Merge pull request 'Add Liquor Cabinet cookbooks and configs, deploy to production' (#541) from feature/535-liquor_cabinet into master
Reviewed-on: #541
This commit is contained in:
commit
49db14869d
|
@ -1,51 +1,65 @@
|
|||
{
|
||||
"id": "akkounts",
|
||||
"postgresql_username": {
|
||||
"encrypted_data": "/Idxzq83imf6o6pbmFAk7bgxg69N7/1KNhgj\n",
|
||||
"iv": "34BrmVmlxzuA7IJG\n",
|
||||
"auth_tag": "VyLpWDshrOd417ZiY3432w==\n",
|
||||
"encrypted_data": "l00Lmdbl5xNq07XU4XmcnRxXsIJaYyMQQ6xI\n",
|
||||
"iv": "yxvL6hKwlVWmdMzl\n",
|
||||
"auth_tag": "mMCV9ewJW/0TfVE76WBSZw==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"postgresql_password": {
|
||||
"encrypted_data": "XqEmt+yu7mB6vBOUCT/5AtIptdUamfniz+PrFYCP0A==\n",
|
||||
"iv": "2XdVUHkeeS1LHzMx\n",
|
||||
"auth_tag": "mq0v9ikHD7pxTUrGO+VF9A==\n",
|
||||
"encrypted_data": "Q6xWsH6bmI1GfMzme3mBRYrt3XmDwFJ7E4FjYg2Rrw==\n",
|
||||
"iv": "jcQmuT7Jz3g3XE8d\n",
|
||||
"auth_tag": "nNMvf9UmP6ikf1BW93QZIw==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"sentry_dsn": {
|
||||
"encrypted_data": "u82JsPq5HvQRE2eWIbVp73LdqffyuTTylbURtM7XRJ6AXyKp1WD/iwVhNnL7\n/NKSWR24/u63WJCP4rXpW7293ZRU5UW/W3GwlOjNtbdxcaQ=\n",
|
||||
"iv": "0GIV8v92dh4+Ma/Z\n",
|
||||
"auth_tag": "XbuxPIZ5VxuMjw/f+usCgA==\n",
|
||||
"encrypted_data": "V7cqlH2baN1Ix/ggQFeo9PY6dNKKpnDECaB1cO3XuCfy74oN2ot44nbpCQTA\nUl0+1LQv/qNn/L4gmJkqZfdIXZQqhR+iTc06UJxe3aTKJDw=\n",
|
||||
"iv": "HJtdKYcApwaxhTXI\n",
|
||||
"auth_tag": "qyIYK9h6nciJTFXBWOjVOA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"rails_master_key": {
|
||||
"encrypted_data": "31N79um4TTD0tuDurrZVztoSv0sxZ70paV7AhD8P4+lX8kUkfhiugCbdhst0\n12YP5v/8\n",
|
||||
"iv": "l4qanaerdou8AApw\n",
|
||||
"auth_tag": "yvkcM4on1EMm1LhmmZ+O+g==\n",
|
||||
"encrypted_data": "KAl2Kgq1TXjOm4TNxGwZkPwJeOSNLbLLKiRdb4fTyBFfUhIGGeCS9VvV9kIb\n9sQZ6HLU\n",
|
||||
"iv": "BBPvDNs6nBXDti5I\n",
|
||||
"auth_tag": "yjM/0nyUwt+5SSGuLC5qWA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"discourse_connect_secret": {
|
||||
"encrypted_data": "Ebs8KVEA0r4nFxYNjxxZFUWndxwoKes/9ihEgqgKLN76t6yzCUONeJZBMl0G\nXLdI8A==\n",
|
||||
"iv": "ob8KBWeoHXFlZ7Nk\n",
|
||||
"auth_tag": "motppQbVEhg6qyKRYpqctA==\n",
|
||||
"encrypted_data": "YHkZGzXeK3nDHaXt3JKmGtCcvMfgvv3yHbvS2C+CLKagOIOe+0+2/CiNuh4U\nxO1Pug==\n",
|
||||
"iv": "SnUxDpIMQum8ySfN\n",
|
||||
"auth_tag": "Ny6I+3EoCA1s74JLjjbbyQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"lndhub_admin_token": {
|
||||
"encrypted_data": "I2hSF6X9L3OWbet5QWzrCyA3XyGFhFBgHh/uFr5dQ3RB\n",
|
||||
"iv": "Kr8u2j5napFSamYc\n",
|
||||
"auth_tag": "t93UNWomf+6WaZF7VVzTeQ==\n",
|
||||
"encrypted_data": "dJHxB80Enwkm+2aNuIrp7lILAy2J5tQaChPJCl/BHwMo\n",
|
||||
"iv": "zHLtD1jTIwvjMt1l\n",
|
||||
"auth_tag": "IC0adEzsS5YF5YHqabWw2A==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"btcpay_auth_token": {
|
||||
"encrypted_data": "0qesJ5KMvU2DlKdz7lExJWq0X9XYjpsqw61kLXWw4UNYwpNxPyFJSjbR9yKh\ntu0zMdtMB9Vur9izWBY=\n",
|
||||
"iv": "gw2oAyeF2Kuvb3Em\n",
|
||||
"auth_tag": "zMtos/E3e3XXeTlAY7o0lg==\n",
|
||||
"encrypted_data": "YbM0HvgIijluKQBcgfKn6hmWvdbhr0ijR1xKc+BRZCZJsRaJBHTjCbwhH8T9\nVnBESruyjhxphtBetcc=\n",
|
||||
"iv": "3107v/c2Tonx6/cP\n",
|
||||
"auth_tag": "jnO9fvoXJW5gbDMRjkdMPA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"s3_access_key": {
|
||||
"encrypted_data": "PFjQKe1us12SNHlReQ4f0qctulPp4d2F3t5t+AGocp87PS/kZx77rtHQtruK\n",
|
||||
"iv": "BGD8+XchqwPmhhwi\n",
|
||||
"auth_tag": "XefaZKCVs8hotszALN+kxQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"s3_secret_key": {
|
||||
"encrypted_data": "ziO35x8P1YMaSeenMNQoTWug62b5ZVLFlkMlJEFGnYjHK5qTAn6ir06WnMJC\n0zErzTZsPpcr7KpE/ipWgWHRy7qVbGnd6iVO4t9tf5NjiU2OXfA=\n",
|
||||
"iv": "S3syCCxh2m+mylLu\n",
|
||||
