kosmos/chef
kosmos
/
chef
8
3
Fork 0
Code Issues 34 Pull Requests 1 Projects 1 Activity

Merge pull request 'Set up live backups for all VMs' (#433) from feature/qemu_snapshots into master 

Reviewed-on: #433
This commit is contained in:
Greg 2022-10-22 11:52:26 +00:00
parent 895d293899 33ae6befaa
commit 945283738a
34 changed files with 346 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.chef/config.rb
View File

@ -25,6 +25,9 @@ knife[:automatic_attribute_whitelist] = %w[
cloud_v2
chef_packages
]
knife[:default_attribute_whitelist] = []
knife[:normal_attribute_whitelist] = ['knife_zero','kosmos-ejabberd']
knife[:normal_attribute_whitelist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd']
knife[:override_attribute_whitelist] = []
knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd']

4
clients/jitsi-meet-1.json Normal file
View File

@ -0,0 +1,4 @@
{
"name": "jitsi-meet-1",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNMD7N7s+JZM6PLlcrKN\n4jnr0jB5kU+Gr8EHtdpaBDGN5x8BahAkMuXcWfMQj4xIvUhTY4tTvDDYgcJGbrY4\ncmmt/YLX4t/OR6g2JxzIRWDBITTTlX7h5QUg10irjfPsyaU9O7lChDk4M3j5J4c2\nZFlZAar1+CeC5nwcEtNg4nL36I6bxUL5e/rEeeUGCGuqn3tAQ+GXj1G4uJYI18JQ\nhv43nIqbF+oVe5iRy58rXILd+zmbOq87cnF8O2ode44jRwtH4K0+uHTmq+83Q8Ld\n3wBZTnrQEnUDm6IuFuWfYhvNGlXAJrcmoH/wA1B5IAcuF3vhw9JY9axy+GDFszOX\nxwIDAQAB\n-----END PUBLIC KEY-----\n"
}

