WIP Set up akaunting

clients/akaunting-1.json

@@ -0,0 +1,4 @@
+{
+  "name": "akaunting-1",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmNpNWJh5DeXDsINDqAt\n5OtcGhnzLtqdILTD8A8KuPxWhoKI0k9xwvuT4yO2DLQqFMPyGefRuQkVsIq2OuU5\npK8B5c79E9MBHxti6mQZw4b/Jhmul+x2LGtOWYjPTDhFYXRsNNDtFDxwpwJGPede\nYts026yExHPhiF35Mt1JxA3TXJfPC8Vx0YGHu/6Ev+1fLmcKhFmhed5yKkA0gwod\nczdyQiCfw3ze9LuS90QmALpFOHHpekZeywemdwyPia207CoTrXsPLWj9KmuUEIQJ\nwL+OlEU2tVA6KaBKpl54n5/tMsccZmlicbNsVpgkk6LctrkNh6Kk+fW9ry3L/Gxg\nAwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

data_bags/credentials/akaunting.json

@@ -0,0 +1,31 @@
+{
+  "id": "akaunting",
+  "app_key": {
+    "encrypted_data": "C7VVGHHrE/ESwtGeODf8zVraayO5uBSXaGR7f4yoj0MDq9WxPujItC3dIkMQ\ngjGzk8fH\n",
+    "iv": "4+d+RMLeuqaneFBa\n",
+    "auth_tag": "sBQDUVl6QbL/h9pd0kBQ0g==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "pg_database": {
+    "encrypted_data": "4mqHsMfDAqPvDmGsWgS9iE63qVeus7diSW8WiA==\n",
+    "iv": "6Cb1lVUcXBz+GA4u\n",
+    "auth_tag": "8O3N0m8jGhxs/YacdhgNHA==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "pg_username": {
+    "encrypted_data": "Nu0wiBhvqUwqC7PL2Qo8otq0b3faJqRsabqp2g==\n",
+    "iv": "1uA8mJc7itT0qHcx\n",
+    "auth_tag": "PRWw6LTlFrWs63SDRsovtQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "pg_password": {
+    "encrypted_data": "oXDKiXQ4aH5M2pVu1sx7dj0awKCORke03fq0uemjIfCMYbM=\n",
+    "iv": "snPyC8mocevc5kGH\n",
+    "auth_tag": "9wx4GPSydkYr2WGpZK5HZg==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  }
+}

data_bags/credentials/akkounts.json

@@ -1,72 +1,72 @@
 {
   "id": "akkounts",
   "postgresql_username": {
-    "encrypted_data": "v2QoNkkxXGflxEdspIpfJdBjQVraMyF9yHq7\n",
-    "iv": "du8wubB9xQjOVeOS\n",
-    "auth_tag": "gDZLYz5/XBCQDlDaFoP6mQ==\n",
+    "encrypted_data": "ofLOjxGBj7no+lWrIvtxQQFoeozCh6mpfMTt\n",
+    "iv": "/CF+o4GqZx2O5WOm\n",
+    "auth_tag": "bjHXfgNQfXpQ2gucPLrUWA==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "postgresql_password": {
-    "encrypted_data": "Naz4R5oOCUS/S/CZmW5eoil8BpJ3K1WLUIc3mAihhA==\n",
-    "iv": "0S9Sb1MUoBVWbW9t\n",
-    "auth_tag": "L2yGzVMKiKAzfpA+HADRqA==\n",
+    "encrypted_data": "f8Jfs4aqIjc6/6/NQlI2Fv8TzSgVmi5g0iYNhh9bAA==\n",
+    "iv": "vAzrZeUodmu4x5eB\n",
+    "auth_tag": "vx8eH2SY7I4IkZElXSC1Nw==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "sentry_dsn": {
-    "encrypted_data": "OXiAeg6lIqEnbplAnKlkwb3o3DTfMJbLC0wnxmguQ8GZiP0RcpPOwUAa9Q3U\naA44f36BCKgHtCxdlVB59TTFA9W24ecU5KWb/jIc7mueSoc=\n",
-    "iv": "86cAncfc1K4d43ql\n",
-    "auth_tag": "0i04Y/eFIN+b+5F605d7Dg==\n",
+    "encrypted_data": "oxW5jGU8DlIp5A9enxBhcJXuKyaZ5HziXq8Zw+Rbvpbv4C/RTGkJkgZdKcH1\nVzW/wNAT8nTK+nEvWgcQ3svjE40ltj2jcOexIRqLbuCClJE=\n",
+    "iv": "wpW9+VdX5GjocHSl\n",
+    "auth_tag": "1qrf1kZMrIR7WRiSaRjppQ==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "rails_master_key": {
-    "encrypted_data": "Ypv4g33evnuutOWmGl49kq3Ca3SmfWIswyxGIZA0J/o1ZMGpMOfySim/e7r8\nzdAM/PFo\n",
-    "iv": "w2bflz2KIbu/vRT1\n",
-    "auth_tag": "tpemUQJly8Ft9lN6rP+W4w==\n",
+    "encrypted_data": "KHVYYH7Nb9/SsoKkYfbjzhFwj3Ioj72hm5pfdCuinf+GQvjKumq99eQTlKdf\nBZM1n0XN\n",
+    "iv": "x9AQZvw/vCinKQ8k\n",
+    "auth_tag": "mi0KHHOTBvVNhtvqk38BtQ==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "discourse_connect_secret": {
-    "encrypted_data": "DUK6G5SyRiehJh3iHtCKQj8Ki5+suk9Ds5/ZMp6OP1EshdbpziQ4XNey2x+R\nHCTSVg==\n",
-    "iv": "kfhA3apCUAHcNlwH\n",
-    "auth_tag": "BqRV+CiF9rFrqEToJeisoQ==\n",
+    "encrypted_data": "WyLrV0DOsxyafSqyeQVj0BhVwm/0gvWeJLBsAbiqCGphryoYqUByPcum1T6R\n2H44nQ==\n",
+    "iv": "lUtlJDv6Ieq8Bs5x\n",
+    "auth_tag": "ku22BlQKw/BhHxuANTF6yg==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "lndhub_admin_token": {
-    "encrypted_data": "C3aKQIEwcQNCrr+uyLiOY2KAHZh5dUvTZ9IdANPqkGlr\n",
-    "iv": "qrhJJzmmced9lNF1\n",
-    "auth_tag": "CH1fOwMWsidmWBwX2+4nJg==\n",
+    "encrypted_data": "DQuxQW8ks3sUzyHYEpQVyPg2f/U4/LWeRoCD9225Hd+c\n",
+    "iv": "mjxYi+YAcKGuurD2\n",
+    "auth_tag": "8P3bFFNeQ5HQgpXDB5Sk5A==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "btcpay_auth_token": {
-    "encrypted_data": "0vRq3ZeYPtNcdlCUQI0ip6YOaQZKBeK/dODL7IxdrAK9pHz+u53aL8LW92nJ\nmHW2DYcv+eX3ltnwu88=\n",
-    "iv": "5HenMAvE1Uu5l7jJ\n",
-    "auth_tag": "rJzkZPRYar1qw4dauSNV2w==\n",
+    "encrypted_data": "3wsY9osaUdX4SvBPfHprNLSbx6/rfI5BfXnDxsc6OET3nGn19qBhH6wgeiwZ\n/dweqdQ25HpbFPygddc=\n",
+    "iv": "ccouibxktHLlUCQJ\n",
+    "auth_tag": "pWuRC8O2EAkmztL/9V3now==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "s3_access_key": {
-    "encrypted_data": "QB7XpwhzCvLczUojhcjXy+KX26rEDQHSSw983KP8W7Nud1SNbheU1PrDEQv/\n",
-    "iv": "DTtUXHNQ2g04E+oE\n",
-    "auth_tag": "0XSkHE+MG4AnVT4XJR9tzw==\n",
+    "encrypted_data": "hJGHa+hEmddtsZ4UncrYBkjRa/2Csqdh79tXpTVxUWbIsYGdlvyadk7C1UCj\n",
+    "iv": "GlxNdnWiNzmNYthg\n",
+    "auth_tag": "hlRLkroUN01L7VzQFBU/IA==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "s3_secret_key": {
-    "encrypted_data": "IEUzFfOBuOwjzD1DbRyk07+jFlZhQVY+a7riDJ3QU1cNYZ3OTJUgJkowA/u5\nrZ6jqehGIzvPlDuzIezxQwN+Dy0ZJueB/ZEdRqhfkXUxgzkqb2s=\n",
-    "iv": "gs9Igisu2EH+dAC/\n",
-    "auth_tag": "gDFuQCwlCL5mvys83CGv+w==\n",
+    "encrypted_data": "LKdQJOKIfFIoiF3GvfTs1mg3AI//Aoi8r42zcw8QhEVPB8ONsSf0/vhM037C\nf5nzUk7xwglvTOveqbOM+UTBJF/4oblQfgwFW3VobWUGkJqjtKE=\n",
+    "iv": "tWTxzK/ccpjlLmQV\n",
+    "auth_tag": "n2MFkTIquyqz4wqRNdSJcg==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "nostr_private_key": {
-    "encrypted_data": "sFnQlwyZF0tfMzbaG/bdwqQLPVdHPpbyDT66FY1+ubssmWUpxsuNtbI71KyY\nI1784c7SSl4qKRgHZRrR658bYMKU4whe836qBgSf7Icczp1VSQY=\n",
-    "iv": "x8RJT4dcNdtm59Zz\n",
-    "auth_tag": "6yxBq1W4jCNDYwP6+cTE6g==\n",
+    "encrypted_data": "CPMeNxzpYMReaQU4+v+EqpVESRsnaYc3a4y7OkHOhtn2gjaNEDERGKvRmlyd\nD6vxKPcIrwTCZ7neJ3YLOVOxPDNv6skqdtMHBwSgl7aBEOrx7tY=\n",
+    "iv": "AV1on2sw1avmFFuY\n",
+    "auth_tag": "9rb9qQBKrj5Xja1t+qROKQ==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   }

