kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Compare commits

base: kosmos:5da11394d4dda5b24e2f33ecfa170a13e61a9b60
Branches Tags
kosmos:master kosmos:feature/237-gitea_ssh_signing kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish
..
compare: kosmos:feature/akaunting
Branches Tags
kosmos:feature/237-gitea_ssh_signing kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish

1 Commits
5da11394d4 ... feature/ak

Author SHA1 Message Date
Râu Cao
f20ebb9d86 WIP Set up akaunting 2024-12-16 12:05:51 +04:00
30 changed files with 620 additions and 167 deletions
Expand all files Collapse all files

4
clients/akaunting-1.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "akaunting-1",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmNpNWJh5DeXDsINDqAt\n5OtcGhnzLtqdILTD8A8KuPxWhoKI0k9xwvuT4yO2DLQqFMPyGefRuQkVsIq2OuU5\npK8B5c79E9MBHxti6mQZw4b/Jhmul+x2LGtOWYjPTDhFYXRsNNDtFDxwpwJGPede\nYts026yExHPhiF35Mt1JxA3TXJfPC8Vx0YGHu/6Ev+1fLmcKhFmhed5yKkA0gwod\nczdyQiCfw3ze9LuS90QmALpFOHHpekZeywemdwyPia207CoTrXsPLWj9KmuUEIQJ\nwL+OlEU2tVA6KaBKpl54n5/tMsccZmlicbNsVpgkk6LctrkNh6Kk+fW9ry3L/Gxg\nAwIDAQAB\n-----END PUBLIC KEY-----\n"
}

31
data_bags/credentials/akaunting.json Normal file
View File

@@ -0,0 +1,31 @@
{
"id": "akaunting",
"app_key": {
"encrypted_data": "C7VVGHHrE/ESwtGeODf8zVraayO5uBSXaGR7f4yoj0MDq9WxPujItC3dIkMQ\ngjGzk8fH\n",
"iv": "4+d+RMLeuqaneFBa\n",
"auth_tag": "sBQDUVl6QbL/h9pd0kBQ0g==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"pg_database": {
"encrypted_data": "4mqHsMfDAqPvDmGsWgS9iE63qVeus7diSW8WiA==\n",
"iv": "6Cb1lVUcXBz+GA4u\n",
"auth_tag": "8O3N0m8jGhxs/YacdhgNHA==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"pg_username": {
"encrypted_data": "Nu0wiBhvqUwqC7PL2Qo8otq0b3faJqRsabqp2g==\n",
"iv": "1uA8mJc7itT0qHcx\n",
"auth_tag": "PRWw6LTlFrWs63SDRsovtQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"pg_password": {
"encrypted_data": "oXDKiXQ4aH5M2pVu1sx7dj0awKCORke03fq0uemjIfCMYbM=\n",
"iv": "snPyC8mocevc5kGH\n",
"auth_tag": "9wx4GPSydkYr2WGpZK5HZg==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}

