diff --git a/data_bags/credentials/mastodon.json b/data_bags/credentials/mastodon.json index 3523d7c..145f5c1 100644 --- a/data_bags/credentials/mastodon.json +++ b/data_bags/credentials/mastodon.json @@ -1,107 +1,79 @@ { "id": "mastodon", "paperclip_secret": { - "encrypted_data": "RRiNnMXWGcqh6aXl1rDPA93+6Pqw08Uc1s3wGpNXquryCYW47ndbakl4tjc0\nOW4yDhfiBF02nkXSt86vtvaxEm1jXlSTtP3EWHD1ZqzMZHceyIC2HVjYiwlM\nOXiWdMUIlLQnGkSP6R8NldPXjy5Rf5C5VomfQHF7WuTft1vSQ/gPfBm9iVtg\nyOFZR6WVeNtLsFGy\n", - "iv": "w2a3L+3fB6xD8b3m\n", - "auth_tag": "knC7vpB4x1e10IIFgvrTGQ==\n", + "encrypted_data": "orOIbqFANPCkd4sUTCyyoh4z1o6SBudgH4wKJudTo9dANaHGhWcBUFKrhZi1\nMJTBQx/d0hiDI1P2XN3h+hROCg3JJ8OClUSJH9CfN5GlbWvXh0Nhq7hqy8L3\nLAPL+uigiXI6ObrnKQoD8LeJIB46233uwaCA/7zB6gah0ExJ2DXGH6qq9JSS\nqmTFiy+hT+VHGrUo\n", + "iv": "U4E4NLYLkP0/tTTs\n", + "auth_tag": "WKQ+pDPZp7B791lhC5j3iQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "secret_key_base": { - "encrypted_data": "Mv7ohwLtwz7KDfvGjrXgNlcfWqm8QlbmPxDv6Tw1Lu+ZH9JRC9TPW3WQw0en\n6/9btymY8mcYbI8/Uyrv6CoE4UgJRHYs/cKwG20B9TZX+RpvcZtBS6JSPQsj\niXBEj6WhT1CapME9HPDV9gYmpUviU1giLYcvMbNkAkTDSELNUNDiSQ9UoHsl\nxqmztU3Frq1RPn1m\n", - "iv": "BRAk4pjKsqvuEzFM\n", - "auth_tag": "lglc926SSnA8hKHrlZUbNw==\n", + "encrypted_data": "vweClhdY8SqQkK+p0OYUL2B6Fsz5eQDpEYWCtd/eRJfwwYAObbLcMWRC6MwE\neQVMw59bOqYc3RBuv/+WPLtENazA1bYCXBXQr1J6xqjJAz0Mo6KbRyxy5n78\nv8q6RSiao1VVIUXohtFlQgWeV6x5sz34bJxjlHinKvKsgiGXiuVBxYUUfzWQ\nuzrGug09cpZBqfpc\n", + "iv": "Z0/csEBH5/X1+MR+\n", + "auth_tag": "fTvBN6eovi3JVEK0ZX97Nw==\n", "version": 3, "cipher": "aes-256-gcm" }, "otp_secret": { - "encrypted_data": "nZXLF6bijukzuBJQ1RZUT0+Zju127OYezkKL5bcWMzY8cWuEFFsvCcHPy6Ww\nkFm8mdvGpNlyuIRPipwJkTPn5NVuIrmcYFzLtoTFnF9yLQAPSmDdKO0wgd8D\nEOUF7w33o4ZJKHRVPsibou1T43YIpiLtbe7ukP7+8haGKsJApPduqd9jIlwo\n/cAkq+pMbTdo83Lg\n", - "iv": "+bP/nOnccCqc3StV\n", - "auth_tag": "Y2qZigfjTrtdfH/Klp1FzQ==\n", + "encrypted_data": "o1ts1bUgPIzFQXjJ2MpBMLntWkyPxDaJAaU1K3WzmNMXnw5MVlkKKCEFVccd\nPss/MwDuBkbNPhri3ZkH48m9SiayWETVYvw5GZzcVsw4TeMu915O44lfl9tX\nW3XHU+DBps1BVH9535R4X9M1aFW4W4XfwHtS5wcrZqtVhNhS3NSgE4JpN/Dz\nFdcFAOhflnt8fIAN\n", + "iv": "QLsxmIlX1NpxMyHz\n", + "auth_tag": "j1h/PvIoqshTBN5c5IaAsA==\n", "version": 3, "cipher": "aes-256-gcm" }, "aws_access_key_id": { - "encrypted_data": "/t8K7WOjAftE/lj2uqGXEC51HTWZLnlDXgzEwHqaUlNEiSSpSRJV\n", - "iv": "JrbDzUUKm7RvpfgV\n", - "auth_tag": "W5yJGIkALe1zi+7Ah6woIw==\n", + "encrypted_data": "YQHUx0GugKu0AtlbGLRGocFEhTGAghWA0DUs1Nxs4Hd3bTIp4lyM\n", + "iv": "54zt2tkQhHtpY7sO\n", + "auth_tag": "ofBJx3QDsjHe66ga3nji8g==\n", "version": 