From 378fee85ecd132c106fe3dc4f38bca3fffb93fa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Tue, 11 Oct 2022 17:58:22 +0200 Subject: [PATCH 1/3] Create a discourse cookbook that can be wrapped It makes it possible to serve multiple Discord instances to different hosts from a single nginx load balancer Right now we run one for Kosmos and one for remoteStorage --- roles/discourse.rb | 5 - roles/kosmos_discourse.rb | 6 + roles/nginx_proxy.rb | 1 + roles/remotestorage_discourse.rb | 5 + site-cookbooks/discourse/.gitignore | 22 ++++ site-cookbooks/discourse/CHANGELOG.md | 5 + site-cookbooks/discourse/LICENSE | 21 ++++ site-cookbooks/discourse/README.md | 4 + .../discourse/attributes/default.rb | 5 + site-cookbooks/discourse/chefignore | 110 ++++++++++++++++++ site-cookbooks/discourse/metadata.rb | 11 ++ site-cookbooks/discourse/recipes/default.rb | 43 +++++++ site-cookbooks/discourse/recipes/nginx.rb | 39 +++++++ .../discourse/templates/nginx_conf.erb | 36 ++++++ site-cookbooks/kosmos_discourse/CHANGELOG.md | 2 - site-cookbooks/kosmos_discourse/README.md | 3 +- .../kosmos_discourse/attributes/default.rb | 2 + site-cookbooks/kosmos_discourse/metadata.rb | 10 +- .../kosmos_discourse/recipes/default.rb | 41 +------ .../kosmos_discourse/recipes/nginx.rb | 30 +---- .../remotestorage_discourse/.gitignore | 22 ++++ .../remotestorage_discourse/CHANGELOG.md | 5 + .../remotestorage_discourse/LICENSE | 21 ++++ .../remotestorage_discourse/README.md | 3 + .../attributes/default.rb | 2 + .../remotestorage_discourse/chefignore | 110 ++++++++++++++++++ .../remotestorage_discourse/metadata.rb | 10 ++ .../recipes/default.rb | 6 + .../remotestorage_discourse/recipes/nginx.rb | 6 + .../templates/nginx_conf.erb | 35 ++++++ 30 files changed, 537 insertions(+), 84 deletions(-) delete mode 100644 roles/discourse.rb create mode 100644 roles/kosmos_discourse.rb create mode 100644 roles/remotestorage_discourse.rb create mode 100644 site-cookbooks/discourse/.gitignore create mode 100644 site-cookbooks/discourse/CHANGELOG.md create mode 100644 site-cookbooks/discourse/LICENSE create mode 100644 site-cookbooks/discourse/README.md create mode 100644 site-cookbooks/discourse/attributes/default.rb create mode 100644 site-cookbooks/discourse/chefignore create mode 100644 site-cookbooks/discourse/metadata.rb create mode 100644 site-cookbooks/discourse/recipes/default.rb create mode 100644 site-cookbooks/discourse/recipes/nginx.rb create mode 100644 site-cookbooks/discourse/templates/nginx_conf.erb create mode 100644 site-cookbooks/kosmos_discourse/attributes/default.rb create mode 100644 site-cookbooks/remotestorage_discourse/.gitignore create mode 100644 site-cookbooks/remotestorage_discourse/CHANGELOG.md create mode 100644 site-cookbooks/remotestorage_discourse/LICENSE create mode 100644 site-cookbooks/remotestorage_discourse/README.md create mode 100644 site-cookbooks/remotestorage_discourse/attributes/default.rb create mode 100644 site-cookbooks/remotestorage_discourse/chefignore create mode 100644 site-cookbooks/remotestorage_discourse/metadata.rb create mode 100644 site-cookbooks/remotestorage_discourse/recipes/default.rb create mode 100644 site-cookbooks/remotestorage_discourse/recipes/nginx.rb create mode 100644 site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb diff --git a/roles/discourse.rb b/roles/discourse.rb deleted file mode 100644 index 53a1ad2..0000000 --- a/roles/discourse.rb +++ /dev/null @@ -1,5 +0,0 @@ -name "discourse" - -run_list %w( - kosmos_discourse::default -) diff --git a/roles/kosmos_discourse.rb b/roles/kosmos_discourse.rb new file mode 100644 index 0000000..9c87e77 --- /dev/null +++ b/roles/kosmos_discourse.rb @@ -0,0 +1,6 @@ +name "kosmos_discourse" + +run_list %w( + kosmos-dirsrv::hostsfile + kosmos_discourse::default +) diff --git a/roles/nginx_proxy.rb b/roles/nginx_proxy.rb