diff --git a/.chef/config.rb b/.chef/config.rb index 0609bb3..d2935d0 100644 --- a/.chef/config.rb +++ b/.chef/config.rb @@ -25,6 +25,9 @@ knife[:automatic_attribute_whitelist] = %w[ cloud_v2 chef_packages ] + knife[:default_attribute_whitelist] = [] -knife[:normal_attribute_whitelist] = ['knife_zero','kosmos-ejabberd'] +knife[:normal_attribute_whitelist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd'] knife[:override_attribute_whitelist] = [] + +knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd'] diff --git a/clients/jitsi-meet-1.json b/clients/jitsi-meet-1.json new file mode 100644 index 0000000..68ce055 --- /dev/null +++ b/clients/jitsi-meet-1.json @@ -0,0 +1,4 @@ +{ + "name": "jitsi-meet-1", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNMD7N7s+JZM6PLlcrKN\n4jnr0jB5kU+Gr8EHtdpaBDGN5x8BahAkMuXcWfMQj4xIvUhTY4tTvDDYgcJGbrY4\ncmmt/YLX4t/OR6g2JxzIRWDBITTTlX7h5QUg10irjfPsyaU9O7lChDk4M3j5J4c2\nZFlZAar1+CeC5nwcEtNg4nL36I6bxUL5e/rEeeUGCGuqn3tAQ+GXj1G4uJYI18JQ\nhv43nIqbF+oVe5iRy58rXILd+zmbOq87cnF8O2ode44jRwtH4K0+uHTmq+83Q8Ld\n3wBZTnrQEnUDm6IuFuWfYhvNGlXAJrcmoH/wA1B5IAcuF3vhw9JY9axy+GDFszOX\nxwIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/data_bags/credentials/borg.json b/data_bags/credentials/borg.json new file mode 100644 index 0000000..25b875b --- /dev/null +++ b/data_bags/credentials/borg.json @@ -0,0 +1,24 @@ +{ + "id": "borg", + "ssh_key": { + "encrypted_data": "znPXuD/hMY4+1eihuSx1sB/QKohd92B8/TkZd5g+J+uH1yedbeKosc+q7fJT\njlFy0ebySS5URB1O5ij4/YbulnhcNhYb5/ozf6GnhBl2VlmQD0fdE+NlSlGf\nB6nM+qbvtR9V2sAtaVaugILHy4jD/y1jBnh3VyoKtiLG9WrPe1Q5gwTxEDLi\nn7qpcamZt1D5QB+6kMpVqAmL4oV0oFervfrRcf1QyR0vriwdAMz2+iuQ6/Cq\nyRSDkuaGChrX3W8hd+WkaQaU3ak6A2Ih9iO8MIa9j75FpzCDnBl0A1WLvzeC\ngILDFT0J1eSnDhAZfpOPZxCkaGB6ueop1BwWGhtmDZns1IdKccKRhK56i7BC\nGaJv8nDYxmSq90RYZdhnmbVPCyNrbcj+Pkun+N/us7WE2mYZZTXXy0CE1WMC\n0xglisNS06ODTToD8dmv3wLqeS4yk0Ws9JypWxjUS0NGc9k/uGa5MGIBxJfm\nsi4X0ZaoxMPHmNnOCMMIC0MQE82tBtA3tM2mxd6rohgtdtpo9cxsKWW2Pu3O\nW6Wq/A3d4X/9+LbjQKe48gqCeuZXanJxniBtdm2Z08Yi30/lQRwhauGXP1FT\nyot2FVZLLdTHaDHdcaUjU8A/NJsS+DRPWT8xAk1w1jVPytQMZUrPUYbjPXTu\nhqj24Qyyxb836y23hVCNrrRJg35Mb/mHy8LEbxJ1cxoekAR8d5r+yR5UF72j\nDLg+7fEqzIoSqjFB5Ho2hemTzajxwD2d+FATxQN7C+T1LBenDE/cw0HTKV/H\nnjPvb+bLfhCVb0xdkTlFlnF4WUn32tEQhTGrXefQcSV94Go75MoegIflwNo4\nnOsEOeD9VSwRKqsJ82pjRFaGr7HovakeqE/itruvEKGKn+53Sc9xVRgnyve7\nsQ0vdbVSsH6dBQJYDgSUdNNU9PXbqRqbk3CqFpQAEaxoy6mE9oPK89Mdx9mF\no9B8G291d1GvaOSvJjvlzlWmqUCYhQLR+HTeHf+5gp1dSJRlL3b55m1x7PCC\nB4Ma6XLo9gdF/XXGfZE98vg/MJ5w0JjLYouU/v8BaHNWdrxo5MEoky246LmL\ntLY57TbfGu8HTmvScir43hevIC4JqDHJhUQrz3vmd1yFcUBgWIqEYv6guU8K\nW9cYS+LBwbKDg7uXOx93P5pgPzMZbS0aBPt0QCwIwGmhQTPba+WWh6rPwNkl\nV4HRG0TgFJ8skgKWLhEMOYC02KRT/ve+OJ1LawqIK5BsMK81KoX2Drf7Oyba\nOkekMHsA9T6woSjIBTouKIz8r09vkJe9W/0pN7Y/NtE+y+FuZlKC1peafc3x\nE4ZhNotHtyAydsB6NgxpjkBNxUsVe+DlTyGCzEis/pG2XREUniiqd5DhbPKM\nH9EkXiRrtvrmD792ca8lGfMYTNOcoLD1vRlzFmHCjE7NOKAZ4lEwZWEGnxwp\nIEJFCScdPmDxK0uqMw2DaEjlAVblg1EOcs1xG4JwOcY/aWkuslp2MrmOIh7a\nSUdlr+SBi7faEMIslG24s3noDD4DFU5CQSb0ErH6j02VsUi90QYrm9XCkfEl\n2OcbvC9KICmKEj1mxvTQLBALtyTJGXIOzPbxp/Dw2a9o/WnsWDaXhTcLGqdu\nNn3ghESEb1G+pYHJa7lJ62RSQTpRp19gpdUS8SRhqwUkceFCnuuFST3SmspU\ngpjY8xsRZ3h9fzI/ob1nan5pXnzZCf76X7bGL3DqNlpq1SkdGI5NaN7ko42u\nkPafYy6MiAU6