_user
+  group app_group
+
+  git do
+    user       app_user
+    group      app_group
+    repository "https://github.com/67P/hal8000.git"
+    revision   "master"
+  end
+
+  file "#{app_path}/external-scripts.json" do
+    mode  "0640"
+    owner app_user
+    group app_group
+    content node[app_name]['hubot_scripts'].to_json
+  end
+
+  npm_install do
+    user app_user
+  end
+
+  execute "systemctl daemon-reload" do
+    command "systemctl daemon-reload"
+    action :nothing
+  end
+
+  template "/lib/systemd/system/#{app_name}.service" do
+    source 'nodejs.systemd.service.erb'
+    owner 'root'
+    group 'root'
+    mode '0644'
+    variables(
+      user: app_user,
+      group: app_user,
+      app_dir: app_path,
+      entry: "#{app_path}/bin/hubot -a xmpp --name hal8000",
+      environment: {
+        "HUBOT_LOG_LEVEL"               => node.chef_environment == "development" ? "debug" : "info",
+        "HUBOT_XMPP_USERNAME"           => "hal8000@kosmos.org/hubot",
+        "HUBOT_XMPP_PASSWORD"           => data_bag['xmpp_password'],
+        "HUBOT_XMPP_HOST"               => "xmpp.kosmos.org",
+        "HUBOT_XMPP_ROOMS"              => node[app_name]['rooms'].join(','),
+        "HUBOT_AUTH_ADMIN"              => node[app_name]['auth_admins'].join(','),
+        "HUBOT_RSS_PRINTSUMMARY"        => "false",
+        "HUBOT_RSS_PRINTERROR"          => "false",
+        "HUBOT_RSS_IRCCOLORS"           => "true",
+        "HUBOT_PLUSPLUS_POINTS_TERM"    => "karma,karma",
+        "HUBOT_RSS_HEADER"              => "Update:",
+        "HUBOT_HELP_REPLY_IN_PRIVATE"   => "true",
+        "EXPRESS_PORT"                  => node[app_name]['http_port'],
+        "WEBHOOK_TOKEN"                 => data_bag['webhook_token'],
+        "IPFS_API_HOST"                 => node[app_name]['kredits']['ipfs_host'],
+        "IPFS_API_PORT"                 => node[app_name]['kredits']['ipfs_port'],
+        "IPFS_API_PROTOCOL"             => node[app_name]['kredits']['ipfs_protocol'],
+        "KREDITS_ROOM"                  => node[app_name]['kredits']['room'],
+        "KREDITS_WEBHOOK_TOKEN"         => data_bag['kredits_webhook_token'],
+        "KREDITS_PROVIDER_URL"          => node[app_name]['kredits']['provider_url'],
+        "KREDITS_NETWORK_ID"            => node[app_name]['kredits']['network_id'],
+        "KREDITS_WALLET_PATH"           => node[app_name]['kredits']['wallet_path'],
+        "KREDITS_WALLET_PASSWORD"       => data_bag['kredits_wallet_password'],
+        "KREDITS_MEDIAWIKI_URL"         => node[app_name]['kredits']['mediawiki_url'],
+        "KREDITS_GITHUB_REPO_BLACKLIST" => node[app_name]['kredits']['github_repo_blacklist'],
+        "KREDITS_GITEA_REPO_BLACKLIST"  => node[app_name]['kredits']['gitea_repo_blacklist']
+      }
+    )
+    notifies :run, "execute[systemctl daemon-reload]", :delayed
+    notifies :restart, "service[#{app_name}]", :delayed
+  end
+
+  cookbook_file "#{app_path}/wallet.json" do
+    source "wallet.json"
+  end
+
+  service app_name do
+    action [:enable, :start]
+  end
+end
+
+unless node.chef_environment == "development"
+  include_recipe 'firewall'
+
+  firewall_rule "hubot_express_#{app_name}" do
+    port     node[app_name]['http_port']
+    protocol :tcp
+    command  :allow
+  end
+
+  firewall_rule 'ipfs_swarm_p2p' do
+    port     4001
+    protocol :tcp
+    command  :allow
+  end
+end

From fe1821739c75f2c86f646536d8866b2636343450 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Thu, 9 May 2019 23:29:50 +0200
Subject: [PATCH 44/54] Remove obsolete port opening