index 7e44df5..55a64a3 100644 --- a/roles/nginx_proxy.rb +++ b/roles/nginx_proxy.rb @@ -8,6 +8,7 @@ default_run_list = %w( kosmos_website::default kosmos-ejabberd::nginx kosmos-akkounts::nginx_api + remotestorage_discourse::nginx ) env_run_lists( diff --git a/roles/remotestorage_discourse.rb b/roles/remotestorage_discourse.rb new file mode 100644 index 0000000..fabf729 --- /dev/null +++ b/roles/remotestorage_discourse.rb @@ -0,0 +1,5 @@ +name "remotestorage_discourse" + +run_list %w( + remotestorage_discourse::default +) diff --git a/site-cookbooks/discourse/.gitignore b/site-cookbooks/discourse/.gitignore new file mode 100644 index 0000000..9abf29f --- /dev/null +++ b/site-cookbooks/discourse/.gitignore @@ -0,0 +1,22 @@ +.vagrant +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +gems.locked +bin/* +.bundle/* + +# test kitchen +.kitchen/ +kitchen.local.yml + +# Chef +Berksfile.lock +.zero-knife.rb +Policyfile.lock.json diff --git a/site-cookbooks/discourse/CHANGELOG.md b/site-cookbooks/discourse/CHANGELOG.md new file mode 100644 index 0000000..40d6fc3 --- /dev/null +++ b/site-cookbooks/discourse/CHANGELOG.md @@ -0,0 +1,5 @@ +# discourse CHANGELOG + +# 0.1.0 + +Initial release. diff --git a/site-cookbooks/discourse/LICENSE b/site-cookbooks/discourse/LICENSE new file mode 100644 index 0000000..dd321fd --- /dev/null +++ b/site-cookbooks/discourse/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2020 Kosmos Developers + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/site-cookbooks/discourse/README.md b/site-cookbooks/discourse/README.md new file mode 100644 index 0000000..cce437d --- /dev/null +++ b/site-cookbooks/discourse/README.md @@ -0,0 +1,4 @@ +# kosmos_discourse + +TODO: Enter the cookbook description here. + diff --git a/site-cookbooks/discourse/attributes/default.rb b/site-cookbooks/discourse/attributes/default.rb new file mode 100644 index 0000000..7a6cbd3 --- /dev/null +++ b/site-cookbooks/discourse/attributes/default.rb @@ -0,0 +1,5 @@ +# Set it in the wrapper cookbook +# node['discourse']['domain'] = "community.example.com" +# Override it in the wrapper cookbook +node.default['discourse']['role'] = "discourse" +node.default['discourse']['port'] = 3001 diff --git a/site-cookbooks/discourse/chefignore b/site-cookbooks/discourse/chefignore new file mode 100644 index 0000000..5039e1c --- /dev/null +++ b/site-cookbooks/discourse/chefignore @@ -0,0 +1,110 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +mkmf.log +REVISION +TAGS* +tmtags + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out + +# Testing # +########### +.circleci/* +.codeclimate.yml +.foodcritic +.kitchen* +.rspec +.rubocop.yml +.travis.yml +.watchr +azure-pipelines.yml +examples/* +features/* +Guardfile +kitchen.yml* +Procfile +Rakefile +spec/* +spec/* +spec/fixtures/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Cookbooks # +############# +CHANGELOG* +CONTRIBUTING* +TESTING* +CODE_OF_CONDUCT* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/site-cookbooks/discourse/metadata.rb b/site-cookbooks/discourse/metadata.rb new file mode 100644 index 0000000..f6b34c8 --- /dev/null +++ b/site-cookbooks/discourse/metadata.rb @@ -0,0 +1,11 @@ +name 'discourse' +maintainer 'Kosmos Developers' +maintainer_email 'mail@kosmos.org' +license 'MIT' +description 'Installs/Configures discourse' +long_description 'Installs/Configures discourse' +version '0.1.0' +chef_version '>= 14.0' + +depends 'kosmos-nginx' +depends 'firewall' diff --git a/site-cookbooks/discourse/recipes/default.rb b/site-cookbooks/discourse/recipes/default.rb new file mode 100644 index 0000000..deab0a9 --- /dev/null +++ b/site-cookbooks/discourse/recipes/default.rb @@ -0,0 +1,43 @@ +# +# Cookbook:: kosmos_discourse +# Recipe:: default +# + +package "docker-compose" +deploy_path = "/opt/discourse" + +repo = "https://github.com/discourse/discourse_docker" + +git deploy_path do + repository repo + revision "main" +end + +systemd_unit "discourse.service" do + content({Unit: { + Description: "discourse service with docker compose", + Requires: "docker.service", + After: "docker.service", + }, + Service: { + Type: "oneshot", + RemainAfterExit: "true", + WorkingDirectory: deploy_path, + Environment: "SUPERVISED=true", + ExecStart: "#{deploy_path}/launcher start app", + ExecStop: "#{deploy_path}/launcher stop app", + }, + Install: { + WantedBy: "multi-user.target" + }}) + action [:create, :enable] +end + +include_recipe 'firewall' + +firewall_rule 'discourse' do + port [node['discourse']['port']] + source "10.1.1.0/24" + protocol :tcp + command :allow +end diff --git a/site-cookbooks/discourse/recipes/nginx.rb b/site-cookbooks/discourse/recipes/nginx.rb new file mode 100644 index 0000000..ed06d6b --- /dev/null +++ b/site-cookbooks/discourse/recipes/nginx.rb @@ -0,0 +1,39 @@ +# +# Cookbook:: discourse +# Recipe:: nginx +# + +include_recipe "kosmos-nginx" + +domain = node['discourse']['domain'] +discourse_role = node['discourse']['role'] + +upstream_ip_addresses = [] +search(:node, "role:#{discourse_role}").each do |n| + upstream_ip_addresses << n["knife_zero"]["host"] +end +# No Discourse host, stop here +if upstream_ip_addresses.empty? + Chef::Log.warn("No server with '#{discourse_role}' role. Stopping here.") + return +end + +nginx_certbot_site domain + +template "#{node['nginx']['dir']}/sites-available/#{domain}" do + source "nginx_conf.erb" + owner 'www-data' + mode 0640 + variables server_name: domain, + ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", + ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem", + upstream_port: node['discourse']['port'], + upstream_name: discourse_role, + upstream_ip_addresses: upstream_ip_addresses + + notifies :reload, 'service[nginx]', :delayed +end + +nginx_site domain do + action :enable +end diff --git a/site-cookbooks/discourse/templates/nginx_conf.erb b/site-cookbooks/discourse/templates/nginx_conf.erb new file mode 100644 index 0000000..b480ead --- /dev/null +++ b/site-cookbooks/discourse/templates/nginx_conf.erb @@ -0,0 +1,36 @@ +# Generated by Chef +upstream _<%= @upstream_name %> { + <% @upstream_ip_addresses.each do |upstream_ip_address| -%> + server <%= upstream_ip_address %>:<%= @upstream_port %>; + <% end -%> +} + +<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> +server { + server_name <%= @server_name %>; + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_certificate <%= @ssl_cert %>; + ssl_certificate_key <%= @ssl_key %>; + + add_header Strict-Transport-Security "max-age=31536000"; + + # Send real IP to the Docker container + set_real_ip_from 127.0.0.1; + real_ip_header X-Forwarded-For; + + client_max_body_size 20M; + + location / { + # Increase number of buffers. Default is 8 + proxy_buffers 1024 8k; + + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + proxy_pass http://_<%= @upstream_name %>; + proxy_http_version 1.1; + } +} +<% end -%> diff --git a/site-cookbooks/kosmos_discourse/CHANGELOG.md b/site-cookbooks/kosmos_discourse/CHANGELOG.md index 99ae433..24288f6 100644 --- a/site-cookbooks/kosmos_discourse/CHANGELOG.md +++ b/site-cookbooks/kosmos_discourse/CHANGELOG.md @@ -1,7 +1,5 @@ # kosmos_discourse CHANGELOG -This file is used to list changes made in each version of the kosmos_discourse cookbook. - # 0.1.0 Initial release. diff --git a/site-cookbooks/kosmos_discourse/README.md b/site-cookbooks/kosmos_discourse/README.md index cce437d..8530a92 100644 --- a/site-cookbooks/kosmos_discourse/README.md +++ b/site-cookbooks/kosmos_discourse/README.md @@ -1,4 +1,3 @@ # kosmos_discourse -TODO: Enter the cookbook description here. - +Wrapper cookbook based on discourse diff --git a/site-cookbooks/kosmos_discourse/attributes/default.rb