4d24e6a7cc
Fix Tor repo key not working
...
For some reason it's not correct on the keyservers, so we import it
directly from the repo. Sketchy af.
2019-09-02 13:23:50 +02:00
c493602d1e
Move tor-full to site cookbooks
2019-09-02 12:23:50 +02:00
0d20cddbf5
Prep cookbooks for Tor hidden services for Mastodon
2019-08-31 15:37:50 +02:00
Greg Karékinian
dfa709c9df
Update nginx to 1.17.3, enable TLS 1.3
...
Uses the current intermediate recommended config from
https://ssl-config.mozilla.org
Closes #92
2019-08-30 11:57:38 +02:00
c50c68b50c
Configure hubot/wormhole deployment
...
Adding another node.js hubot app. Wormhole is our new IRC/XMPP bridge.
2019-07-30 09:09:19 +02:00
Greg Karékinian
0fa9e6cbb7
Set the uploads dir inside of /opt/ejabberd instead of /var/www
...
/var/www is intended for nginx/apache
I have copied over the old directories manually on Andromeda before
running this code
Fixes #80
2019-07-19 12:47:42 +02:00
Greg Karékinian
9c8befc179
Move attributes from the ipfs cookbook to kosmos-ipfs
...
The default attributes set in the ipfs cookbook do not include
attributes that are specific to Kosmos anymore
2019-07-05 15:38:30 +02:00
Greg Karékinian
cf4e567dcb
Get rid of the letsencrypt recipe
...
Its content has been moved to the public_gateway recipe
2019-07-04 10:24:33 +02:00
f4990a8066
Switch from IPFS cluster to kredits-ipfs-pinner
...
This removes the cluster configuration and adds deployment of Kredits
IPFS Pinner. It also switches hubot-kredits to use the normal API
endpoint again (instead of the cluster port).
Furthermore, it upgrades go-ipfs to the latest version.
2019-07-03 15:34:42 +02:00
f1d58f6172
Add IPFS gateway for document GETs
...
This adds a gateway endpoint for `http://ipfs.kosmos.org ` on port 443
with support for `/ipfs/$objectHash` in order to GET documents from the
local gateway API.
2019-07-01 15:14:06 +02:00
d3b07c59bf
Don't notify on minor wiki edits
...
New config available, which prevents chat notifications on minor edits.
2019-06-25 14:29:55 +02:00
fff5a044fe
Update/fix hubot URL, move variables to attributes
2019-06-25 14:29:11 +02:00
Greg Karékinian
3a693efcd6
Add email notifications for failed certbot runs
...
Based on https://wiki.archlinux.org/index.php/Systemd/Timers#MAILTO
This can easily be used by other services, with one line added to the
[Unit] section of a service:
OnFailure=status-email-ops@%n.service
Refs #3
2019-06-20 12:46:27 +02:00
Greg Karékinian
b01985ec4f
Fix the permissions for the ejabberd upload folders
2019-06-14 16:38:49 +02:00
Greg Karékinian
aa79297387
Remove unused data bags and cookbooks
2019-05-21 14:58:01 +02:00
Greg Karékinian
4cc5f3e6d1
Remove the XMPP firewall rules for andromeda
...
