Merge branch 'master' into feature/lndhub
This commit is contained in:
commit
6f29ede8d3
11
README.md
11
README.md
|
@ -44,3 +44,14 @@ Install cookbooks listed in Berksfile:
|
|||
Vendor installed cookbooks to the `cookbooks/` dir:
|
||||
|
||||
berks vendor cookbooks/ --delete
|
||||
|
||||
### "Expired" TLS certificates
|
||||
|
||||
If you encounter expired TLS certificates during a Chef run (e.g. for remote
|
||||
files), the issue is likely that the certificate has been issued by Let's
|
||||
Encrypt and Chef is still using its own, outdated CA cert store (see
|
||||
[here](https://github.com/chef/chef/issues/12126#issuecomment-932067530) for
|
||||
example).
|
||||
|
||||
As a hotfix, you can manually remove the "DST Root CA X3" cert from
|
||||
`/opt/chef/embedded/ssl/cert.pem` on the machine you're trying to converge.
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"name": "postgres-4",
|
||||
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6fPxOZeKloF/EgYvU0k\nOwv8bJjsCQcWaMTPle5//mRTszA6PM2z9RI+Mfr45qxTlsL9pQY8WJOWF6QOK31x\nszuqcr7oOjtAhrLI8f/oNDEDjcx325FqG9gNKQEAD7d4zodh+PhDe6x7GIyIS7lG\nIcD5Zre9iDwv8FGLR+5GLqS8SJOPL/wJkQ8w+N0f8YDFw81kiTta5NLhAx3fMDs0\n2kmoNlbmKlNZTtLjCfCV+/pa9oY6wycjck3GvobiFE/4cWaNkeGlPc+uAwlfmrOv\nHy0tq1XBX/BCvE5kMXmhnMT23JXjm2s2PgCLgEVGAXilXk/T597KDm+z4oBpAQma\nnQIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"name": "rsk-mainnet-1",
|
||||
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtavs6RQW6af9fWuEuhI1\nQa4Ff7Z1CfZ0fHz152UqUeUKatQ/psKVs5ULWDV/b69fSuNsUzkCny9OwtwyQB/F\n2U+vbv3/3As3z6i3V3q8q4ahCHd7tkMmxMLaWcdkfWbpupWTRkCEX+PSDKS0hdfp\n3EQKVA2FrqR0sSnnT+Q66kZw4/WJrNwtSLcps4D5OubG7xr/uUn3Vyv5qXvS/7kx\nGvMONs55qh64Gtc3FSFPEdVyZXasCMEWwXyadqzf+/qJtEYlK0Uy5E/u7CTsnmcH\n9TEiYVw0/6PomQ2HJfSlZVUUO007OliBHO9bWOwZ6qI5c53pt5KES0dyy6SQ4m+8\nawIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"name": "rsk-testnet-2",
|
||||
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG2bgL0n5Q7bTR4WYHOB\nZNOuRem/jjarU/bL0VKKn0JqD3PPDAnhq9gRn7H8SwyGoVFN60YGzu45O4c+SqN3\nCXN+FeFabigH2tKLxBz3kNDYTT/F1ErLLi/6ydrCV3tpddR5KTqLSOntojG8KNzc\nyG4rMV9ebCE1wDVxAFdEA+YDZS8YjP0nO5sLWFacA0ZTx27t5ugqZP1acjSvKzWs\nZ+ekX5Pbws/oUHyaqEEPdz7er4MTBm0bdkCHZbM7132oBcH/huJZhmTXFEdoy4ML\nhP4MWWSvwo66HDYjnaID82a8W1RJZZu2irbPHrfVlaFAh8VQk1T1kkUu0bMovT3V\nYQIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
Backup
|
||||
======
|
||||
|
||||
## Backup gem
|
||||
|
||||
Backups are stored on AWS S3, in the `kosmos-dev-backups` bucket.
|
||||
|
||||
The S3 credentials as well as the backup password are stored in the
|
||||
`credentials` data bag under the `backup` item.
