Merge branch 'master' into feature/25-ipfs_cluster

2018-10-26 16:46:44 +02:00 · 2018-10-26 16:46:44 +02:00 · 4a42fc4ae3
commit 4a42fc4ae3
parent 1f528a832d 4dff379065
12 changed files with 105 additions and 40 deletions
--- a/data_bags/credentials/5apps_schlupp_xmpp.json
+++ b/data_bags/credentials/5apps_schlupp_xmpp.json
@ -1,44 +1,50 @@
 {
  "id": "5apps_schlupp_xmpp",
  "password": {
-    "encrypted_data": "vdpA+JHaQryqZcoFkEdny7+InZDz99xV8iu/LKU8YGFBYXdWXts4sfH4WyVg\nbTfM\n",
-    "iv": "WHfrC1kzs6/xKXwuwlwPqw==\n",
+    "encrypted_data": "PoT+Wn5X9/509Rt2XVHrvBk8khF9cbxluwQlgHI/PVSLWZ+JlcnvO1YF0xal\ng0hd\n",
+    "iv": "kJPRQDvdPT0V9bHQeV/lrA==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  },
  "webhook_token": {
-    "encrypted_data": "9Ir6EU4vbA49+L0zUxaEBxSCF7Wzx20/vg40YSM6hVrH2Mg7ZF5bprdni4mP\n1KmI\n",
-    "iv": "6g9kOLaeb1cmhp7wlC1XPg==\n",
+    "encrypted_data": "Gg4/3dSVtWmXq/Ce5fCDg+4AKPPjy90CI0Lp7DnPV4R+j+T467LEYYtgp038\nplyi\n",
+    "iv": "FEhVZWtxFt85DeJcp2E6jA==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  },
  "rs_logger_token": {
-    "encrypted_data": "KRwgLSHbfwiLMI4sV9ZWP5VnT/kWFe89WGbsYLYAPSseOYFrvH+YEH0A1sB/\nS6aafrCsK+q5WawLSmfTg8DOtw==\n",
-    "iv": "5asejj0oTTKWVgDdpBmbmg==\n",
-    "version": 1,
-    "cipher": "aes-256-cbc"
-  },
-  "rs_ops_token": {
-    "encrypted_data": "GkfRyCO6Ctj2Tls4HFOTHt/y+3a6rrd84+siDr6c8+1ydsOT7vA+hDP7fHvq\nU8JnDca/Pd7yRMLACV4fdY0dQQ==\n",
-    "iv": "ES0LLnsEaC2SgHr7Rv1wFw==\n",
+    "encrypted_data": "5S6I1cenYT2qTvjtuXlgIestyI6tHcPzKw6Hvwe9b7tZ3tHF2j8gsCfqCPQR\nx3xhRJnH4PyhVkbCzr6dApNNZA==\n",
+    "iv": "GWtGG5jqapw65Oes4zG4Xw==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  },
  "deploy_key": {
-    "encrypted_data": "JuNDHLnOVwMUCvjkFVheR8eb+8gCqKe/eywGjppdLwAgHQdJlnMeqbyGDTes\njJeuildjKXrsuSfcMO+JP4Q53ZrL3V7pAHKHC3Ck7y9DZ78cZNgdJazsm/Ov\niQ++ZjZTDXFJLi8X9IwI9W4O+gAxycyA3C17Jtr1M/2EHHLBB/K/WvCzRIAi\ncCeOxPMCa5bwaeVXj5z1FRYezhbGIGyF/ddXU1knSwtxk0zRT3FhRcOVj/iw\n6nx5c+YEf38Qg+jM7IEi60wgBeT1g6U5jARKUN3GUR3chtDI43KKFB0h0nlv\nnNc/p/FXk6XeGebrdJElSbCiH0bH1E/KHicP7jCTARVuyx67WZRHAEzEuVbd\nUtbHy+KF0eqTVKuLABQaiqpiGjlYi+4xlr4NwKwqzfo7qGYUNn2JJ4lLicyW\nBbf+jxYBRt4g9+NtSiAdtA7y5/o3GKMMzDxs+H6H2yrFnXLlpzk/1fXT+Vmg\nxPQ3rPW2FsPTFmuRr9QtbjSfKtIyyrUC8lGWJHR4T6fEe1TDVDASs80e15Cx\nKyKoJzToIGi4iXwproDsEyWH9gIutNuhT7Qerg+gJVFpid4k6Iqugt4sNrGH\nV68MNt5mHihsGCeZO0YTl6b/kvk63rcbl1jBqA7iayfjuKekM3p5Dmp6tbpA\nluF+hHC0vdUFyFHB4keW8a4FlsQxyOAlSxNxkKXaeHgssd7pouHN/KdlrWax\nZGxOclGMqARqa3VzExgEGFaavSBB+4eHfECHgYGeREXYREDzr7ZrDcLGOh2J\nd+NiP+rb9zut61qPdRanZQV3KuA2iRBo+kDLxFaPAgHvVjeEOVRga1P8zJXE\n3gwqAbZUWOd9jkl8XtDGHM2lmLxiqv2LPhU2VubCJWWFhzfOLjntbPqeLLKC\nq+9ddzpxyJb7+0PEpMX/J+kEh5aQVlPgxnCZzPFf+Hj+I083tWxIqwD+lujN\nQduZ2GaF56/i2bRCIE5nfrcQf05OLIhb+BZkMw9haW850Jf/b3doVyyekyVw\nJxMY8qDZB9YcvrPrFmdThTkPDMiZOCTu5k18YNl4trqtv20S6+J2sMvN3FjE\n0LkqDTy3jYlH6cis7aiZhpQi9zusCczQepBOnBrqCfiVKkNeGmoXCFl0DYc3\nwYUZyluFGB3bkc97T9uOn1n6arHs/0O2yXWk5AZIiExf0NS/bcOGMJeeIByr\nK3NLWPdLK280AqzRqjg7ZeO3iD2HUfRpjU5MXiTau/5ttKoNIwgKjDVzSOvi\nB850ph4l6owXmQz14/JQrAWLswyLL37euK2FYtPMGEqzBdwg+lwWQK4nDw17\n9pN/3yBlPDC5NAfi51C9vEyxDuchAoekeXIjEQauSaxelDH7m+4ytKcR8P1Y\nGqlrxax+6SpA//JHvqzJcgfX/G7FwSE1WB7jES2jVo8jQJN+y15ZRglPCkAl\nISSR6pEug50nmmKK02S1jtGjRS5r/rzZh4ZIWUwMBX0lxcXyYEoEDjZptTF6\n6iOkgwr1EC4s2XujcOOoj0EUmGfdS5EFDakymmM8T/xOGZ4/HzVjlXC5y0ZE\nrbhwJ2DhYQgmLSe3Ih8xSKxbmVdNCU5nzm9A4EB2FvFac244CfRcbGeTz9HA\nRKi7Kf3HLcSWMYJm4W+Dz88Kl8R3b4vTVmfy6BZevBnO8dleCeAh0Me6DWaq\nJM6jRsABxxuF/hpaLf0kDYbfkdoDvpxHcVkFNqYnSfM0JP969nRyb+kRnUCJ\npVKYGUVKvo3xgOFgK7qV/d/MP6GCu8H9LG6CEdBRnC9Ahof5RBuJIzlntqwo\nIjq33pfdJaVXbuAUyTBekzsYbQtlo0kzUxBNt3hFnK7MbEKhlXbMjqmn/JA5\nbcKc2IpMrAaX5FC88k5OgJKl7OObDyuKMEZI7lSR/iV0wIWpJEW8sFZtchEc\njcp17jD+n5MlJ9ezm9Bm2/XBCDcy46kPG4hsXZ/RbRJ5x349xp0VimLr0lVB\ni83eyPeM8LnTKNmoxk8b+q0GXzefJZJBePtI6hZkmtKTxkzLmORaOUYYUV/A\nJy7vdgktl6G9qGPl3q16eGLBv8Is/0iOvSUhKsF21Zd0rO3plhCP4g67iT6R\np00ANOPqpkDIksNrpBPeM5DBpxAn1I4t1XejL3AIgyHI9zJZ34JymkFLL9OR\n+Ar8e3PXrDSdlYqBF8GZYYsjOoCxLthZXMvhaubT8Z1B4KrKHdYYRBoJ2A+0\nxhcpfPBHSz/KQPR+zOGU11acCD8lcNHv+Bn2J/mbjqKqth8PmZijtzSE+52t\nNirK6cK/bWZzRjN/W6nJ9PrO\n",
-    "iv": "JSVBvNn1cvdCQYAAFv1f4g==\n",
