Commit Graph

646 Commits

Author SHA1 Message Date
basti d65363f964 Remove obsolete ulimit dep 2020-08-17 10:51:54 +02:00
basti 9795e77fde Bitcoin source recipe 2020-08-17 10:45:15 +02:00
basti 4606773440 Update license note 2020-08-16 16:25:14 +02:00
basti bbbd0f7408 Change default username 2020-08-16 16:25:06 +02:00
basti 476316e13b Always use latest/stable channel for bitcoind snap 2020-08-16 16:20:43 +02:00
basti 4889f40c6a WIP 2020-08-16 16:18:01 +02:00
basti c8122a44f1 Add systemd service
Plus some refactoring
2020-08-16 16:14:18 +02:00
basti 4a6a02c137 Use 0.19 stable channel
Instead of relying on the default channel
2020-08-16 16:14:18 +02:00
Greg Karékinian e31f480f27 Fix the attribute name 2020-08-16 16:14:18 +02:00
Greg Karékinian aedf7bcb62 Create the snap mount directory in the user's home 2020-08-16 16:14:18 +02:00
Greg Karékinian 069246cf41 Create the bitcoind user and its home directory 2020-08-16 16:14:18 +02:00
Greg Karékinian 1b9a4aad17 Work around a bug in Chef's snap_package resource
https://github.com/chef/chef/issues/8827

`snap install` returns 0 when a package is already installed, so no need
for a guard clause
2020-08-16 16:14:17 +02:00
basti 09527e693b WIP bitcoind config 2020-08-16 16:14:15 +02:00
basti 47105b2a1c Initial version of bitcoin cookbook 2020-08-16 16:13:39 +02:00
basti 9a28a03265 Increase size limit for Gitea uploads/attachments
The default limit in nginx is only 1MB. This increases it to 20MB.

fixes #188
2020-08-05 15:53:13 +02:00
basti af0717a65b Fix comet icon on maintenance page
The data URI declares an SVG source, but this was actually a PNG. Hence
the failure in Chrome. This change turns it into an actual inline SVG
and uses UTF8 encoding instead of base64, because SVG is just text anyway.

fixes #61
2020-08-02 21:00:10 +02:00
Greg Karékinian 41fd1576ad Override the header template to remove the Roboto font
Using the system font instead
2020-07-30 12:33:09 +02:00
Greg Karékinian 924f67d8a8 Update Gitea to 1.12.3
Closes #189
2020-07-30 12:16:31 +02:00
Greg Karékinian 5e5bbe07dc Restart gitea after upgrading it 2020-07-30 12:16:04 +02:00
Greg Karékinian 44b49ddd57 Upgrade nginx to the latest mainline version 2020-07-30 11:58:52 +02:00
Greg Karékinian d2126f6153 Use the right variable for the TLS cert's domain
`domain` was undefined. `new_resource.hostname` is ldap.kosmos.org and
is what we need

Fixes #193
2020-07-22 15:59:27 +02:00
Greg Karékinian 4583421597 Connect to the PostgreSQL primary server instead of localhost
Move the db and user creation to its own recipe

Refs #186
2020-06-26 15:22:14 +02:00
Greg Karékinian 004a6913b4 Remove dependency to an old PostgreSQL in the Systemd unit
Refs #186
2020-06-26 15:22:05 +02:00
Greg Karékinian 84cf008bac Install vim 2020-06-19 17:30:02 +02:00
Greg Karékinian b4357df471 Enable unattended-upgrades (security and updates repositories)
... with email notifications on failure and logging with syslog
2020-06-19 17:30:02 +02:00
greg 1b84009958 Merge pull request 'Add PostgreSQL primary support to the kosmos-ejabberd cookbook' (#181) from feature/180-ejabberd_pg_primary into master 2020-06-19 14:46:52 +00:00
Greg Karékinian 5e483240c3 Set the Gitea root URL to HTTPS
It fixes U2F security keys support, that was broken because the protocol
did not match