|
||||
|
||||
### Restore
|
||||
|
||||
To decrypt a backup archive, use the following command:
|
||||
|
||||
openssl aes-256-cbc -d -base64 -pbkdf2 -in my_backup.tar.enc -out my_backup.tar
|
||||
|
||||
If you get an error message along the lines of "bad decrypt", the archive was
|
||||
likely encrypted before we switched the key derivation scheme. Try without
|
||||
`-pbkdf2` in this case:
|
||||
|
||||
openssl aes-256-cbc -d -base64 -in my_backup.tar.enc -out my_backup.tar
|
|
@ -8,7 +8,7 @@
|
|||
"automatic": {
|
||||
"fqdn": "akkounts-1",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-54-generic",
|
||||
"os_version": "5.4.0-90-generic",
|
||||
"hostname": "akkounts-1",
|
||||
"ipaddress": "192.168.122.160",
|
||||
"roles": [
|
||||
|
@ -18,7 +18,7 @@
|
|||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos-postgresql::hostsfile",
|
||||
"kosmos_postgresql::hostsfile",
|
||||
"kosmos-akkounts",
|
||||
"kosmos-akkounts::default",
|
||||
"kosmos-akkounts::nginx",
|
||||
|
|
|
@ -33,6 +33,8 @@
|
|||
"kosmos_assets::nginx_site",
|
||||
"kosmos_kvm::host",
|
||||
"kosmos-ejabberd::firewall",
|
||||
"kosmos_website",
|
||||
"kosmos_website::default",
|
||||
"kosmos_zerotier::firewall",
|
||||
"sockethub::_firewall",
|
||||
"apt::default",
|
||||
|
@ -86,6 +88,7 @@
|
|||
"recipe[kosmos_assets::nginx_site]",
|
||||
"recipe[kosmos_kvm::host]",
|
||||
"recipe[kosmos-ejabberd::firewall]",
|
||||
"recipe[kosmos_website::default]",
|
||||
"recipe[kosmos_zerotier::firewall]",
|
||||
"recipe[sockethub::_firewall]"
|
||||
]
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
{
|
||||
"name": "fornax.kosmos.org",
|
||||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "fornax.kosmos.org"
|
||||
}
|
||||
},
|
||||
"automatic": {
|
||||
"fqdn": "fornax.kosmos.org",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-88-generic",
|
||||
"hostname": "fornax",
|
||||
"ipaddress": "148.251.83.201",
|
||||
"roles": [
|
||||
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::host",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
"ntp::default",
|
||||
"kosmos-base::systemd_emails",
|
||||
"apt::unattended-upgrades",
|
||||
"kosmos-base::firewall",
|
||||
"kosmos-postfix::default",
|
||||
"postfix::default",
|
||||
"postfix::_common",
|
||||
"postfix::_attributes",
|
||||
"postfix::sasl_auth",
|
||||
"hostname::default"
|
||||
],
|
||||
"platform": "ubuntu",
|
||||
"platform_version": "20.04",
|
||||
"cloud": null,
|
||||
"chef_packages": {
|
||||
"chef": {
|
||||
"version": "17.5.22",
|
||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.5.22/lib",
|
||||
"chef_effortless": null
|
||||
},
|
||||
"ohai": {
|
||||
"version": "17.5.2",
|
||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.5.2/lib/ohai"
|
||||
}
|
||||
}
|
||||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"recipe[kosmos_kvm::host]"
|
||||
]
|
||||
}
|
|
@ -8,7 +8,7 @@
|
|||
"automatic": {
|
||||
"fqdn": "nodejs-2",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1045-kvm",
|
||||
"os_version": "5.4.0-1049-kvm",
|
||||
"hostname": "nodejs-2",
|
||||
"ipaddress": "192.168.122.243",
|
||||
"roles": [
|
||||
|
|
|
@ -8,17 +8,17 @@
|
|||
"automatic": {
|
||||
"fqdn": "postgres-2",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-64-generic",
|
||||
"os_version": "5.4.0-77-generic",
|
||||
