Merge branch 'master' into feature/lndhub

site-cookbooks/backup/recipes/default.rb

@@ -32,6 +32,8 @@ gem_package 'backup' do
   version '5.0.0.beta.2'
 end
 
+smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp')
+
 backup_data = Chef::EncryptedDataBagItem.load('credentials', 'backup')
 backup_dir = node["backup"]["dir"]
 directory backup_dir
@@ -46,8 +48,12 @@ template "#{backup_dir}/config.rb" do
             s3_secret_access_key: backup_data["s3_secret_access_key"],
             s3_region: backup_data["s3_region"],
             encryption_password: backup_data["encryption_password"],
+            mail_from: "backups@kosmos.org",
             mail_to: "ops@5apps.com",
-            mail_from: "backups@kosmos.org"
+            mail_address: 'smtp.mailgun.org',
+            mail_domain: 'kosmos.org',
+            mail_user_name: smtp_credentials["user_name"],
+            mail_password: smtp_credentials["password"]
 end
 
 template "#{backup_dir}/models/default.rb" do

site-cookbooks/backup/templates/default/config.rb.erb

@@ -6,6 +6,18 @@
 # Documentation: http://backup.github.io/backup
 # Issue Tracker: https://github.com/backup/backup/issues
 
+#
+# Monkey patch to not use deprecated key derivation scheme
+# https://github.com/backup/backup/issues/949#issuecomment-589883577
+#
+module OpenSSLFixDeprecatedKeyDerivation
+  def options
+    super + ' -pbkdf2'
+  end
+end
+require 'backup/encryptor/open_ssl'
+Backup::Encryptor::OpenSSL.prepend(OpenSSLFixDeprecatedKeyDerivation)
+
 Storage::S3.defaults do |s3|
   s3.access_key_id     = "<%= @s3_access_key_id %>"
   s3.secret_access_key = "<%= @s3_secret_access_key %>"
@@ -22,7 +34,13 @@ end
 Notifier::Mail.defaults do |mail|
   mail.from                 = "<%= node.name %> <<%= @mail_from %>>"
   mail.to                   = "<%= @mail_to %>"
-  mail.delivery_method      = :sendmail
+  mail.address              = "<%= @mail_address %>"
+  mail.domain               = "<%= @mail_domain %>"
+  mail.user_name            = "<%= @mail_user_name %>"
+  mail.password             = "<%= @mail_password %>"
+  mail.port                 = <%= @mail_port || 587  %>
+  mail.authentication       = "<%= @mail_authentication || 'plain' %>"
+  mail.encryption           = <%= @mail_encryption || ':starttls' %>
 end
 
 <%- if node["backup"]["mongodb"] -%>
@@ -75,7 +93,7 @@ preconfigure 'KosmosBackup' do
   encrypt_with OpenSSL
   notify_by Mail do |mail|
     mail.on_success = false
-    mail.on_warning = false
+    mail.on_warning = true
     mail.on_failure = true
   end
 end

site-cookbooks/kosmos-akkounts/metadata.rb

@@ -14,5 +14,5 @@ depends "poise-ruby-build"
 depends "application"
 depends 'application_git'
 depends "postgresql"
-depends "kosmos-postgresql"
+depends "kosmos_postgresql"
 depends "backup"

site-cookbooks/kosmos-ejabberd/Berksfile

@@ -2,5 +2,5 @@
 source 'https://supermarket.chef.io'
 source chef_repo: ".."
 
-cookbook "kosmos-postgresql", path: "../kosmos-postgresql"
+cookbook "kosmos_postgresql", path: "../kosmos_postgresql"
 metadata

site-cookbooks/kosmos-ejabberd/metadata.rb

@@ -20,9 +20,9 @@ chef_version '>= 12.14' if respond_to?(:chef_version)
 # source_url 'https://github.com/<insert_org_here>/kosmos-ejabberd'
 
 depends "kosmos-base"
-depends "kosmos-postgresql"
 depends "kosmos-nginx"
 depends "kosmos-dirsrv"
+depends "kosmos_postgresql"
 depends "backup"
 depends "firewall"
 depends "tor-full"