"auth_tag": "ZMkyBqXMXr3K3LGqxWvbtA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
}
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
{
|
||||
"id": "liquor-cabinet",
|
||||
"s3_access_key": {
|
||||
"encrypted_data": "TKYUWVboQZUKvw4bqrKsL28dH2DGR5iDBQclAwm5I7GqkxFfkG2d91qLv+BA\n",
|
||||
"iv": "B8YYzXeFGxMG34WI\n",
|
||||
"auth_tag": "HOIfcpJOFYIVvf5o8lk4mg==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"s3_secret_key": {
|
||||
"encrypted_data": "GRqGJkGJ/f0zQVtO0r9TcXBqlpnfC5PiwTZK8QmsqEhzQI6U67NAf62QqTgl\nGVI1h8G5ITgC3l0xVhcvH6m2bcs9fjNzFIqnhoZhzGwEt51A5Zk=\n",
|
||||
"iv": "UAlmoUWLedpd79xa\n",
|
||||
"auth_tag": "2F/EJhY5/59dtFFwkd106A==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
}
|
||||
}
|
|
@ -43,8 +43,9 @@
|
|||
"s3_web_root_domain": "web.s3.kosmos.org",
|
||||
"s3_web_domains": [
|
||||
"media.kosmos.chat",
|
||||
"s3.kosmos.social",
|
||||
"s3.community.kosmos.org"
|
||||
"s3.accounts.kosmos.org",
|
||||
"s3.community.kosmos.org",
|
||||
"s3.kosmos.social"
|
||||
],
|
||||
"xmpp_upload_bucket": "kosmos-xmpp-uploads"
|
||||
},
|
||||
|
@ -80,6 +81,16 @@
|
|||
"mastodon.w7nooprauv6yrnhzh2ajpcnj3doinked2aaztlwfyt6u6pva2qdxqhid.onion"
|
||||
]
|
||||
},
|
||||
"liquor-cabinet": {
|
||||
"ufw_source_allowed": "10.1.1.0/24",
|
||||
"redis_port": 6379,
|
||||
"redis_db": 1,
|
||||
"s3_endpoint": "http://localhost:3900",
|
||||
"s3_region": "garage",
|
||||
"s3_bucket": "rs-kosmos",
|
||||
"domain": "storage.kosmos.org",
|
||||
"root_redirect_url": "https://accounts.kosmos.org"
|
||||
},
|
||||
"mediawiki": {
|
||||
"url": "https://wiki.kosmos.org"
|
||||
},
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
"kvm_guest",
|
||||
"ldap_client",
|
||||
"sentry_client",
|
||||
"garage_gateway",
|
||||
"akkounts",
|
||||
"postgresql_client"
|
||||
],
|
||||
|
@ -26,6 +27,9 @@
|
|||
"kosmos_kvm::guest",
|
||||
"kosmos-dirsrv::hostsfile",
|
||||
"kosmos_sentry::client",
|
||||
"kosmos_garage",
|
||||
"kosmos_garage::default",
|
||||
"kosmos_garage::firewall_rpc",
|
||||
"kosmos_postgresql::hostsfile",
|
||||
"kosmos-akkounts",
|
||||
"kosmos-akkounts::default",
|
||||
|
@ -43,6 +47,7 @@
|
|||
"postfix::_attributes",
|
||||
"postfix::sasl_auth",
|
||||
"hostname::default",
|
||||
"firewall::default",
|
||||
"redisio::default",
|
||||
"redisio::_install_prereqs",
|
||||
"redisio::install",
|
||||
|
@ -76,6 +81,7 @@
|
|||
"role[kvm_guest]",
|
||||
"role[ldap_client]",
|
||||
"role[sentry_client]",
|
||||
"role[garage_gateway]",
|
||||
"role[akkounts]"
|
||||
]
|
||||
}
|
|
@ -52,6 +52,7 @@
|
|||
"kosmos_garage::nginx_s3",
|
||||
"kosmos_gitea::nginx",
|
||||
"kosmos_gitea::nginx_ssh",
|
||||
"kosmos_liquor-cabinet::nginx",
|
||||
"kosmos_rsk::nginx_testnet",
|
||||
"kosmos_rsk::nginx_mainnet",
|
||||
"kosmos_website",
|
||||
|
|
|
@ -45,6 +45,7 @@
|
|||
"kosmos_garage::nginx_s3",
|
||||
"kosmos_gitea::nginx",
|
||||
"kosmos_gitea::nginx_ssh",
|
||||
"kosmos_liquor-cabinet::nginx",
|
||||
"kosmos_rsk::nginx_testnet",
|
||||
"kosmos_rsk::nginx_mainnet",
|
||||
"kosmos_website",
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{
|
||||
"name": "lq-1",
|
||||
"chef_environment": "production",
|
||||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "10.1.1.87"
|
||||
|
@ -8,17 +9,24 @@
|
|||
"automatic": {
|
||||
"fqdn": "lq-1",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1090-kvm",
|
||||
"os_version": "5.4.0-1104-kvm",
|
||||
"hostname": "lq-1",
|
||||
"ipaddress": "192.168.122.158",
|
||||
"roles": [
|
||||
"base",
|
||||
"kvm_guest"
|
||||
"kvm_guest",
|
||||
"garage_gateway",
|
||||
"liquor_cabinet"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"kosmos_garage",
|
||||
"kosmos_garage::default",
|
||||
"kosmos_garage::firewall_rpc",
|
||||