"hostname": "postgres-2",
|
||||
"ipaddress": "192.168.122.244",
|
||||
"roles": [
|
||||
"postgresql_replica"
|
||||
"postgresql_primary"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos-postgresql::replica",
|
||||
"kosmos-postgresql::firewall",
|
||||
"kosmos_postgresql::primary",
|
||||
"kosmos_postgresql::firewall",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
@ -52,4 +52,4 @@
|
|||
"recipe[kosmos-base]",
|
||||
"role[postgresql_primary]"
|
||||
]
|
||||
}
|
||||
}
|
|
@ -0,0 +1,57 @@
|
|||
{
|
||||
"name": "postgres-4",
|
||||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "10.1.1.107"
|
||||
}
|
||||
},
|
||||
"automatic": {
|
||||
"fqdn": "postgres-4",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-91-generic",
|
||||
"hostname": "postgres-4",
|
||||
"ipaddress": "192.168.122.3",
|
||||
"roles": [
|
||||
"postgresql_replica"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_postgresql::hostsfile",
|
||||
"kosmos_postgresql::replica",
|
||||
"kosmos_postgresql::firewall",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
"ntp::default",
|
||||
"ntp::apparmor",
|
||||
"kosmos-base::systemd_emails",
|
||||
"apt::unattended-upgrades",
|
||||
"kosmos-base::firewall",
|
||||
"kosmos-postfix::default",
|
||||
"postfix::default",
|
||||
"postfix::_common",
|
||||
"postfix::_attributes",
|
||||
"postfix::sasl_auth",
|
||||
"hostname::default"
|
||||
],
|
||||
"platform": "ubuntu",
|
||||
"platform_version": "20.04",
|
||||
"cloud": null,
|
||||
"chef_packages": {
|
||||
"chef": {
|
||||
"version": "17.7.29",
|
||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.7.29/lib",
|
||||
"chef_effortless": null
|
||||
},
|
||||
"ohai": {
|
||||
"version": "17.7.8",
|
||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.7.8/lib/ohai"
|
||||
}
|
||||
}
|
||||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[postgresql_replica]"
|
||||
]
|
||||
}
|
|
@ -0,0 +1,57 @@
|
|||
{
|
||||
"name": "rsk-mainnet-1",
|
||||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "10.1.1.137"
|
||||
}
|
||||
},
|
||||
"automatic": {
|
||||
"fqdn": "rsk-mainnet-1",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1048-kvm",
|
||||
"hostname": "rsk-mainnet-1",
|
||||
"ipaddress": "192.168.122.233",
|
||||
"roles": [
|
||||
"rsk_mainnet"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_rsk::rskj",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
"ntp::default",
|
||||
"ntp::apparmor",
|
||||
"kosmos-base::systemd_emails",
|
||||
"apt::unattended-upgrades",
|
||||
"kosmos-base::firewall",
|
||||
"kosmos-postfix::default",
|
||||
"postfix::default",
|
||||
"postfix::_common",
|
||||
"postfix::_attributes",
|
||||
"postfix::sasl_auth",
|
||||
"hostname::default",
|
||||
"firewall::default",
|
||||
"chef-sugar::default"
|
||||
],
|
||||
"platform": "ubuntu",
|
||||
"platform_version": "20.04",
|
||||
"cloud": null,
|
||||
"chef_packages": {
|
||||
"chef": {
|
||||
"version": "17.6.18",
|
||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.6.18/lib",
|
||||
"chef_effortless": null
|
||||
},
|
||||
"ohai": {
|
||||
"version": "17.6.0",
|
||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.6.0/lib/ohai"
|
||||
}
|
||||
}
|
||||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[rsk_mainnet]"
|
||||
]
|
||||
}
|
|
@ -0,0 +1,57 @@
|
|||
{
|
||||
"name": "rsk-testnet-2",
