|
|
a1a0d7e4c1
|
Switch Certbot to snap package on Ubuntu 20.04+
Needs only minor changes. Tested and running on wiki.kosmos.org already.
|
2020-09-06 13:46:06 +02:00 |
|
Greg Karékinian
|
84cf008bac
|
Install vim
|
2020-06-19 17:30:02 +02:00 |
|
Greg Karékinian
|
b4357df471
|
Enable unattended-upgrades (security and updates repositories)
... with email notifications on failure and logging with syslog
|
2020-06-19 17:30:02 +02:00 |
|
Greg Karékinian
|
2c2ae596ed
|
Don't update chef using the chef_client_updater cookbook
It only makes sense when using Chef Server, which we don't
|
2019-10-08 18:17:34 +02:00 |
|
Greg Karékinian
|
3a693efcd6
|
Add email notifications for failed certbot runs
Based on https://wiki.archlinux.org/index.php/Systemd/Timers#MAILTO
This can easily be used by other services, with one line added to the
[Unit] section of a service:
OnFailure=status-email-ops@%n.service
Refs #3
|
2019-06-20 12:46:27 +02:00 |
|
Greg Karékinian
|
4cc5f3e6d1
|
Remove the XMPP firewall rules for andromeda
They are part of the kosmos-ejabberd cookbook now
|
2019-05-14 17:10:33 +02:00 |
|
Greg Karékinian
|
ad23530653
|
Add the firewall rules for ejabberd
Includes the missing 5223 port in the andromeda_firewall recipe too
|
2019-05-13 17:08:21 +02:00 |
|
|
|
7c29957ed9
|
Fix and consolidate firewall rules
Most of them are already defined in the appropriate recipe. And one can
be moved. (These are currently opened on every server for no reason.)
|
2019-04-19 15:52:56 +01:00 |
|
Greg Karékinian
|
57d0885d26
|
Change the licenses of hte kosmos cookbooks to MIT
|
2019-04-12 11:41:20 +02:00 |
|
Greg Karékinian
|
12355a6b27
|
Add a base role, so that chef is updated before anything else
|
2019-04-08 17:58:02 +02:00 |
|
Greg Karékinian
|
6e3e8cde1b
|
Create the Let's Encrypt hook subdirectories
|
2019-04-08 11:16:38 +02:00 |
|
Greg Karékinian
|
b1a3c5e2cd
|
Revert "Revert "Remove the sudo cookbook""
This reverts commit 87d7c721b16356a3607f9462916e6b04a93dbad5.
|
2019-04-03 12:52:40 +02:00 |
|
Greg Karékinian
|
2f05629fde
|
Revert "Revert "Update Chef to 14.11.21""
This reverts commit db4b45b5c26c50c7b883d0f96b2a9a5136f26b58.
|
2019-04-03 12:52:32 +02:00 |
|
Greg Karékinian
|
87d7c721b1
|
Revert "Remove the sudo cookbook"
This reverts commit 73d1722d4b5c545ec488c5eb2119dd8b9b155363.
|
2019-04-03 10:30:38 +02:00 |
|
Greg Karékinian
|
db4b45b5c2
|
Revert "Update Chef to 14.11.21"
This reverts commit 2f599ffd6d757bc98ac862836110c7b32cda3c51.
|
2019-04-03 10:30:24 +02:00 |
|
Greg Karékinian
|
73d1722d4b
|
Remove the sudo cookbook
Chef 14 ships with a sudo resource:
https://docs.chef.io/resource_sudo.html
|
2019-04-02 12:17:06 +02:00 |
|
Greg Karékinian
|
2f599ffd6d
|
Update Chef to 14.11.21
Closes #21
|
2019-04-02 12:16:13 +02:00 |
|
Greg Karékinian
|
5fa0fa661b
|
Install certbot from the direct download when on 15.04
It does not have a ppa release. Add a cron job for renewal. When using
the PPA a Systemd timer is part of the package
|
2019-03-18 16:52:05 +01:00 |
|
Greg Karékinian
|
b30dcab4da
|
Remove an IPFS port from the ejabberd firewall
|
2019-03-15 12:30:56 +01:00 |
|
Greg Karékinian
|
c3135402ad
|
Move the nginx hook to the deploy directory, create renewal-hooks dir
|
2019-03-14 20:21:34 +01:00 |
|
Greg Karékinian
|
f12ddefec8
|
Move the Gandi DNS hook for certbot to the kosmos-base cookbook
|
2019-03-14 18:01:29 +01:00 |
|
Greg Karékinian
|
65482f09c3
|
Extract the post hooks to their own script in Certbot's config dir
|
2019-03-14 15:21:50 +01:00 |
|
Greg Karékinian
|
fa27187f11
|
Switch from the git version of certbot to the Ubuntu PPA
|
2019-03-14 10:49:47 +01:00 |
|
|
|
0ea1971b6c
|
Open up some more ports in firewall
From some manual playing around.