Fixes #182
2020-06-12 17:22:34 +02:00
Greg Karékinian ee9c241a4d Add a postgresql_client role
The role is empty but is used to explicitly define servers that have
access rights to all PostgreSQL databases and users
2020-06-12 16:54:58 +02:00
Greg Karékinian 6f696d7634 Define access rules in the PostgreSQL primary recipe
Access is done for the IP of a server for all users and all databases
for ejabberd and gitea
2020-06-11 18:20:04 +02:00
Greg Karékinian 26097a7584 Use the correct database name for the access rights 2020-06-11 09:00:50 +02:00
Greg Karékinian 2c21d6255b Add PostgreSQL primary support to the kosmos-ejabberd cookbook
* Move the PostgreSQL user and database creation to a pg_db recipe
* Generate access rights for the ejabberd servers in the pg_db recipe
* Connect to the PostgreSQL primary instead of localhost

Refs #180
2020-06-10 18:38:40 +02:00
Greg Karékinian 091a46e972 Do not pass the pgsql_password variable to ejabberd.yml
The password is only used in the config files for the vhosts
2020-06-10 18:37:36 +02:00
Greg Karékinian a0db6adaf2 Pass the data_directory to the postgresql_server_conf resource
Previously we were passing it as an additional config, but it is set by
default. The last value was used, the custom one, so the server still
used the correct file
2020-06-10 14:41:07 +02:00
Greg Karékinian e3e726097f Do not enable the postgresql@12-main service
We want it to run only once the encrypted data directory has been
mounted
2020-06-10 14:41:07 +02:00
Greg Karékinian dba6629869 Use the attribute from the encfs recipe for the data directory 2020-06-10 14:41:03 +02:00
raucao d88d3b07a5 Merge pull request 'Encrypt PostgreSQL data directory' (#166) from feature/pg_encfs into master 2020-06-08 15:02:58 +00:00
basti b662c04183 Finish initial encfs cookbook and postgres adaptations 2020-06-08 17:01:24 +02:00
basti 379161eb1e Fix postgres installation
Also, do not start at boot anymore, in favor of path-based activation.
2020-06-07 12:47:06 +02:00
basti 353f2c13f1 Improve encfs cookbook
Fix some things, and prepare for path-based activation. Also, comment
the buggy initial dir creation and explain manual provisioning in README
for now.
2020-06-07 12:45:33 +02:00
basti 8918452fc5 Use latest postgresql fork 2020-06-07 12:40:39 +02:00
basti 4fe0e913f8 Use our own fork of the postgresql cookbook 2020-06-07 12:29:34 +02:00
basti bd99b76287 Use human-readable flag for encfs mount script
In case someone wants to see what it does without reading a manual in
the future.
2020-06-06 12:24:08 +02:00
Greg Karékinian 1e60722ec4 Create an initial encfs cookbook
Usage: Add the kosmos_encfs::default recipe to the run list of a node.
Creating the encrypted directory will keep it mounted. After a reboot,
start the encfs service and enter the password:

```
$ systemctl start encfs
encfs password:
```

For now postgresql@12-main is a hardcoded dependency of the encfs
Systemd unit that is automatically started once the user inputs the
correct password. This list of dependency will need to be different for
every server, based on the services it is running
2020-06-04 19:50:20 +02:00
Greg Karékinian eded62a3ec Merge branch 'master' into feature/pg_encfs 2020-06-04 15:13:53 +02:00
Greg Karékinian 759fa52e03 Enable the certbot resource 2020-06-02 16:19:05 +02:00
Greg Karékinian 0f10723c81 Enable secure cookies 2020-06-02 16:18:48 +02:00
Greg Karékinian 55865c526c Add the Let's Encrypt hook dir to the config
Only enabled when there is no TLS cert. This is already part of the
certbot nginx vhost
2020-06-02 16:17:34 +02:00
Greg Karékinian 0c502580c2 Fix the condition for the Let's Encrypt cert in the template
The line contained an extra !
2020-06-02 16:16:30 +02:00
Greg Karékinian c8e50fd226 Install git, it is a required dependency for Gitea
I didn't catch it because git is installed by default in the Vagrant box
I used to write the cookbook
2020-06-02 11:41:19 +02:00
Greg Karékinian 94330f2052 Comment out the COOKIE_SECURE config for now
We will enable it again after we have a valid TLS cert generated with
Let's Encrypt. It prevents logins using http, and we will need that as
an admin account
2020-05-28 18:43:31 +02:00