|
||||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "10.1.1.214"
|
||||
}
|
||||
},
|
||||
"automatic": {
|
||||
"fqdn": "rsk-testnet-2",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1048-kvm",
|
||||
"hostname": "rsk-testnet-2",
|
||||
"ipaddress": "192.168.122.29",
|
||||
"roles": [
|
||||
"rsk_testnet"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_rsk::rskj",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
"ntp::default",
|
||||
"ntp::apparmor",
|
||||
"kosmos-base::systemd_emails",
|
||||
"apt::unattended-upgrades",
|
||||
"kosmos-base::firewall",
|
||||
"kosmos-postfix::default",
|
||||
"postfix::default",
|
||||
"postfix::_common",
|
||||
"postfix::_attributes",
|
||||
"postfix::sasl_auth",
|
||||
"hostname::default",
|
||||
"firewall::default",
|
||||
"chef-sugar::default"
|
||||
],
|
||||
"platform": "ubuntu",
|
||||
"platform_version": "20.04",
|
||||
"cloud": null,
|
||||
"chef_packages": {
|
||||
"chef": {
|
||||
"version": "17.6.18",
|
||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.6.18/lib",
|
||||
"chef_effortless": null
|
||||
},
|
||||
"ohai": {
|
||||
"version": "17.6.0",
|
||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.6.0/lib/ohai"
|
||||
}
|
||||
}
|
||||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[rsk_testnet]"
|
||||
]
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
name 'parity'
|
||||
|
||||
run_list %w(
|
||||
recipe[kosmos-parity::from_package]
|
||||
recipe[kosmos-parity::node_dev]
|
||||
)
|
|
@ -3,5 +3,5 @@
|
|||
name "postgresql_client"
|
||||
|
||||
run_list %w(
|
||||
kosmos-postgresql::hostsfile
|
||||
kosmos_postgresql::hostsfile
|
||||
)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
name "postgresql_primary"
|
||||
|
||||
run_list %w(
|
||||
kosmos-postgresql::primary
|
||||
kosmos-postgresql::firewall
|
||||
kosmos_postgresql::primary
|
||||
kosmos_postgresql::firewall
|
||||
)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
name "postgresql_replica"
|
||||
|
||||
run_list %w(
|
||||
kosmos-postgresql::hostsfile
|
||||
kosmos-postgresql::replica
|
||||
kosmos-postgresql::firewall
|
||||
kosmos_postgresql::hostsfile
|
||||
kosmos_postgresql::replica
|
||||
kosmos_postgresql::firewall
|
||||
)
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
name "rsk_mainnet"
|
||||
|
||||
run_list %w(
|
||||
kosmos_rsk::rskj
|
||||
)
|
||||
|
||||
override_attributes(
|
||||
:rskj => {
|
||||
:network => "mainnet"
|
||||
}
|
||||
)
|
|
@ -0,0 +1,5 @@
|
|||
name "rsk_testnet"
|
||||
|
||||
run_list %w(
|
||||
kosmos_rsk::rskj
|
||||
)
|
|
@ -32,6 +32,8 @@ gem_package 'backup' do
|
|||
version '5.0.0.beta.2'
|
||||
end
|
||||
|
||||
smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp')
|
||||
|
||||
backup_data = Chef::EncryptedDataBagItem.load('credentials', 'backup')
|
||||
backup_dir = node["backup"]["dir"]
|
||||
directory backup_dir
|
||||
|
@ -46,8 +48,12 @@ template "#{backup_dir}/config.rb" do
|
|||
s3_secret_access_key: backup_data["s3_secret_access_key"],
|
||||
s3_region: backup_data["s3_region"],
|
||||
encryption_password: backup_data["encryption_password"],
|
||||
mail_from: "backups@kosmos.org",
|
||||
mail_to: "ops@5apps.com",
|
||||
mail_from: "backups@kosmos.org"
|
||||
mail_address: 'smtp.mailgun.org',
|
||||
mail_domain: 'kosmos.org',
|
||||
