From d8baa41c14fceec161f507075b8eb9cbc44a2bb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Mon, 9 Dec 2024 18:11:26 +0400 Subject: [PATCH] Add new node configs --- clients/garage-10.json | 4 + clients/garage-11.json | 4 + clients/garage-9.json | 4 + nodes/garage-10.json | 64 +++ nodes/garage-11.json | 64 +++ nodes/garage-6.json | 1190 +++++++++++++++++++++++++++++++++++++++- nodes/garage-9.json | 64 +++ 7 files changed, 1393 insertions(+), 1 deletion(-) create mode 100644 clients/garage-10.json create mode 100644 clients/garage-11.json create mode 100644 clients/garage-9.json create mode 100644 nodes/garage-10.json create mode 100644 nodes/garage-11.json create mode 100644 nodes/garage-9.json diff --git a/clients/garage-10.json b/clients/garage-10.json new file mode 100644 index 0000000..6ab390b --- /dev/null +++ b/clients/garage-10.json @@ -0,0 +1,4 @@ +{ + "name": "garage-10", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2+3Wo+KkXVJCOX1SxT9\nSdwKXgPbCDM3EI9uwoxhMxQfRyN53dxIsBDsQUVOIe1Z8yqm4FenMQlNmeDR+QLE\nvNFf1fisinW+D9VVRm+CjcJy96i/Dyt786Z6YRrDlB860HxCbfTL2Zv5BRtbyIKg\nhz5gO+9PMEpPVR2ij9iue4K6jbM1AAL2ia/P6zDWLJqeIzUocCeHV5N0Z3jXH6qr\nf444v78x35MMJ+3tg5h95SU1/PDCpdSTct4uHEuKIosiN7p4DlYMoM5iSyvVoujr\nflRQPEpGzS9qEt3rDo/F4ltzYMx6bf1tB/0QaBKD+zwPZWTTwf61tSBo5/NkGvJc\nFQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/clients/garage-11.json b/clients/garage-11.json new file mode 100644 index 0000000..120726b --- /dev/null +++ b/clients/garage-11.json @@ -0,0 +1,4 @@ +{ + "name": "garage-11", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfZcNEQojtmaogd9vGP/\nMsVPhAOlQ4kxKgrUas+p+XT7lXRan6b3M8UZEleIaL1HWsjSVwtFWRnNl8kg8rF8\nNEkLeOX8kHf7IoXDFOQa2TXanY8tSqrfh9/heFunt4Q3DluVt7S3bBdwukbDXm/n\nXJS2EQP33eJT4reL6FpVR0oVlFCzI3Vmf7ieSHIBXrbXy7AIvGC2+NVXvQle6pqp\nx0rqU6Wc6ef/VtIv+vK3YFnt9ue3tC63mexyeNKgRYf1YjDx61wo2bOY2t8rqN8y\nHeZ3dmAN8/Vwjk5VGnZqK7kRQ92G4IcE+mEp7MuwXcLqQ9WB960o+evay+o1R5JS\nhwIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/clients/garage-9.json b/clients/garage-9.json new file mode 100644 index 0000000..21336dc --- /dev/null +++ b/clients/garage-9.json @@ -0,0 +1,4 @@ +{ + "name": "garage-9", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMHzKE8JBrsQkmRDeMjX\n71mBzvRzNM90cwA8xtvIkXesdTyGqohX9k/PJbCY5ySGK9PpMaYDPVAnwnUP8LFQ\n3G98aSbLxUjqU/PBzRsnWpihehr05uz9zYcNFzr4LTNvGQZsq47nN9Tk+LG3zHP7\nAZViv2mJ4ZRnukXf6KHlyoVvhuTu+tiBM8QzjTF97iP/aguNPzYHmrecy9Uf5bSA\nZrbNZT+ayxtgswC2OclhRucx7XLSuHXtpwFqsQzSAhiX1aQ3wwCyH9WJtVwpfUsE\nlxTjcQiSM9aPZ8iSC0shpBaKD1j3iF/2K2Jk+88++zMhJJPLermvaJxzsdePgvyk\nKQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/garage-10.json b/nodes/garage-10.json new file mode 100644 index 0000000..7228ca1 --- /dev/null +++ b/nodes/garage-10.json @@ -0,0 +1,64 @@ +{ + "name": "garage-10", + "chef_environment": "production", + "normal": { + "knife_zero": { + "host": "10.1.1.27" + } + }, + "automatic": { + "fqdn": "garage-10", + "os": "linux", + "os_version": "5.4.0-1090-kvm", + "hostname": "garage-10", + "ipaddress": "192.168.122.70", + "roles": [ + "base", + "kvm_guest", + "garage_node" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_kvm::guest", + "kosmos_garage", + "kosmos_garage::default", + "kosmos_garage::firewall_rpc", + "kosmos_garage::firewall_apis", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default", + "firewall::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "18.5.0", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib", + "chef_effortless": null + }, + "ohai": { + "version": "18.1.11", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai" + } + } + }, + "run_list": [ + "role[base]", + "role[kvm_guest]", + "role[garage_node]" + ] +} diff --git a/nodes/garage-11.json b/nodes/garage-11.json new file mode 100644 index 0000000..4f6c161 --- /dev/null +++ b/nodes/garage-11.json @@ -0,0 +1,64 @@ +{ + "name": "garage-11", + "chef_environment": "production", + "normal": { + "knife_zero": { + "host": "10.1.1.165" + } + }, + "automatic": { + "fqdn": "garage-11", + "os": "linux", + "os_version": "5.15.0-1059-kvm", + "hostname": "garage-11", + "ipaddress": "192.168.122.9", + "roles": [ + "base", + "kvm_guest", + "garage_node" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_kvm::guest", + "kosmos_garage", + "kosmos_garage::default", + "kosmos_garage::firewall_rpc", + "kosmos_garage::firewall_apis", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default", + "firewall::default" + ], + "platform": "ubuntu", + "platform_version": "22.