kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Merge branch 'master' into feature/rskj_public_endpoint

Browse Source
This commit is contained in:
Greg
2021-12-02 17:07:47 +00:00
parent 584da20d3e 62d7998da8
commit 5ac53633cd
101 changed files with 5446 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
site-cookbooks/backup/recipes/default.rb
View File

@@ -32,6 +32,8 @@ gem_package 'backup' do
version '5.0.0.beta.2'
end
smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp')
backup_data = Chef::EncryptedDataBagItem.load('credentials', 'backup')
backup_dir = node["backup"]["dir"]
directory backup_dir
@@ -46,8 +48,12 @@ template "#{backup_dir}/config.rb" do
s3_secret_access_key: backup_data["s3_secret_access_key"],
s3_region: backup_data["s3_region"],
encryption_password: backup_data["encryption_password"],
mail_from: "backups@kosmos.org",
mail_to: "ops@5apps.com",
mail_from: "backups@kosmos.org"
mail_address: 'smtp.mailgun.org',
mail_domain: 'kosmos.org',
mail_user_name: smtp_credentials["user_name"],
mail_password: smtp_credentials["password"]
end
template "#{backup_dir}/models/default.rb" do

22
site-cookbooks/backup/templates/default/config.rb.erb
View File

@@ -6,6 +6,18 @@
# Documentation: http://backup.github.io/backup
# Issue Tracker: https://github.com/backup/backup/issues
#
# Monkey patch to not use deprecated key derivation scheme
# https://github.com/backup/backup/issues/949#issuecomment-589883577
#
module OpenSSLFixDeprecatedKeyDerivation
def options
super + ' -pbkdf2'
end
end
require 'backup/encryptor/open_ssl'
Backup::Encryptor::OpenSSL.prepend(OpenSSLFixDeprecatedKeyDerivation)
Storage::S3.defaults do |s3|
s3.access_key_id = "<%= @s3_access_key_id %>"
s3.secret_access_key = "<%= @s3_secret_access_key %>"
@@ -22,7 +34,13 @@ end
Notifier::Mail.defaults do |mail|
mail.from = "<%= node.name %> <<%= @mail_from %>>"
mail.to = "<%= @mail_to %>"
mail.delivery_method = :sendmail
mail.address = "<%= @mail_address %>"
mail.domain = "<%= @mail_domain %>"
mail.user_name = "<%= @mail_user_name %>"
mail.password = "<%= @mail_password %>"
mail.port = <%= @mail_port || 587 %>
mail.authentication = "<%= @mail_authentication || 'plain' %>"
mail.encryption = <%= @mail_encryption || ':starttls' %>
end
<%- if node["backup"]["mongodb"] -%>
@@ -75,7 +93,7 @@ preconfigure 'KosmosBackup' do
encrypt_with OpenSSL
notify_by Mail do |mail|
mail.on_success = false
mail.on_warning = false
mail.on_warning = true
mail.on_failure = true
end
end

2
site-cookbooks/kosmos-akkounts/metadata.rb
View File

@@ -14,5 +14,5 @@ depends "poise-ruby-build"
depends "application"
depends 'application_git'
depends "postgresql"
depends "kosmos-postgresql"
depends "kosmos_postgresql"
depends "backup"

5
site-cookbooks/kosmos-bitcoin/attributes/default.rb
View File

@@ -57,6 +57,11 @@ node.default['rtl']['revision'] = 'v0.11.0'
node.default['rtl']['host'] = '10.1.1.163'
node.default['rtl']['port'] = '3000'
node.default['lndhub']['repo'] = 'https://github.com/bumi/LndHub.git'
node.default['lndhub']['revision'] = 'master'
node.default['lndhub']['port'] = '3023'
node.default['lndhub']['domain'] = 'lndhub.kosmos.org'
node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb"
node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"

2
site-cookbooks/kosmos-bitcoin/metadata.rb
View File

@@ -20,6 +20,7 @@ chef_version '>= 14.0'
# source_url 'https://github.com/<insert_org_here>/kosmos-bitcoin'
depends 'ark'
depends 'backup'
depends 'git'
depends 'golang'
depends 'kosmos-nginx'
@@ -27,3 +28,4 @@ depends 'kosmos-nodejs'
depends 'firewall'
depends 'application_javascript'
depends 'tor-full'
depends 'redisio'

