Compare commits
159 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
f2ebda4a1a
|
|||
|
67f62ebd6c
|
|||
|
7dc4895da3
|
|||
|
153b1e77c5
|
|||
|
ea69c7cec6
|
|||
|
5813a45987
|
|||
|
63534e1cf5
|
|||
|
2d835335b5
|
|||
|
e21797b402
|
|||
|
7396af5ca4
|
|||
|
df8c8d1742
|
|||
| 765d0b080e | |||
| 4cd6c41254 | |||
|
ec73dd5b57
|
|||
|
850db344b7
|
|||
|
99e8259696
|
|||
| 7810f9f373 | |||
| c167c1861f | |||
|
96bab62af1
|
|||
|
2169e7904c
|
|||
|
5a4905aa97
|
|||
|
21e31440a7
|
|||
|
894ae3f77e
|
|||
|
8afe2ad05d
|
|||
|
ef6e4e3319
|
|||
|
f8ce544452
|
|||
|
36e9ea8a01
|
|||
|
2c2780a9f0
|
|||
|
6bcdd3f4d6
|
|||
|
abc3f7a0cd
|
|||
|
6d35c0a415
|
|||
|
be0d7105d3
|
|||
|
b24a6107d2
|
|||
|
1f7a1d0909
|
|||
|
ba361ad09f
|
|||
|
94be0a3543
|
|||
| 29fb3ae9c9 | |||
| 3a1c3e20b8 | |||
| d7782ba41e | |||
|
a3be57afbc
|
|||
|
22d459b558
|
|||
|
5ed5af6d50
|
|||
|
9bf21e8317
|
|||
|
aaed9a56d1
|
|||
|
41e6b29b97
|
|||
|
f0314e0b99
|
|||
|
ac4fb0c9ca
|
|||
|
d5e3d62522
|
|||
|
061880536b
|
|||
|
9de37cde96
|
|||
|
64d5d34d85
|
|||
|
db9177c9c6
|
|||
|
c92f9157a5
|
|||
|
a89db454d0
|
|||
|
fddcd4899e
|
|||
|
8e11df4544
|
|||
|
0020677ab2
|
|||
|
09412f69e8
|
|||
|
bc3f291bd2
|
|||
|
6583cd7010
|
|||
|
290af8177a
|
|||
|
2cb5540a7b
|
|||
|
002ad2ca62
|
|||
|
7710231fc4
|
|||
| d68deb96e9 | |||
|
01cdd000cb
|
|||
|
ea8e2de70a
|
|||
|
8ad3674c4d
|
|||
|
25192ad3ce
|
|||
|
55b6e24f1e
|
|||
|
a23c7d536a
|
|||
|
d492cd18cc
|
|||
|
161b78be97
|
|||
|
6e83384da5
|
|||
|
be8278fbdc
|
|||
| ff3f05452f | |||
| 1fb66092fc | |||
| 81691f7e21 | |||
| e9dff82628 | |||
|
0933e9caa0
|
|||
| 9f862a89cc | |||
|
039dbdf091
|
|||
|
e3559119be
|
|||
|
16f95170ef
|
|||
| 36f5903271 | |||
|
fd9636441b
|
|||
|
aade479e5b
|
|||
| a3bb927f95 | |||
| 5b53635f1a | |||
|
ea087b1e3e
|
|||
| 9817589a92 | |||
|
d632cafd9c
|
|||
| 87b03d3936 | |||
|
ae3df992e4
|
|||
|
2ea5b30224
|
|||
| 4ef06cb4b7 | |||
|
73e8a2c413
|
|||
|
ea4713c654
|
|||
|
dde29c4a6c
|
|||
|
03f1d16998
|
|||
|
6534086df2
|
|||
| dbf0e50abf | |||
| a828d92185 | |||
| 0fe6d0bd06 | |||
| 9712697569 | |||
| d32f276b42 | |||
| cc40c0db19 | |||
|
41339c1040
|
|||
| 0cae8dca69 | |||
| 78e5f810b7 | |||
| 443910c7a2 | |||
| 8052c67d23 | |||
| cd269dca03 | |||
| 7e47c879a1 | |||
| 2b49cb1b2b | |||
| 89fa3ede9e | |||
| efb032fffa | |||
| 68df49037c | |||
|
364adec80f
|
|||
|
092a2edb3c
|
|||
|
63d0b68c36
|
|||
|
3adb2a1aee
|
|||
|
9cff1fb68b
|
|||
| 773950b9a5 | |||
| f39a1ed250 | |||
| 3c51ff261e | |||
|
0c62ff6c84
|
|||
|
2c3b381755
|
|||
|
3492bec627
|
|||
|
00f4c8bd31
|
|||
|
301596500d
|
|||
|
8a2bfb6b18
|
|||
|
846bf3483a
|
|||
| e3ef1dc3b3 | |||
|
2089999cc8
|
|||
|
a4aa29de0c
|
|||
| 98be234a4f | |||
| 7dc4f674a0 | |||
| 49b636305e | |||
| 3e2ee30334 | |||
| d00072ee5a | |||
|
14687558fe
|
|||
|
de7cc69505
|
|||
| b01315f998 | |||
|
160134bd86
|
|||
| 766030d716 | |||
|
3c436bb9f1
|
|||
|
d029d90214
|
|||
|
f8e5fd2f3e
|
|||
|
cab766c806
|
|||
|
5777a45f0a
|
|||
|
f23c37312e
|
|||
| cf1ef4f2f4 | |||
|
f65256d229
|
|||
|
2cc0ee5b8a
|
|||
|
10e8ba5569
|
|||
| 6c35a20b89 | |||
|
e3d9a50f09
|
|||
|
c4652ca2eb
|
@@ -10,3 +10,6 @@
|
|||||||
[submodule "site-cookbooks/deno"]
|
[submodule "site-cookbooks/deno"]
|
||||||
path = site-cookbooks/deno
|
path = site-cookbooks/deno
|
||||||
url = git@gitea.kosmos.org:kosmos/deno-cookbook.git
|
url = git@gitea.kosmos.org:kosmos/deno-cookbook.git
|
||||||
|
[submodule "site-cookbooks/blossom"]
|
||||||
|
path = site-cookbooks/blossom
|
||||||
|
url = git@gitea.kosmos.org:kosmos/blossom-cookbook.git
|
||||||
|
|||||||
@@ -0,0 +1,41 @@
|
|||||||
|
# AGENTS.md
|
||||||
|
|
||||||
|
Welcome, AI Agent! This file contains essential context and rules for interacting with the Kosmos Chef repository. Read this carefully before planning or executing any changes.
|
||||||
|
|
||||||
|
## 🏢 Project Overview
|
||||||
|
This repository contains the infrastructure automation code used by Kosmos to provision and configure bare metal servers (KVM hosts) and Ubuntu virtual machines (KVM guests).
|
||||||
|
|
||||||
|
We use **Chef Infra**, managed locally via **Knife Zero** (agentless Chef), and **Berkshelf** for dependency management.
|
||||||
|
|
||||||
|
## 📂 Directory Structure & Rules
|
||||||
|
|
||||||
|
* **`site-cookbooks/`**: 🟢 **EDITABLE.** This directory contains all custom, internal cookbooks written specifically for Kosmos services (e.g., `kosmos-postgresql`, `kosmos_gitea`, `kosmos-mastodon`). *Active development happens here.*
|
||||||
|
* **`cookbooks/`**: 🔴 **DO NOT EDIT.** This directory contains third-party/community cookbooks that are vendored. These are managed by Berkshelf. Modifying them directly will result in lost changes.
|
||||||
|
* **`roles/`**: 🟢 **EDITABLE.** Contains Chef roles written in Ruby (e.g., `base.rb`, `kvm_guest.rb`, `postgresql_primary.rb`). These define run-lists and role-specific default attributes for servers.
|
||||||
|
* **`environments/`**: Contains Chef environment definitions (like `production.rb`).
|
||||||
|
* **`data_bags/`**: Contains data bag configurations, often encrypted. Be cautious and do not expose secrets. (Note: Agents should not manage data bag secrets directly unless provided the `.chef/encrypted_data_bag_secret`).
|
||||||
|
* **`nodes/`**: Contains JSON state files for bootstrapped nodes. *Agents typically do not edit these directly unless cleaning up a deleted node.*
|
||||||
|
* **`Berksfile`**: Defines community cookbook dependencies.
|
||||||
|
* **`Vagrantfile` / `.kitchen/`**: Used for local virtualization and integration testing.
|
||||||
|
|
||||||
|
## 🛠️ Tooling & Workflows
|
||||||
|
|
||||||
|
1. **Dependency Management (Berkshelf)**
|
||||||
|
If a new community cookbook is required:
|
||||||
|
- Add it to the `Berksfile` at the root.
|
||||||
|
- Instruct the user to run `berks install` and `berks vendor cookbooks/ --delete` (or run it via the `bash` tool if permitted).
|
||||||
|
|
||||||
|
2. **Provisioning (Knife Zero)**
|
||||||
|
- Bootstrapping and converging nodes is done using `knife zero`.
|
||||||
|
- *Example:* `knife zero converge name:server-name.kosmos.org`
|
||||||
|
|
||||||
|
3. **Code Style & Conventions**
|
||||||
|
- Chef recipes, resources, and roles are written in **Ruby**.
|
||||||
|
- Follow standard Chef and Ruby (RuboCop) idioms. Look at neighboring files in `site-cookbooks/` or `roles/` to match formatting and naming conventions.
|
||||||
|
|
||||||
|
## 🚨 Core Directives for AI Agents
|
||||||
|
|
||||||
|
1. **Infrastructure as Code**: Manual server configurations are highly discouraged. All changes must be codified in a cookbook or role.
|
||||||
|
2. **Test Safety Nets**: Look for `.kitchen.yml` within specific `site-cookbooks/<name>` to understand if local integration tests are available.
|
||||||
|
3. **No Assumptions**: Do not assume standard test commands. Check `README.md` and repository config files first.
|
||||||
|
4. **Secret Handling**: Avoid hardcoding passwords or API keys in recipes or roles. Assume sensitive information is managed via Chef `data_bags`.
|
||||||
@@ -13,6 +13,9 @@ cookbook 'ipfs',
|
|||||||
cookbook 'mediawiki',
|
cookbook 'mediawiki',
|
||||||
git: 'https://github.com/67P/mediawiki-cookbook.git',
|
git: 'https://github.com/67P/mediawiki-cookbook.git',
|
||||||
ref: 'nginx'
|
ref: 'nginx'
|
||||||
|
cookbook 'postfix',
|
||||||
|
git: 'https://gitea.kosmos.org/kosmos/postfix-cookbook.git',
|
||||||
|
ref: 'bugfix/sasl_attributes'
|
||||||
|
|
||||||
cookbook 'apache2', '= 3.3.0'
|
cookbook 'apache2', '= 3.3.0'
|
||||||
cookbook 'apt', '~> 7.3.0'
|
cookbook 'apt', '~> 7.3.0'
|
||||||
@@ -21,6 +24,7 @@ cookbook 'composer', '~> 2.7.0'
|
|||||||
cookbook 'fail2ban', '~> 7.0.4'
|
cookbook 'fail2ban', '~> 7.0.4'
|
||||||
cookbook 'git', '~> 10.0.0'
|
cookbook 'git', '~> 10.0.0'
|
||||||
cookbook 'golang', '~> 5.3.1'
|
cookbook 'golang', '~> 5.3.1'
|
||||||
|
cookbook 'homebrew', '>= 6.0.0'
|
||||||
cookbook 'hostname', '= 0.4.2'
|
cookbook 'hostname', '= 0.4.2'
|
||||||
cookbook 'hostsfile', '~> 3.0.1'
|
cookbook 'hostsfile', '~> 3.0.1'
|
||||||
cookbook 'java', '~> 4.3.0'
|
cookbook 'java', '~> 4.3.0'
|
||||||
@@ -32,7 +36,6 @@ cookbook 'ntp', '= 3.4.0'
|
|||||||
cookbook 'ohai', '~> 5.2.5'
|
cookbook 'ohai', '~> 5.2.5'
|
||||||
cookbook 'openssl', '~> 8.5.5'
|
cookbook 'openssl', '~> 8.5.5'
|
||||||
cookbook 'php', '~> 8.0.0'
|
cookbook 'php', '~> 8.0.0'
|
||||||
cookbook 'postfix', '~> 6.0.26'
|
|
||||||
cookbook 'timezone_iii', '= 1.0.4'
|
cookbook 'timezone_iii', '= 1.0.4'
|
||||||
cookbook 'ulimit', '~> 1.0.0'
|
cookbook 'ulimit', '~> 1.0.0'
|
||||||
cookbook 'users', '~> 5.3.1'
|
cookbook 'users', '~> 5.3.1'
|
||||||
|
|||||||
+7
-3
@@ -8,6 +8,7 @@ DEPENDENCIES
|
|||||||
firewall (~> 6.2.16)
|
firewall (~> 6.2.16)
|
||||||
git (~> 10.0.0)
|
git (~> 10.0.0)
|
||||||
golang (~> 5.3.1)
|
golang (~> 5.3.1)
|
||||||
|
homebrew (>= 6.0.0)
|
||||||
hostname (= 0.4.2)
|
hostname (= 0.4.2)
|
||||||
hostsfile (~> 3.0.1)
|
hostsfile (~> 3.0.1)
|
||||||
ipfs
|
ipfs
|
||||||
@@ -28,7 +29,10 @@ DEPENDENCIES
|
|||||||
ohai (~> 5.2.5)
|
ohai (~> 5.2.5)
|
||||||
openssl (~> 8.5.5)
|
openssl (~> 8.5.5)
|
||||||
php (~> 8.0.0)
|
php (~> 8.0.0)
|
||||||
postfix (~> 6.0.26)
|
postfix
|
||||||
|
git: https://gitea.kosmos.org/kosmos/postfix-cookbook.git
|
||||||
|
revision: dd6598572a775ae73f17527260ec8097b52d385b
|
||||||
|
ref: bugfix/
|
||||||
redisio (~> 6.4.1)
|
redisio (~> 6.4.1)
|
||||||
ruby_build (~> 2.5.0)
|
ruby_build (~> 2.5.0)
|
||||||
timezone_iii (= 1.0.4)
|
timezone_iii (= 1.0.4)
|
||||||
@@ -59,7 +63,7 @@ GRAPH
|
|||||||
git (10.0.0)
|
git (10.0.0)
|
||||||
golang (5.3.1)
|
golang (5.3.1)
|
||||||
ark (>= 6.0)
|
ark (>= 6.0)
|
||||||
homebrew (5.4.1)
|
homebrew (6.0.2)
|
||||||
hostname (0.4.2)
|
hostname (0.4.2)
|
||||||
hostsfile (>= 0.0.0)
|
hostsfile (>= 0.0.0)
|
||||||
hostsfile (3.0.1)
|
hostsfile (3.0.1)
|
||||||
@@ -90,7 +94,7 @@ GRAPH
|
|||||||
openssl (8.5.5)
|
openssl (8.5.5)
|
||||||
php (8.0.1)
|
php (8.0.1)
|
||||||
yum-epel (>= 0.0.0)
|
yum-epel (>= 0.0.0)
|
||||||
postfix (6.0.26)
|
postfix (6.4.1)
|
||||||
redisio (6.4.1)
|
redisio (6.4.1)
|
||||||
selinux (>= 0.0.0)
|
selinux (>= 0.0.0)
|
||||||
ruby_build (2.5.0)
|
ruby_build (2.5.0)
|
||||||
|
|||||||
@@ -1,3 +1,3 @@
|
|||||||
source 'https://rubygems.org'
|
source 'https://rubygems.org'
|
||||||
|
|
||||||
gem 'knife-zero', '>= 2.4.2'
|
gem 'knife-zero', '~> 2.6.0'
|
||||||
|
|||||||
+306
-182
@@ -1,264 +1,399 @@
|
|||||||
GEM
|
GEM
|
||||||
remote: https://rubygems.org/
|
remote: https://rubygems.org/
|
||||||
specs:
|
specs:
|
||||||
addressable (2.8.0)
|
abbrev (0.1.2)
|
||||||
public_suffix (>= 2.0.2, < 5.0)
|
addressable (2.9.0)
|
||||||
aws-eventstream (1.2.0)
|
public_suffix (>= 2.0.2, < 8.0)
|
||||||
aws-partitions (1.551.0)
|
ast (2.4.3)
|
||||||
aws-sdk-core (3.125.6)
|
aws-eventstream (1.4.0)
|
||||||
aws-eventstream (~> 1, >= 1.0.2)
|
aws-partitions (1.1263.0)
|
||||||
aws-partitions (~> 1, >= 1.525.0)
|
aws-sdk-core (3.252.0)
|
||||||
aws-sigv4 (~> 1.1)
|
aws-eventstream (~> 1, >= 1.3.0)
|
||||||
jmespath (~> 1.0)
|
aws-partitions (~> 1, >= 1.992.0)
|
||||||
aws-sdk-kms (1.53.0)
|
aws-sigv4 (~> 1.9)
|
||||||
aws-sdk-core (~> 3, >= 3.125.0)
|
base64
|
||||||
aws-sigv4 (~> 1.1)
|
bigdecimal
|
||||||
aws-sdk-s3 (1.111.3)
|
jmespath (~> 1, >= 1.6.1)
|
||||||
aws-sdk-core (~> 3, >= 3.125.0)
|
logger
|
||||||
|
aws-sdk-kms (1.129.0)
|
||||||
|
aws-sdk-core (~> 3, >= 3.248.0)
|
||||||
|
aws-sigv4 (~> 1.5)
|
||||||
|
aws-sdk-s3 (1.226.0)
|
||||||
|
aws-sdk-core (~> 3, >= 3.248.0)
|
||||||
aws-sdk-kms (~> 1)
|
aws-sdk-kms (~> 1)
|
||||||
aws-sigv4 (~> 1.4)
|
aws-sigv4 (~> 1.5)
|
||||||
aws-sdk-secretsmanager (1.56.0)
|
aws-sdk-secretsmanager (1.133.0)
|
||||||
aws-sdk-core (~> 3, >= 3.125.0)
|
aws-sdk-core (~> 3, >= 3.248.0)
|
||||||
aws-sigv4 (~> 1.1)
|
aws-sigv4 (~> 1.5)
|
||||||
aws-sigv4 (1.4.0)
|
aws-sigv4 (1.12.1)
|
||||||
aws-eventstream (~> 1, >= 1.0.2)
|
aws-eventstream (~> 1, >= 1.0.2)
|
||||||
bcrypt_pbkdf (1.1.0)
|
base64 (0.3.0)
|
||||||
builder (3.2.4)
|
bcrypt_pbkdf (1.1.2)
|
||||||
chef (17.9.42)
|
bcrypt_pbkdf (1.1.2-arm64-darwin)
|
||||||
|
bcrypt_pbkdf (1.1.2-x86_64-darwin)
|
||||||
|
benchmark (0.5.0)
|
||||||
|
bigdecimal (4.1.2)
|
||||||
|
builder (3.3.0)
|
||||||
|
chef (19.3.15)
|
||||||
addressable
|
addressable
|
||||||
aws-sdk-s3 (~> 1.91)
|
aws-sdk-s3 (~> 1.91)
|
||||||
aws-sdk-secretsmanager (~> 1.46)
|
aws-sdk-secretsmanager (~> 1.46)
|
||||||
chef-config (= 17.9.42)
|
bcrypt_pbkdf (~> 1.0)
|
||||||
chef-utils (= 17.9.42)
|
chef-config (= 19.3.15)
|
||||||
|
chef-licensing (~> 1.3)
|
||||||
|
chef-utils (= 19.3.15)
|
||||||
chef-vault
|
chef-vault
|
||||||
chef-zero (>= 14.0.11)
|
chef-zero (~> 15.1.0)
|
||||||
corefoundation (~> 0.3.4)
|
corefoundation (~> 0.3.4)
|
||||||
diff-lcs (>= 1.2.4, < 1.4.0)
|
csv (~> 3.3.5)
|
||||||
|
diff-lcs (~> 1.6.0)
|
||||||
|
ed25519 (~> 1.2)
|
||||||
erubis (~> 2.7)
|
erubis (~> 2.7)
|
||||||
ffi (>= 1.5.0)
|
ffi (>= 1.15.5, < 1.18.0)
|
||||||
ffi-libarchive (~> 1.0, >= 1.0.3)
|
ffi-libarchive (~> 1.0, >= 1.0.3)
|
||||||
ffi-yajl (~> 2.2)
|
ffi-yajl (>= 2.2, < 4.0)
|
||||||
iniparse (~> 1.4)
|
iniparse (~> 1.4)
|
||||||
inspec-core (~> 4.23)
|
inspec-core (~> 7.0.107)
|
||||||
license-acceptance (>= 1.0.5, < 3)
|
license-acceptance (>= 1.0.5, < 3)
|
||||||
mixlib-archive (>= 0.4, < 2.0)
|
mixlib-archive (>= 0.4, < 2.0)
|
||||||
mixlib-authentication (>= 2.1, < 4)
|
mixlib-authentication (>= 2.1, < 4)
|
||||||
mixlib-cli (>= 2.1.1, < 3.0)
|
mixlib-cli (>= 2.1.1, < 3.0)
|
||||||
mixlib-log (>= 2.0.3, < 4.0)
|
mixlib-log (>= 2.0.3, < 4.0)
|
||||||
mixlib-shellout (>= 3.1.1, < 4.0)
|
mixlib-shellout (>= 3.3.8, < 3.5.0)
|
||||||
net-sftp (>= 2.1.2, < 4.0)
|
net-ftp
|
||||||
ohai (~> 17.0)
|
net-sftp (>= 2.1.2, < 5.0)
|
||||||
|
ohai (~> 19.0)
|
||||||
plist (~> 3.2)
|
plist (~> 3.2)
|
||||||
proxifier (~> 1.0)
|
proxifier2 (~> 1.1)
|
||||||
|
syslog
|
||||||
syslog-logger (~> 1.6)
|
syslog-logger (~> 1.6)
|
||||||
train-core (~> 3.2, >= 3.2.28)
|
train-core (~> 3.13, >= 3.13.4)
|
||||||
train-winrm (>= 0.2.5)
|
train-rest (>= 0.4.1)
|
||||||
uuidtools (>= 2.1.5, < 3.0)
|
train-winrm (>= 0.2.17)
|
||||||
vault (~> 0.16)
|
unf_ext (~> 0.0.9.1)
|
||||||
chef-config (17.9.42)
|
uri (>= 1.0.4, < 1.2.0)
|
||||||
|
vault (>= 0.18.2, < 0.21.0)
|
||||||
|
chef-config (19.3.15)
|
||||||
addressable
|
addressable
|
||||||
chef-utils (= 17.9.42)
|
chef-utils (= 19.3.15)
|
||||||
fuzzyurl
|
fuzzyurl
|
||||||
mixlib-config (>= 2.2.12, < 4.0)
|
mixlib-config (>= 2.2.12, < 4.0)
|
||||||
mixlib-shellout (>= 2.0, < 4.0)
|
mixlib-shellout (>= 2.0, < 4.0)
|
||||||
tomlrb (~> 1.2)
|
racc
|
||||||
|
tomlrb (>= 1.2, < 3.0)
|
||||||
|
chef-gyoku (1.5.0)
|
||||||
|
builder (>= 2.1.2)
|
||||||
|
rexml (~> 3.4)
|
||||||
|
chef-licensing (1.4.1)
|
||||||
|
chef-config (>= 15)
|
||||||
|
faraday (>= 1, < 3)
|
||||||
|
faraday-http-cache
|
||||||
|
mixlib-log (~> 3.0)
|
||||||
|
ostruct (~> 0.6.0)
|
||||||
|
pstore (~> 0.1.1)
|
||||||
|
tty-prompt (~> 0.23)
|
||||||
|
tty-spinner (~> 0.9.3)
|
||||||
chef-telemetry (1.1.1)
|
chef-telemetry (1.1.1)
|
||||||
chef-config
|
chef-config
|
||||||
concurrent-ruby (~> 1.0)
|
concurrent-ruby (~> 1.0)
|
||||||
chef-utils (17.9.42)
|