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "18.5.0", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib", + "chef_effortless": null + }, + "ohai": { + "version": "18.1.11", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai" + } + } + }, + "run_list": [ + "role[base]", + "role[kvm_guest]", + "role[garage_node]" + ] +} diff --git a/nodes/garage-6.json b/nodes/garage-6.json index 6262df1..f126408 100644 --- a/nodes/garage-6.json +++ b/nodes/garage-6.json @@ -1,11 +1,1199 @@ { "name": "garage-6", "chef_environment": "production", + "override": { + "apt": { + "unattended_upgrades": { + "allowed_origins": [ + "${distro_id}:${distro_codename}-security", + "${distro_id}:${distro_codename}-updates" + ], + "mail": "ops@kosmos.org", + "syslog_enable": true + } + }, + "set_fqdn": "*", + "akkounts": { + "btcpay": { + "public_url": "https://btcpay.kosmos.org", + "store_id": "FNJVVsrVkKaduPDAkRVchdegjwzsNhpceAdonCaXAwBX" + }, + "ejabberd": { + "admin_url": "https://xmpp.kosmos.org:5443/admin" + }, + "lndhub": { + "public_url": "https://lndhub.kosmos.org", + "public_key": "024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946" + }, + "nostr": { + "public_key": "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a", + "relay_url": "wss://nostr.kosmos.org" + } + }, + "discourse": { + "domain": "community.kosmos.org" + }, + "droneci": { + "public_url": "https://drone.kosmos.org" + }, + "ejabberd": { + "turn_domain": "turn.kosmos.org" + }, + "email": { + "domain": "kosmos.org", + "hostname": "mail.kosmos.org", + "report_contact": "abuse@kosmos.org", + "virtual_aliases": { + "admin@kosmos.org": "ops@kosmos.org", + "ops@kosmos.org": "ops@5apps.com", + "webmaster": "mail@kosmos.org", + "hostmaster@kosmos.org": "mail@kosmos.org", + "postmaster@kosmos.org": "mail@kosmos.org", + "abuse@kosmos.org": "mail@kosmos.org", + "mail@kosmos.org": "foundation@kosmos.org" + } + }, + "garage": { + "replication_mode": "2", + "s3_api_root_domain": "s3.kosmos.org", + "s3_web_root_domain": "web.s3.kosmos.org", + "s3_web_domains": [ + "media.kosmos.chat", + "s3.accounts.kosmos.org", + "s3.community.kosmos.org", + "s3.kosmos.social" + ], + "xmpp_upload_bucket": "kosmos-xmpp-uploads" + }, + "gitea": { + "domain": "gitea.kosmos.org", + "postgresql_host": "pg.kosmos.local:5432", + "config": { + "storage": { + "type": "minio", + "endpoint": "localhost:3900", + "location": "garage", + "use_ssl": "false" + } + } + }, + "kosmos_kvm": { + "backup": { + "nodes_excluded": [ + "garage-", + "lq-", + "rsk-", + "postgres-6" + ] + } + }, + "kosmos-mastodon": { + "domain": "kosmos.social", + "user_address_domain": "kosmos.social", + "s3_endpoint": "http://localhost:3900", + "s3_region": "garage", + "s3_bucket": "kosmos-social", + "s3_alias_host": "s3.kosmos.social", + "libre_translate_endpoint": "http://127.0.0.1:5000", + "alternate_domains": [ + "mastodon.w7nooprauv6yrnhzh2ajpcnj3doinked2aaztlwfyt6u6pva2qdxqhid.onion" + ] + }, + "liquor-cabinet": { + "ufw_source_allowed": "10.1.1.0/24", + "redis_port": 6379, + "redis_db": 1, + "s3_endpoint": "http://localhost:3900", + "s3_region": "garage", + "s3_bucket": "rs-kosmos", + "domain": "storage.kosmos.org", + "root_redirect_url": "https://accounts.kosmos.org" + }, + "mediawiki": { + "url": "https://wiki.kosmos.org" + }, + "sentry": { + "allowed_ips": "10.1.1.0/24" + }, + "strfry": { + "domain": "nostr.kosmos.org", + "real_ip_header": "x-real-ip", + "policy_path": "/opt/strfry/strfry-policy.ts", + "known_pubkeys": { + "_": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf", + "accounts": "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a", + "bitcoincore": "47750177bb6bb113784e4973f6b2e3dd27ef1eff227d6e38d0046d618969e41a", + "fiatjaf": "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d" + }, + "info": { + "name": "Kosmos