120
site-cookbooks/kosmos-bitcoin/recipes/lndhub.rb Normal file
View File

@@ -0,0 +1,120 @@
#
# Cookbook:: kosmos-bitcoin
# Recipe:: lndhub
#
include_recipe 'redisio::default'
include_recipe 'redisio::enable'
app_name = "lndhub"
app_dir = "/opt/#{app_name}"
lnd_dir = node['lnd']['lnd_dir']
bitcoin_user = node['bitcoin']['username']
bitcoin_group = node['bitcoin']['usergroup']
bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin')
application app_dir do
owner bitcoin_user
group bitcoin_group
git do
user bitcoin_user
group bitcoin_group
repository node['lndhub']['repo']
revision node['lndhub']['revision']
notifies :restart, "systemd_unit[lndhub.service]", :delayed
end
npm_install do
user bitcoin_user
end
link "#{app_dir}/admin.macaroon" do
to "#{lnd_dir}/data/chain/bitcoin/mainnet/admin.macaroon"
owner bitcoin_user
group bitcoin_group
end
link "#{app_dir}/tls.cert" do
to "#{lnd_dir}/tls.cert"
owner bitcoin_user
group bitcoin_group
end
template "#{app_dir}/config.js" do
source "lndhub.config.js.erb"
owner bitcoin_user
group bitcoin_group
mode '0600'
variables bitcoin_rpc_host: node['bitcoin']['conf']['rpcbind'],
bitcoin_rpc_user: node['bitcoin']['conf']['rpcuser'],
bitcoin_rpc_pass: bitcoin_credentials["rpcpassword"],
lnd_rpc_host: '127.0.0.1:10009'
notifies :restart, "systemd_unit[lndhub.service]", :delayed
end
systemd_unit 'lndhub.service' do
content({
Unit: {
Description: 'LND Hub',
Documentation: ['https://github.com/BlueWallet/LndHub'],
Requires: 'lnd.service',
After: 'lnd.service'
},
Service: {
User: bitcoin_user,
Group: bitcoin_group,
Type: 'simple',
Environment: "PORT=#{node['lndhub']['port']}",
WorkingDirectory: app_dir,
ExecStart: "/usr/bin/npm start",
Restart: 'always',
RestartSec: '30',
TimeoutSec: '120',
PrivateTmp: true,
ProtectSystem: 'full',
NoNewPrivileges: true,
PrivateDevices: true,
},
Install: {
WantedBy: 'multi-user.target'
}
})
verify false
triggers_reload true
action [:create, :enable, :start]
end
end
include_recipe 'firewall'
firewall_rule 'lndhub_private' do
port node['lndhub']['port'].to_i
source "10.1.1.0/24"
protocol :tcp
command :allow
end
unless node.chef_environment == "development"
include_recipe "kosmos-base::letsencrypt"
include_recipe "kosmos-nginx"
nginx_certbot_site node[app_name]['domain']
template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
source 'nginx_conf_lndhub.erb'
owner node["nginx"]["user"]
mode 0640
variables port: node[app_name]['port'],
server_name: node[app_name]['domain'],
ssl_cert: "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site node[app_name]['domain'] do
action :enable
end
node.override["backup"]["archives"]["lndhub"] = ["/var/lib/redis/dump-6379.rdb"]
include_recipe "backup"
end

21
site-cookbooks/kosmos-bitcoin/templates/lndhub.config.js.erb Normal file
View File

@@ -0,0 +1,21 @@
let config = {
enableUpdateDescribeGraph: false,
postRateLimit: 100,
rateLimit: 200,
forwardReserveFee: 0.01, // default 0.01
intraHubFee: 0.003, // default 0.003
bitcoind: {
rpc: 'http://<%= @bitcoin_rpc_user %>:<%= @bitcoin_rpc_pass %>@<%= @bitcoin_rpc_host %>/wallet/wallet.dat',
},
redis: {
port: 6379,
host: '127.0.0.1',
family: 4,
db: 0,
},
lnd: {
url: '<%= @lnd_rpc_host %>'
},
};
module.exports = config;

25
site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb Normal file
View File

@@ -0,0 +1,25 @@
#
# Generated by Chef
#
upstream _lndhub {
server localhost:<%= @port %>;
}
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
server {
listen 443 ssl http2;
server_name <%= @server_name %>;
add_header Strict-Transport-Security "max-age=15768000";
access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json;
error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
location / {
proxy_pass http://_lndhub;
}
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
}
<% end -%>

2
site-cookbooks/kosmos-ejabberd/Berksfile
View File

@@ -2,5 +2,5 @@
source 'https://supermarket.chef.io'
source chef_repo: ".."
cookbook "kosmos-postgresql", path: "../kosmos-postgresql"
cookbook "kosmos_postgresql", path: "../kosmos_postgresql"
metadata

2
site-cookbooks/kosmos-ejabberd/metadata.rb
View File

@@ -20,9 +20,9 @@ chef_version '>= 12.14' if respond_to?(:chef_version)
# source_url 'https://github.com/<insert_org_here>/kosmos-ejabberd'
depends "kosmos-base"
depends "kosmos-postgresql"
depends "kosmos-nginx"
depends "kosmos-dirsrv"
depends "kosmos_postgresql"
depends "backup"
depends "firewall"
depends "tor-full"

2
site-cookbooks/kosmos-mastodon/metadata.rb
View File

@@ -13,7 +13,7 @@ depends "poise-ruby-build"
depends "application"
depends "application_git"
depends "postgresql"
depends "kosmos-postgresql"
depends "kosmos_postgresql"
depends "backup"
depends "elasticsearch"
depends "tor-full"

5
site-cookbooks/kosmos-postgresql/CHANGELOG.md
View File

@@ -1,5 +0,0 @@
# kosmos-postgresql CHANGELOG
# 0.1.0
Initial release.