+    "encrypted_data": "8nvIpT8zGVbs0JZvcDD8CPhdUVlZbwKBIbaXmnntKrCPun7iqMrixTIXN5Qu\nAlrhErok7bJ8SiHg8K6OTnLia2JcHHrWJ2CpdEjl1kUDNrtmaSq+CPgb2+RA\ngdD87k9eYUJW7DqQ89NNBCZGuaiR6FO2Bz2Q0tCTXGzeauBO+3P0YrqZfMZX\nzpozAGi5GdFsTPKKT5AX/KpfP7CREsoXDDI6uJJ+1tWoOi0vbjIegCnfFUFS\niUHWeyv4yKMNKOAkk7cyZRbcDxkuHk4Q/148rzzE/Q0bQqpHiRjLNNxckw8i\nfAdGnSLv8VMWifroPmGfL992/k3/0XTrkttSLc+LZ+TGj/dq3LSTHiz3k16G\nmSmsRw1ckccmhAC//mAFjtI+mmqxQwO6mnl7PlXgo8040fQJModDP/xJledp\nvPrzUH1QWynn/MXTJDeK4IZB3LA/0CEwQoLqfNKCiJNERXNHG6/YxZVgiB9E\nrykXCvRxCcWLEv1pBoLDbDaODaqMVFcSq7Xlszv6lOvGI15Gy7wCD6/Ixb2W\n5Lsmv4bbgkU6vOQewUFC8PWJdKwhZSbXLvVnmCZ4y/I3zes2TGQ9AtJFDsR/\nhcL97PCNV82aiC3/RpqxDy7X8sMJIHEppz8NBcumW3npwXfDOGK8ewNB2hDM\nAqmN7jFbd3ySD+0el1rY9uODkhaR+d8KUy4VfL+WTtSFUjT6oxm736n/MYXA\ngzEXllmg/kTzleuzi2caJyAMJEHauBVfAbaPFwHxFfxAb7ALDhGujGpglL0Y\na3nFd0chPcHGQ8vkqQIHwn6s1lz2I+4CEt08w4a4PNk66sqm6+t3WHRac/Jz\nb3BIVIAUCLgQ1DXbiIMr/3EHDSC5J7QW6BSmCH46QalNw33wHLY2Zv3mA4kB\nb0O9Niv5lMIuqkt89o/Jb1B/dDZCw+v6NNSp0ltYnfnSiAJrxMI4IE/zjrrp\nmDEW56HbOwflX4kaUQSscgaFMIKIQDz/mYmsDd/nxbf/PBYzp6cbz/3lvNUW\ntc2Grr2LcSZaVOwj8TmQxuk9QT/5de+kdUmj4X+bt8Ibg0jCZ94AqTIM09le\nB88n2yfTz2KhZkS2tTC18FkrMcbrK5lEK92HWSmePKOZr2Hl3G3QzEMjPyQi\nXJgZOHzKts8TPxUcEYr4dgsFC3V0LOwNUJuNAtN9F8gKUjYkgKinXWmw4YG2\nm006PEDLQqwpIPbyOKuaPRMSZOW20tVic4Rq0uAmAcXGUxnsAas378YI0Dtq\nfalD3lu+3cOQacP5ZrnJ/QW/V//s9o+w9o2n81gtBXP//7nT1pkbskyRQEy5\nfQCcOKuHogMP6sl2sP3IqrhyPVo5zG3OAGJNP7iouFYwbX3B1+ncA97XZNvd\ng1iw9ybSEuIrx6lsIsn5zVGqmwJFP+hYK3+PY+PAjAKT5Y+1UzRGaDB/87tU\n5avjgNhnYiGFYwjwrdvG/Wzbx27kW8a5fUwhwvDI5SURYrFaE8rKIkvbAQQY\nS+d3RKu2/p9m+6A4UyU8+px10GE6sm1qjV6kBWlS7sIyIsbGYbzbbFq05Afx\nT5ph5SzO7Aa44cWDhH/Bdno7mEXqOEAYP8dXMq3q9/IlGqy8P/oVsM8X7jcZ\neOTV9jC2oLpckY4mAFKJ31AJ6BiG/jsheZQY8d29hTpzauK9qo7mDAZwem50\n3x4pTLdRNDbSCOEALsNvGtmZr2UgVXCteMO0CFi7uPy5cU4e39D0/wBJ4/mT\nnVGX8aiAPBSOeoUcWg9qEzTums6ctSMluIHrafuxn6pJR6h0y8kh2oy3KiUE\nN1x4J/aXe3WYzBPoBDw60rnLht4XHXAWueK8mGLTC5vZstamvgDNXREL1aM3\nWDcfLleer9Rbde784Kpa6x5QgYcTV51ecPVnYweugFgLIVQNkEBbAn4V84HX\nK4XcOo4tJy+f4P3tAgIE9CoLd7Q9V8yuZplw20LykecuzBOCaP4um4KSLlTn\nTp5NwKU1ijQ5nefEeMbESJ9TFBxH8K6Y7EUUBBGNCJ3LlNbpsawCtrMgKqMh\n0kP2geQwf7ARBwWa3MHdebL0FUUaQjpGKOxJ2PtEI3t2vQmzr7go1fpVOmeJ\n3dDI1ecLpd7VelQlJVT1nKv+07aHPdSE1+hMZi8CVARCAEyOqufEs+KcHeHK\nhUI9cjjqy3kXrBR1Gw7jMUvbfTqfrV3oo+RqNorF+6ZyFtkivKih2POMHRjS\njHY7ag0sQYYe/O5DLhR9WIIhxkKMKYed8mywTEg0YWAxBCXUIl9M+GH6T7WU\n8Ajg3k1paLzi09ypwLVWOzq+\n",
+    "iv": "//Oik8zYVxlYLCJ/5zk2Jw==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  },