We have an nginx reverse proxy for botka instead.
---
 site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
index 05868fa..b7c76f1 100644
--- a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
@@ -116,11 +116,4 @@ unless node.chef_environment == "development"
   end
 
   nginx_certbot_site express_domain
-
-  include_recipe "firewall"
-  firewall_rule 'hubot_express_botka_freenode' do
-    port     express_port
-    protocol :tcp
-    command  :allow
-  end
 end

From 5f8b274cf99bf530a5b102161c7611a4b1d2dd96 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Thu, 9 May 2019 23:31:05 +0200
Subject: [PATCH 45/54] Use MIT license

---
 .../kosmos-hubot/recipes/botka_freenode.rb    | 20 ++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
index b7c76f1..30ceeb8 100644
--- a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
@@ -2,7 +2,25 @@
 # Cookbook Name:: kosmos-hubot
 # Recipe:: botka_freenode
 #
-# Copyright 2017-2018, Kosmos
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
 #
 
 build_essential 'botka' do

From 36cfeab15dc179f405019a54c0d7a832d13f8f58 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Thu, 9 May 2019 23:31:48 +0200
Subject: [PATCH 46/54] Remove obsolete credential item

rs-logger is run by botka, not hal8000.
---
 data_bags/credentials/hal8000_freenode.json | 42 ++++++++++-----------
 1 file changed, 20 insertions(+), 22 deletions(-)

diff --git a/data_bags/credentials/hal8000_freenode.json b/data_bags/credentials/hal8000_freenode.json
index f6a531f..4e09a1a 100644
--- a/data_bags/credentials/hal8000_freenode.json
+++ b/data_bags/credentials/hal8000_freenode.json
@@ -1,33 +1,31 @@
 {
   "id": "hal8000_freenode",
   "nickserv_password": {
-    "encrypted_data": "wVOuYDPJAjWN/Un+cB/bpKD7gJ4FOOfY6xSTwpOutMD+KmhgjEX4Z99G9rwv\nmeFoBiO3Z9O+C1BeIf3YGAgWnfBgNS5eRnGAxhkzsVyvpyo=\n",
-    "iv": "26SarumevOdpdim4omgXng==\n",
-    "version": 1,
-    "cipher": "aes-256-cbc"
-  },
-  "rs_logger_token": {
-    "encrypted_data": "A3z2klmsLGwmJmB4eMVKJu5yC2mjaQii7SAuYBSl/hVtrrWDqlqR5N6vqHSv\nMWoXhptuF+RBOL7wgg0DN08B8A==\n",
-    "iv": "hpQA2RgJhHytnvoxgsuAhw==\n",
-    "version": 1,
-    "cipher": "aes-256-cbc"
+    "encrypted_data": "rkCsvjS6EipHlxgxPdSiPVl6CCyjyy845P2ftSykmIW0+fxahTSOxbSMYJl8\n1DW6Go88ZE+eKKWIugp2nWDS+5Pnx58I\n",
+    "iv": "EvNcR0eqpZngoNJx\n",
+    "auth_tag": "kKFPUuff8llgVZYROTg/EA==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
   },
   "webhook_token": {
-    "encrypted_data": "w/cC18Wte2w2j1mU9SkeepRxOm4zBgZKd7djU6N1t3i7YgjEhHMPeQmD4m8f\nxhes\n",
-    "iv": "dqFAa3sXHLePuH26YrJUxw==\n",
-    "version": 1,
-    "cipher": "aes-256-cbc"
+    "encrypted_data": "ItDsU9w6HCGS7ykQdkZEXQEZzPEt6bW42Fbh00AtZz+h7JmQ\n",
+    "iv": "OdaAg/XoUMIEfQEQ\n",
+    "auth_tag": "9ThqnVhWEZbo4jF4lqa5TA==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
   },
   "kredits_webhook_token": {
-    "encrypted_data": "mBESEC0w2Q2wf8LRtHUtKAPDkqqt/xTjtoKCXVbu92xJedCccS51qZNcHp69\nw64Y\n",
-    "iv": "iZX6EzyyFkTHvJ6nnUWT6Q==\n",
-    "version": 1,
-    "cipher": "aes-256-cbc"
+    "encrypted_data": "kUp4XAQkwWFphQT1f4wsGVJJtmhBqrEiW6W1D1ONrpZ0z94=\n",
+    "iv": "XiGtQlKn4BvAeaS1\n",
+    "auth_tag": "1hkTI7ccxBN4/6U4VF19WQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
   },
   "kredits_wallet_password": {
-    "encrypted_data": "6Lq61jWP1oRSLiI0JucQtCdGnPFeJOYpSMZ9nw6oIkWEFbdMXnrEnKNxYJax\n0abI\n",
-    "iv": "XMDv5T30HTK/BhsR1lH79g==\n",
-    "version": 1,
-    "cipher": "aes-256-cbc"
+    "encrypted_data": "mKcJBPto0OdPpBXB5x3ynxq01DA2CEz476lTAgjGjTNDHQ==\n",
+    "iv": "LIvTZ+fx1suOcnjD\n",
+    "auth_tag": "mcjLU242nqtNn5XR7ku4BQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
   }
 }
\ No newline at end of file

