Update node configs

Add rate limit config for lndhub-go
Add nginx proxy hosts for Garage Web access
2022-12-24 00:58:31 +07:00 · 2022-12-24 00:58:11 +07:00 · 2022-12-23 18:07:39 +07:00
8 changed files with 88 additions and 14 deletions
--- a/environments/production.json
+++ b/environments/production.json
@@ -4,7 +4,10 @@
    "garage": {
      "replication_mode": "2",
      "s3_api_root_domain": ".s3.garage.kosmos.org",
-      "s3_web_root_domain": ".web.garage.kosmos.org"
+      "s3_web_root_domain": ".web.garage.kosmos.org",
+      "s3_web_domains": [
+        "s3.kosmos.social"
+      ]
    },
    "gitea": {
      "postgresql_host": "pg.kosmos.local:5432",
--- a/nodes/bitcoin-2.json
+++ b/nodes/bitcoin-2.json
@@ -14,6 +14,10 @@
    "roles": [
      "base",
      "kvm_guest",
+      "bitcoind",
+      "cln",
+      "lnd",
+      "lndhub",
      "postgresql_client",
      "btcpay"
    ],
@@ -21,7 +25,6 @@
      "kosmos-base",
      "kosmos-base::default",
      "kosmos_kvm::guest",
-      "kosmos_postgresql::hostsfile",
      "tor-full",
      "tor-full::default",
      "kosmos-bitcoin::source",
@@ -30,6 +33,7 @@
      "kosmos-bitcoin::lnd-scb-s3",
      "kosmos-bitcoin::boltz",
      "kosmos-bitcoin::rtl",
+      "kosmos_postgresql::hostsfile",
      "kosmos-bitcoin::lndhub",
      "kosmos-bitcoin::lndhub-go",
      "kosmos-bitcoin::dotnet",
@@ -72,7 +76,6 @@
      "redisio::disable_os_default",
      "redisio::configure",
      "redisio::enable",
-      "kosmos-base::letsencrypt",
      "kosmos-nginx::default",
      "nginx::default",
      "nginx::package",
@@ -82,7 +85,8 @@
      "nginx::commons_dir",
      "nginx::commons_script",
      "nginx::commons_conf",
-      "kosmos-nginx::firewall"
+      "kosmos-nginx::firewall",
+      "kosmos-base::letsencrypt"
    ],
    "platform": "ubuntu",
    "platform_version": "20.04",
--- a/nodes/fornax.kosmos.org.json
+++ b/nodes/fornax.kosmos.org.json
@@ -31,20 +31,21 @@
      "kosmos_assets::nginx_site",
      "kosmos_discourse::nginx",
      "kosmos_drone::nginx",
+      "kosmos_garage",
+      "kosmos_garage::default",
+      "kosmos_garage::firewall_rpc",
+      "kosmos_garage::nginx_web",
      "kosmos_gitea::nginx",
      "kosmos_website",
      "kosmos_website::default",
      "kosmos-akkounts::nginx_api",
+      "kosmos-bitcoin::nginx_lndhub",
      "kosmos-ejabberd::nginx",
      "kosmos-hubot::nginx_botka_irc-libera-chat",
      "kosmos-hubot::nginx_hal8000_xmpp",
      "kosmos-ipfs::nginx_public_gateway",
      "kosmos-mastodon::nginx",
      "remotestorage_discourse::nginx",
-      "kosmos_garage",
-      "kosmos_garage::default",
-      "kosmos_garage::firewall_rpc",
-      "kosmos_garage::nginx_web",
      "kosmos_zerotier::controller",
      "kosmos_zerotier::firewall",
      "kosmos_zerotier::zncui",
@@ -73,11 +74,11 @@
      "nginx::commons_conf",
      "kosmos-nginx::firewall",
      "discourse::nginx",
+      "firewall::default",
+      "chef-sugar::default",
      "git::default",
      "git::package",
      "kosmos-base::letsencrypt",
-      "firewall::default",
-      "chef-sugar::default",
      "fail2ban::default"
    ],
    "platform": "ubuntu",
--- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb
+++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb
@@ -80,13 +80,16 @@ node.default['lndhub']['port'] = '3023'
 node.default['lndhub']['domain'] = 'lndhub.kosmos.org'

 node.default['lndhub-go']['repo'] = 'https://github.com/getAlby/lndhub.go.git'
-node.default['lndhub-go']['revision'] = '0.11.0'
+node.default['lndhub-go']['revision'] = '0.12.0'
 node.default['lndhub-go']['source_dir'] = '/opt/lndhub-go'
 node.default['lndhub-go']['port'] = 3026
 node.default['lndhub-go']['domain'] = 'lndhub.kosmos.org'
 node.default['lndhub-go']['postgres']['database'] = 'lndhub'
 node.default['lndhub-go']['postgres']['user'] = 'lndhub'
 node.default['lndhub-go']['postgres']['port'] = 5432