"kosmos_liquor-cabinet",
|
||||
"kosmos_liquor-cabinet::default",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
@ -32,7 +40,9 @@
|
|||
"postfix::_common",
|
||||
"postfix::_attributes",
|
||||
"postfix::sasl_auth",
|
||||
"hostname::default"
|
||||
"hostname::default",
|
||||
"firewall::default",
|
||||
"liquor_cabinet::default"
|
||||
],
|
||||
"platform": "ubuntu",
|
||||
"platform_version": "20.04",
|
||||
|
@ -51,6 +61,8 @@
|
|||
},
|
||||
"run_list": [
|
||||
"role[base]",
|
||||
"role[kvm_guest]"
|
||||
"role[kvm_guest]",
|
||||
"role[garage_gateway]",
|
||||
"role[liquor_cabinet]"
|
||||
]
|
||||
}
|
|
@ -1,5 +1,6 @@
|
|||
{
|
||||
"name": "lq-2",
|
||||
"chef_environment": "production",
|
||||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "10.1.1.188"
|
||||
|
@ -8,17 +9,24 @@
|
|||
"automatic": {
|
||||
"fqdn": "lq-2",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1090-kvm",
|
||||
"os_version": "5.4.0-1104-kvm",
|
||||
"hostname": "lq-2",
|
||||
"ipaddress": "192.168.122.47",
|
||||
"roles": [
|
||||
"base",
|
||||
"kvm_guest"
|
||||
"kvm_guest",
|
||||
"garage_gateway",
|
||||
"liquor_cabinet"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"kosmos_garage",
|
||||
"kosmos_garage::default",
|
||||
"kosmos_garage::firewall_rpc",
|
||||
"liquor_cabinet",
|
||||
"liquor_cabinet::default",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
@ -32,7 +40,8 @@
|
|||
"postfix::_common",
|
||||
"postfix::_attributes",
|
||||
"postfix::sasl_auth",
|
||||
"hostname::default"
|
||||
"hostname::default",
|
||||
"firewall::default"
|
||||
],
|
||||
"platform": "ubuntu",
|
||||
"platform_version": "20.04",
|
||||
|
@ -51,6 +60,8 @@
|
|||
},
|
||||
"run_list": [
|
||||
"role[base]",
|
||||
"role[kvm_guest]"
|
||||
"role[kvm_guest]",
|
||||
"role[garage_gateway]",
|
||||
"role[liquor_cabinet]"
|
||||
]
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
name "liquor_cabinet"
|
||||
|
||||
run_list %w(
|
||||
kosmos_liquor-cabinet::default
|
||||
)
|
|
@ -25,6 +25,7 @@ production_run_list = %w(
|
|||
kosmos_garage::nginx_s3
|
||||
kosmos_gitea::nginx
|
||||
kosmos_gitea::nginx_ssh
|
||||
kosmos_liquor-cabinet::nginx
|
||||
kosmos_rsk::nginx_testnet
|
||||
kosmos_rsk::nginx_mainnet
|
||||
kosmos_website::default
|
||||
|
|
|
@ -19,3 +19,9 @@ node.default['akkounts']['lndhub']['api_url'] = nil
|
|||
node.default['akkounts']['lndhub']['public_url'] = nil
|
||||
node.default['akkounts']['lndhub']['public_key'] = nil
|
||||
node.default['akkounts']['lndhub']['postgres_db'] = 'lndhub'
|
||||
|
||||
node.default['akkounts']['s3_enabled'] = true
|
||||
node.default['akkounts']['s3_endpoint'] = "https://s3.kosmos.org"
|
||||
node.default['akkounts']['s3_region'] = "garage"
|
||||
node.default['akkounts']['s3_bucket'] = "akkounts-production"
|
||||
node.default['akkounts']['s3_alias_host'] = "https://s3.accounts.kosmos.org"
|
||||
|
|
|
@ -69,17 +69,33 @@ if webhooks_allowed_ips.length > 0
|
|||
env[:webhooks_allowed_ips] = webhooks_allowed_ips
|
||||
end
|
||||
|
||||
#
|
||||
# BTCPay Server
|
||||
#
|
||||
|
||||
if btcpay_host
|
||||
env[:btcpay_api_url] = "http://#{btcpay_host}:23001/api/v1"
|
||||
env[:btcpay_store_id] = node['akkounts']['btcpay']['store_id']
|
||||
env[:btcpay_auth_token] = credentials["btcpay_auth_token"]
|
||||
end
|
||||
|
||||
#
|
||||
# Discourse
|
||||
#
|
||||
|
||||
env[:discourse_public_url] = "https://#{node['discourse']['domain']}"
|
||||
env[:discourse_connect_secret] = credentials['discourse_connect_secret']
|
||||
|
||||
#
|
||||
# Drone CI
|
||||
#
|
||||
|
||||
env[:droneci_public_url] = node["droneci"]["public_url"]
|
||||
|
||||
#
|
||||
# ejabberd
|
||||
#
|
||||
|
||||
ejabberd_private_ip_addresses = []
|
||||