2
site-cookbooks/kosmos_gitea/metadata.rb
View File

@@ -20,5 +20,5 @@ chef_version '>= 14.0'
# source_url 'https://github.com/<insert_org_here>/kosmos_gitea'
depends "kosmos-nginx"
depends "kosmos-postgresql"
depends "kosmos_postgresql"
depends "backup"

25
site-cookbooks/kosmos_kvm/recipes/host.rb
View File

@@ -2,34 +2,13 @@
# Cookbook:: kosmos_kvm
# Recipe:: host
#
# The MIT License (MIT)
#
# Copyright:: 2020, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
package %w(virtinst libvirt-daemon-system)
directory "/var/lib/libvirt/images/base" do
recursive true
owner "libvirt-qemu"
group "root"
group "kvm"
mode "0750"
end
@@ -37,7 +16,7 @@ end
remote_file "/var/lib/libvirt/images/base/ubuntu-20.04-server-cloudimg-amd64-disk-kvm.qcow2" do
source "http://cloud-images.ubuntu.com/releases/focal/release/ubuntu-20.04-server-cloudimg-amd64-disk-kvm.img"
owner "libvirt-qemu"
group "root"
group "kvm"
mode "0640"
end

0
site-cookbooks/kosmos-postgresql/.gitignore → site-cookbooks/kosmos_postgresql/.gitignore vendored
View File

0
site-cookbooks/kosmos-postgresql/Berksfile → site-cookbooks/kosmos_postgresql/Berksfile
View File

5
site-cookbooks/kosmos_postgresql/CHANGELOG.md Normal file
View File

@@ -0,0 +1,5 @@
# kosmos_postgresql CHANGELOG
# 0.1.0
Initial release.

0
site-cookbooks/kosmos-postgresql/LICENSE → site-cookbooks/kosmos_postgresql/LICENSE
View File

2
site-cookbooks/kosmos-postgresql/README.md → site-cookbooks/kosmos_postgresql/README.md
View File

@@ -1,4 +1,4 @@
# kosmos-postgresql
# kosmos_postgresql
## Usage

2
site-cookbooks/kosmos-postgresql/attributes/default.rb → site-cookbooks/kosmos_postgresql/attributes/default.rb
View File

@@ -1,3 +1,3 @@
# This is set to false by default, and set to true in the server resource
# for replicas.
node.default['kosmos-postgresql']['ready_to_set_up_replica'] = false
node.default['kosmos_postgresql']['ready_to_set_up_replica'] = false

0
site-cookbooks/kosmos-postgresql/chefignore → site-cookbooks/kosmos_postgresql/chefignore
View File

0
site-cookbooks/kosmos-postgresql/libraries/helpers.rb → site-cookbooks/kosmos_postgresql/libraries/helpers.rb
View File

10
site-cookbooks/kosmos-postgresql/metadata.rb → site-cookbooks/kosmos_postgresql/metadata.rb
View File

@@ -1,9 +1,9 @@
name 'kosmos-postgresql'
name 'kosmos_postgresql'
maintainer 'Kosmos'
maintainer_email 'ops@5apps.com'
license 'MIT'
description 'Installs/Configures kosmos-postgresql'
long_description 'Installs/Configures kosmos-postgresql'
description 'Installs/Configures kosmos_postgresql'
long_description 'Installs/Configures kosmos_postgresql'
version '0.1.0'
chef_version '>= 12.14' if respond_to?(:chef_version)
@@ -11,13 +11,13 @@ chef_version '>= 12.14' if respond_to?(:chef_version)
# tracked. A `View Issues` link will be displayed on this cookbook's page when
# uploaded to a Supermarket.
#
# issues_url 'https://github.com/<insert_org_here>/kosmos-postgresql/issues'
# issues_url 'https://github.com/<insert_org_here>/kosmos_postgresql/issues'
# The `source_url` points to the development repository for this cookbook. A
# `View Source` link will be displayed on this cookbook's page when uploaded to
# a Supermarket.
#
# source_url 'https://github.com/<insert_org_here>/kosmos-postgresql'
# source_url 'https://github.com/<insert_org_here>/kosmos_postgresql'
depends "postgresql", ">= 7.0.0"
depends "build-essential"