+node.default['lndhub-go']['default_rate_limit'] = 20
+node.default['lndhub-go']['strict_rate_limit'] =  1
+node.default['lndhub-go']['burst_rate_limit'] =  10
 node.default['lndhub-go']['branding'] = {
  'title' => 'LndHub - Kosmos Lightning',
  'desc' => 'Kosmos accounts for the Lightning Network',
--- a/site-cookbooks/kosmos-bitcoin/recipes/lndhub-go.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/lndhub-go.rb
@@ -54,6 +54,9 @@ template "#{source_dir}/.env" do
    custom_name: node['lndhub-go']['domain'],
    port: node['lndhub-go']['port'],
    admin_token: credentials['admin_token'],
+    default_rate_limit: node['lndhub-go']['default_rate_limit'],
+    strict_rate_limit: node['lndhub-go']['strict_rate_limit'],
+    burst_rate_limit: node['lndhub-go']['burst_rate_limit'],
    branding: node['lndhub-go']['branding']
  }
  notifies :restart, 'service[lndhub-go]', :delayed
--- a/site-cookbooks/kosmos_garage/attributes/default.rb
+++ b/site-cookbooks/kosmos_garage/attributes/default.rb
@@ -1,5 +1,6 @@
 node.default['garage']['version']            = '0.8.0'
 node.default['garage']['checksum']['amd64']  = '66dd2ea1f677281a43e10eb619523b1b269f8fde9047ce8caa70958f3b13ca74'
+node.default['garage']['replication_mode']   = 'none'
 node.default['garage']['s3_api_port']        = 3900
 node.default['garage']['rpc_port']           = 3901
 node.default['garage']['s3_web_port']        = 3902
@@ -7,4 +8,4 @@ node.default['garage']['admin_port']         = 3903
 node.default['garage']['k2v_api_port']       = 3904
 node.default['garage']['s3_api_root_domain'] = '.s3.garage.localhost'
 node.default['garage']['s3_web_root_domain'] = '.web.garage.localhost'
-node.default['garage']['replication_mode']   = 'none'
+node.default['garage']['s3_web_domains']     = []
--- a/site-cookbooks/kosmos_garage/recipes/nginx_web.rb
+++ b/site-cookbooks/kosmos_garage/recipes/nginx_web.rb
@@ -0,0 +1,26 @@
+#
+# Cookbook Name:: kosmos_garage
+# Recipe:: nginx_web
+#
+
+include_recipe "kosmos-nginx"
+
+domains = node['garage']['s3_web_domains']
+
+domains.each do |server_name|
+  nginx_certbot_site server_name
+
+  template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
+    source 'nginx_conf_web.erb'
+    owner 'www-data'
+    mode 0640
+    variables server_name:         server_name,
+              ssl_cert:            "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
+              ssl_key:             "/etc/letsencrypt/live/#{server_name}/privkey.pem"
+    notifies :reload, 'service[nginx]', :delayed
+  end
+
+  nginx_site server_name do
+    action :enable
+  end
+end
--- a/site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb
+++ b/site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb
@@ -0,0 +1,33 @@
+upstream garage_web {
+  server localhost:3902;
+}
+
+proxy_cache_path /var/cache/nginx/garage levels=1:2 keys_zone=garage_cache:10m
+                 max_size=1g inactive=60m use_temp_path=off;
+
+server {
+  listen 443 http2 ssl;
+  listen [::]:443 http2 ssl;
+
+  server_name <%= @server_name %>;
+
+  access_log off;
+
+  ssl_certificate     <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+
+  error_page 401 403 404 500 /__empty-page.html;
+
+  location = /__empty-page.html {
+    internal;
+    return 200 "";
+  }
+
+  location / {
+    proxy_intercept_errors on;
+    proxy_cache garage_cache;
+    proxy_pass http://garage_web;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $host;
+  }
+}
Author	SHA1	Message	Date
Râu Cao	8c8e978ae9	Update node configs	2022-12-24 00:58:31 +07:00
Râu Cao	3d7b4df376	Add rate limit config for lndhub-go	2022-12-24 00:58:11 +07:00
Râu Cao	b738dc1e80	Add nginx proxy hosts for Garage Web access The respective bucket needs to be configured with a domain alias. When a new alias is added to the `s3_web_domains` config, a new nginx site can then be deployed to the `nginx_proxy` hosts.	2022-12-23 18:07:39 +07:00