kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 26 Pull Requests 2 Projects 2 Activity
1,029 Commits 6 Branches 0 Tags
Commit Graph

653 Commits

Author SHA1 Message Date
Sebastian Kippe
0005f9ab7d
Add golang cookbook 
Needs updating of ark and git cookbooks
 2020-08-23 11:01:05 +02:00
Sebastian Kippe
217ab471ce
Moving bitcoin-core to VM 2020-08-22 23:16:11 +02:00
Sebastian Kippe
5c105f00d1
Use MIT license for bitcoin cookbook 2020-08-19 15:29:18 +02:00
Sebastian Kippe
c98be94404
Add rpcpassword support to bitcoin snap recipe 2020-08-18 14:44:23 +02:00
Sebastian Kippe
97ae73c987
Improve variable name 2020-08-18 14:38:16 +02:00
Sebastian Kippe
23588760fa
Add walletdir flag to bitcoind service start 2020-08-17 21:43:56 +02:00
Sebastian Kippe
b0daa3d463
Only store wallet in encrypted dir 
Storing all chain data in encfs caused unsolvable issues with leveldb.
So now we're only storing wallet data in the encrypted dir.
 2020-08-17 16:46:59 +02:00
Sebastian Kippe
d65363f964
Remove obsolete ulimit dep 2020-08-17 10:51:54 +02:00
Sebastian Kippe
9795e77fde
Bitcoin source recipe 2020-08-17 10:45:15 +02:00
Sebastian Kippe
4606773440
Update license note 2020-08-16 16:25:14 +02:00
Sebastian Kippe
bbbd0f7408
Change default username 2020-08-16 16:25:06 +02:00
Sebastian Kippe
476316e13b
Always use latest/stable channel for bitcoind snap 2020-08-16 16:20:43 +02:00
Sebastian Kippe
4889f40c6a
WIP 2020-08-16 16:18:01 +02:00
Sebastian Kippe
c8122a44f1
Add systemd service 
Plus some refactoring
 2020-08-16 16:14:18 +02:00
Sebastian Kippe
4a6a02c137
Use 0.19 stable channel 
Instead of relying on the default channel
 2020-08-16 16:14:18 +02:00
Greg Karékinian
e31f480f27
Fix the attribute name 2020-08-16 16:14:18 +02:00
Greg Karékinian
aedf7bcb62
Create the snap mount directory in the user's home 2020-08-16 16:14:18 +02:00
Greg Karékinian
069246cf41
Create the bitcoind user and its home directory 2020-08-16 16:14:18 +02:00
Greg Karékinian
1b9a4aad17
Work around a bug in Chef's snap_package resource 
https://github.com/chef/chef/issues/8827

`snap install` returns 0 when a package is already installed, so no need
for a guard clause
 2020-08-16 16:14:17 +02:00
Sebastian Kippe
09527e693b
WIP bitcoind config 2020-08-16 16:14:15 +02:00
Sebastian Kippe
47105b2a1c
Initial version of bitcoin cookbook 2020-08-16 16:13:39 +02:00
Sebastian Kippe
9a28a03265
Increase size limit for Gitea uploads/attachments 
The default limit in nginx is only 1MB. This increases it to 20MB.

fixes #188
 2020-08-05 15:53:13 +02:00
Sebastian Kippe
af0717a65b
Fix comet icon on maintenance page 
The data URI declares an SVG source, but this was actually a PNG. Hence
the failure in Chrome. This change turns it into an actual inline SVG
and uses UTF8 encoding instead of base64, because SVG is just text anyway.

fixes #61
 2020-08-02 21:00:10 +02:00
Greg Karékinian
41fd1576ad Override the header template to remove the Roboto font 
Using the system font instead
 2020-07-30 12:33:09 +02:00
Greg Karékinian
924f67d8a8 Update Gitea to 1.12.3 
Closes #189
 2020-07-30 12:16:31 +02:00
Greg Karékinian
5e5bbe07dc Restart gitea after upgrading it 2020-07-30 12:16:04 +02:00
Greg Karékinian
44b49ddd57 Upgrade nginx to the latest mainline version 2020-07-30 11:58:52 +02:00
Greg Karékinian
d2126f6153 Use the right variable for the TLS cert's domain 
`domain` was undefined. `new_resource.hostname` is ldap.kosmos.org and
is what we need

Fixes #193
 2020-07-22 15:59:27 +02:00
Greg Karékinian
4583421597 Connect to the PostgreSQL primary server instead of localhost 
Move the db and user creation to its own recipe