  "airtable_api_key": {
-    "encrypted_data": "WOQ/IJwVSiu5cUumLZcBE5dyKCxojHpBVFEVFcWax9jHvcLgIz2d7U/X1XeI\nZJ6W\n",
-    "iv": "67fXeOD2OTRhWeG5YsqdRg==\n",
+    "encrypted_data": "qDEztKIUYN6qU6dAbXi7leapA/+fK0beTZpEvFxvP9+0IrfSQ0mjagIU33ne\nkM/Y\n",
+    "iv": "MdfLft5aSoC/yzZe7BRCyg==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  },
  "github_token": {
-    "encrypted_data": "KDZ3TzVjX05aeL9dyCeIuEa3XpItIduovEpEu+eDRA+eyCW1Yg5mdBARLoqO\n8elA0sO9EYrxJAo/o6tE+rLmFw==\n",
-    "iv": "BXflyLpEh5eZtiU1pEJPzA==\n",
+    "encrypted_data": "Rp1icQX6fbE8WImrY3NxkLcq10+CcCOG0nSED3ALtVaiY9gXtLb4mEPhgz6B\nqepZ5bG35W08ORxjBskpPudKMQ==\n",
+    "iv": "9JTZWHikvB9+dfyht5UYmQ==\n",
+    "version": 1,
+    "cipher": "aes-256-cbc"
+  },
+  "aws_access_key_id": {
+    "encrypted_data": "J7sNPOtA+lzj+7FjZlneadNcLZxBGz2x1JNeX0j0Rl/pSU7QZCaPFy8KCGj+\nIh8v\n",
+    "iv": "K29ZdZdSAd+yJS8yNxkjpg==\n",
+    "version": 1,
+    "cipher": "aes-256-cbc"
+  },
+  "aws_secret_access_key": {
+    "encrypted_data": "UFLVmj81LAMZheItVvEioQhecPYXLU9tzQVRFLOO1NKZLRK6oDNDPbvey5vO\ndzw1UiGD6LcrAFRPDYuwsQrteg==\n",
+    "iv": "RCSCMBxVC8oF02R3l2ASxg==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  }
--- a/doc/ejabberd.md
+++ b/doc/ejabberd.md
@ -0,0 +1,17 @@
+# ejabberd
+
+The kosmos.org XMPP server is running on Andromeda
+
+[ejabberdctl reference](https://docs.ejabberd.im/admin/guide/managing/#ejabberdctl-commands)
+
+## Create a user account
+
+    sudo /opt/ejabberd-18.06/bin/ejabberdctl register username kosmos.org password
+
+## Change a user's password
+
+    sudo /opt/ejabberd-18.06/bin/ejabberdctl change_password username kosmos.org new_password
+
+## List users
+
+    sudo /opt/ejabberd-18.06/bin/ejabberdctl registered_users kosmos.org
--- a/doc/letsencrypt_acme_sh.md
+++ b/doc/letsencrypt_acme_sh.md
@ -0,0 +1,24 @@
+# Getting LE certs via auto DNS config
+
+This is helpful when getting certs for domains which are scattered across
+machines/IPs. The [acme.sh](https://github.com/Neilpang/acme.sh) script will
+automatically configure DNS TXT records for LE to verify, instead of relying on
+Web requests to the machine.
+
+We need to automate this in a cookbook.
