Commit Graph

962 Commits

Author SHA1 Message Date
Greg Karékinian 2119c11243 Do not include kosmos-postgresql in kosmos-ejabberd default recipe
It will install PostgreSQL, and we do not want that on the ejabberd
server
2020-09-25 16:29:01 +02:00
basti 3d8d31c32f Fix kosmos-ipfs not requiring nodejs/npm
If node isn't installed on a machine by something else before running
the kosmos-ipfs recipe, then it fails.
2020-09-24 17:39:28 +02:00
basti a1a0d7e4c1 Switch Certbot to snap package on Ubuntu 20.04+
Needs only minor changes. Tested and running on wiki.kosmos.org already.
2020-09-06 13:46:06 +02:00
basti 8dd146e95c Remove obsolete mysql client install
This fails nowadays,and the client is already installed via the mysql
package in the first place.
2020-09-06 13:42:34 +02:00
basti b7e2a72369 Add missing changes for mediawiki upgrades 2020-09-05 23:43:28 +02:00
basti 38c6a1ae15 Update mediawiki, install extensions from git repos 2020-08-30 17:59:45 +02:00
basti d5448e8240 Basic LND installation 2020-08-23 12:37:53 +02:00
basti 0005f9ab7d Add golang cookbook
Needs updating of ark and git cookbooks
2020-08-23 11:01:05 +02:00
basti 217ab471ce Moving bitcoin-core to VM 2020-08-22 23:16:11 +02:00
basti 5c105f00d1 Use MIT license for bitcoin cookbook 2020-08-19 15:29:18 +02:00
basti c98be94404 Add rpcpassword support to bitcoin snap recipe 2020-08-18 14:44:23 +02:00
basti 97ae73c987 Improve variable name 2020-08-18 14:38:16 +02:00
basti 23588760fa Add walletdir flag to bitcoind service start 2020-08-17 21:43:56 +02:00
basti b0daa3d463 Only store wallet in encrypted dir
Storing all chain data in encfs caused unsolvable issues with leveldb.
So now we're only storing wallet data in the encrypted dir.
2020-08-17 16:46:59 +02:00
basti d65363f964 Remove obsolete ulimit dep 2020-08-17 10:51:54 +02:00
basti 9795e77fde Bitcoin source recipe 2020-08-17 10:45:15 +02:00
basti 4606773440 Update license note 2020-08-16 16:25:14 +02:00
basti bbbd0f7408 Change default username 2020-08-16 16:25:06 +02:00
basti 476316e13b Always use latest/stable channel for bitcoind snap 2020-08-16 16:20:43 +02:00
basti 4889f40c6a WIP 2020-08-16 16:18:01 +02:00
basti c8122a44f1 Add systemd service
Plus some refactoring
2020-08-16 16:14:18 +02:00
basti 4a6a02c137 Use 0.19 stable channel
Instead of relying on the default channel
2020-08-16 16:14:18 +02:00
Greg Karékinian e31f480f27 Fix the attribute name 2020-08-16 16:14:18 +02:00
Greg Karékinian aedf7bcb62 Create the snap mount directory in the user's home 2020-08-16 16:14:18 +02:00
Greg Karékinian 069246cf41 Create the bitcoind user and its home directory 2020-08-16 16:14:18 +02:00
Greg Karékinian 1b9a4aad17 Work around a bug in Chef's snap_package resource
https://github.com/chef/chef/issues/8827

`snap install` returns 0 when a package is already installed, so no need
for a guard clause
2020-08-16 16:14:17 +02:00
basti 09527e693b WIP bitcoind config 2020-08-16 16:14:15 +02:00
basti 47105b2a1c Initial version of bitcoin cookbook 2020-08-16 16:13:39 +02:00
basti 9a28a03265 Increase size limit for Gitea uploads/attachments
The default limit in nginx is only 1MB. This increases it to 20MB.

