From e2a5262a39a61921c5a6ac6d548362a875c12afe Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 7 Jun 2018 12:29:05 +0200 Subject: [PATCH 01/10] Update IPFS, open its p2p port --- site-cookbooks/ipfs/attributes/default.rb | 4 ++-- site-cookbooks/ipfs/metadata.rb | 1 + site-cookbooks/ipfs/recipes/default.rb | 8 ++++++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/ipfs/attributes/default.rb b/site-cookbooks/ipfs/attributes/default.rb index 0e575cc..cc8fa5f 100644 --- a/site-cookbooks/ipfs/attributes/default.rb +++ b/site-cookbooks/ipfs/attributes/default.rb @@ -1,5 +1,5 @@ -node.default['ipfs']['version'] = "0.4.9" -node.default['ipfs']['checksum'] = "ae50c760f58548adc7c6dade4cf549059b6bc73ebc25ff4ea9fece06a15ac0a6" +node.default['ipfs']['version'] = "0.4.15" +node.default['ipfs']['checksum'] = "48a81cfc34d3a12c8563dbdfae8681be6e4d23c0664d6a192bc2758c4e4ef377" # Do not contact local network addresses. This will stop platforms like Hetzner # to block your server (https://github.com/ipfs/go-ipfs/issues/1226) node.default['ipfs']['config']['swarm']['addr_filter'] = '["/ip4/10.0.0.0/ipcidr/8","/ip4/100.64.0.0/ipcidr/10","/ip4/169.254.0.0/ipcidr/16","/ip4/172.16.0.0/ipcidr/12","/ip4/192.0.0.0/ipcidr/24","/ip4/192.0.0.0/ipcidr/29","/ip4/192.0.0.8/ipcidr/32","/ip4/192.0.0.170/ipcidr/32","/ip4/192.0.0.171/ipcidr/32","/ip4/192.0.2.0/ipcidr/24","/ip4/192.168.0.0/ipcidr/16","/ip4/198.18.0.0/ipcidr/15","/ip4/198.51.100.0/ipcidr/24","/ip4/203.0.113.0/ipcidr/24","/ip4/240.0.0.0/ipcidr/4"]' diff --git a/site-cookbooks/ipfs/metadata.rb b/site-cookbooks/ipfs/metadata.rb index 92e7b3e..bb1868c 100644 --- a/site-cookbooks/ipfs/metadata.rb +++ b/site-cookbooks/ipfs/metadata.rb @@ -9,3 +9,4 @@ version '0.1.0' supports %w(ubuntu debian) depends 'ark' +depends 'firewall' diff --git a/site-cookbooks/ipfs/recipes/default.rb b/site-cookbooks/ipfs/recipes/default.rb index ed48382..3aa72aa 100644 --- a/site-cookbooks/ipfs/recipes/default.rb +++ b/site-cookbooks/ipfs/recipes/default.rb @@ -7,6 +7,8 @@ # All rights reserved - Do Not Redistribute # +include_recipe 'firewall' + version = node["ipfs"]["version"] ark "ipfs" do @@ -72,6 +74,12 @@ else end end +firewall_rule 'ipfs_swarm_p2p' do + port 4001 + protocol :tcp + command :allow +end + # Configure ipfs to not contact local network addresses ipfs_config "Swarm.AddrFilters" do value node['ipfs']['config']['swarm']['addr_filter'] From 412c108dbce53915d8990ef872c3b9598b736475 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 28 Aug 2018 14:31:38 +0200 Subject: [PATCH 02/10] Add notes about getting LE certs using acme.sh --- doc/letsencrypt_acme_sh.