Commit Graph

923 Commits

Author SHA1 Message Date
Râu Cao e54112418e Upgrade Gitea 1.18.0
Requires some config changes for the mailer.
2022-12-30 23:05:40 +07:00
raucao d8e0124c46 Merge pull request 'Set up PeerSwap for LND' (#459) from feature/peerswap into feature/454-lndhub.go
Reviewed-on: #459
2022-12-27 06:23:09 +00:00
Râu Cao 176dd64438 Remove peerswap policy file from recipe
This will be auto-created anyway, and we don't want to overwrite changes
added by the CLI.
2022-12-26 11:29:17 +07:00
Râu Cao 4f1b1aff30 Set up PeerSwap
Allows to swap sats in and out of Lightning channels without a 3rd party
(and their fees). Instead, swaps can be initiated directly with the
channel peer.

https://www.peerswap.dev/
2022-12-26 11:16:22 +07:00
Râu Cao b3465e186f Fix comment 2022-12-26 11:16:01 +07:00
Râu Cao ea635a52e9 Formatting 2022-12-26 11:14:40 +07:00
Râu Cao 90e17b0abc Rename bitcoind recipe
Was still using a name from when the cookbook didn't set up anything
else
2022-12-25 16:28:14 +07:00
Râu Cao 3d7b4df376 Add rate limit config for lndhub-go 2022-12-24 00:58:11 +07:00
Râu Cao b738dc1e80 Add nginx proxy hosts for Garage Web access
The respective bucket needs to be configured with a domain alias. When a
new alias is added to the `s3_web_domains` config, a new nginx site can
then be deployed to the `nginx_proxy` hosts.
2022-12-23 18:07:39 +07:00
Râu Cao 3641ea7a60 Deploy lndhub.go branch of akkounts 2022-12-23 18:02:42 +07:00
Râu Cao a7e04f4e63 Exclude lndhub backups in dev 2022-12-23 14:17:43 +07:00
Râu Cao e0c400c007 Use correct asset URL for lndhub logo 2022-12-22 20:03:58 +07:00
Râu Cao 7802ea25e6 Ignore chef environment when looking up primary
We use mixed environments still, not everything is in "production" yet.
2022-12-22 19:45:45 +07:00
Râu Cao 379a503dd0 Move lndhub nginx site to proxy
And configure for lndhub-go. Also configure branding for public lndhub
dashboard
2022-12-22 19:35:30 +07:00
Râu Cao 7d11450c4e Set up lndhub.go
closes #454
2022-12-11 14:30:27 +01:00
greg 26a34a69d3 Merge branch 'master' into feature/ldap_replication 2022-12-08 13:08:00 +00:00
Râu Cao a460302728 Add missing sidekiq queue 2022-12-01 17:08:17 +01:00
Râu Cao 2ecb4e2385 Upgrade Ruby to 3.0.4 2022-12-01 15:29:38 +01:00
Râu Cao cdd3f026c4 Always use config for skipping post-deployment migrations 2022-12-01 15:05:24 +01:00
Râu Cao f3ca307e64 Fix Tor access
Configure alternate_domains for Rails app to re-enable Tor access (was
throwing 403s without this config)
2022-11-30 12:06:25 +01:00
Râu Cao 66f5217a41 Refactor Mastodon nginx recipe for proxy usage
Works both as local deployment and proxy (via roles and environments)