24
data_bags/credentials/borg.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "borg",
"ssh_key": {
"encrypted_data": "znPXuD/hMY4+1eihuSx1sB/QKohd92B8/TkZd5g+J+uH1yedbeKosc+q7fJT\njlFy0ebySS5URB1O5ij4/YbulnhcNhYb5/ozf6GnhBl2VlmQD0fdE+NlSlGf\nB6nM+qbvtR9V2sAtaVaugILHy4jD/y1jBnh3VyoKtiLG9WrPe1Q5gwTxEDLi\nn7qpcamZt1D5QB+6kMpVqAmL4oV0oFervfrRcf1QyR0vriwdAMz2+iuQ6/Cq\nyRSDkuaGChrX3W8hd+WkaQaU3ak6A2Ih9iO8MIa9j75FpzCDnBl0A1WLvzeC\ngILDFT0J1eSnDhAZfpOPZxCkaGB6ueop1BwWGhtmDZns1IdKccKRhK56i7BC\nGaJv8nDYxmSq90RYZdhnmbVPCyNrbcj+Pkun+N/us7WE2mYZZTXXy0CE1WMC\n0xglisNS06ODTToD8dmv3wLqeS4yk0Ws9JypWxjUS0NGc9k/uGa5MGIBxJfm\nsi4X0ZaoxMPHmNnOCMMIC0MQE82tBtA3tM2mxd6rohgtdtpo9cxsKWW2Pu3O\nW6Wq/A3d4X/9+LbjQKe48gqCeuZXanJxniBtdm2Z08Yi30/lQRwhauGXP1FT\nyot2FVZLLdTHaDHdcaUjU8A/NJsS+DRPWT8xAk1w1jVPytQMZUrPUYbjPXTu\nhqj24Qyyxb836y23hVCNrrRJg35Mb/mHy8LEbxJ1cxoekAR8d5r+yR5UF72j\nDLg+7fEqzIoSqjFB5Ho2hemTzajxwD2d+FATxQN7C+T1LBenDE/cw0HTKV/H\nnjPvb+bLfhCVb0xdkTlFlnF4WUn32tEQhTGrXefQcSV94Go75MoegIflwNo4\nnOsEOeD9VSwRKqsJ82pjRFaGr7HovakeqE/itruvEKGKn+53Sc9xVRgnyve7\nsQ0vdbVSsH6dBQJYDgSUdNNU9PXbqRqbk3CqFpQAEaxoy6mE9oPK89Mdx9mF\no9B8G291d1GvaOSvJjvlzlWmqUCYhQLR+HTeHf+5gp1dSJRlL3b55m1x7PCC\nB4Ma6XLo9gdF/XXGfZE98vg/MJ5w0JjLYouU/v8BaHNWdrxo5MEoky246LmL\ntLY57TbfGu8HTmvScir43hevIC4JqDHJhUQrz3vmd1yFcUBgWIqEYv6guU8K\nW9cYS+LBwbKDg7uXOx93P5pgPzMZbS0aBPt0QCwIwGmhQTPba+WWh6rPwNkl\nV4HRG0TgFJ8skgKWLhEMOYC02KRT/ve+OJ1LawqIK5BsMK81KoX2Drf7Oyba\nOkekMHsA9T6woSjIBTouKIz8r09vkJe9W/0pN7Y/NtE+y+FuZlKC1peafc3x\nE4ZhNotHtyAydsB6NgxpjkBNxUsVe+DlTyGCzEis/pG2XREUniiqd5DhbPKM\nH9EkXiRrtvrmD792ca8lGfMYTNOcoLD1vRlzFmHCjE7NOKAZ4lEwZWEGnxwp\nIEJFCScdPmDxK0uqMw2DaEjlAVblg1EOcs1xG4JwOcY/aWkuslp2MrmOIh7a\nSUdlr+SBi7faEMIslG24s3noDD4DFU5CQSb0ErH6j02VsUi90QYrm9XCkfEl\n2OcbvC9KICmKEj1mxvTQLBALtyTJGXIOzPbxp/Dw2a9o/WnsWDaXhTcLGqdu\nNn3ghESEb1G+pYHJa7lJ62RSQTpRp19gpdUS8SRhqwUkceFCnuuFST3SmspU\ngpjY8xsRZ3h9fzI/ob1nan5pXnzZCf76X7bGL3DqNlpq1SkdGI5NaN7ko42u\nkPafYy6MiAU6lYvg4G4pobJu8qnGcX9Wuf4K2Jl7niOQTUDIwjyrd+1uI9S2\nn5rLmwhQFxPrT/FuLg3nYAohrnAuMDXFQ13XO0q9smaSZDXPheGdTxT4HRTE\nkN1oAvvmhtVbBqNbKBY09Dn1khiUa3mIineJ6wuKS1buiTDlLGiSPAXhaJRB\naplbJLGjtBXSGiAuxHEb2l/G/kIa71R7Vc7h2fYzAXFbPhApllEof43cZVtM\n9kN1m2bshbAG2boD51jb9P4C9H73