Fix URL matcher for substr (vs strfry)

I wasn't able to reach https://nostr.kosmos.org/nodeinfo/2.1, which I
stumbled upon in an upstream PR. This one only matches exactly the paths
that substr is serving.

Tested/running in production.

clients/garage-12.json

@@ -0,0 +1,4 @@
+{
+  "name": "garage-12",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9GtHHi298BjiIqpZ3WkT\nkYAPfWD60hFe/8icYcq/F/6cHLYKZQ4chek9X/hDCMq4tHEN6Oh58T5x/nuNdPrK\nIAMGyVAGk6ekWlmD4jwdEf6TGb/J3ffJTRDvwX/I8xD/DW3wtXsN+X24T59ByGTm\nrnwRmmmwHF3otRx9wnCsIgDQ0AjiUujsfNNv1FcLXD/WJLys9lEeU5aJ4XtHTwDv\ntJM8YyVEFhEnuvgdKmzn5+F5k9VGdUwForlFOBfvzbCnTZMDMmDVeiUtAUv/7xWQ\nQl2mLUGCtgWuYJYXsQacAJ6pa3h+7cQyshC6w3dwUG+1fS9lNO0Yp1GGX1AGYKpp\nPQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

clients/garage-13.json

@@ -0,0 +1,4 @@
+{
+  "name": "garage-13",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbqWc6OwRxgHfsQuTNL4\naxeVvNen5d9srYpZSHjuBB/k9NHB+9P6vU5qF37XHkw1lVUGeYbPHzhYsx3O0/kZ\nH5f4+4SMy/P9jc6SE7AJF4qtYKgJ88koZdqCww07c6K9g+BnEGFFZui/h3hUBxWj\nTfhBHEWPyQ2bl/lr9sIJwsEz+EN0isGn/eIXkmw9J6LdLJ5Q0LLks33K28FNOU7q\nfeAN4MiBVMUtgCGyT2Voe6WrOXwQLSDXQONOp3sfSfFExsIJ1s24xdd7AMD7/9a7\n4sFDZ4swhqAWgWmW2giR7Kb8wTvGQLO/O/uUbmKz3DZXgkOKXHdHCEB/PZx1mRNM\nEwIDAQAB\n-----END PUBLIC KEY-----\n"
+}

nodes/ejabberd-4.json

@@ -37,6 +37,7 @@
       "timezone_iii::debian",
       "ntp::default",
       "ntp::apparmor",
+      "kosmos-base::journald_conf",
       "kosmos-base::systemd_emails",
       "apt::unattended-upgrades",
       "kosmos-base::firewall",

nodes/ejabberd-8.json

@@ -37,6 +37,7 @@
       "timezone_iii::debian",
       "ntp::default",
       "ntp::apparmor",
+      "kosmos-base::journald_conf",
       "kosmos-base::systemd_emails",
       "apt::unattended-upgrades",
       "kosmos-base::firewall",

nodes/garage-12.json

@@ -0,0 +1,65 @@
+{
+  "name": "garage-12",
+  "chef_environment": "production",
+  "normal": {
+    "knife_zero": {
+      "host": "10.1.1.224"
+    }
+  },
+  "automatic": {
+    "fqdn": "garage-12",
+    "os": "linux",
+    "os_version": "5.15.0-1059-kvm",
+    "hostname": "garage-12",
+    "ipaddress": "192.168.122.173",
+    "roles": [
+      "base",
+      "kvm_guest",
+      "garage_node"
+    ],
+    "recipes": [
+      "kosmos-base",
+      "kosmos-base::default",
+      "kosmos_kvm::guest",
+      "kosmos_garage",
+      "kosmos_garage::default",
+      "kosmos_garage::firewall_rpc",
+      "kosmos_garage::firewall_apis",
+      "apt::default",
+      "timezone_iii::default",
+      "timezone_iii::debian",
+      "ntp::default",
+      "ntp::apparmor",
+      "kosmos-base::journald_conf",
+      "kosmos-base::systemd_emails",
+      "apt::unattended-upgrades",
+      "kosmos-base::firewall",
+      "kosmos-postfix::default",
+      "postfix::default",
+      "postfix::_common",
+      "postfix::_attributes",
+      "postfix::sasl_auth",
+      "hostname::default",
+      "firewall::default"
+    ],
+    "platform": "ubuntu",
+    "platform_version": "22.04",
+    "cloud": null,
+    "chef_packages": {
+      "chef": {
+        "version": "18.7.10",
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib",
+        "chef_effortless": null
+      },
+      "ohai": {
+        "version": "18.2.5",
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai"
+      }
+    }
+  },
+  "run_list": [
+    "role[base]",
+    "role[kvm_guest]",
+    "role[garage_node]"
+  ]
+}

