From 4d0259493f972c55b13dbd51e81ae15916a48ab5 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 13 Jan 2021 09:48:23 +0100 Subject: [PATCH 1/7] Update system package dependencies for 20.04 --- site-cookbooks/kosmos-mastodon/recipes/default.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb index 50c7098..ee9d5d6 100644 --- a/site-cookbooks/kosmos-mastodon/recipes/default.rb +++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb @@ -42,8 +42,9 @@ user mastodon_user do home mastodon_path end -package %w(imagemagick ffmpeg libxml2-dev libxslt1-dev file git curl pkg-config - libprotobuf-dev protobuf-compiler libidn11 libidn11-dev libjemalloc1) +package %w(build-essential imagemagick ffmpeg libxml2-dev libxslt1-dev file git + curl pkg-config libprotobuf-dev protobuf-compiler libidn11 + libidn11-dev libjemalloc2 libpq-dev) npm_package "yarn" do version "1.22.4" From 9d13acd41ae7662a1588af4539fa8e691e4fc4e0 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 13 Jan 2021 09:49:03 +0100 Subject: [PATCH 2/7] Don't fail on first run, when Tor hostname missing --- site-cookbooks/kosmos-mastodon/recipes/nginx.rb | 4 +++- .../kosmos-mastodon/templates/default/nginx_conf_mastodon.erb | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-mastodon/recipes/nginx.rb b/site-cookbooks/kosmos-mastodon/recipes/nginx.rb index fde87cd..65717a1 100644 --- a/site-cookbooks/kosmos-mastodon/recipes/nginx.rb +++ b/site-cookbooks/kosmos-mastodon/recipes/nginx.rb @@ -24,6 +24,8 @@ template "#{node['nginx']['dir']}/snippets/mastodon.conf" do notifies :reload, 'service[nginx]', :delayed end +onion_address = File.read("/var/lib/tor/mastodon/hostname").strip rescue nil + template "#{node['nginx']['dir']}/sites-available/#{server_name}" do source 'nginx_conf_mastodon.erb' owner 'www-data' @@ -32,7 +34,7 @@ template "#{node['nginx']['dir']}/sites-available/#{server_name}" do ssl_cert: "/etc/letsencrypt/live/#{server_name}/fullchain.pem", ssl_key: "/etc/letsencrypt/live/#{server_name}/privkey.pem", shared_config_path: "#{node['nginx']['dir']}/snippets/mastodon.conf", - onion_address: File.read("/var/lib/tor/mastodon/hostname").strip + onion_address: onion_address notifies :reload, 'service[nginx]', :delayed end diff --git a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb index c07686e..20d2efa 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb @@ -1,8 +1,10 @@ +<% if @onion_address %> server { listen 80; server_name mastodon.<%= @onion_address %>; include <%= @shared_config_path %>; } +<% end %> map $http_upgrade $connection_upgrade { default upgrade; From 047526e0fcf9c921abcb9e205423e6258ae6cfe6 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 13 Jan 2021 09:49:49 +0100 Subject: [PATCH 3/7] Don't configure HTTPS site when certs missing --- .../templates/default/nginx_conf_mastodon.erb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb index 20d2efa..6991f7a 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb @@ -11,17 +11,16 @@ map $http_upgrade $connection_upgrade { '' close; } +<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) %> server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name <%= @server_name %>; include <%= @shared_config_path %>; - <% if File.exist?(@ssl_cert) && - File.exist?(@ssl_key) -%> ssl_certificate <%= @ssl_cert %>; ssl_certificate_key <%= @ssl_key %>; - <% end -%> add_header Strict-Transport-Security "max-age=31536000"; } +<% end %> From c622f81572cc5a5d8e59adeffb19a14e90b04edc Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 13 Jan 2021 09:50:10 +0100 Subject: [PATCH 4/7] Remove extra license header --- .../kosmos-redis/recipes/default.rb | 21 ------------------- 1 file changed, 21 deletions(-) diff --git a/site-cookbooks/kosmos-redis/recipes/default.rb b/site-cookbooks/kosmos-redis/recipes/default.rb index d5ee76d..06e440d 100644 --- a/site-cookbooks/kosmos-redis/recipes/default.rb +++ b/site-cookbooks/kosmos-redis/recipes/default.rb @@ -2,27 +2,6 @@ # Cookbook Name:: kosmos-redis # Recipe:: default # -# The MIT License (MIT) -# -# Copyright:: 2019, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. node.override['redis']['unixsocket'] = '' include_recipe 'redis::server' From 62320106cb727686bc054b58856cc5ed8e8dc478 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 13 Jan 2021 09:50:37 +0100 Subject: [PATCH 5/7] Set up mastodon-1 VM --- nodes/mastodon-1.json | 86 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 nodes/mastodon-1.json diff --git a/nodes/mastodon-1.json b/nodes/mastodon-1.json new file mode 100644 index 0000000..c1a7a49 --- /dev/null +++ b/nodes/mastodon-1.json @@ -0,0 +1,86 @@ +{ + "name": "mastodon-1", + "normal": { + "knife_zero": { + "host": "10.1.1.156" + } + }, + "automatic": { + "fqdn": "mastodon-1", + "os": "linux", + "os_version": "5.4.0-1031-kvm", + "hostname": "mastodon-1", + "ipaddress": "192.168.122.197", + "roles": [ + "mastodon", + "postgresql_client" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos-mastodon", + "kosmos-mastodon::default", + "kosmos-mastodon::nginx", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default", + "kosmos-nodejs::default", + "nodejs::nodejs_from_package", + "nodejs::repo", + "kosmos-redis::default", + "redis::server", + "redis::default", + "backup::default", + "logrotate::default", + "java::default", + "java::set_attributes_from_version", + "java::openjdk", + "java::notify", + "java::default_java_symlink", + "java::set_java_home", + "nodejs::npm", + "nodejs::install", + "kosmos-nginx::default", + "nginx::default", + "nginx::package", + "nginx::ohai_plugin", + "nginx::repo", + "nginx::commons", + "nginx::commons_dir", + "nginx::commons_script", + "nginx::commons_conf", + "kosmos-nginx::firewall", + "tor-full::default", + "git::default", + "git::package" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "ohai": { + "version": "15.12.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" + }, + "chef": { + "version": "15.14.0", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib" + } + } + }, + "run_list": [ + "recipe[kosmos-base]", + "role[mastodon]" + ] +} \ No newline at end of file From 9224aa9d97830349a0bebadce19b3b376e17bd31 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 13 Jan 2021 17:06:25 +0100 Subject: [PATCH 6/7] Update node data --- nodes/mastodon-1.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nodes/mastodon-1.json b/nodes/mastodon-1.json index c1a7a49..b06ab5f 100644 --- a/nodes/mastodon-1.json +++ b/nodes/mastodon-1.json @@ -63,7 +63,8 @@ "kosmos-nginx::firewall", "tor-full::default", "git::default", - "git::package" + "git::package", + "kosmos-base::letsencrypt" ], "platform": "ubuntu", "platform_version": "20.04", From 12a3fa5b4e1ee47bafa32b29609d9cbbdc3fd268 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 13 Jan 2021 17:06:36 +0100 Subject: [PATCH 7/7] Use default Redis database now --- site-cookbooks/kosmos-mastodon/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-mastodon/attributes/default.rb b/site-cookbooks/kosmos-mastodon/attributes/default.rb index eb91556..f04a577 100644 --- a/site-cookbooks/kosmos-mastodon/attributes/default.rb +++ b/site-cookbooks/kosmos-mastodon/attributes/default.rb @@ -2,7 +2,7 @@ node.default["kosmos-mastodon"]["directory"] = "/opt/mastodon" node.default["kosmos-mastodon"]["puma_port"] = 3000 node.default["kosmos-mastodon"]["streaming_port"] = 4000 node.default["kosmos-mastodon"]["server_name"] = "kosmos.social" -node.default["kosmos-mastodon"]["redis_url"] = "redis://localhost:6379/1" +node.default["kosmos-mastodon"]["redis_url"] = "redis://localhost:6379/0" node.default["kosmos-mastodon"]["sidekiq_threads"] = 25 # Allocate this amount of RAM to the Java heap for Elasticsearch node.default["kosmos-mastodon"]["elasticsearch"]["allocated_memory"] = "1536m"