3, "cipher": "aes-256-gcm" }, "aws_secret_access_key": { - "encrypted_data": "YSVaIe4sCuSAA31YwOpD3+Z58rkfbmPAlJPF8NRMOjSZcfvuLGFhnZN7kejv\nRqvO5iy9ueIO+W7a1nw=\n", - "iv": "oo7xeDu7KncEYEFA\n", - "auth_tag": "V1DmNizGIsXwFP3AzTr/aw==\n", + "encrypted_data": "FAz6xZ+wsCz/KFA+DK6f4V04rxJt+9U/yXUGF9tvce0VqB3scH+T0KDDn1/n\nZ/0G0Tbxt2urRPbPUdI=\n", + "iv": "iapSpeM6lfDMIfNk\n", + "auth_tag": "HlkwUnNeJlOUrZ3ieN5xAQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "smtp_user_name": { - "encrypted_data": "aMuLejWLobxi328xuv0uXetne11bD1qFOagyLSdOSoGuDeotxzeOTWgDVW94\naA==\n", - "iv": "V+VYYRqFeisHm0eD\n", - "auth_tag": "kH9ONcISn8+2cG6JzcdO6Q==\n", + "encrypted_data": "ivB09/mCRrUaz9X4NFRBiqytjgy/vxN5Nha7gopFq5eSu9v4K9MkaLRqHh1I\nYw==\n", + "iv": "a8WKhRKsUjqBtfmn\n", + "auth_tag": "ib5WJNNaO7bRIspdACmOLw==\n", "version": 3, "cipher": "aes-256-gcm" }, "smtp_password": { - "encrypted_data": "UutnfD7NSaYOg9DgfV9/W+VhJ2YyIYWlv/eSZOvfuu96n4qkAgEKlpyOTvum\n1SiYX5Dl\n", - "iv": "71kKako2q3MicELe\n", - "auth_tag": "jBUwyud5MK2Lqch6Ms2CSw==\n", + "encrypted_data": "FxPz2e7fUNqcAu+DDJKlqn8rcSBLmnzigTFf5moZlQ1zz4YVl6pqHisa22Qz\nbfUx9rjU\n", + "iv": "GvRlNDV/b1WawtOP\n", + "auth_tag": "kyRCGfSJQelIwThDT4iQQQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "vapid_private_key": { - "encrypted_data": "6Bzjkm3V/dCO3c+Qj0eHHiepusSvN2Dn4wMZTOBmh3ZWlYKmf0pw2eq5bzbU\nr5rzqtJBRbShplD8jDOFK9Bw\n", - "iv": "8Z/Xc9zzqCQaB6MX\n", - "auth_tag": "myIe7oeKMvAVBSLKgcEBcA==\n", + "encrypted_data": "DlbEAhd+SkSJoOSuwGhd5bdFlJADnT0w4u0+6m8AJoWJjoSCGAnzzmdHWT/k\nVUDkwiBCkqmEPK0oTvxnl/a8\n", + "iv": "6e0Gay7GVrQad1rI\n", + "auth_tag": "jjVundJ/ITxP/oYgEgzElg==\n", "version": 3, "cipher": "aes-256-gcm" }, "vapid_public_key": { - "encrypted_data": "tIS/6Y/TNj0h+vNNxEXXj23mjqWWBEzeR0yofjOb7EFJUxNLFVjkuke9Qui8\nSCA4SID/prw8mcDLt4+jjEIEfhFEb+jxUQCokhbR7XmXMhp/FsUHz9/hBTZm\nN3JiDNU+NUHAH0D5lqbZ/0U=\n", - "iv": "8Y6tR83eJEWDyhuF\n", - "auth_tag": "G0o5ecKQvK/QE7BWmpzGOQ==\n", - "version": 3, - "cipher": "aes-256-gcm" - }, - "s3_endpoint": { - "encrypted_data": "uBpzs/4P6IKvmeosEMVtFq/Icd5P/xmlY9/015A9fc26\n", - "iv": "69rwf193xvQr+mEU\n", - "auth_tag": "ZSY3tnqSuBq2EOZnGddFOQ==\n", - "version": 3, - "cipher": "aes-256-gcm" - }, - "s3_region": { - "encrypted_data": "dSI1bDfpTcmkcEzRDSewrPOvAOStjOCX/g==\n", - "iv": "UfD0qpF2oJNuPPiq\n", - "auth_tag": "Vmgbe8hbkerTGXcgtBEIbA==\n", - "version": 3, - "cipher": "aes-256-gcm" - }, - "s3_bucket": { - "encrypted_data": "qLBEu9Op+m1oXqpUd+Nom0+znTB4lUycpC/cygA210E=\n", - "iv": "h+6FTstMBoeTnlyA\n", - "auth_tag": "MyHbvnq5EnHC+bqL6y2pAg==\n", + "encrypted_data": "+m37w/eWYqdEjsEYQw27FvQC+37ucruOFjZAjo0OgCwA0SoVz4VHX2eSA2AK\njX4CnM91cY4e/WG/ZHKlOMN1PftyQn2bdGaw35nXDanep8z0ROa01JEEi5DE\nUFRKvBmPInTeR6xvemuj7GM=\n", + "iv": "loYbGrAsWGLUZ+BK\n", + "auth_tag": "lAfpEEVQq+n7MLLm/kpmIA==\n", "version": 