60
data_bags/credentials/akkounts.json
View File

@@ -1,72 +1,72 @@
{ {
"id": "akkounts", "id": "akkounts",
"postgresql_username": { "postgresql_username": {
"encrypted_data": "v2QoNkkxXGflxEdspIpfJdBjQVraMyF9yHq7\n", "encrypted_data": "ofLOjxGBj7no+lWrIvtxQQFoeozCh6mpfMTt\n",
"iv": "du8wubB9xQjOVeOS\n", "iv": "/CF+o4GqZx2O5WOm\n",
"auth_tag": "gDZLYz5/XBCQDlDaFoP6mQ==\n", "auth_tag": "bjHXfgNQfXpQ2gucPLrUWA==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"postgresql_password": { "postgresql_password": {
"encrypted_data": "Naz4R5oOCUS/S/CZmW5eoil8BpJ3K1WLUIc3mAihhA==\n", "encrypted_data": "f8Jfs4aqIjc6/6/NQlI2Fv8TzSgVmi5g0iYNhh9bAA==\n",
"iv": "0S9Sb1MUoBVWbW9t\n", "iv": "vAzrZeUodmu4x5eB\n",
"auth_tag": "L2yGzVMKiKAzfpA+HADRqA==\n", "auth_tag": "vx8eH2SY7I4IkZElXSC1Nw==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"sentry_dsn": { "sentry_dsn": {
"encrypted_data": "OXiAeg6lIqEnbplAnKlkwb3o3DTfMJbLC0wnxmguQ8GZiP0RcpPOwUAa9Q3U\naA44f36BCKgHtCxdlVB59TTFA9W24ecU5KWb/jIc7mueSoc=\n", "encrypted_data": "oxW5jGU8DlIp5A9enxBhcJXuKyaZ5HziXq8Zw+Rbvpbv4C/RTGkJkgZdKcH1\nVzW/wNAT8nTK+nEvWgcQ3svjE40ltj2jcOexIRqLbuCClJE=\n",
"iv": "86cAncfc1K4d43ql\n", "iv": "wpW9+VdX5GjocHSl\n",
"auth_tag": "0i04Y/eFIN+b+5F605d7Dg==\n", "auth_tag": "1qrf1kZMrIR7WRiSaRjppQ==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"rails_master_key": { "rails_master_key": {
"encrypted_data": "Ypv4g33evnuutOWmGl49kq3Ca3SmfWIswyxGIZA0J/o1ZMGpMOfySim/e7r8\nzdAM/PFo\n", "encrypted_data": "KHVYYH7Nb9/SsoKkYfbjzhFwj3Ioj72hm5pfdCuinf+GQvjKumq99eQTlKdf\nBZM1n0XN\n",
"iv": "w2bflz2KIbu/vRT1\n", "iv": "x9AQZvw/vCinKQ8k\n",
"auth_tag": "tpemUQJly8Ft9lN6rP+W4w==\n", "auth_tag": "mi0KHHOTBvVNhtvqk38BtQ==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"discourse_connect_secret": { "discourse_connect_secret": {
"encrypted_data": "DUK6G5SyRiehJh3iHtCKQj8Ki5+suk9Ds5/ZMp6OP1EshdbpziQ4XNey2x+R\nHCTSVg==\n", "encrypted_data": "WyLrV0DOsxyafSqyeQVj0BhVwm/0gvWeJLBsAbiqCGphryoYqUByPcum1T6R\n2H44nQ==\n",
"iv": "kfhA3apCUAHcNlwH\n", "iv": "lUtlJDv6Ieq8Bs5x\n",
"auth_tag": "BqRV+CiF9rFrqEToJeisoQ==\n", "auth_tag": "ku22BlQKw/BhHxuANTF6yg==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"lndhub_admin_token": { "lndhub_admin_token": {
"encrypted_data": "C3aKQIEwcQNCrr+uyLiOY2KAHZh5dUvTZ9IdANPqkGlr\n", "encrypted_data": "DQuxQW8ks3sUzyHYEpQVyPg2f/U4/LWeRoCD9225Hd+c\n",
"iv": "qrhJJzmmced9lNF1\n", "iv": "mjxYi+YAcKGuurD2\n",
"auth_tag": "CH1fOwMWsidmWBwX2+4nJg==\n", "auth_tag": "8P3bFFNeQ5HQgpXDB5Sk5A==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"btcpay_auth_token": { "btcpay_auth_token": {
"encrypted_data": "0vRq3ZeYPtNcdlCUQI0ip6YOaQZKBeK/dODL7IxdrAK9pHz+u53aL8LW92nJ\nmHW2DYcv+eX3ltnwu88=\n", "encrypted_data": "3wsY9osaUdX4SvBPfHprNLSbx6/rfI5BfXnDxsc6OET3nGn19qBhH6wgeiwZ\n/dweqdQ25HpbFPygddc=\n",
"iv": "5HenMAvE1Uu5l7jJ\n", "iv": "ccouibxktHLlUCQJ\n",
"auth_tag": "rJzkZPRYar1qw4dauSNV2w==\n", "auth_tag": "pWuRC8O2EAkmztL/9V3now==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"s3_access_key": { "s3_access_key": {
"encrypted_data": "QB7XpwhzCvLczUojhcjXy+KX26rEDQHSSw983KP8W7Nud1SNbheU1PrDEQv/\n", "encrypted_data": "hJGHa+hEmddtsZ4UncrYBkjRa/2Csqdh79tXpTVxUWbIsYGdlvyadk7C1UCj\n",
"iv": "DTtUXHNQ2g04E+oE\n", "iv": "GlxNdnWiNzmNYthg\n",
"auth_tag": "0XSkHE+MG4AnVT4XJR9tzw==\n", "auth_tag": "hlRLkroUN01L7VzQFBU/IA==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"s3_secret_key": { "s3_secret_key": {
"encrypted_data": "IEUzFfOBuOwjzD1DbRyk07+jFlZhQVY+a7riDJ3QU1cNYZ3OTJUgJkowA/u5\nrZ6jqehGIzvPlDuzIezxQwN+Dy0ZJueB/ZEdRqhfkXUxgzkqb2s=\n", "encrypted_data": "LKdQJOKIfFIoiF3GvfTs1mg3AI//Aoi8r42zcw8QhEVPB8ONsSf0/vhM037C\nf5nzUk7xwglvTOveqbOM+UTBJF/4oblQfgwFW3VobWUGkJqjtKE=\n",
"iv": "gs9Igisu2EH+dAC/\n", "iv": "tWTxzK/ccpjlLmQV\n",
"auth_tag": "gDFuQCwlCL5mvys83CGv+w==\n", "auth_tag": "n2MFkTIquyqz4wqRNdSJcg==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"nostr_private_key": { "nostr_private_key": {
"encrypted_data": "sFnQlwyZF0tfMzbaG/bdwqQLPVdHPpbyDT66FY1+ubssmWUpxsuNtbI71KyY\nI1784c7SSl4qKRgHZRrR658bYMKU4whe836qBgSf7Icczp1VSQY=\n", "encrypted_data": "CPMeNxzpYMReaQU4+v+EqpVESRsnaYc3a4y7OkHOhtn2gjaNEDERGKvRmlyd\nD6vxKPcIrwTCZ7neJ3YLOVOxPDNv6skqdtMHBwSgl7aBEOrx7tY=\n",
"iv": "x8RJT4dcNdtm59Zz\n", "iv": "AV1on2sw1avmFFuY\n",
"auth_tag": "6yxBq1W4jCNDYwP6+cTE6g==\n", "auth_tag": "9rb9qQBKrj5Xja1t+qROKQ==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
} }