ICJXGDAUVvScgYAIs4YnCVFIPdmU6dP+\nd4yZTM9bxuezUI2sj6cpWcq8H9+skZjRY+J2vKH/twAaWcnxLUxKfLuUAWNy\nH63iRIAhaWfl3k6dhPbYFnsxrrch99NuMTAEyE5vykiCMg8WlCmittteGyIq\nfOs9eFaoNRkf4Qh5IrOUoPhXO/8Jw7eY3aK2bQvGuutlfxOYsFJWjK3qT7RQ\nAeyv639jDn1W3vvOlFX5+Xx8R5IZLVdElAe39y6rgw27pMZT+IJew/j5EF2j\nsinxUvARi98wW+NP8WXV5CMFXh2JnmxfTLvdsWHJlB/XyktIiJE4KaHlNIaV\nxLdKmarS3hS31DQmpB2LDGPp8QFyV9kY0gvE282A1Fs0w01pByKDcMmvr3pD\nHh40DfYt4ZTJGnLP69IKt3328KEeMlHqns22zZuAidMus1o6k4YkF1WNpZn2\nSdXVG0hcdnvRC4qKdVv+TBFuPSy68cdwPeHs612hcezoHi2pbTkM2YKDJ75m\nvqaBzdpSDcuKVovuwBt3/guHoLD2ipRM0EfZ208aKiuOuYXwGD3PPm5WKUvd\nBSiZw7p37QY6zYh0/bTN2FumftYWz7mrZL4pFIcd8m/tSlU537+TnCbPm1KT\nWFVFBonxsyhHnZC4X0YQQTZ0V9TKCGWdVUgRxZwwQ/0acxFe1j1bqVnDBxR6\nH98xnEPvEh6bHpHujwcdCKTN4AbIJcFVKuCyvl/OtzMBjUXVKOAZcRS42TvY\nkhzQXiOOKqoE29aNDtQ/VRC8s1aN6L6xCorlCcBBurMcmDdJy+r4YUrNqmEA\nZQwFecRXxwzguk6GR3m8RzY1iDRSqm+yCMqjWKx6eycV91izjXbueT45g3Hn\nSqw2cw6rowGZUEcP3vRdHyxsJSEG2kPvU9JLzgkCwUovtlbdHee2JkV9TdkF\nzEMxjA9B5mxPp5lMFj8jhHhzDmZRxpW/EUBZCkZh5SVbGeg6qTFKRS6zZPYC\nkfv0XICx154cOj0TsW4QHxTHLOV9r93HIPihZDHg2udN7JhYfwsO4RbwDQEv\nxumaM3NTGrXOBxV2vtYSoGSQOmCd8X+gXKxKtTeaV4rCm2aIGVsdfeYQTNSD\nrBxetCJdGB0DrEAr/9bJ5RS2CB9JmEa4ktMHEFTmvTqhWu4Ye2TJBC+H/yqP\nNrYQ4+5lYnZ4BuvxKBvhbH52UURqG27NwQXmFd/h3NlI5GVi5tveRO1+3F1j\ncMTgj49UCB2SNndcJDkK9z7kSBdnmtNo3m3/K9wucw9NxH7sM0yrgeQupbrU\nlgsobzoGluvBijJlp6A7qy4AoOsDGoo4gevK23CR8XN+droGY2RGWThWGuPZ\np7hsG/0f6ICQmU8ARsj/Civ9EbGe/2ZnlHafBtRhmfpZp2/Y7UxX6pmcNARB\nj8Gmr9DWiUXKUBtIkiBSTr7keRF8GuaXSc4pz1phKuAhngy7rYuMhqQr7Sw0\nJCk7cwdvZdq/erjtIh/AHJOPboUCalsLfTdMJguuocUuQr+SEg==\n",
"iv": "3uagVTqoXUcWvs9W\n",
"auth_tag": "s3wlsnLRHCI2NjC6/ZwbiQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"passphrase": {
"encrypted_data": "wzSJQ+VfZuXmqrL3xW/LxiUvF/B6EYHAQtmhrJjt2oMT1G2OEgp5\n",
"iv": "BqTyfQwKKCTOn3q3\n",
"auth_tag": "sh1e8UuQSrq1o5G0O5fXCA==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"repository": {
"encrypted_data": "Ezc5YMp0VM82dlq0+ikk2xZeqNHi+XETlsc2cDlFG/NxY408JO3ErPDEa9d9\nzud+jcCt/01GKqPdslGhP3jsUUb/f3kWMkTWqGkyWXV1121E0uHwyrva62NT\n5A==\n",
"iv": "QtNBUjJ5NrQS0JD7\n",
"auth_tag": "ZQImzlvHWwX1OsxMZK1jGA==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}

