kosmos/chef
8
3
Fork 0
Code Issues 32 Pull Requests 1 Projects 2 Activity

Compare commits

base: kosmos:3641ea7a60faf8e3b4c69077e45c2e7aa4ad2cbf
Branches Tags
kosmos:master kosmos:feature/blossom_server kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg
...
compare: kosmos:8c8e978ae96f570145a7470b84d545817a80d2dc
Branches Tags
kosmos:feature/blossom_server kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg

3 Commits
3641ea7a60 ... 8c8e978ae9

Author SHA1 Message Date
Râu Cao
8c8e978ae9 Update node configs 2022-12-24 00:58:31 +07:00
Râu Cao
3d7b4df376 Add rate limit config for lndhub-go 2022-12-24 00:58:11 +07:00
Râu Cao
b738dc1e80 Add nginx proxy hosts for Garage Web access 
The respective bucket needs to be configured with a domain alias. When a
new alias is added to the `s3_web_domains` config, a new nginx site can
then be deployed to the `nginx_proxy` hosts.
 2022-12-23 18:07:39 +07:00
8 changed files with 88 additions and 14 deletions
Expand all files Collapse all files

5
environments/production.json
View File

@@ -4,7 +4,10 @@
"garage": { "garage": {
"replication_mode": "2", "replication_mode": "2",
"s3_api_root_domain": ".s3.garage.kosmos.org", "s3_api_root_domain": ".s3.garage.kosmos.org",
"s3_web_root_domain": ".web.garage.kosmos.org" "s3_web_root_domain": ".web.garage.kosmos.org",
"s3_web_domains": [
"s3.kosmos.social"
]
}, },
"gitea": { "gitea": {
"postgresql_host": "pg.kosmos.local:5432", "postgresql_host": "pg.kosmos.local:5432",

10
nodes/bitcoin-2.json
View File

@@ -14,6 +14,10 @@
"roles": [ "roles": [
"base", "base",
"kvm_guest", "kvm_guest",
"bitcoind",
"cln",
"lnd",
"lndhub",
"postgresql_client", "postgresql_client",
"btcpay" "btcpay"
], ],
@@ -21,7 +25,6 @@
"kosmos-base", "kosmos-base",
"kosmos-base::default", "kosmos-base::default",
"kosmos_kvm::guest", "kosmos_kvm::guest",
"kosmos_postgresql::hostsfile",
"tor-full", "tor-full",
"tor-full::default", "tor-full::default",
"kosmos-bitcoin::source", "kosmos-bitcoin::source",
@@ -30,6 +33,7 @@
"kosmos-bitcoin::lnd-scb-s3", "kosmos-bitcoin::lnd-scb-s3",
"kosmos-bitcoin::boltz", "kosmos-bitcoin::boltz",
"kosmos-bitcoin::rtl", "kosmos-bitcoin::rtl",
"kosmos_postgresql::hostsfile",
"kosmos-bitcoin::lndhub", "kosmos-bitcoin::lndhub",
"kosmos-bitcoin::lndhub-go", "kosmos-bitcoin::lndhub-go",
"kosmos-bitcoin::dotnet", "kosmos-bitcoin::dotnet",
@@ -72,7 +76,6 @@
"redisio::disable_os_default", "redisio::disable_os_default",
"redisio::configure", "redisio::configure",
"redisio::enable", "redisio::enable",
"kosmos-base::letsencrypt",
"kosmos-nginx::default", "kosmos-nginx::default",
"nginx::default", "nginx::default",
"nginx::package", "nginx::package",
@@ -82,7 +85,8 @@
"nginx::commons_dir", "nginx::commons_dir",
"nginx::commons_script", "nginx::commons_script",
"nginx::commons_conf", "nginx::commons_conf",
"kosmos-nginx::firewall" "kosmos-nginx::firewall",
"kosmos-base::letsencrypt"
], ],
"platform": "ubuntu", "platform": "ubuntu",
"platform_version": "20.04", "platform_version": "20.04",