10
data_bags/credentials/kosmos-rs.json
View File

@@ -1,10 +0,0 @@
{
"id": "kosmos-rs",
"auth_tokens": {
"encrypted_data": "fiznpRw7VKlm232+U6XV1rqkAf2Z8CpoD8KyvuvOH2JniaymlcTHgazGWQ8s\nGeqK4RU9l4d29e9i+Mh0k4vnhO4q\n",
"iv": "SvurcL2oNSNWjlxp\n",
"auth_tag": "JLQ7vGXAuYYJpLEpL6C+Rw==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}

24
data_bags/credentials/lndhub-go.json
View File

@@ -1,30 +1,30 @@
{ {
"id": "lndhub-go", "id": "lndhub-go",
"jwt_secret": { "jwt_secret": {
"encrypted_data": "lJsKBTCRzI83xmRHXzpnuRH/4cuMOR+Rd+SBU50G9HdibadIEDhS\n", "encrypted_data": "3T4JYnoISKXCnatCBeLCXyE8wVjzphw5/JU5A0vHfQ2xSDZreIRQ\n",
"iv": "f/SvsWtZIYOVc54X\n", "iv": "bGQZjCk6FtD/hqVj\n",
"auth_tag": "YlJ78EuJbcPfjCPc2eH+ug==\n", "auth_tag": "CS87+UK1ZIFMiNcNaoyO6w==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"postgresql_password": { "postgresql_password": {
"encrypted_data": "aT0yNlWjvk/0S4z2kZB4Ye1u/ngk5J6fGPbwZSfdq6cy\n", "encrypted_data": "u8kf/6WdSTzyIz2kF+24JgOPLndWH2WmTFZ3CToJsnay\n",
"iv": "OgUttF4LlSrL/7gH\n", "iv": "KqLtV2UuaAzJx7C8\n",
"auth_tag": "pcbbGqbQ2RjU+i9dt8c3OQ==\n", "auth_tag": "3aqx45+epb2NFkNfOfG89A==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"admin_token": { "admin_token": {
"encrypted_data": "I9EsqCCxMIw+fX6sfu6KX8B5fJj9DX5Y4tbX30jdnmxr\n", "encrypted_data": "Z737fXqRE9JHfunRhc2GG281dFFN1bvBvTzTDzl/Vb8O\n",
"iv": "vnERvIWYInO6+Y8q\n", "iv": "oKLQJbD67tiz2235\n",
"auth_tag": "gO+MprZUQgPEWJQUmSF1sA==\n", "auth_tag": "SlVIqC9d9SRoO78M7cBjTw==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"sentry_dsn": { "sentry_dsn": {
"encrypted_data": "+sUXWgl6dXpA1/0FqjKC3Jnl54aor6gtM+19EM/NsHwg4qu672YnSgxV+c9x\nHM3JZBYxBYvJ+HYGAvMmhlGvaOOEIvLmFUpCCJeVUXR32S8=\n", "encrypted_data": "gmDHGDWkTIvaXjcWMs1dnKnbqtsADPJ2mLmWw8Idj6RVevU5CabjvviAxEo1\n3hs2LWuObumRSCQt2QKap191uMq3CL2+da53hbsv+JUkxl4=\n",
"iv": "82+DzAnHiptaX7sO\n", "iv": "Yt0fSsxL4SNicwUY\n",
"auth_tag": "CDx44iRBVhSIF8DOxb2c+w==\n", "auth_tag": "j7BWbcNnymHHMNTADWmCNw==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
} }