site-cookbooks/kosmos-mastodon/metadata.rb

@@ -13,7 +13,7 @@ depends "poise-ruby-build"
 depends "application"
 depends "application_git"
 depends "postgresql"
-depends "kosmos-postgresql"
+depends "kosmos_postgresql"
 depends "backup"
 depends "elasticsearch"
 depends "tor-full"

site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb

@@ -1,4 +1,5 @@
 resource_name :nginx_certbot_site
+provides :nginx_certbot_site
 
 property :domain, String, name_property: true
 # pass it if the site name is not the same as the hostname, for example for the

site-cookbooks/kosmos-postgresql/CHANGELOG.md

@@ -1,5 +0,0 @@
-# kosmos-postgresql CHANGELOG
-
-# 0.1.0
-
-Initial release.

site-cookbooks/kosmos_drone/recipes/default.rb

@@ -2,27 +2,6 @@
 # Cookbook:: kosmos_drone
 # Recipe:: default
 #
-# The MIT License (MIT)
-#
-# Copyright:: 2020, Kosmos Developers
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-# copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-# THE SOFTWARE.
 
 package "docker-compose"
 domain = "drone.kosmos.org"

site-cookbooks/kosmos_drone/templates/docker-compose.yml.erb

@@ -2,7 +2,7 @@ version: '3'
 
 services:
   drone-server:
-    image: drone/drone:1
+    image: drone/drone:2.5
 
     ports:
       - "<%= @upstream_port %>:80"
@@ -19,7 +19,7 @@ services:
       - DRONE_RPC_SECRET=<%= @rpc_secret %>
 
   drone-runner:
-    image: drone/drone-runner-docker:1
+    image: drone/drone-runner-docker:1.8
 
     command: agent
     restart: always

site-cookbooks/kosmos_gitea/attributes/default.rb

@@ -1,6 +1,6 @@
-gitea_version = "1.14.6"
+gitea_version = "1.15.6"
 node.default["kosmos_gitea"]["version"] = gitea_version
 node.default["kosmos_gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64"
-node.default["kosmos_gitea"]["binary_checksum"] = "20cc0a89421695320b077c9fe4f16996f03aaf9d24f661f8d2255794551c849b"
+node.default["kosmos_gitea"]["binary_checksum"] = "1b7473b5993e07b33fec58edbc1a90f15f040759ca4647e97317c33d5dfe58be"
 node.default["kosmos_gitea"]["nginx"]["domain"] = "gitea.kosmos.org"
 node.default["kosmos_gitea"]["working_directory"] = "/var/lib/gitea"

site-cookbooks/kosmos_gitea/metadata.rb

@@ -20,5 +20,5 @@ chef_version '>= 14.0'
 # source_url 'https://github.com/<insert_org_here>/kosmos_gitea'
 
 depends "kosmos-nginx"
-depends "kosmos-postgresql"
+depends "kosmos_postgresql"
 depends "backup"

site-cookbooks/kosmos_gitea/recipes/default.rb

@@ -76,7 +76,7 @@ template "#{config_directory}/app.ini" do
   source "app.ini.erb"
   owner "git"
   group "git"
-  mode "0640"
+  mode "0600"
   sensitive true
   variables working_directory: working_directory,
             git_home_directory: git_home_directory,

site-cookbooks/kosmos_gitea/templates/default/app.ini.erb

@@ -46,6 +46,7 @@ PASSWD = <%= @smtp_password %>
 
 [oauth2]
 JWT_SECRET = <%= @jwt_secret %>
+JWT_SIGNING_ALGORITHM = HS256
 
 [security]
 INTERNAL_TOKEN = <%= @internal_token %>

site-cookbooks/kosmos_kvm/recipes/host.rb

@@ -2,34 +2,13 @@
 # Cookbook:: kosmos_kvm
 # Recipe:: host
 #
-# The MIT License (MIT)
-#
-# Copyright:: 2020, Kosmos Developers
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-# copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-# THE SOFTWARE.
 
 package %w(virtinst libvirt-daemon-system)
 
 directory "/var/lib/libvirt/images/base" do
   recursive true
   owner "libvirt-qemu"
-  group "root"
+  group "kvm"
   mode "0750"
 end
 