Relay", + "description": "Members-only nostr relay for kosmos.org users", + "pubkey": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf", + "contact": "ops@kosmos.org", + "icon": "https://assets.kosmos.org/img/app-icon-256px.png" + } + }, + "substr": { + "relay_urls": [ + "ws://localhost:7777", + "wss://nostr.x0f.org", + "wss://relay.damus.io" + ] + } + }, "normal": { "knife_zero": { "host": "10.1.1.161" } }, + "default": { + "audit": { + "inspec_backend_cache": true, + "reporter": null, + "fetcher": null, + "insecure": null, + "quiet": true, + "profiles": { + + }, + "inputs": { + + }, + "attributes": { + + }, + "waiver_file": null, + "json_file": { + "location": "/var/chef/compliance_reports/compliance-20241027214204.json" + }, + "run_time_limit": 1.0, + "result_message_limit": 10000, + "result_include_backtrace": false, + "control_results_limit": 50, + "chef_node_attribute_enabled": true, + "compliance_phase": false, + "interval": { + "enabled": false, + "time": 1440 + } + }, + "apt": { + "cacher_dir": "/var/cache/apt-cacher-ng", + "cacher_interface": null, + "cacher_port": 3142, + "compiletime": false, + "compile_time_update": false, + "key_proxy": "", + "periodic_update_min_delay": 86400, + "launchpad_api_version": "1.0", + "unattended_upgrades": { + "enable": false, + "update_package_lists": true, + "allowed_origins": [ + "Ubuntu focal" + ], + "origins_patterns": [ + + ], + "package_blacklist": [ + + ], + "auto_fix_interrupted_dpkg": false, + "minimal_steps": false, + "install_on_shutdown": false, + "mail": null, + "sender": null, + "mail_only_on_error": true, + "remove_unused_dependencies": false, + "automatic_reboot": false, + "automatic_reboot_time": "now", + "dl_limit": null, + "random_sleep": null, + "syslog_enable": false, + "syslog_facility": "daemon", + "dpkg_options": [ + + ] + }, + "cacher_client": { + "cacher_server": { + + } + }, + "confd": { + "force_confask": false, + "force_confdef": false, + "force_confmiss": false, + "force_confnew": false, + "force_confold": false, + "install_recommends": true, + "install_suggests": false + } + }, + "firewall": { + "allow_ssh": false, + "allow_winrm": false, + "allow_mosh": false, + "allow_loopback": false, + "allow_icmp": false, + "firewalld": { + "permanent": false + }, + "iptables": { + "defaults": { + "policy": { + "input": "DROP", + "forward": "DROP", + "output": "ACCEPT" + }, + "ruleset": { + "*filter": 1, + ":INPUT DROP": 2, + ":FORWARD DROP": 3, + ":OUTPUT ACCEPT": 4, + "COMMIT_FILTER": 100 + } + } + }, + "ubuntu_iptables": false, + "redhat7_iptables": false, + "allow_established": true, + "ipv6_enabled": true, + "ufw": { + "defaults": { + "ipv6": "yes", + "manage_builtins": "no", + "ipt_sysctl": "/etc/ufw/sysctl.conf", + "ipt_modules": "nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns", + "policy": { + "input": "DROP", + "output": "ACCEPT", + "forward": "DROP", + "application": "SKIP" + } + } + }, + "windows": { + "defaults": { + "policy": { + "input": "blockinbound", + "output": "allowoutbound" + } + } + } + }, + "hostsfile": { + "path": null + }, + "hostname_cookbook": { + "hostsfile_ip": "127.0.1.1", + "hostsfile_aliases": [ + + ], + "hostsfile_include_hostname_in_aliases": true, + "append_hostsfile_ip": true + }, + "postfix": { + "packages": [ + "postfix" + ], + "mail_type": "client", + "relayhost_role": "relayhost", + "relayhost_port": "25", + "multi_environment_relay": false, + "use_procmail": false, + "use_alias_maps": false, + "use_transport_maps": false, + "use_access_maps": false, + "use_virtual_aliases": false, + "use_virtual_aliases_domains": false, + "use_relay_restrictions_maps": false, + "transports": { + + }, + "access": { + + }, + "virtual_aliases": { + + }, + "virtual_aliases_domains": { + + }, + "main_template_source": "postfix", + "master_template_source": "postfix", + "sender_canonical_map_entries": { + + }, + "smtp_generic_map_entries": { + + }, + "recipient_canonical_map_entries": { + + }, + "access_db_type": "hash", + "aliases_db_type": "hash", + "transport_db_type": "hash", + "virtual_alias_db_type": "hash", + "virtual_alias_domains_db_type": "hash", + "conf_dir": "/etc/postfix", + "aliases_db": "/etc/aliases", + "transport_db": "/etc/postfix/transport", + "access_db": "/etc/postfix/access", + "virtual_alias_db": "/etc/postfix/virtual", + "virtual_alias_domains_db": "/etc/postfix/virtual_domains", + "relay_restrictions_db": "/etc/postfix/relay_restrictions", + "main": { + "biff": "no", + "append_dot_mydomain": "no", + "myhostname": "garage-6", + "mydomain": "garage-6", + "myorigin": "$myhostname", + "mydestination": [ + "garage-6", + "garage-6", + "localhost.localdomain", + "localhost" + ], + "smtpd_use_tls": "yes", + "smtp_use_tls": "yes", + "smtpd_tls_mandatory_protocols": "!SSLv2,!SSLv3", + "smtp_tls_mandatory_protocols": "!SSLv2,!SSLv3", + "smtpd_tls_protocols": "!SSLv2,!SSLv3", + "smtp_tls_protocols": "!SSLv2,!SSLv3", + "smtp_sasl_auth_enable": "yes", + "mailbox_size_limit": 0, + "mynetworks": null, + "inet_interfaces": "loopback-only", + "smtp_tls_CAfile": "/etc/ssl/certs/ca-certificates.crt", + "smtpd_tls_CAfile": "/etc/ssl/certs/ca-certificates.crt", + "relayhost": "smtp.mailgun.org:587", + "smtp_sasl_password_maps": "hash:/etc/postfix/sasl_passwd", + "smtp_sasl_security_options": "noanonymous", + "smtpd_tls_cert_file": "/etc/ssl/certs/ssl-cert-snakeoil.pem", + "smtpd_tls_key_file": "/etc/ssl/private/ssl-cert-snakeoil.key", + "smtpd_tls_session_cache_database": "btree:${data_directory}/smtpd_scache", + "smtp_tls_session_cache_database": "btree:${data_directory}/smtp_scache", + "maildrop_destination_recipient_limit": 1, + "cyrus_destination_recipient_limit": 1 + }, + "cafile": "/etc/ssl/certs/ca-certificates.crt", + "master": { + "smtp": { + "active": true, + "order": 10, + "type": "inet", + "private": false, + "chroot": false, + "command": "smtpd", + "args": [ + + ] + }, + "submission": { + "active": false, + "order": 20, + "type": "inet", + "private": false, + "chroot": false, + "command": "smtpd", + "args": [ + "-o smtpd_enforce_tls=yes", + " -o smtpd_sasl_auth_enable=yes", + "-o smtpd_client_restrictions=permit_sasl_authenticated,reject" + ] + }, + "smtps": { + "active": false, + "order": 30, + "type": "inet", + "private": false, + "chroot": false, + "command": "smtpd", + "args": [ + "-o smtpd_tls_wrappermode=yes", + "-o smtpd_sasl_auth_enable=yes", + "-o smtpd_client_restrictions=permit_sasl_authenticated,reject" + ] + }, + "628": { + "active": false, + "order": 40, + "type": "inet", + "private": false, + "chroot": false, + "command": "qmqpdd", + "args": [ + + ] + }, + "pickup": { + "active": true, + "order": 50, + "type": "fifo", + "private": false, + "chroot": false, + "wakeup": "60", + "maxproc": "1", + "command": "pickup", + "args": [ + + ] + }, + "cleanup": { + "active": true, + "order": 60, + "type": "unix", + "private": false, + "chroot": false, + "maxproc": "0", + "command": "cleanup", + "args": [ + + ] + }, + "qmgr": { + "active": true, + "order": 70, + "type": "fifo", + "private": false, + "chroot": false, + "wakeup": "300", + "maxproc": "1", + "command": "qmgr", + "args": [ + + ] + }, + "tlsmgr": { + "active": true, + "order": 80, + "type": "unix", + "chroot": false, + "wakeup": "1000?", + "maxproc": "1", + "command": "tlsmgr", + "args": [ + + ] + }, + "rewrite": { + "active": true, + "order": 90, + "type": "unix", + "chroot": false, + "command": "trivial-rewrite", + "args": [ + + ] + }, + "bounce": { + "active": true, + "order": 100, + "type": "unix", + "chroot": false, + "maxproc": "0", + "command": "bounce", + "args": [ + + ] + }, + "defer": { + "active": true, + "order": 110, + "type": "unix", + "chroot": false, + "maxproc": "0", + "command": "bounce", + "args": [ + + ] + }, + "trace": { + "active": true, + "order": 120, + "type": "unix", + "chroot": false, + "maxproc": "0", + "command": "bounce", + "args": [ + + ] + }, + "verify": { + "active": true, + "order": 130, + "type": "unix", + "chroot": false, + "maxproc": "1", + "command": "verify", + "args": [ + + ] + }, + "flush": { + "active": true, + "order": 140, + "type": "unix", + "private": false, + "chroot": false, + "wakeup": "1000?", + "maxproc": "0", + "command": "flush", + "args": [ + + ] + }, + "proxymap": { + "active": true, + "order": 150, + "type": "unix", + "chroot": false, + "command": "proxymap", + "args": [ + + ] + }, + "smtpunix": { + "service": "smtp", + "active": true, + "order": 160, + "type": "unix", + "chroot": false, + "maxproc": "500", + "command": "smtp", + "args": [ + + ] + }, + "relay": { + "active": true, + "comment": "When relaying mail as backup MX, disable fallback_relay to avoid MX loops", + "order": 170, + "type": "unix", + "chroot": false, + "command": "smtp", + "args": [ + "-o smtp_fallback_relay=" + ] + }, + "showq": { + "active": true, + "order": 180, + "type": "unix", + "private": false, + "chroot": false, + "command": "showq", + "args": [ + + ] + }, + "error": { + "active": true, + "order": 190, + "type": "unix", + "chroot": false, + "command": "error", + "args": [ + + ] + }, + "discard": { + "active": true, + "order": 200, + "type": "unix", + "chroot": false, + "command": "discard", + "args": [ + + ] + }, + "local": { + "active": true, + "order": 210, + "type": "unix", + "unpriv": false, + "chroot": false, + "command": "local", + "args": [ + + ] + }, + "virtual": { + "active": true, + "order": 220, + "type": "unix", + "unpriv": false, + "chroot": false, + "command": "virtual", + "args": [ + + ] + }, + "lmtp": { + "active": true, + "order": 230, + "type": "unix", + "chroot": false, + "command": "lmtp", + "args": [ + + ] + }, + "anvil": { + "active": true, + "order": 240, + "type": "unix", + "chroot": false, + "maxproc": "1", + "command": "anvil", + "args": [ + + ] + }, + "scache": { + "active": true, + "order": 250, + "type": "unix", + "chroot": false, + "maxproc": "1", + "command": "scache", + "args": [ + + ] + }, + "maildrop": { + "active": true, + "comment": "See the Postfix MAILDROP_README file for details. To main.cf will be added: maildrop_destination_recipient_limit=1", + "order": 510, + "type": "unix", + "unpriv": false, + "chroot": false, + "command": "pipe", + "args": [ + "flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}" + ] + }, + "old-cyrus": { + "active": false, + "comment": "The Cyrus deliver program has changed incompatibly, multiple times.", + "order": 520, + "type": "unix", + "unpriv": false, + "chroot": false, + "command": "pipe", + "args": [ + "flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}" + ] + }, + "cyrus": { + "active": true, + "comment": "Cyrus 2.1.5 (Amos Gouaux). To main.cf will be added: cyrus_destination_recipient_limit=1", + "order": 530, + "type": "unix", + "unpriv": false, + "chroot": false, + "command": "pipe", + "args": [ + "user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}" + ] + }, + "uucp": { + "active": true, + "comment": "See the Postfix UUCP_README file for configuration details.", + "order": 540, + "type": "unix", + "unpriv": false, + "chroot": false, + "command": "pipe", + "args": [ + "flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)" + ] + }, + "ifmail": { + "active": false, + "order": 550, + "type": "unix", + "unpriv": false, + "chroot": false, + "command": "pipe", + "args": [ + "flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)" + ] + }, + "bsmtp": { + "active": true, + "order": 560, + "type": "unix", + "unpriv": false, + "chroot": false, + "command": "pipe", + "args": [ + "flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient" + ] + } + }, + "aliases": { + + }, + "sasl": { + "smtp_sasl_user_name": "postmaster@mg.kosmos.org", + "smtp_sasl_passwd": "f5a3ba8e20e01b6f2cca83b28d8cd2a6-c30053db-fc52c414" + }, + "sasl_password_file": "/etc/postfix/sasl_passwd" + }, + "ntp": { + "servers": [ + "0.pool.ntp.org", + "1.pool.ntp.org", + "2.pool.ntp.org", + "3.pool.ntp.org" + ], + "peers": [ + + ], + "restrictions": [ + + ], + "tinker": { + "panic": 0, + "allan": 1500, + "dispersion": 15, + "step": 0.128, + "stepout": 900 + }, + "restrict_default": "kod notrap nomodify nopeer noquery", + "packages": [ + "ntp" + ], + "service": "ntp", + "varlibdir": "/var/lib/ntp", + "driftfile": "/var/lib/ntp/ntp.drift", + "logfile": null, + "conffile": "/etc/ntp.conf", + "statsdir": "/var/log/ntpstats/", + "conf_owner": "root", + "conf_group": "root", + "var_owner": "ntp", + "var_group": "ntp", + "leapfile": "/etc/ntp.leapseconds", + "sync_clock": false, + "sync_hw_clock": false, + "listen": null, + "listen_network": null, + "ignore": null, + "apparmor_enabled": true, + "monitor": false, + "statistics": true, + "conf_restart_immediate": false, + "keys": null, + "trustedkey": null, + "requestkey": null, + "disable_tinker_panic_on_virtualization_guest": true, + "peer": { + "key": null, + "use_iburst": true, + "use_burst": false, + "minpoll": 6, + "maxpoll": 10 + }, + "server": { + "prefer": "", + "use_iburst": true, + "use_burst": false, + "minpoll": 6, + "maxpoll": 10 + }, + "orphan": { + "enabled": false, + "stratum": 5 + }, + "localhost": { + "noquery": false + }, + "use_cmos": false + }, + "timezone_iii": { + "timezone": "Etc/UTC", + "tzdata_dir": "/usr/share/zoneinfo", + "localtime_path": "/etc/localtime", + "use_symlink": false + }, + "kosmos_kvm": { + "host": { + "qemu_base_image": { + "url": "https://cloud-images.ubuntu.com/releases/jammy/release-20240514/ubuntu-22.04-server-cloudimg-amd64-disk-kvm.img", + "checksum": "2e7698b3ebd7caead06b08bd3ece241e6ce294a6db01f92ea12bcb56d6972c3f", + "path": "/var/lib/libvirt/images/base/ubuntu-22.04-server-cloudimg-amd64-disk-kvm-20240514.qcow2" + } + }, + "backup": { + "schedule": "0/3:00", + "nodes_excluded": [ + + ] + } + }, + "msys2": { + "url": "http://downloads.sourceforge.net/project/msys2/Base/x86_64/msys2-base-x86_64-20160205.tar.xz", + "checksum": "7e97e2af042e1b6f62cf0298fe84839014ef3d4a3e7825cffc6931c66cc0fc20" + }, + "build-essential": { + "compile_time": false, + "msys2": { + "path": "\\msys2" + } + }, + "git": { + "prefix": "/usr/local", + "version": "2.17.1", + "url": "https://nodeload.github.com/git/git/tar.gz/v%{version}", + "checksum": "690f12cc5691e5adaf2dd390eae6f5acce68ae0d9bd9403814f8a1433833f02a", + "use_pcre": false, + "server": { + "base_path": "/srv/git", + "export_all": true + } + }, + "jemalloc": { + "version": "5.1.0", + "url": "https://github.com/jemalloc/jemalloc/releases/download/5.1.0/jemalloc-5.1.0.tar.bz2", + "checksum": "5396e61cc6103ac393136c309fae09e44d74743c86f90e266948c50f3dbb7268", + "configure": { + "munmap": true, + "lazy_lock": true, + "xmalloc": false, + "dss": false, + "mremap": false, + "stats": false, + "profiling": false, + "valgrind": false + } + }, + "logrotate": { + "package": { + "name": "logrotate", + "source": null, + "version": null, + "provider": null, + "action": "upgrade" + }, + "directory": "/etc/logrotate.d", + "cron": { + "install": false, + "name": "logrotate", + "command": "/usr/sbin/logrotate /etc/logrotate.conf", + "minute": 35, + "hour": 2 + }, + "global": { + "weekly": true, + "rotate": 4, + "create": "", + "/var/log/wtmp": { + "missingok": true, + "monthly": true, + "create": "0664 root utmp", + "rotate": 1 + }, + "/var/log/btmp": { + "missingok": true, + "monthly": true, + "create": "0660 root utmp", + "rotate": 1 + } + } + }, + "yum": { + "main": { + "cachedir": "/var/cache/yum/$basearch/$releasever", + "distroverpkg": "ubuntu-release", + "alwaysprompt": null, + "assumeyes": null, + "bandwidth": null, + "best": null, + "bugtracker_url": null, + "clean_requirements_on_remove": null, + "color": null, + "color_list_available_downgrade": null, + "color_list_available_install": null, + "color_list_available_reinstall": null, + "color_list_available_upgrade": null, + "color_list_installed_extra": null, + "color_list_installed_newer": null, + "color_list_installed_older": null, + "color_list_installed_reinstall": null, + "color_search_match": null, + "color_update_installed": null, + "color_update_local": null, + "color