kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Compare commits

base: kosmos:775f2275bb0827c708dc4748e259bc05dc926408
Branches Tags
kosmos:master kosmos:feature/237-gitea_ssh_signing kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish
..
compare: kosmos:feature/akaunting
Branches Tags
kosmos:feature/237-gitea_ssh_signing kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish

14 Commits
775f2275bb ... feature/ak

Author SHA1 Message Date
Râu Cao
f20ebb9d86 WIP Set up akaunting 2024-12-16 12:05:51 +04:00
Râu Cao
31b7ff9217 Upgrade Gitea to 1.22.5 2024-12-12 18:32:58 +04:00
Râu Cao
d90a374811 Remove outdated flag from certbot command 2024-12-12 18:32:26 +04:00
Râu Cao
12cd14fff5 Deploy new postgres primary 2024-12-12 18:31:54 +04:00
Râu Cao
b67d91077d Remove old garage nodes 2024-12-12 18:30:16 +04:00
Râu Cao
070badfeb3 Add postgres replica bootstrap example 2024-12-12 18:29:16 +04:00
Râu Cao
2d8a1cebb1 Update node info 2024-12-09 20:44:18 +04:00
Râu Cao
67cd89b7b8 Merge pull request 'Fix TLS cert updates for kosmos.chat' (#578) from chore/fix_cert_updates_kosmos-chat into master 
Reviewed-on: #578
 2024-12-09 14:21:05 +00:00
Râu Cao
e4112a3626 Fix TLS cert updates for kosmos.chat 
Some recipes weren't updated for the proxy validation yet. Needed to
split the ejabberd cert in two, so it can do normal validation on
`.org` and proxy validation on `.chat`.
 2024-12-09 18:17:10 +04:00
Râu Cao
89813465b2 Merge pull request 'Upgrade Mastodon to 4.3' (#577) from chore/upgrade_mastodon into master 
Reviewed-on: #577
 2024-12-09 14:14:35 +00:00
Râu Cao
6106e627e2 Upgrade Mastodon to 4.3 
Co-authored-by: Greg Karékinian <greg@karekinian.com>
 2024-12-09 18:12:45 +04:00
Râu Cao
d8baa41c14 Add new node configs 2024-12-09 18:11:51 +04:00
Greg
8405b8df52 Merge pull request 'Upgrade lndhub.go to 1.0.2, add service fee config' (#576) from chore/upgrade_lndhub into master 
Reviewed-on: #576
Reviewed-by: Greg <greg@noreply.kosmos.org>
 2024-10-20 19:27:19 +00:00
Râu Cao
b4019b224b Upgrade lndhub.go to 1.0.2, add service fee config 
Co-authored-by: Michael Bumann <hello@michaelbumann.com>
 2024-10-18 12:36:41 +02:00
53 changed files with 862 additions and 1443 deletions
Expand all files Collapse all files

4
README.md
View File

@@ -38,6 +38,10 @@ Clone this repository, `cd` into it, and run:
knife zero bootstrap ubuntu@zerotier-ip-address -x ubuntu --sudo --run-list "role[base],role[kvm_guest]" --secret-file .chef/encrypted_data_bag_secret knife zero bootstrap ubuntu@zerotier-ip-address -x ubuntu --sudo --run-list "role[base],role[kvm_guest]" --secret-file .chef/encrypted_data_bag_secret
### Bootstrap a new VM with environment and role/app (postgres replica as example)
knife zero bootstrap ubuntu@10.1.1.134 -x ubuntu --sudo --environment production --run-list "role[base],role[kvm_guest],role[postgresql_replica]" --secret-file .chef/encrypted_data_bag_secret
### Run Chef Zero on a host server ### Run Chef Zero on a host server
knife zero converge -p2222 name:server-name.kosmos.org knife zero converge -p2222 name:server-name.kosmos.org

4
clients/akaunting-1.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "akaunting-1",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmNpNWJh5DeXDsINDqAt\n5OtcGhnzLtqdILTD8A8KuPxWhoKI0k9xwvuT4yO2DLQqFMPyGefRuQkVsIq2OuU5\npK8B5c79E9MBHxti6mQZw4b/Jhmul+x2LGtOWYjPTDhFYXRsNNDtFDxwpwJGPede\nYts026yExHPhiF35Mt1JxA3TXJfPC8Vx0YGHu/6Ev+1fLmcKhFmhed5yKkA0gwod\nczdyQiCfw3ze9LuS90QmALpFOHHpekZeywemdwyPia207CoTrXsPLWj9KmuUEIQJ\nwL+OlEU2tVA6KaBKpl54n5/tMsccZmlicbNsVpgkk6LctrkNh6Kk+fW9ry3L/Gxg\nAwIDAQAB\n-----END PUBLIC KEY-----\n"
}

4
clients/garage-10.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "garage-10",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2+3Wo+KkXVJCOX1SxT9\nSdwKXgPbCDM3EI9uwoxhMxQfRyN53dxIsBDsQUVOIe1Z8yqm4FenMQlNmeDR+QLE\nvNFf1fisinW+D9VVRm+CjcJy96i/Dyt786Z6YRrDlB860HxCbfTL2Zv5BRtbyIKg\nhz5gO+9PMEpPVR2ij9iue4K6jbM1AAL2ia/P6zDWLJqeIzUocCeHV5N0Z3jXH6qr\nf444v78x35MMJ+3tg5h95SU1/PDCpdSTct4uHEuKIosiN7p4DlYMoM5iSyvVoujr\nflRQPEpGzS9qEt3rDo/F4ltzYMx6bf1tB/0QaBKD+zwPZWTTwf61tSBo5/NkGvJc\nFQIDAQAB\n-----END PUBLIC KEY-----\n"
}