mail_user_name: smtp_credentials["user_name"],
|
||||
mail_password: smtp_credentials["password"]
|
||||
end
|
||||
|
||||
template "#{backup_dir}/models/default.rb" do
|
||||
|
|
|
@ -6,6 +6,18 @@
|
|||
# Documentation: http://backup.github.io/backup
|
||||
# Issue Tracker: https://github.com/backup/backup/issues
|
||||
|
||||
#
|
||||
# Monkey patch to not use deprecated key derivation scheme
|
||||
# https://github.com/backup/backup/issues/949#issuecomment-589883577
|
||||
#
|
||||
module OpenSSLFixDeprecatedKeyDerivation
|
||||
def options
|
||||
super + ' -pbkdf2'
|
||||
end
|
||||
end
|
||||
require 'backup/encryptor/open_ssl'
|
||||
Backup::Encryptor::OpenSSL.prepend(OpenSSLFixDeprecatedKeyDerivation)
|
||||
|
||||
Storage::S3.defaults do |s3|
|
||||
s3.access_key_id = "<%= @s3_access_key_id %>"
|
||||
s3.secret_access_key = "<%= @s3_secret_access_key %>"
|
||||
|
@ -22,7 +34,13 @@ end
|
|||
Notifier::Mail.defaults do |mail|
|
||||
mail.from = "<%= node.name %> <<%= @mail_from %>>"
|
||||
mail.to = "<%= @mail_to %>"
|
||||
mail.delivery_method = :sendmail
|
||||
mail.address = "<%= @mail_address %>"
|
||||
mail.domain = "<%= @mail_domain %>"
|
||||
mail.user_name = "<%= @mail_user_name %>"
|
||||
mail.password = "<%= @mail_password %>"
|
||||
mail.port = <%= @mail_port || 587 %>
|
||||
mail.authentication = "<%= @mail_authentication || 'plain' %>"
|
||||
mail.encryption = <%= @mail_encryption || ':starttls' %>
|
||||
end
|
||||
|
||||
<%- if node["backup"]["mongodb"] -%>
|
||||
|
@ -75,7 +93,7 @@ preconfigure 'KosmosBackup' do
|
|||
encrypt_with OpenSSL
|
||||
notify_by Mail do |mail|
|
||||
mail.on_success = false
|
||||
mail.on_warning = false
|
||||
mail.on_warning = true
|
||||
mail.on_failure = true
|
||||
end
|
||||
end
|
||||
|
|
|
@ -14,5 +14,5 @@ depends "poise-ruby-build"
|
|||
depends "application"
|
||||
depends 'application_git'
|
||||
depends "postgresql"
|
||||
depends "kosmos-postgresql"
|
||||
depends "kosmos_postgresql"
|
||||
depends "backup"
|
||||
|
|
|
@ -2,5 +2,5 @@
|
|||
source 'https://supermarket.chef.io'
|
||||
source chef_repo: ".."
|
||||
|
||||
cookbook "kosmos-postgresql", path: "../kosmos-postgresql"
|
||||
cookbook "kosmos_postgresql", path: "../kosmos_postgresql"
|
||||
metadata
|
||||
|
|
|
@ -20,9 +20,9 @@ chef_version '>= 12.14' if respond_to?(:chef_version)
|
|||
# source_url 'https://github.com/<insert_org_here>/kosmos-ejabberd'
|
||||
|
||||
depends "kosmos-base"
|
||||
depends "kosmos-postgresql"
|
||||
depends "kosmos-nginx"
|
||||
depends "kosmos-dirsrv"
|
||||
depends "kosmos_postgresql"
|
||||
depends "backup"
|
||||
depends "firewall"
|
||||
depends "tor-full"
|
||||
|
|
|
@ -13,7 +13,7 @@ depends "poise-ruby-build"
|
|||
depends "application"
|
||||
depends "application_git"
|
||||
depends "postgresql"
|
||||
depends "kosmos-postgresql"
|
||||
depends "kosmos_postgresql"
|
||||
depends "backup"
|
||||
depends "elasticsearch"
|
||||
depends "tor-full"
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
resource_name :nginx_certbot_site
|
||||
provides :nginx_certbot_site
|
||||
|
||||
property :domain, String, name_property: true
|
||||
# pass it if the site name is not the same as the hostname, for example for the
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
# kosmos-postgresql CHANGELOG
|
||||
|
||||
# 0.1.0
|
||||
|
||||
Initial release.