data_bags/credentials/gandi_api.json

@@ -1,23 +1,23 @@
 {
   "id": "gandi_api",
   "key": {
-    "encrypted_data": "lU7/xYTmP5Sb6SsK5TNNIyegWozzBtUzpg7oDdl6gcz9FEMmG2ft0Ljh5Q==\n",
-    "iv": "EZPQD3C+wsP/mBhF\n",
-    "auth_tag": "vF9E8Pj4Z8quJJdOMg/QTw==\n",
+    "encrypted_data": "Ky1/PdywtEIl5vVXhzu3n2JetqOxnNjpjQ7yCao6qwIAn8oYxnv1c1hFAQ==\n",
+    "iv": "stAc2FxDvUqrh0kt\n",
+    "auth_tag": "rcK4Qt+f2O4Zo5IMmG0fkw==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "access_token": {
-    "encrypted_data": "1Uw69JkNrmb8LU/qssuod1SlqxxrWR7TJQZeeivRrNzrMIVTEW/1uwJIYL6b\nM4GeeYl9lIRlMMmLBkc=\n",
-    "iv": "cc1GJKu6Cf4DkIgX\n",
-    "auth_tag": "ERem4S7ozG695kjvWIMghw==\n",
+    "encrypted_data": "J7zoLhEbPfPjnVWBmFmDdPKRer5GGw2o6Ad0uinznANugfaDiqjyYinOdEDF\nHlAqLmXv4J40rr3F+o4=\n",
+    "iv": "fAxFqVh9QqrfBsPW\n",
+    "auth_tag": "9ugi4frDLv8f7X0X1+k4DA==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "domains": {
-    "encrypted_data": "scZ5blsSjs54DlitR7KZ3enLbyceOR5q0wjHw1golQ==\n",
-    "iv": "oDcHm7shAzW97b4t\n",
-    "auth_tag": "62Zais9yf68SwmZRsmZ3hw==\n",
+    "encrypted_data": "X0KOKlJp5GYbKcq/jzmlaMmTXV1U7exWSqi3UxX9Sw==\n",
+    "iv": "9JucnYLlYdQ9N6pd\n",
+    "auth_tag": "sERYPDnVUJwVfSS8/xrPpQ==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   }

data_bags/credentials/kosmos-rs.json

@@ -1,10 +0,0 @@
-{
-  "id": "kosmos-rs",
-  "auth_tokens": {
-    "encrypted_data": "fiznpRw7VKlm232+U6XV1rqkAf2Z8CpoD8KyvuvOH2JniaymlcTHgazGWQ8s\nGeqK4RU9l4d29e9i+Mh0k4vnhO4q\n",
-    "iv": "SvurcL2oNSNWjlxp\n",
-    "auth_tag": "JLQ7vGXAuYYJpLEpL6C+Rw==\n",
-    "version": 3,
-    "cipher": "aes-256-gcm"
-  }
-}

