Add a garage cookbook that installs the garage binary distribution and
creates the necessary configuration and system service.
Also deploy two new VMs to act as storage nodes.
refs #428
Tested/running on all cluster nodes. Due to changes in the upstream
package we were able to remove some complexity from the recipe. Deleting
code FTW!
closes#334
Changes botka on libera to connect to a bouncer, which also uses SASL,
in order to fix the connection issues and keep a stable connection with
minimal maintenance.
Usage: Add the kosmos_encfs::default recipe to the run list of a node.
Creating the encrypted directory will keep it mounted. After a reboot,
start the encfs service and enter the password:
```
$ systemctl start encfs
encfs password:
```
For now postgresql@12-main is a hardcoded dependency of the encfs
Systemd unit that is automatically started once the user inputs the
correct password. This list of dependency will need to be different for
every server, based on the services it is running
The default recipe deploys the gitea binary, generates a config file and
our custom Kosmos label set. The service runs as a Systemd unit.
The pg_db recipe needs to run on the primary PostgreSQL (currently
andromeda).
The backup recipe is empty for now
Refs #147
* Use a new read-only account instead of the admin LDAP account
* Disable the LDAPAuthorization plugin. The LDAPAuthentication2 plugin
is still used to authenticate users, but every kosmos.org user has
access to the wiki. See
https://www.mediawiki.org/wiki/Extension:PluggableAuth for the
distinction between authentication and authorization
Refs #127
It sets up 389 Directory Server, including a TLS cert acquired using
Let's Encrypt in production (that requires ldap.kosmos.org pointing to
the server's IP)