chef-utils (19.3.15)
|
||||||
concurrent-ruby
|
concurrent-ruby
|
||||||
chef-vault (4.1.5)
|
chef-vault (4.2.12)
|
||||||
chef-zero (15.0.11)
|
syslog (~> 0.3)
|
||||||
ffi-yajl (~> 2.2)
|
chef-winrm (2.5.0)
|
||||||
hashie (>= 2.0, < 5.0)
|
builder (>= 2.1.2)
|
||||||
|
chef-gyoku (~> 1.5)
|
||||||
|
erubi (~> 1.8)
|
||||||
|
gssapi (~> 1.2)
|
||||||
|
httpclient (~> 2.2, >= 2.2.0.2)
|
||||||
|
logging (>= 1.6.1, < 3.0)
|
||||||
|
nori (~> 2.7)
|
||||||
|
rexml (>= 3.4.2, < 4.0)
|
||||||
|
rubyntlm (~> 0.6.0, >= 0.6.3)
|
||||||
|
chef-winrm-elevated (1.2.5)
|
||||||
|
chef-winrm (>= 2.3.11)
|
||||||
|
chef-winrm-fs (>= 1.3.7)
|
||||||
|
erubi (~> 1.8)
|
||||||
|
chef-winrm-fs (1.4.2)
|
||||||
|
benchmark (~> 0.5.0)
|
||||||
|
chef-winrm (~> 2.4)
|
||||||
|
csv (~> 3.3)
|
||||||
|
erubi (>= 1.7)
|
||||||
|
logging (>= 1.6.1, < 3.0)
|
||||||
|
rubyzip (~> 2.0)
|
||||||
|
chef-zero (15.1.11)
|
||||||
|
ffi-yajl (>= 2.2, < 4.0)
|
||||||
|
hashie (>= 2.0, < 6.0)
|
||||||
mixlib-log (>= 2.0, < 4.0)
|
mixlib-log (>= 2.0, < 4.0)
|
||||||
rack (~> 2.0, >= 2.0.6)
|
rack (~> 3.2, >= 3.2.6)
|
||||||
uuidtools (~> 2.1)
|
rackup (~> 2.3, >= 2.3.1)
|
||||||
|
uuidtools (>= 2.1, < 4.0)
|
||||||
webrick
|
webrick
|
||||||
coderay (1.1.3)
|
coderay (1.1.3)
|
||||||
concurrent-ruby (1.1.9)
|
concurrent-ruby (1.3.7)
|
||||||
corefoundation (0.3.10)
|
connection_pool (2.5.5)
|
||||||
|
cookstyle (8.7.6)
|
||||||
|
rubocop (= 1.86.1)
|
||||||
|
corefoundation (0.3.19)
|
||||||
ffi (>= 1.15.0)
|
ffi (>= 1.15.0)
|
||||||
diff-lcs (1.3)
|
csv (3.3.5)
|
||||||
erubi (1.10.0)
|
date (3.5.1)
|
||||||
|
diff-lcs (1.6.2)
|
||||||
|
domain_name (0.6.20240107)
|
||||||
|
ed25519 (1.4.0)
|
||||||
|
erubi (1.13.1)
|
||||||
erubis (2.7.0)
|
erubis (2.7.0)
|
||||||
faraday (1.4.3)
|
faraday (2.14.3)
|
||||||
faraday-em_http (~> 1.0)
|
faraday-net_http (>= 2.0, < 3.5)
|
||||||
faraday-em_synchrony (~> 1.0)
|
json
|
||||||
faraday-excon (~> 1.1)
|
logger
|
||||||
faraday-net_http (~> 1.0)
|
faraday-follow_redirects (0.5.0)
|
||||||
faraday-net_http_persistent (~> 1.1)
|
faraday (>= 1, < 3)
|
||||||
multipart-post (>= 1.2, < 3)
|
faraday-http-cache (2.5.1)
|
||||||
ruby2_keywords (>= 0.0.4)
|
faraday (>= 0.8)
|
||||||
faraday-em_http (1.0.0)
|
faraday-net_http (3.4.4)
|
||||||
faraday-em_synchrony (1.0.0)
|
net-http (~> 0.5)
|
||||||
faraday-excon (1.1.0)
|
ffi (1.17.4-arm64-darwin)
|
||||||
faraday-net_http (1.0.1)
|
ffi (1.17.4-x86_64-darwin)
|
||||||
faraday-net_http_persistent (1.2.0)
|
ffi (1.17.4-x86_64-linux-gnu)
|
||||||
faraday_middleware (1.2.0)
|
ffi-libarchive (1.1.14)
|
||||||
faraday (~> 1.0)
|
|
||||||
ffi (1.15.5)
|
|
||||||
ffi-libarchive (1.1.3)
|
|
||||||
ffi (~> 1.0)
|
ffi (~> 1.0)
|
||||||
ffi-yajl (2.4.0)
|
ffi-yajl (2.7.11)
|
||||||
libyajl2 (>= 1.2)
|
libyajl2 (>= 2.1)
|
||||||
fuzzyurl (0.9.0)
|
fuzzyurl (0.9.0)
|
||||||
gssapi (1.3.1)
|
gssapi (1.3.1)
|
||||||
ffi (>= 1.0.1)
|
ffi (>= 1.0.1)
|
||||||
gyoku (1.3.1)
|
hashie (5.1.0)
|
||||||
builder (>= 2.1.2)
|
logger
|
||||||
hashie (4.1.0)
|
highline (3.1.2)
|
||||||
highline (2.0.3)
|
reline
|
||||||
httpclient (2.8.3)
|
http-accept (1.7.0)
|
||||||
|
http-cookie (1.1.6)
|
||||||
|
domain_name (~> 0.5)
|
||||||
|
httpclient (2.9.0)
|
||||||
|
mutex_m
|
||||||
iniparse (1.5.0)
|
iniparse (1.5.0)
|
||||||
inspec-core (4.52.9)
|
inspec-core (7.0.107)
|
||||||
addressable (~> 2.4)
|
addressable (~> 2.4)
|
||||||
|
chef-licensing (>= 1.2.0)
|
||||||
chef-telemetry (~> 1.0, >= 1.0.8)
|
chef-telemetry (~> 1.0, >= 1.0.8)
|
||||||
faraday (>= 0.9.0, < 1.5)
|
cookstyle
|
||||||
faraday_middleware (~> 1.0)
|
csv (~> 3.0)
|
||||||
hashie (>= 3.4, < 5.0)
|
faraday (>= 1, < 3)
|
||||||
|
faraday-follow_redirects (~> 0.3)
|
||||||
|
hashie (>= 3.4, < 6.0)
|
||||||
license-acceptance (>= 0.2.13, < 3.0)
|
license-acceptance (>= 0.2.13, < 3.0)
|
||||||
method_source (>= 0.8, < 2.0)
|
method_source (>= 0.8, < 2.0)
|
||||||
mixlib-log (~> 3.0)
|
mixlib-log (~> 3.0)
|
||||||
multipart-post (~> 2.0)
|
multipart-post (~> 2.0)
|
||||||
|
ostruct (>= 0.1, < 0.7)
|
||||||
parallel (~> 1.9)
|
parallel (~> 1.9)
|
||||||
parslet (>= 1.5, < 2.0)
|
parslet (>= 1.5, < 3.0)
|
||||||
pry (~> 0.13)
|
pry (~> 0.13)
|
||||||
rspec (>= 3.9, < 3.11)
|
rspec (>= 3.9, <= 3.14)
|
||||||
rspec-its (~> 1.2)
|
rspec-its (>= 1.2, < 3.0)
|
||||||
rubyzip (>= 1.2.2, < 3.0)
|
rubyzip (>= 1.2.2, < 4.0)
|
||||||
semverse (~> 3.0)
|
semverse (~> 3.0)
|
||||||
sslshake (~> 1.2)
|
sslshake (~> 1.2)
|
||||||
thor (>= 0.20, < 2.0)
|
syslog (~> 0.1)
|
||||||
tomlrb (>= 1.2, < 2.1)
|
thor (>= 0.20, < 1.5.0)
|
||||||
train-core (~> 3.0)
|
tomlrb (>= 1.3, < 2.1)
|
||||||
|
train-core (~> 3.16, >= 3.16.1)
|
||||||
tty-prompt (~> 0.17)
|
tty-prompt (~> 0.17)
|
||||||
tty-table (~> 0.10)
|
tty-table (~> 0.10)
|
||||||
|
io-console (0.8.2)
|
||||||
ipaddress (0.8.3)
|
ipaddress (0.8.3)
|
||||||
jmespath (1.5.0)
|
jmespath (1.6.2)
|
||||||
json (2.6.1)
|
json (2.20.0)
|
||||||
knife (17.9.26)
|
knife (19.0.134)
|
||||||
|
abbrev
|
||||||
bcrypt_pbkdf (~> 1.1)
|
bcrypt_pbkdf (~> 1.1)
|
||||||
chef (>= 17)
|
chef-licensing (~> 1.2)
|
||||||
chef-config (>= 17)
|
|
||||||
chef-utils (>= 17)
|
|
||||||
chef-vault
|
chef-vault
|
||||||
|
ed25519 (>= 1.2, < 2.0)
|
||||||
erubis (~> 2.7)
|
erubis (~> 2.7)
|
||||||
ffi (>= 1.15)
|
ffi (>= 1.15, < 1.18.0)
|
||||||
ffi-yajl (~> 2.2)
|
ffi-yajl (>= 2.2, < 3.0)
|
||||||
highline (>= 1.6.9, < 3)
|
highline (>= 1.6.9, < 4)
|
||||||
license-acceptance (>= 1.0.5, < 3)
|
license-acceptance (>= 1.0.5, < 3)
|
||||||
mixlib-archive (>= 0.4, < 2.0)
|
mixlib-archive (>= 0.4, < 2.0)
|
||||||
mixlib-cli (>= 2.1.1, < 3.0)
|
mixlib-cli (>= 2.1.1, < 3.0)
|
||||||
net-ssh (>= 5.1, < 7)
|
net-ssh (>= 5.1, < 8)
|
||||||
net-ssh-multi (~> 1.2, >= 1.2.1)
|
net-ssh-multi (~> 1.2, >= 1.2.1)
|
||||||
ohai (~> 17.0)
|
|
||||||
pastel
|
pastel
|
||||||
train-core (~> 3.2, >= 3.2.28)
|
proxifier2 (~> 1.1)
|
||||||
train-winrm (>= 0.2.5)
|
train-core (~> 3.13, >= 3.13.4)
|
||||||
|
train-winrm (>= 0.2.17)
|
||||||
tty-prompt (~> 0.21)
|
tty-prompt (~> 0.21)
|
||||||
tty-screen (~> 0.6)
|
tty-screen (~> 0.6)
|
||||||
tty-table (~> 0.11)
|
tty-table (~> 0.11)
|
||||||
knife-zero (2.4.2)
|
knife-zero (2.6.0)
|
||||||
chef (>= 15.0)
|
chef (>= 16.6)
|
||||||
knife (>= 17.0)
|
knife (>= 17.0)
|
||||||
|
language_server-protocol (3.17.0.5)
|
||||||
libyajl2 (2.1.0)
|
libyajl2 (2.1.0)
|
||||||
license-acceptance (2.1.13)
|
license-acceptance (2.1.13)
|
||||||
pastel (~> 0.7)
|
pastel (~> 0.7)
|
||||||
tomlrb (>= 1.2, < 3.0)
|
tomlrb (>= 1.2, < 3.0)
|
||||||
tty-box (~> 0.6)
|
tty-box (~> 0.6)
|
||||||
tty-prompt (~> 0.20)
|
tty-prompt (~> 0.20)
|
||||||
|
lint_roller (1.1.0)
|
||||||
little-plugger (1.1.4)
|
little-plugger (1.1.4)
|
||||||
logging (2.3.0)
|
logger (1.7.0)
|
||||||
|
logging (2.4.0)
|
||||||
little-plugger (~> 1.1)
|
little-plugger (~> 1.1)
|
||||||
multi_json (~> 1.14)
|
multi_json (~> 1.14)
|
||||||
method_source (1.0.0)
|
method_source (1.1.0)
|
||||||
mixlib-archive (1.1.7)
|
mime-types (3.7.0)
|
||||||
|
logger
|
||||||
|
mime-types-data (~> 3.2025, >= 3.2025.0507)
|
||||||
|
mime-types-data (3.2026.0701)
|
||||||
|
mixlib-archive (1.3.3)
|
||||||
mixlib-log
|
mixlib-log
|
||||||
mixlib-authentication (3.0.10)
|
mixlib-authentication (3.0.10)
|
||||||
mixlib-cli (2.1.8)
|
mixlib-cli (2.1.8)
|
||||||
mixlib-config (3.0.9)
|
mixlib-config (3.0.27)
|
||||||
tomlrb
|
tomlrb
|
||||||
mixlib-log (3.0.9)
|
mixlib-log (3.2.3)
|
||||||
mixlib-shellout (3.2.5)
|
ffi (>= 1.15.5)
|
||||||
|
mixlib-shellout (3.4.10)
|
||||||
chef-utils
|
chef-utils
|
||||||
multi_json (1.15.0)
|
multi_json (1.19.1)
|
||||||
multipart-post (2.1.1)
|
multipart-post (2.4.1)
|
||||||
net-scp (3.0.0)
|
mutex_m (0.3.0)
|
||||||
net-ssh (>= 2.6.5, < 7.0.0)
|
net-ftp (0.3.9)
|
||||||
net-sftp (3.0.0)
|
net-protocol
|
||||||
net-ssh (>= 5.0.0, < 7.0.0)
|
time
|
||||||
net-ssh (6.1.0)
|
net-http (0.9.1)
|
||||||
|
uri (>= 0.11.1)
|
||||||
|
net-http-persistent (4.0.8)
|
||||||
|
connection_pool (>= 2.2.4, < 4)
|
||||||
|
net-protocol (0.2.2)
|
||||||
|
timeout
|
||||||
|
net-scp (4.1.0)
|
||||||
|
net-ssh (>= 2.6.5, < 8.0.0)
|
||||||
|
net-sftp (4.0.0)
|
||||||
|
net-ssh (>= 5.0.0, < 8.0.0)
|
||||||
|
net-ssh (7.3.3)
|
||||||
net-ssh-gateway (2.0.0)
|
net-ssh-gateway (2.0.0)
|
||||||
net-ssh (>= 4.0.0)
|
net-ssh (>= 4.0.0)
|
||||||
net-ssh-multi (1.2.1)
|
net-ssh-multi (1.2.1)
|
||||||
net-ssh (>= 2.6.5)
|
net-ssh (>= 2.6.5)
|
||||||
net-ssh-gateway (>= 1.2.0)
|
net-ssh-gateway (>= 1.2.0)
|
||||||
nori (2.6.0)
|
netrc (0.11.0)
|
||||||
ohai (17.9.0)
|
nori (2.7.1)
|
||||||
chef-config (>= 14.12, < 18)
|
bigdecimal
|
||||||
chef-utils (>= 16.0, < 18)
|
ohai (19.1.40)
|
||||||
ffi (~> 1.9)
|
base64
|
||||||
ffi-yajl (~> 2.2)
|
chef-config (>= 14.12, < 20)
|
||||||
|
chef-utils (>= 16.0, < 20)
|
||||||
|
ffi (>= 1.15.5)
|
||||||
|
ffi-yajl (>= 2.2, < 3.0)
|
||||||
ipaddress
|
ipaddress
|
||||||
mixlib-cli (>= 1.7.0)
|
mixlib-cli (>= 1.7.0)
|
||||||
mixlib-config (>= 2.0, < 4.0)
|
mixlib-config (>= 2.0, < 4.0)
|
||||||
mixlib-log (>= 2.0.1, < 4.0)
|
mixlib-log (>= 2.0.1, < 4.0)
|
||||||
mixlib-shellout (~> 3.2, >= 3.2.5)
|
mixlib-shellout (>= 3.3.6, < 3.5.0)
|
||||||
plist (~> 3.1)
|
plist (~> 3.1)
|
||||||
train-core
|
train-core
|
||||||
wmi-lite (~> 1.0)
|
wmi-lite (~> 1.0)
|
||||||
parallel (1.21.0)
|
ostruct (0.6.3)
|
||||||
parslet (1.8.2)
|
parallel (1.28.0)
|
||||||
|
parser (3.3.11.1)
|
||||||
|
ast (~> 2.4.1)
|
||||||
|
racc
|
||||||
|
parslet (2.0.0)
|
||||||
pastel (0.8.0)
|
pastel (0.8.0)
|
||||||
tty-color (~> 0.5)
|
tty-color (~> 0.5)
|
||||||
plist (3.6.0)
|
plist (3.7.2)
|
||||||
proxifier (1.0.3)
|
prism (1.9.0)
|
||||||
pry (0.14.1)
|
proxifier2 (1.1.0)
|
||||||
|
pry (0.16.0)
|
||||||
coderay (~> 1.1)
|
coderay (~> 1.1)
|
||||||
method_source (~> 1.0)
|
method_source (~> 1.0)
|
||||||
public_suffix (4.0.6)
|
reline (>= 0.6.0)
|
||||||
rack (2.2.3)
|
pstore (0.1.4)
|
||||||
rspec (3.10.0)
|
public_suffix (6.0.2)
|
||||||
rspec-core (~> 3.10.0)
|
racc (1.8.1)
|
||||||
rspec-expectations (~> 3.10.0)
|
rack (3.2.6)
|
||||||
rspec-mocks (~> 3.10.0)
|
rackup (2.3.1)
|
||||||
rspec-core (3.10.2)
|
rack (>= 3)
|
||||||
rspec-support (~> 3.10.0)
|
rainbow (3.1.1)
|
||||||
rspec-expectations (3.10.2)
|
regexp_parser (2.12.0)
|
||||||
|
reline (0.6.3)
|
||||||
|
io-console (~> 0.5)
|
||||||
|
rest-client (2.1.0)
|
||||||
|
http-accept (>= 1.7.0, < 2.0)
|
||||||
|
http-cookie (>= 1.0.2, < 2.0)
|
||||||
|
mime-types (>= 1.16, < 4.0)
|
||||||
|
netrc (~> 0.8)
|
||||||
|
rexml (3.4.4)
|
||||||
|
rspec (3.13.2)
|
||||||
|
rspec-core (~> 3.13.0)
|
||||||
|
rspec-expectations (~> 3.13.0)
|
||||||
|
rspec-mocks (~> 3.13.0)
|
||||||
|
rspec-core (3.13.6)
|
||||||
|
rspec-support (~> 3.13.0)
|
||||||
|
rspec-expectations (3.13.5)
|
||||||
diff-lcs (>= 1.2.0, < 2.0)
|
diff-lcs (>= 1.2.0, < 2.0)
|
||||||
rspec-support (~> 3.10.0)
|
rspec-support (~> 3.13.0)
|
||||||
rspec-its (1.3.0)
|
rspec-its (2.0.0)
|
||||||
rspec-core (>= 3.0.0)
|
rspec-core (>= 3.13.0)
|
||||||
rspec-expectations (>= 3.0.0)
|
rspec-expectations (>= 3.13.0)
|
||||||
rspec-mocks (3.10.3)
|
rspec-mocks (3.13.8)
|
||||||
diff-lcs (>= 1.2.0, < 2.0)
|
diff-lcs (>= 1.2.0, < 2.0)
|
||||||
rspec-support (~> 3.10.0)
|
rspec-support (~> 3.13.0)
|
||||||
rspec-support (3.10.3)
|
rspec-support (3.13.7)
|
||||||
ruby2_keywords (0.0.5)
|
rubocop (1.86.1)
|
||||||
rubyntlm (0.6.3)
|
json (~> 2.3)
|
||||||
rubyzip (2.3.2)
|
language_server-protocol (~> 3.17.0.2)
|
||||||
semverse (3.0.0)
|
lint_roller (~> 1.1.0)
|
||||||
|
parallel (>= 1.10)
|
||||||
|
parser (>= 3.3.0.2)
|
||||||
|
rainbow (>= 2.2.2, < 4.0)
|
||||||
|
regexp_parser (>= 2.9.3, < 3.0)
|
||||||
|
rubocop-ast (>= 1.49.0, < 2.0)
|
||||||
|
ruby-progressbar (~> 1.7)
|
||||||
|
unicode-display_width (>= 2.4.0, < 4.0)
|
||||||
|
rubocop-ast (1.49.1)
|
||||||
|
parser (>= 3.3.7.2)
|
||||||
|
prism (~> 1.7)
|
||||||
|
ruby-progressbar (1.13.0)
|
||||||
|
rubyntlm (0.6.5)
|
||||||
|
base64
|
||||||
|
rubyzip (2.4.1)
|
||||||
|
semverse (3.0.2)
|
||||||
|
socksify (1.8.1)
|
||||||
sslshake (1.3.1)
|
sslshake (1.3.1)
|
||||||
strings (0.2.1)
|
strings (0.2.1)
|
||||||
strings-ansi (~> 0.2)
|
strings-ansi (~> 0.2)
|
||||||
unicode-display_width (>= 1.5, < 3.0)
|
unicode-display_width (>= 1.5, < 3.0)
|
||||||
unicode_utils (~> 1.4)
|
unicode_utils (~> 1.4)
|
||||||
strings-ansi (0.2.0)
|
strings-ansi (0.2.0)
|
||||||
|
syslog (0.4.0)
|
||||||
|
logger
|
||||||
syslog-logger (1.6.8)
|
syslog-logger (1.6.8)
|
||||||
thor (1.2.1)
|
thor (1.4.0)
|
||||||
tomlrb (1.3.0)
|
time (0.4.2)
|
||||||
train-core (3.8.7)
|
date
|
||||||
|
timeout (0.6.1)
|
||||||
|
tomlrb (2.0.4)
|
||||||
|
train-core (3.16.5)
|
||||||
addressable (~> 2.5)
|
addressable (~> 2.5)
|
||||||
ffi (!= 1.13.0)
|
ffi (>= 1.16.0, < 1.18)
|
||||||
json (>= 1.8, < 3.0)
|
json (>= 2.19.2, < 3.0)
|
||||||
mixlib-shellout (>= 2.0, < 4.0)
|
mixlib-shellout (>= 2.0, < 4.0)
|
||||||
net-scp (>= 1.2, < 4.0)
|
net-scp (>= 1.2, < 5.0)
|
||||||
net-ssh (>= 2.9, < 7.0)
|
net-ssh (>= 2.9, < 8.0)
|
||||||
train-winrm (0.2.12)
|
train-rest (0.5.0)
|
||||||
winrm (>= 2.3.6, < 3.0)
|
aws-sigv4 (~> 1.5)
|
||||||
winrm-elevated (~> 1.2.2)
|
rest-client (~> 2.1)
|
||||||
winrm-fs (~> 1.0)
|
train-core (~> 3.0)
|
||||||
|
train-winrm (0.4.3)
|
||||||
|
chef-winrm (>= 2.4.4, < 3.0)
|
||||||
|
chef-winrm-elevated (>= 1.2.5, < 2.0)
|
||||||
|
chef-winrm-fs (>= 1.4.1, < 2.0)
|
||||||
|
socksify (~> 1.8)
|
||||||
tty-box (0.7.0)
|
tty-box (0.7.0)
|
||||||
pastel (~> 0.8)
|
pastel (~> 0.8)
|
||||||
strings (~> 0.2.0)
|
strings (~> 0.2.0)
|
||||||
@@ -272,45 +407,34 @@ GEM
|
|||||||
tty-cursor (~> 0.7)
|
tty-cursor (~> 0.7)
|
||||||
tty-screen (~> 0.8)
|
tty-screen (~> 0.8)
|
||||||
wisper (~> 2.0)
|
wisper (~> 2.0)
|
||||||
tty-screen (0.8.1)
|
tty-screen (0.8.2)
|
||||||
|
tty-spinner (0.9.3)
|
||||||
|
tty-cursor (~> 0.7)
|
||||||
tty-table (0.12.0)
|
tty-table (0.12.0)
|
||||||
pastel (~> 0.8)
|
pastel (~> 0.8)
|
||||||
strings (~> 0.2.0)
|
strings (~> 0.2.0)
|
||||||
tty-screen (~> 0.8)
|
tty-screen (~> 0.8)
|
||||||
unicode-display_width (2.1.0)
|
unf_ext (0.0.9.1)
|
||||||
|
unicode-display_width (2.6.0)
|
||||||
unicode_utils (1.4.0)
|
unicode_utils (1.4.0)
|
||||||
uuidtools (2.2.0)
|
uri (1.1.1)
|
||||||
vault (0.16.0)
|
uuidtools (3.0.0)
|
||||||
|
vault (0.20.1)
|
||||||
aws-sigv4
|
aws-sigv4
|
||||||
webrick (1.7.0)
|
base64
|
||||||
winrm (2.3.6)
|
net-http-persistent (~> 4.0, >= 4.0.2)
|
||||||
builder (>= 2.1.2)
|
webrick (1.9.2)
|
||||||
erubi (~> 1.8)
|
|
||||||
gssapi (~> 1.2)
|
|
||||||
gyoku (~> 1.0)
|
|
||||||
httpclient (~> 2.2, >= 2.2.0.2)
|
|
||||||
logging (>= 1.6.1, < 3.0)
|
|
||||||
nori (~> 2.0)
|
|
||||||
rubyntlm (~> 0.6.0, >= 0.6.3)
|
|
||||||
winrm-elevated (1.2.3)
|
|
||||||
erubi (~> 1.8)
|
|
||||||
winrm (~> 2.0)
|
|
||||||
winrm-fs (~> 1.0)
|
|
||||||
winrm-fs (1.3.5)
|
|
||||||
erubi (~> 1.8)
|
|
||||||
logging (>= 1.6.1, < 3.0)
|
|
||||||
rubyzip (~> 2.0)
|
|
||||||
winrm (~> 2.0)
|
|
||||||
wisper (2.0.1)
|
wisper (2.0.1)
|
||||||
wmi-lite (1.0.5)
|
wmi-lite (1.0.7)
|
||||||
|
|
||||||
PLATFORMS
|
PLATFORMS
|
||||||
|
arm64-darwin-22
|
||||||
x86_64-darwin-18
|
x86_64-darwin-18
|
||||||
x86_64-darwin-19
|
x86_64-darwin-19