3
nodes/akkounts-1.json
View File

@ -12,12 +12,14 @@
"hostname": "akkounts-1",
"ipaddress": "192.168.122.160",
"roles": [
"kvm_guest",
"akkounts",
"postgresql_client"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_postgresql::hostsfile",
"kosmos-akkounts",
"kosmos-akkounts::default",
@ -77,6 +79,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"role[akkounts]"
]
}

3
nodes/bitcoin-2.json
View File

@ -12,12 +12,14 @@
"hostname": "bitcoin-2",
"ipaddress": "192.168.122.148",
"roles": [
"kvm_guest",
"btcpay",
"postgresql_client"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"tor-full",
"tor-full::default",
"kosmos-bitcoin::source",
@ -94,6 +96,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"recipe[tor-full]",
"recipe[kosmos-bitcoin::source]",
"recipe[kosmos-bitcoin::c-lightning]",

8
nodes/discourse-2.json
View File

@ -12,13 +12,16 @@
"hostname": "discourse-2",
"ipaddress": "192.168.122.104",
"roles": [
"discourse"
"kosmos_discourse",
"kvm_guest"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos-dirsrv::hostsfile",
"kosmos_discourse",
"kosmos_discourse::default",
"kosmos_kvm::guest",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
@ -33,7 +36,7 @@
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default",
"kosmos-dirsrv::hostsfile",
"discourse::default",
"firewall::default",
"chef-sugar::default"
],
@ -54,6 +57,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"role[kosmos_discourse]"
]
}

17
nodes/draco.kosmos.org.json
View File

@ -3,6 +3,11 @@
"normal": {
"knife_zero": {
"host": "10.1.1.167"
},
"kosmos_kvm": {
"backup": {
"schedule": "0/3:45"
}
}
},
"automatic": {
@ -10,7 +15,7 @@
"os": "linux",
"os_version": "5.4.0-54-generic",
"hostname": "draco",
"ipaddress": "148.251.237.73",
"ipaddress": "148.251.237.111",
"roles": [
],
@ -20,6 +25,7 @@
"kosmos_encfs",
"kosmos_encfs::default",
"kosmos_kvm::host",
"kosmos_kvm::backup",
"kosmos-ejabberd::firewall",
"kosmos-ipfs::firewall_swarm",
"kosmos-ipfs::firewall_public_gateway",
@ -49,12 +55,12 @@
"cloud": null,
"chef_packages": {
"ohai": {
"version": "15.9.1",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.9.1/lib/ohai"
"version": "15.12.0",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
},
"chef": {
"version": "15.11.8",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.11.8/lib"
"version": "15.17.4",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.17.4/lib"
}
}
},
@ -62,6 +68,7 @@
"recipe[kosmos-base]",
"recipe[kosmos_encfs]",
"recipe[kosmos_kvm::host]",
"recipe[kosmos_kvm::backup]",
"recipe[kosmos-ejabberd::firewall]",
"recipe[kosmos-ipfs::firewall_swarm]",
"recipe[kosmos-ipfs::firewall_public_gateway]",

7
nodes/drone-1.json
View File

@ -13,7 +13,8 @@
"ipaddress": "192.168.122.200",
"roles": [
"drone",
"postgresql_client"
"postgresql_client",
"kvm_guest"
],
"recipes": [
"kosmos-base",
@ -21,6 +22,7 @@
"kosmos_postgresql::hostsfile",
"kosmos_drone",
"kosmos_drone::default",
"kosmos_kvm::guest",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
@ -53,6 +55,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"role[drone]"
]
}
}

5
nodes/ejabberd-4.json
View File

@ -8,16 +8,18 @@
"automatic": {
"fqdn": "ejabberd-4",
"os": "linux",
"os_version": "5.4.0-1051-kvm",
"os_version": "5.4.0-1073-kvm",
"hostname": "ejabberd-4",
"ipaddress": "192.168.122.39",
"roles": [
"kvm_guest",
"ejabberd",
"postgresql_client"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_postgresql::hostsfile",
"kosmos-ejabberd::letsencrypt",
"kosmos-ejabberd",
@ -58,6 +60,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"role[ejabberd]"
]
}

3
nodes/ejabberd-8.json
View File

@ -58,6 +58,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"role[ejabberd]"
]
}
}