4
clients/garage-11.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "garage-11",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfZcNEQojtmaogd9vGP/\nMsVPhAOlQ4kxKgrUas+p+XT7lXRan6b3M8UZEleIaL1HWsjSVwtFWRnNl8kg8rF8\nNEkLeOX8kHf7IoXDFOQa2TXanY8tSqrfh9/heFunt4Q3DluVt7S3bBdwukbDXm/n\nXJS2EQP33eJT4reL6FpVR0oVlFCzI3Vmf7ieSHIBXrbXy7AIvGC2+NVXvQle6pqp\nx0rqU6Wc6ef/VtIv+vK3YFnt9ue3tC63mexyeNKgRYf1YjDx61wo2bOY2t8rqN8y\nHeZ3dmAN8/Vwjk5VGnZqK7kRQ92G4IcE+mEp7MuwXcLqQ9WB960o+evay+o1R5JS\nhwIDAQAB\n-----END PUBLIC KEY-----\n"
}

4
clients/garage-4.json
View File

@@ -1,4 +0,0 @@
{
"name": "garage-4",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8it7QtT6zDiJJqlyHKfQ\nLqwu6bLblD15WWxlUSiOdhz3njWDv1BIDCAdkCR3HAXgxvk8sMj9QkvWS7u1+bc4\nxvHrY4Tgfg+Tk1h3gGa7ukll8s1WLIbGjj89vrK8PFr4iuDqRytYRMmcdMsNzPkS\nKcsOjFYWGV7KM/OwoQGVIOUPB+WtkrFAvNkXtIU6Wd5orzFMjt/9DPF2aO7QegL8\nG1mQmXcPGl9NSDUXptn/kzFKm/p4n7pjy6OypFT192ak7OA/s+CvQlaVE2tb/M3c\ne4J6A+PInV5AGKY6BxI3QRQLZIlqE0FXawFKr1iRU4JP4tVnICXZqy+SDXQU1zar\nTQIDAQAB\n-----END PUBLIC KEY-----\n"
}

4
clients/garage-5.json
View File

@@ -1,4 +0,0 @@
{
"name": "garage-5",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJxLFOBbml94W/GAe7nm\ntZs1Ziy8IbqXySsm8bSwWhRMQ8UuseqQLG30R3Q5X5AoJbtNfd26l63qLtP2fFtL\n5km9dV+2FoIJWFetl8Wzr7CaLYAiNzTQSFHlV7+6DKmPMDcJ63GKrFR77vkSGOG6\nOWL1bJy5BOaClp/sKL/0WQ0+mRbTP6RCQ2eI+46clAg702SenBU6Nz9HDm+teKN7\nYlP1CvzXgfgfpDOsat7wGn5+oKcmKavZxcdn8bt5jRpg8v3JezaZIjMXt7XcNS4n\n0F4XO/efnZE5B5SN68j4BpD8N79zJw4HlRIGP+RaYv2qLtBeWgLHCCs9wXQXfj6b\nLwIDAQAB\n-----END PUBLIC KEY-----\n"
}

4
clients/garage-6.json
View File

@@ -1,4 +0,0 @@
{
"name": "garage-6",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwasYgWLM8ShvirFiKRE6\nGWqc3pMlvcrk4YnWAUW5Y/H26EnyexxWNfnwlEcq8thJ3M3hs7zkoF3Yk4uqX869\n4/niYqXwYgeE1K3gzLp4K1+w3yVupYAFVFStVEHJyuMlLJ+ulDEGvNdQDuIfw7+E\nr6DcDLa1o92Eo0wL1ihYyMilduH0LdFTixL+tEBXbbPWBa3RDJJCFsRF1+UC6hAH\nzmaWL661Gdzdabxjm/FlGUYkdbDqeInZq/1GMQqv+9/DcNRkWA9H7i4Ykrfpx4/2\nRZ8xtx/DbnJVB1zYoORygFMMAkTu5E+R8ropeI7Wi77Yq0S7laiRlYQYQml3x9ak\nzQIDAQAB\n-----END PUBLIC KEY-----\n"
}

4
clients/garage-9.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "garage-9",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMHzKE8JBrsQkmRDeMjX\n71mBzvRzNM90cwA8xtvIkXesdTyGqohX9k/PJbCY5ySGK9PpMaYDPVAnwnUP8LFQ\n3G98aSbLxUjqU/PBzRsnWpihehr05uz9zYcNFzr4LTNvGQZsq47nN9Tk+LG3zHP7\nAZViv2mJ4ZRnukXf6KHlyoVvhuTu+tiBM8QzjTF97iP/aguNPzYHmrecy9Uf5bSA\nZrbNZT+ayxtgswC2OclhRucx7XLSuHXtpwFqsQzSAhiX1aQ3wwCyH9WJtVwpfUsE\nlxTjcQiSM9aPZ8iSC0shpBaKD1j3iF/2K2Jk+88++zMhJJPLermvaJxzsdePgvyk\nKQIDAQAB\n-----END PUBLIC KEY-----\n"
}

4
clients/postgres-5.json
View File

@@ -1,4 +0,0 @@
{
"name": "postgres-5",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXZv6Gk+dhIVkTXH9hJ1\nt2oqsMSLmTUj71uPN+4j0rxCQriXa095Nle9ifJAxfwzQyKEpWKyZd1Hpyye6bL1\nwgWATZ/u5ZS4B63NhRFyDxgPlHWBBohaZBN42zeq0Y0PNGHPVGDH/zFDrpP22Q9Q\nYScsyXTauE/Yf8a/rKR5jdnoVsVVMxk0LHxka8FcM2cqVsDAcK7GqIG6epqNFY8P\nUb1P+mVxRwnkzvf1VtG212ezV/yw9uiQcUkHS+JwZMAgbC34k9iDyRmk6l4sj/Zk\nNem20ImMqdDzsrX8zEe21K+KNvpejPH9fxaNCwR8W+woBMMzqD3I7P9PbLjc70Rx\nRwIDAQAB\n-----END PUBLIC KEY-----\n"
}

4
clients/postgres-7.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "postgres-7",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArraIm6mXi0qgK4oWDs2I\nOIx+g/LPnfRd5aBXhoHcekGiJKttQTi5dRdN4+T6qVEC2h4Cc9qN47h2TZPLDh/M\neIZvu0AyicpectzXf6DtDZh0hFCnv47RDi9927op9tjMXk0SV1tLel7MN0dawATw\ny0vQkkr/5a3ZdiP4dFv+bdfVrj+Tuh85BYPVyX2mxq9F7Efxrt6rzVBiqr6uJLUY\nStpeB3CCalC4zQApKX2xrdtr2k8aJbqC6C//LiKbb7VKn+ZuZJ32L/+9HDEzQoFC\no0ZZPMhfnjcU+iSHYZuPMTJTNbwgRuOgpn9O8kZ239qYc59z7HEXwwWiYPDevbiM\nCQIDAQAB\n-----END PUBLIC KEY-----\n"
}