+
+## Steps
+
+Export Gandi Live DNS API key:
+
+    export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfk"
+
+Run acme.sh like this:
+
+    acme.sh --issue --dns dns_gandi_livedns -d kosmos.org -d xmpp.kosmos.org -d chat.kosmos.org
+
+## ejabberd
+
+ejabberd needs the key and fullchain files concatenated:
+
+    cat /home/basti/.acme.sh/kosmos.org/kosmos.org.key /home/basti/.acme.sh/kosmos.org/fullchain.cer >> conf/kosmos.org.pem
--- a/nodes/dev.kosmos.org.json
+++ b/nodes/dev.kosmos.org.json
@ -9,7 +9,6 @@
    "5apps-xmpp_server",
    "5apps-hubot::xmpp_schlupp",
    "5apps-hubot::xmpp_botka",
-    "kosmos-ipfs",
    "kosmos-mastodon",
    "kosmos-mastodon::nginx"
  ],
--- a/site-cookbooks/5apps-hubot/recipes/xmpp_schlupp.rb
+++ b/site-cookbooks/5apps-hubot/recipes/xmpp_schlupp.rb
@ -94,10 +94,11 @@ application schlupp_xmpp_path do
                     "HUBOT_RSS_HEADER"            => "Update:",
                     "HUBOT_AUTH_ADMIN"            => "basti,garret,greg",
                     "REDIS_URL"                   => "redis://localhost:6379/5apps_schlupp_xmpp",
-                     "RS_OPS_TOKEN"                => schlupp_xmpp_data_bag_item['rs_ops_token'],
                     "WEBHOOK_TOKEN"               => schlupp_xmpp_data_bag_item['webhook_token'],
                     "AIRTABLE_API_KEY"            => schlupp_xmpp_data_bag_item['airtable_api_key'],
-                     "GITHUB_TOKEN"                => schlupp_xmpp_data_bag_item['github_token'] }
+                     "GITHUB_TOKEN"                => schlupp_xmpp_data_bag_item['github_token'],
+                     "AWS_ACCESS_KEY_ID"           => schlupp_xmpp_data_bag_item['aws_access_key_id'],
+                     "AWS_SECRET_ACCESS_KEY"       => schlupp_xmpp_data_bag_item['aws_secret_access_key'] }
    )

    notifies :run, "execute[systemctl daemon-reload]", :delayed
--- a/site-cookbooks/backup/attributes/default.rb
+++ b/site-cookbooks/backup/attributes/default.rb
@ -26,6 +26,11 @@ set_unless["backup"]["mysql"]["databases"] = []
 set_unless["backup"]["mysql"]["username"]  = "root"
 set_unless["backup"]["mysql"]["host"]      = "localhost"

+# PostgreSQL default settings
+set_unless["backup"]["postgresql"]["databases"] = []
+set_unless["backup"]["postgresql"]["host"]      = "localhost"
+set_unless["backup"]["postgresql"]["port"]      = 5432
+
 # Redis default settings
 set_unless["backup"]["redis"]["databases"]   = []
 set_unless["backup"]["redis"]["host"]        = "localhost"
--- a/site-cookbooks/backup/templates/default/backup.rb.erb
+++ b/site-cookbooks/backup/templates/default/backup.rb.erb
@ -17,7 +17,11 @@ KosmosBackup.new(:default, 'default backup') do
 <%- end -%>

 <%- if node["backup"]["postgresql"] -%>
-  database PostgreSQL
+<%- node["backup"]["postgresql"]["databases"].each do |db_name| -%>
+  database PostgreSQL, :"<%= db_name.to_sym %>" do |db|
+    db.name = "<%= db_name %>"
+  end
+<%- end -%>
 <%- end -%>

 <%- if node["mongodb"] -%>
--- a/site-cookbooks/backup/templates/default/config.rb.erb
+++ b/site-cookbooks/backup/templates/default/config.rb.erb
@ -45,15 +45,7 @@ Database::MySQL.defaults do |db|
 end
 <%- end -%>

-<%- if node["backup"]["mysql"] -%>
-Database::MySQL.defaults do |db|
-  db.host               = "<%= node["backup"]["mysql"]["host"] %>"
-  db.username           = "<%= node["backup"]["mysql"]["username"] %>"
-  db.password           = "<%= node["backup"]["mysql"]["password"] %>"
-  db.additional_options = ['--quick', '--single-transaction']
-end
-<%- end -%>
-
+<%- if node["backup"]["redis"] -%>
 Database::Redis.defaults do |db|
  db.host               = "<%= node["backup"]["redis"]["host"] %>"
  db.port               = 6379
@ -61,13 +53,14 @@ Database::Redis.defaults do |db|
  <%# db.password           = "my_password"%>
  <%# db.socket             = "/tmp/redis.sock"%>
 end
+<%- end -%>

 <%- if node["backup"]["postgresql"] -%>
 Database::PostgreSQL.defaults do |db|
  db.username           = "<%= node["backup"]["postgresql"]["username"] %>"
  db.password           = "<%= node["backup"]["postgresql"]["password"] %>"
  db.host               = "<%= node["backup"]["postgresql"]["host"] %>"
-  db.port               = 5432
+  db.port               = "<%= node["backup"]["postgresql"]["port"] %>"