11
nodes/fornax.kosmos.org.json
View File

@ -3,6 +3,11 @@
"normal": {
"knife_zero": {
"host": "10.1.1.147"
},
"kosmos_kvm": {
"backup": {
"schedule": "0/3:00"
}
}
},
"automatic": {
@ -19,6 +24,7 @@
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::host",
"kosmos_kvm::backup",
"kosmos_assets::nginx_site",
"kosmos_discourse::nginx",
"kosmos_drone::nginx",
@ -69,14 +75,15 @@
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
},
"chef": {
"version": "15.14.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib"
"version": "15.17.4",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.17.4/lib"
}
}
},
"run_list": [
"recipe[kosmos-base]",
"recipe[kosmos_kvm::host]",
"recipe[kosmos_kvm::backup]",
"role[nginx_proxy]",
"role[zerotier_controller]"
]

7
nodes/gitea-2.json
View File

@ -13,7 +13,8 @@
"ipaddress": "192.168.122.189",
"roles": [
"gitea",
"postgresql_client"
"postgresql_client",
"kvm_guest"
],
"recipes": [
"kosmos-base",
@ -22,6 +23,7 @@
"kosmos_gitea",
"kosmos_gitea::default",
"kosmos_gitea::backup",
"kosmos_kvm::guest",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
@ -57,6 +59,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"role[gitea]"
]
}
}

6
nodes/ipfs-1.json
View File

@ -8,15 +8,16 @@
"automatic": {
"fqdn": "ipfs-1",
"os": "linux",
"os_version": "5.4.0-54-generic",
"os_version": "5.4.0-110-generic",
"hostname": "ipfs-1",
"ipaddress": "192.168.122.195",
"roles": [
"kvm_guest"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos-ipfs",
"kosmos-ipfs::default",
"kosmos-ipfs::public_gateway",
@ -72,6 +73,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"recipe[kosmos-ipfs]",
"recipe[kosmos-ipfs::public_gateway]"
]

55
nodes/jitsi-meet-1.json Normal file
View File

@ -0,0 +1,55 @@
{
"name": "jitsi-meet-1",
"normal": {
"knife_zero": {
"host": "10.1.1.20"
}
},
"automatic": {
"fqdn": "jitsi-meet-1",
"os": "linux",
"os_version": "5.4.0-1073-kvm",
"hostname": "jitsi-meet-1",
"ipaddress": "192.168.122.188",
"roles": [
"kvm_guest"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default"
],
"platform": "ubuntu",
"platform_version": "20.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "17.10.3",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.10.3/lib",
"chef_effortless": null
},
"ohai": {
"version": "17.9.0",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai"
}
}
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]"
]
}

10
nodes/mastodon-3.json
View File

@ -8,12 +8,13 @@
"automatic": {
"fqdn": "mastodon-3",
"os": "linux",
"os_version": "5.4.0-1058-kvm",
"os_version": "5.4.0-1071-kvm",
"hostname": "mastodon-3",
"ipaddress": "192.168.122.161",
"roles": [
"mastodon",
"postgresql_client"
"postgresql_client",
"kvm_guest"
],
"recipes": [
"kosmos-base",
@ -22,6 +23,7 @@
"kosmos-mastodon",
"kosmos-mastodon::default",
"kosmos-mastodon::nginx",
"kosmos_kvm::guest",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
@ -65,7 +67,6 @@
"nginx::commons_conf",
"kosmos-nginx::firewall",
"tor-full::default",
"poise-git::default",
"git::default",
"git::package",
"kosmos-base::letsencrypt"
@ -86,6 +87,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"role[mastodon]"
]
}
}

3
nodes/nodejs-4.json
View File

@ -12,12 +12,14 @@
"hostname": "nodejs-4",
"ipaddress": "192.168.122.106",
"roles": [
"kvm_guest",
"kredits_github",
"sockethub"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos-hubot::botka_irc-libera-chat",
"kredits-github",
"kredits-github::default",
@ -81,6 +83,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"recipe[kosmos-hubot::botka_irc-libera-chat]",
"role[kredits_github]",
"role[sockethub]"

3
nodes/postgres-2.json
View File

@ -12,11 +12,13 @@
"hostname": "postgres-2",
"ipaddress": "192.168.122.244",
"roles": [
"kvm_guest",
"postgresql_primary"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_postgresql::primary",
"kosmos_postgresql::firewall",
"kosmos_gitea::pg_db",
@ -52,6 +54,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"role[postgresql_primary]"
]
}