4
clients/postgres-8.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "postgres-8",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx88DgM/x1UbKRzgPexXE\nSyfrAsqaDVjqZz7yF3tqAc9A52Ol0KOM6NESoPWBVMbS86WtAjBcMHcOoQBJ+ovp\nXcjNlRtO1Il6/d4uCRr4CEDX+yeS0Qrt0SOORnoTbVlkq9VlVljyCmxk8VBCILzk\ndHvFr62mahMy6vOEcpCQgCwYE3ISH2jlTDz2agoK/CjIyyqFTlB1N7mJVGLrJdcA\nA2JOxDRE8HqOdpY7bHcHj4uyMWaKuM3zxXK04lhrvuPRfJUhXgsK9r5jeTEa8407\nqV9K+mB17R1dBeHmWEPDRt02HELe2SUjYmlmyVX73H2mWKDLBFpAFjOfz86CJ6jf\nDQIDAQAB\n-----END PUBLIC KEY-----\n"
}

31
data_bags/credentials/akaunting.json Normal file
View File

@@ -0,0 +1,31 @@
{
"id": "akaunting",
"app_key": {
"encrypted_data": "C7VVGHHrE/ESwtGeODf8zVraayO5uBSXaGR7f4yoj0MDq9WxPujItC3dIkMQ\ngjGzk8fH\n",
"iv": "4+d+RMLeuqaneFBa\n",
"auth_tag": "sBQDUVl6QbL/h9pd0kBQ0g==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"pg_database": {
"encrypted_data": "4mqHsMfDAqPvDmGsWgS9iE63qVeus7diSW8WiA==\n",
"iv": "6Cb1lVUcXBz+GA4u\n",
"auth_tag": "8O3N0m8jGhxs/YacdhgNHA==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"pg_username": {
"encrypted_data": "Nu0wiBhvqUwqC7PL2Qo8otq0b3faJqRsabqp2g==\n",
"iv": "1uA8mJc7itT0qHcx\n",
"auth_tag": "PRWw6LTlFrWs63SDRsovtQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"pg_password": {
"encrypted_data": "oXDKiXQ4aH5M2pVu1sx7dj0awKCORke03fq0uemjIfCMYbM=\n",
"iv": "snPyC8mocevc5kGH\n",
"auth_tag": "9wx4GPSydkYr2WGpZK5HZg==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}

