diff --git a/clients/akaunting-1.json b/clients/akaunting-1.json new file mode 100644 index 0000000..449e02e --- /dev/null +++ b/clients/akaunting-1.json @@ -0,0 +1,4 @@ +{ + "name": "akaunting-1", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmNpNWJh5DeXDsINDqAt\n5OtcGhnzLtqdILTD8A8KuPxWhoKI0k9xwvuT4yO2DLQqFMPyGefRuQkVsIq2OuU5\npK8B5c79E9MBHxti6mQZw4b/Jhmul+x2LGtOWYjPTDhFYXRsNNDtFDxwpwJGPede\nYts026yExHPhiF35Mt1JxA3TXJfPC8Vx0YGHu/6Ev+1fLmcKhFmhed5yKkA0gwod\nczdyQiCfw3ze9LuS90QmALpFOHHpekZeywemdwyPia207CoTrXsPLWj9KmuUEIQJ\nwL+OlEU2tVA6KaBKpl54n5/tMsccZmlicbNsVpgkk6LctrkNh6Kk+fW9ry3L/Gxg\nAwIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/data_bags/credentials/akaunting.json b/data_bags/credentials/akaunting.json new file mode 100644 index 0000000..3a32a81 --- /dev/null +++ b/data_bags/credentials/akaunting.json @@ -0,0 +1,31 @@ +{ + "id": "akaunting", + "app_key": { + "encrypted_data": "C7VVGHHrE/ESwtGeODf8zVraayO5uBSXaGR7f4yoj0MDq9WxPujItC3dIkMQ\ngjGzk8fH\n", + "iv": "4+d+RMLeuqaneFBa\n", + "auth_tag": "sBQDUVl6QbL/h9pd0kBQ0g==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "pg_database": { + "encrypted_data": "4mqHsMfDAqPvDmGsWgS9iE63qVeus7diSW8WiA==\n", + "iv": "6Cb1lVUcXBz+GA4u\n", + "auth_tag": "8O3N0m8jGhxs/YacdhgNHA==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "pg_username": { + "encrypted_data": "Nu0wiBhvqUwqC7PL2Qo8otq0b3faJqRsabqp2g==\n", + "iv": "1uA8mJc7itT0qHcx\n", + "auth_tag": "PRWw6LTlFrWs63SDRsovtQ==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "pg_password": { + "encrypted_data": "oXDKiXQ4aH5M2pVu1sx7dj0awKCORke03fq0uemjIfCMYbM=\n", + "iv": "snPyC8mocevc5kGH\n", + "auth_tag": "9wx4GPSydkYr2WGpZK5HZg==\n", + "version": 3, + "cipher": "aes-256-gcm" + } +} \ No newline at end of file diff --git a/data_bags/credentials/akkounts.json b/data_bags/credentials/akkounts.json index a59beae..63b7bcb 100644 --- a/data_bags/credentials/akkounts.json +++ b/data_bags/credentials/akkounts.json @@ -1,72 +1,72 @@ { "id": "akkounts", "postgresql_username": { - "encrypted_data": "bDlOkEmhvMgyVzPeTNUzYnzRLf3T9cc0cDxt\n", - "iv": "GCCUoqU5pxQ7fGkv\n", - "auth_tag": "Q7mrSHIBluMe3CGVmoR86Q==\n", + "encrypted_data": "ofLOjxGBj7no+lWrIvtxQQFoeozCh6mpfMTt\n", + "iv": "/CF+o4GqZx2O5WOm\n", + "auth_tag": "bjHXfgNQfXpQ2gucPLrUWA==\n", "version": 3, "cipher": "aes-256-gcm" }, "postgresql_password": { - "encrypted_data": "wD0HtdsNe/hl4ZaOy8hyr2k4z8TXQrrSja3KNVE47w==\n", - "iv": "tb5yz8WDer0CsGvJ\n", - "auth_tag": "/+K2anuCff/6M7Pu70Smqw==\n", + "encrypted_data": "f8Jfs4aqIjc6/6/NQlI2Fv8TzSgVmi5g0iYNhh9bAA==\n", + "iv": "vAzrZeUodmu4x5eB\n", + "auth_tag": "vx8eH2SY7I4IkZElXSC1Nw==\n", "version": 3, "cipher": "aes-256-gcm" }, "sentry_dsn": { - "encrypted_data": "jCz681x0WVixHYZUb62TO+1cgyJMiJ2UMqWcaztx57yDBOIiKW3oSZjuXdhP\n9WCesfXQF/lgzITZno3IKDqzlKjWgbGLC75y8FLguxidCHI=\n", - "iv": "IRNOzN/hLwg1iqax\n", - "auth_tag": "eg9dWnEK04JDb94e4CFa9Q==\n", + "encrypted_data": "oxW5jGU8DlIp5A9enxBhcJXuKyaZ5HziXq8Zw+Rbvpbv4C/RTGkJkgZdKcH1\nVzW/wNAT8nTK+nEvWgcQ3svjE40ltj2jcOexIRqLbuCClJE=\n", + "iv": "wpW9+VdX5GjocHSl\n", + "auth_tag": "1qrf1kZMrIR7WRiSaRjppQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "rails_master_key": { - "encrypted_data": "nUB77VLRp41rluH7hLBwQqPtnh/HsmfLr2VbcIZHWawL3o2TGuY+mj648f9L\n7XsEpgqY\n", - "iv": "fpdbDitqTRHxEKiv\n", - "auth_tag": "I44fn8Ott3L/Y5LYr56U/Q==\n", + "encrypted_data": "KHVYYH7Nb9/SsoKkYfbjzhFwj3Ioj72hm5pfdCuinf+GQvjKumq99eQTlKdf\nBZM1n0XN\n", + "iv": "x9AQZvw/vCinKQ8k\n", + "auth_tag": "mi0KHHOTBvVNhtvqk38BtQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "discourse_connect_secret": { - "encrypted_data": "ENtMn+1XTVFmdEZw7LU6WGoMbSZY654ggm3vPACGfFgqo6r0LhG60c5OTdqv\nZvT5/Q==\n", - "iv": "bL1BmvRhgxFqSM1P\n", - "auth_tag": "sEBZzGWwwYFHn+4B4SsyCA==\n", + "encrypted_data": "WyLrV0DOsxyafSqyeQVj0BhVwm/0gvWeJLBsAbiqCGphryoYqUByPcum1T6R\n2H44nQ==\n", + "iv": "lUtlJDv6Ieq8Bs5x\n", + "auth_tag": "ku22BlQKw/BhHxuANTF6yg==\n", "version": 3, "cipher": "aes-256-gcm" }, "lndhub_admin_token": { - "encrypted_data": "4LPGFoARzI8UYnsJPIk8sax/rAA16pUULEZWn86e2C7L\n", - "iv": "nvjXrOwgfgutwEVw\n", - "auth_tag": "A89RUf1sdcS3FVscNPWYLg==\n", + "encrypted_data": "DQuxQW8ks3sUzyHYEpQVyPg2f/U4/LWeRoCD9225Hd+c\n", + "iv": "mjxYi+YAcKGuurD2\n", + "auth_tag": "8P3bFFNeQ5HQgpXDB5Sk5A==\n", "version": 3, "cipher": "aes-256-gcm" }, "btcpay_auth_token": { - "encrypted_data": "ky5iWYF06os0Ek6vIRzWqMTekqJhCOh/Q9DTDIeKhSyk8TnT3O71lCNEt1F5\nXCNq6ux3V6oyHVLWj0o=\n", - "iv": "zk6WnxsY89oNW1F9\n", - "auth_tag": "FAIMXKvQ1T7QKezVSNJbwQ==\n", + "encrypted_data": "3wsY9osaUdX4SvBPfHprNLSbx6/rfI5BfXnDxsc6OET3nGn19qBhH6wgeiwZ\n/dweqdQ25HpbFPygddc=\n", + "iv": "ccouibxktHLlUCQJ\n", + "auth_tag": "pWuRC8O2EAkmztL/9V3now==\n", "version": 3, "cipher": "aes-256-gcm" }, "s3_access_key": { - "encrypted_data": "KfhfEGwPjOonlz6rpnNTinXFPqX/sIbqQn/aby0UDi/G/7cvEcOiNcCkfuSz\n", - "iv": "Q3rg06v6K9pUDLDY\n", - "auth_tag": "G5ugdlJ896KtYtObKLclJA==\n", + "encrypted_data": "hJGHa+hEmddtsZ4UncrYBkjRa/2Csqdh79tXpTVxUWbIsYGdlvyadk7C1UCj\n", + "iv": "GlxNdnWiNzmNYthg\n", + "auth_tag": "hlRLkroUN01L7VzQFBU/IA==\n", "version": 3, "cipher": "aes-256-gcm" }, "s3_secret_key": { - "encrypted_data": "N8s1OoDrYXHjqSydQA0kY7dd68Aelq4+/cgmJlYfP92u4YA17V4TR7fsvQZL\nkqjuUSClNYPc0XiCwf/5gxVirE9AO6OmmvSV7lUyu4hcEY6unrU=\n", - "iv": "bXzIVWnX6V0P6PRb\n", - "auth_tag": "1EOjCfsX9P6ETjUsgBvBsA==\n", + "encrypted_data": "LKdQJOKIfFIoiF3GvfTs1mg3AI//Aoi8r42zcw8QhEVPB8ONsSf0/vhM037C\nf5nzUk7xwglvTOveqbOM+UTBJF/4oblQfgwFW3VobWUGkJqjtKE=\n", + "iv": "tWTxzK/ccpjlLmQV\n", + "auth_tag": "n2MFkTIquyqz4wqRNdSJcg==\n", "version": 3, "cipher": "aes-256-gcm" }, "nostr_private_key": { - "encrypted_data": "Sf8PEyQ0sqcgxddSlIDxLOVzPjOkTFObsYuTgcxkbEV7igrati4e8QVVUEBD\n1yoLJXelp8jlCr28Ectci29jc53gYSMTLSQsw97uYas2R0dGCqQ=\n", - "iv": "+1CIUyvIUOveLrY4\n", - "auth_tag": "GDqS+IuAIfMBmHIeFXaV7A==\n", + "encrypted_data": "CPMeNxzpYMReaQU4+v+EqpVESRsnaYc3a4y7OkHOhtn2gjaNEDERGKvRmlyd\nD6vxKPcIrwTCZ7neJ3YLOVOxPDNv6skqdtMHBwSgl7aBEOrx7tY=\n", + "iv": "AV1on2sw1avmFFuY\n", + "auth_tag": "9rb9qQBKrj5Xja1t+qROKQ==\n", "version": 3, "cipher": "aes-256-gcm" } diff --git a/nodes/akaunting-1.json b/nodes/akaunting-1.json new file mode 100644 index 0000000..88d0792 --- /dev/null +++ b/nodes/akaunting-1.json @@ -0,0 +1,66 @@ +{ + "name": "akaunting-1", + "chef_environment": "production", + "normal": { + "knife_zero": { + "host": "10.1.1.215" + } + }, + "automatic": { + "fqdn": "akaunting-1", + "os": "linux", + "os_version": "5.15.0-1069-kvm", + "hostname": "akaunting-1", + "ipaddress": "192.168.122.162", + "roles": [ + "base", + "kvm_guest", + "akaunting", + "postgresql_client" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_kvm::guest", + "kosmos_postgresql::hostsfile", + "kosmos_akaunting", + "kosmos_akaunting::default", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default", + "kosmos-nodejs::default", + "nodejs::nodejs_from_package", + "nodejs::repo" + ], + "platform": "ubuntu", + "platform_version": "22.