lYvg4G4pobJu8qnGcX9Wuf4K2Jl7niOQTUDIwjyrd+1uI9S2\nn5rLmwhQFxPrT/FuLg3nYAohrnAuMDXFQ13XO0q9smaSZDXPheGdTxT4HRTE\nkN1oAvvmhtVbBqNbKBY09Dn1khiUa3mIineJ6wuKS1buiTDlLGiSPAXhaJRB\naplbJLGjtBXSGiAuxHEb2l/G/kIa71R7Vc7h2fYzAXFbPhApllEof43cZVtM\n9kN1m2bshbAG2boD51jb9P4C9H73ICJXGDAUVvScgYAIs4YnCVFIPdmU6dP+\nd4yZTM9bxuezUI2sj6cpWcq8H9+skZjRY+J2vKH/twAaWcnxLUxKfLuUAWNy\nH63iRIAhaWfl3k6dhPbYFnsxrrch99NuMTAEyE5vykiCMg8WlCmittteGyIq\nfOs9eFaoNRkf4Qh5IrOUoPhXO/8Jw7eY3aK2bQvGuutlfxOYsFJWjK3qT7RQ\nAeyv639jDn1W3vvOlFX5+Xx8R5IZLVdElAe39y6rgw27pMZT+IJew/j5EF2j\nsinxUvARi98wW+NP8WXV5CMFXh2JnmxfTLvdsWHJlB/XyktIiJE4KaHlNIaV\nxLdKmarS3hS31DQmpB2LDGPp8QFyV9kY0gvE282A1Fs0w01pByKDcMmvr3pD\nHh40DfYt4ZTJGnLP69IKt3328KEeMlHqns22zZuAidMus1o6k4YkF1WNpZn2\nSdXVG0hcdnvRC4qKdVv+TBFuPSy68cdwPeHs612hcezoHi2pbTkM2YKDJ75m\nvqaBzdpSDcuKVovuwBt3/guHoLD2ipRM0EfZ208aKiuOuYXwGD3PPm5WKUvd\nBSiZw7p37QY6zYh0/bTN2FumftYWz7mrZL4pFIcd8m/tSlU537+TnCbPm1KT\nWFVFBonxsyhHnZC4X0YQQTZ0V9TKCGWdVUgRxZwwQ/0acxFe1j1bqVnDBxR6\nH98xnEPvEh6bHpHujwcdCKTN4AbIJcFVKuCyvl/OtzMBjUXVKOAZcRS42TvY\nkhzQXiOOKqoE29aNDtQ/VRC8s1aN6L6xCorlCcBBurMcmDdJy+r4YUrNqmEA\nZQwFecRXxwzguk6GR3m8RzY1iDRSqm+yCMqjWKx6eycV91izjXbueT45g3Hn\nSqw2cw6rowGZUEcP3vRdHyxsJSEG2kPvU9JLzgkCwUovtlbdHee2JkV9TdkF\nzEMxjA9B5mxPp5lMFj8jhHhzDmZRxpW/EUBZCkZh5SVbGeg6qTFKRS6zZPYC\nkfv0XICx154cOj0TsW4QHxTHLOV9r93HIPihZDHg2udN7JhYfwsO4RbwDQEv\nxumaM3NTGrXOBxV2vtYSoGSQOmCd8X+gXKxKtTeaV4rCm2aIGVsdfeYQTNSD\nrBxetCJdGB0DrEAr/9bJ5RS2CB9JmEa4ktMHEFTmvTqhWu4Ye2TJBC+H/yqP\nNrYQ4+5lYnZ4BuvxKBvhbH52UURqG27NwQXmFd/h3NlI5GVi5tveRO1+3F1j\ncMTgj49UCB2SNndcJDkK9z7kSBdnmtNo3m3/K9wucw9NxH7sM0yrgeQupbrU\nlgsobzoGluvBijJlp6A7qy4AoOsDGoo4gevK23CR8XN+droGY2RGWThWGuPZ\np7hsG/0f6ICQmU8ARsj/Civ9EbGe/2ZnlHafBtRhmfpZp2/Y7UxX6pmcNARB\nj8Gmr9DWiUXKUBtIkiBSTr7keRF8GuaXSc4pz1phKuAhngy7rYuMhqQr7Sw0\nJCk7cwdvZdq/erjtIh/AHJOPboUCalsLfTdMJguuocUuQr+SEg==\n", + "iv": "3uagVTqoXUcWvs9W\n", + "auth_tag": "s3wlsnLRHCI2NjC6/ZwbiQ==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "passphrase": { + "encrypted_data": "wzSJQ+VfZuXmqrL3xW/LxiUvF/B6EYHAQtmhrJjt2oMT1G2OEgp5\n", + "iv": "BqTyfQwKKCTOn3q3\n", + "auth_tag": "sh1e8UuQSrq1o5G0O5fXCA==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "repository": { + "encrypted_data": "Ezc5YMp0VM82dlq0+ikk2xZeqNHi+XETlsc2cDlFG/NxY408JO3ErPDEa9d9\nzud+jcCt/01GKqPdslGhP3jsUUb/f3kWMkTWqGkyWXV1121E0uHwyrva62NT\n5A==\n", + "iv": "QtNBUjJ5NrQS0JD7\n", + "auth_tag": "ZQImzlvHWwX1OsxMZK1jGA==\n", + "version": 3, + "cipher": "aes-256-gcm" + } +} \ No newline at end of file diff --git a/nodes/akkounts-1.json b/nodes/akkounts-1.json index 74896f9..5182b61 100644 --- a/nodes/akkounts-1.json +++ b/nodes/akkounts-1.json @@ -12,12 +12,14 @@ "hostname": "akkounts-1", "ipaddress": "192.168.122.160", "roles": [ + "kvm_guest", "akkounts", "postgresql_client" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_kvm::guest", "kosmos_postgresql::hostsfile", "kosmos-akkounts", "kosmos-akkounts::default", @@ -77,6 +79,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "role[akkounts]" ] } \ No newline at end of file diff --git a/nodes/bitcoin-2.json b/nodes/bitcoin-2.json index 3b80c1e..0d6d430 100644 --- a/nodes/bitcoin-2.json +++ b/nodes/bitcoin-2.json @@ -12,12 +12,14 @@ "hostname": "bitcoin-2", "ipaddress": "192.168.122.148", "roles": [ + "kvm_guest", "btcpay", "postgresql_client" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_kvm::guest", "tor-full", "tor-full::default", "kosmos-bitcoin::source", @@ -94,6 +96,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "recipe[tor-full]", "recipe[kosmos-bitcoin::source]", "recipe[kosmos-bitcoin::c-lightning]", diff --git a/nodes/discourse-2.json b/nodes/discourse-2.json index 8db4677..5f16686 100644 --- a/nodes/discourse-2.json +++ b/nodes/discourse-2.json @@ -12,13 +12,16 @@ "hostname": "discourse-2", "ipaddress": "192.168.122.104", "roles": [ - "discourse" + "kosmos_discourse", + "kvm_guest" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos-dirsrv::hostsfile", "kosmos_discourse", "kosmos_discourse::default", + "kosmos_kvm::guest", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -33,7 +36,7 @@ "postfix::_attributes", "postfix::sasl_auth", "hostname::default", - "kosmos-dirsrv::hostsfile", + "discourse::default", "firewall::default", "chef-sugar::default" ], @@ -54,6 +57,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "role[kosmos_discourse]" ] } diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json index cd07a03..8a09ead 100644 --- a/nodes/draco.kosmos.org.json +++ b/nodes/draco.kosmos.org.json @@ -3,6 +3,11 @@ "normal": { "knife_zero": { "host": "10.1.1.167" + }, + "kosmos_kvm": { + "backup": { + "schedule": "0/3:45" + } } }, "automatic": { @@ -10,7 +15,7 @@ "os": "linux", "os_version": "5.4.0-54-generic", "hostname": "draco", - "ipaddress": "148.251.237.73", + "ipaddress": "148.251.237.111", "roles": [ ], @@ -20,6 +25,7 @@ "kosmos_encfs", "kosmos_encfs::default", "kosmos_kvm::host", + "kosmos_kvm::backup", "kosmos-ejabberd::firewall", "kosmos-ipfs::firewall_swarm", "kosmos-ipfs::firewall_public_gateway", @@ -49,12 +55,12 @@ "cloud": null, "chef_packages": { "ohai": { - "version": "15.9.1", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.9.1/lib/ohai" + "version": "15.12.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" }, "chef": { - "version": "15.11.8", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.11.8/lib" + "version": "15.17.4", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.17.4/lib" } } }, @@ -62,6 +68,7 @@ "recipe[kosmos-base]", "recipe[kosmos_encfs]", "recipe[kosmos_kvm::host]", + "recipe[kosmos_kvm::backup]", "recipe[kosmos-ejabberd::firewall]", "recipe[kosmos-ipfs::firewall_swarm]", "recipe[kosmos-ipfs::firewall_public_gateway]", diff --git a/nodes/drone-1.json b/nodes/drone-1.json index 5ad5474..daa2016 100644 --- a/nodes/drone-1.json +++ b/nodes/drone-1.json @@ -13,7 +13,8 @@ "ipaddress": "192.168.122.200", "roles": [ "drone", - "postgresql_client" + "postgresql_client", + "kvm_guest" ], "recipes": [ "kosmos-base", @@ -21,6 +22,7 @@ "kosmos_postgresql::hostsfile", "kosmos_drone", "kosmos_drone::default", + "kosmos_kvm::guest", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -53,6 +55,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "role[drone]" ] -} \ No newline at end of file +} diff --git a/nodes/ejabberd-4.json b/nodes/ejabberd-4.json index 4ce65bc..18e81cc 100644 --- a/nodes/ejabberd-4.json +++ b/nodes/ejabberd-4.json @@ -8,16 +8,18 @@ "automatic": { "fqdn": "ejabberd-4", "os": "linux", - "os_version": "5.4.0-1051-kvm", + "os_version": "5.4.0-1073-kvm", "hostname": "ejabberd-4", "ipaddress": "192.168.122.39", "roles": [ + "kvm_guest", "ejabberd", "postgresql_client" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_kvm::guest", "kosmos_postgresql::hostsfile", "kosmos-ejabberd::letsencrypt", "kosmos-ejabberd", @@ -58,6 +60,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "role[ejabberd]" ] } \ No newline at end of file diff --git a/nodes/ejabberd-8.json b/nodes/ejabberd-8.json index 9ebc158..71c7504 100644 --- a/nodes/ejabberd-8.json +++ b/nodes/ejabberd-8.json @@ -58,6 +58,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "role[ejabberd]" ] -} \ No newline at end of file +} diff --git a/nodes/fornax.kosmos.org.json b/nodes/fornax.kosmos.org.json index bbd1f0e..ba22c12 100644 --- a/nodes/fornax.kosmos.org.json +++ b/nodes/fornax.kosmos.org.json @@ -3,6 +3,11 @@ "normal": { "knife_zero": { "host": "10.1.1.147" + }, + "kosmos_kvm": { + "backup": { + "schedule": "0/3:00" + } } }, "automatic": { @@ -19,6 +24,7 @@ "kosmos-base", "kosmos-base::default", "kosmos_kvm::host", + "kosmos_kvm::backup", "kosmos_assets::nginx_site", "kosmos_discourse::nginx", "kosmos_drone::nginx", @@ -69,14 +75,15 @@ "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" }, "chef": { - "version": "15.14.0", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib" + "version": "15.17.4", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.17.4/lib" } } }, "run_list": [ "recipe[kosmos-base]", "recipe[kosmos_kvm::host]", + "recipe[kosmos_kvm::backup]", "role[nginx_proxy]", "role[zerotier_controller]" ] diff --git a/nodes/gitea-2.json b/nodes/gitea-2.json index ee569c7..acbfb42 100644 --- a/nodes/gitea-2.json +++ b/nodes/gitea-2.json @@ -13,7 +13,8 @@ "ipaddress": "192.168.122.189", "roles": [ "gitea", - "postgresql_client" + "postgresql_client", + "kvm_guest" ], "recipes": [ "kosmos-base", @@ -22,6 +23,7 @@ "kosmos_gitea", "kosmos_gitea::default", "kosmos_gitea::backup", + "kosmos_kvm::guest", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -57,6 +59,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "role[gitea]" ] -} \ No newline at end of file +} diff --git a/nodes/ipfs-1.json b/nodes/ipfs-1.json index 13008a6..2252a37 100644 --- a/nodes/ipfs-1.json +++ b/nodes/ipfs-1.json @@ -8,15 +8,16 @@ "automatic": { "fqdn": "ipfs-1", "os": "linux", - "os_version": "5.4.0-54-generic", + "os_version": "5.4.0-110-generic", "hostname": "ipfs-1", "ipaddress": "192.168.122.195", "roles": [ - + "kvm_guest" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_kvm::guest", "kosmos-ipfs", "kosmos-ipfs::default", "kosmos-ipfs::public_gateway", @@ -72,6 +73,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "recipe[kosmos-ipfs]", "recipe[kosmos-ipfs::public_gateway]" ] diff --git a/nodes/jitsi-meet-1.json b/nodes/jitsi-meet-1.json new file mode 100644 index 0000000..76eff64 --- /dev/null +++ b/nodes/jitsi-meet-1.json @@ -0,0 +1,55 @@ +{ + "name": "jitsi-meet-1", + "normal": { + "knife_zero": { + "host": "10.1.1.20" + } + }, + "automatic": { + "fqdn": "jitsi-meet-1", + "os": "linux", + "os_version": "5.4.0-1073-kvm", + "hostname": "jitsi-meet-1", + "ipaddress": "192.168.122.188", + "roles": [ + "kvm_guest" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_kvm::guest", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "17.10.3", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.10.3/lib", + "chef_effortless": null + }, + "ohai": { + "version": "17.9.