60
data_bags/credentials/akkounts.json
View File

@@ -1,72 +1,72 @@
{ {
"id": "akkounts", "id": "akkounts",
"postgresql_username": { "postgresql_username": {
"encrypted_data": "bDlOkEmhvMgyVzPeTNUzYnzRLf3T9cc0cDxt\n", "encrypted_data": "ofLOjxGBj7no+lWrIvtxQQFoeozCh6mpfMTt\n",
"iv": "GCCUoqU5pxQ7fGkv\n", "iv": "/CF+o4GqZx2O5WOm\n",
"auth_tag": "Q7mrSHIBluMe3CGVmoR86Q==\n", "auth_tag": "bjHXfgNQfXpQ2gucPLrUWA==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"postgresql_password": { "postgresql_password": {
"encrypted_data": "wD0HtdsNe/hl4ZaOy8hyr2k4z8TXQrrSja3KNVE47w==\n", "encrypted_data": "f8Jfs4aqIjc6/6/NQlI2Fv8TzSgVmi5g0iYNhh9bAA==\n",
"iv": "tb5yz8WDer0CsGvJ\n", "iv": "vAzrZeUodmu4x5eB\n",
"auth_tag": "/+K2anuCff/6M7Pu70Smqw==\n", "auth_tag": "vx8eH2SY7I4IkZElXSC1Nw==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"sentry_dsn": { "sentry_dsn": {
"encrypted_data": "jCz681x0WVixHYZUb62TO+1cgyJMiJ2UMqWcaztx57yDBOIiKW3oSZjuXdhP\n9WCesfXQF/lgzITZno3IKDqzlKjWgbGLC75y8FLguxidCHI=\n", "encrypted_data": "oxW5jGU8DlIp5A9enxBhcJXuKyaZ5HziXq8Zw+Rbvpbv4C/RTGkJkgZdKcH1\nVzW/wNAT8nTK+nEvWgcQ3svjE40ltj2jcOexIRqLbuCClJE=\n",
"iv": "IRNOzN/hLwg1iqax\n", "iv": "wpW9+VdX5GjocHSl\n",
"auth_tag": "eg9dWnEK04JDb94e4CFa9Q==\n", "auth_tag": "1qrf1kZMrIR7WRiSaRjppQ==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"rails_master_key": { "rails_master_key": {
"encrypted_data": "nUB77VLRp41rluH7hLBwQqPtnh/HsmfLr2VbcIZHWawL3o2TGuY+mj648f9L\n7XsEpgqY\n", "encrypted_data": "KHVYYH7Nb9/SsoKkYfbjzhFwj3Ioj72hm5pfdCuinf+GQvjKumq99eQTlKdf\nBZM1n0XN\n",
"iv": "fpdbDitqTRHxEKiv\n", "iv": "x9AQZvw/vCinKQ8k\n",
"auth_tag": "I44fn8Ott3L/Y5LYr56U/Q==\n", "auth_tag": "mi0KHHOTBvVNhtvqk38BtQ==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"discourse_connect_secret": { "discourse_connect_secret": {
"encrypted_data": "ENtMn+1XTVFmdEZw7LU6WGoMbSZY654ggm3vPACGfFgqo6r0LhG60c5OTdqv\nZvT5/Q==\n", "encrypted_data": "WyLrV0DOsxyafSqyeQVj0BhVwm/0gvWeJLBsAbiqCGphryoYqUByPcum1T6R\n2H44nQ==\n",
"iv": "bL1BmvRhgxFqSM1P\n", "iv": "lUtlJDv6Ieq8Bs5x\n",
"auth_tag": "sEBZzGWwwYFHn+4B4SsyCA==\n", "auth_tag": "ku22BlQKw/BhHxuANTF6yg==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"lndhub_admin_token": { "lndhub_admin_token": {
"encrypted_data": "4LPGFoARzI8UYnsJPIk8sax/rAA16pUULEZWn86e2C7L\n", "encrypted_data": "DQuxQW8ks3sUzyHYEpQVyPg2f/U4/LWeRoCD9225Hd+c\n",
"iv": "nvjXrOwgfgutwEVw\n", "iv": "mjxYi+YAcKGuurD2\n",
"auth_tag": "A89RUf1sdcS3FVscNPWYLg==\n", "auth_tag": "8P3bFFNeQ5HQgpXDB5Sk5A==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"btcpay_auth_token": { "btcpay_auth_token": {
"encrypted_data": "ky5iWYF06os0Ek6vIRzWqMTekqJhCOh/Q9DTDIeKhSyk8TnT3O71lCNEt1F5\nXCNq6ux3V6oyHVLWj0o=\n", "encrypted_data": "3wsY9osaUdX4SvBPfHprNLSbx6/rfI5BfXnDxsc6OET3nGn19qBhH6wgeiwZ\n/dweqdQ25HpbFPygddc=\n",
"iv": "zk6WnxsY89oNW1F9\n", "iv": "ccouibxktHLlUCQJ\n",
"auth_tag": "FAIMXKvQ1T7QKezVSNJbwQ==\n", "auth_tag": "pWuRC8O2EAkmztL/9V3now==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"s3_access_key": { "s3_access_key": {
"encrypted_data": "KfhfEGwPjOonlz6rpnNTinXFPqX/sIbqQn/aby0UDi/G/7cvEcOiNcCkfuSz\n", "encrypted_data": "hJGHa+hEmddtsZ4UncrYBkjRa/2Csqdh79tXpTVxUWbIsYGdlvyadk7C1UCj\n",
"iv": "Q3rg06v6K9pUDLDY\n", "iv": "GlxNdnWiNzmNYthg\n",
"auth_tag": "G5ugdlJ896KtYtObKLclJA==\n", "auth_tag": "hlRLkroUN01L7VzQFBU/IA==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"s3_secret_key": { "s3_secret_key": {
"encrypted_data": "N8s1OoDrYXHjqSydQA0kY7dd68Aelq4+/cgmJlYfP92u4YA17V4TR7fsvQZL\nkqjuUSClNYPc0XiCwf/5gxVirE9AO6OmmvSV7lUyu4hcEY6unrU=\n", "encrypted_data": "LKdQJOKIfFIoiF3GvfTs1mg3AI//Aoi8r42zcw8QhEVPB8ONsSf0/vhM037C\nf5nzUk7xwglvTOveqbOM+UTBJF/4oblQfgwFW3VobWUGkJqjtKE=\n",
"iv": "bXzIVWnX6V0P6PRb\n", "iv": "tWTxzK/ccpjlLmQV\n",
"auth_tag": "1EOjCfsX9P6ETjUsgBvBsA==\n", "auth_tag": "n2MFkTIquyqz4wqRNdSJcg==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"nostr_private_key": { "nostr_private_key": {
"encrypted_data": "Sf8PEyQ0sqcgxddSlIDxLOVzPjOkTFObsYuTgcxkbEV7igrati4e8QVVUEBD\n1yoLJXelp8jlCr28Ectci29jc53gYSMTLSQsw97uYas2R0dGCqQ=\n", "encrypted_data": "CPMeNxzpYMReaQU4+v+EqpVESRsnaYc3a4y7OkHOhtn2gjaNEDERGKvRmlyd\nD6vxKPcIrwTCZ7neJ3YLOVOxPDNv6skqdtMHBwSgl7aBEOrx7tY=\n",
"iv": "+1CIUyvIUOveLrY4\n", "iv": "AV1on2sw1avmFFuY\n",
"auth_tag": "GDqS+IuAIfMBmHIeFXaV7A==\n", "auth_tag": "9rb9qQBKrj5Xja1t+qROKQ==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
} }

18
data_bags/credentials/gandi_api.json
View File

@@ -1,23 +1,23 @@
{ {
"id": "gandi_api", "id": "gandi_api",
"key": { "key": {
"encrypted_data": "d3/rJMX6B9GuzUt0/mIk/lgQ3qGyQdbNXH6UEm3ZX7DeSl+rbW9FPJCRWg==\n", "encrypted_data": "Ky1/PdywtEIl5vVXhzu3n2JetqOxnNjpjQ7yCao6qwIAn8oYxnv1c1hFAQ==\n",
"iv": "15YVAYla7PqqVOab\n", "iv": "stAc2FxDvUqrh0kt\n",
"auth_tag": "xQSq+ld6SDOAER07N4ZkUQ==\n", "auth_tag": "rcK4Qt+f2O4Zo5IMmG0fkw==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"access_token": { "access_token": {
"encrypted_data": "geQwcNosiJZmqbbMpD/I+a2yueBzpV6C8Rb7vrCD8kR161ZRjvqLe+g/1XpT\n2/65wKYDMTrdto1I030=\n", "encrypted_data": "J7zoLhEbPfPjnVWBmFmDdPKRer5GGw2o6Ad0uinznANugfaDiqjyYinOdEDF\nHlAqLmXv4J40rr3F+o4=\n",
"iv": "1sj58eyooOZ8FTYn\n", "iv": "fAxFqVh9QqrfBsPW\n",
"auth_tag": "yBNfgWXaToc06VDLly/HUw==\n", "auth_tag": "9ugi4frDLv8f7X0X1+k4DA==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"domains": { "domains": {
"encrypted_data": "p5rIQTyCE+0d4HIuA4GKEAFekh7qEC4xe9Rm/kP0DyzY83FO0/4uKIvYoZRB\n", "encrypted_data": "X0KOKlJp5GYbKcq/jzmlaMmTXV1U7exWSqi3UxX9Sw==\n",
"iv": "LWlx98NSS1/ngCH1\n", "iv": "9JucnYLlYdQ9N6pd\n",
"auth_tag": "FID+x/LjTZ3cgQV5U2xZLA==\n", "auth_tag": "sERYPDnVUJwVfSS8/xrPpQ==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
} }