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "18.5.0", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib", + "chef_effortless": null + }, + "ohai": { + "version": "18.1.11", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai" + } + } + }, + "run_list": [ + "role[base]", + "role[kvm_guest]", + "role[akaunting]" + ] +} diff --git a/nodes/her.json b/nodes/her.json index 43402f3..8bad838 100644 --- a/nodes/her.json +++ b/nodes/her.json @@ -9,7 +9,7 @@ "automatic": { "fqdn": "her", "os": "linux", - "os_version": "5.15.0-84-generic", + "os_version": "5.15.0-101-generic", "hostname": "her", "ipaddress": "192.168.30.172", "roles": [ diff --git a/nodes/postgres-6.json b/nodes/postgres-6.json index a756544..9732aa7 100644 --- a/nodes/postgres-6.json +++ b/nodes/postgres-6.json @@ -22,6 +22,7 @@ "kosmos_kvm::guest", "kosmos_postgresql::primary", "kosmos_postgresql::firewall", + "kosmos_akaunting::pg_db", "kosmos-bitcoin::lndhub-go_pg_db", "kosmos-bitcoin::nbxplorer_pg_db", "kosmos_drone::pg_db", diff --git a/roles/akaunting.rb b/roles/akaunting.rb new file mode 100644 index 0000000..a9822ed --- /dev/null +++ b/roles/akaunting.rb @@ -0,0 +1,6 @@ +name "akaunting" + +run_list %w[ + role[postgresql_client] + kosmos_akaunting::default +] diff --git a/roles/postgresql_primary.rb b/roles/postgresql_primary.rb index 5f3f2bd..ff26fa9 100644 --- a/roles/postgresql_primary.rb +++ b/roles/postgresql_primary.rb @@ -3,6 +3,7 @@ name "postgresql_primary" run_list %w( kosmos_postgresql::primary kosmos_postgresql::firewall + kosmos_akaunting::pg_db kosmos-bitcoin::lndhub-go_pg_db kosmos-bitcoin::nbxplorer_pg_db kosmos_drone::pg_db diff --git a/site-cookbooks/kosmos_akaunting/.gitignore b/site-cookbooks/kosmos_akaunting/.gitignore new file mode 100644 index 0000000..f1e57b8 --- /dev/null +++ b/site-cookbooks/kosmos_akaunting/.gitignore @@ -0,0 +1,25 @@ +.vagrant +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +gems.locked +bin/* +.bundle/* + +# test kitchen +.kitchen/ +kitchen.local.yml + +# Chef Infra +Berksfile.lock +.zero-knife.rb +Policyfile.lock.json + +.idea/ + diff --git a/site-cookbooks/kosmos_akaunting/Policyfile.rb b/site-cookbooks/kosmos_akaunting/Policyfile.rb new file mode 100644 index 0000000..98151f3 --- /dev/null +++ b/site-cookbooks/kosmos_akaunting/Policyfile.rb @@ -0,0 +1,16 @@ +# Policyfile.rb - Describe how you want Chef Infra Client to build your system. +# +# For more information on the Policyfile feature, visit +# https://docs.chef.io/policyfile/ + +# A name that describes what the system you're building with Chef does. +name 'kosmos_akaunting' + +# Where to find external cookbooks: +default_source :supermarket + +# run_list: chef-client will run these recipes in the order specified. +run_list 'kosmos_akaunting::default' + +# Specify a custom source for a single cookbook: +cookbook 'kosmos_akaunting', path: '.' diff --git a/site-cookbooks/kosmos_akaunting/README.md