_update_remote": null, + "commands": null, + "deltarpm": null, + "debuglevel": null, + "diskspacecheck": null, + "enable_group_conditionals": null, + "errorlevel": null, + "exactarch": null, + "exclude": null, + "excludepkgs": null, + "gpgcheck": true, + "group_package_types": null, + "groupremove_leaf_only": null, + "history_list_view": null, + "history_record": null, + "history_record_packages": null, + "http_caching": null, + "ip_resolve": null, + "installonly_limit": null, + "installonlypkgs": null, + "installroot": null, + "keepalive": null, + "keepcache": false, + "kernelpkgnames": null, + "localpkg_gpgcheck": false, + "logfile": "/var/log/yum.log", + "max_retries": null, + "mdpolicy": null, + "metadata_expire": null, + "mirrorlist_expire": null, + "multilib_policy": null, + "obsoletes": null, + "overwrite_groups": null, + "password": null, + "path": "/etc/yum.conf", + "persistdir": null, + "pluginconfpath": null, + "pluginpath": null, + "plugins": null, + "protected_multilib": null, + "protected_packages": null, + "proxy": null, + "proxy_password": null, + "proxy_username": null, + "recent": null, + "repo_gpgcheck": null, + "reposdir": null, + "reset_nice": null, + "rpmverbosity": null, + "showdupesfromrepos": null, + "skip_broken": null, + "skip_if_unavailable": null, + "ssl_check_cert_permissions": null, + "sslcacert": null, + "sslclientcert": null, + "sslclientkey": null, + "sslverify": null, + "syslog_device": null, + "syslog_facility": null, + "syslog_ident": null, + "throttle": null, + "timeout": null, + "tolerant": false, + "tsflags": null, + "username": null + } + }, + "openresty": { + "source": { + "version": "1.13.6.2", + "file_prefix": "openresty", + "checksum": "946e1958273032db43833982e2cec0766154a9b5cb8e67868944113208ff2942", + "name": "%{file_prefix}-%{version}", + "url": "https://openresty.org/download/%{name}.tar.gz", + "conf_path": "/etc/nginx/nginx.conf", + "prefix": "/usr/share", + "state": "/etc/chef_state.d", + "path": "/var/chef/cache", + "default_configure_flags": [ + "--prefix=/usr/share", + "--conf-path=/etc/nginx/nginx.conf", + "--sbin-path=/usr/sbin/nginx", + "--error-log-path=/var/log/nginx/error.log", + "--http-log-path=/var/log/nginx/access.log", + "--pid-path=/var/run/nginx.pid", + "--lock-path=/var/run/nginx.lock", + "--http-client-body-temp-path=/var/cache/nginx/client_temp", + "--http-proxy-temp-path=/var/cache/nginx/proxy_temp", + "--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp", + "--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp", + "--http-scgi-temp-path=/var/cache/nginx/scgi_temp", + "--with-ipv6", + "--with-md5-asm", + "--with-sha1-asm", + "--without-http_ssi_module", + "--without-mail_smtp_module", + "--without-mail_imap_module", + "--without-mail_pop3_module" + ] + }, + "dir": "/etc/nginx", + "log_dir": "/var/log/nginx", + "cache_dir": "/var/cache/nginx", + "run_dir": "/var/run", + "binary": "/usr/sbin/nginx", + "pid": "/var/run/nginx.pid", + "modules": [ + "http_ssl_module", + "http_gzip_static_module", + "http_gunzip_module", + "http_stub_status_module", + "http_secure_link_module", + "http_realip_module", + "http_flv_module", + "http_mp4_module", + "cache_purge_module" + ], + "extra_modules": [ + + ], + "configure_flags": [ + + ], + "user": "www-data", + "group": "www-data", + "user_system": true, + "user_shell": "/bin/false", + "user_home": "/var/www", + "ipv6": true, + "gzip": "on", + "gzip_http_version": "1.0", + "gzip_comp_level": "2", + "gzip_proxied": "any", + "gzip_vary": "off", + "gzip_buffers": null, + "gzip_types": [ + "text/plain", + "text/css", + "application/x-javascript", + "text/xml", + "application/xml", + "application/xml+rss", + "text/javascript", + "application/javascript", + "application/json", + "font/truetype", + "font/opentype", + "application/vnd.ms-fontobject", + "image/svg+xml" + ], + "keepalive": "on", + "keepalive_timeout": 5, + "keepalive_requests": 100, + "worker_processes": 2, + "worker_auto_affinity": true, + "worker_connections": 