* Use upstreams for proxy_pass
* Access static assets from proxy, configure caching for them
* Move Tor config to environment, install via role
* ...
2022-11-30 12:02:17 +01:00
Râu Cao 83e55c84a2 Use domain name for log file paths 2022-11-30 12:00:01 +01:00
Râu Cao 83513dbd9d Remove request limits for ipfs proxy
In favor of fail2ban
2022-11-30 11:58:22 +01:00
Râu Cao c4d43b7f4e Make Mastodon services listen on private IP in prod
And allow access to them from the private network
2022-11-30 11:57:51 +01:00
Râu Cao 2958ba4b81 Use *.kosmos.local hostnames for LDAP nodes 2022-11-26 16:47:28 +01:00
Râu Cao 991458208d Use a role for configuring LDAP hostname on clients
This way it's also easy to converge all LDAP clients at once.
2022-11-26 16:45:45 +01:00
Râu Cao 8d4db7290e Rename dirsrv_primary role
The term used in 389 docs is "supplier" instead (ex "master")
2022-11-26 16:44:05 +01:00
Râu Cao e0fb84e56c Store Gitea data (avatars, attachments, etc.) in Garage/S3
Also adds a new garage gateway role, which only allows RPC (inter-node)
traffic to Garage.
2022-11-26 13:05:07 +01:00
Râu Cao 20e6bdb7f9 Add production environment, replication for garage
Also deploy a third node in a different data center
2022-11-25 10:56:22 +00:00
Râu Cao b5ff60214c Install/configure Garage
Add a garage cookbook that installs the garage binary distribution and
creates the necessary configuration and system service.

Also deploy two new VMs to act as storage nodes.

refs #428
2022-11-25 10:56:22 +00:00
Râu Cao d06f5d7723 Set up fail2ban for nginx, move IPFS gateway to proxy role 2022-11-24 14:02:43 +01:00
Greg Karékinian 5a5f8425af Add missing postgresql-client package for backup gem 2022-11-07 16:30:45 +01:00
Greg Karékinian 4bfb7d5f5d Extract mastodon db backup to its own recipe 2022-11-07 16:22:15 +01:00
Râu Cao 4188b2976b Use Ruby 3.0.3, skip post-deployment migrations 2022-11-07 14:53:52 +01:00
Râu Cao 3620a43190 Upgrade Elasticsearch from 6.x to latest 7.x 2022-11-06 13:56:15 +01:00
Râu Cao 6df168f32f Prune VM backups after every run 2022-11-05 17:43:48 +01:00
Râu Cao 65933bef4b Move hubot nginx sites to proxy role, deploy to fornax 2022-11-04 14:41:21 +01:00
Râu Cao 6cce1d9df8 Upgrade hal8000 setup for new hubot-kredits 2022-11-04 14:41:12 +01:00
Râu Cao 534f23eebc Remove obsolete recipes 2022-11-04 14:38:51 +01:00
Râu Cao 76fd629e40 Deploy new kredits ipfs-pinner
refs kredits/meta#10
2022-11-03 14:16:37 +01:00
Râu Cao 0297298ce0 Upgrade LND to 0.15.4
Fixes a critical issue that prevents block sync in production
2022-11-03 11:02:52 +01:00
Râu Cao 90b62e3fc1 Remove ufw logging for ipfs 2022-11-02 19:27:09 +01:00
greg c9a0310511 Merge branch 'master' into bugfix/ipfs_connectivity 2022-11-02 17:13:55 +00:00
Râu Cao b1922d26f6 Allow IPFS connections on private network
(HAProxy is now also using the private network.)

This fixes IPFS connections to Kosmos nodes from outside the network, as
well as in between nodes on the private network.
2022-11-02 14:06:07 +01:00
Râu Cao f7ff1248fe Enable Web UI on private network 2022-11-02 14:05:43 +01:00
Râu Cao bc11301782 Move bitcoind datadir from host to VM storage 2022-10-27 11:52:05 +02:00
Râu Cao 756382ec9f Move block data files to CIFS share
This is the vast majority of disk space used on the host currently.
2022-10-26 15:49:03 +02:00
Râu Cao 458558fb26 Deploy different content on kosmos.org for now 2022-10-24 15:13:18 +02:00
Râu Cao 67f6e1b34a Downgrade go-ipfs to 0.15
Fixes #435
2022-10-24 14:18:19 +02:00
Râu Cao 58e6e7de03 Remove ufw logs
Just added them to check the blocking for a while
2022-10-22 13:03:16 +02:00