b/site-cookbooks/kosmos_akaunting/README.md new file mode 100644 index 0000000..9a99473 --- /dev/null +++ b/site-cookbooks/kosmos_akaunting/README.md @@ -0,0 +1,4 @@ +# kosmos_akaunting + +TODO: Enter the cookbook description here. + diff --git a/site-cookbooks/kosmos_akaunting/attributes/default.rb b/site-cookbooks/kosmos_akaunting/attributes/default.rb new file mode 100644 index 0000000..13467de --- /dev/null +++ b/site-cookbooks/kosmos_akaunting/attributes/default.rb @@ -0,0 +1,5 @@ +node.default["akaunting"]["user"] = "deploy" +node.default["akaunting"]["group"] = "www-data" +node.default["akaunting"]["repo"] = "https://github.com/akaunting/akaunting.git" +node.default["akaunting"]["revision"] = "3.1.12" +node.default["akaunting"]["port"] = 80 diff --git a/site-cookbooks/kosmos_akaunting/chefignore b/site-cookbooks/kosmos_akaunting/chefignore new file mode 100644 index 0000000..cc170ea --- /dev/null +++ b/site-cookbooks/kosmos_akaunting/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/site-cookbooks/kosmos_akaunting/kitchen.yml b/site-cookbooks/kosmos_akaunting/kitchen.yml new file mode 100644 index 0000000..cef0219 --- /dev/null +++ b/site-cookbooks/kosmos_akaunting/kitchen.yml @@ -0,0 +1,31 @@ +--- +driver: + name: vagrant + +## The forwarded_port port feature lets you connect to ports on the VM guest +## via localhost on the host. +## see also: https://www.vagrantup.com/docs/networking/forwarded_ports + +# network: +# - ["forwarded_port", {guest: 80, host: 8080}] + +provisioner: + name: chef_zero + + ## product_name and product_version specifies a specific Chef product and version to install. + ## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/ + # product_name: chef + # product_version: 17 + +verifier: + name: inspec + +platforms: + - name: ubuntu-20.04 + - name: centos-8 + +suites: + - name: default + verifier: + inspec_tests: + - test/integration/default diff --git a/site-cookbooks/kosmos_akaunting/metadata.rb b/site-cookbooks/kosmos_akaunting/metadata.rb new file mode 100644 index 0000000..af9a2ec --- /dev/null +++ b/site-cookbooks/kosmos_akaunting/metadata.rb @@ -0,0 +1,9 @@ +name 'kosmos_akaunting' +maintainer 'Kosmos Developers' +maintainer_email 'mail@kosmos.org' +license 'MIT' +description 'Installs/configures akaunting for Kosmos' +version '0.1.0' +chef_version '>= 18.0' + +depends 'kosmos-nodejs' diff --git a/site-cookbooks/kosmos_akaunting/recipes/default.rb b/site-cookbooks/kosmos_akaunting/recipes/default.rb new file mode 100644 index 0000000..4592c0b --- /dev/null +++ b/site-cookbooks/kosmos_akaunting/recipes/default.rb @@ -0,0 +1,148 @@ +# +# Cookbook:: kosmos_akaunting +# Recipe:: default +# + +app_name = "akaunting" +deploy_user = node["akaunting"]["user"] +deploy_group = node["akaunting"]["group"] +deploy_path = "/opt/#{app_name}" +credentials = data_bag_item("credentials", "akaunting") +pg_host = search(:node, "role:postgresql_primary").first["knife_zero"]["host"] rescue "localhost" + +env = { + app_name: "Akaunting", + app_env: "production", + app_locale: "en-US", + app_installed: "true", + app_key: credentials["app_key"], + app_debug: "true", + app_schedule_time: "\"09:00\"", + app_url: "http://akaunting.kosmos.org", + db_connection: "pgsql", + db_host: pg_host, + db_port: "5432", + db_database: credentials["pg_database"], + db_username: credentials["pg_username"], + db_password: credentials["pg_password"], + log_level: "debug" + # mail_mailer: "mail", + # mail_host: "localhost", + # mail_port: "2525", + # mail_username: "null", + # mail_password: "null", + # mail_encryption: "null", + # mail_from_name: "null", + # mail_from_address: "null", +} + +%w[ + unzip nginx php8.1 php8.1-cli php8.1-bcmath php8.1-ctype php8.1-curl + php8.1-dom php8.1-fileinfo php8.1-intl php8.1-fpm php8.1-gd php8.1-mbstring + php8.1-pdo php8.1-pgsql php8.1-tokenizer php8.1-xml php8.1-zip +].each do |pkg| + package pkg +end + +# TODO install composer + +node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_18.x" +include_recipe "kosmos-nodejs" + +group deploy_group + +user deploy_user do + group deploy_group + manage_home true + shell "/bin/bash" +end + +directory deploy_path do + owner deploy_user + group deploy_group + mode "0775" +end + +git deploy_path do + repository node[app_name]["repo"] + revision node[app_name]["revision"] + user deploy_user + group deploy_group + action :sync + notifies :run, "execute[composer_install]", :immediately + notifies :run, "execute[npm_install]", :immediately + notifies :restart, "service[php8.1-fpm]", :delayed +end + +execute "composer_install" do + user deploy_user + cwd deploy_path + command "composer install" + action :nothing +end + +execute "npm_install" do + user deploy_user + cwd deploy_path + command "npm install" + action :nothing + notifies :run, "execute[compile_assets]", :immediately +end + +execute "compile_assets" do + user deploy_user + cwd deploy_path + command "npm run prod" + action :nothing +end + +execute "set_storage_permissions" do + command "chown -R www-data:www-data #{deploy_path}/storage" +end + +template "#{deploy_path}/.env" do + source 'env.erb' + owner deploy_user + group deploy_group + mode 0660 + sensitive true + variables config: env + notifies :restart, "service[php8.1-fpm]", :delayed +end + +template "/etc/nginx/sites-available/default" do + source 'nginx-local.conf.erb' + owner deploy_user + group deploy_group + mode 0660 + variables deploy_path: deploy_path, + port: node["akaunting"]["port"] + notifies :restart, "service[nginx]", :delayed +end + +# template "/etc/php/8.1/fpm/pool.d/akaunting.conf" do +# source 'php-fpm.pool.erb' +# owner deploy_user +# group deploy_group +# mode 0600 +# variables user: deploy_user, +# group: deploy_group, +# chdir: deploy_path, +# port: node["akaunting"]["port"] +# notifies :restart, "service[php8.1-fpm]", :delayed +# end + +service "php8.1-fpm" do + action [:enable, :start] +end + +service "nginx" do + action [:enable, :start] +end + +firewall_rule "akaunting_zerotier" do + command :allow + port node["akaunting"]["port"] + protocol :tcp + source "10.1.1.0/24" +end diff --git a/site-cookbooks/kosmos_akaunting/recipes/pg_db.rb b/site-cookbooks/kosmos_akaunting/recipes/pg_db.rb new file mode 100644 index 0000000..d89dcda --- /dev/null +++ b/site-cookbooks/kosmos_akaunting/recipes/pg_db.rb @@ -0,0 +1,16 @@ +# +# Cookbook:: kosmos_akaunting +# Recipe:: pg_db +# + +credentials = data_bag_item("credentials", "akaunting") + +postgresql_user credentials["pg_username"] do + action :create + password credentials["pg_password"] +end + +postgresql_database credentials["pg_database"] do + owner credentials["pg_username"] + action :create +end diff --git a/site-cookbooks/kosmos_akaunting/templates/env.erb b/site-cookbooks/kosmos_akaunting/templates/env.erb new file mode 100644 index 0000000..4b1faa5 --- /dev/null +++ b/site-cookbooks/kosmos_akaunting/templates/env.erb @@ -0,0 +1,11 @@ +<% @config.each do |key, value| %> +<% if value.is_a?