kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity
535 Commits 8 Branches 0 Tags
6f98d07942c126f16441c4f02f4ec9255ea88c75
Commit Graph

54 Commits

Author SHA1 Message Date
Greg Karékinian
6f98d07942 Add the quiet switch to the certbot command 
It sends some messages to stderr otherwise

```
  -q, --quiet           Silence all output except errors. Useful for
                        automation via cron. Implies --non-interactive.
                        (default: False)
```
 2019-06-19 11:10:13 +02:00
Greg Karékinian
d879eb88b1 Replace the certbot systemd unit with a cron job with notifications 
Uses cronic (https://habilis.net/cronic/) to filter out the stdout and
send a sensible email to ops@kosmos.org when renewal fails

Closes #3
 2019-06-18 18:26:14 +02:00
Greg Karékinian
4cc5f3e6d1 Remove the XMPP firewall rules for andromeda 
They are part of the kosmos-ejabberd cookbook now
 2019-05-14 17:10:33 +02:00
Greg Karékinian
ad23530653 Add the firewall rules for ejabberd 
Includes the missing 5223 port in the andromeda_firewall recipe too
 2019-05-13 17:08:21 +02:00
Sebastian Kippe
7c29957ed9 Fix and consolidate firewall rules 
Most of them are already defined in the appropriate recipe. And one can
be moved. (These are currently opened on every server for no reason.)
 2019-04-19 15:52:56 +01:00
Greg Karékinian
57d0885d26 Change the licenses of hte kosmos cookbooks to MIT 2019-04-12 11:41:20 +02:00
Greg Karékinian
12355a6b27 Add a base role, so that chef is updated before anything else 2019-04-08 17:58:02 +02:00
Greg Karékinian
4b75ae78dc Set the minimum Chef version since it depends on the new sudo resource 2019-04-08 12:31:47 +02:00
Greg Karékinian
6e3e8cde1b Create the Let's Encrypt hook subdirectories 2019-04-08 11:16:38 +02:00
Greg Karékinian
b1a3c5e2cd Revert "Revert "Remove the sudo cookbook"" 
This reverts commit 87d7c721b1.
 2019-04-03 12:52:40 +02:00
Greg Karékinian
2f05629fde Revert "Revert "Update Chef to 14.11.21"" 
This reverts commit db4b45b5c2.
 2019-04-03 12:52:32 +02:00
Greg Karékinian
87d7c721b1 Revert "Remove the sudo cookbook" 
This reverts commit 73d1722d4b.
 2019-04-03 10:30:38 +02:00
Greg Karékinian
db4b45b5c2 Revert "Update Chef to 14.11.21" 
This reverts commit 2f599ffd6d.
 2019-04-03 10:30:24 +02:00
Greg Karékinian
73d1722d4b Remove the sudo cookbook 
Chef 14 ships with a sudo resource:
https://docs.chef.io/resource_sudo.html
 2019-04-02 12:17:06 +02:00
Greg Karékinian
2f599ffd6d Update Chef to 14.11.21 
Closes #21
 2019-04-02 12:16:13 +02:00
Greg Karékinian
5fa0fa661b Install certbot from the direct download when on 15.04 
It does not have a ppa release. Add a cron job for renewal. When using
the PPA a Systemd timer is part of the package
 2019-03-18 16:52:05 +01:00
Greg Karékinian
b30dcab4da Remove an IPFS port from the ejabberd firewall 2019-03-15 12:30:56 +01:00
Greg Karékinian
c3135402ad Move the nginx hook to the deploy directory, create renewal-hooks dir 2019-03-14 20:21:34 +01:00
Greg Karékinian
f12ddefec8 Move the Gandi DNS hook for certbot to the kosmos-base cookbook 2019-03-14 18:01:29 +01:00
Greg Karékinian
65482f09c3 Extract the post hooks to their own script in Certbot's config dir 2019-03-14 15:21:50 +01:00
Greg Karékinian
fa27187f11 Switch from the git version of certbot to the Ubuntu PPA 2019-03-14 10:49:47 +01:00
Sebastian Kippe
0ea1971b6c Open up some more ports in firewall 
From some manual playing around.
 2019-02-28 17:19:06 +07:00
Greg Karékinian
56d14748f9 Fix the Let's Encrypt renew hook script 
Only copy over the certs to the prosody directory if it's the 5apps.com
wildcard, not for any 5apps.com subdomain
 2018-12-20 17:26:37 +01:00
Greg Karékinian
185649a5f9 Automatically generate a Let's Encrypt cert for all 5apps xmpp domains 
Uses the Gandi LiveDNS API
 2018-09-04 17:38:17 +02:00
Sebastian Kippe
214e69427e Open up port for Prosody HTTP uploads 2018-09-04 14:14:02 +08:00
Sebastian Kippe
db039a185a Update certbot 2018-06-13 18:52:13 +02:00
Greg Karékinian
7165bf49c6 Add missing recipe, used to set up andromeda's firewall rules 2018-06-07 12:33:38 +02:00
Greg Karékinian
b35c4bc097 Update Chef version 2018-04-17 16:08:15 +02:00
Greg Karékinian
bd71418ec2 Changes for the new sudo cookbook 2018-04-17 13:18:36 +02:00
Greg Karékinian
49664dbc8d The renew hook now needs to be an executable in the path 
An absolute path doesn't work anymore.

