Merge branch 'master' into feature/535-liquor_cabinet

2024-01-26 08:19:50 +03:00 · 2024-01-26 08:19:50 +03:00 · b5020efdd5
parent e10e54c12a 2763244fdc
commit b5020efdd5
12 changed files with 111 additions and 36 deletions
--- a/data_bags/credentials/akkounts.json
+++ b/data_bags/credentials/akkounts.json
@ -1,37 +1,51 @@
 {
  "id": "akkounts",
  "postgresql_username": {
-    "encrypted_data": "W+Ia820+uYCAED9LRkQ1ZVe//56GRS5u0HrG\n",
-    "iv": "NpuVENC7C5FCjsEz\n",
-    "auth_tag": "KbqVv27nTc4qm7kzRWcjUQ==\n",
+    "encrypted_data": "/Idxzq83imf6o6pbmFAk7bgxg69N7/1KNhgj\n",
+    "iv": "34BrmVmlxzuA7IJG\n",
+    "auth_tag": "VyLpWDshrOd417ZiY3432w==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "postgresql_password": {
-    "encrypted_data": "gPzUikJ3vBhjEzor0ie2341VPLRHNIvGvuD+HBwldw==\n",
-    "iv": "Jsnldm8Bx9IzXMNy\n",
-    "auth_tag": "63YXFGVxHn23X+/11qwTSA==\n",
+    "encrypted_data": "XqEmt+yu7mB6vBOUCT/5AtIptdUamfniz+PrFYCP0A==\n",
+    "iv": "2XdVUHkeeS1LHzMx\n",
+    "auth_tag": "mq0v9ikHD7pxTUrGO+VF9A==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "sentry_dsn": {
-    "encrypted_data": "3aC1Nc+WiJIn+jc4HY4Rb1WAqCqEurbOLXhbah4zSIbVIaNGEKzaoC+IA+qi\nV1jAVxbE0A1w91MrGE6HNa+oMjiTMurYx7JzVBIpCm01rgo=\n",
-    "iv": "SxEbTBYY2Pa5BzAF\n",
-    "auth_tag": "zGkIpM/aeyuNm2F0I3VAcA==\n",
+    "encrypted_data": "u82JsPq5HvQRE2eWIbVp73LdqffyuTTylbURtM7XRJ6AXyKp1WD/iwVhNnL7\n/NKSWR24/u63WJCP4rXpW7293ZRU5UW/W3GwlOjNtbdxcaQ=\n",
+    "iv": "0GIV8v92dh4+Ma/Z\n",
+    "auth_tag": "XbuxPIZ5VxuMjw/f+usCgA==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "rails_master_key": {
-    "encrypted_data": "cWOeQYNzOjgDNi7ZpkMC/jN7nSPyODYRhA6EIhhihzPxkEDt+/4HGNAhLHGK\nlJiQeRD/\n",
-    "iv": "Svsvx9gsO9OQs9RV\n",
-    "auth_tag": "mXVNNo13F6FddhWnri1yHQ==\n",
+    "encrypted_data": "31N79um4TTD0tuDurrZVztoSv0sxZ70paV7AhD8P4+lX8kUkfhiugCbdhst0\n12YP5v/8\n",
+    "iv": "l4qanaerdou8AApw\n",
+    "auth_tag": "yvkcM4on1EMm1LhmmZ+O+g==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "discourse_connect_secret": {
-    "encrypted_data": "BQcE5fUkiqJyuOR1dR9vNyxWzgWGX1Wl1WINJDGJ1sJiajrgAspPgDt0dX5L\nhxG8CQ==\n",
-    "iv": "UKpt0F1FODuosQ9u\n",
-    "auth_tag": "MLgv0jR9MhWGmQNUkA8GUQ==\n",
+    "encrypted_data": "Ebs8KVEA0r4nFxYNjxxZFUWndxwoKes/9ihEgqgKLN76t6yzCUONeJZBMl0G\nXLdI8A==\n",
+    "iv": "ob8KBWeoHXFlZ7Nk\n",
+    "auth_tag": "motppQbVEhg6qyKRYpqctA==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "lndhub_admin_token": {
+    "encrypted_data": "I2hSF6X9L3OWbet5QWzrCyA3XyGFhFBgHh/uFr5dQ3RB\n",
+    "iv": "Kr8u2j5napFSamYc\n",
+    "auth_tag": "t93UNWomf+6WaZF7VVzTeQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "btcpay_auth_token": {
+    "encrypted_data": "0qesJ5KMvU2DlKdz7lExJWq0X9XYjpsqw61kLXWw4UNYwpNxPyFJSjbR9yKh\ntu0zMdtMB9Vur9izWBY=\n",
+    "iv": "gw2oAyeF2Kuvb3Em\n",
+    "auth_tag": "zMtos/E3e3XXeTlAY7o0lg==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  }
--- a/environments/production.json