|
||||||
x86_64-linux
|
x86_64-linux
|
||||||
|
|
||||||
DEPENDENCIES
|
DEPENDENCIES
|
||||||
knife-zero (>= 2.4.2)
|
knife-zero (~> 2.6.0)
|
||||||
|
|
||||||
BUNDLED WITH
|
BUNDLED WITH
|
||||||
2.2.15
|
2.2.15
|
||||||
|
|||||||
@@ -1,4 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "garage-10",
|
|
||||||
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2+3Wo+KkXVJCOX1SxT9\nSdwKXgPbCDM3EI9uwoxhMxQfRyN53dxIsBDsQUVOIe1Z8yqm4FenMQlNmeDR+QLE\nvNFf1fisinW+D9VVRm+CjcJy96i/Dyt786Z6YRrDlB860HxCbfTL2Zv5BRtbyIKg\nhz5gO+9PMEpPVR2ij9iue4K6jbM1AAL2ia/P6zDWLJqeIzUocCeHV5N0Z3jXH6qr\nf444v78x35MMJ+3tg5h95SU1/PDCpdSTct4uHEuKIosiN7p4DlYMoM5iSyvVoujr\nflRQPEpGzS9qEt3rDo/F4ltzYMx6bf1tB/0QaBKD+zwPZWTTwf61tSBo5/NkGvJc\nFQIDAQAB\n-----END PUBLIC KEY-----\n"
|
|
||||||
}
|
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"name": "garage-14",
|
||||||
|
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypINv1zTZ7+pyT0iRhik\n0W70ASYADo7qK7QyE9/3nu2sUrP1IjoNFsv/ceKwicH7Fw2Ei1o+yKZlKn7zJzY7\n93YRZndF04VH2bmqy0uOWK0Bdat7gCld5bvS6FmRflg7g64LFb33/64QIVsVGHGL\nYF2TO//x79t9JKcQDa4h5MOWzJNTFuEcUGa0gJjMYpWGVHEJSgRuIgyhXmyIJJgY\nguj6ymTm5+3VS7NzoNy2fbTt1LRpHb5UWrCR15oiLZiDSMLMx0CcGOCmrhvODi4k\n0umw+2NPd1G50s9z7KVbTqybuQ65se2amRnkVcNfaBIU5qk9bVqcmhZlEozmBZCd\ndwIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||||
|
}
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"name": "garage-15",
|
||||||
|
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy14sTt5gxVZi9C3KIEBu\nDyUgbb6jc3/GR22fNPTqV6uDHhxzhE2UsYwY/7yuA1RasdwHEOBWZaoC0Om5/Zmi\n8gn6//v1ILyLNaAcw+SQcxZkCN8Sk/0atRS9HYk1agE8Mvh72Fe2z3l+92VMefy7\nJwJUNNBTbnV2WVCchChoWnfhI7bkSLSHp0M2MO2pI+lkpSdmfkJSa5z9zihgxKO8\nXfvhryDCZNvfRVHhwc+ffpap0gLF0H9riGKE4FwLy4YqbuW1Tgm6bObb9bpOIw6Q\nVfH3kC/KMK5FlnxGmYtDkhRJ/wjGInRBk9WK/QOmjyd2FVxipEQmA4RdjlznRC9I\nrwIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||||
|
}
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"name": "garage-16",
|
||||||
|
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYCUN4WNP05pjbxVJd1/\nvmDZU6XRrVVZS5piSSRzs+uxrcUQZew9oe8YwnB9Acf7nl1igS1Fa3e3TyVdrdrM\n+zKLIszJfZw8qH0BhUHYhIm5o+NXeUDR6zor5/4msq9yyXxMFM3FY6HSnz1IBY6P\n43GdArRqAhccGZTBzvowHZvVTkG553oYF1ETxlUWn+9l142YZufNK+B2JGUGSnf3\nS0A2vlQi7DGHBcUaPPqCLeaXB1cQ4Q6SqMvnExpi0xTdY2QXLlSIBJvJVowLtQKs\npS5qHxwCabMY/uHVoEKxgmMcGvjp4L0PoaXRcev5I2sDfbLuz1VxYfatjgI/1psg\ntwIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||||
|
}
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "garage-9",
|
|
||||||
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMHzKE8JBrsQkmRDeMjX\n71mBzvRzNM90cwA8xtvIkXesdTyGqohX9k/PJbCY5ySGK9PpMaYDPVAnwnUP8LFQ\n3G98aSbLxUjqU/PBzRsnWpihehr05uz9zYcNFzr4LTNvGQZsq47nN9Tk+LG3zHP7\nAZViv2mJ4ZRnukXf6KHlyoVvhuTu+tiBM8QzjTF97iP/aguNPzYHmrecy9Uf5bSA\nZrbNZT+ayxtgswC2OclhRucx7XLSuHXtpwFqsQzSAhiX1aQ3wwCyH9WJtVwpfUsE\nlxTjcQiSM9aPZ8iSC0shpBaKD1j3iF/2K2Jk+88++zMhJJPLermvaJxzsdePgvyk\nKQIDAQAB\n-----END PUBLIC KEY-----\n"
|
|
||||||
}
|
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"name": "leo",
|
||||||
|
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFfQsJnREjbXTtpT6BVt\naBaUzRmCQi8Du0TzeUG0ENrY0p5Exqleye2rC6bJlB3PER1xr5zdtuXLgbcVumIb\nzroU5JPtFbQk7r/pj0atT+UEYzl16iuEpprQ/bug+f0nE514USr6YG4G+tlZ/jBI\nSHsCQF1P8ufXFLW0ewC7rdvBkgA+DwK14naRxS4jO5MSl4wmNTjs/jymTg508mQq\nf5tG52t8qFdgn9pRdBXmyTpPtwK7I4rZ+1Qn+1E5m4oQUZsxh8Ba1bGbKotVO7Ua\nYL1yCGx7zRRUvLLIdSMvlRXTJBUSQtQ8P4QUDWTY1Na2w3t9sulKg2Lwsw8tktvC\nCwIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||||
|
}
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"name": "postgres-10",
|
||||||
|
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oBb5omC7ZionWhudgFm\n2NGcRXsI0c7+g1+0duaxj5dziaRTltqzpRJTfiJD6R36FcvEqwGc+qQgYSMzc1Xd\nY4OTvJFIDiFAmROm/DZYgFtTDldVNJZO2bbU3COYf/Z2Poq56gC4zLLd/zf6shgb\n2Mty8PlQ82JJAY9EMI3aAifdnZ1k/g4weFC4LFg9lUcNNXOwlAjp//LJ3ku3aY1r\nwW74msSeWEjE44YZdWyMYgM7Fy1hz5giHFQtRdOLemRCWQ8h26wn/cmWld7lsLg+\nlYqxokxWXGv8r5zR8kDTBkd0dxY7ZMbo7oESY4Uhuf4UReMe2ZGHto1E7w3llSj+\n7wIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||||
|
}
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"name": "postgres-11",
|
||||||
|
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1foYpuubS2ovlg3uHO12\nQ/ROZ8MpG+LkCAM46uVfPaoWwfY0vdfMsBOanHDgm9DGUCEBJZ6LPrvCvGXbpPy6\n9GSswK75zVWODblNjvvV4ueGFq4bBFwRuZNjyMlqgyzeU+srZL0ivelu5XEuGuoD\nPYCBKWYqGMz85/eMC7/tinTJtKPyOtXe/G8meji+r7gh3j+ypj/EWeKfcRDa4aGe\n/DmMCurIjjPAXFLMAA6fIqPWVfcPw4APNPE60Z92yPGsTbPu7bL54M5f7udmmu7H\nOgk1HjMAmXCuLDzTkfaxqHP+57yELg/YpXR1E93VmBeQuIBsyOFEk6AmUmA1Ib6e\nnQIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||||
|
}
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"name": "postgres-12",
|
||||||
|
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mYGrYB8keUKmXA8dhWc\ncCLzp50xR0ajSw+bWYydyRqD5wuEVKjiJu4+G9QmTVXkVgJ+AYI0Y9/WZYpDqVH6\nvLUo6BSNQaWx20q93qIdOGLy8YG3Qyznezk4l8T9u9vWZDyDpKw6gCxzikMkrXxb\n0cqOYtyud8+PtSEEMogSjOKhRURVHlVrlVH3SQO7Whke9rkiFcbXzubsK9yjkUtF\nxZafSoGorOlDsPvFTfYnkepVB+GHcgiribRYSrO+73GypC2kqMhCpWrb6a0VWsP/\nh53+q3JL3vBvdvjcv51Wpf4n6JdnXnQGn2/MdXEzw+NXgjU4/IdYtbORSbaI8F5t\nowIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||||
|
}
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "postgres-7",
|
|
||||||
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArraIm6mXi0qgK4oWDs2I\nOIx+g/LPnfRd5aBXhoHcekGiJKttQTi5dRdN4+T6qVEC2h4Cc9qN47h2TZPLDh/M\neIZvu0AyicpectzXf6DtDZh0hFCnv47RDi9927op9tjMXk0SV1tLel7MN0dawATw\ny0vQkkr/5a3ZdiP4dFv+bdfVrj+Tuh85BYPVyX2mxq9F7Efxrt6rzVBiqr6uJLUY\nStpeB3CCalC4zQApKX2xrdtr2k8aJbqC6C//LiKbb7VKn+ZuZJ32L/+9HDEzQoFC\no0ZZPMhfnjcU+iSHYZuPMTJTNbwgRuOgpn9O8kZ239qYc59z7HEXwwWiYPDevbiM\nCQIDAQAB\n-----END PUBLIC KEY-----\n"
|
|
||||||
}
|
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"name": "postgres-9",
|
||||||
|
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dcE9HH0r5TBb/FGj2+e\nOw8ssoxeB61JmR4/psdZ6oPR08gxyqOY0ODziCmyIdXwFhjIcC44HjxCbcB8TU8G\nWGqlmfqWWIJW0x/2xOycHobAWDn5fC5ttTXkR3HC1TutX/2mH26mtfz9UjNdPaTo\nVZFMcxeaBCFSNlYC7hPUQ5f/qBdhhpLxP9uyzU+YFPqtwLP7g8EAUQObM4L+m6Q8\nqE7xgYpnhgaNrPsmvaVuoNylMGwyK0j1whOkcik8UgLprD70ISNSNxxcLehbvA3G\nPQPQRRuFF36fu2gECWGopbrFKwQGNfgJguQoXM1RQZQMQqWHPS933k5i6bi5pnhp\nzwIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||||
|
}
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"name": "prometheus-1",
|
||||||
|
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7T/OBo/TZm3YqnN4+ok\nHwcJ0kW9w2rl9UfrOlWUvoPHBd2LrqpEv3Az3a150IylQ1H/UozmQA7DtjIoTA7d\nV3oLY970vYrYiURcojOo8qAZBy8EH7dfAHxuZryUeELr+3vdcHF5WrrfSt2FdFVX\nPTY95ikafAnOO0Nt8jvnlPoDn7REV8TOE6KOiUzcHKa2xGlfaIe0oRC21LD86uQm\nR09xY1YaJkVgZfeN/opoRjZawkU3FFs3jlUEVBF8k153oOw9W3bgsFFjSOtRtRRg\nDwyQ7oDeMH83kXnaCdpkNZd59wjzPcpxYAL4LRN52ZXA4Btr4DTi+GxHz98Dr0kU\nUQIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||||
|
}
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
{
|
||||||
|
"name": "rsk-testnet-6",
|
||||||
|
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1p4+F536/peA4XWMJtm\njggPl6yJb42V5bg3kDa8SHoIoQgXn59d3BclZ1Oz2+JhFd3Rrn4FN3Z1wzGpP+gA\nnxQOfgRG1ucahh7Nxaw3IdoHm7r/EdEOc9FrxvGJ+09YnmLfzn4iVQpsUiOiNVS7\n0LXtMXYtsjD+o6BTbOhGU8FMmGhMhQfXFVgoDdTiM/Q62zPw8Vtpa3yFpFJAu+dA\n+mm5h5W6FnaWJXM2arn3PxDOt+JQSWp5PYG4goU1FFreU9iFuoeGEfLy8unlbbXt\ne96QhNuCkOA15xqta0Z3oL7IlXWns7dLgZYlpZT9zaExIs3AEDaQcleacQPzXKSG\nswIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||||
|
}
|
||||||
@@ -3,3 +3,5 @@ config:
|
|||||||
line-length: false # MD013
|
line-length: false # MD013
|
||||||
no-duplicate-heading: false # MD024
|
no-duplicate-heading: false # MD024
|
||||||
reference-links-images: false # MD052
|
reference-links-images: false # MD052
|
||||||
|
ignores:
|
||||||
|
- .github/copilot-instructions.md
|
||||||
|
|||||||
@@ -2,6 +2,48 @@
|
|||||||
|
|
||||||
This file is used to list changes made in each version of the homebrew cookbook.
|
This file is used to list changes made in each version of the homebrew cookbook.
|
||||||
|
|
||||||
|
## 6.0.2 - *2025-09-04*
|
||||||
|
|
||||||
|
Standardise files with files in sous-chefs/repo-management
|
||||||
|
|
||||||
|
Standardise files with files in sous-chefs/repo-management
|
||||||
|
|
||||||
|
## 6.0.1 - *2025-03-24*
|
||||||
|
|
||||||
|
## 6.0.0 - *2025-03-17*
|
||||||
|
|
||||||
|
- Updated library call for new homebrew class name found in chef-client 18.6.2+ releases
|
||||||
|
|
||||||
|
## 5.4.9 - *2024-11-18*
|
||||||
|
|
||||||
|
Standardise files with files in sous-chefs/repo-management
|
||||||
|
|
||||||
|
Standardise files with files in sous-chefs/repo-management
|
||||||
|
|
||||||
|
Standardise files with files in sous-chefs/repo-management
|
||||||
|
|
||||||
|
Standardise files with files in sous-chefs/repo-management
|
||||||
|
|
||||||
|
Standardise files with files in sous-chefs/repo-management
|
||||||
|
|
||||||
|
## 5.4.8 - *2024-05-07*
|
||||||
|
|
||||||
|
## 5.4.7 - *2024-05-06*
|
||||||
|
|
||||||
|
- Explicitly include `Which` module from `Chef` which fixes runs on 18.x clients.
|
||||||
|
|
||||||
|
## 5.4.6 - *2024-05-06*
|
||||||
|
|
||||||
|
## 5.4.5 - *2023-11-01*
|
||||||
|
|
||||||
|
Standardise files with files in sous-chefs/repo-management
|
||||||
|
|
||||||
|
## 5.4.4 - *2023-09-28*
|
||||||
|
|
||||||
|
## 5.4.3 - *2023-09-04*
|
||||||
|
|
||||||
|
## 5.4.2 - *2023-07-10*
|
||||||
|
|
||||||
## 5.4.1 - *2023-06-01*
|
## 5.4.1 - *2023-06-01*
|
||||||
|
|
||||||
## 5.4.0 - *2023-04-24*
|
## 5.4.0 - *2023-04-24*
|
||||||
|
|||||||
@@ -20,8 +20,9 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
class HomebrewUserWrapper
|
class HomebrewUserWrapper
|
||||||
require 'chef/mixin/homebrew_user'
|
require 'chef/mixin/homebrew'
|
||||||
include Chef::Mixin::HomebrewUser
|
include Chef::Mixin::Homebrew
|
||||||
|
include Chef::Mixin::Which
|
||||||
end
|
end
|
||||||
|
|
||||||
module Homebrew
|
module Homebrew
|
||||||
@@ -59,41 +60,17 @@ module Homebrew
|
|||||||
|
|
||||||
def owner
|
def owner
|
||||||
@owner ||= begin
|
@owner ||= begin
|
||||||
# once we only support 14.0 we can switch this to find_homebrew_username
|
HomebrewUserWrapper.new.find_homebrew_username
|
||||||
require 'etc'
|
rescue
|
||||||
::Etc.getpwuid(HomebrewUserWrapper.new.find_homebrew_uid).name
|
Chef::Exceptions::CannotDetermineHomebrewPath
|
||||||
rescue Chef::Exceptions::CannotDetermineHomebrewOwner
|
end.tap do |owner|
|
||||||
calculate_owner
|
Chef::Log.debug("Homebrew owner is #{owner}")
|
||||||
end.tap do |owner|
|
end
|
||||||
Chef::Log.debug("Homebrew owner is #{owner}")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
private
|
|
||||||
|
|
||||||
def calculate_owner
|
|
||||||
owner = homebrew_owner_attr || sudo_user || current_user
|
|
||||||
if owner == 'root'
|
|
||||||
raise Chef::Exceptions::User,
|
|
||||||
"Homebrew owner is 'root' which is not supported. " \
|
|
||||||
"To set an explicit owner, please set node['homebrew']['owner']."
|
|
||||||
end
|
|
||||||
owner
|
|
||||||
end
|
|
||||||
|
|
||||||
def homebrew_owner_attr
|
|
||||||
Chef.node['homebrew']['owner']
|
|
||||||
end
|
|
||||||
|
|
||||||
def sudo_user
|
|
||||||
ENV['SUDO_USER']
|
|
||||||
end
|
|
||||||
|
|
||||||
def current_user
|
|
||||||
ENV['USER']
|
|
||||||
end
|
end
|
||||||
end unless defined?(Homebrew)
|
end unless defined?(Homebrew)
|
||||||
|
|
||||||
class HomebrewWrapper
|
class HomebrewWrapper
|
||||||
include Homebrew
|
include Homebrew
|
||||||
end
|
end
|
||||||
|
|
||||||
|
Chef::Mixin::Homebrew.include(Homebrew)
|
||||||
|
|||||||
@@ -17,13 +17,13 @@
|
|||||||
"recipes": {
|
"recipes": {
|
||||||
|
|
||||||
},
|
},
|
||||||
"version": "5.4.1",
|
"version": "6.0.2",
|
||||||
"source_url": "https://github.com/sous-chefs/homebrew",
|
"source_url": "https://github.com/sous-chefs/homebrew",
|
||||||
"issues_url": "https://github.com/sous-chefs/homebrew/issues",
|
"issues_url": "https://github.com/sous-chefs/homebrew/issues",
|
||||||
"privacy": false,
|
"privacy": false,
|
||||||
"chef_versions": [
|
"chef_versions": [
|
||||||
[
|
[
|
||||||
">= 15.3"
|
">= 18.6.2"
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
"ohai_versions": [
|
"ohai_versions": [
|
||||||
|
|||||||
@@ -3,9 +3,9 @@ maintainer 'Sous Chefs'
|
|||||||
maintainer_email 'help@sous-chefs.org'
|
maintainer_email 'help@sous-chefs.org'
|
||||||
license 'Apache-2.0'
|
license 'Apache-2.0'
|
||||||
description 'Install Homebrew and includes resources for working with taps and casks'
|
description 'Install Homebrew and includes resources for working with taps and casks'
|
||||||
version '5.4.1'
|
version '6.0.2'
|
||||||
supports 'mac_os_x'
|
supports 'mac_os_x'
|
||||||
|
|
||||||
source_url 'https://github.com/sous-chefs/homebrew'
|
source_url 'https://github.com/sous-chefs/homebrew'
|
||||||
issues_url 'https://github.com/sous-chefs/homebrew/issues'
|
issues_url 'https://github.com/sous-chefs/homebrew/issues'
|
||||||
chef_version '>= 15.3'
|
chef_version '>= 18.6.2'
|
||||||
|
|||||||
@@ -1,9 +1,10 @@
|
|||||||
{
|
{
|
||||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||||
"extends": ["config:base"],
|
"extends": ["config:base"],
|
||||||
"packageRules": [{
|
"packageRules": [
|
||||||
|
{
|
||||||
"groupName": "Actions",
|
"groupName": "Actions",
|
||||||
"matchUpdateTypes": ["patch", "pin", "digest"],
|
"matchUpdateTypes": ["minor", "patch", "pin"],
|
||||||
"automerge": true,
|
"automerge": true,
|
||||||
"addLabels": ["Release: Patch", "Skip: Announcements"]
|
"addLabels": ["Release: Patch", "Skip: Announcements"]
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -19,6 +19,7 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
#
|
#
|
||||||
|
|
||||||
|
unified_mode true
|
||||||
chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides)
|
chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides)
|
||||||
|
|
||||||
property :cask_name, String, regex: %r{^[\w/-]+$}, name_property: true
|
property :cask_name, String, regex: %r{^[\w/-]+$}, name_property: true
|
||||||
|
|||||||
@@ -19,6 +19,7 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
#
|
#
|
||||||
|
|
||||||
|
unified_mode true
|
||||||
chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides)
|
chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides)
|
||||||
|
|
||||||
property :tap_name, String, name_property: true, regex: %r{^[\w-]+(?:\/[\w-]+)+$}
|
property :tap_name, String, name_property: true, regex: %r{^[\w-]+(?:\/[\w-]+)+$}
|
||||||
|
|||||||
@@ -3,3 +3,5 @@ config:
|
|||||||
line-length: false # MD013
|
line-length: false # MD013
|
||||||
no-duplicate-heading: false # MD024
|
no-duplicate-heading: false # MD024
|
||||||
reference-links-images: false # MD052
|
reference-links-images: false # MD052
|
||||||
|
ignores:
|
||||||
|
- .github/copilot-instructions.md
|
||||||
|
|||||||
+8
@@ -0,0 +1,8 @@
|
|||||||
|
{
|
||||||
|
"recommendations": [
|
||||||
|
"chef-software.chef",
|
||||||
|
"Shopify.ruby-lsp",
|
||||||
|
"editorconfig.editorconfig",
|
||||||
|
"DavidAnson.vscode-markdownlint"
|
||||||
|
]
|
||||||
|
}
|
||||||
@@ -2,9 +2,48 @@
|
|||||||
|
|
||||||
This file is used to list changes made in each version of the postfix cookbook.
|
This file is used to list changes made in each version of the postfix cookbook.
