diff --git a/nodes/andromeda.kosmos.org.json b/nodes/andromeda.kosmos.org.json index b675dab..83d170a 100644 --- a/nodes/andromeda.kosmos.org.json +++ b/nodes/andromeda.kosmos.org.json @@ -2,7 +2,8 @@ "run_list": [ "role[base]", "kosmos-base::andromeda_firewall", - "role[ipfs_cluster_with_tls]", + "kosmos-ipfs", + "kosmos-ipfs::public_gateway", "kosmos-postgresql", "kosmos-mediawiki", "kosmos-btcpayserver::proxy", diff --git a/nodes/barnard.kosmos.org.json b/nodes/barnard.kosmos.org.json index d4398b5..049d4b9 100644 --- a/nodes/barnard.kosmos.org.json +++ b/nodes/barnard.kosmos.org.json @@ -2,7 +2,7 @@ "run_list": [ "role[base]", "role[kredits_github]", - "kosmos-ipfs::cluster", + "kosmos-ipfs", "kosmos-hubot::botka_freenode", "kosmos-hubot::hal8000", "kosmos-hubot::hal8000_xmpp", diff --git a/roles/ipfs_cluster_with_tls.rb b/roles/ipfs_cluster_with_tls.rb deleted file mode 100644 index 70e3901..0000000 --- a/roles/ipfs_cluster_with_tls.rb +++ /dev/null @@ -1,15 +0,0 @@ -name "ipfs_cluster_with_tls" - -run_list %w( - kosmos-ipfs - kosmos-ipfs::cluster - kosmos-ipfs::letsencrypt -) - -override_attributes( - 'kosmos-ipfs' => { - 'nginx' => { - 'api_port' => 9095 - } - } -) diff --git a/site-cookbooks/kosmos-hubot/attributes/default.rb b/site-cookbooks/kosmos-hubot/attributes/default.rb index f4339af..be2748d 100644 --- a/site-cookbooks/kosmos-hubot/attributes/default.rb +++ b/site-cookbooks/kosmos-hubot/attributes/default.rb @@ -23,9 +23,7 @@ node.default['hal8000_xmpp']['rooms'] = [ node.default['hal8000_xmpp']['auth_admins'] = [] node.default['hal8000_xmpp']['kredits']['ipfs_host'] = 'localhost' -# Use the running ipfs-cluster, so adding documents adds and pins them on all -# members of the cluster -node.default['hal8000_xmpp']['kredits']['ipfs_port'] = '9095' +node.default['hal8000_xmpp']['kredits']['ipfs_port'] = '5001' node.default['hal8000_xmpp']['kredits']['ipfs_protocol'] = 'http' node.default['hal8000_xmpp']['kredits']['room'] = 'kredits@chat.kosmos.org' node.default['hal8000_xmpp']['kredits']['provider_url'] = 'https://rinkeby.infura.io/v3/c5e74367261d475ab935e2f0e726482f' diff --git a/site-cookbooks/kosmos-ipfs/attributes/default.rb b/site-cookbooks/kosmos-ipfs/attributes/default.rb index 9ce8bb0..3e0f7c7 100644 --- a/site-cookbooks/kosmos-ipfs/attributes/default.rb +++ b/site-cookbooks/kosmos-ipfs/attributes/default.rb @@ -1,10 +1,8 @@ -# Override to connect to the IPFS cluster proxy on port 9095 -# (https://cluster.ipfs.io/documentation/composite-clusters/) - # FIXME api_port should come from the ipfs cookbook/attributes # It has nothing to do with nginx node.default['kosmos-ipfs']['nginx']['api_port'] = 5001 node.default['kosmos-ipfs']['nginx']['gateway_port'] = 9090 node.default['kosmos-ipfs']['nginx']['external_api_port'] = 5444 - node.default['kosmos-ipfs']['nginx']['domain'] = "ipfs.kosmos.org" + +node.default['kosmos-ipfs']['kredits-pinner']['revision'] = "v1.0.2" diff --git a/site-cookbooks/kosmos-ipfs/recipes/default.rb b/site-cookbooks/kosmos-ipfs/recipes/default.rb index b61e129..8ffa9ed 100644 --- a/site-cookbooks/kosmos-ipfs/recipes/default.rb +++ b/site-cookbooks/kosmos-ipfs/recipes/default.rb @@ -24,9 +24,10 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. -node.override['ipfs']['version'] = '0.4.20' -node.override['ipfs']['checksum'] = '155dbdb2d7a9b8df38feccf48eb925cf9ab650754dc51994aa1e0bda1c1f9123' +node.override['ipfs']['version'] = '0.4.21' +node.override['ipfs']['checksum'] = 'a7ec5ddc4d52f818cbf3853a80f7ec17f9fde9128f039485dbe1889cf673d562' include_recipe "ipfs" +include_recipe "kosmos-ipfs::kredits_pinner" # Configure ipfs diff --git a/site-cookbooks/kosmos-ipfs/recipes/kredits_pinner.rb