66
nodes/akaunting-1.json Normal file
View File

@@ -0,0 +1,66 @@
{
"name": "akaunting-1",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.215"
}
},
"automatic": {
"fqdn": "akaunting-1",
"os": "linux",
"os_version": "5.15.0-1069-kvm",
"hostname": "akaunting-1",
"ipaddress": "192.168.122.162",
"roles": [
"base",
"kvm_guest",
"akaunting",
"postgresql_client"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_postgresql::hostsfile",
"kosmos_akaunting",
"kosmos_akaunting::default",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default",
"kosmos-nodejs::default",
"nodejs::nodejs_from_package",
"nodejs::repo"
],
"platform": "ubuntu",
"platform_version": "22.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
}
}
},
"run_list": [
"role[base]",
"role[kvm_guest]",
"role[akaunting]"
]
}

4
nodes/bitcoin-2.json
View File

@@ -38,7 +38,6 @@
"kosmos-bitcoin::dotnet", "kosmos-bitcoin::dotnet",
"kosmos-bitcoin::nbxplorer", "kosmos-bitcoin::nbxplorer",
"kosmos-bitcoin::btcpay", "kosmos-bitcoin::btcpay",
"kosmos-bitcoin::price_tracking",
"apt::default", "apt::default",
"timezone_iii::default", "timezone_iii::default",
"timezone_iii::debian", "timezone_iii::debian",
@@ -103,7 +102,6 @@
"role[bitcoind]", "role[bitcoind]",
"role[lnd]", "role[lnd]",
"role[lndhub]", "role[lndhub]",
"role[btcpay]", "role[btcpay]"
"recipe[kosmos-bitcoin::price_tracking]"
] ]
} }

2
nodes/gitea-2.json
View File

@@ -9,7 +9,7 @@
"automatic": { "automatic": {
"fqdn": "gitea-2", "fqdn": "gitea-2",
"os": "linux", "os": "linux",
"os_version": "5.4.0-1123-kvm", "os_version": "5.4.0-1096-kvm",
"hostname": "gitea-2", "hostname": "gitea-2",
"ipaddress": "192.168.122.189", "ipaddress": "192.168.122.189",
"roles": [ "roles": [

2
nodes/her.json
View File

@@ -9,7 +9,7 @@
"automatic": { "automatic": {
"fqdn": "her", "fqdn": "her",
"os": "linux", "os": "linux",
"os_version": "5.15.0-84-generic", "os_version": "5.15.0-101-generic",
"hostname": "her", "hostname": "her",
"ipaddress": "192.168.30.172", "ipaddress": "192.168.30.172",
"roles": [ "roles": [

1
nodes/postgres-6.json
View File

@@ -22,6 +22,7 @@
"kosmos_kvm::guest", "kosmos_kvm::guest",
"kosmos_postgresql::primary", "kosmos_postgresql::primary",
"kosmos_postgresql::firewall", "kosmos_postgresql::firewall",
"kosmos_akaunting::pg_db",
"kosmos-bitcoin::lndhub-go_pg_db", "kosmos-bitcoin::lndhub-go_pg_db",
"kosmos-bitcoin::nbxplorer_pg_db", "kosmos-bitcoin::nbxplorer_pg_db",
"kosmos_drone::pg_db", "kosmos_drone::pg_db",

