Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							ee9c241a4d 
							
						 
					 
					
						
						
							
							Add a postgresql_client role  
						
						... 
						
						
						
						The role is empty but is used to explicitly define servers that have
access rights to all PostgreSQL databases and users 
						
						
					 
					
						2020-06-12 16:54:58 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							6f696d7634 
							
						 
					 
					
						
						
							
							Define access rules in the PostgreSQL primary recipe  
						
						... 
						
						
						
						Access is done for the IP of a server for all users and all databases
for ejabberd and gitea 
						
						
					 
					
						2020-06-11 18:20:04 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							26097a7584 
							
						 
					 
					
						
						
							
							Use the correct database name for the access rights  
						
						
						
						
					 
					
						2020-06-11 09:00:50 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							1a6ce44758 
							
						 
					 
					
						
						
							
							Create a minimalist ejabberd role for development  
						
						... 
						
						
						
						No Let's Encrypt, no backups 
						
						
					 
					
						2020-06-10 18:43:34 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							2c21d6255b 
							
						 
					 
					
						
						
							
							Add PostgreSQL primary support to the kosmos-ejabberd cookbook  
						
						... 
						
						
						
						* Move the PostgreSQL user and database creation to a pg_db recipe
* Generate access rights for the ejabberd servers in the pg_db recipe
* Connect to the PostgreSQL primary instead of localhost
Refs #180  
						
						
					 
					
						2020-06-10 18:38:40 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							091a46e972 
							
						 
					 
					
						
						
							
							Do not pass the pgsql_password variable to ejabberd.yml  
						
						... 
						
						
						
						The password is only used in the config files for the vhosts 
						
						
					 
					
						2020-06-10 18:37:36 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							81403b7cb9 
							
						 
					 
					
						
						
							
							Merge pull request 'Fix PostgreSQL replica config with encrypted data directory' ( #179 ) from bugfix/postgres_issues into master  
						
						
						
						
					 
					
						2020-06-10 14:04:58 +00:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							a0db6adaf2 
							
						 
					 
					
						
						
							
							Pass the data_directory to the postgresql_server_conf resource  
						
						... 
						
						
						
						Previously we were passing it as an additional config, but it is set by
default. The last value was used, the custom one, so the server still
used the correct file 
						
						
					 
					
						2020-06-10 14:41:07 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							e3e726097f 
							
						 
					 
					
						
						
							
							Do not enable the postgresql@12-main service  
						
						... 
						
						
						
						We want it to run only once the encrypted data directory has been
mounted 
						
						
					 
					
						2020-06-10 14:41:07 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							dba6629869 
							
						 
					 
					
						
						
							
							Use the attribute from the encfs recipe for the data directory  
						
						
						
						
					 
					
						2020-06-10 14:41:03 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							229e9cfbd2 
							
						 
					 
					
						
						
							
							Add the kosmos_encfs recipe to centaurus  
						
						
						
						
					 
					
						2020-06-10 14:40:01 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							d88d3b07a5 
							
						 
					 
					
						
						
							
							Merge pull request 'Encrypt PostgreSQL data directory' ( #166 ) from feature/pg_encfs into master  
						
						
						
						
					 
					
						2020-06-08 15:02:58 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							b662c04183 
							
						 
					 
					
						
						
							
							Finish initial encfs cookbook and postgres adaptations  
						
						
						
						
					 
					
						2020-06-08 17:01:24 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							379161eb1e 
							
						 
					 
					
						
						
							
							Fix postgres installation  
						
						... 
						
						
						
						Also, do not start at boot anymore, in favor of path-based activation. 
						
						
					 
					
						2020-06-07 12:47:06 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							353f2c13f1 
							
						 
					 
					
						
						
							
							Improve encfs cookbook  
						
						... 
						
						
						
						Fix some things, and prepare for path-based activation. Also, comment
the buggy initial dir creation and explain manual provisioning in README
for now. 
						