|
|
@ -2,27 +2,6 @@
|
|||
# Cookbook:: kosmos_drone
|
||||
# Recipe:: default
|
||||
#
|
||||
# The MIT License (MIT)
|
||||
#
|
||||
# Copyright:: 2020, Kosmos Developers
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
|
||||
package "docker-compose"
|
||||
domain = "drone.kosmos.org"
|
||||
|
|
|
@ -2,7 +2,7 @@ version: '3'
|
|||
|
||||
services:
|
||||
drone-server:
|
||||
image: drone/drone:1
|
||||
image: drone/drone:2.5
|
||||
|
||||
ports:
|
||||
- "<%= @upstream_port %>:80"
|
||||
|
@ -19,7 +19,7 @@ services:
|
|||
- DRONE_RPC_SECRET=<%= @rpc_secret %>
|
||||
|
||||
drone-runner:
|
||||
image: drone/drone-runner-docker:1
|
||||
image: drone/drone-runner-docker:1.8
|
||||
|
||||
command: agent
|
||||
restart: always
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
gitea_version = "1.14.6"
|
||||
gitea_version = "1.15.6"
|
||||
node.default["kosmos_gitea"]["version"] = gitea_version
|
||||
node.default["kosmos_gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64"
|
||||
node.default["kosmos_gitea"]["binary_checksum"] = "20cc0a89421695320b077c9fe4f16996f03aaf9d24f661f8d2255794551c849b"
|
||||
node.default["kosmos_gitea"]["binary_checksum"] = "1b7473b5993e07b33fec58edbc1a90f15f040759ca4647e97317c33d5dfe58be"
|
||||
node.default["kosmos_gitea"]["nginx"]["domain"] = "gitea.kosmos.org"
|
||||
node.default["kosmos_gitea"]["working_directory"] = "/var/lib/gitea"
|
||||
|
|
|
@ -20,5 +20,5 @@ chef_version '>= 14.0'
|
|||
# source_url 'https://github.com/<insert_org_here>/kosmos_gitea'
|
||||
|
||||
depends "kosmos-nginx"
|
||||
depends "kosmos-postgresql"
|
||||
depends "kosmos_postgresql"
|
||||
depends "backup"
|
||||
|
|
|
@ -76,7 +76,7 @@ template "#{config_directory}/app.ini" do
|
|||
source "app.ini.erb"
|
||||
owner "git"
|
||||
group "git"
|
||||
mode "0640"
|
||||
mode "0600"
|
||||
sensitive true
|
||||
variables working_directory: working_directory,
|
||||
git_home_directory: git_home_directory,
|
||||
|
|
|
@ -46,6 +46,7 @@ PASSWD = <%= @smtp_password %>
|
|||
|
||||
[oauth2]
|
||||
JWT_SECRET = <%= @jwt_secret %>
|
||||
JWT_SIGNING_ALGORITHM = HS256
|
||||
|
||||
[security]
|
||||
INTERNAL_TOKEN = <%= @internal_token %>
|
||||
|
|
|
@ -2,34 +2,13 @@
|
|||
# Cookbook:: kosmos_kvm
|
||||
# Recipe:: host
|
||||
#
|
||||
# The MIT License (MIT)
|
||||
#
|
||||
# Copyright:: 2020, Kosmos Developers
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
|
||||
package %w(virtinst libvirt-daemon-system)
|
||||
|
||||
directory "/var/lib/libvirt/images/base" do
|
||||
recursive true
|
||||
owner "libvirt-qemu"
|
||||
group "root"
|
||||
group "kvm"
|
||||
mode "0750"
|
||||
end
|
||||
|
||||
|
@ -37,7 +16,7 @@ end
|
|||
remote_file "/var/lib/libvirt/images/base/ubuntu-20.04-server-cloudimg-amd64-disk-kvm.qcow2" do
|
||||
source "http://cloud-images.ubuntu.com/releases/focal/release/ubuntu-20.04-server-cloudimg-amd64-disk-kvm.img"
|
||||
owner "libvirt-qemu"
|
||||
group "root"
|
||||
group "kvm"
|
||||
mode "0640"
|
||||
end
|
||||
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
# kosmos_postgresql CHANGELOG
|
||||
|
||||
# 0.1.0
|
||||
|
||||
Initial release.