|
||||||
|
|
||||||
|
## Unreleased
|
||||||
|
|
||||||
|
## 6.4.1 - *2025-09-04*
|
||||||
|
|
||||||
|
## 6.4.0 - *2025-07-30* ## 6.4.0 - *2025-07-30*
|
||||||
|
|
||||||
|
Standardise files with files in sous-chefs/repo-management
|
||||||
|
|
||||||
|
## 6.4.0 - *2025-07-30*
|
||||||
|
|
||||||
|
## 6.3.0 - *2025-07-30*
|
||||||
|
|
||||||
|
- Use LMDB instead of hash on el10
|
||||||
|
|
||||||
|
## 6.3.0 - *2025-07-30*
|
||||||
|
|
||||||
|
## 6.2.2 - *2025-01-30*
|
||||||
|
|
||||||
|
## 6.2.1 - *2025-01-30*
|
||||||
|
|
||||||
|
## 6.2.0 - *2025-01-30*
|
||||||
|
|
||||||
|
## 6.2.0
|
||||||
|
|
||||||
|
- Correctly fix aliases quoting logic
|
||||||
|
- Convert all serverspec tests to inspec
|
||||||
|
- Add Github actions
|
||||||
|
- Update platforms to test
|
||||||
|
|
||||||
|
## 6.0.29 - *2024-11-18*
|
||||||
|
|
||||||
|
- Standardise files with files in sous-chefs/repo-management
|
||||||
|
|
||||||
|
## 6.0.28 - *2024-07-15*
|
||||||
|
|
||||||
|
- Standardise files with files in sous-chefs/repo-management
|
||||||
|
|
||||||
|
## 6.0.27 - *2024-05-06*
|
||||||
|
|
||||||
## 6.0.26 - *2023-10-03*
|
## 6.0.26 - *2023-10-03*
|
||||||
|
|
||||||
- add installation of postfix addon packages for RHEL 8
|
- Add installation of postfix addon packages for RHEL 8
|
||||||
|
|
||||||
## 6.0.25 - *2023-10-03*
|
## 6.0.25 - *2023-10-03*
|
||||||
|
|
||||||
|
|||||||
@@ -13,9 +13,10 @@
|
|||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
default['postfix']['packages'] = value_for_platform(
|
||||||
default['postfix']['packages'] = %w(postfix)
|
amazon: { '>= 2023' => %w(postfix postfix-lmdb) },
|
||||||
|
default: %w(postfix)
|
||||||
|
)
|
||||||
# Generic cookbook attributes
|
# Generic cookbook attributes
|
||||||
default['postfix']['mail_type'] = 'client'
|
default['postfix']['mail_type'] = 'client'
|
||||||
default['postfix']['relayhost_role'] = 'relayhost'
|
default['postfix']['relayhost_role'] = 'relayhost'
|
||||||
@@ -37,11 +38,19 @@ default['postfix']['master_template_source'] = 'postfix'
|
|||||||
default['postfix']['sender_canonical_map_entries'] = {}
|
default['postfix']['sender_canonical_map_entries'] = {}
|
||||||
default['postfix']['smtp_generic_map_entries'] = {}
|
default['postfix']['smtp_generic_map_entries'] = {}
|
||||||
default['postfix']['recipient_canonical_map_entries'] = {}
|
default['postfix']['recipient_canonical_map_entries'] = {}
|
||||||
default['postfix']['access_db_type'] = 'hash'
|
|
||||||
default['postfix']['aliases_db_type'] = 'hash'
|
default['postfix']['db_type'] = value_for_platform(
|
||||||
default['postfix']['transport_db_type'] = 'hash'
|
%w(centos redhat almalinux rocky oracle) => { '>= 10' => 'lmdb' },
|
||||||
default['postfix']['virtual_alias_db_type'] = 'hash'
|
amazon: { '>= 2023' => 'lmdb' },
|
||||||
default['postfix']['virtual_alias_domains_db_type'] = 'hash'
|
%w(opensuseleap suse) => { '>= 15' => 'lmdb' },
|
||||||
|
default: 'hash'
|
||||||
|
)
|
||||||
|
|
||||||
|
default['postfix']['access_db_type'] = lazy { node['postfix']['db_type'] }
|
||||||
|
default['postfix']['aliases_db_type'] = lazy { node['postfix']['db_type'] }
|
||||||
|
default['postfix']['transport_db_type'] = lazy { node['postfix']['db_type'] }
|
||||||
|
default['postfix']['virtual_alias_db_type'] = lazy { node['postfix']['db_type'] }
|
||||||
|
default['postfix']['virtual_alias_domains_db_type'] = lazy { node['postfix']['db_type'] }
|
||||||
|
|
||||||
case node['platform']
|
case node['platform']
|
||||||
when 'smartos'
|
when 'smartos'
|
||||||
@@ -96,6 +105,9 @@ default['postfix']['main']['smtp_sasl_auth_enable'] = 'no'
|
|||||||
default['postfix']['main']['mailbox_size_limit'] = 0
|
default['postfix']['main']['mailbox_size_limit'] = 0
|
||||||
default['postfix']['main']['mynetworks'] = nil
|
default['postfix']['main']['mynetworks'] = nil
|
||||||
default['postfix']['main']['inet_interfaces'] = 'loopback-only'
|
default['postfix']['main']['inet_interfaces'] = 'loopback-only'
|
||||||
|
default['postfix']['main']['default_database_type'] = lazy { node['postfix']['db_type'] }
|
||||||
|
default['postfix']['main']['alias_database'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}" }
|
||||||
|
default['postfix']['main']['alias_maps'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}" }
|
||||||
|
|
||||||
# Conditional attributes, also reference _attributes recipe
|
# Conditional attributes, also reference _attributes recipe
|
||||||
case node['platform_family']
|
case node['platform_family']
|
||||||
@@ -407,4 +419,4 @@ default['postfix']['aliases'] = if platform?('freebsd')
|
|||||||
{}
|
{}
|
||||||
end
|
end
|
||||||
|
|
||||||
default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
|
default['postfix']['main']['smtpd_relay_restrictions'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps'] }
|
||||||
|
|||||||
@@ -26,7 +26,7 @@
|
|||||||
"recipes": {
|
"recipes": {
|
||||||
|
|
||||||
},
|
},
|
||||||
"version": "6.0.26",
|
"version": "6.4.1",
|
||||||
"source_url": "https://github.com/sous-chefs/postfix",
|
"source_url": "https://github.com/sous-chefs/postfix",
|
||||||
"issues_url": "https://github.com/sous-chefs/postfix/issues",
|
"issues_url": "https://github.com/sous-chefs/postfix/issues",
|
||||||
"privacy": false,
|
"privacy": false,
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ maintainer 'Sous Chefs'
|
|||||||
maintainer_email 'help@sous-chefs.org'
|
maintainer_email 'help@sous-chefs.org'
|
||||||
license 'Apache-2.0'
|
license 'Apache-2.0'
|
||||||
description 'Installs and configures postfix for client or outbound relayhost, or to do SASL auth'
|
description 'Installs and configures postfix for client or outbound relayhost, or to do SASL auth'
|
||||||
version '6.0.26'
|
version '6.4.1'
|
||||||
source_url 'https://github.com/sous-chefs/postfix'
|
source_url 'https://github.com/sous-chefs/postfix'
|
||||||
issues_url 'https://github.com/sous-chefs/postfix/issues'
|
issues_url 'https://github.com/sous-chefs/postfix/issues'
|
||||||
chef_version '>= 12.15'
|
chef_version '>= 12.15'
|
||||||
|
|||||||
@@ -29,24 +29,22 @@ end
|
|||||||
|
|
||||||
if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
|
if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
|
||||||
node.default_unless['postfix']['sasl_password_file'] = "#{node['postfix']['conf_dir']}/sasl_passwd"
|
node.default_unless['postfix']['sasl_password_file'] = "#{node['postfix']['conf_dir']}/sasl_passwd"
|
||||||
node.default_unless['postfix']['main']['smtp_sasl_password_maps'] = "hash:#{node['postfix']['sasl_password_file']}"
|
node.default_unless['postfix']['main']['smtp_sasl_password_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['sasl_password_file']}"
|
||||||
node.default_unless['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous'
|
node.default_unless['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous'
|
||||||
node.default_unless['postfix']['sasl']['smtp_sasl_user_name'] = ''
|
|
||||||
node.default_unless['postfix']['sasl']['smtp_sasl_passwd'] = ''
|
|
||||||
node.default_unless['postfix']['main']['relayhost'] = ''
|
node.default_unless['postfix']['main']['relayhost'] = ''
|
||||||
end
|
end
|
||||||
|
|
||||||
node.default_unless['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps']
|
node.default_unless['postfix']['main']['alias_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps']
|
||||||
|
|
||||||
node.default_unless['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps']
|
node.default_unless['postfix']['main']['transport_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps']
|
||||||
|
|
||||||
node.default_unless['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps']
|
node.default_unless['postfix']['main']['access_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps']
|
||||||
|
|
||||||
node.default_unless['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"] if node['postfix']['use_virtual_aliases']
|
node.default_unless['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"] if node['postfix']['use_virtual_aliases']
|
||||||
|
|
||||||
node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"] if node['postfix']['use_virtual_aliases_domains']
|
node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"] if node['postfix']['use_virtual_aliases_domains']
|
||||||
|
|
||||||
node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
|
node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "#{node['postfix']['db_type']}:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
|
||||||
|
|
||||||
node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1 if node['postfix']['master']['maildrop']['active']
|
node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1 if node['postfix']['master']['maildrop']['active']
|
||||||
|
|
||||||
|
|||||||
@@ -155,7 +155,7 @@ unless node['postfix']['sender_canonical_map_entries'].empty?
|
|||||||
notifies :reload, 'service[postfix]'
|
notifies :reload, 'service[postfix]'
|
||||||
end
|
end
|
||||||
|
|
||||||
node.default['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps')
|
node.default['postfix']['main']['sender_canonical_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps')
|
||||||
end
|
end
|
||||||
|
|
||||||
execute 'update-postfix-smtp_generic' do
|
execute 'update-postfix-smtp_generic' do
|
||||||
@@ -172,7 +172,7 @@ unless node['postfix']['smtp_generic_map_entries'].empty?
|
|||||||
notifies :reload, 'service[postfix]'
|
notifies :reload, 'service[postfix]'
|
||||||
end
|
end
|
||||||
|
|
||||||
node.default['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps')
|
node.default['postfix']['main']['smtp_generic_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps')
|
||||||
end
|
end
|
||||||
|
|
||||||
execute 'update-postfix-recipient_canonical' do
|
execute 'update-postfix-recipient_canonical' do
|
||||||
@@ -189,7 +189,7 @@ unless node['postfix']['recipient_canonical_map_entries'].empty?
|
|||||||
notifies :reload, 'service[postfix]'
|
notifies :reload, 'service[postfix]'
|
||||||
end
|
end
|
||||||
|
|
||||||
node.default['postfix']['main']['recipient_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps')
|
node.default['postfix']['main']['recipient_canonical_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps')
|
||||||
end
|
end
|
||||||
|
|
||||||
service 'postfix' do
|
service 'postfix' do
|
||||||
|
|||||||
@@ -18,8 +18,8 @@ node['postfix']['maps'].each do |type, maps|
|
|||||||
package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
|
package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
|
||||||
end
|
end
|
||||||
|
|
||||||
if platform?('redhat') && node['platform_version'].to_i == 8
|
if platform_family?('rhel') && node['platform_version'].to_i >= 8
|
||||||
package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
|
package "postfix-#{type}" if %w(pgsql mysql ldap cdb lmdb).include?(type)
|
||||||
end
|
end
|
||||||
|
|
||||||
separator = if %w(pgsql mysql ldap memcache sqlite).include?(type)
|
separator = if %w(pgsql mysql ldap memcache sqlite).include?(type)
|
||||||
@@ -32,7 +32,7 @@ node['postfix']['maps'].each do |type, maps|
|
|||||||
command "postmap #{file}"
|
command "postmap #{file}"
|
||||||
environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
|
environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
|
||||||
action :nothing
|
action :nothing
|
||||||
end if %w(btree cdb dbm hash sdbm).include?(type)
|
end if %w(btree cdb dbm hash lmdb sdbm).include?(type)
|
||||||
template "#{file}-#{type}" do
|
template "#{file}-#{type}" do
|
||||||
path file
|
path file
|
||||||
source 'maps.erb'
|
source 'maps.erb'
|
||||||
@@ -41,7 +41,7 @@ node['postfix']['maps'].each do |type, maps|
|
|||||||
map: content,
|
map: content,
|
||||||
separator: separator
|
separator: separator
|
||||||
)
|
)
|
||||||
notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash sdbm).include?(type)
|
notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash lmdb sdbm).include?(type)
|
||||||
notifies :restart, 'service[postfix]'
|
notifies :restart, 'service[postfix]'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -1,9 +1,10 @@
|
|||||||
{
|
{
|
||||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||||
"extends": ["config:base"],
|
"extends": ["config:base"],
|
||||||
"packageRules": [{
|
"packageRules": [
|
||||||
|
{
|
||||||
"groupName": "Actions",
|
"groupName": "Actions",
|
||||||
"matchUpdateTypes": ["patch", "pin", "digest"],
|
"matchUpdateTypes": ["minor", "patch", "pin"],
|
||||||
"automerge": true,
|
"automerge": true,
|
||||||
"addLabels": ["Release: Patch", "Skip: Announcements"]
|
"addLabels": ["Release: Patch", "Skip: Announcements"]
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -6,5 +6,5 @@
|
|||||||
postmaster: root
|
postmaster: root
|
||||||
|
|
||||||
<% node['postfix']['aliases'].each do |name, value| %>
|
<% node['postfix']['aliases'].each do |name, value| %>
|
||||||
<%= name %>: <%= [value].flatten.map{|x| if (x.include?("@")) then x else %Q("#{x}") end}.join(', ') %>
|
<%= name.match?(/[\s#:@]/) ? "\"#{name}\"" : name %>: <%= [value].flatten.map{|x| x.include?("|") ? "\"#{x}\"" : x}.join(',') %>
|
||||||
<% end unless node['postfix']['aliases'].nil? %>
|
<% end unless node['postfix']['aliases'].nil? %>
|
||||||
|
|||||||
@@ -1,72 +1,93 @@
|
|||||||
{
|
{
|
||||||
"id": "akkounts",
|
"id": "akkounts",
|
||||||
"postgresql_username": {
|
"rails_master_key": {
|
||||||
"encrypted_data": "v2QoNkkxXGflxEdspIpfJdBjQVraMyF9yHq7\n",
|
"encrypted_data": "q/0BtGuFZJQhw+iG4ZmFG12DPaWQDGTb/nCmRoxOnsACkANqMv/zZ39CoNFe\nLPtZiItY\n",
|
||||||
"iv": "du8wubB9xQjOVeOS\n",
|
"iv": "JV8R0iu6TrqcZRxL\n",
|
||||||
"auth_tag": "gDZLYz5/XBCQDlDaFoP6mQ==\n",
|
"auth_tag": "YxZIhEUnrd3XrwR6f9wO4A==\n",
|
||||||
"version": 3,
|
"version": 3,
|
||||||
"cipher": "aes-256-gcm"
|
"cipher": "aes-256-gcm"
|
||||||
},
|
},
|
||||||
"postgresql_password": {
|
"rails_secret_key_base": {
|
||||||
"encrypted_data": "Naz4R5oOCUS/S/CZmW5eoil8BpJ3K1WLUIc3mAihhA==\n",
|
"encrypted_data": "JmDQew3+OR6+yJ1xErwXeTn6jw8N2HwTc9yvAVJ3G+7w1s3N7rKDM6+M50ez\n2zP4Lm/eXzH4WTsTZlQcodlyNpi66pvUCGAkNM36rwTN5yvnhqPUmuSQi7AG\nDTBronBwr9ENvwA/gRuugyyhrRB1iuStpzpYKCMhZ2ae9Mrxdux0+ezfSLn4\nuP22uUrEqdQ/BWsW\n",
|
||||||
"iv": "0S9Sb1MUoBVWbW9t\n",
|
"iv": "U/+YncCk13U6bYMz\n",
|
||||||
"auth_tag": "L2yGzVMKiKAzfpA+HADRqA==\n",
|
"auth_tag": "2wPYJ/uVPv4jLKpAW/x6sw==\n",
|
||||||
|
"version": 3,
|
||||||
|
"cipher": "aes-256-gcm"
|
||||||
|
},
|
||||||
|
"rails_encryption_primary_key": {
|
||||||
|
"encrypted_data": "u/7z91Og/2eM7PWi2JWYAQMhYX4S5+bMMeVpkFPu778Gqj6Td9pagsWIak/d\nb7AU1zjF\n",
|
||||||
|
"iv": "wYhrJWcuWbY8yo8S\n",
|
||||||
|
"auth_tag": "WEoEdNy6VBvB2d5gb8DTXw==\n",
|
||||||
|
"version": 3,
|
||||||
|
"cipher": "aes-256-gcm"
|
||||||
|
},
|
||||||
|
"rails_encryption_key_derivation_salt": {
|
||||||
|
"encrypted_data": "noOwTZuxfhsH94bjOT9rWCKS9rb3wAoXELGrc4nJZeNrb/B9XnOLTuK/wen8\nfmtoym0P\n",
|
||||||
|
"iv": "jiFWs3VXhJdQBNqk\n",
|
||||||
|
"auth_tag": "XDpJFgadYp7LyRqU7SO+Fg==\n",
|
||||||
|
"version": 3,
|
||||||
|
"cipher": "aes-256-gcm"
|
||||||
|
},
|
||||||
|
"postgresql": {
|
||||||
|
"encrypted_data": "Xorg8R8COxE/Swivu8MqZiwstD6rD+8FmgDx70pFscZ/CTb6WQRpyqGSrGZt\nZ7oL9WrqZs+mQgBb30odU+Sgdr6x\n",
|
||||||
|
"iv": "6QWZc3+MY0hBCc/s\n",
|
||||||
|
"auth_tag": "ZM+7OYyx5E9PciNG2OILhg==\n",
|
||||||
|
"version": 3,
|
||||||
|
"cipher": "aes-256-gcm"
|
||||||
|
},
|
||||||
|
"ldap": {
|
||||||
|
"encrypted_data": "mr2Z7hXF1GOn8RmqeZMMdaUcmiVP4ZeKtTX6RYW1cR+FQiUwoITwTPBE9XUx\n2cqZ9Mcd8uJicmf9vd+PfwPtRtoZFwqHQ4LDRFLW64hBZyiEkZWxWW+HzgPr\n",
|
||||||
|
"iv": "k1AkyEplnJ4IZO1Z\n",
|
||||||
|
"auth_tag": "zAOcrPex3VLDfRFq38n7fA==\n",
|
||||||
"version": 3,
|
"version": 3,
|
||||||
"cipher": "aes-256-gcm"
|
"cipher": "aes-256-gcm"
|
||||||
},
|
},
|
||||||
"sentry_dsn": {
|
"sentry_dsn": {
|
||||||
"encrypted_data": "OXiAeg6lIqEnbplAnKlkwb3o3DTfMJbLC0wnxmguQ8GZiP0RcpPOwUAa9Q3U\naA44f36BCKgHtCxdlVB59TTFA9W24ecU5KWb/jIc7mueSoc=\n",
|
"encrypted_data": "51cAERaRBCRg/sMb5c13EcnJzsz6VEf7jx6X3ooUSzm9wHoEfC5Hs/qakr/D\nqm9x3s3aGURRzyLUIEoe9jCohGguh6ehrXYVrun0B6pghVU=\n",
|
||||||
"iv": "86cAncfc1K4d43ql\n",
|
"iv": "hJsiiW6dFQMEQ+2p\n",
|
||||||
"auth_tag": "0i04Y/eFIN+b+5F605d7Dg==\n",
|
"auth_tag": "TOIahNrUhhsdQGlzp6UV5g==\n",
|
||||||
"version": 3,
|
|
||||||
"cipher": "aes-256-gcm"
|
|
||||||
},
|
|
||||||
"rails_master_key": {
|
|
||||||
"encrypted_data": "Ypv4g33evnuutOWmGl49kq3Ca3SmfWIswyxGIZA0J/o1ZMGpMOfySim/e7r8\nzdAM/PFo\n",
|
|
||||||
"iv": "w2bflz2KIbu/vRT1\n",
|
|
||||||
"auth_tag": "tpemUQJly8Ft9lN6rP+W4w==\n",
|
|
||||||
"version": 3,
|
"version": 3,
|
||||||
"cipher": "aes-256-gcm"
|
"cipher": "aes-256-gcm"
|
||||||
},
|
},
|
||||||
"discourse_connect_secret": {
|
"discourse_connect_secret": {
|
||||||
"encrypted_data": "DUK6G5SyRiehJh3iHtCKQj8Ki5+suk9Ds5/ZMp6OP1EshdbpziQ4XNey2x+R\nHCTSVg==\n",
|
"encrypted_data": "pvKcwuZgUJsAvClQ4V0BwhwEg09EUEWVxoSx+mFlfG1KpvZE4Cu3u3PalPSD\nldyKsw==\n",
|
||||||
"iv": "kfhA3apCUAHcNlwH\n",
|
"iv": "ED85d6PKyaKB3Wlv\n",
|
||||||
"auth_tag": "BqRV+CiF9rFrqEToJeisoQ==\n",
|
"auth_tag": "XVCU/WigC97tNe0bUK6okQ==\n",
|
||||||
"version": 3,
|
"version": 3,
|
||||||
"cipher": "aes-256-gcm"
|
"cipher": "aes-256-gcm"
|
||||||
},
|
},
|
||||||
"lndhub_admin_token": {
|
"lndhub_admin_token": {
|
||||||
"encrypted_data": "C3aKQIEwcQNCrr+uyLiOY2KAHZh5dUvTZ9IdANPqkGlr\n",
|
"encrypted_data": "LvCgahQblsKOxK9iNbwDd31atBfemVppHqV7s3K/sR4j\n",
|
||||||
"iv": "qrhJJzmmced9lNF1\n",
|
"iv": "zObzh2jEsqXk2vD2\n",
|
||||||
"auth_tag": "CH1fOwMWsidmWBwX2+4nJg==\n",
|
"auth_tag": "n9m/sBYBfzggwQLWrGpR2Q==\n",
|
||||||
"version": 3,
|
"version": 3,
|
||||||
"cipher": "aes-256-gcm"
|
"cipher": "aes-256-gcm"
|
||||||
},
|
},
|
||||||
"btcpay_auth_token": {
|
"btcpay_auth_token": {
|
||||||
"encrypted_data": "0vRq3ZeYPtNcdlCUQI0ip6YOaQZKBeK/dODL7IxdrAK9pHz+u53aL8LW92nJ\nmHW2DYcv+eX3ltnwu88=\n",
|
"encrypted_data": "M4kGd6+jresm90nWrJG25mX6rfhaU+VlJlIVd/IjOAUsDABryyulJul3GZFh\nFPSI4uEhgIWtn56I0bA=\n",
|
||||||
"iv": "5HenMAvE1Uu5l7jJ\n",
|
"iv": "hvqHm7A/YfUOJwRJ\n",
|
||||||
"auth_tag": "rJzkZPRYar1qw4dauSNV2w==\n",
|
"auth_tag": "DhtT6IeixD1MSRX+D7JxZA==\n",
|
||||||
"version": 3,
|
"version": 3,
|
||||||
"cipher": "aes-256-gcm"
|
"cipher": "aes-256-gcm"
|
||||||
},
|
},
|
||||||
"s3_access_key": {
|
"s3_access_key": {
|
||||||
"encrypted_data": "QB7XpwhzCvLczUojhcjXy+KX26rEDQHSSw983KP8W7Nud1SNbheU1PrDEQv/\n",
|
"encrypted_data": "FPRpLZoIbLcVWPJhOlX7ZeXGv6TZIWYAD+BKTsJOyOHxDG3eRULqQc89cGWi\n",
|
||||||
"iv": "DTtUXHNQ2g04E+oE\n",
|
"iv": "f9WiiGLmDxtygp60\n",
|
||||||
"auth_tag": "0XSkHE+MG4AnVT4XJR9tzw==\n",
|
"auth_tag": "lGnq4itmByuF/Yp20/6coQ==\n",
|
||||||
"version": 3,
|
"version": 3,
|
||||||
"cipher": "aes-256-gcm"
|
"cipher": "aes-256-gcm"
|
||||||
},
|
},
|
||||||
"s3_secret_key": {
|
"s3_secret_key": {
|
||||||
"encrypted_data": "IEUzFfOBuOwjzD1DbRyk07+jFlZhQVY+a7riDJ3QU1cNYZ3OTJUgJkowA/u5\nrZ6jqehGIzvPlDuzIezxQwN+Dy0ZJueB/ZEdRqhfkXUxgzkqb2s=\n",
|
"encrypted_data": "JnnwISbHJ+d7JZB/C0NH0fb8p+bDSwoq5t5knSi+bSTltSxKcq6PRX9K6bov\nEbo0GTdWePbuc5NCsyYxfrkzCtpLXTIxeCROtinRmFIgMFNwaOA=\n",
|
||||||
"iv": "gs9Igisu2EH+dAC/\n",
|
"iv": "pKPCaANDqGtbFV3V\n",
|
||||||
"auth_tag": "gDFuQCwlCL5mvys83CGv+w==\n",
|