data_bags/credentials/lndhub-go.json

@@ -1,30 +1,30 @@
 {
   "id": "lndhub-go",
   "jwt_secret": {
-    "encrypted_data": "lJsKBTCRzI83xmRHXzpnuRH/4cuMOR+Rd+SBU50G9HdibadIEDhS\n",
-    "iv": "f/SvsWtZIYOVc54X\n",
-    "auth_tag": "YlJ78EuJbcPfjCPc2eH+ug==\n",
+    "encrypted_data": "3T4JYnoISKXCnatCBeLCXyE8wVjzphw5/JU5A0vHfQ2xSDZreIRQ\n",
+    "iv": "bGQZjCk6FtD/hqVj\n",
+    "auth_tag": "CS87+UK1ZIFMiNcNaoyO6w==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "postgresql_password": {
-    "encrypted_data": "aT0yNlWjvk/0S4z2kZB4Ye1u/ngk5J6fGPbwZSfdq6cy\n",
-    "iv": "OgUttF4LlSrL/7gH\n",
-    "auth_tag": "pcbbGqbQ2RjU+i9dt8c3OQ==\n",
+    "encrypted_data": "u8kf/6WdSTzyIz2kF+24JgOPLndWH2WmTFZ3CToJsnay\n",
+    "iv": "KqLtV2UuaAzJx7C8\n",
+    "auth_tag": "3aqx45+epb2NFkNfOfG89A==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "admin_token": {
-    "encrypted_data": "I9EsqCCxMIw+fX6sfu6KX8B5fJj9DX5Y4tbX30jdnmxr\n",
-    "iv": "vnERvIWYInO6+Y8q\n",
-    "auth_tag": "gO+MprZUQgPEWJQUmSF1sA==\n",
+    "encrypted_data": "Z737fXqRE9JHfunRhc2GG281dFFN1bvBvTzTDzl/Vb8O\n",
+    "iv": "oKLQJbD67tiz2235\n",
+    "auth_tag": "SlVIqC9d9SRoO78M7cBjTw==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "sentry_dsn": {
-    "encrypted_data": "+sUXWgl6dXpA1/0FqjKC3Jnl54aor6gtM+19EM/NsHwg4qu672YnSgxV+c9x\nHM3JZBYxBYvJ+HYGAvMmhlGvaOOEIvLmFUpCCJeVUXR32S8=\n",
-    "iv": "82+DzAnHiptaX7sO\n",
-    "auth_tag": "CDx44iRBVhSIF8DOxb2c+w==\n",
+    "encrypted_data": "gmDHGDWkTIvaXjcWMs1dnKnbqtsADPJ2mLmWw8Idj6RVevU5CabjvviAxEo1\n3hs2LWuObumRSCQt2QKap191uMq3CL2+da53hbsv+JUkxl4=\n",
+    "iv": "Yt0fSsxL4SNicwUY\n",
+    "auth_tag": "j7BWbcNnymHHMNTADWmCNw==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   }

environments/production.json

@@ -107,12 +107,10 @@
       "domain": "nostr.kosmos.org",
       "real_ip_header": "x-real-ip",
       "policy_path": "/opt/strfry/strfry-policy.ts",
-      "known_pubkeys": {
-        "_": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
-        "accounts": "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a",
-        "bitcoincore": "47750177bb6bb113784e4973f6b2e3dd27ef1eff227d6e38d0046d618969e41a",
-        "fiatjaf": "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"
-      },
+      "whitelist_pubkeys": [
+        "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a",
+        "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf"
+      ],
       "info": {
         "name": "Kosmos Relay",
         "description": "Members-only nostr relay for kosmos.org users",
@@ -120,11 +118,6 @@
         "contact": "ops@kosmos.org",
         "icon": "https://assets.kosmos.org/img/app-icon-256px.png"
       }
-    },
-    "substr": {
-      "relay_urls": [
-        "ws://localhost:7777"
-      ]
     }
   }
 }

nodes/akaunting-1.json

@@ -0,0 +1,66 @@
+{
+  "name": "akaunting-1",
+  "chef_environment": "production",
+  "normal": {
+    "knife_zero": {
+      "host": "10.1.1.215"
+    }
+  },
+  "automatic": {
+    "fqdn": "akaunting-1",
+    "os": "linux",
+    "os_version": "5.15.0-1069-kvm",
+    "hostname": "akaunting-1",
+    "ipaddress": "192.168.122.162",
+    "roles": [
+      "base",
+      "kvm_guest",
+      "akaunting",
+      "postgresql_client"
+    ],
+    "recipes": [
+      "kosmos-base",
+      "kosmos-base::default",
+      "kosmos_kvm::guest",
+      "kosmos_postgresql::hostsfile",
+      "kosmos_akaunting",
+      "kosmos_akaunting::default",
+      "apt::default",
+      "timezone_iii::default",
+      "timezone_iii::debian",
+      "ntp::default",
+      "ntp::apparmor",
+      "kosmos-base::systemd_emails",
+      "apt::unattended-upgrades",
+      "kosmos-base::firewall",
+      "kosmos-postfix::default",
+      "postfix::default",
+      "postfix::_common",
+      "postfix::_attributes",
+      "postfix::sasl_auth",
+      "hostname::default",
+      "kosmos-nodejs::default",
+      "nodejs::nodejs_from_package",
+      "nodejs::repo"
+    ],
+    "platform": "ubuntu",
+    "platform_version": "22.04",
+    "cloud": null,
+    "chef_packages": {
+      "chef": {
+        "version": "18.5.0",
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
+        "chef_effortless": null
+      },
+      "ohai": {
+        "version": "18.1.11",
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
+      }
+    }
+  },
+  "run_list": [
+    "role[base]",
+    "role[kvm_guest]",
+    "role[akaunting]"
+  ]
+}

nodes/bitcoin-2.json

@@ -38,7 +38,6 @@
       "kosmos-bitcoin::dotnet",
       "kosmos-bitcoin::nbxplorer",
       "kosmos-bitcoin::btcpay",
-      "kosmos-bitcoin::price_tracking",
       "apt::default",
       "timezone_iii::default",
       "timezone_iii::debian",
@@ -103,7 +102,6 @@
     "role[bitcoind]",
     "role[lnd]",
     "role[lndhub]",
-    "role[btcpay]",
-    "recipe[kosmos-bitcoin::price_tracking]"
+    "role[btcpay]"
   ]
 }

