Commit Graph

405 Commits

Author SHA1 Message Date
Greg Karékinian 2f599ffd6d Update Chef to 14.11.21
Closes #21
2019-04-02 12:16:13 +02:00
Greg Karékinian 5fa0fa661b Install certbot from the direct download when on 15.04
It does not have a ppa release. Add a cron job for renewal. When using
the PPA a Systemd timer is part of the package
2019-03-18 16:52:05 +01:00
Greg Karékinian 17f1b2a20a Create a nginx_certbot_site resource to remove duplication
It creates a folder, the nginx vhost for certbot and HTTP redirects, and
also runs certbot and recreates the nginx vhost that includes the TLS
cert
2019-03-15 19:03:28 +01:00
Greg Karékinian b30dcab4da Remove an IPFS port from the ejabberd firewall 2019-03-15 12:30:56 +01:00
basti 41db5b2b73 Use kosmos.org email address 2019-03-15 12:45:28 +07:00
basti a77580d6da Use variable instead of hardcoding domain
The domain name is hardcoded exactly 12 times in just the letsencrypt
recipe.
2019-03-15 12:38:42 +07:00
Greg Karékinian c3135402ad Move the nginx hook to the deploy directory, create renewal-hooks dir 2019-03-14 20:21:34 +01:00
Greg Karékinian f50f48b55b Remove the old deploy hook, we moved it to the certbot config dir 2019-03-14 18:07:52 +01:00
Greg Karékinian a978f2a6a5 Fix the path to the Gandi DNS certbot script 2019-03-14 18:06:55 +01:00
Greg Karékinian f12ddefec8 Move the Gandi DNS hook for certbot to the kosmos-base cookbook 2019-03-14 18:01:29 +01:00
Greg Karékinian 65482f09c3 Extract the post hooks to their own script in Certbot's config dir 2019-03-14 15:21:50 +01:00
Greg Karékinian 36e046ea73 Run certbot using the binary provided by the Ubuntu PPA 2019-03-14 10:52:44 +01:00
Greg Karékinian fa27187f11 Switch from the git version of certbot to the Ubuntu PPA 2019-03-14 10:49:47 +01:00
Greg Karékinian fc265014de Switch back to the upstream nginx cookbook
chef_nginx is deprecated
2019-03-14 10:35:11 +01:00
basti 19ad46036f Update Cleantalk extension to latest version
Running on the server already
2019-03-04 18:22:29 +07:00
basti 0ea1971b6c Open up some more ports in firewall
From some manual playing around.
2019-02-28 17:19:06 +07:00
Greg Karékinian 886958270f Set REDIS_URL for botka
It was using the same Redis key to write its brain as hal8000 (`hubot:storage`),
causing scores to not be persisted to Redis. Right now botka is only
saving the online users to the database. It looks like this was only
enabled recently, as the last saved score was from Feb 8

Fixes #14
2019-02-25 18:29:18 +01:00
Greg Karékinian 5fc158cb5e Install the latest version of the backup gem 2019-02-25 18:28:55 +01:00
Greg Karékinian 33b8b39be2 Update ipfs and ipfs-cluster 2019-02-25 12:50:07 +01:00
basti f082269e66 Use Gitea repo, new branch, new Ruby 2019-01-27 12:46:21 +08:00
Greg Karékinian 56d14748f9 Fix the Let's Encrypt renew hook script
Only copy over the certs to the prosody directory if it's the 5apps.com
wildcard, not for any 5apps.com subdomain
2018-12-20 17:26:37 +01:00
Greg Karékinian 9c97cb4a58 Remove empty environment 2018-12-03 16:53:41 +01:00
Greg Karékinian 1e3f84ed9b Merge branch 'master' into feature/5apps_xmpp_certs 2018-12-03 16:52:26 +01:00
Greg Karékinian ffc6858dcc Do not pass the password on the command line anymore to fix a warning
Since email notifications work now we do not want warnings. Write an
option file with the credentials for mysqldump
(https://dev.mysql.com/doc/refman/5.7/en/option-files.html)
2018-11-09 14:08:32 +01:00
Greg Karékinian 7073e5d574 Fix backup gem notifications failing
This was caused by a bogus PATH that did not include /usr/sbin. The root
user's default PATH includes that, so /usr/sbin/sendmail provided by
postfix is in it