99
data_bags/credentials/mastodon.json
View File

@@ -1,93 +1,114 @@
{ {
"id": "mastodon", "id": "mastodon",
"active_record_encryption_deterministic_key": {
"encrypted_data": "2ik8hqK7wrtxyC73DLI8FNezZiWp2rdjwaWZkTUFRj+iwvpSrGVEwMx6uxDI\nWa7zF3p/\n",
"iv": "XMp6wqwzStXZx+F3\n",
"auth_tag": "vloJOLqEcghfQXOYohVVlg==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"active_record_encryption_key_derivation_salt": {
"encrypted_data": "Nq/rHayMYmT/82k3tJUKU8YTvDKUKLoK204aT0CMGZertZaAD3dtA9AkprrA\nPK0D9CdL\n",
"iv": "tn9C+igusYMH6GyM\n",
"auth_tag": "+ReZRNrfpl6ZDwYQpwm6dw==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"active_record_encryption_primary_key": {
"encrypted_data": "UEDMuKHgZDBhpB9BwbPmtdmIDWHyS9/bSzaEbtTRvLcV8dGOE5q9lDVIIsQp\n2HE0c92p\n",
"iv": "tnB0pQ3OGDne3mN/\n",
"auth_tag": "kt234ms+bmcxJj/+FH/72Q==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"paperclip_secret": { "paperclip_secret": {
"encrypted_data": "VJn4Yd2N7qFV+nWXPjPA8Y2KEXL/gZs2gK5E3DZZc9ogFXV7RtpDtq+NKGJU\ndpR8ohtEZvkyC+iBkMAlnS1sSVKiLdQ1xXvbzkj04mYgjnLvwsZ19uVpBGwR\nt/DON7Bhe5Fw+OyrBQksqNcZQSpB9sMBfgA1IgCpdVGHQ8PmkMbFTaZZYcoF\n7gg3yUw5/0t3vRdL\n", "encrypted_data": "AlsnNTRF6GEyHjMHnC4VdzF4swMlppz/Gcp1xr0OuMEgQiOcW1oSZjDRZCRV\nmuGqZXZx64wqZyzTsJZ6ayCLsmWlPq6L21odHWyO+P/C5ubenSXnuCjpUn3/\nHs8WLX3kwVmqCRnVgDl2vEZ5H4XedSLr7R7YM7gQkM0UX4muMDWWnOTR8/x/\ni1ecwBY5RjdewwyR\n",
"iv": "X5atp/KaIurfln/u\n", "iv": "RWiLePhFyPekYSl9\n",
"auth_tag": "mVnBoUb5HwhXNYUddJbq8Q==\n", "auth_tag": "sUq4ZX9CFKPbwDyuKQfNLQ==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"secret_key_base": { "secret_key_base": {
"encrypted_data": "d0sNREFhzQEJhkRzielbCNBJOVAdfThv7zcYTZ1vFZ20i/mzB9GWW2nb+1yn\nNFjAq8wCLpLXn9n3FClE+WOqnAw0jwTlyScRM5lzjKI5SxHKkBQHGyFs2AF8\nqFjEvpiqxhjsc4kNOJGO8DdcyHuulXyaO9fJg8HDnU1ov1vSSuTc0ABKgycY\nMq/Xt10UXnhP8cPw\n", "encrypted_data": "K5CmIXFa9mS4/dODBQAN9Bw0SFpbLiZAB8ewiYpkB8NDXP6X/BX8aDjW2Y4F\ncMvpFyiFldRBhrh1MSKTVYQEoJ3JhlNL9HCdPsAYbBEW70AuEBpHvOtD5OxH\nqgbH4Reuk6JX5AI8SwDD3zGrdT12mTFVNgSujzuZMvpi1Sro2HtRGAkjmnaa\nMGKrBV21O1CREJJg\n",
"iv": "HFT7fdGQ2KRJ2NFy\n", "iv": "/yMMmz1YtKIs5HSd\n",
"auth_tag": "C55JT2msLQCoI+09VKf+Jw==\n", "auth_tag": "WXgIVWjIdbMFlJhTD5J0JQ==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"otp_secret": { "otp_secret": {
"encrypted_data": "1iH7mUkaUzyn9dfDwMdiJ8X059qWSUO3DqivsOFfI1f44nMnzllaYPu6nh8O\nNLNCOzvsSAonhhaq1X+foOdyPIG2mGhE/juKveDD57/AdZAayHWsbsQlPC4l\nwdShz/ANrq0YZ/zOhpT2sZj1TZavW+S+JlxJFX2kP24D4dUzwG0vNj7522+Q\n9NAApJdUte1ZYF/b\n", "encrypted_data": "OPLnYRySSIDOcVHy2A5V+pCrz9zVIPjdpAGmCdgQkXtJfsS9NzNtxOPwrXo6\nuQlV9iPjr1Y9ljGKYytbF0fPgAa5q6Z1oHMY9vOGs/LGKj8wHDmIvxQ+Gil1\nC+dZEePmqGaySlNSB/gNzcFIvjBH3mDxHJJe9hDxSv5miNS9l9f3UvQeLP2M\nU7/aHKagL9ZHOp/d\n",
"iv": "00/vs5zTdoC19+pS\n", "iv": "wqJBLdZhJ7M/KRG9\n",
"auth_tag": "3cjYqebMshnmWkQ3SdRcCQ==\n", "auth_tag": "dv5YyZszZCrRnTleaiGd4A==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"aws_access_key_id": { "aws_access_key_id": {
"encrypted_data": "krcfpxOrAkwZR2GP4glTaFg2dw/COw8BO8I+KICqyl4bvpL5NrB9\n", "encrypted_data": "A1/gfcyrwT6i9W6aGTJ8pH4Dm4o8ACDxvooDroA/2N0szOiNyiYX\n",
"iv": "paoDKp6EIU8bjxzF\n", "iv": "JNvf21KhdM3yoLGt\n",
"auth_tag": "p6Pt/tz5dgGXzW5cO06nBg==\n", "auth_tag": "2xaZql1ymPYuXuvXzT3ymA==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"aws_secret_access_key": { "aws_secret_access_key": {
"encrypted_data": "aQySCT7gxeNiMMocq81KtIi+YzrZwMBeTd4LrRSN8iNEikWReJrrfagBwozy\n+Gfdw4bMGzY1dhF1Sl4=\n", "encrypted_data": "T1tc01nACxhDgygKaiAq3LChGYSgmW8LAwr1aSxXmJ5D2NtypJDikiHrJbFZ\nfWFgm1qe4L8iD/k5+ro=\n",
"iv": "R/hvvOvmqq/uoKbx\n", "iv": "FDTPQQDLUMKW7TXx\n",