"auth_tag": "S//hn2HOhuZH8+UfCNBWDg==\n",
|
||||||
"version": 3,
|
"version": 3,
|
||||||
"cipher": "aes-256-gcm"
|
"cipher": "aes-256-gcm"
|
||||||
},
|
},
|
||||||
"nostr_private_key": {
|
"nostr_private_key": {
|
||||||
"encrypted_data": "sFnQlwyZF0tfMzbaG/bdwqQLPVdHPpbyDT66FY1+ubssmWUpxsuNtbI71KyY\nI1784c7SSl4qKRgHZRrR658bYMKU4whe836qBgSf7Icczp1VSQY=\n",
|
"encrypted_data": "AKfFiLow+veDyEWBwmCDuLerT3l+o2aJUCeHg2mZZIyoH4oeo/9crZwIdjBn\n70reouqnHNG9mBHuO/+IPGfj53mHLo+oGHh+6LkL3ImI4MFBofY=\n",
|
||||||
"iv": "x8RJT4dcNdtm59Zz\n",
|
"iv": "bPlOKk2qkJAzdKf+\n",
|
||||||
"auth_tag": "6yxBq1W4jCNDYwP6+cTE6g==\n",
|
"auth_tag": "VIp1IOjBGatn2MN5LHVymg==\n",
|
||||||
"version": 3,
|
"version": 3,
|
||||||
"cipher": "aes-256-gcm"
|
"cipher": "aes-256-gcm"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,24 @@
|
|||||||
|
{
|
||||||
|
"id": "blossom",
|
||||||
|
"admin_password": {
|
||||||
|
"encrypted_data": "Gd6AzFmySL0p+xo1PnRn9p4Fwge1m3CQj+NRLIUD8P9u1C8=\n",
|
||||||
|
"iv": "l6KVzF9xEEBRRAmh\n",
|
||||||
|
"auth_tag": "P791KMh9TxuHiWJpDKxWQA==\n",
|
||||||
|
"version": 3,
|
||||||
|
"cipher": "aes-256-gcm"
|
||||||
|
},
|
||||||
|
"s3_access_key": {
|
||||||
|
"encrypted_data": "S8jB2LDQOxI/p5ugggW1Sk50TS9TJe9sLv04O/VD9/v22SSM7J6ETomTA+Hd\n",
|
||||||
|
"iv": "dUIIZbdAT9q72ioX\n",
|
||||||
|
"auth_tag": "+5fCNOuTE/+FqdV6rDNbkw==\n",
|
||||||
|
"version": 3,
|
||||||
|
"cipher": "aes-256-gcm"
|
||||||
|
},
|
||||||
|
"s3_secret_key": {
|
||||||
|
"encrypted_data": "soT63l2frBJDNmHetXmEPvNYBsTpvTyR95FA2rxuZXvVE7hMj21La8/0Amk7\nv+mHOBUMaGG9BTLN0tVFkL0+lGPXdZJTbtDHgluk5l6lLPyc8KY=\n",
|
||||||
|
"iv": "RuXs2pL9C/wpwJ/w\n",
|
||||||
|
"auth_tag": "nu7dE2udTkxaUZCR42h09w==\n",
|
||||||
|
"version": 3,
|
||||||
|
"cipher": "aes-256-gcm"
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1,23 +1,16 @@
|
|||||||
{
|
{
|
||||||
"id": "gandi_api",
|
"id": "gandi_api",
|
||||||
"key": {
|
|
||||||
"encrypted_data": "lU7/xYTmP5Sb6SsK5TNNIyegWozzBtUzpg7oDdl6gcz9FEMmG2ft0Ljh5Q==\n",
|
|
||||||
"iv": "EZPQD3C+wsP/mBhF\n",
|
|
||||||
"auth_tag": "vF9E8Pj4Z8quJJdOMg/QTw==\n",
|
|
||||||
"version": 3,
|
|
||||||
"cipher": "aes-256-gcm"
|
|
||||||
},
|
|
||||||
"access_token": {
|
"access_token": {
|
||||||
"encrypted_data": "1Uw69JkNrmb8LU/qssuod1SlqxxrWR7TJQZeeivRrNzrMIVTEW/1uwJIYL6b\nM4GeeYl9lIRlMMmLBkc=\n",
|
"encrypted_data": "+skwxHnpAj/3d3e2u7s7B9EydbETj8b0flWahvb5gt/o4JYFWHrhIyX/0IVa\n4wgmu08eDgU51i0knGA=\n",
|
||||||
"iv": "cc1GJKu6Cf4DkIgX\n",
|
"iv": "ONKrFCt8Oj3GKIQ5\n",
|
||||||
"auth_tag": "ERem4S7ozG695kjvWIMghw==\n",
|
"auth_tag": "j9Hrk8ZZFMQub4NUO+2e4g==\n",
|
||||||
"version": 3,
|
"version": 3,
|
||||||
"cipher": "aes-256-gcm"
|
"cipher": "aes-256-gcm"
|
||||||
},
|
},
|
||||||
"domains": {
|
"domains": {
|
||||||
"encrypted_data": "scZ5blsSjs54DlitR7KZ3enLbyceOR5q0wjHw1golQ==\n",
|
"encrypted_data": "lGfoPHdXEYYdJmoIA9M119wjVl1v4UzIv5gHADwx0A==\n",
|
||||||
"iv": "oDcHm7shAzW97b4t\n",
|
"iv": "q6XKbxhW7X9ONxNt\n",
|
||||||
"auth_tag": "62Zais9yf68SwmZRsmZ3hw==\n",
|
"auth_tag": "ns9WJH8Oe75siWu+sOZkRg==\n",
|
||||||
"version": 3,
|
"version": 3,
|
||||||
"cipher": "aes-256-gcm"
|
"cipher": "aes-256-gcm"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,15 @@
|
|||||||
|
# Mastodon
|
||||||
|
|
||||||
|
Running on kosmos.social
|
||||||
|
|
||||||
|
## Ops
|
||||||
|
|
||||||
|
### Enable maintance mode
|
||||||
|
|
||||||
|
Return a 503 and maintance page for all requests:
|
||||||
|
|
||||||
|
knife ssh -p2222 -a knife_zero.host "role:openresty_proxy" "sudo cp -p /var/www/maintenance.html /var/www/kosmos.social/public/ && sudo systemctl reload openresty"
|
||||||
|
|
||||||
|
### Stop maintenance mode
|
||||||
|
|
||||||
|
knife ssh -p2222 -a knife_zero.host "role:openresty_proxy" "sudo rm /var/www/kosmos.social/public/maintenance.html && sudo systemctl reload openresty"
|
||||||
@@ -0,0 +1,287 @@
|
|||||||
|
# Migrating PostgreSQL cluster to a new major version
|
||||||
|
|
||||||
|
## Summary
|
||||||
|
|
||||||
|
1. Dump from a replica
|
||||||
|
2. Restore to fresh VM running new major version
|
||||||
|
3. Add logical replication for delta sync from current/old primary
|
||||||
|
4. Switch primary to new server
|
||||||
|
5. Remove logical replication on new server
|
||||||
|
|
||||||
|
## Runbook
|
||||||
|
|
||||||
|
* Primary host: `PRIMARY_HOST`
|
||||||
|
* Replica host: `REPLICA_HOST`
|
||||||
|
* New PG14 host: `NEW_HOST`
|
||||||
|
* PostgreSQL superuser: `postgres`
|
||||||
|
* Running locally on each machine via `sudo -u postgres`
|
||||||
|
|
||||||
|
Adjust hostnames/IPs/etc. where needed.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 🟢 0. PRIMARY — Pre-checks
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres psql -c "SHOW wal_level;"
|
||||||
|
sudo -u postgres psql -c "SHOW max_replication_slots;"
|
||||||
|
```
|
||||||
|
|
||||||
|
If needed, edit config:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres vi $PGDATA/postgresql.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
Ensure:
|
||||||
|
|
||||||
|
```conf
|
||||||
|
wal_level = logical
|
||||||
|
max_replication_slots = 10
|
||||||
|
```
|
||||||
|
|
||||||
|
Restart if changed:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo systemctl restart postgresql
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 🔵🟡 3. Create keypair for syncing dump later
|
||||||
|
|
||||||
|
🔵 On NEW_HOST:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo mkdir -p /home/postgres/.ssh && \
|
||||||
|
sudo chown -R postgres:postgres /home/postgres && \
|
||||||
|
sudo chmod 700 /home/postgres/.ssh && \
|
||||||
|
sudo -u postgres bash -c 'ssh-keygen -t ecdsa -b 256 -f /home/postgres/.ssh/id_ecdsa -N "" -C "postgres@$(hostname)"' && \
|
||||||
|
sudo cat /home/postgres/.ssh/id_ecdsa.pub
|
||||||
|
```
|
||||||
|
|
||||||
|
Copy the public key from the above output
|
||||||
|
|
||||||
|
🟡 On replica:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo mkdir -p /home/postgres/.ssh && \
|
||||||
|
sudo chown -R postgres:postgres /home/postgres && \
|
||||||
|
sudo chmod 700 /home/postgres/.ssh && \
|
||||||
|
echo [public_key] | sudo tee /home/postgres/.ssh/authorized_keys > /dev/null && \
|
||||||
|
sudo chmod 700 /home/postgres/.ssh
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 🟢 1. PRIMARY — Create publication and replication slots
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres pg_create_replication_publications
|
||||||
|
```
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres pg_create_replication_publication [db_name]
|
||||||
|
```
|
||||||
|
|
||||||
|
Listing publications and slots:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres pg_list_replication_publications
|
||||||
|
sudo -u postgres pg_list_replication_slots
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 🟡 3. REPLICA — Pause replication
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres psql -c "SELECT pg_wal_replay_pause();"
|
||||||
|
```
|
||||||
|
|
||||||
|
Verify:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres psql -c "SELECT pg_is_wal_replay_paused();"
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 🟡 4. REPLICA — Run dump
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres pg_dump_all_databases
|
||||||
|
```
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres bash -c "pg_dumpall --globals-only > /tmp/globals.sql"
|
||||||
|
sudo -u postgres pg_dump_database [db_name]
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 🟡 5. REPLICA — Resume replication
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres psql -c "SELECT pg_wal_replay_resume();"
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 🔵 6. COPY dumps to NEW HOST
|
||||||
|
|
||||||
|
From NEW_HOST:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export REPLICA_HOST=[private_ip] && \
|
||||||
|
cd /tmp && \
|
||||||
|
sudo -u postgres scp "postgres@$REPLICA_HOST:/tmp/globals.sql" . && \
|
||||||
|
sudo -u postgres scp "postgres@$REPLICA_HOST:/tmp/dump_*.tar.zst" .
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 🔵 7. NEW HOST (PostgreSQL 14) — Restore
|
||||||
|
|
||||||
|
#### 7.1 Restore globals
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres psql -f /tmp/globals.sql
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
#### 7.2 Create databases
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres psql -Atqc "SELECT datname FROM pg_database WHERE datallowconn AND datname NOT IN ('template1')" | \
|
||||||
|
xargs -I{} sudo -u postgres createdb {}
|
||||||
|
```
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres createdb [db_name]
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
#### 7.3 Restore each database
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres pg_restore_all_databases
|
||||||
|
```
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres pg_restore_database [db_name]
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 🔵 8. NEW HOST — Create subscriptions
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres pg_create_replication_subscriptions
|
||||||
|
```
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres pg_create_replication_subscription [db_name]
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 🔵 9. NEW HOST — Monitor replication
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres pg_list_replication_subscriptions
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 🔴 11. CUTOVER
|
||||||
|
|
||||||
|
#### 11.1 Stop writes on old primary
|
||||||
|
|
||||||
|
Put app(s) in maintenance mode, stop the app/daemons.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
#### 11.2 Wait for replication to catch up
|
||||||
|
|
||||||
|
TODO: not the best way to check, since WAL LSNs keep increasing
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres psql -d [db_name] -c "SELECT * FROM pg_stat_subscription;"
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
#### 11.3 Fix sequences
|
||||||
|
|
||||||
|
Run per DB:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres pg_fix_sequences_in_all_databases
|
||||||
|
```
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres pg_fix_sequences [db_name]
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
#### 11.4 Point app to NEW_HOST
|
||||||
|
|
||||||
|
1. Update `pg.kosmos.local` in `/etc/hosts` on app server(s). For example:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export NEW_PG_PRIMARY=[private_ip]
|
||||||
|
knife ssh roles:ejabberd -a knife_zero.host "sudo sed -r \"s/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\s(pg.kosmos.local)/$NEW_PG_PRIMARY\t\1/\" -i /etc/hosts"
|
||||||
|
```
|
||||||
|
|
||||||
|
Or override node attribute(s) if necessary and/or approporiate.
|
||||||
|
|
||||||
|
2. Start the app/daemons, and deactivate maintenance mode.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 🧹 12. CLEANUP NEW_HOST
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres pg_drop_replication_subscriptions
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 🧹 13. CLEANUP PRIMARY
|
||||||
|
|
||||||
|
TODO: Looks like slots are dropped automatically, when subscriptions are dropped
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo -u postgres pg_drop_replication_publications
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### 🧹 13. CLEANUP Chef
|
||||||
|
|
||||||
|
Once all apps/databases are migrated, update the role in the node
|
||||||
|
config of the new primary to 'postgres_primary' and converge it.
|
||||||
|
|
||||||
|
Also delete the old primary node config from the Chef repo.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### ✅ DONE
|
||||||
|
|
||||||
|
---
|
||||||
@@ -18,6 +18,16 @@
|
|||||||
"relay_url": "wss://nostr.kosmos.org"
|
"relay_url": "wss://nostr.kosmos.org"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"blossom": {
|
||||||
|
"domain": "blossom.kosmos.org",
|
||||||
|
"storage": {
|
||||||
|
"s3": {
|
||||||
|
"endpoint": "s3.kosmos.org",
|
||||||
|
"region": "garage",
|
||||||
|
"bucket": "blossom"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"discourse": {
|
"discourse": {
|
||||||
"domain": "community.kosmos.org"
|
"domain": "community.kosmos.org"
|
||||||
},
|
},
|
||||||
@@ -105,20 +115,33 @@
|
|||||||
},
|
},
|
||||||
"strfry": {
|
"strfry": {
|
||||||
"domain": "nostr.kosmos.org",
|
"domain": "nostr.kosmos.org",
|
||||||
"real_ip_header": "x-real-ip",
|
"config": {
|
||||||
"policy_path": "/opt/strfry/strfry-policy.ts",
|
"events": {
|
||||||
|
"max_event_size": "524288"
|
||||||
|
},
|
||||||
|
"relay": {
|
||||||
|
"bind": "0.0.0.0",
|
||||||
|
"real_ip_header": "x-real-ip",
|
||||||
|
"info": {
|
||||||
|
"name": "Kosmos Relay",
|
||||||
|
"description": "Members-only nostr relay for kosmos.org users",
|
||||||
|
"pubkey": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
|
||||||
|
"contact": "ops@kosmos.org",
|
||||||
|
"icon": "https://assets.kosmos.org/img/app-icon-256px.png"
|
||||||
|
},
|
||||||
|
"write_policy": {
|
||||||
|
"plugin": "/opt/strfry/strfry-policy.ts"
|
||||||
|
},
|
||||||
|
"logging": {
|
||||||
|
"dump_in_all": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"known_pubkeys": {
|
"known_pubkeys": {
|
||||||
"_": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
|
"_": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
|
||||||
"accounts": "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a",
|
"accounts": "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a",
|
||||||
"bitcoincore": "47750177bb6bb113784e4973f6b2e3dd27ef1eff227d6e38d0046d618969e41a",
|
"bitcoincore": "47750177bb6bb113784e4973f6b2e3dd27ef1eff227d6e38d0046d618969e41a",
|
||||||
"fiatjaf": "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"
|
"fiatjaf": "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"
|
||||||
},
|
|
||||||
"info": {
|
|
||||||
"name": "Kosmos Relay",
|
|
||||||
"description": "Members-only nostr relay for kosmos.org users",
|
|
||||||
"pubkey": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
|
|
||||||
"contact": "ops@kosmos.org",
|
|
||||||
"icon": "https://assets.kosmos.org/img/app-icon-256px.png"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"substr": {
|
"substr": {
|
||||||
|
|||||||
@@ -9,7 +9,7 @@
|
|||||||
"automatic": {
|
"automatic": {
|
||||||
"fqdn": "akkounts-1",
|
"fqdn": "akkounts-1",
|
||||||
"os": "linux",
|
"os": "linux",
|
||||||
"os_version": "5.4.0-148-generic",
|
"os_version": "5.4.0-223-generic",
|
||||||
"hostname": "akkounts-1",
|
"hostname": "akkounts-1",
|
||||||
"ipaddress": "192.168.122.160",
|
"ipaddress": "192.168.122.160",
|
||||||
"roles": [
|
"roles": [
|
||||||
@@ -38,6 +38,7 @@
|
|||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
@@ -66,13 +67,13 @@
|
|||||||
"cloud": null,
|
"cloud": null,
|
||||||
"chef_packages": {
|
"chef_packages": {
|
||||||
"chef": {
|
"chef": {
|
||||||
"version": "18.2.7",
|
"version": "18.10.17",
|
||||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.2.7/lib",
|
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
|
||||||
"chef_effortless": null
|
"chef_effortless": null
|
||||||
},
|
},
|
||||||
"ohai": {
|
"ohai": {
|
||||||
"version": "18.1.4",
|
"version": "18.2.13",
|
||||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai"
|
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -8,7 +8,7 @@
|
|||||||
"automatic": {
|
"automatic": {
|
||||||
"fqdn": "bitcoin-2",
|
"fqdn": "bitcoin-2",
|
||||||
"os": "linux",
|
"os": "linux",
|
||||||
"os_version": "5.4.0-163-generic",
|
"os_version": "5.4.0-216-generic",
|
||||||
"hostname": "bitcoin-2",
|
"hostname": "bitcoin-2",
|
||||||
"ipaddress": "192.168.122.148",
|
"ipaddress": "192.168.122.148",
|
||||||
"roles": [
|
"roles": [
|
||||||
@@ -44,6 +44,7 @@
|
|||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
|
|||||||
@@ -61,7 +61,7 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"run_list": [
|
"run_list": [
|
||||||
"recipe[kosmos-base]",
|
"role[base]",
|
||||||
"role[kvm_guest]",
|
"role[kvm_guest]",
|
||||||
"role[garage_gateway]",
|
"role[garage_gateway]",
|
||||||
"role[kosmos_discourse]"
|
"role[kosmos_discourse]"
|
||||||
|
|||||||
@@ -12,6 +12,7 @@
|
|||||||
},
|
},
|
||||||
"openresty": {
|
"openresty": {
|
||||||
"listen_ip": "148.251.237.111",
|
"listen_ip": "148.251.237.111",
|
||||||
|
"listen_ipv6": "2a01:4f8:202:804a::2",
|
||||||
"log_formats": {
|
"log_formats": {
|
||||||
"json": "{\"ip\":\"$remote_addr\",\"time\":\"$time_local\",\"host\":\"$host\",\"method\":\"$request_method\",\"uri\":\"$uri\",\"status\":$status,\"size\":$body_bytes_sent,\"referer\":\"$http_referer\",\"upstream_addr\":\"$upstream_addr\",\"upstream_response_time\":\"$upstream_response_time\",\"ua\":\"$http_user_agent\"}"
|
"json": "{\"ip\":\"$remote_addr\",\"time\":\"$time_local\",\"host\":\"$host\",\"method\":\"$request_method\",\"uri\":\"$uri\",\"status\":$status,\"size\":$body_bytes_sent,\"referer\":\"$http_referer\",\"upstream_addr\":\"$upstream_addr\",\"upstream_response_time\":\"$upstream_response_time\",\"ua\":\"$http_user_agent\"}"
|
||||||
}
|
}
|
||||||
@@ -45,6 +46,7 @@
|
|||||||
"kosmos_garage::default",
|
"kosmos_garage::default",
|
||||||
"kosmos_garage::firewall_rpc",
|
"kosmos_garage::firewall_rpc",
|
||||||
"kosmos_assets::nginx_site",
|
"kosmos_assets::nginx_site",
|
||||||
|
"kosmos_blossom::nginx",
|
||||||
"kosmos_discourse::nginx",
|
"kosmos_discourse::nginx",
|
||||||
"kosmos_drone::nginx",
|
"kosmos_drone::nginx",
|
||||||
"kosmos_garage::nginx_web",
|
"kosmos_garage::nginx_web",
|
||||||
@@ -81,6 +83,7 @@
|
|||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
@@ -110,13 +113,13 @@
|
|||||||
"cloud": null,
|
"cloud": null,
|
||||||
"chef_packages": {
|
"chef_packages": {
|
||||||
"chef": {
|
"chef": {
|
||||||
"version": "18.2.7",
|
"version": "18.10.17",
|
||||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.2.7/lib",
|
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
|
||||||
"chef_effortless": null
|
"chef_effortless": null
|
||||||
},
|
},
|
||||||
"ohai": {
|
"ohai": {
|
||||||
"version": "18.1.4",
|
"version": "18.2.13",
|
||||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai"
|
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|||||||
+10
-9
@@ -8,26 +8,27 @@
|
|||||||
"automatic": {
|
"automatic": {
|
||||||
"fqdn": "drone-1",
|
"fqdn": "drone-1",
|
||||||
"os": "linux",
|
"os": "linux",
|
||||||
"os_version": "5.4.0-1058-kvm",
|
"os_version": "5.4.0-1133-kvm",
|
||||||
"hostname": "drone-1",
|
"hostname": "drone-1",
|
||||||
"ipaddress": "192.168.122.200",
|
"ipaddress": "192.168.122.200",
|
||||||
"roles": [
|
"roles": [
|
||||||
|
"kvm_guest",
|
||||||
"drone",
|
"drone",
|
||||||
"postgresql_client",
|
"postgresql_client"
|
||||||
"kvm_guest"
|
|
||||||
],
|
],
|
||||||
"recipes": [
|
"recipes": [
|
||||||
"kosmos-base",
|
"kosmos-base",
|
||||||
"kosmos-base::default",
|
"kosmos-base::default",
|
||||||
|
"kosmos_kvm::guest",
|
||||||
"kosmos_postgresql::hostsfile",
|
"kosmos_postgresql::hostsfile",
|
||||||
"kosmos_drone",
|
"kosmos_drone",
|
||||||
"kosmos_drone::default",
|
"kosmos_drone::default",
|
||||||
"kosmos_kvm::guest",
|
|
||||||
"apt::default",
|
"apt::default",
|
||||||
"timezone_iii::default",
|
"timezone_iii::default",
|
||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