search(:node, "role:ejabberd").each do |node|
|
||||
ejabberd_private_ip_addresses << node["knife_zero"]["host"]
|
||||
|
@ -101,8 +117,16 @@ if ejabberd_private_ip_addresses.size > 0
|
|||
env[:ejabberd_admin_url] = node['akkounts']['ejabberd']['admin_url']
|
||||
end
|
||||
|
||||
#
|
||||
# Gitea
|
||||
#
|
||||
|
||||
env[:gitea_public_url] = "https://#{node['gitea']['domain']}"
|
||||
|
||||
#
|
||||
# lndhub.go
|
||||
#
|
||||
|
||||
if lndhub_host
|
||||
node.override["akkounts"]["lndhub"]["api_url"] = "http://#{lndhub_host}:3026"
|
||||
env[:lndhub_legacy_api_url] = node["akkounts"]["lndhub"]["api_url"]
|
||||
|
@ -119,10 +143,49 @@ if lndhub_host
|
|||
end
|
||||
end
|
||||
|
||||
#
|
||||
# Mastodon
|
||||
#
|
||||
|
||||
env[:mastodon_public_url] = "https://#{node['kosmos-mastodon']['domain']}"
|
||||
|
||||
#
|
||||
# MediaWiki
|
||||
#
|
||||
|
||||
env[:mediawiki_public_url] = node['mediawiki']['url']
|
||||
|
||||
#
|
||||
# remoteStorage / Liquor Cabinet
|
||||
#
|
||||
|
||||
env[:rs_storage_url] = "https://#{node['liquor-cabinet']['domain']}"
|
||||
|
||||
rs_redis_host = search(:node, "role:redis_server").first["knife_zero"]["host"] rescue nil
|
||||
rs_redis_port = node['liquor-cabinet']['redis_port']
|
||||
rs_redis_db = node['liquor-cabinet']['redis_db']
|
||||
if rs_redis_host
|
||||
env[:rs_redis_url] = "redis://#{rs_redis_host}:#{rs_redis_port}/#{rs_redis_db}"
|
||||
end
|
||||
|
||||
#
|
||||
# S3
|
||||
#
|
||||
|
||||
if node['akkounts']['s3_enabled']
|
||||
env[:s3_enabled] = true
|
||||
env[:s3_endpoint] = node['akkounts']['s3_endpoint']
|
||||
env[:s3_region] = node['akkounts']['s3_region']
|
||||
env[:s3_bucket] = node['akkounts']['s3_bucket']
|
||||
env[:s3_alias_host] = node['akkounts']['s3_alias_host']
|
||||
env[:s3_access_key] = credentials['s3_access_key']
|
||||
env[:s3_secret_key] = credentials['s3_secret_key']
|
||||
end
|
||||
|
||||
#
|
||||
# Akkounts Deployment
|
||||
#
|
||||
|
||||
systemd_unit "akkounts.service" do
|
||||
content({
|
||||
Unit: {
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
.vagrant
|
||||
*~
|
||||
*#
|
||||
.#*
|
||||
\#*#
|
||||
.*.sw[a-z]
|
||||
*.un~
|
||||
|
||||
# Bundler
|
||||
Gemfile.lock
|
||||
gems.locked
|
||||
bin/*
|
||||
.bundle/*
|
||||
|
||||
# test kitchen
|
||||
.kitchen/
|
||||
kitchen.local.yml
|
||||
|
||||
# Chef Infra
|
||||
Berksfile.lock
|
||||
.zero-knife.rb
|
||||
Policyfile.lock.json
|
||||
|
||||
.idea/
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
# kosmos_liquor-cabinet CHANGELOG
|
||||
|
||||
This file is used to list changes made in each version of the kosmos_liquor-cabinet cookbook.
|
||||
|
||||
## 0.1.0
|
||||
|
||||
Initial release.
|
|
@ -0,0 +1,21 @@
|
|||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2024 Kosmos Developers
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
|
@ -0,0 +1,7 @@
|
|||
# kosmos_liquor-cabinet
|
||||
|
||||
Installs/configures the [Liquor Cabinet][1] [remoteStorage][2] API server and
|
||||
reverse proxy.
|
||||
|
||||
[1]: https://gitea.kosmos.org/5apps/liquor-cabinet
|
||||
[2]: https://remotestorage.io
|
|
@ -0,0 +1,4 @@
|
|||
node.default['liquor-cabinet']['app_server_role'] = 'liquor_cabinet'
|
||||
node.default['liquor-cabinet']['max_upload_size'] = 100 # MB
|
||||
node.default['liquor-cabinet']['server_name'] = 'storage.example.com'
|
||||
node.default['liquor-cabinet']['root_redirect_url'] = 'https://example.com/storage'
|
|
@ -0,0 +1,115 @@
|
|||
# Put files/directories that should be ignored in this file when uploading
|
||||
# to a Chef Infra Server or Supermarket.
|
||||
# Lines that start with '# ' are comments.
|
||||
|
||||
# OS generated files #
|
||||
######################
|
||||
.DS_Store
|
||||
ehthumbs.db
|
||||
Icon?