Also send an email containing STDERR when the renewal command fails
 2017-09-22 11:53:01 +02:00
Greg Karékinian
f93070c4c0 Replace timezone-ii cookbook with timezone_iii 
This fork supports Chef 13 and is still maintained
 2017-06-16 13:10:46 +02:00
Greg Karékinian
189b66a36f Update Chef to 12.20.3 2017-06-16 11:43:24 +02:00
Greg Karékinian
5534b57752 Add ntp package and don't run most kosmos-base things in development 2017-06-09 21:18:44 +02:00
Greg Karékinian
26097197ca Don't create users and rewrite the sudo config in dev environment 
It breaks the vagrant user
 2017-06-09 16:43:26 +02:00
Greg Karékinian
5385813eda Merge branch 'master' into feature/ubuntu-16.04 2017-06-09 16:36:19 +02:00
Greg Karékinian
afc07c3192 Add more secure sudo configuration 
Also update the sudo cookbook
 2017-06-09 16:08:36 +02:00
Greg Karékinian
943b4ace1f Replace omnibus_updater with chef_client_updater 
omnibus_updater is deprecated
 2017-05-02 11:53:33 +02:00
Greg Karékinian
030b2501eb Fix implicit dependency on firewall cookbook in kosmos-base 
Also delete ufw cookbook, we're not using it
 2017-05-02 11:46:56 +02:00
Sebastian Kippe
54332db8de Use ruby-build for Mastodon, update cookbooks 
This uses the ruby_build provider for Mastodon, installing Ruby 2.4.1
currently. It also updates some other cookbooks and the runlists.
 2017-04-17 11:40:31 +02:00
Greg Karékinian
de11c0d691 Set up an instance of Mastodon for Kosmos 
Refs #19

Use new application cookbook, update our cookbooks
 2017-04-06 21:20:51 +02:00
Greg Karékinian
14542f8419 Do not require the deprecated users::sysadmins recipe 
Write the 4 lines of code instead
 2017-03-20 13:17:32 +00:00
Greg Karékinian
4a63e806bc Remove dependency on chef-solo-search 
We are using chef-zero, we do not need it anymore
 2017-03-20 13:16:27 +00:00
Greg Karékinian
e57ee1590e Update Chef to 12.19.36 2017-03-20 13:16:11 +00:00
Greg Karékinian
9436284be2 Use the latest certbot instead of the old letsencrypt 2017-03-19 20:05:09 +00:00
Greg Karékinian
98ba42b157 Fix the frequency of the Let's Encrypt script (run every day) 2017-01-26 05:52:11 +00:00
Sebastian Kippe
b431e75e79 Use latest Chef 2017-01-20 10:32:32 +08:00
Greg Karékinian
ad4200e558 Restart nginx after renewing the Let's Encrypt cert 2016-10-06 13:57:20 +02:00
Greg Karékinian
096b4900bd Add missing Let's Encrypt recipe 
Also declare cron job to renew certs

Refs #6
 2016-05-06 17:02:41 +02:00
Greg Karékinian
da39a04552 Update Chef to 12.9.38 2016-04-22 14:35:14 +02:00
Greg Karékinian
255ff036c3 Update firewall_rule resource 
Updated cookbook
 2016-02-19 18:11:43 +01:00