kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
767 Commits 7 Branches 0 Tags
Commit Graph

767 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
greg
db4792e836 Merge pull request 'Gitea fixes' (#174) from bugfix/147-gitea_fixes into master 2020-06-02 14:24:11 +00:00
Greg Karékinian
ccd49aefa4 Add Gitea to the run lists for Andromeda and Centaurus 2020-06-02 16:19:21 +02:00
Greg Karékinian
759fa52e03 Enable the certbot resource 2020-06-02 16:19:05 +02:00
Greg Karékinian
0f10723c81 Enable secure cookies 2020-06-02 16:18:48 +02:00
Greg Karékinian
55865c526c Add the Let's Encrypt hook dir to the config 
Only enabled when there is no TLS cert. This is already part of the
certbot nginx vhost
 2020-06-02 16:17:34 +02:00
Greg Karékinian
0c502580c2 Fix the condition for the Let's Encrypt cert in the template 
The line contained an extra !
 2020-06-02 16:16:30 +02:00
Greg Karékinian
27845525da Use the same JWT_SECRET as on our previous Gitea 
A different one breaks 2FA
 2020-06-02 12:12:59 +02:00
Greg Karékinian
c8e50fd226 Install git, it is a required dependency for Gitea 
I didn't catch it because git is installed by default in the Vagrant box
I used to write the cookbook
 2020-06-02 11:41:19 +02:00
Greg Karékinian
2d6c514257 Add the gitea role 2020-06-02 11:22:10 +02:00
greg
8342298c89 Merge branch 'feature/147-gitea_cookbook' of kosmos/chef into master 2020-06-02 09:16:37 +00:00
Greg Karékinian
94330f2052 Comment out the COOKIE_SECURE config for now 
We will enable it again after we have a valid TLS cert generated with
Let's Encrypt. It prevents logins using http, and we will need that as
an admin account
 2020-05-28 18:43:31 +02:00
Greg Karékinian
baaae695af Merge branch 'master' into feature/147-gitea_cookbook 2020-05-28 15:44:44 +02:00
greg
5b2d4f269d Merge branch 'bugfix/171-letsencrypt_resource' of kosmos/chef into master 2020-05-26 15:25:27 +00:00
Greg Karékinian
baa0739936 Add the backup recipe 
Also move the Gitea data dir to an attribute
 2020-05-26 15:21:26 +02:00
Greg Karékinian
3332a1b2e8 Write initial README 2020-05-26 15:21:07 +02:00
Greg Karékinian
210c76c479 Fix the name of the Let's Encrypt cert execute resource 
The resource in the notification was invalid, missing the type of
resource (execute)

Fixes #171
 2020-05-26 14:10:47 +02:00
raucao
6469d2286e Merge branch 'feature/zoom_options' of kosmos/chef into master 2020-05-25 15:52:41 +00:00
raucao
9dec1cfce8 Merge branch 'chore/mastodon_system_deps' of kosmos/chef into master 2020-05-25 15:50:58 +00:00
Sebastian Kippe
5fcb047505
Update Mastodon system dependencies 
Needs new Ruby, and why not upgrade Yarn in the process. Running in
production.
 2020-05-25 17:49:22 +02:00
Sebastian Kippe
f92b43e0f4
Configure Zoom meeting whitelist 
So we only log contributions for actual Kosmos calls
 2020-05-25 16:57:09 +02:00
Greg Karékinian
1f0e2ccbdd Move the binary URL to an attribute 2020-05-21 11:51:06 +02:00
Greg Karékinian
51d4d88568 Initial kosmos_gitea cookbook 
The default recipe deploys the gitea binary, generates a config file and
our custom Kosmos label set. The service runs as a Systemd unit.

The pg_db recipe needs to run on the primary PostgreSQL (currently
andromeda).