3
nodes/postgres-4.json
View File

@ -12,11 +12,13 @@
"hostname": "postgres-4",
"ipaddress": "192.168.122.3",
"roles": [
"kvm_guest",
"postgresql_replica"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_postgresql::hostsfile",
"kosmos_postgresql::replica",
"kosmos_postgresql::firewall",
@ -52,6 +54,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"role[postgresql_replica]"
]
}

9
nodes/rs-discourse-1.json
View File

@ -8,17 +8,19 @@
"automatic": {
"fqdn": "rs-discourse-1",
"os": "linux",
"os_version": "5.4.0-1073-kvm",
"os_version": "5.4.0-1076-kvm",
"hostname": "rs-discourse-1",
"ipaddress": "192.168.122.30",
"roles": [
"remotestorage_discourse"
"remotestorage_discourse",
"kvm_guest"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"remotestorage_discourse",
"remotestorage_discourse::default",
"kosmos_kvm::guest",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
@ -54,6 +56,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"role[remotestorage_discourse]"
]
}
}

9
nodes/rsk-mainnet-2.json
View File

@ -8,17 +8,19 @@
"automatic": {
"fqdn": "rsk-mainnet-2",
"os": "linux",
"os_version": "5.4.0-1058-kvm",
"os_version": "5.4.0-1075-kvm",
"hostname": "rsk-mainnet-2",
"ipaddress": "192.168.122.208",
"roles": [
"rskj_mainnet"
"rskj_mainnet",
"kvm_guest"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_rsk::rskj",
"kosmos_rsk::nginx",
"kosmos_kvm::guest",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
@ -65,6 +67,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"role[rskj_mainnet]"
]
}
}

9
nodes/rsk-testnet-3.json
View File

@ -8,17 +8,19 @@
"automatic": {
"fqdn": "rsk-testnet-3",
"os": "linux",
"os_version": "5.4.0-1058-kvm",
"os_version": "5.4.0-1075-kvm",
"hostname": "rsk-testnet-3",
"ipaddress": "192.168.122.231",
"roles": [
"rskj_testnet"
"rskj_testnet",
"kvm_guest"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_rsk::rskj",
"kosmos_rsk::nginx",
"kosmos_kvm::guest",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
@ -65,6 +67,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"role[rskj_testnet]"
]
}
}

6
nodes/uploads-1.json
View File

@ -8,15 +8,16 @@
"automatic": {
"fqdn": "uploads-1",
"os": "linux",
"os_version": "5.4.0-54-generic",
"os_version": "5.4.0-128-generic",
"hostname": "uploads-1",
"ipaddress": "192.168.122.230",
"roles": [
"kvm_guest"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos-ejabberd::upload_service",
"apt::default",
"timezone_iii::default",
@ -60,6 +61,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"recipe[kosmos-ejabberd::upload_service]"
]
}

4
nodes/wiki-1.json
View File

@ -12,11 +12,12 @@
"hostname": "wiki-1",
"ipaddress": "192.168.122.26",
"roles": [
"kvm_guest"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos-mediawiki",
"kosmos-mediawiki::default",
"apt::default",
@ -74,6 +75,7 @@
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"recipe[kosmos-mediawiki]"
]
}

8
site-cookbooks/kosmos-bitcoin/attributes/default.rb
View File

@ -48,9 +48,13 @@ node.default['lnd']['public_ip'] = '148.251.237.111'
node.default['lnd']['public_port'] = '9735'
node.default['lnd']['port'] = '9736'
node.default['lnd']['minchansize'] = '1000000'
node.default['lnd']['basefee'] = '1000'
node.default['lnd']['feerate'] = '50'
node.default['lnd']['basefee'] = '100'
node.default['lnd']['feerate'] = '10'
node.default['lnd']['auto_unlock'] = true # requires credentials/lnd data bag item
node.default['lnd']['tor'] = {
'streamisolation' => 'false',
'skip-proxy-for-clearnet-targets' => 'true'
}
node.default['boltz']['repo'] = 'https://github.com/BoltzExchange/boltz-lnd.git'
node.default['boltz']['revision'] = 'v1.2.6'