6
roles/akaunting.rb Normal file
View File

@@ -0,0 +1,6 @@
name "akaunting"
run_list %w[
role[postgresql_client]
kosmos_akaunting::default
]

1
roles/postgresql_primary.rb
View File

@@ -3,6 +3,7 @@ name "postgresql_primary"
run_list %w( run_list %w(
kosmos_postgresql::primary kosmos_postgresql::primary
kosmos_postgresql::firewall kosmos_postgresql::firewall
kosmos_akaunting::pg_db
kosmos-bitcoin::lndhub-go_pg_db kosmos-bitcoin::lndhub-go_pg_db
kosmos-bitcoin::nbxplorer_pg_db kosmos-bitcoin::nbxplorer_pg_db
kosmos_drone::pg_db kosmos_drone::pg_db

2
site-cookbooks/kosmos-bitcoin/attributes/default.rb
View File

@@ -111,5 +111,3 @@ node.default['btcpay']['postgres']['user'] = 'satoshi'
node.default['peerswap']['repo'] = 'https://github.com/ElementsProject/peerswap.git' node.default['peerswap']['repo'] = 'https://github.com/ElementsProject/peerswap.git'
node.default['peerswap']['revision'] = 'master' node.default['peerswap']['revision'] = 'master'
node.default['peerswap-lnd']['source_dir'] = '/opt/peerswap' node.default['peerswap-lnd']['source_dir'] = '/opt/peerswap'
node.default['price_tracking']['rs_base_url'] = "https://storage.kosmos.org/kosmos/public/btc-price"

59
site-cookbooks/kosmos-bitcoin/recipes/price_tracking.rb
View File

@@ -1,59 +0,0 @@
#
# Cookbook:: kosmos-bitcoin
# Recipe:: price_tracking
#
# Track BTC rates and publish them via remoteStorage
#
%w[curl jq].each do |pkg|
apt_package pkg
end
daily_tracker_path = "/usr/local/bin/btc-price-tracker-daily"
credentials = Chef::EncryptedDataBagItem.load('credentials', 'kosmos-rs')
template daily_tracker_path do
source "btc-price-tracker-daily.sh.erb"
mode '0740'
variables rs_base_url: node['price_tracking']['rs_base_url']
notifies :restart, "systemd_unit[lnd-channel-backup.service]", :delayed
end
systemd_unit 'btc-price-tracker-daily.service' do
content({
Unit: {
Description: 'BTC price tracker (daily rates)',
After: 'network-online.target',
Wants: 'network-online.target'
},
Service: {
Type: 'oneshot',
ExecStart: daily_tracker_path,
Environment: "RS_AUTH=#{credentials["auth_tokens"]["/btc-price"]}"
},
Install: {
WantedBy: 'multi-user.target'
}
})
sensitive true
triggers_reload true
action [:create]
end
systemd_unit 'btc-price-tracker-daily.timer' do
content({
Unit: {
Description: 'Run BTC price tracker daily'
},
Timer: {
OnCalendar: '*-*-* 00:00:00',
Persistent: 'true'
},
Install: {
WantedBy: 'timers.target'
}
})
triggers_reload true
action [:create, :enable, :start]
end

47
site-cookbooks/kosmos-bitcoin/templates/btc-price-tracker-daily.sh.erb
View File

@@ -1,47 +0,0 @@
#!/bin/bash
# Calculate yesterday's date in YYYY-MM-DD format
YESTERDAY=$(date -d "yesterday" +%Y-%m-%d)
echo "Starting price tracking for $YESTERDAY" >&2
# Fetch and process rates for a fiat currency
get_price_data() {
local currency=$1
local data avg open24 last
data=$(curl -s "https://www.bitstamp.net/api/v2/ticker/btc${currency,,}/")
if [ $? -eq 0 ] && [ ! -z "$data" ]; then
echo "Successfully retrieved ${currency} price data" >&2
open24=$(echo "$data" | jq -r '.open_24')
last=$(echo "$data" | jq -r '.last')
avg=$(( (${open24%.*} + ${last%.*}) / 2 ))
else
echo "ERROR: Failed to retrieve ${currency} price data" >&2
exit 1
fi
}
# Get price data for each currency
usd_avg=$(get_price_data "USD")
eur_avg=$(get_price_data "EUR")
gbp_avg=$(get_price_data "GBP")
# Create JSON
json="{\"EUR\":$eur_avg,\"USD\":$usd_avg,\"GBP\":$gbp_avg}"
# PUT in remote storage
response=$(curl -X PUT \
-H "Authorization: Bearer $RS_AUTH" \
-H "Content-Type: application/json" \
-d "$json" \
-w "%{http_code}" \
-s \
-o /dev/null \
"<%= @rs_base_url %>/$YESTERDAY")
if [ "$response" -eq 200 ] || [ "$response" -eq 201 ]; then
echo "Successfully uploaded price data" >&2
else
echo "ERROR: Failed to upload price data. HTTP status: $response" >&2
exit 1
fi