+++ b/environments/production.json
@ -2,6 +2,9 @@
  "name": "production",
  "override_attributes": {
    "akkounts": {
+      "btcpay": {
+        "store_id": "FNJVVsrVkKaduPDAkRVchdegjwzsNhpceAdonCaXAwBX"
+      },
      "ejabberd": {
        "admin_url": "https://xmpp.kosmos.org:5443/admin"
      },
--- a/nodes/redis-1.json
+++ b/nodes/redis-1.json
@ -1,5 +1,6 @@
 {
  "name": "redis-1",
+  "chef_environment": "production",
  "normal": {
    "knife_zero": {
      "host": "10.1.1.225"
@ -8,7 +9,7 @@
  "automatic": {
    "fqdn": "redis-1",
    "os": "linux",
-    "os_version": "5.4.0-1090-kvm",
+    "os_version": "5.4.0-1104-kvm",
    "hostname": "redis-1",
    "ipaddress": "192.168.122.83",
    "roles": [
@ -22,6 +23,8 @@
      "kosmos_kvm::guest",
      "kosmos_redis",
      "kosmos_redis::default",
+      "kosmos_redis::firewall",
+      "kosmos_redis::backup",
      "apt::default",
      "timezone_iii::default",
      "timezone_iii::debian",
@ -43,7 +46,6 @@
      "redisio::disable_os_default",
      "redisio::configure",
      "redisio::enable",
-      "kosmos_redis::firewall",
      "backup::default",
      "logrotate::default"
    ],
--- a/nodes/redis-2.json
+++ b/nodes/redis-2.json
@ -1,5 +1,6 @@
 {
  "name": "redis-2",
+  "chef_environment": "production",
  "normal": {
    "knife_zero": {
      "host": "10.1.1.208"
@ -8,17 +9,20 @@
  "automatic": {
    "fqdn": "redis-2",
    "os": "linux",
-    "os_version": "5.4.0-1090-kvm",
+    "os_version": "5.4.0-1104-kvm",
    "hostname": "redis-2",
    "ipaddress": "192.168.122.98",
    "roles": [
      "base",
-      "kvm_guest"
+      "kvm_guest",
+      "redis_replica"
    ],
    "recipes": [
      "kosmos-base",
      "kosmos-base::default",
      "kosmos_kvm::guest",
+      "kosmos_redis::replica",
+      "kosmos_redis::firewall",
      "apt::default",
      "timezone_iii::default",
      "timezone_iii::debian",
@ -32,7 +36,14 @@
      "postfix::_common",
      "postfix::_attributes",
      "postfix::sasl_auth",
-      "hostname::default"
+      "hostname::default",
+      "redisio::default",
+      "redisio::_install_prereqs",
+      "redisio::install",
+      "redisio::ulimit",
+      "redisio::disable_os_default",
+      "redisio::configure",
+      "redisio::enable"
    ],
    "platform": "ubuntu",
    "platform_version": "20.04",
@ -51,6 +62,7 @@
  },
  "run_list": [
    "role[base]",
-    "role[kvm_guest]"
+    "role[kvm_guest]",
+    "role[redis_replica]"
  ]
 }
--- a/roles/redis_replica.rb
+++ b/roles/redis_replica.rb
@ -0,0 +1,15 @@
+name "redis_replica"
+
+run_list %w(
+  kosmos_redis::replica
+  kosmos_redis::firewall
+)
+
+default_attributes({
+  'redisio' => {
+    'default_settings' => {
+      'slaveservestaledata' => 'yes',
+      'slavereadonly' => 'yes'
+    }
+  }
+})
--- a/roles/redis_server.rb
+++ b/roles/redis_server.rb
@ -7,6 +7,7 @@ default_run_list = %w(
 production_run_list = %w(
  kosmos_redis::default
  kosmos_redis::firewall
+  kosmos_redis::backup
 )

