kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 29 Pull Requests 2 Projects 2 Activity

WIP Set up akaunting

Browse Source
This commit is contained in:
Râu Cao 2024-12-16 12:04:08 +04:00
parent 31b7ff9217
commit 759e2febf1
Signed by: raucao
GPG Key ID: 37036C356E56CC51
21 changed files with 1407 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
clients/akaunting-1.json Normal file
View File

@ -0,0 +1,4 @@
{
"name": "akaunting-1",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmNpNWJh5DeXDsINDqAt\n5OtcGhnzLtqdILTD8A8KuPxWhoKI0k9xwvuT4yO2DLQqFMPyGefRuQkVsIq2OuU5\npK8B5c79E9MBHxti6mQZw4b/Jhmul+x2LGtOWYjPTDhFYXRsNNDtFDxwpwJGPede\nYts026yExHPhiF35Mt1JxA3TXJfPC8Vx0YGHu/6Ev+1fLmcKhFmhed5yKkA0gwod\nczdyQiCfw3ze9LuS90QmALpFOHHpekZeywemdwyPia207CoTrXsPLWj9KmuUEIQJ\nwL+OlEU2tVA6KaBKpl54n5/tMsccZmlicbNsVpgkk6LctrkNh6Kk+fW9ry3L/Gxg\nAwIDAQAB\n-----END PUBLIC KEY-----\n"
}

31
data_bags/credentials/akaunting.json Normal file
View File

@ -0,0 +1,31 @@
{
"id": "akaunting",
"app_key": {
"encrypted_data": "C7VVGHHrE/ESwtGeODf8zVraayO5uBSXaGR7f4yoj0MDq9WxPujItC3dIkMQ\ngjGzk8fH\n",
"iv": "4+d+RMLeuqaneFBa\n",
"auth_tag": "sBQDUVl6QbL/h9pd0kBQ0g==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"pg_database": {
"encrypted_data": "4mqHsMfDAqPvDmGsWgS9iE63qVeus7diSW8WiA==\n",
"iv": "6Cb1lVUcXBz+GA4u\n",
"auth_tag": "8O3N0m8jGhxs/YacdhgNHA==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"pg_username": {
"encrypted_data": "Nu0wiBhvqUwqC7PL2Qo8otq0b3faJqRsabqp2g==\n",
"iv": "1uA8mJc7itT0qHcx\n",
"auth_tag": "PRWw6LTlFrWs63SDRsovtQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"pg_password": {
"encrypted_data": "oXDKiXQ4aH5M2pVu1sx7dj0awKCORke03fq0uemjIfCMYbM=\n",
"iv": "snPyC8mocevc5kGH\n",
"auth_tag": "9wx4GPSydkYr2WGpZK5HZg==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}