@@ -37,7 +16,7 @@ end
 remote_file "/var/lib/libvirt/images/base/ubuntu-20.04-server-cloudimg-amd64-disk-kvm.qcow2" do
   source "http://cloud-images.ubuntu.com/releases/focal/release/ubuntu-20.04-server-cloudimg-amd64-disk-kvm.img"
   owner "libvirt-qemu"
-  group "root"
+  group "kvm"
   mode "0640"
 end
 

site-cookbooks/kosmos_postgresql/CHANGELOG.md

@@ -0,0 +1,5 @@
+# kosmos_postgresql CHANGELOG
+
+# 0.1.0
+
+Initial release.

site-cookbooks/kosmos_postgresql/README.md

@@ -1,4 +1,4 @@
-# kosmos-postgresql
+# kosmos_postgresql
 
 ## Usage
 

site-cookbooks/kosmos_postgresql/attributes/default.rb

@@ -1,3 +1,3 @@
 # This is set to false by default, and set to true in the server resource
 # for replicas.
-node.default['kosmos-postgresql']['ready_to_set_up_replica'] = false
+node.default['kosmos_postgresql']['ready_to_set_up_replica'] = false

site-cookbooks/kosmos_postgresql/metadata.rb

@@ -1,9 +1,9 @@
-name 'kosmos-postgresql'
+name 'kosmos_postgresql'
 maintainer 'Kosmos'
 maintainer_email 'ops@5apps.com'
 license 'MIT'
-description 'Installs/Configures kosmos-postgresql'
-long_description 'Installs/Configures kosmos-postgresql'
+description 'Installs/Configures kosmos_postgresql'
+long_description 'Installs/Configures kosmos_postgresql'
 version '0.1.0'
 chef_version '>= 12.14' if respond_to?(:chef_version)
 
@@ -11,13 +11,13 @@ chef_version '>= 12.14' if respond_to?(:chef_version)
 # tracked.  A `View Issues` link will be displayed on this cookbook's page when
 # uploaded to a Supermarket.
 #
-# issues_url 'https://github.com/<insert_org_here>/kosmos-postgresql/issues'
+# issues_url 'https://github.com/<insert_org_here>/kosmos_postgresql/issues'
 
 # The `source_url` points to the development repository for this cookbook.  A
 # `View Source` link will be displayed on this cookbook's page when uploaded to
 # a Supermarket.
 #
-# source_url 'https://github.com/<insert_org_here>/kosmos-postgresql'
+# source_url 'https://github.com/<insert_org_here>/kosmos_postgresql'
 
 depends "postgresql", ">= 7.0.0"
 depends "build-essential"

site-cookbooks/kosmos_postgresql/recipes/firewall.rb

@@ -1,5 +1,5 @@
 #
-# Cookbook:: kosmos-postgresql
+# Cookbook:: kosmos_postgresql
 # Recipe:: firewall
 #
 

site-cookbooks/kosmos_postgresql/recipes/hostsfile.rb

@@ -1,5 +1,5 @@
 #
-# Cookbook:: kosmos-postgresql
+# Cookbook:: kosmos_postgresql
 # Recipe:: hostsfile
 #
 

site-cookbooks/kosmos_postgresql/recipes/primary.rb

@@ -1,5 +1,5 @@
 #
-# Cookbook:: kosmos-postgresql
+# Cookbook:: kosmos_postgresql
 # Recipe:: primary
 #
 

site-cookbooks/kosmos_postgresql/recipes/replica.rb

@@ -1,5 +1,5 @@
 #
-# Cookbook:: kosmos-postgresql
+# Cookbook:: kosmos_postgresql
 # Recipe:: replica
 #
 

site-cookbooks/kosmos_postgresql/resources/server.rb

@@ -1,4 +1,5 @@
 resource_name :postgresql_custom_server
+provides :postgresql_custom_server
 
 property :postgresql_version, String, required: true, name_property: true
 property :role, String, required: true # Can be primary or replica
@@ -41,14 +42,14 @@ action :create do
     action :disable
   end
 