 env_run_lists(
@ -14,5 +15,3 @@ env_run_lists(
  'development' => default_run_list,
  'production' => production_run_list
 )
-
-default_attributes({})
--- a/site-cookbooks/kosmos-akkounts/attributes/default.rb
+++ b/site-cookbooks/kosmos-akkounts/attributes/default.rb
@ -11,6 +11,8 @@ node.default['akkounts']['smtp']['domain']          = 'kosmos.org'
 node.default['akkounts']['smtp']['auth_method']     = 'plain'
 node.default['akkounts']['smtp']['enable_starttls'] = 'auto'

+node.default['akkounts']['btcpay']['store_id'] = nil
+
 node.default['akkounts']['ejabberd']['admin_url'] = nil

 node.default['akkounts']['lndhub']['api_url'] = nil
--- a/site-cookbooks/kosmos-akkounts/recipes/default.rb
+++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb
@ -20,6 +20,7 @@ user deploy_user do
 end

 package "libpq-dev"
+package "libvips"

 include_recipe 'redisio::default'
 include_recipe 'redisio::enable'
@ -70,6 +71,8 @@ end

 if btcpay_host
  env[:btcpay_api_url] = "http://#{btcpay_host}:23001/api/v1"
+  env[:btcpay_store_id] = node['akkounts']['btcpay']['store_id']
+  env[:btcpay_auth_token] = credentials["btcpay_auth_token"]
 end

 env[:discourse_public_url] = "https://#{node['discourse']['domain']}"
@ -104,6 +107,7 @@ if lndhub_host
  node.override["akkounts"]["lndhub"]["api_url"] = "http://#{lndhub_host}:3026"
  env[:lndhub_legacy_api_url] = node["akkounts"]["lndhub"]["api_url"]
  env[:lndhub_api_url] = node["akkounts"]["lndhub"]["api_url"]
+  env[:lndhub_admin_token] = credentials["lndhub_admin_token"]
  env[:lndhub_public_url] = node["akkounts"]["lndhub"]["public_url"]
  env[:lndhub_public_key] = node["akkounts"]["lndhub"]["public_key"]
  if postgres_readonly_host
--- a/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts_api.erb
+++ b/site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts_api.erb
@ -18,7 +18,7 @@ server {
  access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log json;
  error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn;

-  location /kredits/ {
+  location / {
    add_header 'Access-Control-Allow-Origin' '*' always;
    add_header 'Access-Control-Allow-Methods' 'GET' always;
    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
@ -31,6 +31,6 @@ server {
    proxy_buffers 1024 8k;
    proxy_http_version 1.1;

-    proxy_pass http://_akkounts_api/api/kredits/;
+    proxy_pass http://_akkounts_api/api/;
  }
 }
--- a/site-cookbooks/kosmos_redis/recipes/backup.rb
+++ b/site-cookbooks/kosmos_redis/recipes/backup.rb
@ -0,0 +1,11 @@
+#
+# Cookbook Name:: kosmos_redis
+# Recipe:: backup
+#
+
+databases = node['redisio']['servers'].map do |server, _|
+  "dump-#{server['port']}"
+end
+node.override["backup"]["redis"]["databases"] = databases
+
+include_recipe "backup"
--- a/site-cookbooks/kosmos_redis/recipes/default.rb
+++ b/site-cookbooks/kosmos_redis/recipes/default.rb
@ -3,16 +3,10 @@
 # Recipe:: default
 #

+node.normal['redisio']['servers'] = [{
+  'port' => '6379',
+  'protected_mode' => 'no'
+}]
+
 include_recipe 'redisio::default'
 include_recipe 'redisio::enable'
-
-unless node.chef_environment == "development"
-  include_recipe "kosmos_redis::firewall"
-
-  # Backup the databases to S3
-  databases = node['redisio']['servers'].map do |server, _|
-    "dump-#{server['port']}"
-  end
-  node.override["backup"]["redis"]["databases"] = databases
-  include_recipe "backup"
-end
--- a/site-cookbooks/kosmos_redis/recipes/replica.rb
+++ b/site-cookbooks/kosmos_redis/recipes/replica.rb
@ -0,0 +1,19 @@
+#
+# Cookbook Name:: kosmos_redis
+# Recipe:: replica
+#
+
+primary_host = search(:node, 'role:redis_server').first['knife_zero']['host'] rescue nil
+
+if primary_host.nil?
+  Chef::Log.warn("No node found with 'redis_server' role. Stopping here.")
+  return
+end
+
+node.normal['redisio']['servers'] = [{
+  'port' => '6379',
+  'replicaof' => { 'address' => primary_host, 'port' => '6379' }
+}]
+
+include_recipe 'redisio::default'
+include_recipe 'redisio::enable'