|
||||
nohup.out
|
||||
Thumbs.db
|
||||
.envrc
|
||||
|
||||
# EDITORS #
|
||||
###########
|
||||
.#*
|
||||
.project
|
||||
.settings
|
||||
*_flymake
|
||||
*_flymake.*
|
||||
*.bak
|
||||
*.sw[a-z]
|
||||
*.tmproj
|
||||
*~
|
||||
\#*
|
||||
REVISION
|
||||
TAGS*
|
||||
tmtags
|
||||
.vscode
|
||||
.editorconfig
|
||||
|
||||
## COMPILED ##
|
||||
##############
|
||||
*.class
|
||||
*.com
|
||||
*.dll
|
||||
*.exe
|
||||
*.o
|
||||
*.pyc
|
||||
*.so
|
||||
*/rdoc/
|
||||
a.out
|
||||
mkmf.log
|
||||
|
||||
# Testing #
|
||||
###########
|
||||
.circleci/*
|
||||
.codeclimate.yml
|
||||
.delivery/*
|
||||
.foodcritic
|
||||
.kitchen*
|
||||
.mdlrc
|
||||
.overcommit.yml
|
||||
.rspec
|
||||
.rubocop.yml
|
||||
.travis.yml
|
||||
.watchr
|
||||
.yamllint
|
||||
azure-pipelines.yml
|
||||
Dangerfile
|
||||
examples/*
|
||||
features/*
|
||||
Guardfile
|
||||
kitchen.yml*
|
||||
mlc_config.json
|
||||
Procfile
|
||||
Rakefile
|
||||
spec/*
|
||||
test/*
|
||||
|
||||
# SCM #
|
||||
#######
|
||||
.git
|
||||
.gitattributes
|
||||
.gitconfig
|
||||
.github/*
|
||||
.gitignore
|
||||
.gitkeep
|
||||
.gitmodules
|
||||
.svn
|
||||
*/.bzr/*
|
||||
*/.git
|
||||
*/.hg/*
|
||||
*/.svn/*
|
||||
|
||||
# Berkshelf #
|
||||
#############
|
||||
Berksfile
|
||||
Berksfile.lock
|
||||
cookbooks/*
|
||||
tmp
|
||||
|
||||
# Bundler #
|
||||
###########
|
||||
vendor/*
|
||||
Gemfile
|
||||
Gemfile.lock
|
||||
|
||||
# Policyfile #
|
||||
##############
|
||||
Policyfile.rb
|
||||
Policyfile.lock.json
|
||||
|
||||
# Documentation #
|
||||
#############
|
||||
CODE_OF_CONDUCT*
|
||||
CONTRIBUTING*
|
||||
documentation/*
|
||||
TESTING*
|
||||
UPGRADING*
|
||||
|
||||
# Vagrant #
|
||||
###########
|
||||
.vagrant
|
||||
Vagrantfile
|
|
@ -0,0 +1,37 @@
|
|||
---
|
||||
driver:
|
||||
name: dokken
|
||||
privileged: true # allows systemd services to start
|
||||
|
||||
provisioner:
|
||||
name: dokken
|
||||
|
||||
transport:
|
||||
name: dokken
|
||||
|
||||
verifier:
|
||||
name: inspec
|
||||
|
||||
platforms:
|
||||
# @see https://github.com/chef-cookbooks/testing_examples/blob/main/kitchen.dokken.yml
|
||||
# @see https://hub.docker.com/u/dokken
|
||||
- name: ubuntu-20.04
|
||||
driver:
|
||||
image: dokken/ubuntu-20.04
|
||||
pid_one_command: /bin/systemd
|
||||
intermediate_instructions:
|
||||
- RUN /usr/bin/apt-get update
|
||||
|
||||
- name: centos-8
|
||||
driver:
|
||||
image: dokken/centos-8
|
||||
pid_one_command: /usr/lib/systemd/systemd
|
||||
|
||||
suites:
|
||||
- name: default
|
||||
run_list:
|
||||
- recipe[kosmos_liquor-cabinet::default]
|
||||
verifier:
|
||||
inspec_tests:
|
||||
- test/integration/default
|
||||
attributes:
|
|
@ -0,0 +1,12 @@
|
|||
name 'kosmos_liquor-cabinet'
|
||||
maintainer 'Kosmos Developers'
|
||||
maintainer_email 'ops@kosmos.org'
|
||||
license 'MIT'
|
||||
description 'Installs/configures Liquor Cabinet API and reverse proxy'
|
||||
version '0.1.0'
|
||||
chef_version '>= 18.2'
|
||||
issues_url 'https://gitea.kosmos.org/kosmos/chef/issues'
|
||||
# source_url 'https://gitea.kosmos.org/kosmos/chef'
|
||||
|
||||
depends 'liquor_cabinet'
|
||||
depends 'kosmos_openresty'
|
|
@ -0,0 +1,6 @@
|
|||
#
|
||||
# Cookbook:: kosmos_liquor-cabinet
|
||||
# Recipe:: default
|
||||
#
|
||||
|
||||
include_recipe 'liquor_cabinet'
|
|
@ -0,0 +1,30 @@
|
|||
#
|
||||
# Cookbook:: kosmos_liquor-cabinet
|
||||
# Recipe:: nginx
|
||||
#
|
||||
|
||||
app_name = node['liquor-cabinet']['app_name']
|
||||
domain = node[app_name]['domain']
|
||||
|
||||
tls_cert_for domain do
|
||||
auth "gandi_dns"
|
||||
action :create
|
||||
end
|
||||
|
||||
upstream_hosts = []
|
||||
search(:node, "role:#{node[app_name]['app_server_role']}").each do |node|
|
||||
upstream_hosts << node["knife_zero"]["host"]
|
||||
end
|
||||
upstream_hosts.push("localhost") if upstream_hosts.empty?
|
||||
|
||||
openresty_site domain do
|
||||
template "nginx_conf_liquor-cabinet.erb"
|
||||
variables app_name: app_name,
|
||||
server_name: domain,
|
||||
root_redirect_url: node[app_name]['root_redirect_url'],
|
||||
max_upload_size: node['liquor-cabinet']['max_upload_size'],
|
||||
upstream_hosts: upstream_hosts,
|
||||
upstream_port: node[app_name]['rainbows']['port'],
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
|
||||
end
|
|
@ -0,0 +1,79 @@
|
|||
#
|
||||
# Generated by Chef
|
||||
#
|
||||
upstream _<%= @app_name %> {
|
||||
<% @upstream_hosts.each do |host| -%>
|
||||
server <%= host %>:<%= @upstream_port %>;
|
||||
<% end -%>
|
||||
}
|
||||
|
||||
# TODO use cookbook attribute when enabling
|
||||
# variables_hash_max_size 2048;
|
||||
|
||||
server {
|
||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>80;
|
||||
listen [::]:80;
|
||||
server_name <%= @server_name %>;
|
||||
# Redirect to https
|
||||
location / {
|
||||