60
data_bags/credentials/akkounts.json
View File

@ -1,72 +1,72 @@
{
"id": "akkounts",
"postgresql_username": {
"encrypted_data": "bDlOkEmhvMgyVzPeTNUzYnzRLf3T9cc0cDxt\n",
"iv": "GCCUoqU5pxQ7fGkv\n",
"auth_tag": "Q7mrSHIBluMe3CGVmoR86Q==\n",
"encrypted_data": "ofLOjxGBj7no+lWrIvtxQQFoeozCh6mpfMTt\n",
"iv": "/CF+o4GqZx2O5WOm\n",
"auth_tag": "bjHXfgNQfXpQ2gucPLrUWA==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"postgresql_password": {
"encrypted_data": "wD0HtdsNe/hl4ZaOy8hyr2k4z8TXQrrSja3KNVE47w==\n",
"iv": "tb5yz8WDer0CsGvJ\n",
"auth_tag": "/+K2anuCff/6M7Pu70Smqw==\n",
"encrypted_data": "f8Jfs4aqIjc6/6/NQlI2Fv8TzSgVmi5g0iYNhh9bAA==\n",
"iv": "vAzrZeUodmu4x5eB\n",
"auth_tag": "vx8eH2SY7I4IkZElXSC1Nw==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"sentry_dsn": {
"encrypted_data": "jCz681x0WVixHYZUb62TO+1cgyJMiJ2UMqWcaztx57yDBOIiKW3oSZjuXdhP\n9WCesfXQF/lgzITZno3IKDqzlKjWgbGLC75y8FLguxidCHI=\n",
"iv": "IRNOzN/hLwg1iqax\n",
"auth_tag": "eg9dWnEK04JDb94e4CFa9Q==\n",
"encrypted_data": "oxW5jGU8DlIp5A9enxBhcJXuKyaZ5HziXq8Zw+Rbvpbv4C/RTGkJkgZdKcH1\nVzW/wNAT8nTK+nEvWgcQ3svjE40ltj2jcOexIRqLbuCClJE=\n",
"iv": "wpW9+VdX5GjocHSl\n",
"auth_tag": "1qrf1kZMrIR7WRiSaRjppQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"rails_master_key": {
"encrypted_data": "nUB77VLRp41rluH7hLBwQqPtnh/HsmfLr2VbcIZHWawL3o2TGuY+mj648f9L\n7XsEpgqY\n",
"iv": "fpdbDitqTRHxEKiv\n",
"auth_tag": "I44fn8Ott3L/Y5LYr56U/Q==\n",
"encrypted_data": "KHVYYH7Nb9/SsoKkYfbjzhFwj3Ioj72hm5pfdCuinf+GQvjKumq99eQTlKdf\nBZM1n0XN\n",
"iv": "x9AQZvw/vCinKQ8k\n",
"auth_tag": "mi0KHHOTBvVNhtvqk38BtQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"discourse_connect_secret": {
"encrypted_data": "ENtMn+1XTVFmdEZw7LU6WGoMbSZY654ggm3vPACGfFgqo6r0LhG60c5OTdqv\nZvT5/Q==\n",
"iv": "bL1BmvRhgxFqSM1P\n",
"auth_tag": "sEBZzGWwwYFHn+4B4SsyCA==\n",
"encrypted_data": "WyLrV0DOsxyafSqyeQVj0BhVwm/0gvWeJLBsAbiqCGphryoYqUByPcum1T6R\n2H44nQ==\n",
"iv": "lUtlJDv6Ieq8Bs5x\n",
"auth_tag": "ku22BlQKw/BhHxuANTF6yg==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"lndhub_admin_token": {
"encrypted_data": "4LPGFoARzI8UYnsJPIk8sax/rAA16pUULEZWn86e2C7L\n",
"iv": "nvjXrOwgfgutwEVw\n",
"auth_tag": "A89RUf1sdcS3FVscNPWYLg==\n",
"encrypted_data": "DQuxQW8ks3sUzyHYEpQVyPg2f/U4/LWeRoCD9225Hd+c\n",
"iv": "mjxYi+YAcKGuurD2\n",
"auth_tag": "8P3bFFNeQ5HQgpXDB5Sk5A==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"btcpay_auth_token": {
"encrypted_data": "ky5iWYF06os0Ek6vIRzWqMTekqJhCOh/Q9DTDIeKhSyk8TnT3O71lCNEt1F5\nXCNq6ux3V6oyHVLWj0o=\n",
"iv": "zk6WnxsY89oNW1F9\n",
"auth_tag": "FAIMXKvQ1T7QKezVSNJbwQ==\n",
"encrypted_data": "3wsY9osaUdX4SvBPfHprNLSbx6/rfI5BfXnDxsc6OET3nGn19qBhH6wgeiwZ\n/dweqdQ25HpbFPygddc=\n",
"iv": "ccouibxktHLlUCQJ\n",
"auth_tag": "pWuRC8O2EAkmztL/9V3now==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"s3_access_key": {
"encrypted_data": "KfhfEGwPjOonlz6rpnNTinXFPqX/sIbqQn/aby0UDi/G/7cvEcOiNcCkfuSz\n",
"iv": "Q3rg06v6K9pUDLDY\n",
"auth_tag": "G5ugdlJ896KtYtObKLclJA==\n",
"encrypted_data": "hJGHa+hEmddtsZ4UncrYBkjRa/2Csqdh79tXpTVxUWbIsYGdlvyadk7C1UCj\n",
"iv": "GlxNdnWiNzmNYthg\n",
"auth_tag": "hlRLkroUN01L7VzQFBU/IA==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"s3_secret_key": {
"encrypted_data": "N8s1OoDrYXHjqSydQA0kY7dd68Aelq4+/cgmJlYfP92u4YA17V4TR7fsvQZL\nkqjuUSClNYPc0XiCwf/5gxVirE9AO6OmmvSV7lUyu4hcEY6unrU=\n",
"iv": "bXzIVWnX6V0P6PRb\n",
"auth_tag": "1EOjCfsX9P6ETjUsgBvBsA==\n",
"encrypted_data": "LKdQJOKIfFIoiF3GvfTs1mg3AI//Aoi8r42zcw8QhEVPB8ONsSf0/vhM037C\nf5nzUk7xwglvTOveqbOM+UTBJF/4oblQfgwFW3VobWUGkJqjtKE=\n",
"iv": "tWTxzK/ccpjlLmQV\n",
"auth_tag": "n2MFkTIquyqz4wqRNdSJcg==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"nostr_private_key": {
"encrypted_data": "Sf8PEyQ0sqcgxddSlIDxLOVzPjOkTFObsYuTgcxkbEV7igrati4e8QVVUEBD\n1yoLJXelp8jlCr28Ectci29jc53gYSMTLSQsw97uYas2R0dGCqQ=\n",
"iv": "+1CIUyvIUOveLrY4\n",
"auth_tag": "GDqS+IuAIfMBmHIeFXaV7A==\n",
"encrypted_data": "CPMeNxzpYMReaQU4+v+EqpVESRsnaYc3a4y7OkHOhtn2gjaNEDERGKvRmlyd\nD6vxKPcIrwTCZ7neJ3YLOVOxPDNv6skqdtMHBwSgl7aBEOrx7tY=\n",
"iv": "AV1on2sw1avmFFuY\n",
"auth_tag": "9rb9qQBKrj5Xja1t+qROKQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
}