nodes/draco.kosmos.org.json

@@ -20,7 +20,7 @@
   "automatic": {
     "fqdn": "draco.kosmos.org",
     "os": "linux",
-    "os_version": "5.4.0-187-generic",
+    "os_version": "5.4.0-54-generic",
     "hostname": "draco",
     "ipaddress": "148.251.237.73",
     "roles": [

nodes/gitea-2.json

@@ -9,7 +9,7 @@
   "automatic": {
     "fqdn": "gitea-2",
     "os": "linux",
-    "os_version": "5.4.0-1123-kvm",
+    "os_version": "5.4.0-1096-kvm",
     "hostname": "gitea-2",
     "ipaddress": "192.168.122.189",
     "roles": [

nodes/her.json

@@ -9,7 +9,7 @@
   "automatic": {
     "fqdn": "her",
     "os": "linux",
-    "os_version": "5.15.0-84-generic",
+    "os_version": "5.15.0-101-generic",
     "hostname": "her",
     "ipaddress": "192.168.30.172",
     "roles": [

nodes/postgres-6.json

@@ -22,6 +22,7 @@
       "kosmos_kvm::guest",
       "kosmos_postgresql::primary",
       "kosmos_postgresql::firewall",
+      "kosmos_akaunting::pg_db",
       "kosmos-bitcoin::lndhub-go_pg_db",
       "kosmos-bitcoin::nbxplorer_pg_db",
       "kosmos_drone::pg_db",

nodes/strfry-1.json

@@ -27,7 +27,6 @@
       "strfry::default",
       "kosmos_strfry::policies",
       "kosmos_strfry::firewall",
-      "kosmos_strfry::substr",
       "apt::default",
       "timezone_iii::default",
       "timezone_iii::debian",

roles/akaunting.rb

@@ -0,0 +1,6 @@
+name "akaunting"
+
+run_list %w[
+  role[postgresql_client]
+  kosmos_akaunting::default
+]

roles/postgresql_primary.rb

@@ -3,6 +3,7 @@ name "postgresql_primary"
 run_list %w(
   kosmos_postgresql::primary
   kosmos_postgresql::firewall
+  kosmos_akaunting::pg_db
   kosmos-bitcoin::lndhub-go_pg_db
   kosmos-bitcoin::nbxplorer_pg_db
   kosmos_drone::pg_db

roles/strfry.rb

@@ -5,5 +5,4 @@ run_list %w(
   strfry::default
   kosmos_strfry::policies
   kosmos_strfry::firewall
-  kosmos_strfry::substr
 )

site-cookbooks/kosmos-bitcoin/attributes/default.rb

@@ -41,7 +41,7 @@ node.default['c-lightning']['log_level'] = 'info'
 node.default['c-lightning']['public_ip'] = '148.251.237.73'
 
 node.default['lnd']['repo'] = 'https://github.com/lightningnetwork/lnd'
-node.default['lnd']['revision'] = 'v0.18.5-beta'
+node.default['lnd']['revision'] = 'v0.18.3-beta'
 node.default['lnd']['source_dir'] = '/opt/lnd'
 node.default['lnd']['lnd_dir'] = "/home/#{node['bitcoin']['username']}/.lnd"
 node.default['lnd']['alias'] = 'ln2.kosmos.org'
@@ -90,7 +90,7 @@ node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/
 node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"
 
 node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer'
-node.default['nbxplorer']['revision'] = 'v2.5.23'
+node.default['nbxplorer']['revision'] = 'v2.5.0'
 node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer'
 node.default['nbxplorer']['config_path'] = "/home/#{node['bitcoin']['username']}/.nbxplorer/Main/settings.config"
 node.default['nbxplorer']['port'] = '24445'
@@ -98,7 +98,7 @@ node.default['nbxplorer']['postgres']['database'] = 'nbxplorer'
 node.default['nbxplorer']['postgres']['user'] = 'nbxplorer'
 
 node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver'
-node.default['btcpay']['revision'] = 'v2.0.7'
+node.default['btcpay']['revision'] = 'v1.12.5'
 node.default['btcpay']['source_dir'] = '/opt/btcpay'
 node.default['btcpay']['config_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/Main/settings.config"
 node.default['btcpay']['log_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/debug.log"
@@ -111,5 +111,3 @@ node.default['btcpay']['postgres']['user'] = 'satoshi'
 node.default['peerswap']['repo'] = 'https://github.com/ElementsProject/peerswap.git'
 node.default['peerswap']['revision'] = 'master'
 node.default['peerswap-lnd']['source_dir'] = '/opt/peerswap'
-
-node.default['price_tracking']['rs_base_url'] = "https://storage.kosmos.org/kosmos/public/btc-price"

site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb

@@ -58,7 +58,9 @@ directory '/run/nbxplorer' do
 end
 
 env = {
-  NBXPLORER_POSTGRES: "User ID=#{postgres_user};Password=#{credentials['postgresql_password']};Database=#{postgres_database};Host=pg.kosmos.local;Port=5432;Application Name=nbxplorer;MaxPoolSize=20"
+  NBXPLORER_POSTGRES: "User ID=#{postgres_user};Password=#{credentials['postgresql_password']};Database=#{postgres_database};Host=pg.kosmos.local;Port=5432;Application Name=nbxplorer;MaxPoolSize=20",
+  NBXPLORER_AUTOMIGRATE: "1",
+  NBXPLORER_NOMIGRATEEVTS: "1"
 }
 