1
site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
View File

@@ -231,6 +231,7 @@ modules:
mod_shared_roster: {} mod_shared_roster: {}
mod_stun_disco: mod_stun_disco:
offer_local_services: false offer_local_services: false
credentials_lifetime: 300
secret: <%= @stun_secret %> secret: <%= @stun_secret %>
services: services:
- -

25
site-cookbooks/kosmos_akaunting/.gitignore vendored Normal file
View File

@@ -0,0 +1,25 @@
.vagrant
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Bundler
Gemfile.lock
gems.locked
bin/*
.bundle/*
# test kitchen
.kitchen/
kitchen.local.yml
# Chef Infra
Berksfile.lock
.zero-knife.rb
Policyfile.lock.json
.idea/

16
site-cookbooks/kosmos_akaunting/Policyfile.rb Normal file
View File

@@ -0,0 +1,16 @@
# Policyfile.rb - Describe how you want Chef Infra Client to build your system.
#
# For more information on the Policyfile feature, visit
# https://docs.chef.io/policyfile/
# A name that describes what the system you're building with Chef does.
name 'kosmos_akaunting'
# Where to find external cookbooks:
default_source :supermarket
# run_list: chef-client will run these recipes in the order specified.
run_list 'kosmos_akaunting::default'
# Specify a custom source for a single cookbook:
cookbook 'kosmos_akaunting', path: '.'

4
site-cookbooks/kosmos_akaunting/README.md Normal file
View File

@@ -0,0 +1,4 @@
# kosmos_akaunting
TODO: Enter the cookbook description here.

5
site-cookbooks/kosmos_akaunting/attributes/default.rb Normal file
View File

@@ -0,0 +1,5 @@
node.default["akaunting"]["user"] = "deploy"
node.default["akaunting"]["group"] = "www-data"
node.default["akaunting"]["repo"] = "https://github.com/akaunting/akaunting.git"
node.default["akaunting"]["revision"] = "3.1.12"
node.default["akaunting"]["port"] = 80

115
site-cookbooks/kosmos_akaunting/chefignore Normal file
View File

@@ -0,0 +1,115 @@
# Put files/directories that should be ignored in this file when uploading
# to a Chef Infra Server or Supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
ehthumbs.db
Icon?
nohup.out
Thumbs.db
.envrc
# EDITORS #
###########
.#*
.project
.settings
*_flymake
*_flymake.*
*.bak
*.sw[a-z]
*.tmproj
*~
\#*
REVISION
TAGS*
tmtags
.vscode
.editorconfig
## COMPILED ##
##############
*.class
*.com
*.dll
*.exe
*.o
*.pyc
*.so
*/rdoc/
a.out
mkmf.log
# Testing #
###########
.circleci/*
.codeclimate.yml
.delivery/*
.foodcritic
.kitchen*
.mdlrc
.overcommit.yml
.rspec
.rubocop.yml
.travis.yml
.watchr
.yamllint
azure-pipelines.yml
Dangerfile
examples/*
features/*
Guardfile
kitchen.yml*
mlc_config.json
Procfile
Rakefile
spec/*
test/*
# SCM #
#######
.git
.gitattributes
.gitconfig
.github/*
.gitignore
.gitkeep
.gitmodules
.svn
*/.bzr/*
*/.git
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
Gemfile
Gemfile.lock
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Documentation #
#############
CODE_OF_CONDUCT*
CONTRIBUTING*
documentation/*
TESTING*
UPGRADING*
# Vagrant #
###########
.vagrant
Vagrantfile