3, "cipher": "aes-256-gcm" }, "s3_key_id": { - "encrypted_data": "JvWesI6gnTDr2+61c7D+NT3Q642sfuvUWJA1asEElMAbszLDJUJN4T/H46WX\n", - "iv": "8cK5seIY64yKWeQf\n", - "auth_tag": "h7NTnbwCJzc6/ZjqPMiYag==\n", + "encrypted_data": "4B8OQ0iVCCna4FvC+EuS5prEUWaHRm1+tzXGmFoCQ4WZfhUA1HwT3x651e/R\n", + "iv": "1/zGwcQPQQQCiXIs\n", + "auth_tag": "siK9ph1q3/VVEycy91wkqQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "s3_secret_key": { - "encrypted_data": "/e6HPASZHxTf0JTOeX9X4nlzmhitaFaFK8FqGzLjE2FF2clDJQPEdUzfVrz6\n0yiS7QWWKmycSesC+2qEwmKqF1vt5qQcvg/+z5iKXZ6VmlZx0yc=\n", - "iv": "nGlsRUGt4f8M9vaD\n", - "auth_tag": "OyOoxjwUaXZAYzprTW8/oA==\n", - "version": 3, - "cipher": "aes-256-gcm" - }, - "s3_alias_host": { - "encrypted_data": "3JLiHJi7SZojYtrtoXY8rp3Ez6BSIV3Fjaw6J1kW7dCpCLQ=\n", - "iv": "O11DxH8WrjNM1QkZ\n", - "auth_tag": "i8FB/f0+MzsKc3LISKLX7Q==\n", + "encrypted_data": "BSAc8dE/rQUiVvTGV6Ee/ZUDpq4HZlpoaCZ+lbQAbcnxui4ib0OTLPFwhVJ9\n4OQWahtSzkqxMc6MKWpadLT1a3oTnvnae9b3u40X5b2P3VyZYCM=\n", + "iv": "bqw8GTqLMTs5vD5n\n", + "auth_tag": "+e48L1lYVNda7VE3uLOAHA==\n", "version": 3, "cipher": "aes-256-gcm" } diff --git a/environments/production.json b/environments/production.json index 8c0e97a..bf6d1f6 100644 --- a/environments/production.json +++ b/environments/production.json @@ -21,6 +21,10 @@ } }, "kosmos-mastodon": { + "s3_endpoint": "localhost:3900", + "s3_region": "garage", + "s3_bucket": "kosmos-social", + "s3_alias_host": "s3.kosmos.social", "alternate_domains": [ "mastodon.w7nooprauv6yrnhzh2ajpcnj3doinked2aaztlwfyt6u6pva2qdxqhid.onion" ] diff --git a/nodes/mastodon-3.json b/nodes/mastodon-3.json index 18e8250..e25ec48 100644 --- a/nodes/mastodon-3.json +++ b/nodes/mastodon-3.json @@ -14,6 +14,7 @@ "ipaddress": "192.168.122.161", "roles": [ "kvm_guest", + "garage_gateway", "mastodon", "postgresql_client" ], @@ -21,6 +22,9 @@ "kosmos-base", "kosmos-base::default", "kosmos_kvm::guest", + "kosmos_garage", + "kosmos_garage::default", + "kosmos_garage::firewall_rpc", "kosmos_postgresql::hostsfile", "kosmos-mastodon", "kosmos-mastodon::default", @@ -39,6 +43,8 @@ "postfix::_attributes", "postfix::sasl_auth", "hostname::default", + "firewall::default", + "chef-sugar::default", "kosmos-nodejs::default", "nodejs::nodejs_from_package", "nodejs::repo", @@ -55,8 +61,6 @@ "redisio::disable_os_default", "redisio::configure", "redisio::enable", - "firewall::default", - "chef-sugar::default", "nodejs::npm", "nodejs::install", "backup::default", @@ -81,6 +85,7 @@ "run_list": [ "recipe[kosmos-base]", "role[kvm_guest]", + "role[garage_gateway]", "role[mastodon]" ] } \ No newline at end of file diff --git a/site-cookbooks/kosmos-mastodon/attributes/default.rb b/site-cookbooks/kosmos-mastodon/attributes/default.rb index c3a5406..e37c84e 100644 --- a/site-cookbooks/kosmos-mastodon/attributes/default.rb +++ b/site-cookbooks/kosmos-mastodon/attributes/default.rb @@ -8,8 +8,15 @@ node.default["kosmos-mastodon"]["server_name"] = "kosmos.social" node.default["kosmos-mastodon"]["alternate_domains"] = [] node.default["kosmos-mastodon"]["redis_url"] = "redis://localhost:6379/0" node.default["kosmos-mastodon"]["sidekiq_threads"] = 25 + node.default["kosmos-mastodon"]["onion_address"] = nil + # Allocate this amount of RAM to the Java heap for Elasticsearch node.default["kosmos-mastodon"]["elasticsearch"]["allocated_memory"] = "1536m" +node.default["kosmos-mastodon"]["s3_endpoint"] = nil +node.default["kosmos-mastodon"]["s3_region"] = nil +node.default["kosmos-mastodon"]["s3_bucket"] = nil +node.default["kosmos-mastodon"]["s3_alias_host"] = nil + node.override["redisio"]["version"] = "6.2.6" diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb index 2b47544..bc9abbd 100644 --- a/site-cookbooks/kosmos-mastodon/recipes/default.rb +++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb @@ -166,10 +166,12 @@ application mastodon_path do smtp_login: mastodon_credentials['smtp_user_name'], smtp_password: mastodon_credentials['smtp_password'], smtp_from_address: "mail@#{node['kosmos-mastodon']['server_name']}", - s3_bucket: "kosmos-social", - aws_access_key_id: mastodon_credentials['aws_access_key_id'], - aws_secret_access_key: mastodon_credentials['aws_secret_access_key'], - s3_region: "eu-west-1", + s3_endpoint: node["kosmos-mastodon"]["s3_endpoint"], + s3_region: node["kosmos-mastodon"]["s3_region"], + s3_bucket: node["kosmos-mastodon"]["s3_bucket"], + s3_alias_host: node["kosmos-mastodon"]["s3_alias_host"], + aws_access_key_id: mastodon_credentials['s3_key_id'], + aws_secret_access_key: mastodon_credentials['s3_secret_key'], vapid_private_key: mastodon_credentials['vapid_private_key'], vapid_public_key: mastodon_credentials['vapid_public_key'], db_pass: postgresql_data_bag_item['mastodon_user_password'], diff --git a/site-cookbooks/kosmos-mastodon/templates/default/env.production.erb b/site-cookbooks/kosmos-mastodon/templates/default/env.production.erb index 5fb076b..0013fc2 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/env.production.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/env.production.erb @@ -35,12 +35,16 @@ SMTP_FROM_ADDRESS=<%= @smtp_from_address %> # Serve static files (to nginx proxy) RAILS_SERVE_STATIC_FILES=true +<% if @s3_endpoint %> # S3 (optional) S3_ENABLED=true +S3_ENDPOINT=<%= @s3_endpoint %> +S3_REGION=<%= @s3_region %> S3_BUCKET=<%= @s3_bucket %> +S3_ALIAS_HOST=<%= @s3_alias_host %> AWS_ACCESS_KEY_ID=<%= @aws_access_key_id %> AWS_SECRET_ACCESS_KEY=<%= @aws_secret_access_key %> -S3_REGION=<%= @s3_region %> +<% end %> # Optional alias for S3 if you want to use Cloudfront or Cloudflare in front # S3_CLOUDFRONT_HOST=