@@ -43,18 +44,18 @@
|
|||||||
"cloud": null,
|
"cloud": null,
|
||||||
"chef_packages": {
|
"chef_packages": {
|
||||||
"chef": {
|
"chef": {
|
||||||
"version": "17.9.52",
|
"version": "18.7.10",
|
||||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.52/lib",
|
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib",
|
||||||
"chef_effortless": null
|
"chef_effortless": null
|
||||||
},
|
},
|
||||||
"ohai": {
|
"ohai": {
|
||||||
"version": "17.9.0",
|
"version": "18.2.5",
|
||||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai"
|
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"run_list": [
|
"run_list": [
|
||||||
"recipe[kosmos-base]",
|
"role[base]",
|
||||||
"role[kvm_guest]",
|
"role[kvm_guest]",
|
||||||
"role[drone]"
|
"role[drone]"
|
||||||
]
|
]
|
||||||
|
|||||||
@@ -37,6 +37,7 @@
|
|||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
|
|||||||
@@ -37,6 +37,7 @@
|
|||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
|
|||||||
@@ -39,6 +39,7 @@
|
|||||||
"kosmos_garage::default",
|
"kosmos_garage::default",
|
||||||
"kosmos_garage::firewall_rpc",
|
"kosmos_garage::firewall_rpc",
|
||||||
"kosmos_assets::nginx_site",
|
"kosmos_assets::nginx_site",
|
||||||
|
"kosmos_blossom::nginx",
|
||||||
"kosmos_discourse::nginx",
|
"kosmos_discourse::nginx",
|
||||||
"kosmos_drone::nginx",
|
"kosmos_drone::nginx",
|
||||||
"kosmos_garage::nginx_web",
|
"kosmos_garage::nginx_web",
|
||||||
@@ -75,6 +76,7 @@
|
|||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
@@ -104,13 +106,13 @@
|
|||||||
"cloud": null,
|
"cloud": null,
|
||||||
"chef_packages": {
|
"chef_packages": {
|
||||||
"chef": {
|
"chef": {
|
||||||
"version": "18.2.7",
|
"version": "18.10.17",
|
||||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.2.7/lib",
|
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
|
||||||
"chef_effortless": null
|
"chef_effortless": null
|
||||||
},
|
},
|
||||||
"ohai": {
|
"ohai": {
|
||||||
"version": "18.1.4",
|
"version": "18.2.13",
|
||||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai"
|
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -20,6 +20,7 @@
|
|||||||
"recipes": [
|
"recipes": [
|
||||||
"kosmos-base",
|
"kosmos-base",
|
||||||
"kosmos-base::default",
|
"kosmos-base::default",
|
||||||
|
"kosmos_prometheus::node_exporter",
|
||||||
"kosmos_kvm::guest",
|
"kosmos_kvm::guest",
|
||||||
"kosmos_garage",
|
"kosmos_garage",
|
||||||
"kosmos_garage::default",
|
"kosmos_garage::default",
|
||||||
@@ -30,6 +31,7 @@
|
|||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
|
|||||||
@@ -1,17 +1,17 @@
|
|||||||
{
|
{
|
||||||
"name": "garage-10",
|
"name": "garage-14",
|
||||||
"chef_environment": "production",
|
"chef_environment": "production",
|
||||||
"normal": {
|
"normal": {
|
||||||
"knife_zero": {
|
"knife_zero": {
|
||||||
"host": "10.1.1.27"
|
"host": "10.1.1.151"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"automatic": {
|
"automatic": {
|
||||||
"fqdn": "garage-10",
|
"fqdn": "garage-14",
|
||||||
"os": "linux",
|
"os": "linux",
|
||||||
"os_version": "5.4.0-1090-kvm",
|
"os_version": "5.15.0-1095-kvm",
|
||||||
"hostname": "garage-10",
|
"hostname": "garage-14",
|
||||||
"ipaddress": "192.168.122.70",
|
"ipaddress": "192.168.122.36",
|
||||||
"roles": [
|
"roles": [
|
||||||
"base",
|
"base",
|
||||||
"kvm_guest",
|
"kvm_guest",
|
||||||
@@ -20,6 +20,7 @@
|
|||||||
"recipes": [
|
"recipes": [
|
||||||
"kosmos-base",
|
"kosmos-base",
|
||||||
"kosmos-base::default",
|
"kosmos-base::default",
|
||||||
|
"kosmos_prometheus::node_exporter",
|
||||||
"kosmos_kvm::guest",
|
"kosmos_kvm::guest",
|
||||||
"kosmos_garage",
|
"kosmos_garage",
|
||||||
"kosmos_garage::default",
|
"kosmos_garage::default",
|
||||||
@@ -30,6 +31,7 @@
|
|||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
@@ -42,17 +44,17 @@
|
|||||||
"firewall::default"
|
"firewall::default"
|
||||||
],
|
],
|
||||||
"platform": "ubuntu",
|
"platform": "ubuntu",
|
||||||
"platform_version": "20.04",
|
"platform_version": "22.04",
|
||||||
"cloud": null,
|
"cloud": null,
|
||||||
"chef_packages": {
|
"chef_packages": {
|
||||||
"chef": {
|
"chef": {
|
||||||
"version": "18.5.0",
|
"version": "18.10.17",
|
||||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
|
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
|
||||||
"chef_effortless": null
|
"chef_effortless": null
|
||||||
},
|
},
|
||||||
"ohai": {
|
"ohai": {
|
||||||
"version": "18.1.11",
|
"version": "18.2.13",
|
||||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
|
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -1,17 +1,17 @@
|
|||||||
{
|
{
|
||||||
"name": "garage-9",
|
"name": "garage-15",
|
||||||
"chef_environment": "production",
|
"chef_environment": "production",
|
||||||
"normal": {
|
"normal": {
|
||||||
"knife_zero": {
|
"knife_zero": {
|
||||||
"host": "10.1.1.223"
|
"host": "10.1.1.82"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"automatic": {
|
"automatic": {
|
||||||
"fqdn": "garage-9",
|
"fqdn": "garage-15",
|
||||||
"os": "linux",
|
"os": "linux",
|
||||||
"os_version": "5.4.0-1090-kvm",
|
"os_version": "5.15.0-1095-kvm",
|
||||||
"hostname": "garage-9",
|
"hostname": "garage-15",
|
||||||
"ipaddress": "192.168.122.21",
|
"ipaddress": "192.168.122.57",
|
||||||
"roles": [
|
"roles": [
|
||||||
"base",
|
"base",
|
||||||
"kvm_guest",
|
"kvm_guest",
|
||||||
@@ -20,6 +20,7 @@
|
|||||||
"recipes": [
|
"recipes": [
|
||||||
"kosmos-base",
|
"kosmos-base",
|
||||||
"kosmos-base::default",
|
"kosmos-base::default",
|
||||||
|
"kosmos_prometheus::node_exporter",
|
||||||
"kosmos_kvm::guest",
|
"kosmos_kvm::guest",
|
||||||
"kosmos_garage",
|
"kosmos_garage",
|
||||||
"kosmos_garage::default",
|
"kosmos_garage::default",
|
||||||
@@ -30,6 +31,7 @@
|
|||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
@@ -42,17 +44,17 @@
|
|||||||
"firewall::default"
|
"firewall::default"
|
||||||
],
|
],
|
||||||
"platform": "ubuntu",
|
"platform": "ubuntu",
|
||||||
"platform_version": "20.04",
|
"platform_version": "22.04",
|
||||||
"cloud": null,
|
"cloud": null,
|
||||||
"chef_packages": {
|
"chef_packages": {
|
||||||
"chef": {
|
"chef": {
|
||||||
"version": "18.5.0",
|
"version": "18.10.17",
|
||||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
|
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
|
||||||
"chef_effortless": null
|
"chef_effortless": null
|
||||||
},
|
},
|
||||||
"ohai": {
|
"ohai": {
|
||||||
"version": "18.1.11",
|
"version": "18.2.13",
|
||||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
|
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -0,0 +1,64 @@
|
|||||||
|
{
|
||||||
|
"name": "garage-16",
|
||||||
|
"chef_environment": "production",
|
||||||
|
"normal": {
|
||||||
|
"knife_zero": {
|
||||||
|
"host": "10.1.1.153"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"automatic": {
|
||||||
|
"fqdn": "garage-16",
|
||||||
|
"os": "linux",
|
||||||
|
"os_version": "6.8.0-106-generic",
|
||||||
|
"hostname": "garage-16",
|
||||||
|
"ipaddress": "192.168.122.182",
|
||||||
|
"roles": [
|
||||||
|
"base",
|
||||||
|
"kvm_guest",
|
||||||
|
"garage_node"
|
||||||
|
],
|
||||||
|
"recipes": [
|
||||||
|
"kosmos-base",
|
||||||
|
"kosmos-base::default",
|
||||||
|
"kosmos_prometheus::node_exporter",
|
||||||
|
"kosmos_kvm::guest",
|
||||||
|
"kosmos_garage",
|
||||||
|
"kosmos_garage::default",
|
||||||
|
"kosmos_garage::firewall_rpc",
|
||||||
|
"kosmos_garage::firewall_apis",
|
||||||
|
"apt::default",
|
||||||
|
"timezone_iii::default",
|
||||||
|
"timezone_iii::debian",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
|
"kosmos-base::systemd_emails",
|
||||||
|
"apt::unattended-upgrades",
|
||||||
|
"kosmos-base::firewall",
|
||||||
|
"kosmos-postfix::default",
|
||||||
|
"postfix::default",
|
||||||
|
"postfix::_common",
|
||||||
|
"postfix::_attributes",
|
||||||
|
"postfix::sasl_auth",
|
||||||
|
"hostname::default",
|
||||||
|
"firewall::default"
|
||||||
|
],
|
||||||
|
"platform": "ubuntu",
|
||||||
|
"platform_version": "24.04",
|
||||||
|
"cloud": null,
|
||||||
|
"chef_packages": {
|
||||||
|
"chef": {
|
||||||
|
"version": "18.10.17",
|
||||||
|
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
|
||||||
|
"chef_effortless": null
|
||||||
|
},
|
||||||
|
"ohai": {
|
||||||
|
"version": "18.2.13",
|
||||||
|
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"run_list": [
|
||||||
|
"role[base]",
|
||||||
|
"role[kvm_guest]",
|
||||||
|
"role[garage_node]"
|
||||||
|
]
|
||||||
|
}
|
||||||
@@ -20,6 +20,7 @@
|
|||||||
"recipes": [
|
"recipes": [
|
||||||
"kosmos-base",
|
"kosmos-base",
|
||||||
"kosmos-base::default",
|
"kosmos-base::default",
|
||||||
|
"kosmos_prometheus::node_exporter",
|
||||||
"kosmos_kvm::guest",
|
"kosmos_kvm::guest",
|
||||||
"kosmos_garage",
|
"kosmos_garage",
|
||||||
"kosmos_garage::default",
|
"kosmos_garage::default",
|
||||||
@@ -30,6 +31,7 @@
|
|||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
|
|||||||
@@ -20,6 +20,7 @@
|
|||||||
"recipes": [
|
"recipes": [
|
||||||
"kosmos-base",
|
"kosmos-base",
|
||||||
"kosmos-base::default",
|
"kosmos-base::default",
|
||||||
|
"kosmos_prometheus::node_exporter",
|
||||||
"kosmos_kvm::guest",
|
"kosmos_kvm::guest",
|
||||||
"kosmos_garage",
|
"kosmos_garage",
|
||||||
"kosmos_garage::default",
|
"kosmos_garage::default",
|
||||||
@@ -30,6 +31,7 @@
|
|||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
|
|||||||
+2
-1
@@ -33,12 +33,13 @@
|
|||||||
"kosmos_gitea",
|
"kosmos_gitea",
|
||||||
"kosmos_gitea::default",
|
"kosmos_gitea::default",
|
||||||
"kosmos_gitea::backup",
|
"kosmos_gitea::backup",
|
||||||
"kosmos_gitea::act_runner",
|
"kosmos_gitea::runner",
|
||||||
"apt::default",
|
"apt::default",
|
||||||
"timezone_iii::default",
|
"timezone_iii::default",
|
||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
|
|||||||
+1
-1
@@ -60,7 +60,7 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"run_list": [
|
"run_list": [
|
||||||
"recipe[kosmos-base]",
|
"role[base]",
|
||||||
"role[kvm_guest]",
|
"role[kvm_guest]",
|
||||||
"role[ipfs_gateway]"
|
"role[ipfs_gateway]"
|
||||||
]
|
]
|
||||||
|
|||||||
@@ -57,7 +57,7 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"run_list": [
|
"run_list": [
|
||||||
"recipe[kosmos-base]",
|
"role[base]",
|
||||||
"role[kvm_guest]",
|
"role[kvm_guest]",
|
||||||
"role[dirsrv_supplier]"
|
"role[dirsrv_supplier]"
|
||||||
]
|
]
|
||||||
|
|||||||
@@ -0,0 +1,56 @@
|
|||||||
|
{
|
||||||
|
"name": "leo",
|
||||||
|
"normal": {
|
||||||
|
"knife_zero": {
|
||||||
|
"host": "leo.kosmos.org"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"automatic": {
|
||||||
|
"fqdn": "leo",
|
||||||
|
"os": "linux",
|
||||||
|
"os_version": "5.15.0-173-generic",
|
||||||
|
"hostname": "leo",
|
||||||
|
"ipaddress": "5.9.81.116",
|
||||||
|
"roles": [
|
||||||
|
"base"
|
||||||
|
],
|
||||||
|
"recipes": [
|
||||||
|
"kosmos-base",
|
||||||
|
"kosmos-base::default",
|
||||||
|
"kosmos_kvm::host",
|
||||||
|
"apt::default",
|
||||||
|
"timezone_iii::default",
|
||||||
|
"timezone_iii::debian",
|
||||||
|
"ntp::default",
|
||||||
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
|
"kosmos-base::systemd_emails",
|
||||||
|
"apt::unattended-upgrades",
|
||||||
|
"kosmos-base::firewall",
|
||||||
|
"kosmos-postfix::default",
|
||||||
|
"postfix::default",
|
||||||
|
"postfix::_common",
|
||||||
|
"postfix::_attributes",
|
||||||
|
"postfix::sasl_auth",
|
||||||
|
"hostname::default"
|
||||||
|
],
|
||||||
|
"platform": "ubuntu",
|
||||||
|
"platform_version": "22.04",
|
||||||
|
"cloud": null,
|
||||||
|
"chef_packages": {
|
||||||
|
"chef": {
|
||||||
|
"version": "18.10.17",
|
||||||
|
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
|
||||||
|
"chef_effortless": null
|
||||||
|
},
|
||||||
|
"ohai": {
|
||||||
|
"version": "18.2.13",
|
||||||
|
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"run_list": [
|
||||||
|
"role[base]",
|
||||||
|
"recipe[kosmos_kvm::host]"
|
||||||
|
]
|
||||||
|
}
|
||||||
@@ -30,6 +30,7 @@
|
|||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
|
|||||||
@@ -37,6 +37,7 @@
|
|||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
@@ -82,7 +83,7 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"run_list": [
|
"run_list": [
|
||||||
"recipe[kosmos-base]",
|
"role[base]",
|
||||||
"role[kvm_guest]",
|
"role[kvm_guest]",
|
||||||
"role[ldap_client]",
|
"role[ldap_client]",
|
||||||
"role[garage_gateway]",
|
"role[garage_gateway]",
|
||||||
|
|||||||
@@ -1,16 +1,17 @@
|
|||||||
{
|
{
|
||||||
"name": "postgres-6",
|
"name": "postgres-11",
|
||||||
|
"chef_environment": "production",
|
||||||
"normal": {
|
"normal": {
|
||||||
"knife_zero": {
|
"knife_zero": {
|
||||||
"host": "10.1.1.196"
|
"host": "10.1.1.91"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"automatic": {
|
"automatic": {
|
||||||
"fqdn": "postgres-6",
|
"fqdn": "postgres-11",
|
||||||
"os": "linux",
|
"os": "linux",
|
||||||
"os_version": "5.4.0-173-generic",
|
"os_version": "5.15.0-1095-kvm",
|
||||||
"hostname": "postgres-6",
|
"hostname": "postgres-11",
|
||||||
"ipaddress": "192.168.122.60",
|
"ipaddress": "192.168.122.142",
|
||||||
"roles": [
|
"roles": [
|
||||||
"base",
|
"base",
|
||||||
"kvm_guest",
|
"kvm_guest",
|
||||||
@@ -21,17 +22,20 @@
|
|||||||
"kosmos-base::default",
|
"kosmos-base::default",
|
||||||
"kosmos_kvm::guest",
|
"kosmos_kvm::guest",
|
||||||
"kosmos_postgresql::primary",
|
"kosmos_postgresql::primary",
|
||||||
"kosmos_postgresql::firewall",
|
"kosmos-akkounts::pg_db",
|
||||||
"kosmos-bitcoin::lndhub-go_pg_db",
|
"kosmos-bitcoin::lndhub-go_pg_db",
|
||||||
"kosmos-bitcoin::nbxplorer_pg_db",
|
"kosmos-bitcoin::nbxplorer_pg_db",
|
||||||
"kosmos_drone::pg_db",
|
"kosmos_drone::pg_db",
|
||||||
"kosmos_gitea::pg_db",
|
"kosmos_gitea::pg_db",
|
||||||
"kosmos-mastodon::pg_db",
|
"kosmos-mastodon::pg_db",
|
||||||
|
"kosmos_postgresql::firewall",
|
||||||
|
"kosmos_postgresql::management_scripts",
|
||||||
"apt::default",
|
"apt::default",
|
||||||
"timezone_iii::default",
|
"timezone_iii::default",
|
||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
@@ -43,17 +47,17 @@
|
|||||||
"hostname::default"
|
"hostname::default"
|
||||||
],
|
],
|
||||||
"platform": "ubuntu",
|
"platform": "ubuntu",
|
||||||
"platform_version": "20.04",
|
"platform_version": "22.04",
|
||||||
"cloud": null,
|
"cloud": null,
|
||||||
"chef_packages": {
|
"chef_packages": {
|
||||||
"chef": {
|
"chef": {
|
||||||
"version": "18.4.2",
|
"version": "18.10.17",
|
||||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.4.2/lib",
|
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
|
||||||
"chef_effortless": null
|
"chef_effortless": null
|
||||||
},
|
},
|
||||||
"ohai": {
|
"ohai": {
|
||||||
"version": "18.1.11",
|
"version": "18.2.13",
|
||||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
|
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -1,17 +1,17 @@
|
|||||||
{
|
{
|
||||||
"name": "postgres-8",
|
"name": "postgres-12",
|
||||||
"chef_environment": "production",
|
"chef_environment": "production",
|
||||||
"normal": {
|
"normal": {
|
||||||
"knife_zero": {
|
"knife_zero": {
|
||||||
"host": "10.1.1.99"
|
"host": "10.1.1.134"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"automatic": {
|
"automatic": {
|
||||||
"fqdn": "postgres-8",
|
"fqdn": "postgres-12",
|
||||||
"os": "linux",
|
"os": "linux",
|
||||||
"os_version": "5.15.0-1059-kvm",
|
"os_version": "5.15.0-1096-kvm",
|
||||||
"hostname": "postgres-8",
|
"hostname": "postgres-12",
|
||||||
"ipaddress": "192.168.122.100",
|
"ipaddress": "192.168.122.139",
|
||||||
"roles": [
|
"roles": [
|
||||||
"base",
|
"base",
|
||||||
"kvm_guest",
|
"kvm_guest",
|
||||||
@@ -24,11 +24,13 @@
|
|||||||
"kosmos_postgresql::hostsfile",
|
"kosmos_postgresql::hostsfile",
|
||||||
"kosmos_postgresql::replica",
|
"kosmos_postgresql::replica",
|
||||||
"kosmos_postgresql::firewall",
|
"kosmos_postgresql::firewall",
|
||||||
|
"kosmos_postgresql::management_scripts",
|
||||||
"apt::default",
|
"apt::default",
|
||||||
"timezone_iii::default",
|
"timezone_iii::default",
|
||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
@@ -44,13 +46,13 @@
|
|||||||
"cloud": null,
|
"cloud": null,
|
||||||
"chef_packages": {
|
"chef_packages": {
|
||||||
"chef": {
|
"chef": {
|
||||||
"version": "18.5.0",
|
"version": "18.10.17",
|
||||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
|
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
|
||||||
"chef_effortless": null
|
"chef_effortless": null
|
||||||
},
|
},
|
||||||
"ohai": {
|
"ohai": {
|
||||||
"version": "18.1.11",
|
"version": "18.2.13",
|
||||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
|
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -1,34 +1,33 @@
|
|||||||
{
|
{
|
||||||
"name": "postgres-7",
|
"name": "prometheus-1",
|
||||||
"chef_environment": "production",
|
"chef_environment": "production",
|
||||||
"normal": {
|
"normal": {
|
||||||
"knife_zero": {
|
"knife_zero": {
|
||||||
"host": "10.1.1.134"
|
"host": "10.1.1.146"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"automatic": {
|
"automatic": {
|
||||||
"fqdn": "postgres-7",
|
"fqdn": "prometheus-1",
|
||||||
"os": "linux",
|
"os": "linux",
|
||||||
"os_version": "5.4.0-1123-kvm",
|
"os_version": "6.8.0-134-generic",
|
||||||
"hostname": "postgres-7",
|
"hostname": "prometheus-1",
|
||||||
"ipaddress": "192.168.122.89",
|
"ipaddress": "192.168.122.166",
|
||||||
"roles": [
|
"roles": [
|
||||||
"base",
|
"base",
|
||||||
"kvm_guest",
|
"kvm_guest",
|
||||||
"postgresql_replica"
|
"prometheus_server"
|
||||||
],
|
],
|
||||||
"recipes": [
|
"recipes": [
|
||||||
"kosmos-base",
|
"kosmos-base",
|
||||||
"kosmos-base::default",
|
"kosmos-base::default",
|
||||||
|
"kosmos_prometheus::node_exporter",
|
||||||
"kosmos_kvm::guest",
|
"kosmos_kvm::guest",
|
||||||
"kosmos_postgresql::hostsfile",
|
"kosmos_prometheus::server",
|
||||||
"kosmos_postgresql::replica",
|
"kosmos_prometheus::alertmanager",
|
||||||
"kosmos_postgresql::firewall",
|
|
||||||
"apt::default",
|
"apt::default",
|
||||||
"timezone_iii::default",
|
"timezone_iii::default",
|
||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"kosmos-base::journald_conf",
|
||||||
"ntp::apparmor",
|
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
@@ -37,26 +36,27 @@
|
|||||||
"postfix::_common",
|
"postfix::_common",
|
||||||
"postfix::_attributes",
|
"postfix::_attributes",
|
||||||
"postfix::sasl_auth",
|
"postfix::sasl_auth",
|
||||||
"hostname::default"
|
"hostname::default",
|
||||||
|
"firewall::default"
|
||||||
],
|
],
|
||||||
"platform": "ubuntu",
|
"platform": "ubuntu",
|
||||||
"platform_version": "20.04",
|
"platform_version": "24.04",
|
||||||
"cloud": null,
|
"cloud": null,
|
||||||
"chef_packages": {
|
"chef_packages": {
|
||||||
"chef": {
|
"chef": {
|
||||||
"version": "18.5.0",
|
"version": "18.10.17",
|
||||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
|
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
|
||||||
"chef_effortless": null
|
"chef_effortless": null
|
||||||
},
|
},
|
||||||
"ohai": {
|
"ohai": {
|
||||||
"version": "18.1.11",
|
"version": "18.2.13",
|
||||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
|
