Greg Karékinian
49d01991fd
Enable LDAP on the XMPP 5apps.com vhost
...
Refactor the ejabberd config file to remove hardcoded values about the
vhosts
Refs #123
2020-02-12 17:40:38 +01:00
Greg Karékinian
e56faab5b1
Set the ACIs on the base DN
...
Allow users to change their own password, but nothing else (no search,
no read, no write)
This will only run when setting up the 389-dirsrv instance for the first
time, this has been applied on barnard by editing the dn (see
#128 (comment) )
Closes #128
2020-02-12 16:13:45 +01:00
Greg Karékinian
2a66ff6146
Enable the Cite extension in the MediaWiki config
...
This is used to create references as footnotes.
See https://www.mediawiki.org/wiki/Extension:Cite
Closes #124
2020-01-29 14:30:39 +01:00
Greg Karékinian
a06ea47e58
Update the LDAPProvider extension
2020-01-28 13:54:57 +01:00
Greg Karékinian
a69192a863
Enable LDAP support on mediawiki
...
Users can log in using their LDAP account (in the
ou=users,dc=kosmos,dc=org group and with the wiki attribute set to
enabled)
Add an attribute for the ldap master server, so it can be overridden in
the development environment
Refs #107
2020-01-24 13:45:17 +01:00
gregkare
7fd558215d
Merge branch 'feature/107-ldap_server' of kosmos/chef into master
2019-12-23 17:50:19 +00:00
Greg Karékinian
9828b867ba
Disable anonymous binds
...
See https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/configuring-special-binds.html#disabling-anonymous-binds
2019-12-20 16:46:03 +01:00
11c7019bfa
Fix thumbnails not working for larger SVGs
...
See linked docs in code comments
2019-12-13 13:46:57 +01:00
2358ed00db
Fix wiki permissions
2019-12-13 13:41:48 +01:00
cbfb760787
Increase wiki file upload size limit
2019-12-13 13:41:48 +01:00
2158e1d4bf
Allow SVG file uploads
2019-12-13 13:41:48 +01:00
Greg Karékinian
1240ed9da8
Move the dirsrv cert generation to a certbot deploy hook
2019-12-05 15:47:10 +01:00
Greg Karékinian
0d192f536f
Add the empty nginx vhost template
2019-12-05 15:05:37 +01:00
Greg Karékinian
0dbf350540
Restart the server after importing the TLS cert
2019-12-04 17:40:27 +01:00
Greg Karékinian
4e7d453942
Move the firewall and backup recipes outside of the custom resource
...
See the comment for more details
2019-12-04 17:33:41 +01:00
Greg Karékinian
e24cd01287
Add an empty template because the nginx_certbot_site resource needs one
2019-12-04 17:33:13 +01:00
Greg Karékinian
632cb38aab
Pass an empty passphrase on the command line for the p12 cert
2019-12-04 17:32:40 +01:00
Greg Karékinian
9d9493af0d
Add a missing dependency on the kosmos-nginx cookbook
2019-12-04 17:32:03 +01:00
Greg Karékinian
9e4f12b1b1
Merge branch 'master' into feature/107-ldap_server
2019-12-04 15:52:08 +01:00
gregkare
aecdaabbcc
Merge branch 'chore/enable_wiki_editor_toolbar' of kosmos/chef into master
2019-11-29 16:38:08 +00:00
Greg Karékinian
dc91128eca
Use a custom resource to create a 389 Directory Server instance
...
This replaces the default recipe and will make it much easier to create
other types of instances, for example for replication
2019-11-29 14:34:52 +01:00
678286d758
Enable wiki editor toolbar
...
Enables the formatting toolbar for the wiki editor.
2019-11-26 22:04:49 +01:00
gregkare
056a3eb0d6
Merge branch 'bugfix/letsencrypt_regenerate_template' of kosmos/chef into master
2019-11-22 16:19:52 +00:00
Greg Karékinian
db4e2777d4
Fix a bug preventing nginx from being reloaded after generating a cert
...
Change the notifies property to :immediately in nginx_certbot_site. This
way the vhost template is recreated and then triggers a reload of the
nginx service. The previous code resulted in nginx not being reloaded,
as the action had already been queued earlier.
2019-11-22 14:37:29 +01:00
Greg Karékinian
9e4685a743
Initial version of the kosmos-dirsrv cookbook
...
It sets up 389 Directory Server, including a TLS cert acquired using
Let's Encrypt in production (that requires ldap.kosmos.org pointing to
the server's IP)
2019-11-15 15:41:30 +01:00
bd3ef8b635
Remove tweet reading from XMPP Hubot
...
Because of the wormhole feature between XMPP and IRC, any links to
tweets will be read by the hal8000 bots on both platforms.