66
nodes/akaunting-1.json Normal file
View File

@ -0,0 +1,66 @@
{
"name": "akaunting-1",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.215"
}
},
"automatic": {
"fqdn": "akaunting-1",
"os": "linux",
"os_version": "5.15.0-1069-kvm",
"hostname": "akaunting-1",
"ipaddress": "192.168.122.162",
"roles": [
"base",
"kvm_guest",
"akaunting",
"postgresql_client"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_postgresql::hostsfile",
"kosmos_akaunting",
"kosmos_akaunting::default",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default",
"kosmos-nodejs::default",
"nodejs::nodejs_from_package",
"nodejs::repo"
],
"platform": "ubuntu",
"platform_version": "22.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
}
}
},
"run_list": [
"role[base]",
"role[kvm_guest]",
"role[akaunting]"
]
}

807
nodes/her.json
View File

@ -1,15 +1,818 @@
{
"name": "her",
"chef_environment": "production",
"override": {
"apt": {
"unattended_upgrades": {
"allowed_origins": [
"${distro_id}:${distro_codename}-security",
"${distro_id}:${distro_codename}-updates"
],
"mail": "ops@kosmos.org",
"syslog_enable": true
}
},
"set_fqdn": "*",
"akkounts": {
"btcpay": {
"public_url": "https://btcpay.kosmos.org",
"store_id": "FNJVVsrVkKaduPDAkRVchdegjwzsNhpceAdonCaXAwBX"
},
"ejabberd": {
"admin_url": "https://xmpp.kosmos.org:5443/admin"
},
"lndhub": {
"public_url": "https://lndhub.kosmos.org",
"public_key": "024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946"
},
"nostr": {
"public_key": "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a"
}
},
"discourse": {
"domain": "community.kosmos.org"
},
"droneci": {
"public_url": "https://drone.kosmos.org"
},
"ejabberd": {
"turn_domain": "turn.kosmos.org"
},
"email": {
"domain": "kosmos.org",
"hostname": "mail.kosmos.org",
"report_contact": "abuse@kosmos.org",
"virtual_aliases": {
"admin@kosmos.org": "ops@kosmos.org",
"ops@kosmos.org": "ops@5apps.com",
"webmaster": "mail@kosmos.org",
"hostmaster@kosmos.org": "mail@kosmos.org",
"postmaster@kosmos.org": "mail@kosmos.org",
"abuse@kosmos.org": "mail@kosmos.org",
"mail@kosmos.org": "foundation@kosmos.org"
}
},
"garage": {
"replication_mode": "2",
"s3_api_root_domain": "s3.kosmos.org",
"s3_web_root_domain": "web.s3.kosmos.org",
"s3_web_domains": [
"media.kosmos.chat",
"s3.accounts.kosmos.org",
"s3.community.kosmos.org",
"s3.kosmos.social"
],
"xmpp_upload_bucket": "kosmos-xmpp-uploads"
},
"gitea": {
"domain": "gitea.kosmos.org",
"postgresql_host": "pg.kosmos.local:5432",
"config": {
"storage": {
"type": "minio",
"endpoint": "localhost:3900",
"location": "garage",
"use_ssl": "false"
}
}
},
"kosmos_kvm": {
"backup": {
"nodes_excluded": [
"garage-",
"lq-",
"rsk-",
"postgres-6"
]
}
},
"kosmos-mastodon": {
"domain": "kosmos.social",
"user_address_domain": "kosmos.social",
"s3_endpoint": "http://localhost:3900",
"s3_region": "garage",
"s3_bucket": "kosmos-social",
"s3_alias_host": "s3.kosmos.social",
"libre_translate_endpoint": "http://127.0.0.1:5000",
"alternate_domains": [
"mastodon.w7nooprauv6yrnhzh2ajpcnj3doinked2aaztlwfyt6u6pva2qdxqhid.onion"
]
},
"liquor-cabinet": {
"ufw_source_allowed": "10.1.1.0/24",
"redis_port": 6379,
"redis_db": 1,
"s3_endpoint": "http://localhost:3900",
"s3_region": "garage",
"s3_bucket": "rs-kosmos",
"domain": "storage.kosmos.org",
"root_redirect_url": "https://accounts.kosmos.org"
},
"mediawiki": {
"url": "https://wiki.kosmos.org"
},
"sentry": {
"allowed_ips": "10.1.1.0/24"
}
},
"normal": {
"knife_zero": {
"host": "10.1.1.222"
}
},
"default": {
"audit": {
"inspec_backend_cache": true,
"reporter": null,
"fetcher": null,
"insecure": null,
"quiet": true,
"profiles": {
},
"inputs": {
},
"attributes": {
},
"waiver_file": null,
"json_file": {
"location": "/var/chef/compliance_reports/compliance-20241213130159.json"
},
"run_time_limit": 1.0,
"result_message_limit": 10000,
"result_include_backtrace": false,
"control_results_limit": 50,
"chef_node_attribute_enabled": true,
"compliance_phase": false,
"interval": {
"enabled": false,
"time": 1440
}
},
"apt": {
"cacher_dir": "/var/cache/apt-cacher-ng",
"cacher_interface": null,
"cacher_port": 3142,
"compiletime": false,
"compile_time_update": false,
"key_proxy": "",
"periodic_update_min_delay": 86400,
"launchpad_api_version": "1.0",
"unattended_upgrades": {
"enable": false,
"update_package_lists": true,
"allowed_origins": [
"Ubuntu jammy"
],
"origins_patterns": [
],
"package_blacklist": [
],
"auto_fix_interrupted_dpkg": false,
"minimal_steps": false,
"install_on_shutdown": false,
"mail": null,
"sender": null,
"mail_only_on_error": true,
"remove_unused_dependencies": false,
"automatic_reboot": false,
"automatic_reboot_time": "now",
"dl_limit": null,
"random_sleep": null,
"syslog_enable": false,
"syslog_facility": "daemon",
"dpkg_options": [
]
},
"cacher_client": {
"cacher_server": {
}
},
"confd": {
"force_confask": false,
"force_confdef": false,
"force_confmiss": false,
"force_confnew": false,
"force_confold": false,
"install_recommends": true,
"install_suggests": false
}
},
"firewall": {
"allow_ssh": false,
"allow_winrm": false,
"allow_mosh": false,
"allow_loopback": false,
"allow_icmp": false,
"firewalld": {
"permanent": false
},
"iptables": {
"defaults": {
"policy": {
"input": "DROP",