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"run_list": [
|
"run_list": [
|
||||||
"role[base]",
|
"role[base]",
|
||||||
"role[kvm_guest]",
|
"role[kvm_guest]",
|
||||||
"role[postgresql_replica]"
|
"role[prometheus_server]"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@@ -55,7 +55,7 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"run_list": [
|
"run_list": [
|
||||||
"recipe[kosmos-base]",
|
"role[base]",
|
||||||
"role[kvm_guest]",
|
"role[kvm_guest]",
|
||||||
"role[remotestorage_discourse]"
|
"role[remotestorage_discourse]"
|
||||||
]
|
]
|
||||||
|
|||||||
@@ -0,0 +1,60 @@
|
|||||||
|
{
|
||||||
|
"name": "rsk-testnet-6",
|
||||||
|
"normal": {
|
||||||
|
"knife_zero": {
|
||||||
|
"host": "10.1.1.20"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"automatic": {
|
||||||
|
"fqdn": "rsk-testnet-6",
|
||||||
|
"os": "linux",
|
||||||
|
"os_version": "6.8.0-107-generic",
|
||||||
|
"hostname": "rsk-testnet-6",
|
||||||
|
"ipaddress": "192.168.122.231",
|
||||||
|
"roles": [
|
||||||
|
"base",
|
||||||
|
"kvm_guest",
|
||||||
|
"rskj_testnet"
|
||||||
|
],
|
||||||
|
"recipes": [
|
||||||
|
"kosmos-base",
|
||||||
|
"kosmos-base::default",
|
||||||
|
"kosmos_kvm::guest",
|
||||||
|
"kosmos_rsk::rskj",
|
||||||
|
"apt::default",
|
||||||
|
"timezone_iii::default",
|
||||||
|
"timezone_iii::debian",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
|
"kosmos-base::systemd_emails",
|
||||||
|
"apt::unattended-upgrades",
|
||||||
|
"kosmos-base::firewall",
|
||||||
|
"kosmos-postfix::default",
|
||||||
|
"postfix::default",
|
||||||
|
"postfix::_common",
|
||||||
|
"postfix::_attributes",
|
||||||
|
"postfix::sasl_auth",
|
||||||
|
"hostname::default",
|
||||||
|
"kosmos_rsk::firewall",
|
||||||
|
"firewall::default"
|
||||||
|
],
|
||||||
|
"platform": "ubuntu",
|
||||||
|
"platform_version": "24.04",
|
||||||
|
"cloud": null,
|
||||||
|
"chef_packages": {
|
||||||
|
"chef": {
|
||||||
|
"version": "18.10.17",
|
||||||
|
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
|
||||||
|
"chef_effortless": null
|
||||||
|
},
|
||||||
|
"ohai": {
|
||||||
|
"version": "18.2.13",
|
||||||
|
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"run_list": [
|
||||||
|
"role[base]",
|
||||||
|
"role[kvm_guest]",
|
||||||
|
"role[rskj_testnet]"
|
||||||
|
]
|
||||||
|
}
|
||||||
+9
-3
@@ -16,7 +16,8 @@
|
|||||||
"base",
|
"base",
|
||||||
"kvm_guest",
|
"kvm_guest",
|
||||||
"strfry",
|
"strfry",
|
||||||
"ldap_client"
|
"ldap_client",
|
||||||
|
"blossom"
|
||||||
],
|
],
|
||||||
"recipes": [
|
"recipes": [
|
||||||
"kosmos-base",
|
"kosmos-base",
|
||||||
@@ -28,11 +29,14 @@
|
|||||||
"kosmos_strfry::policies",
|
"kosmos_strfry::policies",
|
||||||
"kosmos_strfry::firewall",
|
"kosmos_strfry::firewall",
|
||||||
"kosmos_strfry::substr",
|
"kosmos_strfry::substr",
|
||||||
|
"kosmos_blossom",
|
||||||
|
"kosmos_blossom::default",
|
||||||
"apt::default",
|
"apt::default",
|
||||||
"timezone_iii::default",
|
"timezone_iii::default",
|
||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
@@ -42,7 +46,8 @@
|
|||||||
"postfix::_attributes",
|
"postfix::_attributes",
|
||||||
"postfix::sasl_auth",
|
"postfix::sasl_auth",
|
||||||
"hostname::default",
|
"hostname::default",
|
||||||
"deno::default"
|
"deno::default",
|
||||||
|
"blossom::default"
|
||||||
],
|
],
|
||||||
"platform": "ubuntu",
|
"platform": "ubuntu",
|
||||||
"platform_version": "22.04",
|
"platform_version": "22.04",
|
||||||
@@ -62,6 +67,7 @@
|
|||||||
"run_list": [
|
"run_list": [
|
||||||
"role[base]",
|
"role[base]",
|
||||||
"role[kvm_guest]",
|
"role[kvm_guest]",
|
||||||
"role[strfry]"
|
"role[strfry]",
|
||||||
|
"role[blossom]"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -60,7 +60,7 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"run_list": [
|
"run_list": [
|
||||||
"recipe[kosmos-base]",
|
"role[base]",
|
||||||
"role[kvm_guest]",
|
"role[kvm_guest]",
|
||||||
"recipe[kosmos-ejabberd::upload_service]"
|
"recipe[kosmos-ejabberd::upload_service]"
|
||||||
]
|
]
|
||||||
|
|||||||
+6
-4
@@ -28,6 +28,7 @@
|
|||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
"ntp::default",
|
"ntp::default",
|
||||||
"ntp::apparmor",
|
"ntp::apparmor",
|
||||||
|
"kosmos-base::journald_conf",
|
||||||
"kosmos-base::systemd_emails",
|
"kosmos-base::systemd_emails",
|
||||||
"apt::unattended-upgrades",
|
"apt::unattended-upgrades",
|
||||||
"kosmos-base::firewall",
|
"kosmos-base::firewall",
|
||||||
@@ -66,12 +67,13 @@
|
|||||||
"cloud": null,
|
"cloud": null,
|
||||||
"chef_packages": {
|
"chef_packages": {
|
||||||
"chef": {
|
"chef": {
|
||||||
"version": "15.13.8",
|
"version": "18.7.10",
|
||||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.13.8/lib"
|
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib",
|
||||||
|
"chef_effortless": null
|
||||||
},
|
},
|
||||||
"ohai": {
|
"ohai": {
|
||||||
"version": "15.12.0",
|
"version": "18.2.5",
|
||||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
|
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -2,4 +2,5 @@ name "base"
|
|||||||
|
|
||||||
run_list %w(
|
run_list %w(
|
||||||
kosmos-base::default
|
kosmos-base::default
|
||||||
|
kosmos_prometheus::node_exporter
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -0,0 +1,16 @@
|
|||||||
|
name "blossom"
|
||||||
|
|
||||||
|
override_attributes(
|
||||||
|
"blossom" => {
|
||||||
|
"allowed_pubkeys" => [
|
||||||
|
# "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
|
||||||
|
# "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3",
|
||||||
|
# "898a73f2c1f9a9f42d9ef4ac363622f92fdd4290c8f190340a0862d8e0f70046"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|
||||||
|
run_list %w(
|
||||||
|
role[ldap_client]
|
||||||
|
kosmos_blossom::default
|
||||||
|
)
|
||||||
@@ -5,3 +5,11 @@ run_list %w(
|
|||||||
kosmos_gitea::default
|
kosmos_gitea::default
|
||||||
kosmos_gitea::backup
|
kosmos_gitea::backup
|
||||||
)
|
)
|
||||||
|
|
||||||
|
override_attributes(
|
||||||
|
"gitea" => {
|
||||||
|
# "repo" => "https://github.com/67P/gitea.git",
|
||||||
|
# "revision" => "ldap_sync",
|
||||||
|
"log" => { "level" => "Info" }
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name "gitea_actions_runner"
|
name "gitea_actions_runner"
|
||||||
|
|
||||||
run_list %w(
|
run_list %w(
|
||||||
kosmos_gitea::act_runner
|
kosmos_gitea::runner
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -19,6 +19,7 @@ production_run_list = %w(
|
|||||||
role[openresty]
|
role[openresty]
|
||||||
role[garage_gateway]
|
role[garage_gateway]
|
||||||
kosmos_assets::nginx_site
|
kosmos_assets::nginx_site
|
||||||
|
kosmos_blossom::nginx
|
||||||
kosmos_discourse::nginx
|
kosmos_discourse::nginx
|
||||||
kosmos_drone::nginx
|
kosmos_drone::nginx
|
||||||
kosmos_garage::nginx_web
|
kosmos_garage::nginx_web
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
name "postgresql_primary"
|
name "postgresql_primary"
|
||||||
|
|
||||||
run_list %w(
|
run_list [
|
||||||
kosmos_postgresql::primary
|
"kosmos_postgresql::primary",
|
||||||
kosmos_postgresql::firewall
|
"kosmos-akkounts::pg_db",
|
||||||
kosmos-bitcoin::lndhub-go_pg_db
|
"kosmos-bitcoin::lndhub-go_pg_db",
|
||||||
kosmos-bitcoin::nbxplorer_pg_db
|
"kosmos-bitcoin::nbxplorer_pg_db",
|
||||||
kosmos_drone::pg_db
|
"kosmos_drone::pg_db",
|
||||||
kosmos_gitea::pg_db
|
"kosmos_gitea::pg_db",
|
||||||
kosmos-mastodon::pg_db
|
"kosmos-mastodon::pg_db",
|
||||||
)
|
"kosmos_postgresql::firewall",
|
||||||
|
"kosmos_postgresql::management_scripts"
|
||||||
|
]
|
||||||
|
|||||||
@@ -1,7 +1,8 @@
|
|||||||
name "postgresql_replica"
|
name "postgresql_replica"
|
||||||
|
|
||||||
run_list %w(
|
run_list [
|
||||||
kosmos_postgresql::hostsfile
|
"kosmos_postgresql::hostsfile",
|
||||||
kosmos_postgresql::replica
|
"kosmos_postgresql::replica",
|
||||||
kosmos_postgresql::firewall
|
"kosmos_postgresql::firewall",
|
||||||
)
|
"kosmos_postgresql::management_scripts"
|
||||||
|
]
|
||||||
|
|||||||
@@ -0,0 +1,8 @@
|
|||||||
|
name "postgresql_replica_logical"
|
||||||
|
|
||||||
|
run_list [
|
||||||
|
"kosmos_postgresql::hostsfile",
|
||||||
|
"kosmos_postgresql::replica_logical",
|
||||||
|
"kosmos_postgresql::firewall",
|
||||||
|
"kosmos_postgresql::management_scripts"
|
||||||
|
]
|
||||||
@@ -0,0 +1,12 @@
|
|||||||
|
name "prometheus_server"
|
||||||
|
|
||||||
|
default_run_list = [
|
||||||
|
"kosmos_prometheus::server",
|
||||||
|
"kosmos_prometheus::alertmanager"
|
||||||
|
]
|
||||||
|
|
||||||
|
env_run_lists(
|
||||||
|
"_default" => default_run_list,
|
||||||
|
"development" => default_run_list,
|
||||||
|
"production" => default_run_list
|
||||||
|
)
|
||||||
Submodule
+1
Submodule site-cookbooks/blossom added at 314bd6ab1a
+1
-1
Submodule site-cookbooks/deno updated: 617f7959ab...3795c9e672
@@ -8,8 +8,8 @@ upstream _<%= @upstream_name %> {
|
|||||||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||||
server {
|
server {
|
||||||
server_name <%= @server_name %>;
|
server_name <%= @server_name %>;
|
||||||
listen 443 ssl http2;
|
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
|
||||||
|
|
||||||
ssl_certificate <%= @ssl_cert %>;
|
ssl_certificate <%= @ssl_cert %>;
|
||||||
ssl_certificate_key <%= @ssl_key %>;
|
ssl_certificate_key <%= @ssl_key %>;
|
||||||
|
|||||||
@@ -24,13 +24,12 @@ package "libvips"
|
|||||||
|
|
||||||
include_recipe 'redisio::default'
|
include_recipe 'redisio::default'
|
||||||
include_recipe 'redisio::enable'
|
include_recipe 'redisio::enable'
|
||||||
|
|
||||||
|
node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_20.x"
|
||||||
include_recipe 'kosmos-nodejs'
|
include_recipe 'kosmos-nodejs'
|
||||||
|
npm_package "bun"
|
||||||
|
|
||||||
npm_package "yarn" do
|
ruby_version = "3.3.8"
|
||||||
version "1.22.4"
|
|
||||||
end
|
|
||||||
|
|
||||||
ruby_version = "3.3.0"
|
|
||||||
ruby_path = "/opt/ruby_build/builds/#{ruby_version}"
|
ruby_path = "/opt/ruby_build/builds/#{ruby_version}"
|
||||||
bundle_path = "#{ruby_path}/bin/bundle"
|
bundle_path = "#{ruby_path}/bin/bundle"
|
||||||
rails_env = node.chef_environment == "development" ? "development" : "production"
|
rails_env = node.chef_environment == "development" ? "development" : "production"
|
||||||
@@ -48,7 +47,28 @@ webhooks_allowed_ips = [lndhub_host].compact.uniq.join(',')
|
|||||||
env = {
|
env = {
|
||||||
primary_domain: node['akkounts']['primary_domain'],
|
primary_domain: node['akkounts']['primary_domain'],
|
||||||
akkounts_domain: node['akkounts']['domain'],
|
akkounts_domain: node['akkounts']['domain'],
|
||||||
rails_serve_static_files: true
|
rails_serve_static_files: true,
|
||||||
|
secret_key_base: credentials["rails_secret_key_base"],
|
||||||
|
encryption_primary_key: credentials["rails_encryption_primary_key"],
|
||||||
|
encryption_key_derivation_salt: credentials["rails_encryption_key_derivation_salt"],
|
||||||
|
db_adapter: "postgresql",
|
||||||
|
pg_host: "pg.kosmos.local",
|
||||||
|
pg_port: 5432,
|
||||||
|
pg_database: "akkounts",
|
||||||
|
pg_database_queue: "akkounts_queue",
|
||||||
|
pg_username: credentials["postgresql"]["username"],
|
||||||
|
pg_password: credentials["postgresql"]["password"]
|
||||||
|
}
|
||||||
|
|
||||||
|
env[:ldap] = {
|
||||||
|
host: "ldap.kosmos.local",
|
||||||
|
port: 389,
|
||||||
|
use_tls: false,
|
||||||
|
uid_attr: "cn",
|
||||||
|
base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org",
|
||||||
|
admin_user: credentials["ldap"]["admin_user"],
|
||||||
|
admin_password: credentials["ldap"]["admin_password"],
|
||||||
|
suffix: "dc=kosmos,dc=org"
|
||||||
}
|
}
|
||||||
|
|
||||||
smtp_server, smtp_port = smtp_credentials[:relayhost].split(":")
|
smtp_server, smtp_port = smtp_credentials[:relayhost].split(":")
|
||||||
@@ -138,9 +158,9 @@ if lndhub_host
|
|||||||
if postgres_readonly_host
|
if postgres_readonly_host
|
||||||
env[:lndhub_admin_ui] = true
|
env[:lndhub_admin_ui] = true
|
||||||
env[:lndhub_pg_host] = postgres_readonly_host
|
env[:lndhub_pg_host] = postgres_readonly_host
|
||||||
env[:lndhub_pg_database] = node['akkounts']['lndhub']['postgres_db']
|
env[:lndhub_pg_database] = node["akkounts"]["lndhub"]["postgres_db"]
|
||||||
env[:lndhub_pg_username] = credentials['postgresql_username']
|
env[:lndhub_pg_username] = credentials["postgresql"]["username"]
|
||||||
env[:lndhub_pg_password] = credentials['postgresql_password']
|
env[:lndhub_pg_password] = credentials["postgresql"]["password"]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@@ -208,9 +228,8 @@ systemd_unit "akkounts.service" do
|
|||||||
Type: "simple",
|
Type: "simple",
|
||||||
User: deploy_user,
|
User: deploy_user,
|
||||||
WorkingDirectory: deploy_path,
|
WorkingDirectory: deploy_path,
|
||||||
Environment: "RAILS_ENV=#{rails_env}",
|
Environment: "RAILS_ENV=#{rails_env} SOLID_QUEUE_IN_PUMA=true",
|
||||||
ExecStart: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid",
|
ExecStart: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid",
|
||||||
ExecStop: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid stop",
|
|
||||||
ExecReload: "#{bundle_path} exec pumactl -F config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid phased-restart",
|
ExecReload: "#{bundle_path} exec pumactl -F config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid phased-restart",
|
||||||
PIDFile: "#{deploy_path}/tmp/puma.pid",
|
PIDFile: "#{deploy_path}/tmp/puma.pid",
|
||||||
TimeoutSec: "10",
|
TimeoutSec: "10",
|
||||||
@@ -225,36 +244,6 @@ systemd_unit "akkounts.service" do
|
|||||||
action [:create, :enable]
|
action [:create, :enable]
|
||||||
end
|
end
|
||||||
|
|
||||||
systemd_unit "akkounts-sidekiq.service" do
|
|
||||||
content({
|
|
||||||
Unit: {
|
|
||||||
Description: "Kosmos Accounts async/background jobs",
|
|
||||||
Documentation: ["https://gitea.kosmos.org/kosmos/akkounts"],
|
|
||||||
Requires: "redis@6379.service",
|
|
||||||
After: "syslog.target network.target redis@6379.service"
|
|
||||||
},
|
|
||||||
Service: {
|
|
||||||
Type: "notify",
|
|
||||||
User: deploy_user,
|
|
||||||
WorkingDirectory: deploy_path,
|
|
||||||
Environment: "MALLOC_ARENA_MAX=2",
|
|
||||||
ExecStart: "#{bundle_path} exec sidekiq -C #{deploy_path}/config/sidekiq.yml -e #{rails_env}",
|
|
||||||
WatchdogSec: "10",
|
|
||||||
Restart: "on-failure",
|
|
||||||
RestartSec: "1",
|
|
||||||
StandardOutput: "syslog",
|
|
||||||
StandardError: "syslog",
|
|
||||||
SyslogIdentifier: "sidekiq"
|
|
||||||
},
|
|
||||||
Install: {
|
|
||||||
WantedBy: "multi-user.target"
|
|
||||||
}
|
|
||||||
})
|
|
||||||
verify false
|
|
||||||
triggers_reload true
|
|
||||||
action [:create, :enable]
|
|
||||||
end
|
|
||||||
|
|
||||||
deploy_env = {
|
deploy_env = {
|
||||||
"HOME" => deploy_path,
|
"HOME" => deploy_path,
|
||||||
"PATH" => "#{ruby_path}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin",
|
"PATH" => "#{ruby_path}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin",
|
||||||
@@ -267,15 +256,7 @@ git deploy_path do
|
|||||||
revision node[app_name]["revision"]
|
revision node[app_name]["revision"]
|
||||||
user deploy_user
|
user deploy_user
|
||||||
group deploy_group
|
group deploy_group
|
||||||
# Restart services on deployments
|
|
||||||
notifies :run, "execute[restart #{app_name} services]", :delayed
|
|
||||||
end
|
|
||||||
|
|
||||||
execute "restart #{app_name} services" do
|
|
||||||
command "true"
|
|
||||||
action :nothing
|
|
||||||
notifies :restart, "service[#{app_name}]", :delayed
|
notifies :restart, "service[#{app_name}]", :delayed
|
||||||
notifies :restart, "service[#{app_name}-sidekiq]", :delayed
|
|
||||||
end
|
end
|
||||||
|
|
||||||
file "#{deploy_path}/config/master.key" do
|
file "#{deploy_path}/config/master.key" do
|
||||||
@@ -283,7 +264,7 @@ file "#{deploy_path}/config/master.key" do
|
|||||||
mode '0400'
|
mode '0400'
|
||||||
owner deploy_user
|
owner deploy_user
|
||||||
group deploy_group
|
group deploy_group
|
||||||
notifies :run, "execute[restart #{app_name} services]", :delayed
|
notifies :restart, "service[#{app_name}]", :delayed
|
||||||
end
|
end
|
||||||
|
|
||||||
template "#{deploy_path}/.env.#{rails_env}" do
|
template "#{deploy_path}/.env.#{rails_env}" do
|
||||||
@@ -293,7 +274,7 @@ template "#{deploy_path}/.env.#{rails_env}" do
|
|||||||
mode 0600
|
mode 0600
|
||||||
sensitive true
|
sensitive true
|
||||||
variables config: env
|
variables config: env
|
||||||
notifies :run, "execute[restart #{app_name} services]", :delayed
|
notifies :restart, "service[#{app_name}]", :delayed
|
||||||
end
|
end
|
||||||
|
|
||||||
execute "bundle install" do
|
execute "bundle install" do
|
||||||
@@ -303,13 +284,6 @@ execute "bundle install" do
|
|||||||
command "bundle install --without development,test --deployment"
|
command "bundle install --without development,test --deployment"
|
||||||
end
|
end
|
||||||
|
|
||||||
execute "yarn install" do
|
|
||||||
environment deploy_env
|
|
||||||
user deploy_user
|
|
||||||
cwd deploy_path
|
|
||||||
command "yarn install --pure-lockfile"
|
|
||||||
end
|
|
||||||
|
|
||||||
execute 'rake db:migrate' do
|
execute 'rake db:migrate' do
|
||||||
environment deploy_env
|
environment deploy_env
|
||||||
user deploy_user
|
user deploy_user
|
||||||
@@ -330,10 +304,6 @@ service "akkounts" do
|
|||||||
action [:enable, :start]
|
action [:enable, :start]
|
||||||
end
|
end
|
||||||
|
|
||||||
service "akkounts-sidekiq" do
|
|
||||||
action [:enable, :start]
|
|
||||||
end
|
|
||||||
|
|
||||||
firewall_rule "akkounts_zerotier" do
|
firewall_rule "akkounts_zerotier" do
|
||||||
command :allow
|
command :allow
|
||||||
port node["akkounts"]["port"]
|
port node["akkounts"]["port"]
|
||||||
|
|||||||
@@ -0,0 +1,22 @@
|
|||||||
|
#
|
||||||
|
# Cookbook:: kosmos-akkounts
|
||||||
|
# Recipe:: pg_db
|
||||||
|
#
|
||||||
|
|
||||||
|
credentials = data_bag_item("credentials", "akkounts")
|
||||||
|
pg_username = credentials["postgresql"]["username"]
|
||||||
|
pg_password = credentials["postgresql"]["password"]
|
||||||
|
|
||||||
|
postgresql_user pg_username do
|
||||||
|
action :create
|
||||||
|
password pg_password
|
||||||
|
end
|
||||||
|
|
||||||
|
databases = ["akkounts", "akkounts_queue"]
|
||||||
|
|
||||||
|
databases.each do |database|
|
||||||
|
postgresql_database database do
|
||||||
|
owner pg_username
|
||||||
|
action :create
|
||||||
|
end
|
||||||
|
end
|
||||||
@@ -11,7 +11,7 @@ proxy_cache_path <%= node[:openresty][:cache_dir] %>/akkounts levels=1:2
|
|||||||
|
|
||||||
server {
|
server {
|
||||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
|
||||||
server_name <%= @domain %>;
|
server_name <%= @domain %>;
|
||||||
|
|
||||||
if ($host != $server_name) {
|
if ($host != $server_name) {
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ upstream _akkounts_api {
|
|||||||
|
|
||||||
server {
|
server {
|
||||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
|
||||||
server_name <%= @domain %>;
|
server_name <%= @domain %>;
|
||||||
|
|
||||||
ssl_certificate <%= @ssl_cert %>;
|
ssl_certificate <%= @ssl_cert %>;
|
||||||
|
|||||||
@@ -0,0 +1,2 @@
|
|||||||
|
node.default["kosmos-base"]["journald"]["system_max_use"] = "256M"
|
||||||
|
node.default["kosmos-base"]["journald"]["max_retention_sec"] = "7d"