"auth_tag": "QBJY/3+OprBXO/FSNwv2OQ==\n", "auth_tag": "msY6PFFYhlwQ0X7gekSDiw==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"ldap_bind_dn": { "ldap_bind_dn": {
"encrypted_data": "wDPABdL+DlXz2WWV4XwW20kM4EWPSwc/ajBmbdYMnjFau6c76CIBpbFhrFoj\n3mwDbHz8cgOnLNvozXSV4w6N7URCN/mWWTBHNhd3ppw=\n", "encrypted_data": "C/YNROVyOxmR4O2Cy52TX41EKli2bCOMzwYD+6Hz/SiKkgidnKUHlvHlbTDq\nkWwlRDM2o8esOCKaEAGPNWcNc9IHlaSsfwhr4YWnwe0=\n",
"iv": "8rQ0M4LT1HbCNpq9\n", "iv": "QCQF0+vH+//+nDxr\n",
"auth_tag": "AuO5R6WCtd75TGJNfgFSCg==\n", "auth_tag": "a0PbyO/7wjufqH2acDCqmQ==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"ldap_password": { "ldap_password": {
"encrypted_data": "y0t8RuptVYiTKmUhaAWsC4c2ZzhQsYeVLeMPiQBn+Q==\n", "encrypted_data": "SqwKeiyzfvvZGqH5gi35BdW3W+Fo/AQQjso1Yfp2XA==\n",
"iv": "mixYzDKkPSIDQ/l+\n", "iv": "md2/etFJ1r/BKaYg\n",
"auth_tag": "DbLlZG7rlgBmyCdJ3nhSYA==\n", "auth_tag": "OlCCOoYSD7ukdH2yWCd6KA==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"smtp_user_name": { "smtp_user_name": {
"encrypted_data": "Ugc29HUFcirv6jOOlYNs9uvmhfwa2rG41im/MusCx0Vu0AZKcdy0krGi/kCZ\nKg==\n", "encrypted_data": "0kzppmSSUg7lEyYnI5a0nf+xO0vSVx88rbxI+niIdzFOOBKSIL6uVHJ340dw\nMQ==\n",
"iv": "ZlDK854w+vTNmeJe\n", "iv": "lQR77ETTtIIyaG1r\n",
"auth_tag": "Nj95g0JMxrT419OLQIX26g==\n", "auth_tag": "smF2HRg8WdmD+MWwkT3TqA==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"smtp_password": { "smtp_password": {
"encrypted_data": "D1TGjRfmM1ZeUmzwewlKXfQvvqTSzpzNlK5MKIU8dxbAH175UKn5qiemDEWe\nRYPe1LWT\n", "encrypted_data": "1i0m9qiZA/8k8fMKo+04uyndl1UhagtHweBFICIorWALkB68edjb8OhUDxv9\nTubiXYRC\n",
"iv": "D1OVfD5bMcefM5DP\n", "iv": "IU2x4ips9HWmKoxi\n",
"auth_tag": "2E/q2gTbdXiLVnOMDeJv9w==\n", "auth_tag": "BZJTDfPBvt8cf6/MbKzUJQ==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"vapid_private_key": { "vapid_private_key": {
"encrypted_data": "+87bVrbd/XvWhZH1IYusc4Hla7ZZmylptAyJf48CMG/F3SMEO33OqW2I+UWh\nSkqbxai5+GaMhvZHB8U2Clod\n", "encrypted_data": "+LmySMvzrV3z2z7BmJG9hpvkL06mGc87RG20XQhhdAJ2Z/5uMMjev2pUf7du\ntv2qvDJAimhkZajuDGL9R3eq\n",
"iv": "HVhNdFQl0TvCcjsa\n", "iv": "Mg7NhPl31O6Z4P+v\n",
"auth_tag": "EEQXuQ5keOHXmchhBh+Ixw==\n", "auth_tag": "qYWPInhgoWAjg0zQ+XXt5w==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"vapid_public_key": { "vapid_public_key": {
"encrypted_data": "nBm1lXbn1+Kzol95+QSEjsUI/n7ObhdEqEyfYcVSP/LiLy57KOBQDu6CjSMz\n+PN9yEP4lOjtscqHS29jTC2vi3PSui9XpOFHRxFBnDuyKxczrnID2KlLCNRQ\n228G3VRgFIMAWMYKACgzUk0=\n", "encrypted_data": "NOyc+Cech9qG2HhnhajDaJMWd1OU5Rp6hws6i4xF5mLPePMJ9mJTqzklkuMK\npYSEdtcxA3KmDt1HrFxfezYUc9xO9pvlm0BPA7XAFmF/PU7/AJbFqgPU6pX/\ntSDLSdFuMB3ky+cl4DJi+O4=\n",
"iv": "xHrVl+4JGkQbfUW3\n", "iv": "rgUglYiHB/mhqGha\n",
"auth_tag": "rfFoBMocq17YiDSlOCvWqw==\n", "auth_tag": "DEX7hdNsNLi/LIrMkdUe/Q==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"s3_key_id": { "s3_key_id": {
"encrypted_data": "pq0+VZhjoxzLuyY34f23wOmuks9Wevt8Wu6muKZAsZMSuU0iJvlRoK/65Qa0\n", "encrypted_data": "rPVzrYYIbcM+ssVpdL6wpCTdzLIEKXke1+eMlPLMG2gPuoh+W3eO3nFGb/s2\n",
"iv": "QTxO+IfYcpI170ON\n", "iv": "/qI8F9cvnfKG7ZXE\n",
"auth_tag": "4ZHva2iBYgDv6DyhMRRXzA==\n", "auth_tag": "z1+MPdkO/+SCaag2ULelPg==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"s3_secret_key": { "s3_secret_key": {
"encrypted_data": "YMZqKtOXDPAME8IWWC+lO8TsxHMzawlbTju9z/Hcb5DnQAOy82QufTN90m73\n/xikUboAdKcA5YGn0mkm+Rt/ygVR6DFirYV3kwi2M3qyGVJifug=\n", "encrypted_data": "RMnB9kZ+slbQXfpo0udYld6S1QqBxqM1YbszdLfSAdKK9I0J3Kmvh/CQ5Fbx\nyov6LClmsl1rjtH16r7cY32M4Woq+6miERdtecyDrrYkNHz0xkA=\n",
"iv": "9AwabheRFOgC8IKR\n", "iv": "pO7bm3aOtjuwYjG/\n",
"auth_tag": "iU2kkA1q8OsblN5jaZrWGQ==\n", "auth_tag": "SRvn4z1+Vd5VAGgjG64s+Q==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
} }