(Hash) %> +<% value.each do |k, v| %> +<%= "#{key.upcase}_#{k.upcase}" %>=<%= v.to_s %> +<% end %> +<% else %> +<% if value %> +<%= key.upcase %>=<%= value.to_s %> +<% end %> +<% end %> +<% end %> diff --git a/site-cookbooks/kosmos_akaunting/templates/nginx-local.conf.erb b/site-cookbooks/kosmos_akaunting/templates/nginx-local.conf.erb new file mode 100644 index 0000000..8d99f07 --- /dev/null +++ b/site-cookbooks/kosmos_akaunting/templates/nginx-local.conf.erb @@ -0,0 +1,49 @@ +server { + listen 80 default_server; + + server_name akaunting.kosmos.org; + + root <%= @deploy_path %>; + + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + + index index.html index.htm index.php; + + charset utf-8; + + location / { + try_files $uri $uri/ /index.php?$query_string; + } + + # Prevent Direct Access To Protected Files + location ~ \.(env|log) { + deny all; + } + + # Prevent Direct Access To Protected Folders + location ~ ^/(^app$|bootstrap|config|database|overrides|resources|routes|storage|tests|artisan) { + deny all; + } + + # Prevent Direct Access To modules/vendor Folders Except Assets + location ~ ^/(modules|vendor)\/(.*)\.((?!ico|gif|jpg|jpeg|png|js\b|css|less|sass|font|woff|woff2|eot|ttf|svg|xls|xlsx).)*$ { + deny all; + } + + error_page 404 /index.php; + + # Pass PHP Scripts To FastCGI Server + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; # Depends On The PHP Version + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location ~ /\.(?!well-known).* { + deny all; + } +} diff --git a/site-cookbooks/kosmos_akaunting/templates/php-fpm.pool.erb b/site-cookbooks/kosmos_akaunting/templates/php-fpm.pool.erb new file mode 100644 index 0000000..ecf4571 --- /dev/null +++ b/site-cookbooks/kosmos_akaunting/templates/php-fpm.pool.erb @@ -0,0 +1,18 @@ +[akaunting] +user = <%= @user %> +group = <%= @group %> +listen = 0.0.0.0:<%= @port %> +listen.owner = <%= @user %> +listen.group = <%= @group %> +listen.mode = 0660 + +pm = dynamic +pm.max_children = 10 +pm.start_servers = 4 +pm.min_spare_servers = 2 +pm.max_spare_servers = 6 +pm.max_requests = 500 + +chdir = <%= @chdir %> +catch_workers_output = yes +php_admin_flag[log_errors] = on diff --git a/site-cookbooks/kosmos_akaunting/test/integration/default/default_test.rb b/site-cookbooks/kosmos_akaunting/test/integration/default/default_test.rb new file mode 100644 index 0000000..50edca1 --- /dev/null +++ b/site-cookbooks/kosmos_akaunting/test/integration/default/default_test.rb @@ -0,0 +1,16 @@ +# Chef InSpec test for recipe kosmos_akaunting::default + +# The Chef InSpec reference, with examples and extensive documentation, can be +# found at https://docs.chef.io/inspec/resources/ + +unless os.windows? + # This is an example test, replace with your own test. + describe user('root'), :skip do + it { should exist } + end +end + +# This is an example test, replace it with your own test. +describe port(80), :skip do + it { should_not be_listening } +end