nodes/garage-13.json

@@ -0,0 +1,65 @@
+{
+  "name": "garage-13",
+  "chef_environment": "production",
+  "normal": {
+    "knife_zero": {
+      "host": "10.1.1.179"
+    }
+  },
+  "automatic": {
+    "fqdn": "garage-13",
+    "os": "linux",
+    "os_version": "5.15.0-1059-kvm",
+    "hostname": "garage-13",
+    "ipaddress": "192.168.122.27",
+    "roles": [
+      "base",
+      "kvm_guest",
+      "garage_node"
+    ],
+    "recipes": [
+      "kosmos-base",
+      "kosmos-base::default",
+      "kosmos_kvm::guest",
+      "kosmos_garage",
+      "kosmos_garage::default",
+      "kosmos_garage::firewall_rpc",
+      "kosmos_garage::firewall_apis",
+      "apt::default",
+      "timezone_iii::default",
+      "timezone_iii::debian",
+      "ntp::default",
+      "ntp::apparmor",
+      "kosmos-base::journald_conf",
+      "kosmos-base::systemd_emails",
+      "apt::unattended-upgrades",
+      "kosmos-base::firewall",
+      "kosmos-postfix::default",
+      "postfix::default",
+      "postfix::_common",
+      "postfix::_attributes",
+      "postfix::sasl_auth",
+      "hostname::default",
+      "firewall::default"
+    ],
+    "platform": "ubuntu",
+    "platform_version": "22.04",
+    "cloud": null,
+    "chef_packages": {
+      "chef": {
+        "version": "18.7.10",
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib",
+        "chef_effortless": null
+      },
+      "ohai": {
+        "version": "18.2.5",
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai"
+      }
+    }
+  },
+  "run_list": [
+    "role[base]",
+    "role[kvm_guest]",
+    "role[garage_node]"
+  ]
+}

nodes/wiki-1.json

@@ -28,6 +28,7 @@
       "timezone_iii::debian",
       "ntp::default",
       "ntp::apparmor",
+      "kosmos-base::journald_conf",
       "kosmos-base::systemd_emails",
       "apt::unattended-upgrades",
       "kosmos-base::firewall",
@@ -66,12 +67,13 @@
     "cloud": null,
     "chef_packages": {
       "chef": {
-        "version": "15.13.8",
-        "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.13.8/lib"
+        "version": "18.7.10",
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib",
+        "chef_effortless": null
       },
       "ohai": {
-        "version": "15.12.0",
-        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
+        "version": "18.2.5",
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai"
       }
     }
   },

site-cookbooks/kosmos-base/recipes/andromeda_firewall.rb

@@ -1,52 +0,0 @@
-#
-# Cookbook Name:: kosmos-base
-# Recipe:: andromeda_firewall
-#
-# The MIT License (MIT)
-#
-# Copyright:: 2019, Kosmos Developers
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-# copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-# THE SOFTWARE.
-
-# Temporary extra rules for Andromeda
-
-firewall_rule 'bitcoind' do
-  port     [8333, 8334, 8335]
-  protocol :tcp
-  command  :allow
-end
-
-firewall_rule 'lnd' do
-  port     [9736]
-  # port     [9736, 8002]
-  protocol :tcp
-  command  :allow
-end
-
-firewall_rule 'lightningd' do
-  port     [9735]
-  protocol :tcp
-  command  :allow
-end
-
-firewall_rule 'spark_wallet' do
-  port     8008
-  protocol :tcp
-  command  :allow
-end

site-cookbooks/kosmos-bitcoin/attributes/default.rb

@@ -1,5 +1,5 @@
-node.default['bitcoin']['version']   = '29.0'
-node.default['bitcoin']['checksum']  = '882c782c34a3bf2eacd1fae5cdc58b35b869883512f197f7d6dc8f195decfdaa'
+node.default['bitcoin']['version']   = '30.0'
+node.default['bitcoin']['checksum']  = '9b472a4d51dfed9aa9d0ded2cb8c7bcb9267f8439a23a98f36eb509c1a5e6974'
 node.default['bitcoin']['username']  = 'satoshi'
 node.default['bitcoin']['usergroup'] = 'bitcoin'
 node.default['bitcoin']['network']   = 'mainnet'