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 doc/letsencrypt_acme_sh.md diff --git a/doc/letsencrypt_acme_sh.md b/doc/letsencrypt_acme_sh.md new file mode 100644 index 0000000..a2a5353 --- /dev/null +++ b/doc/letsencrypt_acme_sh.md @@ -0,0 +1,18 @@ +# Getting LE certs via auto DNS config + +This is helpful when getting certs for domains which are scattered across +machines/IPs. The [acme.sh](https://github.com/Neilpang/acme.sh) script will +automatically configure DNS TXT records for LE to verify, instead of relying on +Web requests to the machine. + +We need to automate this in a cookbook. + +## Steps + +Export Gandi Live DNS API key: + + export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfk" + +Run acme.sh like this: + + acme.sh --issue --dns dns_gandi_livedns -d kosmos.org -d xmpp.kosmos.org -d chat.kosmos.org From d20c0cf7f65e6f8a6349ecb8627197a961713185 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 29 Aug 2018 19:38:21 +0800 Subject: [PATCH 03/10] Add note about ejabberd cert --- doc/letsencrypt_acme_sh.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/letsencrypt_acme_sh.md b/doc/letsencrypt_acme_sh.md index a2a5353..c056d85 100644 --- a/doc/letsencrypt_acme_sh.md +++ b/doc/letsencrypt_acme_sh.md @@ -16,3 +16,9 @@ Export Gandi Live DNS API key: Run acme.sh like this: acme.sh --issue --dns dns_gandi_livedns -d kosmos.org -d xmpp.kosmos.org -d chat.kosmos.org + +## ejabberd + +ejabberd needs the key and fullchain files concatenated: + + cat /home/basti/.acme.sh/kosmos.org/kosmos.org.key /home/basti/.acme.sh/kosmos.org/fullchain.cer >> conf/kosmos.org.pem From e6a3460a2c3529fc6de6221dc397ca38bfe594bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Thu, 16 Aug 2018 17:37:10 +0200 Subject: [PATCH 04/10] Make the number of sidekiq threads configurable, bump to 25 --- site-cookbooks/kosmos-mastodon/attributes/default.rb | 11 ++++++----- site-cookbooks/kosmos-mastodon/recipes/default.rb | 3 ++- .../default/mastodon-sidekiq.systemd.service.erb | 2 +- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/site-cookbooks/kosmos-mastodon/attributes/default.rb b/site-cookbooks/kosmos-mastodon/attributes/default.rb index 88e323e..e2580ed 100644 --- a/site-cookbooks/kosmos-mastodon/attributes/default.rb +++ b/site-cookbooks/kosmos-mastodon/attributes/default.rb @@ -1,5 +1,6 @@ -node.default["kosmos-mastodon"]["directory"] = "/opt/mastodon" -node.default["kosmos-mastodon"]["puma_port"] = 3000 -node.default["kosmos-mastodon"]["streaming_port"] = 4000 -node.default["kosmos-mastodon"]["server_name"] = "kosmos.social" -node.default["kosmos-mastodon"]["redis_url"] = "redis://localhost:6379/1" +node.default["kosmos-mastodon"]["directory"] = "/opt/mastodon" +node.default["kosmos-mastodon"]["puma_port"] = 3000 +node.default["kosmos-mastodon"]["streaming_port"] = 4000 +node.default["kosmos-mastodon"]["server_name"] = "kosmos.social" +node.default["kosmos-mastodon"]["redis_url"] = "redis://localhost:6379/1" +node.default["kosmos-mastodon"]["sidekiq_threads"] = 25 diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb index 1d12473..baeb5b3 100644 --- a/site-cookbooks/kosmos-mastodon/recipes/default.rb +++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb @@ -154,7 +154,8 @@ application mastodon_path do source "mastodon-sidekiq.systemd.service.erb" variables user: user, app_dir: mastodon_path, - bundle_path: "/opt/ruby_build/builds/#{ruby_version}/bin/bundle" + bundle_path: "/opt/ruby_build/builds/#{ruby_version}/bin/bundle", + sidekiq_threads: node["kosmos-mastodon"]["sidekiq_threads"] notifies :run, "execute[systemctl daemon-reload]", :delayed notifies :restart, "service[mastodon-sidekiq]", :delayed end diff --git a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb index 02c97c3..1f5f491 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb @@ -10,7 +10,7 @@ WorkingDirectory=<%= @app_dir %> Environment="RAILS_ENV=production" Environment="DB_POOL=50" Environment="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.1" -ExecStart=<%= @bundle_path %> exec sidekiq -c 5 -q default -q mailers -q pull -q push +ExecStart=<%= @bundle_path %> exec sidekiq -c <%= @sidekiq_threads %> -q default -q mailers -q pull -q push TimeoutSec=15 Restart=always From 214e69427e865d584dd3fffcbe10e47dba0ae452 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 4 Sep 2018 14:10:39 +0800 Subject: [PATCH 05/10] Open up port for Prosody HTTP uploads --- site-cookbooks/kosmos-base/recipes/firewall.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/site-cookbooks/kosmos-base/recipes/firewall.rb b/site-cookbooks/kosmos-base/recipes/firewall.rb index 2aff21f..9d04716 100644 --- a/site-cookbooks/kosmos-base/recipes/firewall.rb +++ b/site-cookbooks/kosmos-base/recipes/firewall.rb @@ -22,6 +22,12 @@ firewall_rule 'mosh' do command :allow end +firewall_rule 'prosody_http_upload' do + port 5281 + protocol :tcp + command :allow +end + firewall_rule 'hubot_express_hal8000' do port 8080 protocol :tcp From 4bccf4dd887cc9746b438c99bf94bb75d0747a65 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 8 Sep 2018 12:54:51 +0800 Subject: [PATCH 06/10] Fix missing Mastodon/PosgreSQL backups The backup cookbook was incomplete, and also there was no database configured to be backed up. --- site-cookbooks/backup/attributes/default.rb | 5 +++++ .../backup/templates/default/backup.rb.erb | 6 +++++- .../backup/templates/default/config.rb.erb | 13 +++---------- site-cookbooks/kosmos-mastodon/recipes/default.rb | 10 +++++++++- 4 files changed, 22 insertions(+), 12 deletions(-) diff --git a/site-cookbooks/backup/attributes/default.rb b/site-cookbooks/backup/attributes/default.rb index 81b334d..7df43a5 100644 --- a/site-cookbooks/backup/attributes/default.rb +++ b/site-cookbooks/backup/attributes/default.rb @@ -26,6 +26,11 @@ set_unless["backup"]["mysql"]["databases"] = [] set_unless["backup"]["mysql"]["username"] = "root" set_unless["backup"]["mysql"]["host"] = "localhost" +# PostgreSQL default settings +set_unless["backup"]["postgresql"]["databases"] = [] +set_unless["backup"]["postgresql"]["host"] = "localhost" +set_unless["backup"]["postgresql"]["port"] = 5432 + # Redis default settings set_unless["backup"]["redis"]["databases"] = [] set_unless["backup"]["redis"]["host"] = "localhost" diff --git a/site-cookbooks/backup/templates/default/backup.rb.erb b/site-cookbooks/backup/templates/default/backup.rb.erb index 836fbc3..d844c20 100644 --- a/site-cookbooks/backup/templates/default/backup.rb.erb +++ b/site-cookbooks/backup/templates/default/backup.rb.erb @@ -17,7 +17,11 @@ KosmosBackup.new(:default, 'default backup') do <%- end -%> <%- if node["backup"]["postgresql"] -%> - database PostgreSQL +<%- node["backup"]["postgresql"]["databases"].each do |db_name| -%> + database PostgreSQL, :"<%= db_name.to_sym %>" do |db| + db.name = "<%= db_name %>" + end +<%- end -%> <%- end -%> <%- if node["mongodb"] -%> diff --git a/site-cookbooks/backup/templates/default/config.rb.erb b/site-cookbooks/backup/templates/default/config.rb.erb index 11c7814..2e10774 100644 --- a/site-cookbooks/backup/templates/default/config.rb.erb +++ b/site-cookbooks/backup/templates/default/config.rb.erb @@ -45,15 +45,7 @@ Database::MySQL.defaults do |db| end <%- end -%> -<%- if node["backup"]["mysql"] -%> -Database::MySQL.defaults do |db| - db.host = "<%= node["backup"]["mysql"]["host"] %>" - db.username = "<%= node["backup"]["mysql"]["username"] %>" - db.password = "<%= node["backup"]["mysql"]["password"] %>" - db.additional_options = ['--quick', '--single-transaction'] -end -<%- end -%> - +<%- if node["backup"]["redis"] -%> Database::Redis.defaults do |db| db.host = "<%= node["backup"]["redis"]["host"] %>" db.port = 6379 @@ -61,13 +53,14 @@ Database::Redis.defaults do |db| <%# db.password = "my_password"%> <%# db.socket = "/tmp/redis.sock"%> end +<%- end -%> <%- if node["backup"]["postgresql"] -%> Database::PostgreSQL.defaults do |db| db.username = "<%= node["backup"]["postgresql"]["username"] %>" db.password = "<%= node["backup"]["postgresql"]["password"] %>" db.host = "<%= node["backup"]["postgresql"]["host"] %>" - db.port = 5432 + db.port = "<%= node["backup"]["postgresql"]["port"] %>" # db.socket = "/var/run/postgresql/.s.PGSQL.5432" # When dumping all databases, `skip_tables` and `only_tables` are ignored. db.skip_tables = [] diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb index baeb5b3..f8ae051 100644 --- a/site-cookbooks/kosmos-mastodon/recipes/default.rb +++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb @@ -180,10 +180,18 @@ application mastodon_path do end end +# +# Backup +# + unless node.chef_environment == "development" - # Backup the database to S3 node.override["backup"]["postgresql"]["host"] = "localhost" node.override["backup"]["postgresql"]["username"] = "postgres" node.override["backup"]["postgresql"]["password"] = node['postgresql']['password']['postgres'] + unless node["backup"]["postgresql"]["databases"].include? 