66
nodes/akaunting-1.json Normal file
View File

@@ -0,0 +1,66 @@
{
"name": "akaunting-1",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.215"
}
},
"automatic": {
"fqdn": "akaunting-1",
"os": "linux",
"os_version": "5.15.0-1069-kvm",
"hostname": "akaunting-1",
"ipaddress": "192.168.122.162",
"roles": [
"base",
"kvm_guest",
"akaunting",
"postgresql_client"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_postgresql::hostsfile",
"kosmos_akaunting",
"kosmos_akaunting::default",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default",
"kosmos-nodejs::default",
"nodejs::nodejs_from_package",
"nodejs::repo"
],
"platform": "ubuntu",
"platform_version": "22.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
}
}
},
"run_list": [
"role[base]",
"role[kvm_guest]",
"role[akaunting]"
]
}

26
nodes/garage-4.json → nodes/garage-10.json
View File

@@ -1,17 +1,17 @@
{ {
"name": "garage-4", "name": "garage-10",
"chef_environment": "production", "chef_environment": "production",
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.104" "host": "10.1.1.27"
} }
}, },
"automatic": { "automatic": {
"fqdn": "garage-4", "fqdn": "garage-10",
"os": "linux", "os": "linux",
"os_version": "5.4.0-132-generic", "os_version": "5.4.0-1090-kvm",
"hostname": "garage-4", "hostname": "garage-10",
"ipaddress": "192.168.122.123", "ipaddress": "192.168.122.70",
"roles": [ "roles": [
"base", "base",
"kvm_guest", "kvm_guest",
@@ -23,7 +23,8 @@
"kosmos_kvm::guest", "kosmos_kvm::guest",
"kosmos_garage", "kosmos_garage",
"kosmos_garage::default", "kosmos_garage::default",
"kosmos_garage::firewall", "kosmos_garage::firewall_rpc",
"kosmos_garage::firewall_apis",
"apt::default", "apt::default",
"timezone_iii::default", "timezone_iii::default",
"timezone_iii::debian", "timezone_iii::debian",
@@ -38,21 +39,20 @@
"postfix::_attributes", "postfix::_attributes",
"postfix::sasl_auth", "postfix::sasl_auth",
"hostname::default", "hostname::default",
"firewall::default", "firewall::default"
"chef-sugar::default"
], ],
"platform": "ubuntu", "platform": "ubuntu",
"platform_version": "20.04", "platform_version": "20.04",
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "17.10.3", "version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.10.3/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "17.9.0", "version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
} }
} }
}, },

20
nodes/garage-5.json → nodes/garage-11.json
View File

@@ -1,17 +1,17 @@
{ {
"name": "garage-5", "name": "garage-11",
"chef_environment": "production", "chef_environment": "production",
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.33" "host": "10.1.1.165"
} }
}, },
"automatic": { "automatic": {
"fqdn": "garage-5", "fqdn": "garage-11",
"os": "linux", "os": "linux",
"os_version": "5.15.0-84-generic", "os_version": "5.15.0-1059-kvm",
"hostname": "garage-5", "hostname": "garage-11",
"ipaddress": "192.168.122.55", "ipaddress": "192.168.122.9",
"roles": [ "roles": [
"base", "base",
"kvm_guest", "kvm_guest",
@@ -46,13 +46,13 @@
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.3.0", "version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.3.0/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.1.4", "version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
} }
} }
}, },

18
nodes/garage-6.json → nodes/garage-9.json
View File

@@ -1,17 +1,17 @@
{ {
"name": "garage-6", "name": "garage-9",
"chef_environment": "production", "chef_environment": "production",
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.161" "host": "10.1.1.223"
} }
}, },
"automatic": { "automatic": {
"fqdn": "garage-6", "fqdn": "garage-9",
"os": "linux", "os": "linux",
"os_version": "5.4.0-1090-kvm", "os_version": "5.4.0-1090-kvm",
"hostname": "garage-6", "hostname": "garage-9",
"ipaddress": "192.168.122.213", "ipaddress": "192.168.122.21",
"roles": [ "roles": [
"base", "base",
"kvm_guest", "kvm_guest",
@@ -46,13 +46,13 @@
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.3.0", "version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.3.0/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.1.4", "version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
} }
} }
}, },

1273
nodes/gitea-2.json
View File

File diff suppressed because it is too large Load Diff

2
nodes/her.json
View File

@@ -9,7 +9,7 @@
"automatic": { "automatic": {
"fqdn": "her", "fqdn": "her",
"os": "linux", "os": "linux",
"os_version": "5.15.0-84-generic", "os_version": "5.15.0-101-generic",
"hostname": "her", "hostname": "her",
"ipaddress": "192.168.30.172", "ipaddress": "192.168.30.172",
"roles": [ "roles": [

2
nodes/mastodon-3.json
View File

@@ -63,8 +63,6 @@
"redisio::disable_os_default", "redisio::disable_os_default",
"redisio::configure", "redisio::configure",
"redisio::enable", "redisio::enable",
"nodejs::npm",
"nodejs::install",
"backup::default", "backup::default",
"logrotate::default" "logrotate::default"
], ],