"forward": "DROP",
"output": "ACCEPT"
},
"ruleset": {
"*filter": 1,
":INPUT DROP": 2,
":FORWARD DROP": 3,
":OUTPUT ACCEPT": 4,
"COMMIT_FILTER": 100
}
}
},
"ubuntu_iptables": false,
"redhat7_iptables": false,
"allow_established": true,
"ipv6_enabled": true,
"ufw": {
"defaults": {
"ipv6": "yes",
"manage_builtins": "no",
"ipt_sysctl": "/etc/ufw/sysctl.conf",
"ipt_modules": "nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns",
"policy": {
"input": "DROP",
"output": "ACCEPT",
"forward": "DROP",
"application": "SKIP"
}
}
},
"windows": {
"defaults": {
"policy": {
"input": "blockinbound",
"output": "allowoutbound"
}
}
}
},
"hostsfile": {
"path": null
},
"hostname_cookbook": {
"hostsfile_ip": "127.0.1.1",
"hostsfile_aliases": [
],
"hostsfile_include_hostname_in_aliases": true,
"append_hostsfile_ip": true
},
"postfix": {
"packages": [
"postfix"
],
"mail_type": "client",
"relayhost_role": "relayhost",
"relayhost_port": "25",
"multi_environment_relay": false,
"use_procmail": false,
"use_alias_maps": false,
"use_transport_maps": false,
"use_access_maps": false,
"use_virtual_aliases": false,
"use_virtual_aliases_domains": false,
"use_relay_restrictions_maps": false,
"transports": {
},
"access": {
},
"virtual_aliases": {
},
"virtual_aliases_domains": {
},
"main_template_source": "postfix",
"master_template_source": "postfix",
"sender_canonical_map_entries": {
},
"smtp_generic_map_entries": {
},
"recipient_canonical_map_entries": {
},
"access_db_type": "hash",
"aliases_db_type": "hash",
"transport_db_type": "hash",
"virtual_alias_db_type": "hash",
"virtual_alias_domains_db_type": "hash",
"conf_dir": "/etc/postfix",
"aliases_db": "/etc/aliases",
"transport_db": "/etc/postfix/transport",
"access_db": "/etc/postfix/access",
"virtual_alias_db": "/etc/postfix/virtual",
"virtual_alias_domains_db": "/etc/postfix/virtual_domains",
"relay_restrictions_db": "/etc/postfix/relay_restrictions",
"main": {
"biff": "no",
"append_dot_mydomain": "no",
"myhostname": "her",
"mydomain": "her",
"myorigin": "$myhostname",
"mydestination": [
"her",
"her",
"localhost.localdomain",
"localhost"
],
"smtpd_use_tls": "yes",
"smtp_use_tls": "yes",
"smtpd_tls_mandatory_protocols": "!SSLv2,!SSLv3",
"smtp_tls_mandatory_protocols": "!SSLv2,!SSLv3",
"smtpd_tls_protocols": "!SSLv2,!SSLv3",
"smtp_tls_protocols": "!SSLv2,!SSLv3",
"smtp_sasl_auth_enable": "yes",
"mailbox_size_limit": 0,
"mynetworks": null,
"inet_interfaces": "loopback-only",
"smtp_tls_CAfile": "/etc/ssl/certs/ca-certificates.crt",
"smtpd_tls_CAfile": "/etc/ssl/certs/ca-certificates.crt",
"relayhost": "smtp.mailgun.org:587",
"smtp_sasl_password_maps": "hash:/etc/postfix/sasl_passwd",
"smtp_sasl_security_options": "noanonymous",
"smtpd_tls_cert_file": "/etc/ssl/certs/ssl-cert-snakeoil.pem",
"smtpd_tls_key_file": "/etc/ssl/private/ssl-cert-snakeoil.key",
"smtpd_tls_session_cache_database": "btree:${data_directory}/smtpd_scache",
"smtp_tls_session_cache_database": "btree:${data_directory}/smtp_scache",
"maildrop_destination_recipient_limit": 1,
"cyrus_destination_recipient_limit": 1
},
"cafile": "/etc/ssl/certs/ca-certificates.crt",
"master": {
"smtp": {
"active": true,
"order": 10,
"type": "inet",
"private": false,
"chroot": false,
"command": "smtpd",
"args": [
]
},
"submission": {
"active": false,
"order": 20,
"type": "inet",
"private": false,
"chroot": false,
"command": "smtpd",
"args": [
"-o smtpd_enforce_tls=yes",
" -o smtpd_sasl_auth_enable=yes",
"-o smtpd_client_restrictions=permit_sasl_authenticated,reject"
]
},
"smtps": {
"active": false,
"order": 30,
"type": "inet",
"private": false,
"chroot": false,
"command": "smtpd",
"args": [
"-o smtpd_tls_wrappermode=yes",
"-o smtpd_sasl_auth_enable=yes",
"-o smtpd_client_restrictions=permit_sasl_authenticated,reject"
]
},
"628": {
"active": false,
"order": 40,
"type": "inet",
"private": false,
"chroot": false,
"command": "qmqpdd",
"args": [
]
},
"pickup": {
"active": true,
"order": 50,
"type": "fifo",
"private": false,
"chroot": false,
"wakeup": "60",
"maxproc": "1",
"command": "pickup",
"args": [
]
},
"cleanup": {
"active": true,
"order": 60,
"type": "unix",
"private": false,
"chroot": false,
"maxproc": "0",
"command": "cleanup",
"args": [
]
},
"qmgr": {
"active": true,
"order": 70,
"type": "fifo",
"private": false,
"chroot": false,
"wakeup": "300",
"maxproc": "1",
"command": "qmgr",
"args": [
]
},
"tlsmgr": {
"active": true,
"order": 80,
"type": "unix",
"chroot": false,
"wakeup": "1000?",
"maxproc": "1",
"command": "tlsmgr",
"args": [
]
},
"rewrite": {
"active": true,
"order": 90,
"type": "unix",
"chroot": false,
"command": "trivial-rewrite",
"args": [
]
},
"bounce": {
"active": true,
"order": 100,
"type": "unix",
"chroot": false,
"maxproc": "0",
"command": "bounce",
"args": [
]
},
"defer": {
"active": true,
"order": 110,
"type": "unix",
"chroot": false,
"maxproc": "0",
"command": "bounce",
"args": [
]
},
"trace": {
"active": true,
"order": 120,
"type": "unix",
"chroot": false,
"maxproc": "0",
"command": "bounce",
"args": [
]
},
"verify": {
"active": true,
"order": 130,
"type": "unix",
"chroot": false,
"maxproc": "1",
"command": "verify",
"args": [
]
},
"flush": {
"active": true,
"order": 140,
"type": "unix",
"private": false,
"chroot": false,
