09527e693b
WIP bitcoind config
2020-08-16 16:14:15 +02:00
47105b2a1c
Initial version of bitcoin cookbook
2020-08-16 16:13:39 +02:00
9a28a03265
Increase size limit for Gitea uploads/attachments
...
The default limit in nginx is only 1MB. This increases it to 20MB.
fixes #188
2020-08-05 15:53:13 +02:00
af0717a65b
Fix comet icon on maintenance page
...
The data URI declares an SVG source, but this was actually a PNG. Hence
the failure in Chrome. This change turns it into an actual inline SVG
and uses UTF8 encoding instead of base64, because SVG is just text anyway.
fixes #61
2020-08-02 21:00:10 +02:00
Greg Karékinian
41fd1576ad
Override the header template to remove the Roboto font
...
Using the system font instead
2020-07-30 12:33:09 +02:00
Greg Karékinian
924f67d8a8
Update Gitea to 1.12.3
...
Closes #189
2020-07-30 12:16:31 +02:00
Greg Karékinian
5e5bbe07dc
Restart gitea after upgrading it
2020-07-30 12:16:04 +02:00
Greg Karékinian
44b49ddd57
Upgrade nginx to the latest mainline version
2020-07-30 11:58:52 +02:00
Greg Karékinian
d2126f6153
Use the right variable for the TLS cert's domain
...
`domain` was undefined. `new_resource.hostname` is ldap.kosmos.org and
is what we need
Fixes #193
2020-07-22 15:59:27 +02:00
Greg Karékinian
4583421597
Connect to the PostgreSQL primary server instead of localhost
...
Move the db and user creation to its own recipe
Refs #186
2020-06-26 15:22:14 +02:00
Greg Karékinian
004a6913b4
Remove dependency to an old PostgreSQL in the Systemd unit
...
Refs #186
2020-06-26 15:22:05 +02:00
Greg Karékinian
84cf008bac
Install vim
2020-06-19 17:30:02 +02:00
Greg Karékinian
b4357df471
Enable unattended-upgrades (security and updates repositories)
...
... with email notifications on failure and logging with syslog
2020-06-19 17:30:02 +02:00
1b84009958
Merge pull request 'Add PostgreSQL primary support to the kosmos-ejabberd cookbook' ( #181 ) from feature/180-ejabberd_pg_primary into master
2020-06-19 14:46:52 +00:00
Greg Karékinian
5e483240c3
Set the Gitea root URL to HTTPS
...
It fixes U2F security keys support, that was broken because the protocol
did not match
Fixes #182
2020-06-12 17:22:34 +02:00
Greg Karékinian
ee9c241a4d
Add a postgresql_client role
...
The role is empty but is used to explicitly define servers that have
access rights to all PostgreSQL databases and users
2020-06-12 16:54:58 +02:00
Greg Karékinian
6f696d7634
Define access rules in the PostgreSQL primary recipe
...
Access is done for the IP of a server for all users and all databases
for ejabberd and gitea
2020-06-11 18:20:04 +02:00
Greg Karékinian
26097a7584
Use the correct database name for the access rights
2020-06-11 09:00:50 +02:00
Greg Karékinian
2c21d6255b
Add PostgreSQL primary support to the kosmos-ejabberd cookbook
...
* Move the PostgreSQL user and database creation to a pg_db recipe
* Generate access rights for the ejabberd servers in the pg_db recipe
* Connect to the PostgreSQL primary instead of localhost
Refs #180
2020-06-10 18:38:40 +02:00
Greg Karékinian
091a46e972
Do not pass the pgsql_password variable to ejabberd.yml
...
The password is only used in the config files for the vhosts
2020-06-10 18:37:36 +02:00
Greg Karékinian
a0db6adaf2
Pass the data_directory to the postgresql_server_conf resource
...
Previously we were passing it as an additional config, but it is set by
default. The last value was used, the custom one, so the server still
used the correct file
2020-06-10 14:41:07 +02:00
Greg Karékinian
e3e726097f
Do not enable the postgresql@12-main service
...
We want it to run only once the encrypted data directory has been
mounted
2020-06-10 14:41:07 +02:00
Greg Karékinian
dba6629869
Use the attribute from the encfs recipe for the data directory
2020-06-10 14:41:03 +02:00
d88d3b07a5
Merge pull request 'Encrypt PostgreSQL data directory' ( #166 ) from feature/pg_encfs into master
2020-06-08 15:02:58 +00:00
b662c04183
Finish initial encfs cookbook and postgres adaptations
2020-06-08 17:01:24 +02:00
379161eb1e
Fix postgres installation
...