'mastodon' + node.override["backup"]["postgresql"]["databases"] = + node["backup"]["postgresql"]["databases"].to_a << "mastodon" + end + include_recipe "backup" end From 35772d16410a3b100a0fd3d50045f86861ce527b Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 8 Sep 2018 12:56:43 +0800 Subject: [PATCH 07/10] Remove IPFS role, because it's not just IPFS This recipe is trying to set up the entire public gateway for ipfs.kosmos.org, including getting an LE cert, which obviously fails on machines not hosting the domain. Setting up a public gateway should not be part of a default IPFS recipe. --- nodes/dev.kosmos.org.json | 1 - 1 file changed, 1 deletion(-) diff --git a/nodes/dev.kosmos.org.json b/nodes/dev.kosmos.org.json index 9c5c6f4..271ba1c 100644 --- a/nodes/dev.kosmos.org.json +++ b/nodes/dev.kosmos.org.json @@ -9,7 +9,6 @@ "5apps-xmpp_server", "5apps-hubot::xmpp_schlupp", "5apps-hubot::xmpp_botka", - "kosmos-ipfs", "kosmos-mastodon", "kosmos-mastodon::nginx" ], From 8da7ebbef0506bf85bf0cfc1c7b49bab0ce8c363 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Thu, 4 Oct 2018 18:56:05 +0200 Subject: [PATCH 08/10] Add initial docs for ejabberd --- doc/ejabberd.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 doc/ejabberd.md diff --git a/doc/ejabberd.md b/doc/ejabberd.md new file mode 100644 index 0000000..d67884a --- /dev/null +++ b/doc/ejabberd.md @@ -0,0 +1,17 @@ +# ejabberd + +The kosmos.org XMPP server is running on Andromeda + +[ejabberdctl reference](https://docs.ejabberd.im/admin/guide/managing/#ejabberdctl-commands) + +## Create a user account + + sudo /opt/ejabberd-18.06/bin/ejabberdctl register username kosmos.org password + +## Change a user's password + + sudo /opt/ejabberd-18.06/bin/ejabberdctl change_password username kosmos.org new_password + +## List users + + sudo /opt/ejabberd-18.06/bin/ejabberdctl registered_users kosmos.org From 293d1a8a8a5f613345e33032e695e1cfaf34355d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Thu, 4 Oct 2018 18:59:30 +0200 Subject: [PATCH 09/10] Fix formatting --- doc/ejabberd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/ejabberd.md b/doc/ejabberd.md index d67884a..a091d8e 100644 --- a/doc/ejabberd.md +++ b/doc/ejabberd.md @@ -14,4 +14,4 @@ The kosmos.org XMPP server is running on Andromeda ## List users - sudo /opt/ejabberd-18.06/bin/ejabberdctl registered_users kosmos.org + sudo /opt/ejabberd-18.06/bin/ejabberdctl registered_users kosmos.org From d236d138dc6d5d63c4d43c01a811e3de0481d744 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Fri, 26 Oct 2018 13:38:12 +0200 Subject: [PATCH 10/10] Set the S3 credentials to write the new oncall file --- data_bags/credentials/5apps_schlupp_xmpp.json | 42 +++++++++++-------- .../5apps-hubot/recipes/xmpp_schlupp.rb | 5 ++- 2 