Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							759fa52e03 
							
						 
					 
					
						
						
							
							Enable the certbot resource  
						
						
						
						
					 
					
						2020-06-02 16:19:05 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							0f10723c81 
							
						 
					 
					
						
						
							
							Enable secure cookies  
						
						
						
						
					 
					
						2020-06-02 16:18:48 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							55865c526c 
							
						 
					 
					
						
						
							
							Add the Let's Encrypt hook dir to the config  
						
						... 
						
						
						
						Only enabled when there is no TLS cert. This is already part of the
certbot nginx vhost 
						
						
					 
					
						2020-06-02 16:17:34 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							0c502580c2 
							
						 
					 
					
						
						
							
							Fix the condition for the Let's Encrypt cert in the template  
						
						... 
						
						
						
						The line contained an extra ! 
						
						
					 
					
						2020-06-02 16:16:30 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							c8e50fd226 
							
						 
					 
					
						
						
							
							Install git, it is a required dependency for Gitea  
						
						... 
						
						
						
						I didn't catch it because git is installed by default in the Vagrant box
I used to write the cookbook 
						
						
					 
					
						2020-06-02 11:41:19 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							94330f2052 
							
						 
					 
					
						
						
							
							Comment out the COOKIE_SECURE config for now  
						
						... 
						
						
						
						We will enable it again after we have a valid TLS cert generated with
Let's Encrypt. It prevents logins using http, and we will need that as
an admin account 
						
						
					 
					
						2020-05-28 18:43:31 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							baaae695af 
							
						 
					 
					
						
						
							
							Merge branch 'master' into feature/147-gitea_cookbook  
						
						
						
						
					 
					
						2020-05-28 15:44:44 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							baa0739936 
							
						 
					 
					
						
						
							
							Add the backup recipe  
						
						... 
						
						
						
						Also move the Gitea data dir to an attribute 
						
						
					 
					
						2020-05-26 15:21:26 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							3332a1b2e8 
							
						 
					 
					
						
						
							
							Write initial README  
						
						
						
						
					 
					
						2020-05-26 15:21:07 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							210c76c479 
							
						 
					 
					
						
						
							
							Fix the name of the Let's Encrypt cert execute resource  
						
						... 
						
						
						
						The resource in the notification was invalid, missing the type of
resource (execute)
Fixes  #171  
						
						
					 
					
						2020-05-26 14:10:47 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							6469d2286e 
							
						 
					 
					
						
						
							
							Merge branch 'feature/zoom_options' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-05-25 15:52:41 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							5fcb047505 
							
						 
					 
					
						
						
							
							Update Mastodon system dependencies  
						
						... 
						
						
						
						Needs new Ruby, and why not upgrade Yarn in the process. Running in
production. 
						
						
					 
					
						2020-05-25 17:49:22 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							f92b43e0f4 
							
						 
					 
					
						
						
							
							Configure Zoom meeting whitelist  
						
						... 
						
						
						
						So we only log contributions for actual Kosmos calls 
						
						
					 
					
						2020-05-25 16:57:09 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							1f0e2ccbdd 
							
						 
					 
					
						
						
							
							Move the binary URL to an attribute  
						
						
						
						
					 
					
						2020-05-21 11:51:06 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							51d4d88568 
							
						 
					 
					
						
						
							
							Initial kosmos_gitea cookbook  
						
						... 
						
						
						
						The default recipe deploys the gitea binary, generates a config file and
our custom Kosmos label set. The service runs as a Systemd unit.
The pg_db recipe needs to run on the primary PostgreSQL (currently
andromeda).
The backup recipe is empty for now
Refs #147  
						
						
					 
					
						2020-05-18 19:39:43 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							20cbc678bc 
							
						 
					 
					
						
						
							
							Add a method that returns the PostgreSQL service  
						
						
						
						
					 
					
						2020-05-18 19:38:37 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							d79cdf087b 
							
						 
					 
					
						
						
							
							Move the PGPASS environment variable to the execute resource  
						
						... 
						
						
						
						That way it does not appear in the list of running processes while the
command is running 
						
						
					 
					
						2020-05-15 18:45:12 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							31dc14e88c 
							
						 
					 
					
						
						
							
							Fix the firewall rules for PostgreSQL  
						
						... 
						