Refs #186
 2020-06-26 15:22:14 +02:00
Greg Karékinian
004a6913b4 Remove dependency to an old PostgreSQL in the Systemd unit 
Refs #186
 2020-06-26 15:22:05 +02:00
Greg Karékinian
84cf008bac Install vim 2020-06-19 17:30:02 +02:00
Greg Karékinian
b4357df471 Enable unattended-upgrades (security and updates repositories) 
... with email notifications on failure and logging with syslog
 2020-06-19 17:30:02 +02:00
greg
1b84009958 Merge pull request 'Add PostgreSQL primary support to the kosmos-ejabberd cookbook' (#181) from feature/180-ejabberd_pg_primary into master 2020-06-19 14:46:52 +00:00
Greg Karékinian
5e483240c3 Set the Gitea root URL to HTTPS 
It fixes U2F security keys support, that was broken because the protocol
did not match

Fixes #182
 2020-06-12 17:22:34 +02:00
Greg Karékinian
ee9c241a4d Add a postgresql_client role 
The role is empty but is used to explicitly define servers that have
access rights to all PostgreSQL databases and users
 2020-06-12 16:54:58 +02:00
Greg Karékinian
6f696d7634 Define access rules in the PostgreSQL primary recipe 
Access is done for the IP of a server for all users and all databases
for ejabberd and gitea
 2020-06-11 18:20:04 +02:00
Greg Karékinian
26097a7584 Use the correct database name for the access rights 2020-06-11 09:00:50 +02:00
Greg Karékinian
2c21d6255b Add PostgreSQL primary support to the kosmos-ejabberd cookbook 
* Move the PostgreSQL user and database creation to a pg_db recipe
* Generate access rights for the ejabberd servers in the pg_db recipe
* Connect to the PostgreSQL primary instead of localhost

Refs #180
 2020-06-10 18:38:40 +02:00
Greg Karékinian
091a46e972 Do not pass the pgsql_password variable to ejabberd.yml 
The password is only used in the config files for the vhosts
 2020-06-10 18:37:36 +02:00
Greg Karékinian
a0db6adaf2 Pass the data_directory to the postgresql_server_conf resource 
Previously we were passing it as an additional config, but it is set by
default. The last value was used, the custom one, so the server still
used the correct file
 2020-06-10 14:41:07 +02:00
Greg Karékinian
e3e726097f Do not enable the postgresql@12-main service 
We want it to run only once the encrypted data directory has been
mounted
 2020-06-10 14:41:07 +02:00
Greg Karékinian
dba6629869 Use the attribute from the encfs recipe for the data directory 2020-06-10 14:41:03 +02:00
raucao
d88d3b07a5 Merge pull request 'Encrypt PostgreSQL data directory' (#166) from feature/pg_encfs into master 2020-06-08 15:02:58 +00:00
Sebastian Kippe
b662c04183
Finish initial encfs cookbook and postgres adaptations 2020-06-08 17:01:24 +02:00
Sebastian Kippe
379161eb1e
Fix postgres installation 
Also, do not start at boot anymore, in favor of path-based activation.
 2020-06-07 12:47:06 +02:00
Sebastian Kippe
353f2c13f1
Improve encfs cookbook 
Fix some things, and prepare for path-based activation. Also, comment
the buggy initial dir creation and explain manual provisioning in README
for now.
 2020-06-07 12:45:33 +02:00
Sebastian Kippe
8918452fc5
Use latest postgresql fork 2020-06-07 12:40:39 +02:00
Sebastian Kippe
4fe0e913f8
Use our own fork of the postgresql cookbook 2020-06-07 12:29:34 +02:00
Sebastian Kippe
bd99b76287
Use human-readable flag for encfs mount script 
In case someone wants to see what it does without reading a manual in
the future.
 2020-06-06 12:24:08 +02:00
Greg Karékinian
1e60722ec4 Create an initial encfs cookbook 
Usage: Add the kosmos_encfs::default recipe to the run list of a node.
Creating the encrypted directory will keep it mounted. After a reboot,
start the encfs service and enter the password:

```
$ systemctl start encfs
encfs password:
```

For now postgresql@12-main is a hardcoded dependency of the encfs
Systemd unit that is automatically started once the user inputs the
correct password. This list of dependency will need to be different for
every server, based on the services it is running
 2020-06-04 19:50:20 +02:00