31
site-cookbooks/kosmos_akaunting/kitchen.yml Normal file
View File

@@ -0,0 +1,31 @@
---
driver:
name: vagrant
## The forwarded_port port feature lets you connect to ports on the VM guest
## via localhost on the host.
## see also: https://www.vagrantup.com/docs/networking/forwarded_ports
# network:
# - ["forwarded_port", {guest: 80, host: 8080}]
provisioner:
name: chef_zero
## product_name and product_version specifies a specific Chef product and version to install.
## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/
# product_name: chef
# product_version: 17
verifier:
name: inspec
platforms:
- name: ubuntu-20.04
- name: centos-8
suites:
- name: default
verifier:
inspec_tests:
- test/integration/default

9
site-cookbooks/kosmos_akaunting/metadata.rb Normal file
View File

@@ -0,0 +1,9 @@
name 'kosmos_akaunting'
maintainer 'Kosmos Developers'
maintainer_email 'mail@kosmos.org'
license 'MIT'
description 'Installs/configures akaunting for Kosmos'
version '0.1.0'
chef_version '>= 18.0'
depends 'kosmos-nodejs'

148
site-cookbooks/kosmos_akaunting/recipes/default.rb Normal file
View File

@@ -0,0 +1,148 @@
#
# Cookbook:: kosmos_akaunting
# Recipe:: default
#
app_name = "akaunting"
deploy_user = node["akaunting"]["user"]
deploy_group = node["akaunting"]["group"]
deploy_path = "/opt/#{app_name}"
credentials = data_bag_item("credentials", "akaunting")
pg_host = search(:node, "role:postgresql_primary").first["knife_zero"]["host"] rescue "localhost"
env = {
app_name: "Akaunting",
app_env: "production",
app_locale: "en-US",
app_installed: "true",
app_key: credentials["app_key"],
app_debug: "true",
app_schedule_time: "\"09:00\"",
app_url: "http://akaunting.kosmos.org",
db_connection: "pgsql",
db_host: pg_host,
db_port: "5432",
db_database: credentials["pg_database"],
db_username: credentials["pg_username"],
db_password: credentials["pg_password"],
log_level: "debug"
# mail_mailer: "mail",
# mail_host: "localhost",
# mail_port: "2525",
# mail_username: "null",
# mail_password: "null",
# mail_encryption: "null",
# mail_from_name: "null",
# mail_from_address: "null",
}
%w[
unzip nginx php8.1 php8.1-cli php8.1-bcmath php8.1-ctype php8.1-curl
php8.1-dom php8.1-fileinfo php8.1-intl php8.1-fpm php8.1-gd php8.1-mbstring
php8.1-pdo php8.1-pgsql php8.1-tokenizer php8.1-xml php8.1-zip
].each do |pkg|
package pkg
end
# TODO install composer
node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_18.x"
include_recipe "kosmos-nodejs"
group deploy_group
user deploy_user do
group deploy_group
manage_home true
shell "/bin/bash"
end
directory deploy_path do
owner deploy_user
group deploy_group
mode "0775"
end
git deploy_path do
repository node[app_name]["repo"]
revision node[app_name]["revision"]
user deploy_user
group deploy_group
action :sync
notifies :run, "execute[composer_install]", :immediately
notifies :run, "execute[npm_install]", :immediately
notifies :restart, "service[php8.1-fpm]", :delayed
end
execute "composer_install" do
user deploy_user
cwd deploy_path
command "composer install"
action :nothing
end
execute "npm_install" do
user deploy_user
cwd deploy_path
command "npm install"
action :nothing
notifies :run, "execute[compile_assets]", :immediately
end
execute "compile_assets" do
user deploy_user
cwd deploy_path
command "npm run prod"
action :nothing
end
execute "set_storage_permissions" do
command "chown -R www-data:www-data #{deploy_path}/storage"
end
template "#{deploy_path}/.env" do
source 'env.erb'
owner deploy_user
group deploy_group
mode 0660
sensitive true
variables config: env
notifies :restart, "service[php8.1-fpm]", :delayed
end
template "/etc/nginx/sites-available/default" do
source 'nginx-local.conf.erb'
owner deploy_user
group deploy_group
mode 0660
variables deploy_path: deploy_path,
port: node["akaunting"]["port"]
notifies :restart, "service[nginx]", :delayed
end
# template "/etc/php/8.1/fpm/pool.d/akaunting.conf" do
# source 'php-fpm.pool.erb'
# owner deploy_user
# group deploy_group
# mode 0600
# variables user: deploy_user,
# group: deploy_group,
# chdir: deploy_path,
# port: node["akaunting"]["port"]
# notifies :restart, "service[php8.1-fpm]", :delayed
# end
service "php8.1-fpm" do
action [:enable, :start]
end
service "nginx" do
action [:enable, :start]
end
firewall_rule "akaunting_zerotier" do
command :allow
port node["akaunting"]["port"]
protocol :tcp
source "10.1.1.0/24"
end

