Merge branch 'master' into feature/ubuntu-16.04

site-cookbooks/kosmos-base/metadata.rb

@@ -6,11 +6,11 @@ description      'The Kosmos base cookbook'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 version          '0.1.1'
 
-depends 'unattended-upgrades'
+depends 'apt'
 depends 'users'
 depends 'sudo'
 depends 'kosmos-postfix'
 depends 'hostname'
-depends 'ufw'
-depends 'omnibus_updater'
+depends 'firewall'
+depends 'chef_client_updater'
 depends 'timezone-ii'

site-cookbooks/kosmos-base/recipes/default.rb

@@ -7,19 +7,16 @@
 # All rights reserved - Do Not Redistribute
 #
 
+include_recipe 'apt'
 include_recipe 'timezone-ii'
 
-node.override['omnibus_updater']['version']              = '12.19.36'
-node.override['omnibus_updater']['kill_chef_on_upgrade'] = false
-include_recipe 'omnibus_updater'
+# Update chef to the chosen version
+chef_version = '12.19.36'
+chef_client_updater "Install #{chef_version}" do
+  version chef_version
+end
 
 package 'mailutils'
-node.override['unattended-upgrades']['admin_email'] = 'ops@5apps.com'
-include_recipe 'unattended-upgrades'
-
-package 'ruby2.1'
-package 'ruby2.1-dev'
-
 package 'mosh'
 
 # Searches data bag "users" for groups attribute "sysadmin".
@@ -29,6 +26,14 @@ users_manage 'sysadmin' do
   action [:remove, :create]
 end
 
+node.override['authorization']['sudo']['sudoers_defaults'] = [
+  # not default on Ubuntu, explicitely enable. Uses a minimal white list of
+  # environment variables
+  'env_reset',
+  # Send emails on unauthorized attempts
+  'mail_badpass',
+  'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"',
+]
 node.override['authorization']['sudo']['passwordless'] = true
 include_recipe 'sudo'
 

site-cookbooks/kosmos-base/recipes/firewall.rb

@@ -21,3 +21,21 @@ firewall_rule 'mosh' do
   protocol :udp
   command  :allow
 end
+
+firewall_rule 'hubot_express_hal8000' do
+  port     8080
+  protocol :tcp
+  command  :allow
+end
+
+firewall_rule 'hubot_express_botka_xmpp' do
+  port     8082
+  protocol :tcp
+  command  :allow
+end
+
+firewall_rule 'hubot_express_schlupp_xmpp' do
+  port     8083
+  protocol :tcp
+  command  :allow
+end

site-cookbooks/kosmos-base/recipes/letsencrypt.rb

@@ -10,7 +10,7 @@
 git "/usr/local/certbot" do
   repository "https://github.com/certbot/certbot"
   action     :sync
-  revision   "v0.12.0"
+  revision   "v0.13.0"
   user       "root"
   group      "root"
 end