1201 Commits

Author SHA1 Message Date
Râu Cao
83513dbd9d Remove request limits for ipfs proxy
In favor of fail2ban
2022-11-30 11:58:22 +01:00
Râu Cao
c4d43b7f4e Make Mastodon services listen on private IP in prod
And allow access to them from the private network
2022-11-30 11:57:51 +01:00
Râu Cao
2958ba4b81
Use *.kosmos.local hostnames for LDAP nodes 2022-11-26 16:47:28 +01:00
Râu Cao
991458208d
Use a role for configuring LDAP hostname on clients
This way it's also easy to converge all LDAP clients at once.
2022-11-26 16:45:45 +01:00
Râu Cao
8d4db7290e
Rename dirsrv_primary role
The term used in 389 docs is "supplier" instead (ex "master")
2022-11-26 16:44:05 +01:00
Râu Cao
e0fb84e56c
Store Gitea data (avatars, attachments, etc.) in Garage/S3
Also adds a new garage gateway role, which only allows RPC (inter-node)
traffic to Garage.
2022-11-26 13:05:07 +01:00
Râu Cao
20e6bdb7f9 Add production environment, replication for garage
Also deploy a third node in a different data center
2022-11-25 10:56:22 +00:00
Râu Cao
b5ff60214c Install/configure Garage
Add a garage cookbook that installs the garage binary distribution and
creates the necessary configuration and system service.

Also deploy two new VMs to act as storage nodes.

refs #428
2022-11-25 10:56:22 +00:00
Râu Cao
d06f5d7723
Set up fail2ban for nginx, move IPFS gateway to proxy role 2022-11-24 14:02:43 +01:00
Greg Karékinian
5a5f8425af Add missing postgresql-client package for backup gem 2022-11-07 16:30:45 +01:00
Greg Karékinian
4bfb7d5f5d Extract mastodon db backup to its own recipe 2022-11-07 16:22:15 +01:00
Râu Cao
4188b2976b
Use Ruby 3.0.3, skip post-deployment migrations 2022-11-07 14:53:52 +01:00
Râu Cao
3620a43190
Upgrade Elasticsearch from 6.x to latest 7.x 2022-11-06 13:56:15 +01:00
Râu Cao
6df168f32f
Prune VM backups after every run 2022-11-05 17:43:48 +01:00
Râu Cao
65933bef4b Move hubot nginx sites to proxy role, deploy to fornax 2022-11-04 14:41:21 +01:00
Râu Cao
6cce1d9df8 Upgrade hal8000 setup for new hubot-kredits 2022-11-04 14:41:12 +01:00
Râu Cao
534f23eebc Remove obsolete recipes 2022-11-04 14:38:51 +01:00
Râu Cao
76fd629e40
Deploy new kredits ipfs-pinner
refs kredits/meta#10
2022-11-03 14:16:37 +01:00
Râu Cao
0297298ce0
Upgrade LND to 0.15.4
Fixes a critical issue that prevents block sync in production
2022-11-03 11:02:52 +01:00
Râu Cao
90b62e3fc1
Remove ufw logging for ipfs 2022-11-02 19:27:09 +01:00
c9a0310511 Merge branch 'master' into bugfix/ipfs_connectivity 2022-11-02 17:13:55 +00:00
Râu Cao
b1922d26f6
Allow IPFS connections on private network
(HAProxy is now also using the private network.)

