diff --git a/nodes/mastodon-3.json b/nodes/mastodon-3.json index fe1625b..411a0a5 100644 --- a/nodes/mastodon-3.json +++ b/nodes/mastodon-3.json @@ -1,5 +1,6 @@ { "name": "mastodon-3", + "chef_environment": "production", "normal": { "knife_zero": { "host": "10.1.1.30" diff --git a/site-cookbooks/kosmos-mastodon/attributes/default.rb b/site-cookbooks/kosmos-mastodon/attributes/default.rb index e5fb368..f2f2f0d 100644 --- a/site-cookbooks/kosmos-mastodon/attributes/default.rb +++ b/site-cookbooks/kosmos-mastodon/attributes/default.rb @@ -1,11 +1,12 @@ node.default["kosmos-mastodon"]["repo"] = "https://gitea.kosmos.org/kosmos/mastodon.git" node.default["kosmos-mastodon"]["revision"] = "kosmos-production" node.default["kosmos-mastodon"]["directory"] = "/opt/mastodon" -node.default["kosmos-mastodon"]["puma_port"] = 3000 -node.default["kosmos-mastodon"]["streaming_port"] = 4000 node.default["kosmos-mastodon"]["server_name"] = "kosmos.social" node.default["kosmos-mastodon"]["redis_url"] = "redis://localhost:6379/0" node.default["kosmos-mastodon"]["sidekiq_threads"] = 25 +node.default["kosmos-mastodon"]["bind_ip"] = "127.0.0.1" +node.default["kosmos-mastodon"]["app_port"] = 3000 +node.default["kosmos-mastodon"]["streaming_port"] = 4000 # Allocate this amount of RAM to the Java heap for Elasticsearch node.default["kosmos-mastodon"]["elasticsearch"]["allocated_memory"] = "1536m" diff --git a/site-cookbooks/kosmos-mastodon/metadata.rb b/site-cookbooks/kosmos-mastodon/metadata.rb index dc23b66..fa0b6f4 100644 --- a/site-cookbooks/kosmos-mastodon/metadata.rb +++ b/site-cookbooks/kosmos-mastodon/metadata.rb @@ -2,19 +2,20 @@ name 'kosmos-mastodon' maintainer 'Kosmos' maintainer_email 'mail@kosmos.org' license 'MIT' -description 'Installs/Configures kosmos-mastodon' +description 'Installs/Configures Mastodon' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.2.1' -depends "kosmos-nginx" -depends "kosmos-nodejs" +depends 'application' +depends 'application_git' +depends 'backup' +depends 'elasticsearch' +depends 'java' +depends 'firewall' depends 'redisio' -depends "poise-ruby-build" -depends "application" -depends "application_git" -depends "postgresql" -depends "kosmos_postgresql" -depends "backup" -depends "elasticsearch" -depends "tor-full" -depends "java" +depends 'tor-full' +depends 'poise-ruby-build' +depends 'postgresql' +depends 'kosmos-nginx' +depends 'kosmos-nodejs' +depends 'kosmos_postgresql' diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb index e61f1ee..5a2c4b9 100644 --- a/site-cookbooks/kosmos-mastodon/recipes/default.rb +++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb @@ -7,6 +7,7 @@ include_recipe "kosmos-nodejs" include_recipe "java" include_recipe 'redisio::default' include_recipe 'redisio::enable' +include_recipe 'firewall' elasticsearch_user 'elasticsearch' @@ -44,6 +45,12 @@ mastodon_path = node["kosmos-mastodon"]["directory"] mastodon_user = "mastodon" +bind_ip = if node.chef_environment == "production" + node["knife_zero"]["host"] + else + node["kosmos-mastodon"]["bind_ip"] + end + group mastodon_user do gid 62786 end @@ -77,7 +84,8 @@ template "/lib/systemd/system/mastodon-web.service" do source "mastodon-web.systemd.service.erb" variables user: mastodon_user, app_dir: mastodon_path, - port: node["kosmos-mastodon"]["puma_port"], + bind: bind_ip, + port: node["kosmos-mastodon"]["app_port"], bundle_path: "/opt/ruby_build/builds/#{ruby_version}/bin/bundle" notifies :run, "execute[systemctl daemon-reload]", :immediately notifies :restart, "service[mastodon-web]", :delayed @@ -113,6 +121,7 @@ template "/lib/systemd/system/mastodon-streaming.service" do source "mastodon-streaming.systemd.service.erb" variables user: mastodon_user, app_dir: mastodon_path, + bind: bind_ip, port: node["kosmos-mastodon"]["streaming_port"] notifies :run, "execute[systemctl daemon-reload]", :immediately notifies :restart, "service[mastodon-streaming]", :delayed @@ -215,3 +224,17 @@ application mastodon_path do action [:enable, :start] end end + +firewall_rule 'mastodon_app' do + port node['kosmos-mastodon']['app_port'] + source "10.1.1.0/24" + protocol :tcp + command :allow +end + +firewall_rule 'mastodon_streaming' do + port node['kosmos-mastodon']['streaming_port'] + source "10.1.1.0/24" + protocol :tcp + command :allow +end diff --git a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-streaming.systemd.service.erb b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-streaming.systemd.service.erb index dfdc7ff..9c62a28 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-streaming.systemd.service.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-streaming.systemd.service.erb @@ -6,6 +6,7 @@ Type=simple User=<%= @user %> WorkingDirectory=<%= @app_dir %> Environment="NODE_ENV=production" +Environment="BIND=<%= @bind %>" Environment="PORT=<%= @port %>" ExecStart=/usr/bin/npm run start TimeoutSec=15 diff --git a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-web.systemd.service.erb b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-web.systemd.service.erb index 59625d0..93a694e 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-web.systemd.service.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-web.systemd.service.erb @@ -9,7 +9,8 @@ User=<%= @user %> PIDFile=<%= @app_dir %>/tmp/puma.pid WorkingDirectory=<%= @app_dir %> Environment="RAILS_ENV=production" -Environment="PORT=3000" +Environment="BIND=<%= @bind %>" +Environment="PORT=<%= @port %>" Environment="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" ExecStart=<%= @bundle_path %> exec puma -C config/puma.rb --pidfile <%= @app_dir %>/tmp/puma.pid ExecStop=<%= @bundle_path %> exec puma -C config/puma.rb --pidfile <%= @app_dir %>/tmp/puma.pid stop