"wakeup": "1000?",
"maxproc": "0",
"command": "flush",
"args": [
]
},
"proxymap": {
"active": true,
"order": 150,
"type": "unix",
"chroot": false,
"command": "proxymap",
"args": [
]
},
"smtpunix": {
"service": "smtp",
"active": true,
"order": 160,
"type": "unix",
"chroot": false,
"maxproc": "500",
"command": "smtp",
"args": [
]
},
"relay": {
"active": true,
"comment": "When relaying mail as backup MX, disable fallback_relay to avoid MX loops",
"order": 170,
"type": "unix",
"chroot": false,
"command": "smtp",
"args": [
"-o smtp_fallback_relay="
]
},
"showq": {
"active": true,
"order": 180,
"type": "unix",
"private": false,
"chroot": false,
"command": "showq",
"args": [
]
},
"error": {
"active": true,
"order": 190,
"type": "unix",
"chroot": false,
"command": "error",
"args": [
]
},
"discard": {
"active": true,
"order": 200,
"type": "unix",
"chroot": false,
"command": "discard",
"args": [
]
},
"local": {
"active": true,
"order": 210,
"type": "unix",
"unpriv": false,
"chroot": false,
"command": "local",
"args": [
]
},
"virtual": {
"active": true,
"order": 220,
"type": "unix",
"unpriv": false,
"chroot": false,
"command": "virtual",
"args": [
]
},
"lmtp": {
"active": true,
"order": 230,
"type": "unix",
"chroot": false,
"command": "lmtp",
"args": [
]
},
"anvil": {
"active": true,
"order": 240,
"type": "unix",
"chroot": false,
"maxproc": "1",
"command": "anvil",
"args": [
]
},
"scache": {
"active": true,
"order": 250,
"type": "unix",
"chroot": false,
"maxproc": "1",
"command": "scache",
"args": [
]
},
"maildrop": {
"active": true,
"comment": "See the Postfix MAILDROP_README file for details. To main.cf will be added: maildrop_destination_recipient_limit=1",
"order": 510,
"type": "unix",
"unpriv": false,
"chroot": false,
"command": "pipe",
"args": [
"flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}"
]
},
"old-cyrus": {
"active": false,
"comment": "The Cyrus deliver program has changed incompatibly, multiple times.",
"order": 520,
"type": "unix",
"unpriv": false,
"chroot": false,
"command": "pipe",
"args": [
"flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}"
]
},
"cyrus": {
"active": true,
"comment": "Cyrus 2.1.5 (Amos Gouaux). To main.cf will be added: cyrus_destination_recipient_limit=1",
"order": 530,
"type": "unix",
"unpriv": false,
"chroot": false,
"command": "pipe",
"args": [
"user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}"
]
},
"uucp": {
"active": true,
"comment": "See the Postfix UUCP_README file for configuration details.",
"order": 540,
"type": "unix",
"unpriv": false,
"chroot": false,
"command": "pipe",
"args": [
"flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)"
]
},
"ifmail": {
"active": false,
"order": 550,
"type": "unix",
"unpriv": false,
"chroot": false,
"command": "pipe",
"args": [
"flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)"
]
},
"bsmtp": {
"active": true,
"order": 560,
"type": "unix",
"unpriv": false,
"chroot": false,
"command": "pipe",
"args": [
"flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient"
]
}
},
"aliases": {
},
"sasl": {
"smtp_sasl_user_name": "postmaster@mg.kosmos.org",
"smtp_sasl_passwd": "f5a3ba8e20e01b6f2cca83b28d8cd2a6-c30053db-fc52c414"
},
"sasl_password_file": "/etc/postfix/sasl_passwd"
},
"ntp": {
"servers": [
"0.pool.ntp.org",
"1.pool.ntp.org",
"2.pool.ntp.org",
"3.pool.ntp.org"
],
"peers": [
],
"restrictions": [
],
"tinker": {
"panic": 1000,
"allan": 1500,
"dispersion": 15,
"step": 0.128,
"stepout": 900
},
"restrict_default": "kod notrap nomodify nopeer noquery",
"packages": [
"ntp"
],
"service": "ntp",
"varlibdir": "/var/lib/ntp",
"driftfile": "/var/lib/ntp/ntp.drift",
"logfile": null,
"conffile": "/etc/ntp.conf",
"statsdir": "/var/log/ntpstats/",
"conf_owner": "root",
"conf_group": "root",
"var_owner": "ntp",
"var_group": "ntp",
"leapfile": "/etc/ntp.leapseconds",
"sync_clock": false,
"sync_hw_clock": false,
"listen": null,
"listen_network": null,
"ignore": null,
"apparmor_enabled": true,
"monitor": false,
"statistics": true,
"conf_restart_immediate": false,
"keys": null,
"trustedkey": null,
"requestkey": null,
"disable_tinker_panic_on_virtualization_guest": true,
"peer": {
"key": null,
"use_iburst": true,
"use_burst": false,
"minpoll": 6,
"maxpoll": 10
},
"server": {
"prefer": "",
"use_iburst": true,
"use_burst": false,
"minpoll": 6,
"maxpoll": 10
},
"orphan": {
"enabled": false,
"stratum": 5
},
"localhost": {
"noquery": false
},
"use_cmos": true
},
"timezone_iii": {
"timezone": "Etc/UTC",
"tzdata_dir": "/usr/share/zoneinfo",
"localtime_path": "/etc/localtime",
"use_symlink": false
},
"kosmos_kvm": {
"host": {
"qemu_base_image": {
"url": "https://cloud-images.ubuntu.com/releases/jammy/release-20240514/ubuntu-22.04-server-cloudimg-amd64-disk-kvm.img",
"checksum": "2e7698b3ebd7caead06b08bd3ece241e6ce294a6db01f92ea12bcb56d6972c3f",
"path": "/var/lib/libvirt/images/base/ubuntu-22.04-server-cloudimg-amd64-disk-kvm-20240514.qcow2"
}
},
"backup": {
"schedule": "0/3:00",
"nodes_excluded": [
]
}
}
},
"automatic": {
"fqdn": "her",
"os": "linux",
"os_version": "5.15.0-84-generic",
"os_version": "5.15.0-101-generic",
"hostname": "her",
"ipaddress": "192.168.30.172",
"roles": [
@ -55,4 +858,4 @@
"role[base]",
"role[kvm_host]"
]
}
}

