| 
							
							
								 Greg Karekinian | f39a1ed250 | Enable unattended-upgrades We were missing a positive value on
`["apt"]["unattended_upgrades"]["enable"]` to enable it.
Refs #499 | 2025-05-31 16:44:01 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karekinian | 7dc4f674a0 | Use the systemd unit instead of an execute resource Also extract the attributes so it is possible to override them. | 2025-05-21 13:40:12 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karekinian | 3e2ee30334 | Configure maximum size and timespan of journald logs Closes #506 | 2025-05-21 11:36:15 +02:00 |  | 
			
				
					|  | d90a374811 | Remove outdated flag from certbot command | 2024-12-12 18:32:26 +04:00 |  | 
			
				
					|  | ff313525c8 | Reload postfix and dovecot on cert renewal closes #552
Co-authored-by: Greg Karékinian <greg@karekinian.com> | 2024-06-05 16:44:18 +02:00 |  | 
			
				
					|  | 0c29fad404 | Remove superfluous license header Co-authored-by: Greg Karékinian <greg@karekinian.com> | 2024-06-05 15:50:09 +02:00 |  | 
			
				
					|  | 989185f951 | Support proxy domain validation for Garage web domains Also rename the data bag item | 2024-04-30 12:23:36 +02:00 |  | 
			
				
					|  | 4cbda69a6b | Add support for proxy domain validation to tls_cert resource | 2024-04-26 12:24:17 +02:00 |  | 
			
				
					| 
							
							
								 Râu Cao | 9d0ff358ef | Only use certbot deploy hook when applicable | 2023-12-01 10:00:07 +01:00 |  | 
			
				
					| 
							
							
								 Râu Cao | 390753faa3 | Increase update delay for Gandi DNS records | 2023-11-05 01:01:16 +01:00 |  | 
			
				
					| 
							
							
								 Râu Cao | 0f12a54eab | Refactor tor usage entirely Use a custom resource and separate recipe for service configs with
pre-set keys and hostnames | 2023-07-30 12:39:41 +02:00 |  | 
			
				
					| 
							
							
								 Râu Cao | cb0fc27134 | Refactor tor usage, set up new tor proxy on draco | 2023-07-29 16:26:20 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 05daff9029 | Install certbot when using the tls_cert_for resource | 2023-07-17 18:07:50 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | c1e2145ba1 | Create a resource to get a Let's Encrypt cert with DNS validation | 2023-07-12 20:35:15 +02:00 |  | 
			
				
					|  | e89e0b3122 | Fix letsencrypt bootstrap for ejabberd | 2022-05-11 16:27:21 +02:00 |  | 
			
				
					|  | 71dda86d94 | Remove obsolete license header | 2022-03-22 16:21:29 -06:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | e6b7794e20 | Extract firewall definitions to their own recipe This allows us to use them for KVM hosts as well. Until now we had set
up ufw rules manually on the two KVM hosts (draco and centaurus)
Refs #244 | 2020-12-04 16:27:42 +01:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 7636f6ed19 | Move the Gandi DNS certbot hook to kosmos-ejabberd | 2020-11-25 16:36:07 +01:00 |  | 
			
				
					|  | a1a0d7e4c1 | Switch Certbot to snap package on Ubuntu 20.04+ Needs only minor changes. Tested and running on wiki.kosmos.org already. | 2020-09-06 13:46:06 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 84cf008bac | Install vim | 2020-06-19 17:30:02 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | b4357df471 | Enable unattended-upgrades (security and updates repositories) ... with email notifications on failure and logging with syslog | 2020-06-19 17:30:02 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 2c2ae596ed | Don't update chef using the chef_client_updater cookbook It only makes sense when using Chef Server, which we don't | 2019-10-08 18:17:34 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 3a693efcd6 | Add email notifications for failed certbot runs Based on https://wiki.archlinux.org/index.php/Systemd/Timers#MAILTO
This can easily be used by other services, with one line added to the
[Unit] section of a service:
OnFailure=status-email-ops@%n.service
Refs #3 | 2019-06-20 12:46:27 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 4cc5f3e6d1 | Remove the XMPP firewall rules for andromeda They are part of the kosmos-ejabberd cookbook now | 2019-05-14 17:10:33 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | ad23530653 | Add the firewall rules for ejabberd Includes the missing 5223 port in the andromeda_firewall recipe too | 2019-05-13 17:08:21 +02:00 |  | 
			