The backup recipe is empty for now

Refs #147
 2020-05-18 19:39:43 +02:00
Greg Karékinian
20cbc678bc Add a method that returns the PostgreSQL service 2020-05-18 19:38:37 +02:00
greg
82f1e9863b Merge branch 'bugfix/160-cookbook_fixes' of kosmos/chef into master 2020-05-16 08:53:24 +00:00
Greg Karékinian
d79cdf087b Move the PGPASS environment variable to the execute resource 
That way it does not appear in the list of running processes while the
command is running
 2020-05-15 18:45:12 +02:00
Greg Karékinian
31dc14e88c Fix the firewall rules for PostgreSQL 
I got the source and destination mixed up.
 2020-05-15 18:44:42 +02:00
greg
4475af9204 Merge branch 'bugfix/enable_dirsrv' of kosmos/chef into master 2020-05-15 15:24:42 +00:00
Greg Karékinian
57f46c6c61 Merge branch 'master' into bugfix/enable_dirsrv 2020-05-15 17:24:04 +02:00
greg
d900ca352c Merge branch 'bugfix/dirsrv_acis_really_fix' of kosmos/chef into master 2020-05-15 15:22:04 +00:00
Greg Karékinian
b4209fa294 Fix the invalid ACIs on initial creation (for real) 
Follow-up to #156

I found another issue with the initial ACI creation, while creating a
fresh VM. I thought I had fixed it in #156 but I was wrong. This time
the ACIs are really set and the code runs successfully.

The ACIs are set on the suffix, so modifying it is needed

This won't be executed on a server that is already running, this is only
done on the initial setup
 2020-05-15 14:05:35 +02:00
Greg Karékinian
10f0460fd5 Fix startup of the dirsrv@master Systemd unit on boot 
The symlink created by Chef's service resource was wrong. Creating the
correct symlink fixes the automatic startup on boot
 2020-05-15 13:54:34 +02:00
Greg Karékinian
bf60f9fca8 Add the Chef client public keys for andromeda and barnard 2020-05-14 15:34:10 +02:00
Sebastian Kippe
773aa3ddee
Update node configs 2020-05-14 15:29:25 +02:00
raucao
3c905dd51e Merge branch 'feature/160-postgres_replication' of kosmos/chef into master 2020-05-14 13:10:34 +00:00
Greg Karékinian
da278822f6 Use the new postgresql_primary role on andromeda 2020-05-14 15:09:33 +02:00
Greg Karékinian
18973fe4f6 Remove the deleted tls property from the resources 2020-05-14 15:09:15 +02:00
Greg Karékinian
fbf610a643 Merge branch 'master' into feature/160-postgres_replication 2020-05-14 15:06:00 +02:00
Greg Karékinian
069090bf44 Remove TODOs 
Access rules will not be part of this cookbook, they need to be added to
the cookbooks that use a PostgreSQL database
 2020-05-14 13:15:47 +02:00
Greg Karékinian
dd92d6cdb7 Remove deploying the root cert to clients from the README 
We do not want to verify the root cert so this is not needed
 2020-05-14 13:14:42 +02:00
Greg Karékinian
124ee5e6f3 Update the README 2020-05-14 12:36:20 +02:00
Greg Karékinian
0063776297 Remove unused dependencies 2020-05-13 19:11:00 +02:00
Greg Karékinian
8d2ab785fc Use a self-signed TLS certificate for PostgreSQL 2020-05-13 19:10:14 +02:00
Greg Karékinian
84cb3de4a0 Remove outdated comment 
This was the case when the code lived inside of the custom resource
 2020-05-13 19:04:12 +02:00
Greg Karékinian
f3f8e47cce Add replication_password to the postgresql credentials 2020-05-13 15:35:34 +02:00
Greg Karékinian
51b23c2f47 Add postgresql roles 2020-05-13 15:35:15 +02:00
Greg Karékinian
eb98aa1bac Clarify the firewall and client authentication rules 2020-05-12 16:04:58 +02:00
Greg Karékinian
0180da1aa6 Fix a typo in the README 2020-05-12 15:59:55 +02:00
Greg Karékinian
254f9020ae Enable firewall rules to allow primary/replica to connect 2020-05-12 12:10:10 +02:00
Greg Karékinian
80c7263a72 Upgrade PostgreSQL from 10 to 12 
Refs #160
 2020-05-11 18:26:57 +02:00
Greg Karékinian
b22a7e3c0f Update the postgresql upstream cookbook 2020-05-11 18:26:35 +02:00