1
nodes/postgres-6.json
View File

@ -22,6 +22,7 @@
"kosmos_kvm::guest",
"kosmos_postgresql::primary",
"kosmos_postgresql::firewall",
"kosmos_akaunting::pg_db",
"kosmos-bitcoin::lndhub-go_pg_db",
"kosmos-bitcoin::nbxplorer_pg_db",
"kosmos_drone::pg_db",

6
roles/akaunting.rb Normal file
View File

@ -0,0 +1,6 @@
name "akaunting"
run_list %w[
role[postgresql_client]
kosmos_akaunting::default
]

1
roles/postgresql_primary.rb
View File

@ -3,6 +3,7 @@ name "postgresql_primary"
run_list %w(
kosmos_postgresql::primary
kosmos_postgresql::firewall
kosmos_akaunting::pg_db
kosmos-bitcoin::lndhub-go_pg_db
kosmos-bitcoin::nbxplorer_pg_db
kosmos_drone::pg_db

25
site-cookbooks/kosmos_akaunting/.gitignore vendored Normal file
View File

@ -0,0 +1,25 @@
.vagrant
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Bundler
Gemfile.lock
gems.locked
bin/*
.bundle/*
# test kitchen
.kitchen/
kitchen.local.yml
# Chef Infra
Berksfile.lock
.zero-knife.rb
Policyfile.lock.json
.idea/

16
site-cookbooks/kosmos_akaunting/Policyfile.rb Normal file
View File

@ -0,0 +1,16 @@
# Policyfile.rb - Describe how you want Chef Infra Client to build your system.
#
# For more information on the Policyfile feature, visit
# https://docs.chef.io/policyfile/
# A name that describes what the system you're building with Chef does.
name 'kosmos_akaunting'
# Where to find external cookbooks:
default_source :supermarket
# run_list: chef-client will run these recipes in the order specified.
run_list 'kosmos_akaunting::default'
# Specify a custom source for a single cookbook:
cookbook 'kosmos_akaunting', path: '.'