 systemd_unit 'nbxplorer.service' do

site-cookbooks/kosmos-bitcoin/recipes/price_tracking.rb

@@ -1,59 +0,0 @@
-#
-# Cookbook:: kosmos-bitcoin
-# Recipe:: price_tracking
-#
-# Track BTC rates and publish them via remoteStorage
-#
-
-%w[curl jq].each do |pkg|
-  apt_package pkg
-end
-
-daily_tracker_path = "/usr/local/bin/btc-price-tracker-daily"
-
-credentials = Chef::EncryptedDataBagItem.load('credentials', 'kosmos-rs')
-
-template daily_tracker_path do
-  source "btc-price-tracker-daily.sh.erb"
-  mode '0740'
-  variables rs_base_url: node['price_tracking']['rs_base_url']
-  notifies :restart, "systemd_unit[lnd-channel-backup.service]", :delayed
-end
-
-systemd_unit 'btc-price-tracker-daily.service' do
-  content({
-    Unit: {
-      Description: 'BTC price tracker (daily rates)',
-      After: 'network-online.target',
-      Wants: 'network-online.target'
-    },
-    Service: {
-      Type: 'oneshot',
-      ExecStart: daily_tracker_path,
-      Environment: "RS_AUTH=#{credentials["auth_tokens"]["/btc-price"]}"
-    },
-    Install: {
-      WantedBy: 'multi-user.target'
-    }
-  })
-  sensitive true
-  triggers_reload true
-  action [:create]
-end
-
-systemd_unit 'btc-price-tracker-daily.timer' do
-  content({
-    Unit: {
-      Description: 'Run BTC price tracker daily'
-    },
-    Timer: {
-      OnCalendar: '*-*-* 00:00:00',
-      Persistent: 'true'
-    },
-    Install: {
-      WantedBy: 'timers.target'
-    }
-  })
-  triggers_reload true
-  action [:create, :enable, :start]
-end

site-cookbooks/kosmos-bitcoin/templates/btc-price-tracker-daily.sh.erb

@@ -1,49 +0,0 @@
-#!/bin/bash
-
-# Calculate yesterday's date in YYYY-MM-DD format
-YESTERDAY=$(date -d "yesterday" +%Y-%m-%d)
-echo "Starting price tracking for $YESTERDAY" >&2
-
-# Fetch and process rates for a fiat currency
-get_price_data() {
-    local currency=$1
-    local data avg open24 last
-
-    data=$(curl -s "https://www.bitstamp.net/api/v2/ticker/btc${currency,,}/")
-    if [ $? -eq 0 ] && [ ! -z "$data" ]; then
-        echo "Successfully retrieved ${currency} price data" >&2
-        open24=$(echo "$data" | jq -r '.open_24')
-        last=$(echo "$data" | jq -r '.last')
-        avg=$(( (${open24%.*} + ${last%.*}) / 2 ))
-        echo $avg
-    else
-        echo "ERROR: Failed to retrieve ${currency} price data" >&2
-        exit 1
-    fi
-}
-
-# Get price data for each currency
-usd_avg=$(get_price_data "USD")
-eur_avg=$(get_price_data "EUR")
-gbp_avg=$(get_price_data "GBP")
-
-# Create JSON
-json="{\"EUR\":$eur_avg,\"USD\":$usd_avg,\"GBP\":$gbp_avg}"
-echo "Rates: $json" >&2
-
-# PUT in remote storage
-response=$(curl -X PUT \
-    -H "Authorization: Bearer $RS_AUTH" \
-    -H "Content-Type: application/json" \
-    -d "$json" \
-    -w "%{http_code}" \
-    -s \
-    -o /dev/null \
-    "<%= @rs_base_url %>/$YESTERDAY")
-
-if [ "$response" -eq 200 ] || [ "$response" -eq 201 ]; then
-   echo "Successfully uploaded price data" >&2
-else
-   echo "ERROR: Failed to upload price data. HTTP status: $response" >&2
-   exit 1
-fi

site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb

@@ -38,7 +38,6 @@ gandi_api_credentials = data_bag_item('credentials', 'gandi_api')
 template "/root/gandi_dns_certbot_hook.sh" do
   variables access_token: gandi_api_credentials["access_token"]
   mode 0700
-  sensitive true
 end
 
 # Generate a Let's Encrypt cert (only if no cert has been generated before).

site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb

@@ -231,6 +231,7 @@ modules:
   mod_shared_roster: {}
   mod_stun_disco:
     offer_local_services: false
+    credentials_lifetime: 300
     secret: <%= @stun_secret %>
     services:
       -

site-cookbooks/kosmos_akaunting/.gitignore

@@ -0,0 +1,25 @@
+.vagrant
+*~
+*#
+.#*
+\#*#
+.*.sw[a-z]
+*.un~
+
+# Bundler
+Gemfile.lock
+gems.locked
+bin/*
+.bundle/*
+
+# test kitchen
+.kitchen/
+kitchen.local.yml
+
+# Chef Infra
+Berksfile.lock
+.zero-knife.rb
+Policyfile.lock.json
+
+.idea/
+

site-cookbooks/kosmos_akaunting/Policyfile.rb

@@ -0,0 +1,16 @@
+# Policyfile.rb - Describe how you want Chef Infra Client to build your system.
+#
+# For more information on the Policyfile feature, visit
+# https://docs.chef.io/policyfile/
+
+# A name that describes what the system you're building with Chef does.
+name 'kosmos_akaunting'
+
+# Where to find external cookbooks:
+default_source :supermarket
+
+# run_list: chef-client will run these recipes in the order specified.
+run_list 'kosmos_akaunting::default'
+
+# Specify a custom source for a single cookbook:
+cookbook 'kosmos_akaunting', path: '.'

site-cookbooks/kosmos_akaunting/README.md

@@ -0,0 +1,4 @@
+# kosmos_akaunting
+
+TODO: Enter the cookbook description here.
+

site-cookbooks/kosmos_akaunting/attributes/default.rb

@@ -0,0 +1,5 @@
+node.default["akaunting"]["user"] = "deploy"
+node.default["akaunting"]["group"] = "www-data"
+node.default["akaunting"]["repo"] = "https://github.com/akaunting/akaunting.git"
+node.default["akaunting"]["revision"] = "3.1.12"
+node.default["akaunting"]["port"] = 80