4096, + "worker_rlimit_nofile": null, + "multi_accept": false, + "try_aio": false, + "event": "epoll", + "server_names_hash_bucket_size": 64, + "client_max_body_size": "32M", + "client_body_buffer_size": "8K", + "large_client_header_buffers": "32 32k", + "types_hash_max_size": 2048, + "types_hash_bucket_size": 64, + "variables_hash_max_size": 1024, + "variables_hash_bucket_size": 64, + "open_file_cache": { + "max": 1000, + "inactive": "20s", + "valid": "30s", + "min_uses": "8", + "errors": "on" + }, + "log_formats": { + "main": "$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\"" + }, + "logrotate": true, + "logrotate_days": 7, + "logrotate_options": [ + "missingok", + "delaycompress", + "notifempty", + "compress", + "sharedscripts" + ], + "disable_access_log": true, + "default_site_enabled": false, + "custom_pcre": true, + "link_to_jemalloc": false, + "max_subrequests": 201, + "generate_dhparams": true, + "resolver": null, + "resolver_ttl": "10s", + "lua_package_path": null, + "lua_package_cpath": null, + "cache_purge": { + "version": "2.3", + "url": "https://codeload.github.com/FRiCKLE/ngx_cache_purge/tar.gz/2.3", + "checksum": "cb7d5f22919c613f1f03341a1aeb960965269302e9eb23425ccaabd2f5dcbbec" + }, + "pcre": { + "version": "8.41", + "url": "https://sourceforge.net/projects/pcre/files/pcre/8.41/pcre-8.41.tar.bz2/download", + "checksum": "e62c7eac5ae7c0e7286db61ff82912e1c0b7a0c13706616e94a7dd729321b530" + }, + "luarocks": { + "version": "3.9.2", + "url": "https://luarocks.org/releases/luarocks-3.9.2.tar.gz", + "checksum": "bca6e4ecc02c203e070acdb5f586045d45c078896f6236eb46aa33ccd9b94edb", + "default_rocks": { + + } + }, + "or_modules": { + "luajit": true, + "luajit_binary": "2.1.0-beta1", + "iconv": true, + "drizzle": false, + "postgres": false + }, + "realip": { + "header": "X-Forwarded-For", + "addresses": [ + "127.0.0.1" + ], + "recursive": false + }, + "service": { + "recipe": "openresty::service_init", + "resource": "service[nginx]", + "restart_on_update": true, + "start_on_boot": true, + "defaults_file_template": "nginx.sysconfig.erb", + "defaults_file_cookbook": "openresty" + }, + "status": { + "url": "/nginx-status", + "allowed_ips": [ + + ] + }, + "upload_progress": { + "url": "https://github.com/masterzen/nginx-upload-progress-module/archive/v0.9.0.tar.gz", + "checksum": "93e29b9b437a2e34713de54c2861ea51151624aca09f73f9f44d1caaff01a6b1" + } + }, + "garage": { + "version": "0.8.4", + "checksum": { + "amd64": "45403d494847c42efc620f66c52d27c0bb0446a490e62f5b0b87489a588a767d" + }, + "replication_mode": "none", + "s3_api_port": 3900, + "rpc_port": 3901, + "s3_web_port": 3902, + "admin_port": 3903, + "k2v_api_port": 3904, + "s3_api_root_domain": ".s3.garage.localhost", + "s3_web_root_domain": ".web.garage.localhost", + "s3_web_domains": [ + + ], + "xmpp_upload_bucket": null, + "max_part_upload_size_mb": 101 + } + }, "automatic": { "fqdn": "garage-6", "os": "linux", @@ -61,4 +1249,4 @@ "role[kvm_guest]", "role[garage_node]" ] -} +} \ No newline at end of file diff --git a/nodes/garage-9.json b/nodes/garage-9.json new file mode 100644 index 0000000..b733284 --- /dev/null +++ b/nodes/garage-9.json @@ -0,0 +1,64 @@ +{ + "name": "garage-9", + "chef_environment": "production", + "normal": { + "knife_zero": { + "host": "10.1.1.223" + } + }, + "automatic": { + "fqdn": "garage-9", + "os": "linux", + "os_version": "5.4.0-1090-kvm", + "hostname": "garage-9", + "ipaddress": "192.168.122.21", + "roles": [ + "base", + "kvm_guest", + "garage_node" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_kvm::guest", + "kosmos_garage", + "kosmos_garage::default", + "kosmos_garage::firewall_rpc", + "kosmos_garage::firewall_apis", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default", + "firewall::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "18.5.0", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib", + "chef_effortless": null + }, + "ohai": { + "version": "18.1.11", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai" + } + } + }, + "run_list": [ + "role[base]", + "role[kvm_guest]", + "role[garage_node]" + ] +}