						
						
						I got the source and destination mixed up. 
						
						
					 
					
						2020-05-15 18:44:42 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							55b1cbc1d7 
							
						 
					 
					
						
						
							
							Encrypt the Postgresql data dir on the replica (centaurus)  
						
						... 
						
						
						
						encfs always runs a configuration assistant when creating a new
volume, so this needs to be done manually:
   systemctl stop postgresql@12-main
   mv /var/lib/postgresql /var/lib/postgresql.old
   encfs /var/lib/postgresql_encrypted /var/lib/postgresql --public
Pick p (paranoia mode) and enter the password from the data bag twice
   mv /var/lib/postgresql/* /var/lib/postgresql/
   systemctl start postgresql@12-main
This is running on centaurus and is mounted automatically on boot by a
system unit
Refs #129  
						
						
					 
					
						2020-05-15 18:41:31 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							57f46c6c61 
							
						 
					 
					
						
						
							
							Merge branch 'master' into bugfix/enable_dirsrv  
						
						
						
						
					 
					
						2020-05-15 17:24:04 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							b4209fa294 
							
						 
					 
					
						
						
							
							Fix the invalid ACIs on initial creation (for real)  
						
						... 
						
						
						
						Follow-up to #156 
I found another issue with the initial ACI creation, while creating a
fresh VM. I thought I had fixed it in #156  but I was wrong. This time
the ACIs are really set and the code runs successfully.
The ACIs are set on the suffix, so modifying it is needed
This won't be executed on a server that is already running, this is only
done on the initial setup 
						
						
					 
					
						2020-05-15 14:05:35 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							10f0460fd5 
							
						 
					 
					
						
						
							
							Fix startup of the dirsrv@master Systemd unit on boot  
						
						... 
						
						
						
						The symlink created by Chef's service resource was wrong. Creating the
correct symlink fixes the automatic startup on boot 
						
						
					 
					
						2020-05-15 13:54:34 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							18973fe4f6 
							
						 
					 
					
						
						
							
							Remove the deleted tls property from the resources  
						
						
						
						
					 
					
						2020-05-14 15:09:15 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							fbf610a643 
							
						 
					 
					
						
						
							
							Merge branch 'master' into feature/160-postgres_replication  
						
						
						
						
					 
					
						2020-05-14 15:06:00 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							069090bf44 
							
						 
					 
					
						
						
							
							Remove TODOs  
						
						... 
						
						
						
						Access rules will not be part of this cookbook, they need to be added to
the cookbooks that use a PostgreSQL database 
						
						
					 
					
						2020-05-14 13:15:47 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							dd92d6cdb7 
							
						 
					 
					
						
						
							
							Remove deploying the root cert to clients from the README  
						
						... 
						
						
						
						We do not want to verify the root cert so this is not needed 
						
						
					 
					
						2020-05-14 13:14:42 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							124ee5e6f3 
							
						 
					 
					
						
						
							
							Update the README  
						
						
						
						
					 
					
						2020-05-14 12:36:20 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							0063776297 
							
						 
					 
					
						
						
							
							Remove unused dependencies  
						
						
						
						
					 
					
						2020-05-13 19:11:00 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							8d2ab785fc 
							
						 
					 
					
						
						
							
							Use a self-signed TLS certificate for PostgreSQL  
						
						
						
						
					 
					
						2020-05-13 19:10:14 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							84cb3de4a0 
							
						 
					 
					
						
						
							
							Remove outdated comment  
						
						... 
						
						
						
						This was the case when the code lived inside of the custom resource 
						
						
					 
					
						2020-05-13 19:04:12 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							eb98aa1bac 
							
						 
					 
					
						
						
							
							Clarify the firewall and client authentication rules  
						
						
						
						
					 
					
						2020-05-12 16:04:58 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							0180da1aa6 
							
						 
					 
					
						
						
							
							Fix a typo in the README  
						
						
						
						
					 
					
						2020-05-12 15:59:55 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							254f9020ae 
							
						 
					 
					
						
						
							
							Enable firewall rules to allow primary/replica to connect  
						
						
						
						
					 
					
						2020-05-12 12:10:10 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							80c7263a72 
							
						 
					 
					
						
						
							
							Upgrade PostgreSQL from 10 to 12  
						
						... 
						