From e8f325b41b7134ecb52fef5b2a28d09da09a1ab6 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Thu, 9 May 2019 23:43:02 +0200
Subject: [PATCH 47/54] Refactor botka recipe

---
 .../kosmos-hubot/attributes/default.rb        | 33 +++++----
 .../kosmos-hubot/recipes/botka_freenode.rb    | 67 ++++++++++---------
 2 files changed, 49 insertions(+), 51 deletions(-)

diff --git a/site-cookbooks/kosmos-hubot/attributes/default.rb b/site-cookbooks/kosmos-hubot/attributes/default.rb
index 9e089b0..b6ec003 100644
--- a/site-cookbooks/kosmos-hubot/attributes/default.rb
+++ b/site-cookbooks/kosmos-hubot/attributes/default.rb
@@ -1,26 +1,23 @@
-node.default['hal8000']['http_port']        = 8080
+node.default['hal8000']['http_port'] = 8080
+
 node.default['botka_freenode']['http_port'] = 8081
-node.default['hal8000_xmpp']['http_port']   = 8082
+node.default['botka_freenode']['domain'] = "freenode.botka.kosmos.org"
+
+node.default['hal8000_xmpp']['http_port'] = 8082
+node.default['hal8000_xmpp']['domain'] = "xmpp.hal8000.kosmos.org"
 
 node.default['hal8000_xmpp']['hubot_scripts'] = [
-  "hubot-help",
-  "hubot-read-tweet",
-  "hubot-redis-brain",
-  "hubot-rules",
-  "hubot-shipit",
-  "hubot-plusplus",
-  "hubot-tell",
-  "hubot-seen",
-  "hubot-rss-reader",
-  "hubot-incoming-webhook",
-  "hubot-auth",
-  "hubot-kredits",
-  "hubot-schedule"
+  "hubot-help", "hubot-read-tweet", "hubot-redis-brain",
+  "hubot-rules", "hubot-shipit", "hubot-plusplus",
+  "hubot-tell", "hubot-seen", "hubot-rss-reader",
+  "hubot-incoming-webhook", "hubot-auth",
+  "hubot-kredits", "hubot-schedule"
 ]
 
 node.default['hal8000_xmpp']['rooms'] = [
-  'kosmos@chat.kosmos.org'
-  # 'kosmos-dev@chat.kosmos.org',
+  'kosmos@chat.kosmos.org',
+  'kosmos-dev@chat.kosmos.org',
+  'kredits@chat.kosmos.org',
 ]
 
 node.default['hal8000_xmpp']['auth_admins'] = []
@@ -30,7 +27,7 @@ node.default['hal8000_xmpp']['kredits']['ipfs_host']     = 'localhost'
 # members of the cluster
 node.default['hal8000_xmpp']['kredits']['ipfs_port']     = '9095'
 node.default['hal8000_xmpp']['kredits']['ipfs_protocol'] = 'http'
-node.default['hal8000_xmpp']['kredits']['room']          = 'kosmos@chat.kosmos.org'
+node.default['hal8000_xmpp']['kredits']['room']          = 'kredits@chat.kosmos.org'
 node.default['hal8000_xmpp']['kredits']['provider_url']  = 'https://rinkeby.infura.io/v3/c5e74367261d475ab935e2f0e726482f'
 node.default['hal8000_xmpp']['kredits']['network_id']    = '4'
 node.default['hal8000_xmpp']['kredits']['wallet_path']   = 'wallet.json'
diff --git a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
index 30ceeb8..b74b4d8 100644
--- a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
@@ -22,32 +22,35 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 #
+app_name  = "botka_freenode"
+app_path  = "/opt/#{app_name}"
+app_user  = "hubot"
+app_group = "hubot"
 
