Merge pull request 'Set up new Mastodon VM, fix/improve Chef recipes' (#284) from chore/move_mastodon_to_vm into master

Reviewed-on: #284

nodes/mastodon-1.json

@@ -0,0 +1,87 @@
+{
+  "name": "mastodon-1",
+  "normal": {
+    "knife_zero": {
+      "host": "10.1.1.156"
+    }
+  },
+  "automatic": {
+    "fqdn": "mastodon-1",
+    "os": "linux",
+    "os_version": "5.4.0-1031-kvm",
+    "hostname": "mastodon-1",
+    "ipaddress": "192.168.122.197",
+    "roles": [
+      "mastodon",
+      "postgresql_client"
+    ],
+    "recipes": [
+      "kosmos-base",
+      "kosmos-base::default",
+      "kosmos-mastodon",
+      "kosmos-mastodon::default",
+      "kosmos-mastodon::nginx",
+      "apt::default",
+      "timezone_iii::default",
+      "timezone_iii::debian",
+      "ntp::default",
+      "ntp::apparmor",
+      "kosmos-base::systemd_emails",
+      "apt::unattended-upgrades",
+      "kosmos-base::firewall",
+      "kosmos-postfix::default",
+      "postfix::default",
+      "postfix::_common",
+      "postfix::_attributes",
+      "postfix::sasl_auth",
+      "hostname::default",
+      "kosmos-nodejs::default",
+      "nodejs::nodejs_from_package",
+      "nodejs::repo",
+      "kosmos-redis::default",
+      "redis::server",
+      "redis::default",
+      "backup::default",
+      "logrotate::default",
+      "java::default",
+      "java::set_attributes_from_version",
+      "java::openjdk",
+      "java::notify",
+      "java::default_java_symlink",
+      "java::set_java_home",
+      "nodejs::npm",
+      "nodejs::install",
+      "kosmos-nginx::default",
+      "nginx::default",
+      "nginx::package",
+      "nginx::ohai_plugin",
+      "nginx::repo",
+      "nginx::commons",
+      "nginx::commons_dir",
+      "nginx::commons_script",
+      "nginx::commons_conf",
+      "kosmos-nginx::firewall",
+      "tor-full::default",
+      "git::default",
+      "git::package",
+      "kosmos-base::letsencrypt"
+    ],
+    "platform": "ubuntu",
+    "platform_version": "20.04",
+    "cloud": null,
+    "chef_packages": {
+      "ohai": {
+        "version": "15.12.0",
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
+      },
+      "chef": {
+        "version": "15.14.0",
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib"
+      }
+    }
+  },
+  "run_list": [
+    "recipe[kosmos-base]",
+    "role[mastodon]"
+  ]
+}

site-cookbooks/kosmos-mastodon/attributes/default.rb

@@ -2,7 +2,7 @@ node.default["kosmos-mastodon"]["directory"]       = "/opt/mastodon"
 node.default["kosmos-mastodon"]["puma_port"]       = 3000
 node.default["kosmos-mastodon"]["streaming_port"]  = 4000
 node.default["kosmos-mastodon"]["server_name"]     = "kosmos.social"
-node.default["kosmos-mastodon"]["redis_url"]       = "redis://localhost:6379/1"
+node.default["kosmos-mastodon"]["redis_url"]       = "redis://localhost:6379/0"
 node.default["kosmos-mastodon"]["sidekiq_threads"] = 25
 # Allocate this amount of RAM to the Java heap for Elasticsearch
 node.default["kosmos-mastodon"]["elasticsearch"]["allocated_memory"] = "1536m"

site-cookbooks/kosmos-mastodon/recipes/default.rb

@@ -42,8 +42,9 @@ user mastodon_user do
   home mastodon_path
 end
 
-package %w(imagemagick ffmpeg libxml2-dev libxslt1-dev file git curl pkg-config
+package %w(build-essential imagemagick ffmpeg libxml2-dev libxslt1-dev file git
-           libprotobuf-dev protobuf-compiler libidn11 libidn11-dev libjemalloc1)
+           curl pkg-config libprotobuf-dev protobuf-compiler libidn11
+           libidn11-dev libjemalloc2 libpq-dev)
 
 npm_package "yarn" do
   version "1.22.4"

site-cookbooks/kosmos-mastodon/recipes/nginx.rb

@@ -24,6 +24,8 @@ template "#{node['nginx']['dir']}/snippets/mastodon.conf" do
   notifies :reload, 'service[nginx]', :delayed
 end
 
+onion_address = File.read("/var/lib/tor/mastodon/hostname").strip rescue nil
+
 template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
   source 'nginx_conf_mastodon.erb'
   owner 'www-data'
@@ -32,7 +34,7 @@ template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
             ssl_cert:            "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
             ssl_key:             "/etc/letsencrypt/live/#{server_name}/privkey.pem",
             shared_config_path:  "#{node['nginx']['dir']}/snippets/mastodon.conf",
-            onion_address:       File.read("/var/lib/tor/mastodon/hostname").strip
+            onion_address:       onion_address
   notifies :reload, 'service[nginx]', :delayed
 end
 

site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb

@@ -1,25 +1,26 @@
+<% if @onion_address %>
 server {
   listen 80;
   server_name mastodon.<%= @onion_address %>;
   include <%= @shared_config_path %>;
 }
+<% end %>
 
 map $http_upgrade $connection_upgrade {
   default upgrade;
   ''      close;
 }
 
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) %>
 server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   server_name <%= @server_name %>;
   include <%= @shared_config_path %>;
 
-  <% if File.exist?(@ssl_cert) &&
-        File.exist?(@ssl_key) -%>
   ssl_certificate     <%= @ssl_cert %>;
   ssl_certificate_key <%= @ssl_key %>;
-  <% end -%>
 
   add_header Strict-Transport-Security "max-age=31536000";
 }
+<% end %>

site-cookbooks/kosmos-redis/recipes/default.rb

@@ -2,27 +2,6 @@
 # Cookbook Name:: kosmos-redis
 # Recipe:: default
 #
-# The MIT License (MIT)
-#
-# Copyright:: 2019, Kosmos Developers
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-# copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-# THE SOFTWARE.
 
 node.override['redis']['unixsocket'] = ''
 include_recipe 'redis::server'