Also, do not start at boot anymore, in favor of path-based activation.
2020-06-07 12:47:06 +02:00
353f2c13f1
Improve encfs cookbook
...
Fix some things, and prepare for path-based activation. Also, comment
the buggy initial dir creation and explain manual provisioning in README
for now.
2020-06-07 12:45:33 +02:00
8918452fc5
Use latest postgresql fork
2020-06-07 12:40:39 +02:00
4fe0e913f8
Use our own fork of the postgresql cookbook
2020-06-07 12:29:34 +02:00
bd99b76287
Use human-readable flag for encfs mount script
...
In case someone wants to see what it does without reading a manual in
the future.
2020-06-06 12:24:08 +02:00
Greg Karékinian
1e60722ec4
Create an initial encfs cookbook
...
Usage: Add the kosmos_encfs::default recipe to the run list of a node.
Creating the encrypted directory will keep it mounted. After a reboot,
start the encfs service and enter the password:
```
$ systemctl start encfs
encfs password:
```
For now postgresql@12-main is a hardcoded dependency of the encfs
Systemd unit that is automatically started once the user inputs the
correct password. This list of dependency will need to be different for
every server, based on the services it is running
2020-06-04 19:50:20 +02:00
Greg Karékinian
eded62a3ec
Merge branch 'master' into feature/pg_encfs
2020-06-04 15:13:53 +02:00
Greg Karékinian
759fa52e03
Enable the certbot resource
2020-06-02 16:19:05 +02:00
Greg Karékinian
0f10723c81
Enable secure cookies
2020-06-02 16:18:48 +02:00
Greg Karékinian
55865c526c
Add the Let's Encrypt hook dir to the config
...
Only enabled when there is no TLS cert. This is already part of the
certbot nginx vhost
2020-06-02 16:17:34 +02:00
Greg Karékinian
0c502580c2
Fix the condition for the Let's Encrypt cert in the template
...
The line contained an extra !
2020-06-02 16:16:30 +02:00
Greg Karékinian
c8e50fd226
Install git, it is a required dependency for Gitea
...
I didn't catch it because git is installed by default in the Vagrant box
I used to write the cookbook
2020-06-02 11:41:19 +02:00
Greg Karékinian
94330f2052
Comment out the COOKIE_SECURE config for now
...
We will enable it again after we have a valid TLS cert generated with
Let's Encrypt. It prevents logins using http, and we will need that as
an admin account
2020-05-28 18:43:31 +02:00
Greg Karékinian
baaae695af
Merge branch 'master' into feature/147-gitea_cookbook
2020-05-28 15:44:44 +02:00
Greg Karékinian
baa0739936
Add the backup recipe
...
Also move the Gitea data dir to an attribute
2020-05-26 15:21:26 +02:00
Greg Karékinian
3332a1b2e8
Write initial README
2020-05-26 15:21:07 +02:00
Greg Karékinian
210c76c479
Fix the name of the Let's Encrypt cert execute resource
...
The resource in the notification was invalid, missing the type of
resource (execute)
Fixes #171
2020-05-26 14:10:47 +02:00
6469d2286e
Merge branch 'feature/zoom_options' of kosmos/chef into master
2020-05-25 15:52:41 +00:00
5fcb047505
Update Mastodon system dependencies
...
Needs new Ruby, and why not upgrade Yarn in the process. Running in
production.
2020-05-25 17:49:22 +02:00
f92b43e0f4
Configure Zoom meeting whitelist
...
So we only log contributions for actual Kosmos calls
2020-05-25 16:57:09 +02:00
Greg Karékinian
1f0e2ccbdd
Move the binary URL to an attribute
2020-05-21 11:51:06 +02:00
Greg Karékinian
51d4d88568
Initial kosmos_gitea cookbook
...
The default recipe deploys the gitea binary, generates a config file and
our custom Kosmos label set. The service runs as a Systemd unit.
The pg_db recipe needs to run on the primary PostgreSQL (currently
andromeda).
The backup recipe is empty for now
Refs #147
2020-05-18 19:39:43 +02:00
Greg Karékinian
20cbc678bc
Add a method that returns the PostgreSQL service
2020-05-18 19:38:37 +02:00
Greg Karékinian
d79cdf087b
Move the PGPASS environment variable to the execute resource
...
That way it does not appear in the list of running processes while the
command is running
2020-05-15 18:45:12 +02:00
Greg Karékinian
31dc14e88c
Fix the firewall rules for PostgreSQL
...
I got the source and destination mixed up.
2020-05-15 18:44:42 +02:00