4
site-cookbooks/kosmos_akaunting/README.md Normal file
View File

@ -0,0 +1,4 @@
# kosmos_akaunting
TODO: Enter the cookbook description here.

5
site-cookbooks/kosmos_akaunting/attributes/default.rb Normal file
View File

@ -0,0 +1,5 @@
node.default["akaunting"]["user"] = "deploy"
node.default["akaunting"]["group"] = "www-data"
node.default["akaunting"]["repo"] = "https://github.com/akaunting/akaunting.git"
node.default["akaunting"]["revision"] = "3.1.12"
node.default["akaunting"]["port"] = 80

115
site-cookbooks/kosmos_akaunting/chefignore Normal file
View File

@ -0,0 +1,115 @@
# Put files/directories that should be ignored in this file when uploading
# to a Chef Infra Server or Supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
ehthumbs.db
Icon?
nohup.out
Thumbs.db
.envrc
# EDITORS #
###########
.#*
.project
.settings
*_flymake
*_flymake.*
*.bak
*.sw[a-z]
*.tmproj
*~
\#*
REVISION
TAGS*
tmtags
.vscode
.editorconfig
## COMPILED ##
##############
*.class
*.com
*.dll
*.exe
*.o
*.pyc
*.so
*/rdoc/
a.out
mkmf.log
# Testing #
###########
.circleci/*
.codeclimate.yml
.delivery/*
.foodcritic
.kitchen*
.mdlrc
.overcommit.yml
.rspec
.rubocop.yml
.travis.yml
.watchr
.yamllint
azure-pipelines.yml
Dangerfile
examples/*
features/*
Guardfile
kitchen.yml*
mlc_config.json
Procfile
Rakefile
spec/*
test/*
# SCM #
#######
.git
.gitattributes
.gitconfig
.github/*
.gitignore
.gitkeep
.gitmodules
.svn
*/.bzr/*
*/.git
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
Gemfile
Gemfile.lock
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Documentation #
#############
CODE_OF_CONDUCT*
CONTRIBUTING*
documentation/*
TESTING*
UPGRADING*
# Vagrant #
###########
.vagrant
Vagrantfile

31
site-cookbooks/kosmos_akaunting/kitchen.yml Normal file
View File

@ -0,0 +1,31 @@
---
driver:
name: vagrant
## The forwarded_port port feature lets you connect to ports on the VM guest
## via localhost on the host.
## see also: https://www.vagrantup.com/docs/networking/forwarded_ports
# network:
# - ["forwarded_port", {guest: 80, host: 8080}]
provisioner:
name: chef_zero
## product_name and product_version specifies a specific Chef product and version to install.
## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/
# product_name: chef
# product_version: 17
verifier:
name: inspec
platforms:
- name: ubuntu-20.04
- name: centos-8
suites:
- name: default
verifier:
inspec_tests:
- test/integration/default

9
site-cookbooks/kosmos_akaunting/metadata.rb Normal file
View File

@ -0,0 +1,9 @@
name 'kosmos_akaunting'
maintainer 'Kosmos Developers'
maintainer_email 'mail@kosmos.org'
license 'MIT'
description 'Installs/configures akaunting for Kosmos'
version '0.1.0'
chef_version '>= 18.0'
depends 'kosmos-nodejs'