site-cookbooks/kosmos_akaunting/chefignore

@@ -0,0 +1,115 @@
+# Put files/directories that should be ignored in this file when uploading
+# to a Chef Infra Server or Supermarket.
+# Lines that start with '# ' are comments.
+
+# OS generated files #
+######################
+.DS_Store
+ehthumbs.db
+Icon?
+nohup.out
+Thumbs.db
+.envrc
+
+# EDITORS #
+###########
+.#*
+.project
+.settings
+*_flymake
+*_flymake.*
+*.bak
+*.sw[a-z]
+*.tmproj
+*~
+\#*
+REVISION
+TAGS*
+tmtags
+.vscode
+.editorconfig
+
+## COMPILED ##
+##############
+*.class
+*.com
+*.dll
+*.exe
+*.o
+*.pyc
+*.so
+*/rdoc/
+a.out
+mkmf.log
+
+# Testing #
+###########
+.circleci/*
+.codeclimate.yml
+.delivery/*
+.foodcritic
+.kitchen*
+.mdlrc
+.overcommit.yml
+.rspec
+.rubocop.yml
+.travis.yml
+.watchr
+.yamllint
+azure-pipelines.yml
+Dangerfile
+examples/*
+features/*
+Guardfile
+kitchen.yml*
+mlc_config.json
+Procfile
+Rakefile
+spec/*
+test/*
+
+# SCM #
+#######
+.git
+.gitattributes
+.gitconfig
+.github/*
+.gitignore
+.gitkeep
+.gitmodules
+.svn
+*/.bzr/*
+*/.git
+*/.hg/*
+*/.svn/*
+
+# Berkshelf #
+#############
+Berksfile
+Berksfile.lock
+cookbooks/*
+tmp
+
+# Bundler #
+###########
+vendor/*
+Gemfile
+Gemfile.lock
+
+# Policyfile #
+##############
+Policyfile.rb
+Policyfile.lock.json
+
+# Documentation #
+#############
+CODE_OF_CONDUCT*
+CONTRIBUTING*
+documentation/*
+TESTING*
+UPGRADING*
+
+# Vagrant #
+###########
+.vagrant
+Vagrantfile

site-cookbooks/kosmos_akaunting/kitchen.yml

@@ -0,0 +1,31 @@
+---
+driver:
+  name: vagrant
+
+## The forwarded_port port feature lets you connect to ports on the VM guest
+## via localhost on the host.
+## see also: https://www.vagrantup.com/docs/networking/forwarded_ports
+
+#  network:
+#    - ["forwarded_port", {guest: 80, host: 8080}]
+
+provisioner:
+  name: chef_zero
+
+  ## product_name and product_version specifies a specific Chef product and version to install.
+  ## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/
+  #  product_name: chef
+  #  product_version: 17
+
+verifier:
+  name: inspec
+
+platforms:
+  - name: ubuntu-20.04
+  - name: centos-8
+
+suites:
+  - name: default
+    verifier:
+      inspec_tests:
+        - test/integration/default

site-cookbooks/kosmos_akaunting/metadata.rb

@@ -0,0 +1,9 @@
+name 'kosmos_akaunting'
+maintainer 'Kosmos Developers'
+maintainer_email 'mail@kosmos.org'
+license 'MIT'
+description 'Installs/configures akaunting for Kosmos'
+version '0.1.0'
+chef_version '>= 18.0'
+
+depends 'kosmos-nodejs'

site-cookbooks/kosmos_akaunting/recipes/default.rb

@@ -0,0 +1,148 @@
+#
+# Cookbook:: kosmos_akaunting
+# Recipe:: default
+#
+
+app_name     = "akaunting"
+deploy_user  = node["akaunting"]["user"]
+deploy_group = node["akaunting"]["group"]
+deploy_path  = "/opt/#{app_name}"
+credentials  = data_bag_item("credentials", "akaunting")
+pg_host      = search(:node, "role:postgresql_primary").first["knife_zero"]["host"] rescue "localhost"
+
+env = {
+  app_name: "Akaunting",
+  app_env: "production",
+  app_locale: "en-US",
+  app_installed: "true",
+  app_key: credentials["app_key"],
+  app_debug: "true",
+  app_schedule_time: "\"09:00\"",
+  app_url: "http://akaunting.kosmos.org",
+  db_connection: "pgsql",
+  db_host: pg_host,
+  db_port: "5432",
+  db_database: credentials["pg_database"],
+  db_username: credentials["pg_username"],
+  db_password: credentials["pg_password"],
+  log_level: "debug"
+  # mail_mailer: "mail",
+  # mail_host: "localhost",
+  # mail_port: "2525",
+  # mail_username: "null",
+  # mail_password: "null",
+  # mail_encryption: "null",
+  # mail_from_name: "null",
+  # mail_from_address: "null",
+}
+
+%w[
+  unzip nginx php8.1 php8.1-cli php8.1-bcmath php8.1-ctype php8.1-curl
+  php8.1-dom php8.1-fileinfo php8.1-intl php8.1-fpm php8.1-gd php8.1-mbstring
+  php8.1-pdo php8.1-pgsql php8.1-tokenizer php8.1-xml php8.1-zip
+].each do |pkg|
+  package pkg
+end
+
+# TODO install composer
+
+node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_18.x"
+include_recipe "kosmos-nodejs"
+
+group deploy_group
+
+user deploy_user do
+  group       deploy_group
+  manage_home true
+  shell       "/bin/bash"
+end
+
+directory deploy_path do
+  owner deploy_user
+  group deploy_group
+  mode "0775"
+end
+
+git deploy_path do
+  repository node[app_name]["repo"]
+  revision node[app_name]["revision"]
+  user deploy_user
+  group deploy_group
+  action :sync
+  notifies :run, "execute[composer_install]", :immediately
+  notifies :run, "execute[npm_install]", :immediately
+  notifies :restart, "service[php8.1-fpm]", :delayed
+end
+
+execute "composer_install" do
+  user deploy_user
+  cwd deploy_path
+  command "composer install"
+  action :nothing
+end
+
+execute "npm_install" do
+  user deploy_user
+  cwd deploy_path
+  command "npm install"
+  action :nothing
+  notifies :run, "execute[compile_assets]", :immediately
+end
+
+execute "compile_assets" do
+  user deploy_user
+  cwd deploy_path
+  command "npm run prod"
+  action :nothing
+end
+
+execute "set_storage_permissions" do
+  command "chown -R www-data:www-data #{deploy_path}/storage"
+end
+
+template "#{deploy_path}/.env" do
+  source 'env.erb'
+  owner deploy_user
+  group deploy_group
+  mode 0660
+  sensitive true
+  variables config: env
+  notifies :restart, "service[php8.1-fpm]", :delayed
+end
+
+template "/etc/nginx/sites-available/default" do
+  source 'nginx-local.conf.erb'
+  owner deploy_user
+  group deploy_group
+  mode 0660
+  variables deploy_path: deploy_path,
+            port: node["akaunting"]["port"]
+  notifies :restart, "service[nginx]", :delayed
+end
+
+# template "/etc/php/8.1/fpm/pool.d/akaunting.conf" do
+#   source 'php-fpm.pool.erb'
+#   owner deploy_user
+#   group deploy_group
+#   mode 0600
+#   variables user: deploy_user,
+#             group: deploy_group,
+#             chdir: deploy_path,
+#             port: node["akaunting"]["port"]
+#   notifies :restart, "service[php8.1-fpm]", :delayed
+# end
+
+service "php8.1-fpm" do
+  action [:enable, :start]
+end
+
+service "nginx" do
+  action [:enable, :start]
+end
+
+firewall_rule "akaunting_zerotier" do
+  command  :allow
+  port     node["akaunting"]["port"]
+  protocol :tcp
+  source   "10.1.1.0/24"
+end