return 301 https://<%= @server_name %>$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name <%= @server_name %>;
|
||||
|
||||
access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log; # TODO json_liquor_cabinet;
|
||||
error_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.error.log warn;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
|
||||
|
||||
# TODO
|
||||
# log_by_lua_file "<%= @log_by_lua_file %>";
|
||||
|
||||
# We need strong ETags, disable compression
|
||||
gzip off;
|
||||
# brotli off;
|
||||
# pagespeed off;
|
||||
|
||||
# Set a large maximum upload size
|
||||
client_max_body_size <%= @max_upload_size %>m;
|
||||
|
||||
# TODO
|
||||
# Use rate limiting (the zone is defined in
|
||||
# /etc/nginx/conf.d/rate_limiting.conf)
|
||||
# limit_req zone=per_ip burst=5000;
|
||||
|
||||
location = / {
|
||||
return 301 <%= @root_redirect_url %>;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
location @proxy {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header Host $http_host;
|
||||
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_buffering on;
|
||||
# Increase number of buffers. Default is 8
|
||||
proxy_buffers 1024 8k;
|
||||
|
||||
# Needed for big uploads
|
||||
proxy_read_timeout 180s;
|
||||
proxy_send_timeout 180s;
|
||||
|
||||
proxy_pass http://_<%= @app_name %>;
|
||||
|
||||
proxy_next_upstream error timeout http_502 http_500;
|
||||
}
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
}
|
|
@ -18,15 +18,8 @@ server {
|
|||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
||||
location /.well-known/lnurlp/ {
|
||||
location ~ ^/.well-known/(webfinger|nostr|lnurlp|keysend) {
|
||||
proxy_ssl_server_name on;
|
||||
rewrite /.well-known/lnurlp/([^/]+) /lnurlpay/$1@kosmos.org break;
|
||||
proxy_pass https://accounts.kosmos.org;
|
||||
}
|
||||
|
||||
location /.well-known/keysend/ {
|
||||
proxy_ssl_server_name on;
|
||||
rewrite /.well-known/keysend/([^/]+) /keysend/$1@kosmos.org break;
|
||||
proxy_pass https://accounts.kosmos.org;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
.vagrant
|
||||
*~
|
||||
*#
|
||||
.#*
|
||||
\#*#
|
||||
.*.sw[a-z]
|
||||
*.un~
|
||||
|
||||
# Bundler
|
||||
Gemfile.lock
|
||||
gems.locked
|
||||
bin/*
|
||||
.bundle/*
|
||||
|
||||
# test kitchen
|
||||
.kitchen/
|
||||
kitchen.local.yml
|
||||
|
||||
# Chef Infra
|
||||
Berksfile.lock
|
||||
.zero-knife.rb
|
||||
Policyfile.lock.json
|
||||
|
||||
.idea/
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
# liquor_cabinet CHANGELOG
|
||||
|
||||
This file is used to list changes made in each version of the liquor_cabinet cookbook.
|
||||
|
||||
## 0.1.0
|
||||
|
||||
Initial release.
|
|
@ -0,0 +1,21 @@
|
|||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2024 Kosmos Developers
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
|
@ -0,0 +1,6 @@
|
|||
# liquor_cabinet
|
||||
|
||||
Installs/configures the [Liquor Cabinet][1] [remoteStorage][2] API server.
|
||||
|
||||
[1]: https://gitea.kosmos.org/5apps/liquor-cabinet
|
||||
[2]: https://remotestorage.io
|
|
@ -0,0 +1,28 @@
|
|||
node.default['liquor-cabinet']['app_name'] = "liquor-cabinet"
|
||||
node.default['liquor-cabinet']['user'] = "deploy"
|
||||
node.default['liquor-cabinet']['group'] = "deploy"
|
||||
node.default['liquor-cabinet']['repo'] = 'https://gitea.kosmos.org/5apps/liquor-cabinet.git'
|
||||
node.default['liquor-cabinet']['revision'] = 'master'
|
||||
node.default['liquor-cabinet']['deploy_path'] = "/opt/#{node['liquor-cabinet']['app_name']}"
|
||||
node.default['liquor-cabinet']['redis_server_role'] = 'redis_server'
|
||||
node.default['liquor-cabinet']['redis_port'] = 6379
|
||||
node.default['liquor-cabinet']['redis_db'] = 1
|
||||
node.default['liquor-cabinet']['s3_endpoint'] = nil
|
||||
node.default['liquor-cabinet']['s3_region'] = nil
|
||||
node.default['liquor-cabinet']['s3_bucket'] = nil
|
||||
node.default['liquor-cabinet']['ufw_source_allowed'] = nil
|
||||
node.default['liquor-cabinet']['maintenance_mode_enabled'] = false
|
||||
node.default['liquor-cabinet']['ruby']['version'] = "3.1.4"
|
||||
node.default['liquor-cabinet']['rainbows'] = {
|
||||
'port' => 3000,
|
||||
'preload_app' => true,
|
||||
'timeout' => 60,
|
||||
'worker_processes' => node['cpu']['total'],
|
||||
'worker_connections' => 100,
|
||||
'client_header_buffer_size' => 1024,
|
||||
'client_max_body_size' => 104857600,
|
||||
'client_max_header_size' => 114688,
|
||||
'copy_stream' => 'IO',
|
||||
'keepalive_requests' => 100,
|
||||
'keepalive_timeout' => 5
|
||||
}
|
|
@ -0,0 +1,115 @@
|
|||
# Put files/directories that should be ignored in this file when uploading
|
||||
# to a Chef Infra Server or Supermarket.
|
||||
# Lines that start with '# ' are comments.
|
||||
|
||||
# OS generated files #
|
||||
######################
|
||||
.DS_Store
|
||||
ehthumbs.db
|
||||
Icon?
