Initial Chef repository

site-cookbooks/kosmos-base/README.md

@@ -0,0 +1,4 @@
+5apps-base Cookbook
+======================
+
+This sets up base behaviour for our servers

site-cookbooks/kosmos-base/metadata.rb

@@ -0,0 +1,16 @@
+name             'kosmos-base'
+maintainer       'Kosmos'
+maintainer_email 'mail@kosmos.org'
+license          'All rights reserved'
+description      'The Kosmos base cookbook'
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version          '0.1.0'
+
+depends 'unattended-upgrades'
+depends 'users'
+depends 'chef-solo-search'
+depends 'sudo'
+depends 'kosmos-postfix'
+depends 'hostname'
+depends 'ufw'
+depends 'omnibus_updater'

site-cookbooks/kosmos-base/recipes/default.rb

@@ -0,0 +1,49 @@
+#
+# Cookbook Name:: kosmos-base
+# Recipe:: default
+#
+# Copyright 2015, Kosmos
+#
+# All rights reserved - Do Not Redistribute
+#
+
+node.override['omnibus_updater']['version']              = '12.4.1'
+node.override['omnibus_updater']['kill_chef_on_upgrade'] = false
+include_recipe 'omnibus_updater'
+
+package 'mailutils'
+node.override['unattended-upgrades']['admin_email'] = 'ops@5apps.com'
+include_recipe 'unattended-upgrades'
+
+package 'ruby2.1'
+package 'ruby2.1-dev'
+
+include_recipe 'users::sysadmins'
+
+node.override['authorization']['sudo']['passwordless'] = true
+include_recipe 'sudo'
+
+include_recipe 'kosmos-postfix'
+
+node.override['set_fqdn'] = '*'
+include_recipe 'hostname'
+
+include_recipe 'kosmos-base::firewall'
+
+package 'ca-certificates'
+
+directory '/usr/local/share/ca-certificates/cacert' do
+  action :create
+end
+
+['http://www.cacert.org/certs/root.crt', 'http://www.cacert.org/certs/class3.crt'].each do |cert|
+  remote_file "/usr/local/share/ca-certificates/cacert/#{File.basename(cert)}" do
+    source cert
+    action :create_if_missing
+    notifies :run, 'execute[update-ca-certificates]', :immediately
+  end
+end
+
+execute 'update-ca-certificates' do
+  action :nothing
+end

site-cookbooks/kosmos-base/recipes/firewall.rb

@@ -0,0 +1,19 @@
+#
+# Cookbook Name:: kosmos-base
+# Recipe:: firewall
+#
+# Copyright 2015, Kosmos
+#
+# All rights reserved - Do Not Redistribute
+#
+
+# enable default firewall
+firewall 'ufw' do
+  action :enable
+end
+
+firewall_rule 'ssh' do
+  port     22
+  protocol :tcp
+  action   :allow
+end