site-cookbooks/kosmos_akaunting/recipes/pg_db.rb

@@ -0,0 +1,16 @@
+#
+# Cookbook:: kosmos_akaunting
+# Recipe:: pg_db
+#
+
+credentials = data_bag_item("credentials", "akaunting")
+
+postgresql_user credentials["pg_username"] do
+  action :create
+  password credentials["pg_password"]
+end
+
+postgresql_database credentials["pg_database"] do
+  owner credentials["pg_username"]
+  action :create
+end

site-cookbooks/kosmos_akaunting/templates/env.erb

@@ -0,0 +1,11 @@
+<% @config.each do |key, value| %>
+<% if value.is_a?(Hash) %>
+<% value.each do |k, v| %>
+<%= "#{key.upcase}_#{k.upcase}" %>=<%= v.to_s %>
+<% end %>
+<% else %>
+<% if value %>
+<%= key.upcase %>=<%= value.to_s %>
+<% end %>
+<% end %>
+<% end %>

site-cookbooks/kosmos_akaunting/templates/nginx-local.conf.erb

@@ -0,0 +1,49 @@
+server {
+  listen 80 default_server;
+
+  server_name akaunting.kosmos.org;
+
+  root <%= @deploy_path %>;
+
+  add_header X-Frame-Options "SAMEORIGIN";
+  add_header X-XSS-Protection "1; mode=block";
+  add_header X-Content-Type-Options "nosniff";
+
+  index index.html index.htm index.php;
+
+  charset utf-8;
+
+  location / {
+    try_files $uri $uri/ /index.php?$query_string;
+  }
+
+  # Prevent Direct Access To Protected Files
+  location ~ \.(env|log) {
+    deny all;
+  }
+
+  # Prevent Direct Access To Protected Folders
+  location ~ ^/(^app$|bootstrap|config|database|overrides|resources|routes|storage|tests|artisan) {
+    deny all;
+  }
+
+  # Prevent Direct Access To modules/vendor Folders Except Assets
+  location ~ ^/(modules|vendor)\/(.*)\.((?!ico|gif|jpg|jpeg|png|js\b|css|less|sass|font|woff|woff2|eot|ttf|svg|xls|xlsx).)*$ {
+    deny all;
+  }
+
+  error_page 404 /index.php;
+
+  # Pass PHP Scripts To FastCGI Server
+  location ~ \.php$ {
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+    fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; # Depends On The PHP Version
+    fastcgi_index index.php;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    include fastcgi_params;
+  }
+
+  location ~ /\.(?!well-known).* {
+    deny all;
+  }
+}

site-cookbooks/kosmos_akaunting/templates/php-fpm.pool.erb

@@ -0,0 +1,18 @@
+[akaunting]
+user = <%= @user %>
+group = <%= @group %>
+listen = 0.0.0.0:<%= @port %>
+listen.owner = <%= @user %>
+listen.group = <%= @group %>
+listen.mode = 0660
+
+pm = dynamic
+pm.max_children = 10
+pm.start_servers = 4
+pm.min_spare_servers = 2
+pm.max_spare_servers = 6
+pm.max_requests = 500
+
+chdir = <%= @chdir %>
+catch_workers_output = yes
+php_admin_flag[log_errors] = on

site-cookbooks/kosmos_akaunting/test/integration/default/default_test.rb

@@ -0,0 +1,16 @@
+# Chef InSpec test for recipe kosmos_akaunting::default
+
+# The Chef InSpec reference, with examples and extensive documentation, can be
+# found at https://docs.chef.io/inspec/resources/
+
+unless os.windows?
+  # This is an example test, replace with your own test.
+  describe user('root'), :skip do
+    it { should exist }
+  end
+end
+
+# This is an example test, replace it with your own test.
+describe port(80), :skip do
+  it { should_not be_listening }
+end

site-cookbooks/kosmos_gitea/attributes/default.rb

@@ -1,5 +1,5 @@
-node.default["gitea"]["version"] = "1.23.6"
-node.default["gitea"]["checksum"] = "fcb76127fec7ba9fba10bfe11d81cdc01888aacb588fc4f29b124bf2ffba883e"
+node.default["gitea"]["version"] = "1.22.5"
+node.default["gitea"]["checksum"] = "ce2c7e4fff3c1e3ed59f5b5e00e3f2d301f012c34e329fccd564bc5129075460"
 node.default["gitea"]["working_directory"] = "/var/lib/gitea"
 node.default["gitea"]["port"] = 3000
 node.default["gitea"]["postgresql_host"] = "localhost:5432"

site-cookbooks/kosmos_gitea/templates/default/app.ini.erb

@@ -24,7 +24,6 @@ NAME    = gitea
 USER    = gitea
 PASSWD  = <%= @postgresql_password %>
 SSL_MODE = disable
-MAX_OPEN_CONNS = 20
 
 [repository]
 ROOT = <%= @repository_root_directory %>

site-cookbooks/kosmos_gitea/templates/default/nginx_conf_web.erb

@@ -16,7 +16,7 @@ server {
 
   add_header Strict-Transport-Security "max-age=31536000";
 
-  client_max_body_size 121M;
+  client_max_body_size 20M;
 
   location ~ ^/(avatars|repo-avatars)/.*$ {
     proxy_buffers 1024 8k;

site-cookbooks/kosmos_rsk/attributes/default.rb

@@ -1,4 +1,4 @@
-node.default['rskj']['version'] = '7.0.0~jammy'
+node.default['rskj']['version'] = '5.3.0~jammy'
 node.default['rskj']['network'] = 'testnet'
 
 node.default['rskj']['nginx']['domain'] = nil

site-cookbooks/kosmos_rsk/recipes/rskj.rb

@@ -19,8 +19,6 @@ apt_repository 'rskj' do
   key '5EED9995C84A49BC02D4F507DF10691F518C7BEA'
 end
 