				
					|  | 7c29957ed9 | Fix and consolidate firewall rules Most of them are already defined in the appropriate recipe. And one can
be moved. (These are currently opened on every server for no reason.) | 2019-04-19 15:52:56 +01:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 57d0885d26 | Change the licenses of hte kosmos cookbooks to MIT | 2019-04-12 11:41:20 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 12355a6b27 | Add a base role, so that chef is updated before anything else | 2019-04-08 17:58:02 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 4b75ae78dc | Set the minimum Chef version since it depends on the new sudo resource | 2019-04-08 12:31:47 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 6e3e8cde1b | Create the Let's Encrypt hook subdirectories | 2019-04-08 11:16:38 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | b1a3c5e2cd | Revert "Revert "Remove the sudo cookbook"" This reverts commit 87d7c721b16356a3607f9462916e6b04a93dbad5. | 2019-04-03 12:52:40 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 2f05629fde | Revert "Revert "Update Chef to 14.11.21"" This reverts commit db4b45b5c26c50c7b883d0f96b2a9a5136f26b58. | 2019-04-03 12:52:32 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 87d7c721b1 | Revert "Remove the sudo cookbook" This reverts commit 73d1722d4b5c545ec488c5eb2119dd8b9b155363. | 2019-04-03 10:30:38 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | db4b45b5c2 | Revert "Update Chef to 14.11.21" This reverts commit 2f599ffd6d757bc98ac862836110c7b32cda3c51. | 2019-04-03 10:30:24 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 73d1722d4b | Remove the sudo cookbook Chef 14 ships with a sudo resource:
https://docs.chef.io/resource_sudo.html | 2019-04-02 12:17:06 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 2f599ffd6d | Update Chef to 14.11.21 Closes #21 | 2019-04-02 12:16:13 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 5fa0fa661b | Install certbot from the direct download when on 15.04 It does not have a ppa release. Add a cron job for renewal. When using
the PPA a Systemd timer is part of the package | 2019-03-18 16:52:05 +01:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | b30dcab4da | Remove an IPFS port from the ejabberd firewall | 2019-03-15 12:30:56 +01:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | c3135402ad | Move the nginx hook to the deploy directory, create renewal-hooks dir | 2019-03-14 20:21:34 +01:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | f12ddefec8 | Move the Gandi DNS hook for certbot to the kosmos-base cookbook | 2019-03-14 18:01:29 +01:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 65482f09c3 | Extract the post hooks to their own script in Certbot's config dir | 2019-03-14 15:21:50 +01:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | fa27187f11 | Switch from the git version of certbot to the Ubuntu PPA | 2019-03-14 10:49:47 +01:00 |  | 
			
				
					|  | 0ea1971b6c | Open up some more ports in firewall From some manual playing around. | 2019-02-28 17:19:06 +07:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 56d14748f9 | Fix the Let's Encrypt renew hook script Only copy over the certs to the prosody directory if it's the 5apps.com
wildcard, not for any 5apps.com subdomain | 2018-12-20 17:26:37 +01:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 185649a5f9 | Automatically generate a Let's Encrypt cert for all 5apps xmpp domains Uses the Gandi LiveDNS API | 2018-09-04 17:38:17 +02:00 |  | 
			
				
					|  | 214e69427e | Open up port for Prosody HTTP uploads | 2018-09-04 14:14:02 +08:00 |  | 
			
				
					|  | db039a185a | Update certbot | 2018-06-13 18:52:13 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | 7165bf49c6 | Add missing recipe, used to set up andromeda's firewall rules | 2018-06-07 12:33:38 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | b35c4bc097 | Update Chef version | 2018-04-17 16:08:15 +02:00 |  | 
			
				
					| 
							
							
								 Greg Karékinian | bd71418ec2 | Changes for the new sudo cookbook | 2018-04-17 13:18:36 +02:00 |  |