Commit Graph

374 Commits

Author SHA1 Message Date
basti 4d24e6a7cc Fix Tor repo key not working
For some reason it's not correct on the keyservers, so we import it
directly from the repo. Sketchy af.
2019-09-02 13:23:50 +02:00
basti c493602d1e Move tor-full to site cookbooks 2019-09-02 12:23:50 +02:00
basti 0d20cddbf5 Prep cookbooks for Tor hidden services for Mastodon 2019-08-31 15:37:50 +02:00
Greg Karékinian dfa709c9df Update nginx to 1.17.3, enable TLS 1.3
Uses the current intermediate recommended config from
https://ssl-config.mozilla.org

Closes #92
2019-08-30 11:57:38 +02:00
basti c50c68b50c Configure hubot/wormhole deployment
Adding another node.js hubot app. Wormhole is our new IRC/XMPP bridge.
2019-07-30 09:09:19 +02:00
Greg Karékinian 0fa9e6cbb7 Set the uploads dir inside of /opt/ejabberd instead of /var/www
/var/www is intended for nginx/apache

I have copied over the old directories manually on Andromeda before
running this code

Fixes #80
2019-07-19 12:47:42 +02:00
Greg Karékinian 9c8befc179 Move attributes from the ipfs cookbook to kosmos-ipfs
The default attributes set in the ipfs cookbook do not include
attributes that are specific to Kosmos anymore
2019-07-05 15:38:30 +02:00
Greg Karékinian cf4e567dcb Get rid of the letsencrypt recipe
Its content has been moved to the public_gateway recipe
2019-07-04 10:24:33 +02:00
basti f4990a8066 Switch from IPFS cluster to kredits-ipfs-pinner
This removes the cluster configuration and adds deployment of Kredits
IPFS Pinner. It also switches hubot-kredits to use the normal API
endpoint again (instead of the cluster port).

Furthermore, it upgrades go-ipfs to the latest version.
2019-07-03 15:34:42 +02:00
basti f1d58f6172 Add IPFS gateway for document GETs
This adds a gateway endpoint for `http://ipfs.kosmos.org` on port 443
with support for `/ipfs/$objectHash` in order to GET documents from the
local gateway API.
2019-07-01 15:14:06 +02:00
basti d3b07c59bf Don't notify on minor wiki edits
New config available, which prevents chat notifications on minor edits.
2019-06-25 14:29:55 +02:00
basti fff5a044fe Update/fix hubot URL, move variables to attributes 2019-06-25 14:29:11 +02:00
Greg Karékinian 3a693efcd6 Add email notifications for failed certbot runs
Based on https://wiki.archlinux.org/index.php/Systemd/Timers#MAILTO

This can easily be used by other services, with one line added to the
[Unit] section of a service:

OnFailure=status-email-ops@%n.service

Refs #3
2019-06-20 12:46:27 +02:00
Greg Karékinian b01985ec4f Fix the permissions for the ejabberd upload folders 2019-06-14 16:38:49 +02:00
Greg Karékinian aa79297387 Remove unused data bags and cookbooks 2019-05-21 14:58:01 +02:00
Greg Karékinian 4cc5f3e6d1 Remove the XMPP firewall rules for andromeda
They are part of the kosmos-ejabberd cookbook now
2019-05-14 17:10:33 +02:00
Greg Karékinian 5106ba20fd Add the version to the dpkg package to allow updates 2019-05-14 17:10:15 +02:00
Greg Karékinian d398c167ca Allow to pass extra attributes to backup PostgreSQL databases 2019-05-14 16:39:21 +02:00
Greg Karékinian f81b7c82de Backup the 5apps ejabberd database and uploads dir 2019-05-14 15:16:28 +02:00
Greg Karékinian bd9491675f Add the missing sql schema 2019-05-14 15:10:07 +02:00
Greg Karékinian 902a013dca Restart the service when the systemd unit changes 2019-05-14 12:18:22 +02:00
Greg Karékinian 0be63e5935 Fix the config file when no TLS certs exist 2019-05-14 11:31:42 +02:00
Greg Karékinian bd720b0189 Use the regular SQL schema (not the new one for all vhosts into one db) 2019-05-14 11:24:08 +02:00
Greg Karékinian d9390a4b92 Don't use a concatenated cert for kosmos.org anymore 2019-05-13 18:53:45 +02:00
Greg Karékinian 5d1aeb7b68 Create a cert for 5apps.com and improve the renewal script 2019-05-13 18:52:39 +02:00
Greg Karékinian 88204ea91b Update the config to the current one running on andromeda 2019-05-13 17:59:04 +02:00
Greg Karékinian ad23530653 Add the firewall rules for ejabberd
Includes the missing 5223 port in the andromeda_firewall recipe too
2019-05-13 17:08:21 +02:00
Greg Karékinian b44a226753 Fix the postgresql setup for the ejabberd cookbook
Create a ejabberd user with a password from an encrypted data bag
2019-05-10 11:43:52 +02:00
Greg Karékinian 3884f9922e Merge branch 'master' into feature/7-ejabberd_rebased_2 2019-05-10 11:08:09 +02:00
basti 3fbea864c1 Remove hubot-kredits from IRC hal8000 2019-05-10 07:08:29 +02:00
basti 7afc2f5774 Remove old hubot admins from botka 2019-05-10 07:02:08 +02:00
basti b29a007533 Use different Redis database for new bot 2019-05-10 07:01:43 +02:00
basti 4a480931a5 Fix bug in nginx config
Server name isn't recognized when adding a header
directive before like this.
2019-05-10 07:00:53 +02:00
basti 9661980235 Change bot domain 2019-05-10 07:00:35 +02:00
basti f3f0d0deb2 Add nginx site for hal8000_xmpp 2019-05-09 23:44:28 +02:00
basti e8f325b41b Refactor botka recipe 2019-05-09 23:44:28 +02:00
basti 5f8b274cf9 Use MIT license 2019-05-09 23:44:28 +02:00
basti fe1821739c Remove obsolete port opening
We have an nginx reverse proxy for botka instead.
2019-05-09 23:44:28 +02:00
basti 584aab76a7 Add hal8000_xmpp recipe
Also, configure express ports in attributes, so they are both easy to
see at once, as well as override per node/env.
2019-05-09 23:44:18 +02:00
Greg Karékinian 90815bb274 Fix the postgresql credentials for the backup attributes 2019-05-08 16:58:47 +02:00
Greg Karékinian 7271065c5b Add names to the execute resources 2019-05-08 16:58:31 +02:00
Greg Karékinian 81192f7277 Fix the backup config format to work with backup 5 2019-05-08 12:26:47 +02:00
basti 89027f1f32 Fix maintenance page paths 2019-05-07 16:10:23 +02:00
basti 99a677ec47 Configure maintenance error page for 503 2019-05-07 15:52:58 +02:00
basti 1ee2b5ad41 Add maintenance page feature to Mastodon nginx site 2019-05-07 15:49:01 +02:00
basti 36a50489d0 Add maintenance page to nginx default recipe 2019-05-07 15:46:00 +02:00
basti 9811490aad Add self-contained maintenance web page
This can be used for any of our services when doing planned maintenance
or migrations.
2019-05-07 15:11:26 +02:00
raucao 8f4e2ca77a Merge branch 'feature/54-certbot_dev_env' of kosmos/chef into master 2019-05-03 11:31:47 +00:00
Greg Karékinian 37aa87df5e Add a missing dependency on the zlib1g-dev for the backup gem
Fixes #56
2019-05-03 10:58:39 +02:00
Greg Karékinian 5bb34554a7 The nginx_certbot_site resource does nothing in the dev environment
No need to check for the environment in recipes that use the resource

Closes #54
2019-05-03 10:55:02 +02:00