  # db.socket             = "/var/run/postgresql/.s.PGSQL.5432"
  # When dumping all databases, `skip_tables` and `only_tables` are ignored.
  db.skip_tables        = []
--- a/site-cookbooks/kosmos-base/recipes/firewall.rb
+++ b/site-cookbooks/kosmos-base/recipes/firewall.rb
@ -22,6 +22,12 @@ firewall_rule 'mosh' do
  command  :allow
 end

+firewall_rule 'prosody_http_upload' do
+  port     5281
+  protocol :tcp
+  command  :allow
+end
+
 firewall_rule 'hubot_express_hal8000' do
  port     8080
  protocol :tcp
--- a/site-cookbooks/kosmos-mastodon/attributes/default.rb
+++ b/site-cookbooks/kosmos-mastodon/attributes/default.rb
@ -1,5 +1,6 @@
-node.default["kosmos-mastodon"]["directory"]      = "/opt/mastodon"
-node.default["kosmos-mastodon"]["puma_port"]      = 3000
-node.default["kosmos-mastodon"]["streaming_port"] = 4000
-node.default["kosmos-mastodon"]["server_name"]    = "kosmos.social"
-node.default["kosmos-mastodon"]["redis_url"]      = "redis://localhost:6379/1"
+node.default["kosmos-mastodon"]["directory"]       = "/opt/mastodon"
+node.default["kosmos-mastodon"]["puma_port"]       = 3000
+node.default["kosmos-mastodon"]["streaming_port"]  = 4000
+node.default["kosmos-mastodon"]["server_name"]     = "kosmos.social"
+node.default["kosmos-mastodon"]["redis_url"]       = "redis://localhost:6379/1"
+node.default["kosmos-mastodon"]["sidekiq_threads"] = 25
--- a/site-cookbooks/kosmos-mastodon/recipes/default.rb
+++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb
@ -154,7 +154,8 @@ application mastodon_path do
    source "mastodon-sidekiq.systemd.service.erb"
    variables user: user,
              app_dir: mastodon_path,
-              bundle_path: "/opt/ruby_build/builds/#{ruby_version}/bin/bundle"
+              bundle_path: "/opt/ruby_build/builds/#{ruby_version}/bin/bundle",
+              sidekiq_threads: node["kosmos-mastodon"]["sidekiq_threads"]
    notifies :run, "execute[systemctl daemon-reload]", :delayed
    notifies :restart, "service[mastodon-sidekiq]", :delayed
  end
@ -179,10 +180,18 @@ application mastodon_path do
  end
 end

+#
+# Backup
+#
+
 unless node.chef_environment == "development"
-  # Backup the database to S3
  node.override["backup"]["postgresql"]["host"]     = "localhost"
  node.override["backup"]["postgresql"]["username"] = "postgres"
  node.override["backup"]["postgresql"]["password"] = node['postgresql']['password']['postgres']
+  unless node["backup"]["postgresql"]["databases"].include? 'mastodon'
+    node.override["backup"]["postgresql"]["databases"] =
+      node["backup"]["postgresql"]["databases"].to_a << "mastodon"
+  end
+
  include_recipe "backup"
 end
--- a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb
+++ b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb
@ -10,7 +10,7 @@ WorkingDirectory=<%= @app_dir %>
 Environment="RAILS_ENV=production"
 Environment="DB_POOL=50"
 Environment="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.1"
-ExecStart=<%= @bundle_path %> exec sidekiq -c 5 -q default -q mailers -q pull -q push
+ExecStart=<%= @bundle_path %> exec sidekiq -c <%= @sidekiq_threads %> -q default -q mailers -q pull -q push
 TimeoutSec=15
 Restart=always