|
||||||
@@ -1,52 +0,0 @@
|
|||||||
#
|
|
||||||
# Cookbook Name:: kosmos-base
|
|
||||||
# Recipe:: andromeda_firewall
|
|
||||||
#
|
|
||||||
# The MIT License (MIT)
|
|
||||||
#
|
|
||||||
# Copyright:: 2019, Kosmos Developers
|
|
||||||
#
|
|
||||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
# of this software and associated documentation files (the "Software"), to deal
|
|
||||||
# in the Software without restriction, including without limitation the rights
|
|
||||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
# copies of the Software, and to permit persons to whom the Software is
|
|
||||||
# furnished to do so, subject to the following conditions:
|
|
||||||
#
|
|
||||||
# The above copyright notice and this permission notice shall be included in
|
|
||||||
# all copies or substantial portions of the Software.
|
|
||||||
#
|
|
||||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
||||||
# THE SOFTWARE.
|
|
||||||
|
|
||||||
# Temporary extra rules for Andromeda
|
|
||||||
|
|
||||||
firewall_rule 'bitcoind' do
|
|
||||||
port [8333, 8334, 8335]
|
|
||||||
protocol :tcp
|
|
||||||
command :allow
|
|
||||||
end
|
|
||||||
|
|
||||||
firewall_rule 'lnd' do
|
|
||||||
port [9736]
|
|
||||||
# port [9736, 8002]
|
|
||||||
protocol :tcp
|
|
||||||
command :allow
|
|
||||||
end
|
|
||||||
|
|
||||||
firewall_rule 'lightningd' do
|
|
||||||
port [9735]
|
|
||||||
protocol :tcp
|
|
||||||
command :allow
|
|
||||||
end
|
|
||||||
|
|
||||||
firewall_rule 'spark_wallet' do
|
|
||||||
port 8008
|
|
||||||
protocol :tcp
|
|
||||||
command :allow
|
|
||||||
end
|
|
||||||
@@ -24,68 +24,82 @@
|
|||||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||||
# THE SOFTWARE.
|
# THE SOFTWARE.
|
||||||
|
|
||||||
include_recipe 'apt'
|
include_recipe "apt"
|
||||||
include_recipe 'timezone_iii'
|
|
||||||
include_recipe 'ntp'
|
|
||||||
include_recipe 'kosmos-base::systemd_emails'
|
|
||||||
|
|
||||||
|
directory "/etc/apt/keyrings" do
|
||||||
|
mode "0755"
|
||||||
|
action :create
|
||||||
|
end
|
||||||
|
|
||||||
|
include_recipe "timezone_iii"
|
||||||
|
include_recipe "ntp" if node["platform"] == "ubuntu" && node["platform_version"].to_f < 24.04
|
||||||
|
include_recipe "kosmos-base::journald_conf"
|
||||||
|
include_recipe "kosmos-base::systemd_emails"
|
||||||
|
|
||||||
|
node.override["apt"]["unattended_upgrades"]["enable"] = true
|
||||||
|
node.override["apt"]["unattended_upgrades"]["mail_only_on_error"] = false
|
||||||
|
node.override["apt"]["unattended_upgrades"]["sender"] = "ops@kosmos.org"
|
||||||
node.override["apt"]["unattended_upgrades"]["allowed_origins"] = [
|
node.override["apt"]["unattended_upgrades"]["allowed_origins"] = [
|
||||||
"${distro_id}:${distro_codename}-security",
|
"${distro_id}:${distro_codename}-security",
|
||||||
"${distro_id}:${distro_codename}-updates"
|
"${distro_id}:${distro_codename}-updates",
|
||||||
|
"${distro_id}ESMApps:${distro_codename}-apps-security",
|
||||||
|
"${distro_id}ESMApps:${distro_codename}-apps-updates",
|
||||||
|
"${distro_id}ESM:${distro_codename}-infra-security",
|
||||||
|
"${distro_id}ESM:${distro_codename}-infra-updates"
|
||||||
]
|
]
|
||||||
node.override["apt"]["unattended_upgrades"]["mail"] = "ops@kosmos.org"
|
node.override["apt"]["unattended_upgrades"]["mail"] = "ops@kosmos.org"
|
||||||
node.override["apt"]["unattended_upgrades"]["syslog_enable"] = true
|
node.override["apt"]["unattended_upgrades"]["syslog_enable"] = true
|
||||||
include_recipe 'apt::unattended-upgrades'
|
include_recipe "apt::unattended-upgrades"
|
||||||
|
|
||||||
package 'mailutils'
|
package "mailutils"
|
||||||
package 'mosh'
|
package "mosh"
|
||||||
package 'vim'
|
package "vim"
|
||||||
|
|
||||||
# Don't create users and rewrite the sudo config in development environment.
|
# Don't create users and rewrite the sudo config in development environment.
|
||||||
# It breaks the vagrant user
|
# It breaks the vagrant user
|
||||||
unless node.chef_environment == "development"
|
unless node.chef_environment == "development"
|
||||||
# Searches data bag "users" for groups attribute "sysadmin".
|
# Searches data bag "users" for groups attribute "sysadmin".
|
||||||
# Places returned users in Unix group "sysadmin" with GID 2300.
|
# Places returned users in Unix group "sysadmin" with GID 2300.
|
||||||
users_manage 'sysadmin' do
|
users_manage "sysadmin" do
|
||||||
group_id 2300
|
group_id 2300
|
||||||
action [:remove, :create]
|
action %i[remove create]
|
||||||
end
|
end
|
||||||
|
|
||||||
sudo "sysadmin" do
|
sudo "sysadmin" do
|
||||||
groups "sysadmin"
|
groups "sysadmin"
|
||||||
nopasswd true
|
nopasswd true
|
||||||
defaults [
|
defaults [
|
||||||
# not default on Ubuntu, explicitely enable. Uses a minimal white list of
|
# not default on Ubuntu, explicitely enable. Uses a minimal white list of
|
||||||
# environment variables
|
# environment variables
|
||||||
'env_reset',
|
"env_reset",
|
||||||
# Send emails on unauthorized attempts
|
# Send emails on unauthorized attempts
|
||||||
'mail_badpass',
|
"mail_badpass",
|
||||||
'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"',
|
'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"'
|
||||||
]
|
]
|
||||||
end
|
end
|
||||||
|
|
||||||
include_recipe "kosmos-base::firewall"
|
include_recipe "kosmos-base::firewall"
|
||||||
|
|
||||||
include_recipe 'kosmos-postfix'
|
include_recipe "kosmos-postfix"
|
||||||
|
|
||||||
node.override['set_fqdn'] = '*'
|
node.override["set_fqdn"] = "*"
|
||||||
include_recipe 'hostname'
|
include_recipe "hostname"
|
||||||
|
|
||||||
package 'ca-certificates'
|
package "ca-certificates"
|
||||||
|
|
||||||
directory '/usr/local/share/ca-certificates/cacert' do
|
directory "/usr/local/share/ca-certificates/cacert" do
|
||||||
action :create
|
action :create
|
||||||
end
|
end
|
||||||
|
|
||||||
['http://www.cacert.org/certs/root.crt', 'http://www.cacert.org/certs/class3.crt'].each do |cert|
|
["http://www.cacert.org/certs/root.crt", "http://www.cacert.org/certs/class3.crt"].each do |cert|
|
||||||
remote_file "/usr/local/share/ca-certificates/cacert/#{File.basename(cert)}" do
|
remote_file "/usr/local/share/ca-certificates/cacert/#{File.basename(cert)}" do
|
||||||
source cert
|
source cert
|
||||||
action :create_if_missing
|
action :create_if_missing
|
||||||
notifies :run, 'execute[update-ca-certificates]', :immediately
|
notifies :run, "execute[update-ca-certificates]", :immediately
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
execute 'update-ca-certificates' do
|
execute "update-ca-certificates" do
|
||||||
action :nothing
|
action :nothing
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -0,0 +1,14 @@
|
|||||||
|
#
|
||||||
|
# Cookbook Name:: kosmos-base
|
||||||
|
# Recipe:: journald_conf
|
||||||
|
#
|
||||||
|
|
||||||
|
service "systemd-journald"
|
||||||
|
|
||||||
|
template "/etc/systemd/journald.conf" do
|
||||||
|
source "journald.conf.erb"
|
||||||
|
variables system_max_use: node["kosmos-base"]["journald"]["system_max_use"],
|
||||||
|
max_retention_sec: node["kosmos-base"]["journald"]["max_retention_sec"]
|
||||||
|
# Restarting journald is required
|
||||||
|
notifies :restart, "service[systemd-journald]", :delayed
|
||||||
|
end
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
[Journal]
|
||||||
|
# Set the maximum size of the journal logs in bytes
|
||||||
|
SystemMaxUse=<%= @system_max_use %>
|
||||||
|
|
||||||
|
# Set the number of days after which logs will be deleted
|
||||||
|
MaxRetentionSec=<%= @max_retention_sec %>
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
node.default['bitcoin']['version'] = '28.0'
|
node.default['bitcoin']['version'] = '30.0'
|
||||||
node.default['bitcoin']['checksum'] = '700ae2d1e204602eb07f2779a6e6669893bc96c0dca290593f80ff8e102ff37f'
|
node.default['bitcoin']['checksum'] = '9b472a4d51dfed9aa9d0ded2cb8c7bcb9267f8439a23a98f36eb509c1a5e6974'
|
||||||
node.default['bitcoin']['username'] = 'satoshi'
|
node.default['bitcoin']['username'] = 'satoshi'
|
||||||
node.default['bitcoin']['usergroup'] = 'bitcoin'
|
node.default['bitcoin']['usergroup'] = 'bitcoin'
|
||||||
node.default['bitcoin']['network'] = 'mainnet'
|
node.default['bitcoin']['network'] = 'mainnet'
|
||||||
@@ -41,7 +41,7 @@ node.default['c-lightning']['log_level'] = 'info'
|
|||||||
node.default['c-lightning']['public_ip'] = '148.251.237.73'
|
node.default['c-lightning']['public_ip'] = '148.251.237.73'
|
||||||
|
|
||||||
node.default['lnd']['repo'] = 'https://github.com/lightningnetwork/lnd'
|
node.default['lnd']['repo'] = 'https://github.com/lightningnetwork/lnd'
|
||||||
node.default['lnd']['revision'] = 'v0.18.5-beta'
|
node.default['lnd']['revision'] = 'v0.19.1-beta'
|
||||||
node.default['lnd']['source_dir'] = '/opt/lnd'
|
node.default['lnd']['source_dir'] = '/opt/lnd'
|
||||||
node.default['lnd']['lnd_dir'] = "/home/#{node['bitcoin']['username']}/.lnd"
|
node.default['lnd']['lnd_dir'] = "/home/#{node['bitcoin']['username']}/.lnd"
|
||||||
node.default['lnd']['alias'] = 'ln2.kosmos.org'
|
node.default['lnd']['alias'] = 'ln2.kosmos.org'
|
||||||
@@ -86,11 +86,8 @@ node.default['lndhub-go']['branding'] = {
|
|||||||
'footer' => 'about=https://kosmos.org'
|
'footer' => 'about=https://kosmos.org'
|
||||||
}
|
}
|
||||||
|
|
||||||
node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb"
|
|
||||||
node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"
|
|
||||||
|
|
||||||
node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer'
|
node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer'
|
||||||
node.default['nbxplorer']['revision'] = 'v2.5.23'
|
node.default['nbxplorer']['revision'] = 'v2.5.26'
|
||||||
node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer'
|
node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer'
|
||||||
node.default['nbxplorer']['config_path'] = "/home/#{node['bitcoin']['username']}/.nbxplorer/Main/settings.config"
|
node.default['nbxplorer']['config_path'] = "/home/#{node['bitcoin']['username']}/.nbxplorer/Main/settings.config"
|
||||||
node.default['nbxplorer']['port'] = '24445'
|
node.default['nbxplorer']['port'] = '24445'
|
||||||
@@ -98,7 +95,7 @@ node.default['nbxplorer']['postgres']['database'] = 'nbxplorer'
|
|||||||
node.default['nbxplorer']['postgres']['user'] = 'nbxplorer'
|
node.default['nbxplorer']['postgres']['user'] = 'nbxplorer'
|
||||||
|
|
||||||
node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver'
|
node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver'
|
||||||
node.default['btcpay']['revision'] = 'v2.0.7'
|
node.default['btcpay']['revision'] = 'v2.3.7'
|
||||||
node.default['btcpay']['source_dir'] = '/opt/btcpay'
|
node.default['btcpay']['source_dir'] = '/opt/btcpay'
|
||||||
node.default['btcpay']['config_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/Main/settings.config"
|
node.default['btcpay']['config_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/Main/settings.config"
|
||||||
node.default['btcpay']['log_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/debug.log"
|
node.default['btcpay']['log_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/debug.log"
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ end
|
|||||||
execute "compile_bitcoin-core_dependencies" do
|
execute "compile_bitcoin-core_dependencies" do
|
||||||
cwd "/usr/local/bitcoind/depends"
|
cwd "/usr/local/bitcoind/depends"
|
||||||
environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'})
|
environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'})
|
||||||
command "make -j 2"
|
command "make -j $(($(nproc)/2))"
|
||||||
action :nothing
|
action :nothing
|
||||||
notifies :run, 'bash[compile_bitcoin-core]', :immediately
|
notifies :run, 'bash[compile_bitcoin-core]', :immediately
|
||||||
end
|
end
|
||||||
@@ -43,21 +43,13 @@ bash "compile_bitcoin-core" do
|
|||||||
cwd "/usr/local/bitcoind"
|
cwd "/usr/local/bitcoind"
|
||||||
environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'})
|
environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'})
|
||||||
code <<-EOH
|
code <<-EOH
|
||||||
./autogen.sh
|
cmake -B build --toolchain depends/x86_64-pc-linux-gnu/toolchain.cmake -DBUILD_TESTS=OFF
|
||||||
./configure --prefix=$PWD/depends/x86_64-pc-linux-gnu
|
cmake --build build -j $(($(nproc)/2))
|
||||||
make
|
cmake --install build
|
||||||
EOH
|
EOH
|
||||||
action :nothing
|
action :nothing
|
||||||
end
|
end
|
||||||
|
|
||||||
link "/usr/local/bin/bitcoind" do
|
|
||||||
to "/usr/local/bitcoind/src/bitcoind"
|
|
||||||
end
|
|
||||||
|
|
||||||
link "/usr/local/bin/bitcoin-cli" do
|
|
||||||
to "/usr/local/bitcoind/src/bitcoin-cli"
|
|
||||||
end
|
|
||||||
|
|
||||||
bitcoin_user = node['bitcoin']['username']
|
bitcoin_user = node['bitcoin']['username']
|
||||||
bitcoin_group = node['bitcoin']['usergroup']
|
bitcoin_group = node['bitcoin']['usergroup']
|
||||||
bitcoin_datadir = node['bitcoin']['datadir']
|
bitcoin_datadir = node['bitcoin']['datadir']
|
||||||
|
|||||||
@@ -21,6 +21,7 @@ bash 'build_btcpay' do
|
|||||||
systemctl stop btcpayserver.service
|
systemctl stop btcpayserver.service
|
||||||
./build.sh
|
./build.sh
|
||||||
EOH
|
EOH
|
||||||
|
environment "DOTNET_CLI_TELEMETRY_OPTOUT" => 1
|
||||||
action :nothing
|
action :nothing
|
||||||
notifies :restart, "service[btcpayserver]", :delayed
|
notifies :restart, "service[btcpayserver]", :delayed
|
||||||
end
|
end
|
||||||
@@ -87,7 +88,7 @@ systemd_unit 'btcpayserver.service' do
|
|||||||
Group: node['bitcoin']['usergroup'],
|
Group: node['bitcoin']['usergroup'],
|
||||||
Type: 'simple',
|
Type: 'simple',
|
||||||
WorkingDirectory: node['btcpay']['source_dir'],
|
WorkingDirectory: node['btcpay']['source_dir'],
|
||||||
Environment: defined?(nbxpg_connect) ? "'BTCPAY_EXPLORERPOSTGRES=#{nbxpg_connect}'" : '',
|
Environment: "'BTCPAY_EXPLORERPOSTGRES=#{nbxpg_connect}' 'DOTNET_CLI_TELEMETRY_OPTOUT=1'",
|
||||||
ExecStart: "#{node['btcpay']['source_dir']}/run.sh --conf=#{node['btcpay']['config_path']}",
|
ExecStart: "#{node['btcpay']['source_dir']}/run.sh --conf=#{node['btcpay']['config_path']}",
|
||||||
PIDFile: '/run/btcpayserver/btcpayserver.pid',
|
PIDFile: '/run/btcpayserver/btcpayserver.pid',
|
||||||
Restart: 'on-failure',
|
Restart: 'on-failure',
|
||||||
@@ -103,6 +104,8 @@ systemd_unit 'btcpayserver.service' do
|
|||||||
verify false
|
verify false
|
||||||
triggers_reload true
|
triggers_reload true
|
||||||
action [:create]
|
action [:create]
|
||||||
|
# reload is not applicable
|
||||||
|
notifies :restart, "service[btcpayserver]", :delayed
|
||||||
end
|
end
|
||||||
|
|
||||||
service "btcpayserver" do
|
service "btcpayserver" do
|
||||||
|
|||||||
@@ -5,29 +5,16 @@
|
|||||||
|
|
||||||
build_essential
|
build_essential
|
||||||
|
|
||||||
apt_repository 'universe' do
|
remote_file "/opt/dotnet-install.sh" do
|
||||||
uri 'http://archive.ubuntu.com/ubuntu/'
|
source "https://dot.net/v1/dotnet-install.sh"
|
||||||
distribution 'focal'
|
mode "0755"
|
||||||
components ['universe']
|
|
||||||
end
|
end
|
||||||
|
|
||||||
apt_package 'apt-transport-https'
|
execute "install_dotnet_10" do
|
||||||
|
command "/opt/dotnet-install.sh -c 10.0 --install-dir /usr/share/dotnet"
|
||||||
remote_file '/opt/packages-microsoft-prod.deb' do
|
not_if '/usr/share/dotnet/dotnet --version | grep -q "^10\."'
|
||||||
source node['dotnet']['ms_packages_src_url']
|
|
||||||
checksum node['dotnet']['ms_packages_src_checksum']
|
|
||||||
action :create_if_missing
|
|
||||||
end
|
end
|
||||||
|
|
||||||
dpkg_package 'packages-microsoft-prod' do
|
link "/usr/bin/dotnet" do
|
||||||
source '/opt/packages-microsoft-prod.deb'
|
to "/usr/share/dotnet/dotnet"
|
||||||
action :install
|
|
||||||
notifies :run, 'execute[apt_update]'
|
|
||||||
end
|
end
|
||||||
|
|
||||||
execute 'apt_update' do
|
|
||||||
command 'apt update'
|
|
||||||
action :nothing
|
|
||||||
end
|
|
||||||
|
|
||||||
apt_package 'dotnet-sdk-8.0'
|
|
||||||
|
|||||||
@@ -1,49 +1,86 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
set -o pipefail
|
||||||
|
|
||||||
# Calculate yesterday's date in YYYY-MM-DD format
|
# Calculate yesterday's date in YYYY-MM-DD format
|
||||||
YESTERDAY=$(date -d "yesterday" +%Y-%m-%d)
|
YESTERDAY=$(date -d "yesterday" +%Y-%m-%d)
|
||||||
echo "Starting price tracking for $YESTERDAY" >&2
|
echo "Starting price tracking for $YESTERDAY" >&2
|
||||||
|
|
||||||
|
# Helper function to perform HTTP requests with retries
|
||||||
|
# Usage: make_request <retries> <method> <url> [data] [header1] [header2] ...
|
||||||
|
make_request() {
|
||||||
|
local retries=$1
|
||||||
|
local method=$2
|
||||||
|
local url=$3
|
||||||
|
local data=$4
|
||||||
|
shift 4
|
||||||
|
local headers=("$@")
|
||||||
|
|
||||||
|
local count=0
|
||||||
|
local wait_time=3
|
||||||
|
local response
|
||||||
|
|
||||||
|
while [ "$count" -lt "$retries" ]; do
|
||||||
|
local curl_opts=(-s -S -f -X "$method")
|
||||||
|
|
||||||
|
if [ -n "$data" ]; then
|
||||||
|
curl_opts+=(-d "$data")
|
||||||
|
fi
|
||||||
|
|
||||||
|
for h in "${headers[@]}"; do
|
||||||
|
curl_opts+=(-H "$h")
|
||||||
|
done
|
||||||
|
|
||||||
|
if response=$(curl "${curl_opts[@]}" "$url"); then
|
||||||
|
echo "$response"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Request to $url failed (Attempt $((count+1))/$retries). Retrying in ${wait_time}s..." >&2
|
||||||
|
sleep "$wait_time"
|
||||||
|
count=$((count + 1))
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "ERROR: Request to $url failed after $retries attempts" >&2
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
# Fetch and process rates for a fiat currency
|
# Fetch and process rates for a fiat currency
|
||||||
get_price_data() {
|
get_price_data() {
|
||||||
local currency=$1
|
local currency=$1
|
||||||
local data avg open24 last
|
local data avg open24 last
|
||||||
|
|
||||||
data=$(curl -s "https://www.bitstamp.net/api/v2/ticker/btc${currency,,}/")
|
if data=$(make_request 3 "GET" "https://www.bitstamp.net/api/v2/ticker/btc${currency,,}/" ""); then
|
||||||
if [ $? -eq 0 ] && [ ! -z "$data" ]; then
|
|
||||||
echo "Successfully retrieved ${currency} price data" >&2
|
echo "Successfully retrieved ${currency} price data" >&2
|
||||||
open24=$(echo "$data" | jq -r '.open_24')
|
open24=$(echo "$data" | jq -r '.open_24')
|
||||||
last=$(echo "$data" | jq -r '.last')
|
last=$(echo "$data" | jq -r '.last')
|
||||||
avg=$(( (${open24%.*} + ${last%.*}) / 2 ))
|
avg=$(echo "$open24 $last" | awk '{printf "%.0f", ($1 + $2) / 2}')
|
||||||
echo $avg
|
echo $avg
|
||||||
else
|
else
|
||||||
echo "ERROR: Failed to retrieve ${currency} price data" >&2
|
echo "ERROR: Failed to retrieve ${currency} price data" >&2
|
||||||
exit 1
|
return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Get price data for each currency
|
# Get price data for each currency
|
||||||
usd_avg=$(get_price_data "USD")
|
usd_avg=$(get_price_data "USD") || exit 1
|
||||||
eur_avg=$(get_price_data "EUR")
|
eur_avg=$(get_price_data "EUR") || exit 1
|
||||||
gbp_avg=$(get_price_data "GBP")
|
gbp_avg=$(get_price_data "GBP") || exit 1
|
||||||
|
|
||||||
# Create JSON
|
# Create JSON
|
||||||
json="{\"EUR\":$eur_avg,\"USD\":$usd_avg,\"GBP\":$gbp_avg}"
|
json=$(jq -n \
|
||||||
|
--argjson eur "$eur_avg" \
|
||||||
|
--argjson usd "$usd_avg" \
|
||||||
|
--argjson gbp "$gbp_avg" \
|
||||||
|
'{"EUR": $eur, "USD": $usd, "GBP": $gbp}')
|
||||||
echo "Rates: $json" >&2
|
echo "Rates: $json" >&2
|
||||||
|
|
||||||
# PUT in remote storage
|
# PUT in remote storage
|
||||||
response=$(curl -X PUT \
|
if make_request 3 "PUT" "<%= @rs_base_url %>/$YESTERDAY" "$json" \
|
||||||
-H "Authorization: Bearer $RS_AUTH" \
|
"Authorization: Bearer $RS_AUTH" \
|
||||||
-H "Content-Type: application/json" \
|
"Content-Type: application/json" > /dev/null; then
|
||||||
-d "$json" \
|
|
||||||
-w "%{http_code}" \
|
|
||||||
-s \
|
|
||||||
-o /dev/null \
|
|
||||||
"<%= @rs_base_url %>/$YESTERDAY")
|
|
||||||
|
|
||||||
if [ "$response" -eq 200 ] || [ "$response" -eq 201 ]; then
|
|
||||||
echo "Successfully uploaded price data" >&2
|
echo "Successfully uploaded price data" >&2
|
||||||
else
|
else
|
||||||
echo "ERROR: Failed to upload price data. HTTP status: $response" >&2
|
echo "ERROR: Failed to upload price data" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -49,7 +49,7 @@ server {
|
|||||||
client_max_body_size 100M;
|
client_max_body_size 100M;
|
||||||
server_name <%= @server_name %>;
|
server_name <%= @server_name %>;
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
|
||||||
|
|
||||||
access_log <%= node[:nginx][:log_dir] %>/btcpayserver.access.log json;
|
access_log <%= node[:nginx][:log_dir] %>/btcpayserver.access.log json;
|
||||||
error_log <%= node[:nginx][:log_dir] %>/btcpayserver.error.log warn;
|
error_log <%= node[:nginx][:log_dir] %>/btcpayserver.error.log warn;
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ upstream _lndhub {
|
|||||||
|
|
||||||
server {
|
server {
|
||||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
|
||||||
server_name <%= @server_name %>;
|
server_name <%= @server_name %>;
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=15768000";
|
add_header Strict-Transport-Security "max-age=15768000";
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user