site-cookbooks/kosmos-bitcoin/recipes/bitcoind.rb

@@ -43,7 +43,7 @@ bash "compile_bitcoin-core" do
   cwd "/usr/local/bitcoind"
   environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'})
   code <<-EOH
-    cmake -B build --toolchain depends/x86_64-pc-linux-gnu/toolchain.cmake
+    cmake -B build --toolchain depends/x86_64-pc-linux-gnu/toolchain.cmake -DBUILD_TESTS=OFF
     cmake --build build -j $(($(nproc)/2))
     cmake --install build
   EOH

site-cookbooks/kosmos-ejabberd/attributes/default.rb

@@ -1,6 +1,6 @@
-node.default["ejabberd"]["version"] = "24.02"
+node.default["ejabberd"]["version"] = "25.08"
 node.default["ejabberd"]["package_version"] = "1"
-node.default["ejabberd"]["checksum"] = "476c187b42074b88472fd1c8042418072e47962facd47dab4e5883f6f61b2173"
+node.default["ejabberd"]["checksum"] = "e4703bc41b5843fc4b76e8b54a9380d5895f9b3dcd4795e05ad0c260ed9b9a23"
 node.default["ejabberd"]["turn_domain"] = "turn.kosmos.org"
 node.default["ejabberd"]["stun_auth_realm"] = "kosmos.org"
 node.default["ejabberd"]["stun_turn_port"] = 3478

site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb

@@ -4,6 +4,9 @@ log_rotate_count: 1
 loglevel: info
 hide_sensitive_log_data: true
 
+log_modules_fully:
+  - mod_s3_upload
+
 hosts:
 <% @hosts.each do |host| -%>
   - "<%= host[:name] %>"
@@ -119,6 +122,15 @@ acl:
       - "::1/128"
       - "::FFFF:127.0.0.1/128"
 
+api_permissions:
+  "webadmin commands":
+    who:
+      - admin
+    from:
+      - ejabberd_web_admin
+    what:
+      - "*"
+
 shaper_rules:
   max_user_sessions: 10
   max_user_offline_messages:

site-cookbooks/kosmos-mediawiki/metadata.rb

@@ -3,7 +3,6 @@ maintainer       'Kosmos'
 maintainer_email 'mail@kosmos.org'
 license          'MIT'
 description      'Installs/Configures kosmos-mediawiki'
-long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 version          '0.3.1'
 
 depends "mediawiki"

site-cookbooks/kosmos-mediawiki/recipes/default.rb

@@ -1,9 +1,9 @@
 #
-# Cookbook Name:: kosmos-mediawiki
-# Recipe:: default
+# Cookbook:: kosmos-mediawiki
+# Recipe:: default.rb
 #
 
-include_recipe 'apt'
+apt_update
 include_recipe 'ark'
 include_recipe 'composer'
 
@@ -11,15 +11,15 @@ apt_package 'imagemagick'
 
 server_name = 'wiki.kosmos.org'
 
-node.override['mediawiki']['version']         = "1.34.2"
-node.override['mediawiki']['webdir']          = "#{node['mediawiki']['docroot_dir']}/mediawiki-#{node['mediawiki']['version']}"
+node.override['mediawiki']['version'] = "1.34.2"
+node.override['mediawiki']['webdir'] = "#{node['mediawiki']['docroot_dir']}/mediawiki-#{node['mediawiki']['version']}"
 node.override['mediawiki']['tarball']['name'] = "mediawiki-#{node['mediawiki']['version']}.tar.gz"
-node.override['mediawiki']['tarball']['url']  = "https://releases.wikimedia.org/mediawiki/1.34/#{node['mediawiki']['tarball']['name']}"
-node.override['mediawiki']['language_code']   = 'en'
-node.override['mediawiki']['server_name']     = server_name
-node.override['mediawiki']['site_name']       = 'Kosmos Wiki'
+node.override['mediawiki']['tarball']['url'] = "https://releases.wikimedia.org/mediawiki/1.34/#{node['mediawiki']['tarball']['name']}"
+node.override['mediawiki']['language_code'] = 'en'
+node.override['mediawiki']['server_name'] = server_name
+node.override['mediawiki']['site_name'] = 'Kosmos Wiki'
 protocol = node.chef_environment == "development" ? "http" : "https"
-node.override['mediawiki']['server']          = "#{protocol}://#{server_name}"
+node.override['mediawiki']['server'] = "#{protocol}://#{server_name}"
 mysql_credentials = data_bag_item('credentials', 'mysql')
 mediawiki_credentials = data_bag_item('credentials', 'mediawiki')
 