-build_essential 'botka' do
+build_essential app_name do
   compile_time true
 end
 
 include_recipe "kosmos-nodejs"
 include_recipe "kosmos-redis"
 
-botka_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'botka_freenode')
+application app_path do
+  data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
 
-botka_freenode_path = "/opt/botka_freenode"
-application botka_freenode_path do
-  owner "hubot"
-  group "hubot"
+  owner app_user
+  group app_group
 
   git do
-    user       "hubot"
-    group      "hubot"
+    user       app_user
+    group      app_group
     repository "https://github.com/67P/botka.git"
     revision   "master"
   end
 
-  file "#{name}/external-scripts.json" do
+  file "#{app_path}/external-scripts.json" do
     mode  "0640"
-    owner "hubot"
-    group "hubot"
+    owner app_user
+    group app_group
     content [
       "hubot-help",
       "hubot-redis-brain",
@@ -57,7 +60,7 @@ application botka_freenode_path do
   end
 
   npm_install do
-    user "hubot"
+    user app_user
   end
 
   execute "systemctl daemon-reload" do
@@ -65,46 +68,46 @@ application botka_freenode_path do
     action :nothing
   end
 
-  template "/lib/systemd/system/botka_freenode_nodejs.service" do
+  template "/lib/systemd/system/#{app_name}.service" do
     source 'nodejs.systemd.service.erb'
     owner 'root'
     group 'root'
     mode '0644'
     variables(
-      user: "hubot",
-      group: "hubot",
-      app_dir: botka_freenode_path,
-      entry: "#{botka_freenode_path}/bin/hubot -a irc",
+      user: app_user,
+      group: app_group,
+      app_dir: app_path,
+      entry: "#{app_path}/bin/hubot -a irc",
       environment: {
+        "HUBOT_LOG_LEVEL"             => node.chef_environment == "development" ? "debug" : "info",
         "HUBOT_IRC_SERVER"            => "irc.freenode.net",
         "HUBOT_IRC_ROOMS"             => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#opensourcedesign,#openknot,#emberjs,#mastodon,#indieweb,#lnd",
         "HUBOT_IRC_NICK"              => "botka",
         "HUBOT_IRC_NICKSERV_USERNAME" => "botka",
-        "HUBOT_IRC_NICKSERV_PASSWORD" => botka_freenode_data_bag_item['nickserv_password'],
+        "HUBOT_IRC_NICKSERV_PASSWORD" => data_bag['nickserv_password'],
         "HUBOT_IRC_UNFLOOD"           => "100",
         "HUBOT_RSS_PRINTSUMMARY"      => "false",
         "HUBOT_RSS_PRINTERROR"        => "false",
         "HUBOT_RSS_IRCCOLORS"         => "true",
-        # "HUBOT_LOG_LEVEL"             => "error",
         "EXPRESS_PORT"                => node[app_name]['http_port'],
         "HUBOT_AUTH_ADMIN"            => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao",
         "HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
         "RS_LOGGER_USER"              => "kosmos@5apps.com",
-        "RS_LOGGER_TOKEN"             => botka_freenode_data_bag_item['rs_logger_token'],
+        "RS_LOGGER_TOKEN"             => data_bag['rs_logger_token'],
         "RS_LOGGER_SERVER_NAME"       => "freenode",
         "RS_LOGGER_PUBLIC"            => "true",
-        "GCM_API_KEY"                 => botka_freenode_data_bag_item['gcm_api_key'],
+        "GCM_API_KEY"                 => data_bag['gcm_api_key'],
         "VAPID_SUBJECT"               => "https://kosmos.org",
-        "VAPID_PUBLIC_KEY"            => botka_freenode_data_bag_item['vapid_public_key'],
-        "VAPID_PRIVATE_KEY"           => botka_freenode_data_bag_item['vapid_private_key'],
+        "VAPID_PUBLIC_KEY"            => data_bag['vapid_public_key'],
+        "VAPID_PRIVATE_KEY"           => data_bag['vapid_private_key'],
         "REDIS_URL"                   => "redis://localhost:6379/botka"
       }
     )
     notifies :run, "execute[systemctl daemon-reload]", :delayed
-    notifies :restart, "service[botka_freenode_nodejs]", :delayed
+    notifies :restart, "service[#{app_name}]", :delayed
   end
 