						
					 
					
						2020-06-07 12:45:33 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							8918452fc5 
							
						 
					 
					
						
						
							
							Use latest postgresql fork  
						
						
						
						
					 
					
						2020-06-07 12:40:39 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							501626de1f 
							
						 
					 
					
						
						
							
							Add encfs to Vagrantfile  
						
						
						
						
					 
					
						2020-06-07 12:30:00 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							4fe0e913f8 
							
						 
					 
					
						
						
							
							Use our own fork of the postgresql cookbook  
						
						
						
						
					 
					
						2020-06-07 12:29:34 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							bd99b76287 
							
						 
					 
					
						
						
							
							Use human-readable flag for encfs mount script  
						
						... 
						
						
						
						In case someone wants to see what it does without reading a manual in
the future. 
						
						
					 
					
						2020-06-06 12:24:08 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							1e60722ec4 
							
						 
					 
					
						
						
							
							Create an initial encfs cookbook  
						
						... 
						
						
						
						Usage: Add the kosmos_encfs::default recipe to the run list of a node.
Creating the encrypted directory will keep it mounted. After a reboot,
start the encfs service and enter the password:
```
$ systemctl start encfs
encfs password:
```
For now postgresql@12-main is a hardcoded dependency of the encfs
Systemd unit that is automatically started once the user inputs the
correct password. This list of dependency will need to be different for
every server, based on the services it is running 
						
						
					 
					
						2020-06-04 19:50:20 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							eded62a3ec 
							
						 
					 
					
						
						
							
							Merge branch 'master' into feature/pg_encfs  
						
						
						
						
					 
					
						2020-06-04 15:13:53 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							db4792e836 
							
						 
					 
					
						
						
							
							Merge pull request 'Gitea fixes' ( #174 ) from bugfix/147-gitea_fixes into master  
						
						
						
						
					 
					
						2020-06-02 14:24:11 +00:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							ccd49aefa4 
							
						 
					 
					
						
						
							
							Add Gitea to the run lists for Andromeda and Centaurus  
						
						
						
						
					 
					
						2020-06-02 16:19:21 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							759fa52e03 
							
						 
					 
					
						
						
							
							Enable the certbot resource  
						
						
						
						
					 
					
						2020-06-02 16:19:05 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							0f10723c81 
							
						 
					 
					
						
						
							
							Enable secure cookies  
						
						
						
						
					 
					
						2020-06-02 16:18:48 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							55865c526c 
							
						 
					 
					
						
						
							
							Add the Let's Encrypt hook dir to the config  
						
						... 
						
						
						
						Only enabled when there is no TLS cert. This is already part of the
certbot nginx vhost 
						
						
					 
					
						2020-06-02 16:17:34 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							0c502580c2 
							
						 
					 
					
						
						
							
							Fix the condition for the Let's Encrypt cert in the template  
						
						... 
						
						
						
						The line contained an extra ! 
						
						
					 
					
						2020-06-02 16:16:30 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							27845525da 
							
						 
					 
					
						
						
							
							Use the same JWT_SECRET as on our previous Gitea  
						
						... 
						
						
						
						A different one breaks 2FA 
						
						
					 
					
						2020-06-02 12:12:59 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							c8e50fd226 
							
						 
					 
					
						
						
							
							Install git, it is a required dependency for Gitea  
						
						... 
						
						
						
						I didn't catch it because git is installed by default in the Vagrant box
I used to write the cookbook 
						
						
					 
					
						2020-06-02 11:41:19 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							2d6c514257 
							
						 
					 
					
						
						
							
							Add the gitea role  
						
						
						
						
					 
					
						2020-06-02 11:22:10 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							8342298c89 
							
						 
					 
					
						
						
							
							Merge branch 'feature/147-gitea_cookbook' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-06-02 09:16:37 +00:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							94330f2052 
							
						 
					 
					
						
						
							
							Comment out the COOKIE_SECURE config for now  
						
						... 
						
						
						
						We will enable it again after we have a valid TLS cert generated with
Let's Encrypt. It prevents logins using http, and we will need that as
an admin account 
						
						
					 
					
						2020-05-28 18:43:31 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							baaae695af 
							
						 
					 
					
						
						
							
							Merge branch 'master' into feature/147-gitea_cookbook  
						
						
						
						
					 
					
						2020-05-28 15:44:44 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							5b2d4f269d 
							
						 
					 
					
						
						
							
							Merge branch 'bugfix/171-letsencrypt_resource' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-05-26 15:25:27 +00:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							baa0739936 
							
						 
					 
					
						
						
							
							Add the backup recipe  
						
						... 
						