@@ -30,14 +30,14 @@ directory "#{node['mediawiki']['webdir']}/skins/common/images" do
   owner node['nginx']['user']
   group node['nginx']['group']
   recursive true
-  mode 0750
+  mode "750"
 end
 
 cookbook_file "#{node['mediawiki']['webdir']}/skins/common/images/kosmos.png" do
   source 'kosmos.png'
   owner node['nginx']['user']
   group node['nginx']['group']
-  mode 0640
+  mode "640"
 end
 
 directory "#{node['mediawiki']['webdir']}/.well-known/acme-challenge" do
@@ -80,14 +80,14 @@ nginx_certbot_site server_name
 # Extensions
 #
 
-mediawiki_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mediawiki')
+mediawiki_credentials = data_bag_item('credentials', 'mediawiki')
 
 #
 # MediawikiHubot extension
 #
 
 # requires curl extension
-if platform?('ubuntu') && node[:platform_version].to_f < 16.04
+if platform?('ubuntu') && node["platform_version"].to_f < 16.04
   package "php5-curl"
 else
   package "php-curl"
@@ -100,7 +100,7 @@ ark "MediawikiHubot" do
   action :cherry_pick
 end
 
-hubot_credentials = Chef::EncryptedDataBagItem.load('credentials', 'hal8000_xmpp')
+hubot_credentials = data_bag_item('credentials', 'hal8000_xmpp')
 webhook_token = hubot_credentials['webhook_token']
 
 template "#{node['mediawiki']['webdir']}/extensions/MediawikiHubot/DefaultConfig.php" do
@@ -145,7 +145,7 @@ end
 
 ruby_block "configuration" do
   block do
-    # FIXME This is internal Chef API and should not be used from recipes, as
+    # FIXME: This is internal Chef API and should not be used from recipes, as
     # it is unsupported for that
     file = Chef::Util::FileEdit.new("#{node['mediawiki']['webdir']}/LocalSettings.php")
     file.search_file_replace_line(%r{\$wgLogo\ =\ \"\$wgResourceBasePath\/resources\/assets\/wiki.png\";},
@@ -235,7 +235,7 @@ wfLoadExtension( 'LDAPAuthentication2' );
 $wgGroupPermissions['*']['createaccount'] = false;
 $wgGroupPermissions['*']['autocreateaccount'] = true;
                                  EOF
-                                 )
+      )
 
       file.write_file
     end
@@ -247,9 +247,7 @@ end
 #
 
 file "#{node['mediawiki']['webdir']}/composer.local.json" do
-  requires = { "require": {
-    "mediawiki/mermaid": "~1.0"
-  }}.to_json
+  requires = { "require": { "mediawiki/mermaid": "~1.0" } }.to_json
   content requires
   owner node['nginx']['user']
   group node['nginx']['group']

site-cookbooks/kosmos_kvm/README.md

@@ -1,4 +1,14 @@
 # kosmos_kvm
 
-TODO: Enter the cookbook description here.
+## Create a new VM
 
+A script is deployed by the `host` recipe to `/usr/local/sbin/create_vm`
+
+### Usage
+
+```
+create_vm VMNAME RAM CPUS DISKSIZE
+```
+
+* `RAM` in megabytes
+* `DISKSIZE` in gigabytes, defaults to 10

site-cookbooks/kosmos_strfry/templates/nginx_conf_strfry.erb

@@ -25,7 +25,7 @@ server {
     alias /var/www/assets.kosmos.org/site/img/favicon.ico;
   }
 
-  location ~* ^/[@~n]|^/assets {
+  location ~ ^/(?:@|~|npub|naddr|nprofile|assets/) {
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_pass http://_substr;