-  service "botka_freenode_nodejs" do
+  service app_name do
     action [:enable, :start]
   end
 end
@@ -113,25 +116,23 @@ end
 # Nginx reverse proxy
 #
 unless node.chef_environment == "development"
-  express_domain = "freenode.botka.kosmos.org"
-
   include_recipe "kosmos-base::letsencrypt"
   include_recipe "kosmos-nginx"
 
-  template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
+  template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
     source 'nginx_conf_hubot.erb'
     owner node["nginx"]["user"]
     mode 0640
     variables express_port: node[app_name]['http_port'],
-              server_name:  express_domain,
-              ssl_cert:     "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
-              ssl_key:      "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
+              server_name:  node[app_name]['domain'],
+              ssl_cert:     "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
+              ssl_key:      "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
     notifies :reload, 'service[nginx]', :delayed
   end
 
-  nginx_site express_domain do
+  nginx_site node[app_name]['domain'] do
     action :enable
   end
 
-  nginx_certbot_site express_domain
+  nginx_certbot_site node[app_name]['domain']
 end

From f3f0d0deb2b3e63ce008180eb96ce175a20344c2 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Thu, 9 May 2019 23:43:21 +0200
Subject: [PATCH 48/54] Add nginx site for hal8000_xmpp

---
 .../kosmos-hubot/recipes/hal8000_xmpp.rb      | 36 ++++++++++++++-----
 1 file changed, 27 insertions(+), 9 deletions(-)

diff --git a/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb b/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
index fd2fc75..cd92579 100644
--- a/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
@@ -38,6 +38,15 @@ include_recipe "kosmos-hubot::_user"
 # Needed for hubot-kredits
 include_recipe "kosmos-ipfs"
 
+unless node.chef_environment == "development"
+  include_recipe 'firewall'
+  firewall_rule 'ipfs_swarm_p2p' do
+    port     4001
+    protocol :tcp
+    command  :allow
+  end
+end
+
 application app_path do
   data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
 
@@ -119,18 +128,27 @@ application app_path do
   end
 end
 
+#
+# Nginx reverse proxy
+#
 unless node.chef_environment == "development"
-  include_recipe 'firewall'
+  include_recipe "kosmos-base::letsencrypt"
+  include_recipe "kosmos-nginx"
 
-  firewall_rule "hubot_express_#{app_name}" do
-    port     node[app_name]['http_port']
-    protocol :tcp
-    command  :allow
+  template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
+    source 'nginx_conf_hubot.erb'
+    owner node["nginx"]["user"]
+    mode 0640
+    variables express_port: node[app_name]['http_port'],
+              server_name:  node[app_name]['domain'],
+              ssl_cert:     "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
+              ssl_key:      "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
+    notifies :reload, 'service[nginx]', :delayed
   end
 
-  firewall_rule 'ipfs_swarm_p2p' do
-    port     4001
-    protocol :tcp
-    command  :allow
+  nginx_site node[app_name]['domain'] do
+    action :enable
   end
+
+  nginx_certbot_site node[app_name]['domain']
 end

From 9661980235248da176537f7bf18457fb19a17767 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Fri, 10 May 2019 07:00:35 +0200
Subject: [PATCH 49/54] Change bot domain

---
 site-cookbooks/kosmos-hubot/attributes/default.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/site-cookbooks/kosmos-hubot/attributes/default.rb b/site-cookbooks/kosmos-hubot/attributes/default.rb
index b6ec003..f4339af 100644
--- a/site-cookbooks/kosmos-hubot/attributes/default.rb
+++ b/site-cookbooks/kosmos-hubot/attributes/default.rb
@@ -4,7 +4,7 @@ node.default['botka_freenode']['http_port'] = 8081
 node.default['botka_freenode']['domain'] = "freenode.botka.kosmos.org"
 
 node.default['hal8000_xmpp']['http_port'] = 8082
-node.default['hal8000_xmpp']['domain'] = "xmpp.hal8000.kosmos.org"
+node.default['hal8000_xmpp']['domain'] = "hal8000.chat.kosmos.org"
 
 node.default['hal8000_xmpp']['hubot_scripts'] = [
   "hubot-help", "hubot-read-tweet", "hubot-redis-brain",