fixes #188
2020-08-05 15:53:13 +02:00
basti af0717a65b Fix comet icon on maintenance page
The data URI declares an SVG source, but this was actually a PNG. Hence
the failure in Chrome. This change turns it into an actual inline SVG
and uses UTF8 encoding instead of base64, because SVG is just text anyway.

fixes #61
2020-08-02 21:00:10 +02:00
Greg Karékinian 41fd1576ad Override the header template to remove the Roboto font
Using the system font instead
2020-07-30 12:33:09 +02:00
Greg Karékinian 924f67d8a8 Update Gitea to 1.12.3
Closes #189
2020-07-30 12:16:31 +02:00
Greg Karékinian 5e5bbe07dc Restart gitea after upgrading it 2020-07-30 12:16:04 +02:00
Greg Karékinian 44b49ddd57 Upgrade nginx to the latest mainline version 2020-07-30 11:58:52 +02:00
Greg Karékinian d2126f6153 Use the right variable for the TLS cert's domain
`domain` was undefined. `new_resource.hostname` is ldap.kosmos.org and
is what we need

Fixes #193
2020-07-22 15:59:27 +02:00
Greg Karékinian 4583421597 Connect to the PostgreSQL primary server instead of localhost
Move the db and user creation to its own recipe

Refs #186
2020-06-26 15:22:14 +02:00
Greg Karékinian 004a6913b4 Remove dependency to an old PostgreSQL in the Systemd unit
Refs #186
2020-06-26 15:22:05 +02:00
Greg Karékinian 84cf008bac Install vim 2020-06-19 17:30:02 +02:00
Greg Karékinian b4357df471 Enable unattended-upgrades (security and updates repositories)
... with email notifications on failure and logging with syslog
2020-06-19 17:30:02 +02:00
greg 1b84009958 Merge pull request 'Add PostgreSQL primary support to the kosmos-ejabberd cookbook' (#181) from feature/180-ejabberd_pg_primary into master 2020-06-19 14:46:52 +00:00
Greg Karékinian 5e483240c3 Set the Gitea root URL to HTTPS
It fixes U2F security keys support, that was broken because the protocol
did not match

Fixes #182
2020-06-12 17:22:34 +02:00
Greg Karékinian ee9c241a4d Add a postgresql_client role
The role is empty but is used to explicitly define servers that have
access rights to all PostgreSQL databases and users
2020-06-12 16:54:58 +02:00
Greg Karékinian 6f696d7634 Define access rules in the PostgreSQL primary recipe
Access is done for the IP of a server for all users and all databases
for ejabberd and gitea
2020-06-11 18:20:04 +02:00
Greg Karékinian 26097a7584 Use the correct database name for the access rights 2020-06-11 09:00:50 +02:00
Greg Karékinian 2c21d6255b Add PostgreSQL primary support to the kosmos-ejabberd cookbook
* Move the PostgreSQL user and database creation to a pg_db recipe
* Generate access rights for the ejabberd servers in the pg_db recipe
* Connect to the PostgreSQL primary instead of localhost

Refs #180
2020-06-10 18:38:40 +02:00
Greg Karékinian 091a46e972 Do not pass the pgsql_password variable to ejabberd.yml
The password is only used in the config files for the vhosts
2020-06-10 18:37:36 +02:00
Greg Karékinian a0db6adaf2 Pass the data_directory to the postgresql_server_conf resource
Previously we were passing it as an additional config, but it is set by
default. The last value was used, the custom one, so the server still
used the correct file
2020-06-10 14:41:07 +02:00
Greg Karékinian e3e726097f Do not enable the postgresql@12-main service
We want it to run only once the encrypted data directory has been
mounted
2020-06-10 14:41:07 +02:00
Greg Karékinian dba6629869 Use the attribute from the encfs recipe for the data directory 2020-06-10 14:41:03 +02:00
raucao d88d3b07a5 Merge pull request 'Encrypt PostgreSQL data directory' (#166) from feature/pg_encfs into master 2020-06-08 15:02:58 +00:00