|
|
@ -1,4 +1,4 @@
|
|||
# kosmos-postgresql
|
||||
# kosmos_postgresql
|
||||
|
||||
## Usage
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
# This is set to false by default, and set to true in the server resource
|
||||
# for replicas.
|
||||
node.default['kosmos-postgresql']['ready_to_set_up_replica'] = false
|
||||
node.default['kosmos_postgresql']['ready_to_set_up_replica'] = false
|
|
@ -1,9 +1,9 @@
|
|||
name 'kosmos-postgresql'
|
||||
name 'kosmos_postgresql'
|
||||
maintainer 'Kosmos'
|
||||
maintainer_email 'ops@5apps.com'
|
||||
license 'MIT'
|
||||
description 'Installs/Configures kosmos-postgresql'
|
||||
long_description 'Installs/Configures kosmos-postgresql'
|
||||
description 'Installs/Configures kosmos_postgresql'
|
||||
long_description 'Installs/Configures kosmos_postgresql'
|
||||
version '0.1.0'
|
||||
chef_version '>= 12.14' if respond_to?(:chef_version)
|
||||
|
||||
|
@ -11,13 +11,13 @@ chef_version '>= 12.14' if respond_to?(:chef_version)
|
|||
# tracked. A `View Issues` link will be displayed on this cookbook's page when
|
||||
# uploaded to a Supermarket.
|
||||
#
|
||||
# issues_url 'https://github.com/<insert_org_here>/kosmos-postgresql/issues'
|
||||
# issues_url 'https://github.com/<insert_org_here>/kosmos_postgresql/issues'
|
||||
|
||||
# The `source_url` points to the development repository for this cookbook. A
|
||||
# `View Source` link will be displayed on this cookbook's page when uploaded to
|
||||
# a Supermarket.
|
||||
#
|
||||
# source_url 'https://github.com/<insert_org_here>/kosmos-postgresql'
|
||||
# source_url 'https://github.com/<insert_org_here>/kosmos_postgresql'
|
||||
|
||||
depends "postgresql", ">= 7.0.0"
|
||||
depends "build-essential"
|
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# Cookbook:: kosmos-postgresql
|
||||
# Cookbook:: kosmos_postgresql
|
||||
# Recipe:: firewall
|
||||
#
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# Cookbook:: kosmos-postgresql
|
||||
# Cookbook:: kosmos_postgresql
|
||||
# Recipe:: hostsfile
|
||||
#
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# Cookbook:: kosmos-postgresql
|
||||
# Cookbook:: kosmos_postgresql
|
||||
# Recipe:: primary
|
||||
#
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# Cookbook:: kosmos-postgresql
|
||||
# Cookbook:: kosmos_postgresql
|
||||
# Recipe:: replica
|
||||
#
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
resource_name :postgresql_custom_server
|
||||
provides :postgresql_custom_server
|
||||
|
||||
property :postgresql_version, String, required: true, name_property: true
|
||||
property :role, String, required: true # Can be primary or replica
|
||||
|
@ -41,14 +42,14 @@ action :create do
|
|||
action :disable
|
||||
end
|
||||
|
||||
shared_buffers = if node['memory']['total'].to_i / 1024 < 1024 # > 1GB RAM
|
||||
shared_buffers = if node['memory']['total'].to_i / 1024 < 1024 # < 1GB RAM
|
||||
"128MB"
|
||||
else # >= 1GB RAM, use 25% of total RAM
|
||||
"#{node['memory']['total'].to_i / 1024 / 4}MB"
|
||||
else # >= 1GB RAM, use 50% of total RAM
|
||||
"#{node['memory']['total'].to_i / 1024 / 2}MB"
|
||||
end
|
||||
|
||||
additional_config = {