b/site-cookbooks/kosmos-ipfs/recipes/kredits_pinner.rb new file mode 100644 index 0000000..8ae29fe --- /dev/null +++ b/site-cookbooks/kosmos-ipfs/recipes/kredits_pinner.rb @@ -0,0 +1,73 @@ +# +# Cookbook Name:: kosmos-ipfs +# Recipe:: kredits_pinner +# +# The MIT License (MIT) +# +# Copyright:: 2019, Kosmos Developers +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +app_name = "kredits-ipfs-pinner" +deploy_user = "ipfs" +deploy_group = "ipfs" + +group deploy_group + +path_to_deploy = "/opt/#{app_name}" +application path_to_deploy do + owner deploy_user + group deploy_group + + git do + user deploy_user + group deploy_group + repository "https://gitea.kosmos.org/kosmos/#{app_name}.git" + revision node['kosmos-ipfs']['kredits-pinner']['revision'] + end + + npm_install do + user deploy_user + end + + execute "systemctl daemon-reload" do + command "systemctl daemon-reload" + action :nothing + end + + template "/lib/systemd/system/#{app_name}.service" do + source 'nodejs.systemd.service.erb' + owner 'root' + group 'root' + mode '0640' + variables( + user: deploy_user, + group: deploy_group, + app_dir: path_to_deploy, + entry: "/usr/bin/node /usr/bin/npm start", + environment: {} + ) + notifies :run, "execute[systemctl daemon-reload]", :delayed + notifies :restart, "service[#{app_name}]", :delayed + end + + service app_name do + action [:enable, :start] + end +end diff --git a/site-cookbooks/kosmos-ipfs/recipes/cluster.rb b/site-cookbooks/kosmos-ipfs/recipes/public_gateway.rb similarity index 58% rename from site-cookbooks/kosmos-ipfs/recipes/cluster.rb rename to site-cookbooks/kosmos-ipfs/recipes/public_gateway.rb index 5de8619..3ed5fe1 100644 --- a/site-cookbooks/kosmos-ipfs/recipes/cluster.rb +++ b/site-cookbooks/kosmos-ipfs/recipes/public_gateway.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: kosmos-ipfs -# Recipe:: cluster +# Recipe:: public_gateway # # The MIT License (MIT) # @@ -24,15 +24,34 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. -node.override['ipfs']['cluster']['version'] = '0.10.1' +include_recipe "kosmos-nginx" -include_recipe "ipfs::cluster" -include_recipe "ipfs::cluster_service" +domain = node["kosmos-ipfs"]["nginx"]["domain"] + +template "#{node['nginx']['dir']}/sites-available/#{domain}" do + source "nginx_conf_#{domain}.erb" + owner 'www-data' + mode 0640 + variables server_name: domain, + ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", + ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem", + ipfs_api_port: node['kosmos-ipfs']['nginx']['api_port'], + ipfs_gateway_port: node['kosmos-ipfs']['nginx']['gateway_port'], + ipfs_external_api_port: node['kosmos-ipfs']['nginx']['external_api_port'] + + notifies :reload, 'service[nginx]', :delayed +end + +nginx_site domain do + action :enable +end + +nginx_certbot_site domain unless node.chef_environment == "development" include_recipe "firewall" - firewall_rule 'ipfs_cluster' do - port 9096 + firewall_rule 'ipfs_api' do + port node['kosmos-ipfs']['nginx']['external_api_port'] protocol :tcp command :allow end diff --git a/site-cookbooks/kosmos-ipfs/templates/default/nodejs.systemd.service.erb b/site-cookbooks/kosmos-ipfs/templates/default/nodejs.systemd.service.erb new file mode 100644 index 0000000..f5e2993 --- /dev/null +++ b/site-cookbooks/kosmos-ipfs/templates/default/nodejs.systemd.service.erb @@ -0,0 +1,17 @@ +[Unit] +Description=Start nodejs app +After=ipfs.service + +[Service] +ExecStartPre=/bin/sleep 5 +ExecStart=<%= @entry %> +WorkingDirectory=<%= @app_dir %> +User=<%= @user %> +Group=<%= @group %> +<% unless @environment.empty? -%> +Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %> +<% end -%> +Restart=always + +[Install] +WantedBy=multi-user.target