|
||||
nohup.out
|
||||
Thumbs.db
|
||||
.envrc
|
||||
|
||||
# EDITORS #
|
||||
###########
|
||||
.#*
|
||||
.project
|
||||
.settings
|
||||
*_flymake
|
||||
*_flymake.*
|
||||
*.bak
|
||||
*.sw[a-z]
|
||||
*.tmproj
|
||||
*~
|
||||
\#*
|
||||
REVISION
|
||||
TAGS*
|
||||
tmtags
|
||||
.vscode
|
||||
.editorconfig
|
||||
|
||||
## COMPILED ##
|
||||
##############
|
||||
*.class
|
||||
*.com
|
||||
*.dll
|
||||
*.exe
|
||||
*.o
|
||||
*.pyc
|
||||
*.so
|
||||
*/rdoc/
|
||||
a.out
|
||||
mkmf.log
|
||||
|
||||
# Testing #
|
||||
###########
|
||||
.circleci/*
|
||||
.codeclimate.yml
|
||||
.delivery/*
|
||||
.foodcritic
|
||||
.kitchen*
|
||||
.mdlrc
|
||||
.overcommit.yml
|
||||
.rspec
|
||||
.rubocop.yml
|
||||
.travis.yml
|
||||
.watchr
|
||||
.yamllint
|
||||
azure-pipelines.yml
|
||||
Dangerfile
|
||||
examples/*
|
||||
features/*
|
||||
Guardfile
|
||||
kitchen.yml*
|
||||
mlc_config.json
|
||||
Procfile
|
||||
Rakefile
|
||||
spec/*
|
||||
test/*
|
||||
|
||||
# SCM #
|
||||
#######
|
||||
.git
|
||||
.gitattributes
|
||||
.gitconfig
|
||||
.github/*
|
||||
.gitignore
|
||||
.gitkeep
|
||||
.gitmodules
|
||||
.svn
|
||||
*/.bzr/*
|
||||
*/.git
|
||||
*/.hg/*
|
||||
*/.svn/*
|
||||
|
||||
# Berkshelf #
|
||||
#############
|
||||
Berksfile
|
||||
Berksfile.lock
|
||||
cookbooks/*
|
||||
tmp
|
||||
|
||||
# Bundler #
|
||||
###########
|
||||
vendor/*
|
||||
Gemfile
|
||||
Gemfile.lock
|
||||
|
||||
# Policyfile #
|
||||
##############
|
||||
Policyfile.rb
|
||||
Policyfile.lock.json
|
||||
|
||||
# Documentation #
|
||||
#############
|
||||
CODE_OF_CONDUCT*
|
||||
CONTRIBUTING*
|
||||
documentation/*
|
||||
TESTING*
|
||||
UPGRADING*
|
||||
|
||||
# Vagrant #
|
||||
###########
|
||||
.vagrant
|
||||
Vagrantfile
|
|
@ -0,0 +1,37 @@
|
|||
---
|
||||
driver:
|
||||
name: dokken
|
||||
privileged: true # allows systemd services to start
|
||||
|
||||
provisioner:
|
||||
name: dokken
|
||||
|
||||
transport:
|
||||
name: dokken
|
||||
|
||||
verifier:
|
||||
name: inspec
|
||||
|
||||
platforms:
|
||||
# @see https://github.com/chef-cookbooks/testing_examples/blob/main/kitchen.dokken.yml
|
||||
# @see https://hub.docker.com/u/dokken
|
||||
- name: ubuntu-20.04
|
||||
driver:
|
||||
image: dokken/ubuntu-20.04
|
||||
pid_one_command: /bin/systemd
|
||||
intermediate_instructions:
|
||||
- RUN /usr/bin/apt-get update
|
||||
|
||||
- name: centos-8
|
||||
driver:
|
||||
image: dokken/centos-8
|
||||
pid_one_command: /usr/lib/systemd/systemd
|
||||
|
||||
suites:
|
||||
- name: default
|
||||
run_list:
|
||||
- recipe[liquor_cabinet::default]
|
||||
verifier:
|
||||
inspec_tests:
|
||||
- test/integration/default
|
||||
attributes:
|
|
@ -0,0 +1,12 @@
|
|||
name 'liquor_cabinet'
|
||||
maintainer 'Kosmos Developers'
|
||||
maintainer_email 'ops@kosmos.org'
|
||||
license 'MIT'
|
||||
description 'Installs/configures the Liquor Cabinet remoteStorage API server'
|
||||
version '0.1.0'
|
||||
chef_version '>= 18.2'
|
||||
issues_url 'https://gitea.kosmos.org/kosmos/chef/issues'
|
||||
# source_url 'https://gitea.kosmos.org/kosmos/chef'
|
||||
|
||||
depends 'firewall'
|
||||
depends "ruby_build"
|
|
@ -0,0 +1,139 @@
|
|||
#
|
||||
# Cookbook:: liquor_cabinet
|
||||
# Recipe:: default
|
||||
#
|
||||
|
||||
app_name = node['liquor-cabinet']['app_name']
|
||||
deploy_user = node[app_name]['user']
|
||||
deploy_group = node[app_name]['group']
|
||||
deploy_path = node[app_name]['deploy_path']
|
||||
credentials = Chef::EncryptedDataBagItem.load('credentials', app_name)
|
||||
|
||||
ruby_version = node[app_name]['ruby']['version']
|
||||
ruby_path = "/opt/ruby_build/builds/#{ruby_version}"
|
||||
bundle_path = "#{ruby_path}/bin/bundle"
|
||||
rack_env = node.chef_environment == "production" ? "production" : "development"
|
||||
|
||||
ruby_build_install 'v20231225'
|
||||
ruby_build_definition ruby_version do
|
||||
prefix_path ruby_path
|
||||
end
|
||||
|
||||
group deploy_group
|
||||
|
||||
user deploy_user do
|
||||
group deploy_group
|
||||
manage_home true
|
||||
shell "/bin/bash"
|
||||
end
|
||||
|
||||
directory deploy_path do
|
||||
owner deploy_user
|
||||
group deploy_group
|
||||
mode '0750'
|
||||
end
|
||||
|
||||
redis_server_role = node[app_name]['redis_server_role']
|
||||
redis_host = search(:node, "role:#{redis_server_role}").first['knife_zero']['host'] rescue nil
|
||||
if redis_host.nil?
|
||||
Chef::Log.warn("No node found with '#{redis_server_role}' role. Stopping here.")
