Commit Graph

58 Commits

Author SHA1 Message Date
basti e89e0b3122 Fix letsencrypt bootstrap for ejabberd 2022-05-11 16:27:21 +02:00
basti 71dda86d94 Remove obsolete license header 2022-03-22 16:21:29 -06:00
Greg Karékinian e6b7794e20 Extract firewall definitions to their own recipe
This allows us to use them for KVM hosts as well. Until now we had set
up ufw rules manually on the two KVM hosts (draco and centaurus)

Refs #244
2020-12-04 16:27:42 +01:00
Greg Karékinian 7636f6ed19 Move the Gandi DNS certbot hook to kosmos-ejabberd 2020-11-25 16:36:07 +01:00
basti a1a0d7e4c1 Switch Certbot to snap package on Ubuntu 20.04+
Needs only minor changes. Tested and running on wiki.kosmos.org already.
2020-09-06 13:46:06 +02:00
Greg Karékinian 84cf008bac Install vim 2020-06-19 17:30:02 +02:00
Greg Karékinian b4357df471 Enable unattended-upgrades (security and updates repositories)
... with email notifications on failure and logging with syslog
2020-06-19 17:30:02 +02:00
Greg Karékinian 2c2ae596ed Don't update chef using the chef_client_updater cookbook
It only makes sense when using Chef Server, which we don't
2019-10-08 18:17:34 +02:00
Greg Karékinian 3a693efcd6 Add email notifications for failed certbot runs
Based on https://wiki.archlinux.org/index.php/Systemd/Timers#MAILTO

This can easily be used by other services, with one line added to the
[Unit] section of a service:

OnFailure=status-email-ops@%n.service

Refs #3
2019-06-20 12:46:27 +02:00
Greg Karékinian 4cc5f3e6d1 Remove the XMPP firewall rules for andromeda
They are part of the kosmos-ejabberd cookbook now
2019-05-14 17:10:33 +02:00
Greg Karékinian ad23530653 Add the firewall rules for ejabberd
Includes the missing 5223 port in the andromeda_firewall recipe too
2019-05-13 17:08:21 +02:00
basti 7c29957ed9 Fix and consolidate firewall rules
Most of them are already defined in the appropriate recipe. And one can
be moved. (These are currently opened on every server for no reason.)
2019-04-19 15:52:56 +01:00
Greg Karékinian 57d0885d26 Change the licenses of hte kosmos cookbooks to MIT 2019-04-12 11:41:20 +02:00
Greg Karékinian 12355a6b27 Add a base role, so that chef is updated before anything else 2019-04-08 17:58:02 +02:00
Greg Karékinian 6e3e8cde1b Create the Let's Encrypt hook subdirectories 2019-04-08 11:16:38 +02:00
Greg Karékinian b1a3c5e2cd Revert "Revert "Remove the sudo cookbook""
This reverts commit 87d7c721b1.
2019-04-03 12:52:40 +02:00
Greg Karékinian 2f05629fde Revert "Revert "Update Chef to 14.11.21""
This reverts commit db4b45b5c2.
2019-04-03 12:52:32 +02:00
Greg Karékinian 87d7c721b1 Revert "Remove the sudo cookbook"
This reverts commit 73d1722d4b.
2019-04-03 10:30:38 +02:00
Greg Karékinian db4b45b5c2 Revert "Update Chef to 14.11.21"
This reverts commit 2f599ffd6d.
2019-04-03 10:30:24 +02:00
Greg Karékinian 73d1722d4b Remove the sudo cookbook
Chef 14 ships with a sudo resource:
https://docs.chef.io/resource_sudo.html
2019-04-02 12:17:06 +02:00
Greg Karékinian 2f599ffd6d Update Chef to 14.11.21
Closes #21
2019-04-02 12:16:13 +02:00
Greg Karékinian 5fa0fa661b Install certbot from the direct download when on 15.04
It does not have a ppa release. Add a cron job for renewal. When using
the PPA a Systemd timer is part of the package
2019-03-18 16:52:05 +01:00
Greg Karékinian b30dcab4da Remove an IPFS port from the ejabberd firewall 2019-03-15 12:30:56 +01:00
Greg Karékinian c3135402ad Move the nginx hook to the deploy directory, create renewal-hooks dir 2019-03-14 20:21:34 +01:00
Greg Karékinian f12ddefec8 Move the Gandi DNS hook for certbot to the kosmos-base cookbook 2019-03-14 18:01:29 +01:00
Greg Karékinian 65482f09c3 Extract the post hooks to their own script in Certbot's config dir 2019-03-14 15:21:50 +01:00
Greg Karékinian fa27187f11 Switch from the git version of certbot to the Ubuntu PPA 2019-03-14 10:49:47 +01:00
basti 0ea1971b6c Open up some more ports in firewall
From some manual playing around.
2019-02-28 17:19:06 +07:00
Greg Karékinian 56d14748f9 Fix the Let's Encrypt renew hook script
Only copy over the certs to the prosody directory if it's the 5apps.com
wildcard, not for any 5apps.com subdomain
2018-12-20 17:26:37 +01:00
Greg Karékinian 185649a5f9 Automatically generate a Let's Encrypt cert for all 5apps xmpp domains
Uses the Gandi LiveDNS API
2018-09-04 17:38:17 +02:00
basti 214e69427e Open up port for Prosody HTTP uploads 2018-09-04 14:14:02 +08:00
basti db039a185a Update certbot 2018-06-13 18:52:13 +02:00
Greg Karékinian 7165bf49c6 Add missing recipe, used to set up andromeda's firewall rules 2018-06-07 12:33:38 +02:00
Greg Karékinian b35c4bc097 Update Chef version 2018-04-17 16:08:15 +02:00
Greg Karékinian bd71418ec2 Changes for the new sudo cookbook 2018-04-17 13:18:36 +02:00
Greg Karékinian 49664dbc8d The renew hook now needs to be an executable in the path
An absolute path doesn't work anymore.