2
site-cookbooks/kosmos-postgresql/recipes/firewall.rb → site-cookbooks/kosmos_postgresql/recipes/firewall.rb
View File

@@ -1,5 +1,5 @@
#
# Cookbook:: kosmos-postgresql
# Cookbook:: kosmos_postgresql
# Recipe:: firewall
#

2
site-cookbooks/kosmos-postgresql/recipes/hostsfile.rb → site-cookbooks/kosmos_postgresql/recipes/hostsfile.rb
View File

@@ -1,5 +1,5 @@
#
# Cookbook:: kosmos-postgresql
# Cookbook:: kosmos_postgresql
# Recipe:: hostsfile
#

2
site-cookbooks/kosmos-postgresql/recipes/primary.rb → site-cookbooks/kosmos_postgresql/recipes/primary.rb
View File

@@ -1,5 +1,5 @@
#
# Cookbook:: kosmos-postgresql
# Cookbook:: kosmos_postgresql
# Recipe:: primary
#

2
site-cookbooks/kosmos-postgresql/recipes/replica.rb → site-cookbooks/kosmos_postgresql/recipes/replica.rb
View File

@@ -1,5 +1,5 @@
#
# Cookbook:: kosmos-postgresql
# Cookbook:: kosmos_postgresql
# Recipe:: replica
#

9
site-cookbooks/kosmos-postgresql/resources/server.rb → site-cookbooks/kosmos_postgresql/resources/server.rb
View File

@@ -1,4 +1,5 @@
resource_name :postgresql_custom_server
provides :postgresql_custom_server
property :postgresql_version, String, required: true, name_property: true
property :role, String, required: true # Can be primary or replica
@@ -41,14 +42,14 @@ action :create do
action :disable
end
shared_buffers = if node['memory']['total'].to_i / 1024 < 1024 # > 1GB RAM
shared_buffers = if node['memory']['total'].to_i / 1024 < 1024 # < 1GB RAM
"128MB"
else # >= 1GB RAM, use 25% of total RAM
"#{node['memory']['total'].to_i / 1024 / 4}MB"
else # >= 1GB RAM, use 50% of total RAM
"#{node['memory']['total'].to_i / 1024 / 2}MB"
end
additional_config = {
max_connections: 100, # default
max_connections: 200, # default
shared_buffers: shared_buffers,
unix_socket_directories: "/var/run/postgresql",
dynamic_shared_memory_type: "posix",

3
site-cookbooks/kosmos_website/attributes/default.rb Normal file
View File

@@ -0,0 +1,3 @@
node.default["kosmos_website"]["domain"] = "kosmos.org"
node.default["kosmos_website"]["repo"] = "https://gitea.kosmos.org/kosmos/website.git"
node.default["kosmos_website"]["revision"] = "master"

10
site-cookbooks/kosmos_website/metadata.rb Normal file
View File

@@ -0,0 +1,10 @@
name 'kosmos_website'
maintainer 'Kosmos'
maintainer_email 'ops@kosmos.org'
license 'MIT'
description 'Configures the main kosmos.org website'
long_description 'Configures the main kosmos.org website'
version '1.0.0'
chef_version '>= 15.10' if respond_to?(:chef_version)
depends "kosmos-nginx"

38
site-cookbooks/kosmos_website/recipes/default.rb Normal file
View File

@@ -0,0 +1,38 @@
#
# Cookbook:: kosmos_website
# Recipe:: default
#
include_recipe "kosmos-nginx"
domain = node["kosmos_website"]["domain"]
nginx_certbot_site domain
directory "/var/www/#{domain}/site" do
user node["nginx"]["user"]
group node["nginx"]["group"]
mode "0755"
end
git "/var/www/#{domain}/site" do
user node["nginx"]["user"]
group node["nginx"]["group"]
repository node["kosmos_website"]["repo"]
revision node["kosmos_website"]["revision"]
action :sync
end
template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
source "nginx_conf_website.erb"
owner node["nginx"]["user"]
mode 0640
variables domain: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
notifies :reload, "service[nginx]", :delayed
end
nginx_site domain do
action :enable
end

26
site-cookbooks/kosmos_website/templates/nginx_conf_website.erb Normal file
View File

@@ -0,0 +1,26 @@
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
# Generated by Chef
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name <%= @domain %>;
root /var/www/<%= @domain %>/site;
access_log off;
gzip_static on;
gzip_comp_level 5;
add_header 'Access-Control-Allow-Origin' '*';
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
location /.well-known/lnurlp/ {
proxy_ssl_server_name on;
rewrite /.well-known/lnurlp/([^/]+) /lnurlpay/$1@kosmos.org break;
proxy_pass https://accounts.kosmos.org;
}
}
<% end -%>