Fixes #27
2018-11-09 14:08:32 +01:00
Greg Karékinian 81c68a9609 Merge branch 'master' into feature/5apps_xmpp_certs 2018-11-08 14:13:09 +01:00
basti 90851fb7de Update Mastodon's Ruby 2018-11-01 12:19:30 +01:00
Greg Karékinian 3ce78a9ef4 Merge branch 'master' into feature/25-ipfs_cluster 2018-10-26 17:54:05 +02:00
Greg Karékinian 5e973b6875 Use the kosmos-ipfs recipe in the hal8000 recipe
This changes the port to not conflict with hubot and sets the gateway to
be writable
2018-10-26 17:49:06 +02:00
Greg Karékinian a7871770b8 Remove an unnecessary require and letsencrypt recipe
This way kosmos-ipfs::default can be used without adding the Let's
Encrypt certificate
2018-10-26 17:46:47 +02:00
basti c0358f5c9b Split hubot into separate recipes, add ipfs to hal8000 2018-10-26 17:40:33 +02:00
Greg Karékinian 4a42fc4ae3 Merge branch 'master' into feature/25-ipfs_cluster 2018-10-26 16:46:44 +02:00
Greg Karékinian d236d138dc Set the S3 credentials to write the new oncall file 2018-10-26 13:38:12 +02:00
basti c90ccfcf9e Merge branch 'feature/ipfs' 2018-09-09 15:47:26 +08:00
basti 4bccf4dd88 Fix missing Mastodon/PosgreSQL backups
The backup cookbook was incomplete, and also there was no database
configured to be backed up.
2018-09-08 12:54:51 +08:00
Greg Karékinian 185649a5f9 Automatically generate a Let's Encrypt cert for all 5apps xmpp domains
Uses the Gandi LiveDNS API
2018-09-04 17:38:17 +02:00
basti 214e69427e Open up port for Prosody HTTP uploads 2018-09-04 14:14:02 +08:00
Greg Karékinian e6a3460a2c Make the number of sidekiq threads configurable, bump to 25 2018-09-03 19:11:42 +02:00
Greg Karékinian 2f87e7c07c Add the ability to override the IPFS port that nginx connects to
This allows us to use the API proxy from the cluster
2018-08-16 15:59:44 +02:00
Greg Karékinian f31322ab81 Move the firewall rule for ipfs p2p to the right recipe 2018-08-16 15:59:06 +02:00
Greg Karékinian 741c4a5192 Move the ipfs cookbook to its own GitHub repository 2018-08-13 12:05:50 +02:00
Greg Karékinian de32a7c595 Remove the Let's Encrypt recipe from the default one
We only need one node with a TLS cert
2018-08-13 12:05:11 +02:00
Greg Karékinian b36e6a718a Add a recipe that sets up the cluster and enables the firewall 2018-08-13 12:05:00 +02:00
Greg Karékinian 7a8042e356 Add initial IPFS Cluster support
It uses an encrypted data bag to store the cluster secret that has to be
the same on all members of a cluster. It installs ipfs-cluster-service
and ipfs-cluster-ctl and starts the cluster

Refs #25
2018-08-06 18:05:44 +02:00
Greg Karékinian d0f2275ebb Fix the ipfs config
The whole thing was inconsistent and didn't work when creating a server
from scratch
2018-08-06 12:14:20 +02:00
basti b2d92723d7 Add hubot-redis-brain to botka
Without it, the web push notifications script cannot work.
2018-06-14 13:31:04 +02:00
basti 122dcfeea7 Add fixme note 2018-06-14 11:47:07 +02:00
basti db039a185a Update certbot 2018-06-13 18:52:13 +02:00
basti 50de448d53 Add nginx reverse proxy for botka on freenode 2018-06-13 18:52:01 +02:00
basti 4b30ce8b23 Make hubot nginx config generic 2018-06-13 18:32:36 +02:00