b/site-cookbooks/kosmos_discourse/attributes/default.rb new file mode 100644 index 0000000..56d4e65 --- /dev/null +++ b/site-cookbooks/kosmos_discourse/attributes/default.rb @@ -0,0 +1,2 @@ +node.override['discourse']['domain'] = "community.kosmos.org" +node.override['discourse']['role'] = "kosmos_discourse" diff --git a/site-cookbooks/kosmos_discourse/metadata.rb b/site-cookbooks/kosmos_discourse/metadata.rb index 1c2ac07..bf5ce1b 100644 --- a/site-cookbooks/kosmos_discourse/metadata.rb +++ b/site-cookbooks/kosmos_discourse/metadata.rb @@ -1,12 +1,10 @@ name 'kosmos_discourse' maintainer 'Kosmos Developers' -maintainer_email 'you@example.com' +maintainer_email 'mail@kosmos.org' license 'MIT' -description 'Installs/Configures kosmos_discourse' -long_description 'Installs/Configures kosmos_discourse' +description 'Installs/Configures discourse' +long_description 'Installs/Configures discourse' version '0.1.0' chef_version '>= 14.0' -depends 'kosmos-nginx' -depends 'firewall' -depends 'kosmos-dirsrv' +depends 'discourse' diff --git a/site-cookbooks/kosmos_discourse/recipes/default.rb b/site-cookbooks/kosmos_discourse/recipes/default.rb index 4515f91..99da6d1 100644 --- a/site-cookbooks/kosmos_discourse/recipes/default.rb +++ b/site-cookbooks/kosmos_discourse/recipes/default.rb @@ -3,43 +3,4 @@ # Recipe:: default # -include_recipe "kosmos-dirsrv::hostsfile" - -package "docker-compose" -deploy_path = "/opt/discourse" - -repo = "https://github.com/discourse/discourse_docker" - -git deploy_path do - repository repo - revision "main" -end - -systemd_unit "discourse.service" do - content({Unit: { - Description: "discourse service with docker compose", - Requires: "docker.service", - After: "docker.service", - }, - Service: { - Type: "oneshot", - RemainAfterExit: "true", - WorkingDirectory: deploy_path, - Environment: "SUPERVISED=true", - ExecStart: "#{deploy_path}/launcher start app", - ExecStop: "#{deploy_path}/launcher stop app", - }, - Install: { - WantedBy: "multi-user.target" - }}) - action [:create, :enable] -end - -include_recipe 'firewall' - -firewall_rule 'discourse' do - port [3001] - source "10.1.1.0/24" - protocol :tcp - command :allow -end +include_recipe 'discourse' diff --git a/site-cookbooks/kosmos_discourse/recipes/nginx.rb b/site-cookbooks/kosmos_discourse/recipes/nginx.rb index 9bd3b4c..081f1fb 100644 --- a/site-cookbooks/kosmos_discourse/recipes/nginx.rb +++ b/site-cookbooks/kosmos_discourse/recipes/nginx.rb @@ -3,32 +3,4 @@ # Recipe:: nginx # -include_recipe "kosmos-nginx" - -domain = "community.kosmos.org" - -upstream_ip_addresses = [] -search(:node, "role:discourse").each do |n| - upstream_ip_addresses << n["knife_zero"]["host"] -end -# No Discourse host, stop here -return if upstream_ip_addresses.empty? - -nginx_certbot_site domain - -template "#{node['nginx']['dir']}/sites-available/#{domain}" do - source "nginx_conf.erb" - owner 'www-data' - mode 0640 - variables server_name: domain, - ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", - ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem", - upstream_port: 3001, - upstream_ip_addresses: upstream_ip_addresses - - notifies :reload, 'service[nginx]', :delayed -end - -nginx_site domain do - action :enable -end +include_recipe "discourse::nginx" diff --git a/site-cookbooks/remotestorage_discourse/.gitignore b/site-cookbooks/remotestorage_discourse/.gitignore new file mode 100644 index 0000000..9abf29f --- /dev/null +++ b/site-cookbooks/remotestorage_discourse/.gitignore @@ -0,0 +1,22 @@ +.vagrant +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +gems.locked +bin/* +.bundle/* + +# test kitchen +.kitchen/ +kitchen.local.yml + +# Chef +Berksfile.lock +.zero-knife.rb +Policyfile.lock.json diff --git a/site-cookbooks/remotestorage_discourse/CHANGELOG.md b/site-cookbooks/remotestorage_discourse/CHANGELOG.md new