-  shared_buffers = if node['memory']['total'].to_i / 1024 < 1024 # > 1GB RAM
+  shared_buffers = if node['memory']['total'].to_i / 1024 < 1024 # < 1GB RAM
                      "128MB"
-                   else # >= 1GB RAM, use 25% of total RAM
-                     "#{node['memory']['total'].to_i / 1024 / 4}MB"
+                   else # >= 1GB RAM, use 50% of total RAM
+                     "#{node['memory']['total'].to_i / 1024 / 2}MB"
                    end
 
   additional_config = {
-    max_connections: 100, # default
+    max_connections: 200, # default
     shared_buffers: shared_buffers,
     unix_socket_directories: "/var/run/postgresql",
     dynamic_shared_memory_type: "posix",

site-cookbooks/kosmos_rsk/attributes/default.rb

@@ -1,2 +1,2 @@
-node.default['rskj']['version'] = '2.2.0~focal'
+node.default['rskj']['version'] = '3.0.1~focal'
 node.default['rskj']['network'] = 'testnet'

site-cookbooks/kosmos_rsk/recipes/firewall.rb

@@ -0,0 +1,7 @@
+include_recipe 'firewall'
+
+firewall_rule 'rskj' do
+  port     [4444,50505]
+  protocol :tcp
+  command  :allow
+end

site-cookbooks/kosmos_rsk/recipes/rskj.rb

@@ -30,10 +30,4 @@ service "rsk" do
   action [:enable, :start]
 end
 
-include_recipe 'firewall'
-
-firewall_rule 'rskj' do
-  port     [4444,50505]
-  protocol :tcp
-  command  :allow
-end
+include_recipe 'kosmos_rsk::firewall'

site-cookbooks/kosmos_website/attributes/default.rb

@@ -0,0 +1,3 @@
+node.default["kosmos_website"]["domain"]   = "kosmos.org"
+node.default["kosmos_website"]["repo"]     = "https://gitea.kosmos.org/kosmos/website.git"
+node.default["kosmos_website"]["revision"] = "master"

site-cookbooks/kosmos_website/metadata.rb

@@ -0,0 +1,10 @@
+name 'kosmos_website'
+maintainer 'Kosmos'
+maintainer_email 'ops@kosmos.org'
+license 'MIT'
+description 'Configures the main kosmos.org website'
+long_description 'Configures the main kosmos.org website'
+version '1.0.0'
+chef_version '>= 15.10' if respond_to?(:chef_version)
+
+depends "kosmos-nginx"

site-cookbooks/kosmos_website/recipes/default.rb

@@ -0,0 +1,38 @@
+#
+# Cookbook:: kosmos_website
+# Recipe:: default
+#
+
+include_recipe "kosmos-nginx"
+
+domain = node["kosmos_website"]["domain"]
+
+nginx_certbot_site domain
+
+directory "/var/www/#{domain}/site" do
+  user node["nginx"]["user"]
+  group node["nginx"]["group"]
+  mode "0755"
+end
+
+git "/var/www/#{domain}/site" do
+  user node["nginx"]["user"]
+  group node["nginx"]["group"]
+  repository node["kosmos_website"]["repo"]
+  revision node["kosmos_website"]["revision"]
+  action :sync
+end
+
+template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
+  source "nginx_conf_website.erb"
+  owner node["nginx"]["user"]
+  mode 0640
+  variables domain: domain,
+            ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
+            ssl_key:  "/etc/letsencrypt/live/#{domain}/privkey.pem"
+  notifies :reload, "service[nginx]", :delayed
+end
+
+nginx_site domain do
+  action :enable
+end

site-cookbooks/kosmos_website/templates/nginx_conf_website.erb

@@ -0,0 +1,26 @@
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+# Generated by Chef
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name <%= @domain %>;
+
+  root /var/www/<%= @domain %>/site;
+
+  access_log off;
+  gzip_static on;
+  gzip_comp_level 5;
+
+  add_header 'Access-Control-Allow-Origin' '*';
+
+  ssl_certificate     <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+
+  location /.well-known/lnurlp/ {
+    proxy_ssl_server_name on;
+    rewrite /.well-known/lnurlp/([^/]+) /lnurlpay/$1@kosmos.org break;
+    proxy_pass https://accounts.kosmos.org;
+  }
+}
+<% end -%>