|
||||
return
|
||||
end
|
||||
|
||||
git deploy_path do
|
||||
repository node[app_name]['repo']
|
||||
revision node[app_name]['revision']
|
||||
user deploy_user
|
||||
group deploy_group
|
||||
notifies :restart, "service[#{app_name}]", :delayed
|
||||
end
|
||||
|
||||
directory "#{deploy_path}/tmp" do
|
||||
owner deploy_user
|
||||
group deploy_group
|
||||
mode 0750
|
||||
end
|
||||
|
||||
execute "bundle install" do
|
||||
user deploy_user
|
||||
cwd deploy_path
|
||||
command "#{bundle_path} install --without development,test --deployment"
|
||||
end
|
||||
|
||||
template "#{deploy_path}/config.yml.erb" do
|
||||
source 'config.yml.erb'
|
||||
owner deploy_user
|
||||
group deploy_group
|
||||
mode '0600'
|
||||
sensitive true
|
||||
variables environment: rack_env,
|
||||
redis_host: redis_host,
|
||||
redis_port: node[app_name]['redis_port'],
|
||||
redis_db: node[app_name]['redis_db'],
|
||||
s3_endpoint: node[app_name]['s3_endpoint'],
|
||||
s3_region: node[app_name]['s3_region'],
|
||||
s3_bucket: node[app_name]['s3_bucket'],
|
||||
s3_access_key: credentials['s3_access_key'],
|
||||
s3_secret_key: credentials['s3_secret_key'],
|
||||
maintenance_mode_enabled: node[app_name]['maintenance_mode_enabled']
|
||||
# TODO sentry_dsn: credentials['sentry_dsn']
|
||||
notifies :restart, "service[#{app_name}]", :delayed
|
||||
end
|
||||
|
||||
directory '/etc/rainbows' do
|
||||
owner deploy_user
|
||||
group deploy_group
|
||||
mode '0750'
|
||||
end
|
||||
|
||||
template "/etc/rainbows/#{app_name}.rb" do
|
||||
source 'rainbows.rb.erb'
|
||||
owner deploy_user
|
||||
group deploy_group
|
||||
mode '0640'
|
||||
variables user: deploy_user,
|
||||
group: deploy_group,
|
||||
app_name: app_name,
|
||||
working_directory: deploy_path,
|
||||
config: node[app_name]['rainbows']
|
||||
notifies :restart, "service[#{app_name}]", :delayed
|
||||
end
|
||||
|
||||
systemd_unit "#{app_name}.service" do
|
||||
content({
|
||||
Unit: {
|
||||
Description: "Liquor Cabinet remoteStorage HTTP API",
|
||||
Documentation: ["https://gitea.kosmos.org/5apps/liquor-cabinet"],
|
||||
After: "syslog.target network.target"
|
||||
},
|
||||
Service: {
|
||||
Type: "simple",
|
||||
User: deploy_user,
|
||||
WorkingDirectory: deploy_path,
|
||||
Environment: "RACK_ENV=#{rack_env}",
|
||||
ExecStart: "#{bundle_path} exec rainbows -c /etc/rainbows/#{app_name}.rb -E #{rack_env}",
|
||||
PIDFile: "#{deploy_path}/tmp/rainbows.pid",
|
||||
TimeoutSec: "10",
|
||||
Restart: "on-failure",
|
||||
},
|
||||
Install: {
|
||||
WantedBy: "multi-user.target"
|
||||
}
|
||||
})
|
||||
verify false
|
||||
triggers_reload true
|
||||
action [:create, :enable]
|
||||
end
|
||||
|
||||
service app_name do
|
||||
action [:enable, :start]
|
||||
end
|
||||
|
||||
if node[app_name]['ufw_source_allowed']
|
||||
firewall_rule app_name do
|
||||
command :allow
|
||||
protocol :tcp
|
||||
port node[app_name]['rainbows']['port']
|
||||
source node[app_name]['ufw_source_allowed']
|
||||
end
|
||||
end
|
|
@ -0,0 +1,12 @@
|
|||
<%= @environment %>:
|
||||
maintenance: <%= @maintenance_mode_enabled %>
|
||||
redis:
|
||||
host: <%= @redis_host %>
|
||||
port: <%= @redis_port %>
|
||||
db: <%= @redis_db %>
|
||||
s3:
|
||||
endpoint: <%= @s3_endpoint %>
|
||||
region: <%= @s3_region %>
|
||||
bucket: <%= @s3_bucket %>
|
||||
access_key_id: <%= @s3_access_key %>
|
||||
secret_key_id: <%= @s3_secret_key %>
|
|
@ -0,0 +1,32 @@
|
|||
##
|
||||
# Rainbows config at /etc/rainbows/<%= @app_name %>.rb
|
||||
# Managed by Chef - Local changes will be overwritten by Chef runs
|
||||
##
|
||||
|
||||
# What ports/sockets to listen on, and what options for them.
|
||||
listen "<%= @config['port'] %>", { tcp_nodelay: true, backlog: 100 }
|
||||
|
||||
# What the timeout for killing busy workers is, in seconds
|
||||
timeout <%= @config['timeout'] %>
|
||||
|
||||
# Whether the app should be pre-loaded
|
||||
preload_app <%= @config['preload_app'] %>
|
||||
|
||||
# How many worker processes
|
||||
worker_processes <%= @config['worker_processes'] %>
|
||||
|
||||
# Run forked children as specified user/group
|
||||
user "<%= @user %>", "<%= @group %>"
|
||||
|
||||
pid "<%= @working_directory %>/tmp/rainbows.pid"
|
||||
|
||||
Rainbows! do
|
||||
use :ThreadSpawn
|
||||
client_header_buffer_size <%= @config['client_header_buffer_size'] %>
|
||||
client_max_body_size <%= @config['client_max_body_size'] %>
|
||||
client_max_header_size <%= @config['client_max_header_size'] %>
|
||||
copy_stream <%= @config['copy_stream'] %>
|
||||
keepalive_requests <%= @config['keepalive_requests'] %>
|
||||
keepalive_timeout <%= @config['keepalive_timeout'] %>
|
||||
worker_connections <%= @config['worker_connections'] %>
|
||||
end
|
Loading…
Reference in New Issue