-apt_package 'openjdk-17-jdk'
-
 apt_package 'rskj' do
   response_file 'rskj-preseed.cfg.erb'
   response_file_variables network: node['rskj']['network']

site-cookbooks/kosmos_rsk/test/integration/rskj/rskj_test.rb

@@ -9,7 +9,7 @@ end
 
 describe package('rskj') do
   it { should be_installed }
-  its('version') { should eq '7.0.0~jammy' }
+  its('version') { should eq '5.3.0~jammy' }
 end
 
 describe service('rsk') do

site-cookbooks/kosmos_strfry/attributes/default.rb

@@ -1,10 +1,2 @@
 node.default["strfry"]["ldap_search_dn"] = "ou=kosmos.org,cn=users,dc=kosmos,dc=org"
 node.default["strfry"]["extras_dir"] = "/opt/strfry"
-
-# node.default["substr"]["repo"] = "https://gitea.kosmos.org/kosmos/substr.git"
-# node.default["substr"]["revision"] = "master"
-node.default["substr"]["version"] = "nightly"
-node.default["substr"]["download_url"] = "https://gitea.kosmos.org/api/packages/kosmos/generic/substr/#{node["substr"]["version"]}/substr_x86_64-unknown-linux-gnu"
-node.default["substr"]["workdir"] = "/opt/substr"
-node.default["substr"]["port"] = 30023
-node.default["substr"]["relay_urls"] = ["ws://localhost:7777"]

site-cookbooks/kosmos_strfry/recipes/policies.rb

@@ -24,7 +24,7 @@ env = {
   ldap_bind_dn: ldap_credentials["service_dn"],
   ldap_password: ldap_credentials["service_password"],
   ldap_search_dn: node["strfry"]["ldap_search_dn"],
-  whitelist_pubkeys: node["strfry"]["known_pubkeys"].values.join(",")
+  whitelist_pubkeys: node["strfry"]["whitelist_pubkeys"].join(",")
 }
 
 template "#{extras_dir}/.env" do

site-cookbooks/kosmos_strfry/recipes/substr.rb

@@ -1,100 +0,0 @@
-#
-# Cookbook:: kosmos_strfry
-# Recipe:: substr
-#
-
-unless platform?("ubuntu")
-  raise "This recipe only supports Ubuntu installs at the moment"
-end
-
-apt_package "imagemagick"
-
-directory node["substr"]["workdir"] do
-  owner node["strfry"]["user"]
-  group node["strfry"]["group"]
-  mode "0755"
-end
-
-if node["substr"]["download_url"]
-  remote_file '/usr/local/bin/substr' do
-    source node["substr"]["download_url"]
-    checksum node["substr"]["checksum"]
-    mode '0755'
-    show_progress true
-    notifies :restart, "service[substr]", :delayed
-  end
-
-  exec_start = "/usr/local/bin/substr"
-else
-  # TODO Install Deno 2
-
-  git node["substr"]["workdir"] do
-    user node["strfry"]["user"]
-    group node["strfry"]["group"]
-    repository node['substr']['repo']
-    revision node['substr']['revision']
-    action :sync
-    notifies :restart, "service[substr]", :delayed
-  end
-
-  exec_start = "deno task server"
-end
-
-file "#{node["substr"]["workdir"]}/users.yaml" do
-  mode "0644"
-  owner node["strfry"]["user"]
-  group node["strfry"]["group"]
-  content node["strfry"]["known_pubkeys"].to_yaml
-  notifies :restart, "service[substr]", :delayed
-end
-
-ldap_credentials = Chef::EncryptedDataBagItem.load('credentials', 'dirsrv')
-
-env = {
-  port: node['substr']['port'],
-  base_url: "https://#{node["strfry"]["domain"]}",
-  relay_urls: node['substr']['relay_urls'].join(","),
-  ldap_url: 'ldap://ldap.kosmos.local:389', # requires "ldap_client" role
-  ldap_bind_dn: ldap_credentials["service_dn"],
-  ldap_password: ldap_credentials["service_password"],
-  ldap_search_dn: node["strfry"]["ldap_search_dn"],
-}
-
-template "#{node["substr"]["workdir"]}/.env" do
-  source 'env.erb'
-  owner node["strfry"]["user"]
-  group node["strfry"]["group"]
-  mode 0600
-  sensitive true
-  variables config: env
-  notifies :restart, "service[substr]", :delayed
-end
-
-systemd_unit "substr.service" do
-  content({
-    Unit: {
-      Description: "substr for nostr",
-      Documentation: ["https://gitea.kosmos.org/kosmos/substr"],
-    },
-    Service: {
-      Type: "simple",
-      User: node["strfry"]["user"],
-      WorkingDirectory: node["substr"]["workdir"],
-      ExecStart: exec_start,
-      Restart: "on-failure",
-      RestartSec: "5",
-      ProtectHome: "no",
-      NoNewPrivileges: "yes",
-      ProtectSystem: "full"
-    },
-    Install: {
-      WantedBy: "multi-user.target"
-    }
-  })
-  triggers_reload true
-  action :create
-end
-
-service "substr" do
-  action [:enable, :start]
-end

site-cookbooks/kosmos_strfry/templates/nginx_conf_strfry.erb

@@ -4,12 +4,6 @@ upstream _strfry {
 <% end %>
 }
 
-upstream _substr {
-<% @upstream_hosts.each do |host| %>
-  server <%= host %>:30023;
-<% end %>
-}
-
 server {
   server_name <%= @domain %>;
   listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
@@ -21,16 +15,6 @@ server {
   ssl_certificate     <%= @ssl_cert %>;
   ssl_certificate_key <%= @ssl_key %>;
 
-  location = /favicon.ico {
-    alias /var/www/assets.kosmos.org/site/img/favicon.ico;
-  }
-
-  location ~* ^/[@~n]|^/assets {
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_pass http://_substr;
-  }
-
   location / {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;

site-cookbooks/kosmos_website/templates/nginx_conf_website.erb

@@ -29,15 +29,11 @@ server {
   ssl_certificate     <%= @ssl_cert %>;
   ssl_certificate_key <%= @ssl_key %>;
 
-  location /.well-known/host-meta.json {
-    add_header 'Access-Control-Allow-Origin' '*';
-  }
-
 <% if @accounts_url %>
   location ~ ^/.well-known/(keysend|lnurlp|nostr|openpgpkey|webfinger) {
     proxy_ssl_server_name on;
     proxy_set_header X-Forwarded-Host $host;
-    proxy_pass <%= @accounts_url %>;
+    proxy_pass https://accounts.kosmos.org;
   }
 <% end %>
 }