They are part of the kosmos-ejabberd cookbook now
2019-05-14 17:10:33 +02:00
Greg Karékinian
5106ba20fd
Add the version to the dpkg package to allow updates
2019-05-14 17:10:15 +02:00
Greg Karékinian
d398c167ca
Allow to pass extra attributes to backup PostgreSQL databases
2019-05-14 16:39:21 +02:00
Greg Karékinian
f81b7c82de
Backup the 5apps ejabberd database and uploads dir
2019-05-14 15:16:28 +02:00
Greg Karékinian
bd9491675f
Add the missing sql schema
2019-05-14 15:10:07 +02:00
Greg Karékinian
902a013dca
Restart the service when the systemd unit changes
2019-05-14 12:18:22 +02:00
Greg Karékinian
0be63e5935
Fix the config file when no TLS certs exist
2019-05-14 11:31:42 +02:00
Greg Karékinian
bd720b0189
Use the regular SQL schema (not the new one for all vhosts into one db)
2019-05-14 11:24:08 +02:00
Greg Karékinian
d9390a4b92
Don't use a concatenated cert for kosmos.org anymore
2019-05-13 18:53:45 +02:00
Greg Karékinian
5d1aeb7b68
Create a cert for 5apps.com and improve the renewal script
2019-05-13 18:52:39 +02:00
Greg Karékinian
88204ea91b
Update the config to the current one running on andromeda
2019-05-13 17:59:04 +02:00
Greg Karékinian
ad23530653
Add the firewall rules for ejabberd
...
Includes the missing 5223 port in the andromeda_firewall recipe too
2019-05-13 17:08:21 +02:00
Greg Karékinian
b44a226753
Fix the postgresql setup for the ejabberd cookbook
...
Create a ejabberd user with a password from an encrypted data bag
2019-05-10 11:43:52 +02:00
Greg Karékinian
3884f9922e
Merge branch 'master' into feature/7-ejabberd_rebased_2
2019-05-10 11:08:09 +02:00
3fbea864c1
Remove hubot-kredits from IRC hal8000
2019-05-10 07:08:29 +02:00
7afc2f5774
Remove old hubot admins from botka
2019-05-10 07:02:08 +02:00
b29a007533
Use different Redis database for new bot
2019-05-10 07:01:43 +02:00
4a480931a5
Fix bug in nginx config
...
Server name isn't recognized when adding a header
directive before like this.
2019-05-10 07:00:53 +02:00
9661980235
Change bot domain
2019-05-10 07:00:35 +02:00
f3f0d0deb2
Add nginx site for hal8000_xmpp
2019-05-09 23:44:28 +02:00
e8f325b41b
Refactor botka recipe
2019-05-09 23:44:28 +02:00
5f8b274cf9
Use MIT license
2019-05-09 23:44:28 +02:00
fe1821739c
Remove obsolete port opening
...
We have an nginx reverse proxy for botka instead.
2019-05-09 23:44:28 +02:00
584aab76a7
Add hal8000_xmpp recipe
...
Also, configure express ports in attributes, so they are both easy to
see at once, as well as override per node/env.
2019-05-09 23:44:18 +02:00
Greg Karékinian
90815bb274
Fix the postgresql credentials for the backup attributes
2019-05-08 16:58:47 +02:00
Greg Karékinian
7271065c5b
Add names to the execute resources
2019-05-08 16:58:31 +02:00
Greg Karékinian
81192f7277
Fix the backup config format to work with backup 5
2019-05-08 12:26:47 +02:00
89027f1f32
Fix maintenance page paths
2019-05-07 16:10:23 +02:00
99a677ec47
Configure maintenance error page for 503
2019-05-07 15:52:58 +02:00
1ee2b5ad41
Add maintenance page feature to Mastodon nginx site
2019-05-07 15:49:01 +02:00
36a50489d0
Add maintenance page to nginx default recipe
2019-05-07 15:46:00 +02:00
9811490aad
Add self-contained maintenance web page
...
This can be used for any of our services when doing planned maintenance
or migrations.
2019-05-07 15:11:26 +02:00
8f4e2ca77a
Merge branch 'feature/54-certbot_dev_env' of kosmos/chef into master
2019-05-03 11:31:47 +00:00
Greg Karékinian
37aa87df5e
Add a missing dependency on the zlib1g-dev for the backup gem
...
Fixes #56
2019-05-03 10:58:39 +02:00
Greg Karékinian
5bb34554a7
The nginx_certbot_site resource does nothing in the dev environment
...
No need to check for the environment in recipes that use the resource
Closes #54
2019-05-03 10:55:02 +02:00