16
site-cookbooks/kosmos_akaunting/recipes/pg_db.rb Normal file
View File

@@ -0,0 +1,16 @@
#
# Cookbook:: kosmos_akaunting
# Recipe:: pg_db
#
credentials = data_bag_item("credentials", "akaunting")
postgresql_user credentials["pg_username"] do
action :create
password credentials["pg_password"]
end
postgresql_database credentials["pg_database"] do
owner credentials["pg_username"]
action :create
end

11
site-cookbooks/kosmos_akaunting/templates/env.erb Normal file
View File

@@ -0,0 +1,11 @@
<% @config.each do |key, value| %>
<% if value.is_a?(Hash) %>
<% value.each do |k, v| %>
<%= "#{key.upcase}_#{k.upcase}" %>=<%= v.to_s %>
<% end %>
<% else %>
<% if value %>
<%= key.upcase %>=<%= value.to_s %>
<% end %>
<% end %>
<% end %>

49
site-cookbooks/kosmos_akaunting/templates/nginx-local.conf.erb Normal file
View File

@@ -0,0 +1,49 @@
server {
listen 80 default_server;
server_name akaunting.kosmos.org;
root <%= @deploy_path %>;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# Prevent Direct Access To Protected Files
location ~ \.(env|log) {
deny all;
}
# Prevent Direct Access To Protected Folders
location ~ ^/(^app$|bootstrap|config|database|overrides|resources|routes|storage|tests|artisan) {
deny all;
}
# Prevent Direct Access To modules/vendor Folders Except Assets
location ~ ^/(modules|vendor)\/(.*)\.((?!ico|gif|jpg|jpeg|png|js\b|css|less|sass|font|woff|woff2|eot|ttf|svg|xls|xlsx).)*$ {
deny all;
}
error_page 404 /index.php;
# Pass PHP Scripts To FastCGI Server
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; # Depends On The PHP Version
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}

18
site-cookbooks/kosmos_akaunting/templates/php-fpm.pool.erb Normal file
View File

@@ -0,0 +1,18 @@
[akaunting]
user = <%= @user %>
group = <%= @group %>
listen = 0.0.0.0:<%= @port %>
listen.owner = <%= @user %>
listen.group = <%= @group %>
listen.mode = 0660
pm = dynamic
pm.max_children = 10
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 6
pm.max_requests = 500
chdir = <%= @chdir %>
catch_workers_output = yes
php_admin_flag[log_errors] = on

16
site-cookbooks/kosmos_akaunting/test/integration/default/default_test.rb Normal file
View File

@@ -0,0 +1,16 @@
# Chef InSpec test for recipe kosmos_akaunting::default
# The Chef InSpec reference, with examples and extensive documentation, can be
# found at https://docs.chef.io/inspec/resources/
unless os.windows?
# This is an example test, replace with your own test.
describe user('root'), :skip do
it { should exist }
end
end
# This is an example test, replace it with your own test.
describe port(80), :skip do
it { should_not be_listening }
end

4
site-cookbooks/kosmos_gitea/attributes/default.rb
View File

@@ -1,5 +1,5 @@
node.default["gitea"]["version"] = "1.22.6" node.default["gitea"]["version"] = "1.22.5"
node.default["gitea"]["checksum"] = "fd77f1a0273c85a0950207c1cfa6753a9fa57604e4ab1382484b191cc919ce15" node.default["gitea"]["checksum"] = "ce2c7e4fff3c1e3ed59f5b5e00e3f2d301f012c34e329fccd564bc5129075460"
node.default["gitea"]["working_directory"] = "/var/lib/gitea" node.default["gitea"]["working_directory"] = "/var/lib/gitea"
node.default["gitea"]["port"] = 3000 node.default["gitea"]["port"] = 3000
node.default["gitea"]["postgresql_host"] = "localhost:5432" node.default["gitea"]["postgresql_host"] = "localhost:5432"