|
2019-02-28 17:19:06 +07:00 |
|
Greg Karékinian
|
56d14748f9
|
Fix the Let's Encrypt renew hook script
Only copy over the certs to the prosody directory if it's the 5apps.com
wildcard, not for any 5apps.com subdomain
|
2018-12-20 17:26:37 +01:00 |
|
Greg Karékinian
|
185649a5f9
|
Automatically generate a Let's Encrypt cert for all 5apps xmpp domains
Uses the Gandi LiveDNS API
|
2018-09-04 17:38:17 +02:00 |
|
|
|
214e69427e
|
Open up port for Prosody HTTP uploads
|
2018-09-04 14:14:02 +08:00 |
|
|
|
db039a185a
|
Update certbot
|
2018-06-13 18:52:13 +02:00 |
|
Greg Karékinian
|
7165bf49c6
|
Add missing recipe, used to set up andromeda's firewall rules
|
2018-06-07 12:33:38 +02:00 |
|
Greg Karékinian
|
b35c4bc097
|
Update Chef version
|
2018-04-17 16:08:15 +02:00 |
|
Greg Karékinian
|
bd71418ec2
|
Changes for the new sudo cookbook
|
2018-04-17 13:18:36 +02:00 |
|
Greg Karékinian
|
49664dbc8d
|
The renew hook now needs to be an executable in the path
An absolute path doesn't work anymore.
Also send an email containing STDERR when the renewal command fails
|
2017-09-22 11:53:01 +02:00 |
|
Greg Karékinian
|
f93070c4c0
|
Replace timezone-ii cookbook with timezone_iii
This fork supports Chef 13 and is still maintained
|
2017-06-16 13:10:46 +02:00 |
|
Greg Karékinian
|
189b66a36f
|
Update Chef to 12.20.3
|
2017-06-16 11:43:24 +02:00 |
|
Greg Karékinian
|
5534b57752
|
Add ntp package and don't run most kosmos-base things in development
|
2017-06-09 21:18:44 +02:00 |
|
Greg Karékinian
|
26097197ca
|
Don't create users and rewrite the sudo config in dev environment
It breaks the vagrant user
|
2017-06-09 16:43:26 +02:00 |
|
Greg Karékinian
|
5385813eda
|
Merge branch 'master' into feature/ubuntu-16.04
|
2017-06-09 16:36:19 +02:00 |
|
Greg Karékinian
|
afc07c3192
|
Add more secure sudo configuration
Also update the sudo cookbook
|
2017-06-09 16:08:36 +02:00 |
|
Greg Karékinian
|
943b4ace1f
|
Replace omnibus_updater with chef_client_updater
omnibus_updater is deprecated
|
2017-05-02 11:53:33 +02:00 |
|
|
|
54332db8de
|
Use ruby-build for Mastodon, update cookbooks
This uses the ruby_build provider for Mastodon, installing Ruby 2.4.1
currently. It also updates some other cookbooks and the runlists.
|
2017-04-17 11:40:31 +02:00 |
|
Greg Karékinian
|
de11c0d691
|
Set up an instance of Mastodon for Kosmos
Refs #19
Use new application cookbook, update our cookbooks
|
2017-04-06 21:20:51 +02:00 |
|
Greg Karékinian
|
14542f8419
|
Do not require the deprecated users::sysadmins recipe
Write the 4 lines of code instead
|
2017-03-20 13:17:32 +00:00 |
|
Greg Karékinian
|
e57ee1590e
|
Update Chef to 12.19.36
|
2017-03-20 13:16:11 +00:00 |
|
Greg Karékinian
|
9436284be2
|
Use the latest certbot instead of the old letsencrypt
|
2017-03-19 20:05:09 +00:00 |
|
Greg Karékinian
|
98ba42b157
|
Fix the frequency of the Let's Encrypt script (run every day)
|
2017-01-26 05:52:11 +00:00 |
|
|
|
b431e75e79
|
Use latest Chef
|
2017-01-20 10:32:32 +08:00 |
|
Greg Karékinian
|
ad4200e558
|
Restart nginx after renewing the Let's Encrypt cert
|
2016-10-06 13:57:20 +02:00 |
|
Greg Karékinian
|
096b4900bd
|
Add missing Let's Encrypt recipe
Also declare cron job to renew certs
Refs #6
|
2016-05-06 17:02:41 +02:00 |
|
Greg Karékinian
|
da39a04552
|
Update Chef to 12.9.38
|
2016-04-22 14:35:14 +02:00 |
|
Greg Karékinian
|
255ff036c3
|
Update firewall_rule resource
Updated cookbook
|
2016-02-19 18:11:43 +01:00 |
|