						
						
						Also move the Gitea data dir to an attribute 
						
						
					 
					
						2020-05-26 15:21:26 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							3332a1b2e8 
							
						 
					 
					
						
						
							
							Write initial README  
						
						
						
						
					 
					
						2020-05-26 15:21:07 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							210c76c479 
							
						 
					 
					
						
						
							
							Fix the name of the Let's Encrypt cert execute resource  
						
						... 
						
						
						
						The resource in the notification was invalid, missing the type of
resource (execute)
Fixes  #171  
						
						
					 
					
						2020-05-26 14:10:47 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							6469d2286e 
							
						 
					 
					
						
						
							
							Merge branch 'feature/zoom_options' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-05-25 15:52:41 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							9dec1cfce8 
							
						 
					 
					
						
						
							
							Merge branch 'chore/mastodon_system_deps' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-05-25 15:50:58 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							5fcb047505 
							
						 
					 
					
						
						
							
							Update Mastodon system dependencies  
						
						... 
						
						
						
						Needs new Ruby, and why not upgrade Yarn in the process. Running in
production. 
						
						
					 
					
						2020-05-25 17:49:22 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							f92b43e0f4 
							
						 
					 
					
						
						
							
							Configure Zoom meeting whitelist  
						
						... 
						
						
						
						So we only log contributions for actual Kosmos calls 
						
						
					 
					
						2020-05-25 16:57:09 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							1f0e2ccbdd 
							
						 
					 
					
						
						
							
							Move the binary URL to an attribute  
						
						
						
						
					 
					
						2020-05-21 11:51:06 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							51d4d88568 
							
						 
					 
					
						
						
							
							Initial kosmos_gitea cookbook  
						
						... 
						
						
						
						The default recipe deploys the gitea binary, generates a config file and
our custom Kosmos label set. The service runs as a Systemd unit.
The pg_db recipe needs to run on the primary PostgreSQL (currently
andromeda).
The backup recipe is empty for now
Refs #147  
						
						
					 
					
						2020-05-18 19:39:43 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							20cbc678bc 
							
						 
					 
					
						
						
							
							Add a method that returns the PostgreSQL service  
						
						
						
						
					 
					
						2020-05-18 19:38:37 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							82f1e9863b 
							
						 
					 
					
						
						
							
							Merge branch 'bugfix/160-cookbook_fixes' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-05-16 08:53:24 +00:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							d0daa9cee7 
							
						 
					 
					
						
						
							
							Add the encryption password for encfs to the data bag  
						
						
						
						
					 
					
						2020-05-15 18:46:24 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							d79cdf087b 
							
						 
					 
					
						
						
							
							Move the PGPASS environment variable to the execute resource  
						
						... 
						
						
						
						That way it does not appear in the list of running processes while the
command is running 
						
						
					 
					
						2020-05-15 18:45:12 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							31dc14e88c 
							
						 
					 
					
						
						
							
							Fix the firewall rules for PostgreSQL  
						
						... 
						
						
						
						I got the source and destination mixed up. 
						
						
					 
					
						2020-05-15 18:44:42 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							55b1cbc1d7 
							
						 
					 
					
						
						
							
							Encrypt the Postgresql data dir on the replica (centaurus)  
						
						... 
						
						
						
						encfs always runs a configuration assistant when creating a new
volume, so this needs to be done manually:
   systemctl stop postgresql@12-main
   mv /var/lib/postgresql /var/lib/postgresql.old
   encfs /var/lib/postgresql_encrypted /var/lib/postgresql --public
Pick p (paranoia mode) and enter the password from the data bag twice
   mv /var/lib/postgresql/* /var/lib/postgresql/
   systemctl start postgresql@12-main
This is running on centaurus and is mounted automatically on boot by a
system unit
Refs #129  
						
						
					 
					
						2020-05-15 18:41:31 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							4475af9204 
							
						 
					 
					
						
						
							
							Merge branch 'bugfix/enable_dirsrv' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-05-15 15:24:42 +00:00