13
nodes/fornax.kosmos.org.json
View File

@@ -31,20 +31,21 @@
"kosmos_assets::nginx_site", "kosmos_assets::nginx_site",
"kosmos_discourse::nginx", "kosmos_discourse::nginx",
"kosmos_drone::nginx", "kosmos_drone::nginx",
"kosmos_garage",
"kosmos_garage::default",
"kosmos_garage::firewall_rpc",
"kosmos_garage::nginx_web",
"kosmos_gitea::nginx", "kosmos_gitea::nginx",
"kosmos_website", "kosmos_website",
"kosmos_website::default", "kosmos_website::default",
"kosmos-akkounts::nginx_api", "kosmos-akkounts::nginx_api",
"kosmos-bitcoin::nginx_lndhub",
"kosmos-ejabberd::nginx", "kosmos-ejabberd::nginx",
"kosmos-hubot::nginx_botka_irc-libera-chat", "kosmos-hubot::nginx_botka_irc-libera-chat",
"kosmos-hubot::nginx_hal8000_xmpp", "kosmos-hubot::nginx_hal8000_xmpp",
"kosmos-ipfs::nginx_public_gateway", "kosmos-ipfs::nginx_public_gateway",
"kosmos-mastodon::nginx", "kosmos-mastodon::nginx",
"remotestorage_discourse::nginx", "remotestorage_discourse::nginx",
"kosmos_garage",
"kosmos_garage::default",
"kosmos_garage::firewall_rpc",
"kosmos_garage::nginx_web",
"kosmos_zerotier::controller", "kosmos_zerotier::controller",
"kosmos_zerotier::firewall", "kosmos_zerotier::firewall",
"kosmos_zerotier::zncui", "kosmos_zerotier::zncui",
@@ -73,11 +74,11 @@
"nginx::commons_conf", "nginx::commons_conf",
"kosmos-nginx::firewall", "kosmos-nginx::firewall",
"discourse::nginx", "discourse::nginx",
"firewall::default",
"chef-sugar::default",
"git::default", "git::default",
"git::package", "git::package",
"kosmos-base::letsencrypt", "kosmos-base::letsencrypt",
"firewall::default",
"chef-sugar::default",
"fail2ban::default" "fail2ban::default"
], ],
"platform": "ubuntu", "platform": "ubuntu",

5
site-cookbooks/kosmos-bitcoin/attributes/default.rb
View File

@@ -80,13 +80,16 @@ node.default['lndhub']['port'] = '3023'
node.default['lndhub']['domain'] = 'lndhub.kosmos.org' node.default['lndhub']['domain'] = 'lndhub.kosmos.org'
node.default['lndhub-go']['repo'] = 'https://github.com/getAlby/lndhub.go.git' node.default['lndhub-go']['repo'] = 'https://github.com/getAlby/lndhub.go.git'
node.default['lndhub-go']['revision'] = '0.11.0' node.default['lndhub-go']['revision'] = '0.12.0'
node.default['lndhub-go']['source_dir'] = '/opt/lndhub-go' node.default['lndhub-go']['source_dir'] = '/opt/lndhub-go'
node.default['lndhub-go']['port'] = 3026 node.default['lndhub-go']['port'] = 3026
node.default['lndhub-go']['domain'] = 'lndhub.kosmos.org' node.default['lndhub-go']['domain'] = 'lndhub.kosmos.org'
node.default['lndhub-go']['postgres']['database'] = 'lndhub' node.default['lndhub-go']['postgres']['database'] = 'lndhub'
node.default['lndhub-go']['postgres']['user'] = 'lndhub' node.default['lndhub-go']['postgres']['user'] = 'lndhub'
node.default['lndhub-go']['postgres']['port'] = 5432 node.default['lndhub-go']['postgres']['port'] = 5432
node.default['lndhub-go']['default_rate_limit'] = 20
node.default['lndhub-go']['strict_rate_limit'] = 1
node.default['lndhub-go']['burst_rate_limit'] = 10
node.default['lndhub-go']['branding'] = { node.default['lndhub-go']['branding'] = {
'title' => 'LndHub - Kosmos Lightning', 'title' => 'LndHub - Kosmos Lightning',
'desc' => 'Kosmos accounts for the Lightning Network', 'desc' => 'Kosmos accounts for the Lightning Network',