|
||||
max_connections: 100, # default
|
||||
max_connections: 200, # default
|
||||
shared_buffers: shared_buffers,
|
||||
unix_socket_directories: "/var/run/postgresql",
|
||||
dynamic_shared_memory_type: "posix",
|
|
@ -1,2 +1,2 @@
|
|||
node.default['rskj']['version'] = '2.2.0~focal'
|
||||
node.default['rskj']['version'] = '3.0.1~focal'
|
||||
node.default['rskj']['network'] = 'testnet'
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
include_recipe 'firewall'
|
||||
|
||||
firewall_rule 'rskj' do
|
||||
port [4444,50505]
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
|
@ -30,10 +30,4 @@ service "rsk" do
|
|||
action [:enable, :start]
|
||||
end
|
||||
|
||||
include_recipe 'firewall'
|
||||
|
||||
firewall_rule 'rskj' do
|
||||
port [4444,50505]
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
include_recipe 'kosmos_rsk::firewall'
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
node.default["kosmos_website"]["domain"] = "kosmos.org"
|
||||
node.default["kosmos_website"]["repo"] = "https://gitea.kosmos.org/kosmos/website.git"
|
||||
node.default["kosmos_website"]["revision"] = "master"
|
|
@ -0,0 +1,10 @@
|
|||
name 'kosmos_website'
|
||||
maintainer 'Kosmos'
|
||||
maintainer_email 'ops@kosmos.org'
|
||||
license 'MIT'
|
||||
description 'Configures the main kosmos.org website'
|
||||
long_description 'Configures the main kosmos.org website'
|
||||
version '1.0.0'
|
||||
chef_version '>= 15.10' if respond_to?(:chef_version)
|
||||
|
||||
depends "kosmos-nginx"
|
|
@ -0,0 +1,38 @@
|
|||
#
|
||||
# Cookbook:: kosmos_website
|
||||
# Recipe:: default
|
||||
#
|
||||
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
domain = node["kosmos_website"]["domain"]
|
||||
|
||||
nginx_certbot_site domain
|
||||
|
||||
directory "/var/www/#{domain}/site" do
|
||||
user node["nginx"]["user"]
|
||||
group node["nginx"]["group"]
|
||||
mode "0755"
|
||||
end
|
||||
|
||||
git "/var/www/#{domain}/site" do
|
||||
user node["nginx"]["user"]
|
||||
group node["nginx"]["group"]
|
||||
repository node["kosmos_website"]["repo"]
|
||||
revision node["kosmos_website"]["revision"]
|
||||
action :sync
|
||||
end
|
||||
|
||||
template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
|
||||
source "nginx_conf_website.erb"
|
||||
owner node["nginx"]["user"]
|
||||
mode 0640
|
||||
variables domain: domain,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
|
||||
notifies :reload, "service[nginx]", :delayed
|
||||
end
|
||||
|
||||
nginx_site domain do
|
||||
action :enable
|
||||
end
|
|
@ -0,0 +1,26 @@
|
|||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
# Generated by Chef
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name <%= @domain %>;
|
||||
|
||||
root /var/www/<%= @domain %>/site;
|
||||
|
||||
access_log off;
|
||||
gzip_static on;
|
||||
gzip_comp_level 5;
|
||||
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
||||
location /.well-known/lnurlp/ {
|
||||
proxy_ssl_server_name on;
|
||||
rewrite /.well-known/lnurlp/([^/]+) /lnurlpay/$1@kosmos.org break;
|
||||
proxy_pass https://accounts.kosmos.org;
|
||||
}
|
||||
}
|
||||
<% end -%>
|
Loading…
Reference in New Issue