This fixes IPFS connections to Kosmos nodes from outside the network, as
well as in between nodes on the private network.
2022-11-02 14:06:07 +01:00
Râu Cao
f7ff1248fe
Enable Web UI on private network 2022-11-02 14:05:43 +01:00
Râu Cao
bc11301782
Move bitcoind datadir from host to VM storage 2022-10-27 11:52:05 +02:00
Râu Cao
756382ec9f
Move block data files to CIFS share
This is the vast majority of disk space used on the host currently.
2022-10-26 15:49:03 +02:00
Râu Cao
458558fb26
Deploy different content on kosmos.org for now 2022-10-24 15:13:18 +02:00
Râu Cao
67f6e1b34a
Downgrade go-ipfs to 0.15
Fixes #435
2022-10-24 14:18:19 +02:00
Râu Cao
58e6e7de03
Remove ufw logs
Just added them to check the blocking for a while
2022-10-22 13:03:16 +02:00
Râu Cao
1afc3a5de5
Block outgoing traffic to local networks by default
Some software, e.g. go-ipfs, is rather aggressive in scanning local
networks for peers, which can trigger abuse reports and IP locks in the
data center.
2022-10-21 13:37:38 +02:00
Râu Cao
61710aa4a4 Set up systemd service and timer for backups 2022-10-21 10:50:04 +02:00
Râu Cao
95941c830f Remove verbose stats outout from backup script 2022-10-21 10:49:30 +02:00
Râu Cao
a5b2eb5f97 Move borg credentials to a separate file
To be used from a service
2022-10-21 10:49:02 +02:00
Râu Cao
34a57fa298
Merge branch 'lnd_tor_changes' into feature/qemu_snapshots 2022-10-19 15:23:39 +02:00
Râu Cao
6d765f959d
Fix backup VM name for ldap-3
(and potentially other guests where the name differs from the libvirt
domain name)
2022-10-19 12:51:46 +02:00
Râu Cao
82f50b0caa
Only back up domain-specific XML per archive 2022-10-19 12:24:10 +02:00
Râu Cao
6c8f9055c1
Create directories for KVM host backup files 2022-10-19 12:23:54 +02:00
Râu Cao
2e2ebbcc02
Fix filenames for guest agent sockets 2022-10-19 12:23:17 +02:00
Râu Cao
a3844b7ef6
WIP Add KVM host backup recipe
Add a recipe that configures scripts for live backups of VM images via
libvirt and borg.
2022-10-19 12:08:05 +02:00
Râu Cao
6d50a32aca
Add FIXME note 2022-10-19 12:08:05 +02:00
Râu Cao
895d293899
Update RSKj version 2022-10-18 18:46:53 +02:00
Râu Cao
315cd247e5
Enable qemu-guest-agent after install
This is actually automatically done for the service from the apt
package, but I like specifying it explicitly as well.
2022-10-12 15:55:08 +02:00
Râu Cao
e73b8fb01f
Add guest agent device when creating VMs
This is necessary for qemu-guest-agent to actually work
2022-10-12 15:53:00 +02:00
Greg Karékinian
378fee85ec Create a discourse cookbook that can be wrapped
It makes it possible to serve multiple Discord instances to different
hosts from a single nginx load balancer

Right now we run one for Kosmos and one for remoteStorage
2022-10-11 17:58:22 +02:00
Râu Cao
e90b265f7e
Remove superfluous license headers 2022-10-10 15:29:17 +02:00
Râu Cao
bec54e6ffb
Upgrade LND, bitcoind
LND needs an emergency hotfix, released in 0.15.2, due to a subtle
Taproot transaction parsing limitation in a library it depends on.
2022-10-10 13:46:12 +02:00
Râu Cao
ff907384d9
Upgrade Gitea to 1.17.2 2022-09-21 11:32:20 +02:00
Greg Karékinian
85abfd4e5e Create the required groups and ACIs 2022-08-22 16:15:02 +02:00
Râu Cao
f17a420a64
Update VM base image 2022-08-22 13:40:07 +01:00
607466b1d2 Merge pull request 'Add KVM Guest role' (#409) from feature/kvm_guest_role into master
Reviewed-on: #409
2022-08-22 11:46:43 +00:00
Râu Cao
65adc84e5b
Upgrade Gitea to 1.17.0
Also adds a new Nginx directive to allow larger uploads to the Docker
registry endpoints.

closes #422
2022-08-09 11:58:56 +02:00