From 4a480931a5ad6ea5ae36925091951b972ca00cc9 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Fri, 10 May 2019 07:00:53 +0200
Subject: [PATCH 50/54] Fix bug in nginx config

Server name isn't recognized when adding a header
directive before like this.
---
 .../kosmos-hubot/templates/default/nginx_conf_hubot.erb       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb b/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb
index a143bcd..e7848c1 100644
--- a/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb
+++ b/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb
@@ -8,10 +8,10 @@ upstream _express_<%= @server_name.gsub(".", "_") %> {
 <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
 server {
   listen 443 ssl http2;
-  add_header Strict-Transport-Security "max-age=15768000";
-
   server_name <%= @server_name %>;
 
+  add_header Strict-Transport-Security "max-age=15768000";
+
   access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json;
   error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
 

From b29a007533613987da527edb5f1e04dbada9fd87 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Fri, 10 May 2019 07:01:43 +0200
Subject: [PATCH 51/54] Use different Redis database for new bot

---
 site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb b/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
index cd92579..159b305 100644
--- a/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
@@ -99,6 +99,7 @@ application app_path do
         "HUBOT_PLUSPLUS_POINTS_TERM"    => "karma,karma",
         "HUBOT_RSS_HEADER"              => "Update:",
         "HUBOT_HELP_REPLY_IN_PRIVATE"   => "true",
+        "REDIS_URL"                     => "redis://localhost:6379/#{app_name}",
         "EXPRESS_PORT"                  => node[app_name]['http_port'],
         "WEBHOOK_TOKEN"                 => data_bag['webhook_token'],
         "IPFS_API_HOST"                 => node[app_name]['kredits']['ipfs_host'],

From 7afc2f57747ea33459b132274b18b9f4d4865aa7 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Fri, 10 May 2019 07:02:08 +0200
Subject: [PATCH 52/54] Remove old hubot admins from botka

---
 site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
index b74b4d8..a974cd4 100644
--- a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
@@ -89,8 +89,9 @@ application app_path do
         "HUBOT_RSS_PRINTSUMMARY"      => "false",
         "HUBOT_RSS_PRINTERROR"        => "false",
         "HUBOT_RSS_IRCCOLORS"         => "true",
+        "REDIS_URL"                   => "redis://localhost:6379/botka",
         "EXPRESS_PORT"                => node[app_name]['http_port'],
-        "HUBOT_AUTH_ADMIN"            => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao",
+        "HUBOT_AUTH_ADMIN"            => "derbumi,galfert,gregkare,slvrbckt,raucao",
         "HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
         "RS_LOGGER_USER"              => "kosmos@5apps.com",
         "RS_LOGGER_TOKEN"             => data_bag['rs_logger_token'],
@@ -99,8 +100,7 @@ application app_path do
         "GCM_API_KEY"                 => data_bag['gcm_api_key'],
         "VAPID_SUBJECT"               => "https://kosmos.org",
         "VAPID_PUBLIC_KEY"            => data_bag['vapid_public_key'],
-        "VAPID_PRIVATE_KEY"           => data_bag['vapid_private_key'],
-        "REDIS_URL"                   => "redis://localhost:6379/botka"
+        "VAPID_PRIVATE_KEY"           => data_bag['vapid_private_key']
       }
     )
     notifies :run, "execute[systemctl daemon-reload]", :delayed

From 3fbea864c1a0f7a1096f08ddd475a2d5aea67951 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Fri, 10 May 2019 07:08:29 +0200
Subject: [PATCH 53/54] Remove hubot-kredits from IRC hal8000

---
 .../kosmos-hubot/recipes/hal8000.rb           | 27 +------------------
 1 file changed, 1 insertion(+), 26 deletions(-)

diff --git a/site-cookbooks/kosmos-hubot/recipes/hal8000.rb b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
index 26d3199..87e92c6 100644
--- a/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
@@ -31,9 +31,6 @@ include_recipe "kosmos-nodejs"
 include_recipe "kosmos-redis"
 include_recipe "kosmos-hubot::_user"
 