						
						
						Refs #160  
						
						
					 
					
						2020-05-11 18:26:57 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							21119fff08 
							
						 
					 
					
						
						
							
							Add a custom resource to set up PostgreSQL 12  
						
						... 
						
						
						
						Supports both primary and replica. The access rules and firewall have to
be set up outside of the custom resource, so they are part of the
recipes instead
Refs #160  
						
						
					 
					
						2020-05-11 18:23:11 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							4448ec2173 
							
						 
					 
					
						
						
							
							Configure TURN properly  
						
						... 
						
						
						
						Was missing a couple of necessary properties, and is now using an
explicit port range for TURN, and opening those ports in UFW. 
						
						
					 
					
						2020-05-02 14:07:14 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							ef2fa2da72 
							
						 
					 
					
						
						
							
							Configure STUN/TURN  
						
						... 
						
						
						
						Configures built-in STUN/TURN support, and adds the new service discovery
module for it. 
						
						
					 
					
						2020-05-01 16:25:38 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							35a56aa221 
							
						 
					 
					
						
						
							
							Update version to 20.04  
						
						
						
						
					 
					
						2020-05-01 14:55:13 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							53d53f2375 
							
						 
					 
					
						
						
							
							Merge branch 'bugfix/152-remove_encryption_keys_tls' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-04-30 15:50:26 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							ee13c3cbe9 
							
						 
					 
					
						
						
							
							Merge branch 'bugfix/153-update_ejabberd_20.03' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-04-21 13:38:53 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							4c1879b84e 
							
						 
					 
					
						
						
							
							Merge branch 'bugfix/ldap_invalid_aci' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-04-21 11:22:50 +00:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							1c920a8cb2 
							
						 
					 
					
						
						
							
							Remove the encryption keys after TLS cert renewal  
						
						... 
						
						
						
						This is done with awk, this was the best way I found to perform the
multi-line deletion. It deletes both the AES AND 3DES sections
The keys will be recreated on service restart
https://access.redhat.com/documentation/en-us/red_hat_directory_server/9.0/html/administration_guide/ssl-and-attr-encryption 
Closes  #152  
						
						
					 
					
						2020-04-20 19:11:34 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							5e3c8066f9 
							
						 
					 
					
						
						
							
							Add the missing certbot command to generate the LDAP TLS cert  
						
						... 
						
						
						
						This had been done manually on barnard. This will not be executed on
barnard again since the cert exists 
						
						
					 
					
						2020-04-20 19:10:15 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							d01c9a4d0a 
							
						 
					 
					
						
						
							
							Fix the name of the deploy certbot hook  
						
						
						
						
					 
					
						2020-04-20 19:09:43 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							3ca8ab45da 
							
						 
					 
					
						
						
							
							Fix the invalid ACIs on initial creation  
						
						... 
						
						
						
						This is only executed on initial creation of the instance, the
production one is using these fixed ACIs, this was only an issue with
the setup
The issue was the ACI was set at the wrong level 
						
						
					 
					
						2020-04-20 19:00:28 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							db8bb44c8b 
							
						 
					 
					
						
						
							
							Update ejabberd to 20.03  
						
						... 
						
						
						
						The download URL has changed, they removed a prefix
Closes  #153  
						
						
					 
					
						2020-04-20 14:53:08 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							f5dd2c7de9 
							
						 
					 
					
						
						
							
							Fix the command importing the schema on db creation  
						
						... 
						
						
						
						It had an extra }, but this only fails when creating the databases 
						
						
					 
					
						2020-04-20 14:52:11 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							4f1bf768ee 
							
						 
					 
					
						
						
							
							Merge branch 'feature/hal8000_zoom' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-04-16 20:19:30 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							cc4c8fb903 
							
						 
					 
					
						
						
							
							Add hubot-kredits Zoom config  
						
						
						
						
					 
					
						2020-04-16 17:52:28 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							43736cd8e9 
							
						 
					 
					
						
						
							
							Move the debug logs env variable to an attribute  
						
						... 
						
						
						
						Set it to 'sockethub*' for now as Nick advised, see
#91  
						
						
					 
					
						2020-03-25 17:51:28 +01:00