3
site-cookbooks/kosmos-bitcoin/recipes/lndhub-go.rb
View File

@@ -54,6 +54,9 @@ template "#{source_dir}/.env" do
custom_name: node['lndhub-go']['domain'], custom_name: node['lndhub-go']['domain'],
port: node['lndhub-go']['port'], port: node['lndhub-go']['port'],
admin_token: credentials['admin_token'], admin_token: credentials['admin_token'],
default_rate_limit: node['lndhub-go']['default_rate_limit'],
strict_rate_limit: node['lndhub-go']['strict_rate_limit'],
burst_rate_limit: node['lndhub-go']['burst_rate_limit'],
branding: node['lndhub-go']['branding'] branding: node['lndhub-go']['branding']
} }
notifies :restart, 'service[lndhub-go]', :delayed notifies :restart, 'service[lndhub-go]', :delayed

3
site-cookbooks/kosmos_garage/attributes/default.rb
View File

@@ -1,5 +1,6 @@
node.default['garage']['version'] = '0.8.0' node.default['garage']['version'] = '0.8.0'
node.default['garage']['checksum']['amd64'] = '66dd2ea1f677281a43e10eb619523b1b269f8fde9047ce8caa70958f3b13ca74' node.default['garage']['checksum']['amd64'] = '66dd2ea1f677281a43e10eb619523b1b269f8fde9047ce8caa70958f3b13ca74'
node.default['garage']['replication_mode'] = 'none'
node.default['garage']['s3_api_port'] = 3900 node.default['garage']['s3_api_port'] = 3900
node.default['garage']['rpc_port'] = 3901 node.default['garage']['rpc_port'] = 3901
node.default['garage']['s3_web_port'] = 3902 node.default['garage']['s3_web_port'] = 3902
@@ -7,4 +8,4 @@ node.default['garage']['admin_port'] = 3903
node.default['garage']['k2v_api_port'] = 3904 node.default['garage']['k2v_api_port'] = 3904
node.default['garage']['s3_api_root_domain'] = '.s3.garage.localhost' node.default['garage']['s3_api_root_domain'] = '.s3.garage.localhost'
node.default['garage']['s3_web_root_domain'] = '.web.garage.localhost' node.default['garage']['s3_web_root_domain'] = '.web.garage.localhost'
node.default['garage']['replication_mode'] = 'none' node.default['garage']['s3_web_domains'] = []

26
site-cookbooks/kosmos_garage/recipes/nginx_web.rb Normal file
View File

@@ -0,0 +1,26 @@
#
# Cookbook Name:: kosmos_garage
# Recipe:: nginx_web
#
include_recipe "kosmos-nginx"
domains = node['garage']['s3_web_domains']
domains.each do |server_name|
nginx_certbot_site server_name
template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
source 'nginx_conf_web.erb'
owner 'www-data'
mode 0640
variables server_name: server_name,
ssl_cert: "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{server_name}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site server_name do
action :enable
end
end

33
site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb Normal file
View File

@@ -0,0 +1,33 @@
upstream garage_web {
server localhost:3902;
}
proxy_cache_path /var/cache/nginx/garage levels=1:2 keys_zone=garage_cache:10m
max_size=1g inactive=60m use_temp_path=off;
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name <%= @server_name %>;
access_log off;
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
error_page 401 403 404 500 /__empty-page.html;
location = /__empty-page.html {
internal;
return 200 "";
}
location / {
proxy_intercept_errors on;
proxy_cache garage_cache;
proxy_pass http://garage_web;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}