148
site-cookbooks/kosmos_akaunting/recipes/default.rb Normal file
View File

@ -0,0 +1,148 @@
#
# Cookbook:: kosmos_akaunting
# Recipe:: default
#
app_name = "akaunting"
deploy_user = node["akaunting"]["user"]
deploy_group = node["akaunting"]["group"]
deploy_path = "/opt/#{app_name}"
credentials = data_bag_item("credentials", "akaunting")
pg_host = search(:node, "role:postgresql_primary").first["knife_zero"]["host"] rescue "localhost"
env = {
app_name: "Akaunting",
app_env: "production",
app_locale: "en-US",
app_installed: "true",
app_key: credentials["app_key"],
app_debug: "true",
app_schedule_time: "\"09:00\"",
app_url: "http://akaunting.kosmos.org",
db_connection: "pgsql",
db_host: pg_host,
db_port: "5432",
db_database: credentials["pg_database"],
db_username: credentials["pg_username"],
db_password: credentials["pg_password"],
log_level: "debug"
# mail_mailer: "mail",
# mail_host: "localhost",
# mail_port: "2525",
# mail_username: "null",
# mail_password: "null",
# mail_encryption: "null",
# mail_from_name: "null",
# mail_from_address: "null",
}
%w[
unzip nginx php8.1 php8.1-cli php8.1-bcmath php8.1-ctype php8.1-curl
php8.1-dom php8.1-fileinfo php8.1-intl php8.1-fpm php8.1-gd php8.1-mbstring
php8.1-pdo php8.1-pgsql php8.1-tokenizer php8.1-xml php8.1-zip
].each do |pkg|
package pkg
end
# TODO install composer
node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_18.x"
include_recipe "kosmos-nodejs"
group deploy_group
user deploy_user do
group deploy_group
manage_home true
shell "/bin/bash"
end
directory deploy_path do
owner deploy_user
group deploy_group
mode "0775"
end
git deploy_path do
repository node[app_name]["repo"]
revision node[app_name]["revision"]
user deploy_user
group deploy_group
action :sync
notifies :run, "execute[composer_install]", :immediately
notifies :run, "execute[npm_install]", :immediately
notifies :restart, "service[php8.1-fpm]", :delayed
end
execute "composer_install" do
user deploy_user
cwd deploy_path
command "composer install"
action :nothing
end
execute "npm_install" do
user deploy_user
cwd deploy_path
command "npm install"
action :nothing
notifies :run, "execute[compile_assets]", :immediately
end
execute "compile_assets" do
user deploy_user
cwd deploy_path
command "npm run prod"
action :nothing
end
execute "set_storage_permissions" do
command "chown -R www-data:www-data #{deploy_path}/storage"
end
template "#{deploy_path}/.env" do
source 'env.erb'
owner deploy_user
group deploy_group
mode 0660
sensitive true
variables config: env
notifies :restart, "service[php8.1-fpm]", :delayed
end
template "/etc/nginx/sites-available/default" do
source 'nginx-local.conf.erb'
owner deploy_user
group deploy_group
mode 0660
variables deploy_path: deploy_path,
port: node["akaunting"]["port"]
notifies :restart, "service[nginx]", :delayed
end
# template "/etc/php/8.1/fpm/pool.d/akaunting.conf" do
# source 'php-fpm.pool.erb'
# owner deploy_user
# group deploy_group
# mode 0600
# variables user: deploy_user,
# group: deploy_group,
# chdir: deploy_path,
# port: node["akaunting"]["port"]
# notifies :restart, "service[php8.1-fpm]", :delayed
# end
service "php8.1-fpm" do
action [:enable, :start]
end
service "nginx" do
action [:enable, :start]
end
firewall_rule "akaunting_zerotier" do
command :allow
port node["akaunting"]["port"]
protocol :tcp
source "10.1.1.0/24"
end

16
site-cookbooks/kosmos_akaunting/recipes/pg_db.rb Normal file
View File

@ -0,0 +1,16 @@
#
# Cookbook:: kosmos_akaunting
# Recipe:: pg_db
#
credentials = data_bag_item("credentials", "akaunting")
postgresql_user credentials["pg_username"] do
action :create
password credentials["pg_password"]
end
postgresql_database credentials["pg_database"] do
owner credentials["pg_username"]
action :create
end

11
site-cookbooks/kosmos_akaunting/templates/env.erb Normal file
View File

@ -0,0 +1,11 @@
<% @config.each do |key, value| %>
<% if value.is_a?(Hash) %>
<% value.each do |k, v| %>
<%= "#{key.upcase}_#{k.upcase}" %>=<%= v.to_s %>
<% end %>
<% else %>
<% if value %>
<%= key.upcase %>=<%= value.to_s %>
<% end %>
<% end %>
<% end %>

49
site-cookbooks/kosmos_akaunting/templates/nginx-local.conf.erb Normal file
View File

@ -0,0 +1,49 @@
server {
listen 80 default_server;
server_name akaunting.kosmos.org;
root <%= @deploy_path %>;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# Prevent Direct Access To Protected Files
location ~ \.(env|log) {
deny all;
}
# Prevent Direct Access To Protected Folders
location ~ ^/(^app$|bootstrap|config|database|overrides|resources|routes|storage|tests|artisan) {
deny all;
}
# Prevent Direct Access To modules/vendor Folders Except Assets
location ~ ^/(modules|vendor)\/(.*)\.((?!ico|gif|jpg|jpeg|png|js\b|css|less|sass|font|woff|woff2|eot|ttf|svg|xls|xlsx).)*$ {
deny all;
}
error_page 404 /index.php;
# Pass PHP Scripts To FastCGI Server
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; # Depends On The PHP Version
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}

18
site-cookbooks/kosmos_akaunting/templates/php-fpm.pool.erb Normal file
View File

@ -0,0 +1,18 @@
[akaunting]
user = <%= @user %>
group = <%= @group %>
listen = 0.0.0.0:<%= @port %>
listen.owner = <%= @user %>
listen.group = <%= @group %>
listen.mode = 0660
pm = dynamic
pm.max_children = 10
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 6
pm.max_requests = 500
chdir = <%= @chdir %>
catch_workers_output = yes
php_admin_flag[log_errors] = on

16
site-cookbooks/kosmos_akaunting/test/integration/default/default_test.rb Normal file
View File

@ -0,0 +1,16 @@
# Chef InSpec test for recipe kosmos_akaunting::default
# The Chef InSpec reference, with examples and extensive documentation, can be
# found at https://docs.chef.io/inspec/resources/
unless os.windows?
# This is an example test, replace with your own test.
describe user('root'), :skip do
it { should exist }
end
end
# This is an example test, replace it with your own test.
describe port(80), :skip do
it { should_not be_listening }
end