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai" + } + } + }, + "run_list": [ + "recipe[kosmos-base]", + "role[kvm_guest]" + ] +} \ No newline at end of file diff --git a/nodes/mastodon-3.json b/nodes/mastodon-3.json index 293bcd3..66f0d9b 100644 --- a/nodes/mastodon-3.json +++ b/nodes/mastodon-3.json @@ -8,12 +8,13 @@ "automatic": { "fqdn": "mastodon-3", "os": "linux", - "os_version": "5.4.0-1058-kvm", + "os_version": "5.4.0-1071-kvm", "hostname": "mastodon-3", "ipaddress": "192.168.122.161", "roles": [ "mastodon", - "postgresql_client" + "postgresql_client", + "kvm_guest" ], "recipes": [ "kosmos-base", @@ -22,6 +23,7 @@ "kosmos-mastodon", "kosmos-mastodon::default", "kosmos-mastodon::nginx", + "kosmos_kvm::guest", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -65,7 +67,6 @@ "nginx::commons_conf", "kosmos-nginx::firewall", "tor-full::default", - "poise-git::default", "git::default", "git::package", "kosmos-base::letsencrypt" @@ -86,6 +87,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "role[mastodon]" ] -} \ No newline at end of file +} diff --git a/nodes/nodejs-4.json b/nodes/nodejs-4.json index 4cca5ad..c974ec9 100644 --- a/nodes/nodejs-4.json +++ b/nodes/nodejs-4.json @@ -12,12 +12,14 @@ "hostname": "nodejs-4", "ipaddress": "192.168.122.106", "roles": [ + "kvm_guest", "kredits_github", "sockethub" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_kvm::guest", "kosmos-hubot::botka_irc-libera-chat", "kredits-github", "kredits-github::default", @@ -81,6 +83,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "recipe[kosmos-hubot::botka_irc-libera-chat]", "role[kredits_github]", "role[sockethub]" diff --git a/nodes/postgres-2.json b/nodes/postgres-2.json index 8d7953a..6cc24a9 100644 --- a/nodes/postgres-2.json +++ b/nodes/postgres-2.json @@ -12,11 +12,13 @@ "hostname": "postgres-2", "ipaddress": "192.168.122.244", "roles": [ + "kvm_guest", "postgresql_primary" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_kvm::guest", "kosmos_postgresql::primary", "kosmos_postgresql::firewall", "kosmos_gitea::pg_db", @@ -52,6 +54,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "role[postgresql_primary]" ] } \ No newline at end of file diff --git a/nodes/postgres-4.json b/nodes/postgres-4.json index 7cf0419..684e87d 100644 --- a/nodes/postgres-4.json +++ b/nodes/postgres-4.json @@ -12,11 +12,13 @@ "hostname": "postgres-4", "ipaddress": "192.168.122.3", "roles": [ + "kvm_guest", "postgresql_replica" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_kvm::guest", "kosmos_postgresql::hostsfile", "kosmos_postgresql::replica", "kosmos_postgresql::firewall", @@ -52,6 +54,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "role[postgresql_replica]" ] } \ No newline at end of file diff --git a/nodes/rs-discourse-1.json b/nodes/rs-discourse-1.json index 1852527..ef67953 100644 --- a/nodes/rs-discourse-1.json +++ b/nodes/rs-discourse-1.json @@ -8,17 +8,19 @@ "automatic": { "fqdn": "rs-discourse-1", "os": "linux", - "os_version": "5.4.0-1073-kvm", + "os_version": "5.4.0-1076-kvm", "hostname": "rs-discourse-1", "ipaddress": "192.168.122.30", "roles": [ - "remotestorage_discourse" + "remotestorage_discourse", + "kvm_guest" ], "recipes": [ "kosmos-base", "kosmos-base::default", "remotestorage_discourse", "remotestorage_discourse::default", + "kosmos_kvm::guest", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -54,6 +56,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "role[remotestorage_discourse]" ] -} \ No newline at end of file +} diff --git a/nodes/rsk-mainnet-2.json b/nodes/rsk-mainnet-2.json index b24ba39..5d6017a 100644 --- a/nodes/rsk-mainnet-2.json +++ b/nodes/rsk-mainnet-2.json @@ -8,17 +8,19 @@ "automatic": { "fqdn": "rsk-mainnet-2", "os": "linux", - "os_version": "5.4.0-1058-kvm", + "os_version": "5.4.0-1075-kvm", "hostname": "rsk-mainnet-2", "ipaddress": "192.168.122.208", "roles": [ - "rskj_mainnet" + "rskj_mainnet", + "kvm_guest" ], "recipes": [ "kosmos-base", "kosmos-base::default", "kosmos_rsk::rskj", "kosmos_rsk::nginx", + "kosmos_kvm::guest", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -65,6 +67,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "role[rskj_mainnet]" ] -} \ No newline at end of file +} diff --git a/nodes/rsk-testnet-3.json b/nodes/rsk-testnet-3.json index 34af5d9..e9b0cf4 100644 --- a/nodes/rsk-testnet-3.json +++ b/nodes/rsk-testnet-3.json @@ -8,17 +8,19 @@ "automatic": { "fqdn": "rsk-testnet-3", "os": "linux", - "os_version": "5.4.0-1058-kvm", + "os_version": "5.4.0-1075-kvm", "hostname": "rsk-testnet-3", "ipaddress": "192.168.122.231", "roles": [ - "rskj_testnet" + "rskj_testnet", + "kvm_guest" ], "recipes": [ "kosmos-base", "kosmos-base::default", "kosmos_rsk::rskj", "kosmos_rsk::nginx", + "kosmos_kvm::guest", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -65,6 +67,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "role[rskj_testnet]" ] -} \ No newline at end of file +} diff --git a/nodes/uploads-1.json b/nodes/uploads-1.json index 3c65fbf..f2af120 100644 --- a/nodes/uploads-1.json +++ b/nodes/uploads-1.json @@ -8,15 +8,16 @@ "automatic": { "fqdn": "uploads-1", "os": "linux", - "os_version": "5.4.0-54-generic", + "os_version": "5.4.0-128-generic", "hostname": "uploads-1", "ipaddress": "192.168.122.230", "roles": [ - + "kvm_guest" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_kvm::guest", "kosmos-ejabberd::upload_service", "apt::default", "timezone_iii::default", @@ -60,6 +61,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "recipe[kosmos-ejabberd::upload_service]" ] } \ No newline at end of file diff --git a/nodes/wiki-1.json b/nodes/wiki-1.json index 20ffbb0..b2bac6b 100644 --- a/nodes/wiki-1.json +++ b/nodes/wiki-1.json @@ -12,11 +12,12 @@ "hostname": "wiki-1", "ipaddress": "192.168.122.26", "roles": [ - + "kvm_guest" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_kvm::guest", "kosmos-mediawiki", "kosmos-mediawiki::default", "apt::default", @@ -74,6 +75,7 @@ }, "run_list": [ "recipe[kosmos-base]", + "role[kvm_guest]", "recipe[kosmos-mediawiki]" ] } \ No newline at end of file diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index 73f21e9..03bb73a 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -48,9 +48,13 @@ node.default['lnd']['public_ip'] = '148.251.237.111' node.default['lnd']['public_port'] = '9735' node.default['lnd']['port'] = '9736' node.default['lnd']['minchansize'] = '1000000' -node.default['lnd']['basefee'] = '1000' -node.default['lnd']['feerate'] = '50' +node.default['lnd']['basefee'] = '100' +node.default['lnd']['feerate'] = '10' node.default['lnd']['auto_unlock'] = true # requires credentials/lnd data bag item +node.default['lnd']['tor'] = { + 'streamisolation' => 'false', + 'skip-proxy-for-clearnet-targets' => 'true' +} node.default['boltz']['repo'] = 'https://github.com/BoltzExchange/boltz-lnd.git' node.default['boltz']['revision'] = 'v1.2.6' diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb index a6d932c..a6c5b2d 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb @@ -61,6 +61,7 @@ template "#{lnd_dir}/lnd.conf" do lnd_basefee: node['lnd']['basefee'], lnd_feerate: node['lnd']['feerate'], lnd_dir: lnd_dir, + lnd_tor: node['lnd']['tor'], auto_unlock: node['lnd']['auto_unlock'], tor_enabled: node['bitcoin']['tor_enabled'], bitcoin_datadir: node['bitcoin']['datadir'], diff --git a/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb b/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb index 45b6b9e..3e43d01 100644 --- a/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb +++ b/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb @@ -30,6 +30,6 @@ bitcoind.zmqpubrawtx=<%= @bitcoin_zmqpubrawtx %> [tor] tor.active=true tor.v3=true -tor.streamisolation=false -tor.skip-proxy-for-clearnet-targets=true +tor.streamisolation=<%= @lnd_tor['streamisolation'] %> +tor.skip-proxy-for-clearnet-targets=<%= @lnd_tor['skip-proxy-for-clearnet-targets'] %> <% end %> diff --git a/site-cookbooks/kosmos-ipfs/attributes/default.rb b/site-cookbooks/kosmos-ipfs/attributes/default.rb index 860fb87..446b629 100644 --- a/site-cookbooks/kosmos-ipfs/attributes/default.rb +++ b/site-cookbooks/kosmos-ipfs/attributes/default.rb @@ -1,3 +1,6 @@ +node.normal['ipfs']['version'] = "0.16.0" +node.normal['ipfs']['checksum'] = "40f7fc4f987fb548ccac0f27cdb2b8a9beacd67dfff9367e315dc0a7ced7115c" + node.default['kosmos-ipfs']['ipfs']['config'] = { # The default gateway is already used by kosmos' hubot (8080) "Addresses.Gateway" => "/ip4/127.0.0.1/tcp/9090", @@ -6,7 +9,7 @@ node.default['kosmos-ipfs']['ipfs']['config'] = { # usage. 'Swarm.DisableBandwidthMetrics' => true, # Disable the p2p-circuit relay transport - 'Swarm.DisableRelay' => true, + 'Swarm.Transports.Network.Relay' => false, # Number of connections that, when exceeded, will trigger a connection GC # operation 'Swarm.ConnMgr.HighWater' => 40, diff --git a/site-cookbooks/kosmos-mediawiki/recipes/default.rb b/site-cookbooks/kosmos-mediawiki/recipes/default.rb index 5046629..4f24146 100644 --- a/site-cookbooks/kosmos-mediawiki/recipes/default.rb +++ b/site-cookbooks/kosmos-mediawiki/recipes/default.rb @@ -165,6 +165,8 @@ end ruby_block "configuration" do block do + # FIXME This is internal Chef API and should not be used from recipes, as + # it is unsupported for that file = Chef::Util::FileEdit.new("#{node['mediawiki']['webdir']}/LocalSettings.php") file.search_file_replace_line(%r{\$wgLogo\ =\ \"\$wgResourceBasePath\/resources\/assets\/wiki.png\";}, "$wgLogo = \"$wgResourceBasePath/skins/common/images/kosmos.png\";") diff --git a/site-cookbooks/kosmos_kvm/attributes/default.rb b/site-cookbooks/kosmos_kvm/attributes/default.rb index d20a34b..dc2b563 100644 --- a/site-cookbooks/kosmos_kvm/attributes/default.rb +++ b/site-cookbooks/kosmos_kvm/attributes/default.rb @@ -5,3 +5,6 @@ node.default["kosmos_kvm"]["host"]["qemu_base_image"] = { "checksum" => "6db74917f85146569cb6ae89e1d163ac6d1e488a7f32bc74761ec6d1869c714f", "path" => "/var/lib/libvirt/images/base/ubuntu-20.04-server-cloudimg-amd64-disk-kvm-#{ubuntu_server_cloud_image_release}.qcow2" } + +# A systemd.timer OnCalendar config value +node.default["kosmos_kvm"]["backup"]["schedule"] = "daily" diff --git a/site-cookbooks/kosmos_kvm/files/backup_vm.sh b/site-cookbooks/kosmos_kvm/files/backup_vm.sh new file mode 100644 index 0000000..33a259b --- /dev/null +++ b/site-cookbooks/kosmos_kvm/files/backup_vm.sh @@ -0,0 +1,29 @@ +#!/bin/bash +# GENERATED BY CHEF +# DO NOT EDIT +set -e + +REPOSITORY=$BORG_REPO + +echo "Starting backup of VM: $1" + +echo "Dumping domain XML to /root/backups/vm_meta/$1.xml" +virsh dumpxml --migratable $1 > /root/backups/vm_meta/$1.xml + +virsh snapshot-create-as --domain $1 \ + --name hotswap.qcow2 \ + --no-metadata \ + --atomic \ + --quiesce \ + --disk-only \ + --diskspec vda,snapshot=external + +borg create -v $REPOSITORY::$1_$(date +%F_%H-%M) \ + /var/lib/libvirt/images/$1.qcow2 \ + /root/backups/vm_meta/$1.xml + +echo "Pivoting base image back to original" +virsh blockcommit $1 vda --pivot --base=/var/lib/libvirt/images/$1.qcow2 + +echo "Removing snapshot image" +rm /var/lib/libvirt/images/$1.hotswap.qcow2 diff --git a/site-cookbooks/kosmos_kvm/recipes/backup.rb b/site-cookbooks/kosmos_kvm/recipes/backup.rb new file mode 100644 index 0000000..e7e7f49 --- /dev/null +++ b/site-cookbooks/kosmos_kvm/recipes/backup.rb @@ -0,0 +1,92 @@ +# +# Cookbook:: kosmos_kvm +# Recipe:: backup +# + +apt_package "borgbackup" + +borg_credentials = data_bag_item("credentials", "borg") + +file "/root/.ssh/borg_rsa" do + content borg_credentials["ssh_key"] + mode '0600' +end + +file "/root/.borg_credentials.env" do + content <<-EOF +BORG_RSH='ssh -i /root/.ssh/borg_rsa' +BORG_PASSPHRASE=#{borg_credentials["passphrase"]} +BORG_REPO='#{borg_credentials["repository"]}' + EOF +end + +bash "Load borg credentials in console sessions" do + code <<-EOF + cat >>/root/.bashrc < +do + /root/backups/backup_vm.sh $domain +done diff --git a/site-cookbooks/kosmos_kvm/templates/create_vm.erb b/site-cookbooks/kosmos_kvm/templates/create_vm.erb index 0514f5d..7d155e0 100644 --- a/site-cookbooks/kosmos_kvm/templates/create_vm.erb +++ b/site-cookbooks/kosmos_kvm/templates/create_vm.erb @@ -86,6 +86,6 @@ virt-install \ --graphics none \ --serial pty \ --console pty \ - --channel unix,mode=bind,path=/var/lib/libvirt/qemu/guest01.agent,target_type=virtio,name=org.qemu.guest_agent.0 \ + --channel unix,mode=bind,path=/var/lib/libvirt/qemu/$VMNAME.guest_agent.0,target_type=virtio,name=org.qemu.guest_agent.0 \ --autostart \ --import