file mode 100644 index 0000000..48d8caa --- /dev/null +++ b/site-cookbooks/remotestorage_discourse/CHANGELOG.md @@ -0,0 +1,5 @@ +# remotestorage_discourse CHANGELOG + +# 0.1.0 + +Initial release. diff --git a/site-cookbooks/remotestorage_discourse/LICENSE b/site-cookbooks/remotestorage_discourse/LICENSE new file mode 100644 index 0000000..dd321fd --- /dev/null +++ b/site-cookbooks/remotestorage_discourse/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2020 Kosmos Developers + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/site-cookbooks/remotestorage_discourse/README.md b/site-cookbooks/remotestorage_discourse/README.md new file mode 100644 index 0000000..4d24590 --- /dev/null +++ b/site-cookbooks/remotestorage_discourse/README.md @@ -0,0 +1,3 @@ +# remotestorage_discourse + +Wrapper cookbook based on discourse diff --git a/site-cookbooks/remotestorage_discourse/attributes/default.rb b/site-cookbooks/remotestorage_discourse/attributes/default.rb new file mode 100644 index 0000000..59beba8 --- /dev/null +++ b/site-cookbooks/remotestorage_discourse/attributes/default.rb @@ -0,0 +1,2 @@ +node.override['discourse']['domain'] = "community.remotestorage.io" +node.override['discourse']['role'] = "remotestorage_discourse" diff --git a/site-cookbooks/remotestorage_discourse/chefignore b/site-cookbooks/remotestorage_discourse/chefignore new file mode 100644 index 0000000..5039e1c --- /dev/null +++ b/site-cookbooks/remotestorage_discourse/chefignore @@ -0,0 +1,110 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +mkmf.log +REVISION +TAGS* +tmtags + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out + +# Testing # +########### +.circleci/* +.codeclimate.yml +.foodcritic +.kitchen* +.rspec +.rubocop.yml +.travis.yml +.watchr +azure-pipelines.yml +examples/* +features/* +Guardfile +kitchen.yml* +Procfile +Rakefile +spec/* +spec/* +spec/fixtures/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Cookbooks # +############# +CHANGELOG* +CONTRIBUTING* +TESTING* +CODE_OF_CONDUCT* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/site-cookbooks/remotestorage_discourse/metadata.rb b/site-cookbooks/remotestorage_discourse/metadata.rb new file mode 100644 index 0000000..f0de442 --- /dev/null +++ b/site-cookbooks/remotestorage_discourse/metadata.rb @@ -0,0 +1,10 @@ +name 'remotestorage_discourse' +maintainer 'Kosmos Developers' +maintainer_email 'mail@kosmos.org' +license 'MIT' +description 'Installs/Configures discourse' +long_description 'Installs/Configures discourse' +version '0.1.0' +chef_version '>= 14.0' + +depends 'discourse' diff --git a/site-cookbooks/remotestorage_discourse/recipes/default.rb b/site-cookbooks/remotestorage_discourse/recipes/default.rb new file mode 100644 index 0000000..1a5e829 --- /dev/null +++ b/site-cookbooks/remotestorage_discourse/recipes/default.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: remotestorage_discourse +# Recipe:: default +# + +include_recipe 'discourse' diff --git a/site-cookbooks/remotestorage_discourse/recipes/nginx.rb b/site-cookbooks/remotestorage_discourse/recipes/nginx.rb new file mode 100644 index 0000000..937a70e --- /dev/null +++ b/site-cookbooks/remotestorage_discourse/recipes/nginx.rb @@ -0,0 +1,6 @@ +# +# Cookbook:: remotestorage_discourse +# Recipe:: nginx +# + +include_recipe "discourse::nginx" diff --git a/site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb b/site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb new file mode 100644 index 0000000..9db6621 --- /dev/null +++ b/site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb @@ -0,0 +1,35 @@ +# Generated by Chef +upstream _discourse { + <% @upstream_ip_addresses.each do |upstream_ip_address| -%> + server <%= upstream_ip_address %>:<%= @upstream_port %>; + <% end -%> +} + +<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> +server { + server_name <%= @server_name %>; + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_certificate <%= @ssl_cert %>; + ssl_certificate_key <%= @ssl_key %>; + + add_header Strict-Transport-Security "max-age=31536000"; + + # Send real IP to the Docker container + set_real_ip_from 127.0.0.1; + real_ip_header X-Forwarded-For; + + client_max_body_size 20M; + + location / { + # Increase number of buffers. Default is 8 + proxy_buffers 1024 8k; + + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_pass http://_discourse; + proxy_http_version 1.1; + } +} +<% end -%> From 410c2384506f74a413e1840449d180b0a0e0b110 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Tue, 11 Oct 2022 18:00:31 +0200 Subject: [PATCH 2/3] Update the discourse-2 and fornax nodes after Chef run --- nodes/discourse-2.json | 4 ++-- nodes/fornax.kosmos.org.json | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/nodes/discourse-2.json b/nodes/discourse-2.json index 2c1f11a..8db4677 100644 --- a/nodes/discourse-2.json +++ b/nodes/discourse-2.json @@ -54,6 +54,6 @@ }, "run_list": [ "recipe[kosmos-base]", - "role[discourse]" + "role[kosmos_discourse]" ] -} \ No newline at end of file +} diff --git a/nodes/fornax.kosmos.org.json b/nodes/fornax.kosmos.org.json index b84c8d7..bbd1f0e 100644 --- a/nodes/fornax.kosmos.org.json +++ b/nodes/fornax.kosmos.org.json @@ -27,6 +27,7 @@ "kosmos_website::default", "kosmos-ejabberd::nginx", "kosmos-akkounts::nginx_api", + "remotestorage_discourse::nginx", "kosmos_zerotier::controller", "kosmos_zerotier::firewall", "kosmos_zerotier::zncui", @@ -54,6 +55,7 @@ "nginx::commons_script", "nginx::commons_conf", "kosmos-nginx::firewall", + "discourse::nginx", "git::default", "git::package", "kosmos-base::letsencrypt" From fe8e66fda322f1650826485744cfe908346190c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Tue, 11 Oct 2022 18:00:48 +0200 Subject: [PATCH 3/3] Add the new rs-discourse-1 server --- clients/rs-discourse-1.json | 4 +++ nodes/rs-discourse-1.json | 59 +++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 clients/rs-discourse-1.json create mode 100644 nodes/rs-discourse-1.json diff --git a/clients/rs-discourse-1.json b/clients/rs-discourse-1.json new file mode 100644 index 0000000..8b9e981 --- /dev/null +++ b/clients/rs-discourse-1.json @@ -0,0 +1,4 @@ +{ + "name": "rs-discourse-1", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJquhCuRRN/O3rh2QShw\nYxGkEIoBImpVv8uF+VmdPLGQ3fYCO20OSr3y+yk1zGN1aQTEgD7LeCd+U2vBUPAh\nwr2uNkZotIsemkWZIMAPLb9d/2uv/GxBqku0L8JRAxGleHVO5eKsi6w1XdwO00dw\nwgEJa+mju86Vz6hzRzW+KzkdpkcfowH2+BVUV+zuzaR9/mPUiuQXZwSnR+Li4S6j\nR4x/AkRsN/43gzgiBwZz1UdAy6r6ZbUBPm4lZT/QKbURJ+x15swbFHKvR34GvdbT\n2mI15VFvLxr+h4bH5CCswcV4eThzISHGbiN3LZQVpneoWP8BjerFVqx0NfbKDu9t\nsQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/rs-discourse-1.json b/nodes/rs-discourse-1.json new file mode 100644 index 0000000..1852527 --- /dev/null +++ b/nodes/rs-discourse-1.json @@ -0,0 +1,59 @@ +{ + "name": "rs-discourse-1", + "normal": { + "knife_zero": { + "host": "10.1.1.187" + } + }, + "automatic": { + "fqdn": "rs-discourse-1", + "os": "linux", + "os_version": "5.4.0-1073-kvm", + "hostname": "rs-discourse-1", + "ipaddress": "192.168.122.30", + "roles": [ + "remotestorage_discourse" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "remotestorage_discourse", + "remotestorage_discourse::default", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default", + "discourse::default", + "firewall::default", + "chef-sugar::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "17.10.3", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.10.3/lib", + "chef_effortless": null + }, + "ohai": { + "version": "17.9.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai" + } + } + }, + "run_list": [ + "recipe[kosmos-base]", + "role[remotestorage_discourse]" + ] +} \ No newline at end of file