This change removes the Tweet reading extension from the XMPP version of
the bot.
2019-11-15 14:43:56 +01:00
90aebe54de
Revert "Remove tweet reading from IRC Hubot"
...
This reverts commit d5fc7ad105f45ea2b8eb2033564e4474abfc77a9.
2019-11-15 14:37:19 +01:00
d5fc7ad105
Remove tweet reading from IRC Hubot
...
Because of the wormhole feature between XMPP and IRC, any links to
tweets will be read by the hal8000 bots on both platforms.
This change removes the Tweet reading extension from the IRC version of
the bot.
2019-11-14 19:00:04 +01:00
Greg Karékinian
0b579b1fea
Remove the redirection from HTTP to HTTPS from the mastodon vhost
...
This is already done in the certbot vhost
(https://gitea.kosmos.org/kosmos/chef/src/branch/master/site-cookbooks/kosmos-nginx/templates/default/nginx_conf_certbot.erb )
and it redirects every request to HTTPS, breaking Let's Encrypt
validation
Fixes #110
2019-10-28 11:18:31 +01:00
Greg Karékinian
2c20fa4a2f
Fix the nginx vhost for akkounts-api
...
Listening on port 80 when there is no TLS cert prevented Let's Encrypt
to generate a cert
2019-10-18 13:26:04 +02:00
f8af66a532
Add/fix akkounts credentials
2019-10-18 13:10:43 +02:00
Greg Karékinian
2104e81250
Add the kosmos-akkounts::nginx recipe to kosmos-akkounts::default
2019-10-18 12:30:26 +02:00
Greg Karékinian
6bb93eb5f5
Fix the path to index.js
2019-10-18 12:27:33 +02:00
Greg Karékinian
c5eeab3606
Remove typescript and the compilation step
...
The app is now compiled during the release phase:
https://github.com/67P/akkounts-api/pull/6
2019-10-18 12:24:47 +02:00
Greg Karékinian
185982ff9f
Add the initial kosmos-akkounts cookbook to deploy akkounts-api
...
Includes a recipe to set up nginx as a reverse proxy with a TLS
certificate for api.accounts.kosmos.org
Closes #18
Closes #20
2019-10-17 14:56:48 +02:00
c7d91f68f9
Fix Mastodon Web systemd service
...
Removes a legacy property from the config, which made the service fail
to start after having upgraded systemd on Andromeda.
2019-10-16 08:29:34 +02:00
76c8120058
Set up XMPP/IRC integration for Sockethub rooms
2019-10-13 21:32:12 +02:00
66782f1f05
Update installed Ruby version for Mastodon 3.x
2019-10-13 20:16:54 +02:00
Greg Karékinian
2c2ae596ed
Don't update chef using the chef_client_updater cookbook
...
It only makes sense when using Chef Server, which we don't
2019-10-08 18:17:34 +02:00
Greg Karékinian
34d69dbca1
Add missing application_javascript dependency
2019-09-27 11:07:15 +02:00
Greg Karékinian
3be9b2fb44
Update yarn to the latest version
2019-09-27 10:57:58 +02:00
Greg Karékinian
438c5ff72d
Fix the services restarting every time the recipe is executed
...
* Manually send a restart action from the application_git resource
* Do not depend on application_ruby anymore
2019-09-27 10:57:35 +02:00
Greg Karékinian
4b39ea60dd
Set the NODE_ENV variable when running yarn
...
The assets precompilation task runs yarn with NODE_ENV=production,
before this change yarn would install a different set of packages, with
this change the run from the assets precompilation is idempotent
2019-09-27 10:55:32 +02:00
Greg Karékinian
b1cfa6f6f7
Install Java for Elasticsearch
...
It was missing from the recipe
2019-09-27 10:51:26 +02:00
Greg Karékinian
dace5672e4
Move the java heap size to an attribute
2019-09-27 10:50:56 +02:00
Greg Karékinian
9d68d3c4da
Link to the new ops Mastodon account
2019-09-19 16:02:41 +02:00
Greg Karékinian
cd9a7dd3dc
Use the new kosmos.chat MUC domain on the maintenance page
2019-09-19 16:00:01 +02:00
Greg Karékinian
f49dd5e6d4
Switch the MUC host for kosmos.org to kosmos.chat
2019-09-19 15:58:53 +02:00
Greg Karékinian
544f4b78f4
Change the MUC domain for the kosmos.org XMPP server to kosmos.chat
2019-09-19 15:57:54 +02:00
Greg Karékinian
4685b16573
Add kosmos.chat to the list of Kosmos XMPP domains with a TLS cert
2019-09-19 15:56:49 +02:00