1
site-cookbooks/kosmos-bitcoin/recipes/lnd.rb
View File

@ -61,6 +61,7 @@ template "#{lnd_dir}/lnd.conf" do
lnd_basefee: node['lnd']['basefee'],
lnd_feerate: node['lnd']['feerate'],
lnd_dir: lnd_dir,
lnd_tor: node['lnd']['tor'],
auto_unlock: node['lnd']['auto_unlock'],
tor_enabled: node['bitcoin']['tor_enabled'],
bitcoin_datadir: node['bitcoin']['datadir'],

4
site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb
View File

@ -30,6 +30,6 @@ bitcoind.zmqpubrawtx=<%= @bitcoin_zmqpubrawtx %>
[tor]
tor.active=true
tor.v3=true
tor.streamisolation=false
tor.skip-proxy-for-clearnet-targets=true
tor.streamisolation=<%= @lnd_tor['streamisolation'] %>
tor.skip-proxy-for-clearnet-targets=<%= @lnd_tor['skip-proxy-for-clearnet-targets'] %>
<% end %>

5
site-cookbooks/kosmos-ipfs/attributes/default.rb
View File

@ -1,3 +1,6 @@
node.normal['ipfs']['version'] = "0.16.0"
node.normal['ipfs']['checksum'] = "40f7fc4f987fb548ccac0f27cdb2b8a9beacd67dfff9367e315dc0a7ced7115c"
node.default['kosmos-ipfs']['ipfs']['config'] = {
# The default gateway is already used by kosmos' hubot (8080)
"Addresses.Gateway" => "/ip4/127.0.0.1/tcp/9090",
@ -6,7 +9,7 @@ node.default['kosmos-ipfs']['ipfs']['config'] = {
# usage.
'Swarm.DisableBandwidthMetrics' => true,
# Disable the p2p-circuit relay transport
'Swarm.DisableRelay' => true,
'Swarm.Transports.Network.Relay' => false,
# Number of connections that, when exceeded, will trigger a connection GC
# operation
'Swarm.ConnMgr.HighWater' => 40,

2
site-cookbooks/kosmos-mediawiki/recipes/default.rb
View File

@ -165,6 +165,8 @@ end
ruby_block "configuration" do
block do
# FIXME This is internal Chef API and should not be used from recipes, as
# it is unsupported for that
file = Chef::Util::FileEdit.new("#{node['mediawiki']['webdir']}/LocalSettings.php")
file.search_file_replace_line(%r{\$wgLogo\ =\ \"\$wgResourceBasePath\/resources\/assets\/wiki.png\";},
"$wgLogo = \"$wgResourceBasePath/skins/common/images/kosmos.png\";")

3
site-cookbooks/kosmos_kvm/attributes/default.rb
View File

@ -5,3 +5,6 @@ node.default["kosmos_kvm"]["host"]["qemu_base_image"] = {
"checksum" => "6db74917f85146569cb6ae89e1d163ac6d1e488a7f32bc74761ec6d1869c714f",
"path" => "/var/lib/libvirt/images/base/ubuntu-20.04-server-cloudimg-amd64-disk-kvm-#{ubuntu_server_cloud_image_release}.qcow2"
}
# A systemd.timer OnCalendar config value
node.default["kosmos_kvm"]["backup"]["schedule"] = "daily"

29
site-cookbooks/kosmos_kvm/files/backup_vm.sh Normal file
View File

@ -0,0 +1,29 @@
#!/bin/bash
# GENERATED BY CHEF
# DO NOT EDIT
set -e
REPOSITORY=$BORG_REPO
echo "Starting backup of VM: $1"
echo "Dumping domain XML to /root/backups/vm_meta/$1.xml"
virsh dumpxml --migratable $1 > /root/backups/vm_meta/$1.xml
virsh snapshot-create-as --domain $1 \
--name hotswap.qcow2 \
--no-metadata \
--atomic \
--quiesce \
--disk-only \
--diskspec vda,snapshot=external
borg create -v $REPOSITORY::$1_$(date +%F_%H-%M) \
/var/lib/libvirt/images/$1.qcow2 \
/root/backups/vm_meta/$1.xml
echo "Pivoting base image back to original"
virsh blockcommit $1 vda --pivot --base=/var/lib/libvirt/images/$1.qcow2
echo "Removing snapshot image"
rm /var/lib/libvirt/images/$1.hotswap.qcow2