-# Needed for hubot-kredits
-include_recipe "kosmos-ipfs"
-
 unless node.chef_environment == "development"
   include_recipe 'firewall'
   firewall_rule 'hubot_express_hal8000_freenode' do
@@ -41,11 +38,6 @@ unless node.chef_environment == "development"
     protocol :tcp
     command  :allow
   end
-  firewall_rule 'ipfs_swarm_p2p' do
-    port     4001
-    protocol :tcp
-    command  :allow
-  end
 end
 
 hal8000_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'hal8000_freenode')
@@ -78,7 +70,6 @@ application hal8000_path do
       "hubot-rss-reader",
       "hubot-incoming-webhook",
       "hubot-auth",
-      "hubot-kredits",
       "hubot-schedule"
     ].to_json
   end
@@ -114,33 +105,17 @@ application hal8000_path do
         "HUBOT_RSS_PRINTERROR"          => "false",
         "HUBOT_RSS_IRCCOLORS"           => "true",
         "HUBOT_PLUSPLUS_POINTS_TERM"    => "karma,karma",
-        "EXPRESS_PORT"                  => node['hal8000']['http_port'],
         "HUBOT_RSS_HEADER"              => "Update:",
         "HUBOT_AUTH_ADMIN"              => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao",
         "HUBOT_HELP_REPLY_IN_PRIVATE"   => "true",
         "WEBHOOK_TOKEN"                 => hal8000_freenode_data_bag_item['webhook_token'],
-        "IPFS_API_HOST"                 => node['hal8000']['kredits']['ipfs_host'],
-        "IPFS_API_PORT"                 => node['hal8000']['kredits']['ipfs_port'],
-        "IPFS_API_PROTOCOL"             => node['hal8000']['kredits']['ipfs_protocol'],
-        "KREDITS_ROOM"                  => node['hal8000']['kredits']['room'],
-        "KREDITS_WEBHOOK_TOKEN"         => hal8000_freenode_data_bag_item['kredits_webhook_token'],
-        "KREDITS_PROVIDER_URL"          => node['hal8000']['kredits']['provider_url'],
-        "KREDITS_NETWORK_ID"            => node['hal8000']['kredits']['network_id'],
-        "KREDITS_WALLET_PATH"           => node['hal8000']['kredits']['wallet_path'],
-        "KREDITS_WALLET_PASSWORD"       => hal8000_freenode_data_bag_item['kredits_wallet_password'],
-        "KREDITS_MEDIAWIKI_URL"         => node['hal8000']['kredits']['mediawiki_url'],
-        "KREDITS_GITHUB_REPO_BLACKLIST" => node['hal8000']['kredits']['github_repo_blacklist'],
-        "KREDITS_GITEA_REPO_BLACKLIST"  => node['hal8000']['kredits']['gitea_repo_blacklist']
+        "EXPRESS_PORT"                  => node['hal8000']['http_port']
       }
     )
     notifies :run, "execute[systemctl daemon-reload]", :delayed
     notifies :restart, "service[hal8000_nodejs]", :delayed
   end
 
-  cookbook_file "#{name}/wallet.json" do
-    source "wallet.json"
-  end
-
   service "hal8000_nodejs" do
     action [:enable, :start]
   end

From 5521457d095c269d7b5d15970bd2bd919055cac5 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Fri, 10 May 2019 07:22:01 +0200
Subject: [PATCH 54/54] Add hal8000_xmpp to barnard's runlist

Also, switch to explicit recipe definitions for the other bots.
---
 nodes/barnard.kosmos.org.json | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nodes/barnard.kosmos.org.json b/nodes/barnard.kosmos.org.json
index d1aa027..0790fc7 100644
--- a/nodes/barnard.kosmos.org.json
+++ b/nodes/barnard.kosmos.org.json
@@ -3,7 +3,9 @@
     "role[base]",
     "role[kredits_github]",
     "kosmos-ipfs::cluster",
-    "kosmos-hubot"
+    "kosmos-hubot::botka_freenode",
+    "kosmos-hubot::hal8000",
+    "kosmos-hubot::hal8000_xmpp"
   ],
   "automatic": {
     "ipaddress": "barnard.kosmos.org"