Also send an email containing STDERR when the renewal command fails
2017-09-22 11:53:01 +02:00
Greg Karékinian f93070c4c0 Replace timezone-ii cookbook with timezone_iii
This fork supports Chef 13 and is still maintained
2017-06-16 13:10:46 +02:00
Greg Karékinian 189b66a36f Update Chef to 12.20.3 2017-06-16 11:43:24 +02:00
Greg Karékinian 5534b57752 Add ntp package and don't run most kosmos-base things in development 2017-06-09 21:18:44 +02:00
Greg Karékinian 26097197ca Don't create users and rewrite the sudo config in dev environment
It breaks the vagrant user
2017-06-09 16:43:26 +02:00
Greg Karékinian 5385813eda Merge branch 'master' into feature/ubuntu-16.04 2017-06-09 16:36:19 +02:00
Greg Karékinian afc07c3192 Add more secure sudo configuration
Also update the sudo cookbook
2017-06-09 16:08:36 +02:00
Greg Karékinian 943b4ace1f Replace omnibus_updater with chef_client_updater
omnibus_updater is deprecated
2017-05-02 11:53:33 +02:00
basti 54332db8de Use ruby-build for Mastodon, update cookbooks
This uses the ruby_build provider for Mastodon, installing Ruby 2.4.1
currently. It also updates some other cookbooks and the runlists.
2017-04-17 11:40:31 +02:00
Greg Karékinian de11c0d691 Set up an instance of Mastodon for Kosmos
Refs #19

Use new application cookbook, update our cookbooks
2017-04-06 21:20:51 +02:00
Greg Karékinian 14542f8419 Do not require the deprecated users::sysadmins recipe
Write the 4 lines of code instead
2017-03-20 13:17:32 +00:00
Greg Karékinian e57ee1590e Update Chef to 12.19.36 2017-03-20 13:16:11 +00:00
Greg Karékinian 9436284be2 Use the latest certbot instead of the old letsencrypt 2017-03-19 20:05:09 +00:00
Greg Karékinian 98ba42b157 Fix the frequency of the Let's Encrypt script (run every day) 2017-01-26 05:52:11 +00:00
basti b431e75e79 Use latest Chef 2017-01-20 10:32:32 +08:00