92
site-cookbooks/kosmos_kvm/recipes/backup.rb Normal file
View File

@ -0,0 +1,92 @@
#
# Cookbook:: kosmos_kvm
# Recipe:: backup
#
apt_package "borgbackup"
borg_credentials = data_bag_item("credentials", "borg")
file "/root/.ssh/borg_rsa" do
content borg_credentials["ssh_key"]
mode '0600'
end
file "/root/.borg_credentials.env" do
content <<-EOF
BORG_RSH='ssh -i /root/.ssh/borg_rsa'
BORG_PASSPHRASE=#{borg_credentials["passphrase"]}
BORG_REPO='#{borg_credentials["repository"]}'
EOF
end
bash "Load borg credentials in console sessions" do
code <<-EOF
cat >>/root/.bashrc <<EOL
# GENERATED BY CHEF
set -o allexport
source ~/.borg_credentials.env
set +o allexport
EOF
not_if "grep -q borg_credentials /root/.bashrc"
end
directory "/root/backups" do
mode "0750"
end
directory "/root/backups/vm_meta" do
mode "0750"
end
cookbook_file "/root/backups/backup_vm.sh" do
source "backup_vm.sh"
mode "0750"
end
# Search all guests and filter by presence on current host
vm_domains = search(:node, "role:kvm_guest").map{|n| n["hostname"] } \
& `virsh list --name`.strip.chomp.split("\n")
template "/root/backups/backup_all_vms.sh" do
source "backup_all_vms.sh.erb"
mode '0750'
variables vm_domains: vm_domains
end
systemd_unit "backup-libvirt-guests.service" do
content({
Unit: {
Description: "Back up libvirt guest images and metadata",
Wants: "network.target"
},
Service: {
Type: "oneshot",
EnvironmentFile: "/root/.borg_credentials.env",
ExecStart: "/root/backups/backup_all_vms.sh",
SyslogIdentifier: "backup-libvirt-guests",
Restart: "no"
}
})
verify false
triggers_reload true
action [:create]
end
systemd_unit "backup-libvirt-guests.timer" do
content({
Unit: {
Description: "Back up libvirt guest images and metadata",
},
Timer: {
OnCalendar: node["kosmos_kvm"]["backup"]["schedule"]
},
Install: {
WantedBy: "timers.target"
}
})
verify false
triggers_reload true
action [:create, :enable, :start]
end

15
site-cookbooks/kosmos_kvm/recipes/host.rb
View File

@ -32,3 +32,18 @@ firewall_rule 'ssh-alt-port' do
protocol :tcp
command :allow
end
%w{
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
100.64.0.0/10
}.each do |ip|
firewall_rule "unauthorized-private-network-#{ip}" do
interface "enp35s0"
destination ip
direction :out
protocol :none
command :deny
end
end

11
site-cookbooks/kosmos_kvm/templates/backup_all_vms.sh.erb Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
# GENERATED BY CHEF
# DO NOT EDIT
set -e
echo "Backing up all VMs with kvm_guest chef role..."
for domain in <%= @vm_domains.join(" ") %>
do
/root/backups/backup_vm.sh $domain
done

2
site-cookbooks/kosmos_kvm/templates/create_vm.erb
View File

@ -86,6 +86,6 @@ virt-install \
--graphics none \
--serial pty \
--console pty \
--channel unix,mode=bind,path=/var/lib/libvirt/qemu/guest01.agent,target_type=virtio,name=org.qemu.guest_agent.0 \
--channel unix,mode=bind,path=/var/lib/libvirt/qemu/$VMNAME.guest_agent.0,target_type=virtio,name=org.qemu.guest_agent.0 \
--autostart \
--import