files changed, 27 insertions(+), 20 deletions(-) diff --git a/data_bags/credentials/5apps_schlupp_xmpp.json b/data_bags/credentials/5apps_schlupp_xmpp.json index 52b7adb..006dbac 100644 --- a/data_bags/credentials/5apps_schlupp_xmpp.json +++ b/data_bags/credentials/5apps_schlupp_xmpp.json @@ -1,44 +1,50 @@ { "id": "5apps_schlupp_xmpp", "password": { - "encrypted_data": "vdpA+JHaQryqZcoFkEdny7+InZDz99xV8iu/LKU8YGFBYXdWXts4sfH4WyVg\nbTfM\n", - "iv": "WHfrC1kzs6/xKXwuwlwPqw==\n", + "encrypted_data": "PoT+Wn5X9/509Rt2XVHrvBk8khF9cbxluwQlgHI/PVSLWZ+JlcnvO1YF0xal\ng0hd\n", + "iv": "kJPRQDvdPT0V9bHQeV/lrA==\n", "version": 1, "cipher": "aes-256-cbc" }, "webhook_token": { - "encrypted_data": "9Ir6EU4vbA49+L0zUxaEBxSCF7Wzx20/vg40YSM6hVrH2Mg7ZF5bprdni4mP\n1KmI\n", - "iv": "6g9kOLaeb1cmhp7wlC1XPg==\n", + "encrypted_data": "Gg4/3dSVtWmXq/Ce5fCDg+4AKPPjy90CI0Lp7DnPV4R+j+T467LEYYtgp038\nplyi\n", + "iv": "FEhVZWtxFt85DeJcp2E6jA==\n", "version": 1, "cipher": "aes-256-cbc" }, "rs_logger_token": { - "encrypted_data": "KRwgLSHbfwiLMI4sV9ZWP5VnT/kWFe89WGbsYLYAPSseOYFrvH+YEH0A1sB/\nS6aafrCsK+q5WawLSmfTg8DOtw==\n", - "iv": "5asejj0oTTKWVgDdpBmbmg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "rs_ops_token": { - "encrypted_data": "GkfRyCO6Ctj2Tls4HFOTHt/y+3a6rrd84+siDr6c8+1ydsOT7vA+hDP7fHvq\nU8JnDca/Pd7yRMLACV4fdY0dQQ==\n", - "iv": "ES0LLnsEaC2SgHr7Rv1wFw==\n", + "encrypted_data": "5S6I1cenYT2qTvjtuXlgIestyI6tHcPzKw6Hvwe9b7tZ3tHF2j8gsCfqCPQR\nx3xhRJnH4PyhVkbCzr6dApNNZA==\n", + "iv": "GWtGG5jqapw65Oes4zG4Xw==\n", "version": 1, "cipher": "aes-256-cbc" }, "deploy_key": { - "encrypted_data": "JuNDHLnOVwMUCvjkFVheR8eb+8gCqKe/eywGjppdLwAgHQdJlnMeqbyGDTes\njJeuildjKXrsuSfcMO+JP4Q53ZrL3V7pAHKHC3Ck7y9DZ78cZNgdJazsm/Ov\niQ++ZjZTDXFJLi8X9IwI9W4O+gAxycyA3C17Jtr1M/2EHHLBB/K/WvCzRIAi\ncCeOxPMCa5bwaeVXj5z1FRYezhbGIGyF/ddXU1knSwtxk0zRT3FhRcOVj/iw\n6nx5c+YEf38Qg+jM7IEi60wgBeT1g6U5jARKUN3GUR3chtDI43KKFB0h0nlv\nnNc/p/FXk6XeGebrdJElSbCiH0bH1E/KHicP7jCTARVuyx67WZRHAEzEuVbd\nUtbHy+KF0eqTVKuLABQaiqpiGjlYi+4xlr4NwKwqzfo7qGYUNn2JJ4lLicyW\nBbf+jxYBRt4g9+NtSiAdtA7y5/o3GKMMzDxs+H6H2yrFnXLlpzk/1fXT+Vmg\nxPQ3rPW2FsPTFmuRr9QtbjSfKtIyyrUC8lGWJHR4T6fEe1TDVDASs80e15Cx\nKyKoJzToIGi4iXwproDsEyWH9gIutNuhT7Qerg+gJVFpid4k6Iqugt4sNrGH\nV68MNt5mHihsGCeZO0YTl6b/kvk63rcbl1jBqA7iayfjuKekM3p5Dmp6tbpA\nluF+hHC0vdUFyFHB4keW8a4FlsQxyOAlSxNxkKXaeHgssd7pouHN/KdlrWax\nZGxOclGMqARqa3VzExgEGFaavSBB+4eHfECHgYGeREXYREDzr7ZrDcLGOh2J\nd+NiP+rb9zut61qPdRanZQV3KuA2iRBo+kDLxFaPAgHvVjeEOVRga1P8zJXE\n3gwqAbZUWOd9jkl8XtDGHM2lmLxiqv2LPhU2VubCJWWFhzfOLjntbPqeLLKC\nq+9ddzpxyJb7+0PEpMX/J+kEh5aQVlPgxnCZzPFf+Hj+I083tWxIqwD+lujN\nQduZ2GaF56/i2bRCIE5nfrcQf05OLIhb+BZkMw9haW850Jf/b3doVyyekyVw\nJxMY8qDZB9YcvrPrFmdThTkPDMiZOCTu5k18YNl4trqtv20S6+J2sMvN3FjE\n0LkqDTy3jYlH6cis7aiZhpQi9zusCczQepBOnBrqCfiVKkNeGmoXCFl0DYc3\nwYUZyluFGB3bkc97T9uOn1n6arHs/0O2yXWk5AZIiExf0NS/bcOGMJeeIByr\nK3NLWPdLK280AqzRqjg7ZeO3iD2HUfRpjU5MXiTau/5ttKoNIwgKjDVzSOvi\nB850ph4l6owXmQz14/JQrAWLswyLL37euK2FYtPMGEqzBdwg+lwWQK4nDw17\n9pN/3yBlPDC5NAfi51C9vEyxDuchAoekeXIjEQauSaxelDH7m+4ytKcR8P1Y\nGqlrxax+6SpA//JHvqzJcgfX/G7FwSE1WB7jES2jVo8jQJN+y15ZRglPCkAl\nISSR6pEug50nmmKK02S1jtGjRS5r/rzZh4ZIWUwMBX0lxcXyYEoEDjZptTF6\n6iOkgwr1EC4s2XujcOOoj0EUmGfdS5EFDakymmM8T/xOGZ4/HzVjlXC5y0ZE\nrbhwJ2DhYQgmLSe3Ih8xSKxbmVdNCU5nzm9A4EB2FvFac244CfRcbGeTz9HA\nRKi7Kf3HLcSWMYJm4W+Dz88Kl8R3b4vTVmfy6BZevBnO8dleCeAh0Me6DWaq\nJM6jRsABxxuF/hpaLf0kDYbfkdoDvpxHcVkFNqYnSfM0JP969nRyb+kRnUCJ\npVKYGUVKvo3xgOFgK7qV/d/MP6GCu8H9LG6CEdBRnC9Ahof5RBuJIzlntqwo\nIjq33pfdJaVXbuAUyTBekzsYbQtlo0kzUxBNt3hFnK7MbEKhlXbMjqmn/JA5\nbcKc2IpMrAaX5FC88k5OgJKl7OObDyuKMEZI7lSR/iV0wIWpJEW8sFZtchEc\njcp17jD+n5MlJ9ezm9Bm2/XBCDcy46kPG4hsXZ/RbRJ5x349xp0VimLr0lVB\ni83eyPeM8LnTKNmoxk8b+q0GXzefJZJBePtI6hZkmtKTxkzLmORaOUYYUV/A\nJy7vdgktl6G9qGPl3q16eGLBv8Is/0iOvSUhKsF21Zd0rO3plhCP4g67iT6R\np00ANOPqpkDIksNrpBPeM5DBpxAn1I4t1XejL3AIgyHI9zJZ34JymkFLL9OR\n+Ar8e3PXrDSdlYqBF8GZYYsjOoCxLthZXMvhaubT8Z1B4KrKHdYYRBoJ2A+0\nxhcpfPBHSz/KQPR+zOGU11acCD8lcNHv+Bn2J/mbjqKqth8PmZijtzSE+52t\nNirK6cK/bWZzRjN/W6nJ9PrO\n", - "iv": "JSVBvNn1cvdCQYAAFv1f4g==\n", + "encrypted_data": "8nvIpT8zGVbs0JZvcDD8CPhdUVlZbwKBIbaXmnntKrCPun7iqMrixTIXN5Qu\nAlrhErok7bJ8SiHg8K6OTnLia2JcHHrWJ2CpdEjl1kUDNrtmaSq+CPgb2+RA\ngdD87k9eYUJW7DqQ89NNBCZGuaiR6FO2Bz2Q0tCTXGzeauBO+3P0YrqZfMZX\nzpozAGi5GdFsTPKKT5AX/KpfP7CREsoXDDI6uJJ+1tWoOi0vbjIegCnfFUFS\niUHWeyv4yKMNKOAkk7cyZRbcDxkuHk4Q/148rzzE/Q0bQqpHiRjLNNxckw8i\nfAdGnSLv8VMWifroPmGfL992/k3/0XTrkttSLc+LZ+TGj/dq3LSTHiz3k16G\nmSmsRw1ckccmhAC//mAFjtI+mmqxQwO6mnl7PlXgo8040fQJModDP/xJledp\nvPrzUH1QWynn/MXTJDeK4IZB3LA/0CEwQoLqfNKCiJNERXNHG6/YxZVgiB9E\nrykXCvRxCcWLEv1pBoLDbDaODaqMVFcSq7Xlszv6lOvGI15Gy7wCD6/Ixb2W\n5Lsmv4bbgkU6vOQewUFC8PWJdKwhZSbXLvVnmCZ4y/I3zes2TGQ9AtJFDsR/\nhcL97PCNV82aiC3/RpqxDy7X8sMJIHEppz8NBcumW3npwXfDOGK8ewNB2hDM\nAqmN7jFbd3ySD+0el1rY9uODkhaR+d8KUy4VfL+WTtSFUjT6oxm736n/MYXA\ngzEXllmg/kTzleuzi2caJyAMJEHauBVfAbaPFwHxFfxAb7ALDhGujGpglL0Y\na3nFd0chPcHGQ8vkqQIHwn6s1lz2I+4CEt08w4a4PNk66sqm6+t3WHRac/Jz\nb3BIVIAUCLgQ1DXbiIMr/3EHDSC5J7QW6BSmCH46QalNw33wHLY2Zv3mA4kB\nb0O9Niv5lMIuqkt89o/Jb1B/dDZCw+v6NNSp0ltYnfnSiAJrxMI4IE/zjrrp\nmDEW56HbOwflX4kaUQSscgaFMIKIQDz/mYmsDd/nxbf/PBYzp6cbz/3lvNUW\ntc2Grr2LcSZaVOwj8TmQxuk9QT/5de+kdUmj4X+bt8Ibg0jCZ94AqTIM09le\nB88n2yfTz2KhZkS2tTC18FkrMcbrK5lEK92HWSmePKOZr2Hl3G3QzEMjPyQi\nXJgZOHzKts8TPxUcEYr4dgsFC3V0LOwNUJuNAtN9F8gKUjYkgKinXWmw4YG2\nm006PEDLQqwpIPbyOKuaPRMSZOW20tVic4Rq0uAmAcXGUxnsAas378YI0Dtq\nfalD3lu+3cOQacP5ZrnJ/QW/V//s9o+w9o2n81gtBXP//7nT1pkbskyRQEy5\nfQCcOKuHogMP6sl2sP3IqrhyPVo5zG3OAGJNP7iouFYwbX3B1+ncA97XZNvd\ng1iw9ybSEuIrx6lsIsn5zVGqmwJFP+hYK3+PY+PAjAKT5Y+1UzRGaDB/87tU\n5avjgNhnYiGFYwjwrdvG/Wzbx27kW8a5fUwhwvDI5SURYrFaE8rKIkvbAQQY\nS+d3RKu2/p9m+6A4UyU8+px10GE6sm1qjV6kBWlS7sIyIsbGYbzbbFq05Afx\nT5ph5SzO7Aa44cWDhH/Bdno7mEXqOEAYP8dXMq3q9/IlGqy8P/oVsM8X7jcZ\neOTV9jC2oLpckY4mAFKJ31AJ6BiG/jsheZQY8d29hTpzauK9qo7mDAZwem50\n3x4pTLdRNDbSCOEALsNvGtmZr2UgVXCteMO0CFi7uPy5cU4e39D0/wBJ4/mT\nnVGX8aiAPBSOeoUcWg9qEzTums6ctSMluIHrafuxn6pJR6h0y8kh2oy3KiUE\nN1x4J/aXe3WYzBPoBDw60rnLht4XHXAWueK8mGLTC5vZstamvgDNXREL1aM3\nWDcfLleer9Rbde784Kpa6x5QgYcTV51ecPVnYweugFgLIVQNkEBbAn4V84HX\nK4XcOo4tJy+f4P3tAgIE9CoLd7Q9V8yuZplw20LykecuzBOCaP4um4KSLlTn\nTp5NwKU1ijQ5nefEeMbESJ9TFBxH8K6Y7EUUBBGNCJ3LlNbpsawCtrMgKqMh\n0kP2geQwf7ARBwWa3MHdebL0FUUaQjpGKOxJ2PtEI3t2vQmzr7go1fpVOmeJ\n3dDI1ecLpd7VelQlJVT1nKv+07aHPdSE1+hMZi8CVARCAEyOqufEs+KcHeHK\nhUI9cjjqy3kXrBR1Gw7jMUvbfTqfrV3oo+RqNorF+6ZyFtkivKih2POMHRjS\njHY7ag0sQYYe/O5DLhR9WIIhxkKMKYed8mywTEg0YWAxBCXUIl9M+GH6T7WU\n8Ajg3k1paLzi09ypwLVWOzq+\n", + "iv": "//Oik8zYVxlYLCJ/5zk2Jw==\n", "version": 1, "cipher": "aes-256-cbc" }, "airtable_api_key": { - "encrypted_data": "WOQ/IJwVSiu5cUumLZcBE5dyKCxojHpBVFEVFcWax9jHvcLgIz2d7U/X1XeI\nZJ6W\n", - "iv": "67fXeOD2OTRhWeG5YsqdRg==\n", + "encrypted_data": "qDEztKIUYN6qU6dAbXi7leapA/+fK0beTZpEvFxvP9+0IrfSQ0mjagIU33ne\nkM/Y\n", + "iv": "MdfLft5aSoC/yzZe7BRCyg==\n", "version": 1, "cipher": "aes-256-cbc" }, "github_token": { - "encrypted_data": "KDZ3TzVjX05aeL9dyCeIuEa3XpItIduovEpEu+eDRA+eyCW1Yg5mdBARLoqO\n8elA0sO9EYrxJAo/o6tE+rLmFw==\n", - "iv": "BXflyLpEh5eZtiU1pEJPzA==\n", + "encrypted_data": "Rp1icQX6fbE8WImrY3NxkLcq10+CcCOG0nSED3ALtVaiY9gXtLb4mEPhgz6B\nqepZ5bG35W08ORxjBskpPudKMQ==\n", + "iv": "9JTZWHikvB9+dfyht5UYmQ==\n", + "version": 1, + "cipher": "aes-256-cbc" + }, + "aws_access_key_id": { + "encrypted_data": "J7sNPOtA+lzj+7FjZlneadNcLZxBGz2x1JNeX0j0Rl/pSU7QZCaPFy8KCGj+\nIh8v\n", + "iv": "K29ZdZdSAd+yJS8yNxkjpg==\n", + "version": 1, + "cipher": "aes-256-cbc" + }, + "aws_secret_access_key": { + "encrypted_data": "UFLVmj81LAMZheItVvEioQhecPYXLU9tzQVRFLOO1NKZLRK6oDNDPbvey5vO\ndzw1UiGD6LcrAFRPDYuwsQrteg==\n", + "iv": "RCSCMBxVC8oF02R3l2ASxg==\n", "version": 1, "cipher": "aes-256-cbc" } diff --git a/site-cookbooks/5apps-hubot/recipes/xmpp_schlupp.rb b/site-cookbooks/5apps-hubot/recipes/xmpp_schlupp.rb index 4018eca..f35ec1e 100644 --- a/site-cookbooks/5apps-hubot/recipes/xmpp_schlupp.rb +++ b/site-cookbooks/5apps-hubot/recipes/xmpp_schlupp.rb @@ -94,10 +94,11 @@ application schlupp_xmpp_path do "HUBOT_RSS_HEADER" => "Update:", "HUBOT_AUTH_ADMIN" => "basti,garret,greg", "REDIS_URL" => "redis://localhost:6379/5apps_schlupp_xmpp", - "RS_OPS_TOKEN" => schlupp_xmpp_data_bag_item['rs_ops_token'], "WEBHOOK_TOKEN" => schlupp_xmpp_data_bag_item['webhook_token'], "AIRTABLE_API_KEY" => schlupp_xmpp_data_bag_item['airtable_api_key'], - "GITHUB_TOKEN" => schlupp_xmpp_data_bag_item['github_token'] } + "GITHUB_TOKEN" => schlupp_xmpp_data_bag_item['github_token'], + "AWS_ACCESS_KEY_ID" => schlupp_xmpp_data_bag_item['aws_access_key_id'], + "AWS_SECRET_ACCESS_KEY" => schlupp_xmpp_data_bag_item['aws_secret_access_key'] } ) notifies :run, "execute[systemctl daemon-reload]", :delayed