13
nodes/postgres-6.json
View File

@@ -13,12 +13,21 @@
"ipaddress": "192.168.122.60", "ipaddress": "192.168.122.60",
"roles": [ "roles": [
"base", "base",
"kvm_guest" "kvm_guest",
"postgresql_primary"
], ],
"recipes": [ "recipes": [
"kosmos-base", "kosmos-base",
"kosmos-base::default", "kosmos-base::default",
"kosmos_kvm::guest", "kosmos_kvm::guest",
"kosmos_postgresql::primary",
"kosmos_postgresql::firewall",
"kosmos_akaunting::pg_db",
"kosmos-bitcoin::lndhub-go_pg_db",
"kosmos-bitcoin::nbxplorer_pg_db",
"kosmos_drone::pg_db",
"kosmos_gitea::pg_db",
"kosmos-mastodon::pg_db",
"apt::default", "apt::default",
"timezone_iii::default", "timezone_iii::default",
"timezone_iii::debian", "timezone_iii::debian",
@@ -52,6 +61,6 @@
"run_list": [ "run_list": [
"role[base]", "role[base]",
"role[kvm_guest]", "role[kvm_guest]",
"role[postgresql_replica]" "role[postgresql_primary]"
] ]
} }

33
nodes/postgres-5.json → nodes/postgres-7.json
View File

@@ -1,32 +1,29 @@
{ {
"name": "postgres-5", "name": "postgres-7",
"chef_environment": "production",
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.54" "host": "10.1.1.134"
} }
}, },
"automatic": { "automatic": {
"fqdn": "postgres-5", "fqdn": "postgres-7",
"os": "linux", "os": "linux",
"os_version": "5.4.0-153-generic", "os_version": "5.4.0-1123-kvm",
"hostname": "postgres-5", "hostname": "postgres-7",
"ipaddress": "192.168.122.211", "ipaddress": "192.168.122.89",
"roles": [ "roles": [
"base", "base",
"kvm_guest", "kvm_guest",
"postgresql_primary" "postgresql_replica"
], ],
"recipes": [ "recipes": [
"kosmos-base", "kosmos-base",
"kosmos-base::default", "kosmos-base::default",
"kosmos_kvm::guest", "kosmos_kvm::guest",
"kosmos_postgresql::primary", "kosmos_postgresql::hostsfile",
"kosmos_postgresql::replica",
"kosmos_postgresql::firewall", "kosmos_postgresql::firewall",
"kosmos-bitcoin::lndhub-go_pg_db",
"kosmos-bitcoin::nbxplorer_pg_db",
"kosmos_drone::pg_db",
"kosmos_gitea::pg_db",
"kosmos-mastodon::pg_db",
"apt::default", "apt::default",
"timezone_iii::default", "timezone_iii::default",
"timezone_iii::debian", "timezone_iii::debian",
@@ -47,19 +44,19 @@
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.2.7", "version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.2.7/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.1.4", "version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
} }
} }
}, },
"run_list": [ "run_list": [
"role[base]", "role[base]",
"role[kvm_guest]", "role[kvm_guest]",
"role[postgresql_primary]" "role[postgresql_replica]"
] ]
} }

62
nodes/postgres-8.json Normal file
View File

@@ -0,0 +1,62 @@
{
"name": "postgres-8",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.99"
}
},
"automatic": {
"fqdn": "postgres-8",
"os": "linux",
"os_version": "5.15.0-1059-kvm",
"hostname": "postgres-8",
"ipaddress": "192.168.122.100",
"roles": [
"base",
"kvm_guest",
"postgresql_replica"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_postgresql::hostsfile",
"kosmos_postgresql::replica",
"kosmos_postgresql::firewall",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default"
],
"platform": "ubuntu",
"platform_version": "22.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
}
}
},
"run_list": [
"role[base]",
"role[kvm_guest]",
"role[postgresql_replica]"
]
}

6
roles/akaunting.rb Normal file
View File

@@ -0,0 +1,6 @@
name "akaunting"
run_list %w[
role[postgresql_client]
kosmos_akaunting::default
]

1
roles/postgresql_primary.rb
View File

@@ -3,6 +3,7 @@ name "postgresql_primary"
run_list %w( run_list %w(
kosmos_postgresql::primary kosmos_postgresql::primary
kosmos_postgresql::firewall kosmos_postgresql::firewall
kosmos_akaunting::pg_db
kosmos-bitcoin::lndhub-go_pg_db kosmos-bitcoin::lndhub-go_pg_db
kosmos-bitcoin::nbxplorer_pg_db kosmos-bitcoin::nbxplorer_pg_db
kosmos_drone::pg_db kosmos_drone::pg_db

1
site-cookbooks/kosmos-base/resources/tls_cert_for.rb
View File

@@ -56,7 +56,6 @@ action :create do
command <<-CMD command <<-CMD
certbot certonly --manual -n \ certbot certonly --manual -n \
--preferred-challenges dns \ --preferred-challenges dns \
--manual-public-ip-logging-ok \
--agree-tos \ --agree-tos \
--manual-auth-hook '#{hook_auth_command}' \ --manual-auth-hook '#{hook_auth_command}' \
--manual-cleanup-hook '#{hook_cleanup_command}' \ --manual-cleanup-hook '#{hook_cleanup_command}' \

8
site-cookbooks/kosmos-bitcoin/attributes/default.rb
View File

@@ -65,7 +65,7 @@ node.default['rtl']['host'] = '10.1.1.163'
node.default['rtl']['port'] = '3000' node.default['rtl']['port'] = '3000'
node.default['lndhub-go']['repo'] = 'https://github.com/getAlby/lndhub.go.git' node.default['lndhub-go']['repo'] = 'https://github.com/getAlby/lndhub.go.git'
node.default['lndhub-go']['revision'] = '0.14.0' node.default['lndhub-go']['revision'] = '1.0.2'
node.default['lndhub-go']['source_dir'] = '/opt/lndhub-go' node.default['lndhub-go']['source_dir'] = '/opt/lndhub-go'
node.default['lndhub-go']['port'] = 3026 node.default['lndhub-go']['port'] = 3026
node.default['lndhub-go']['domain'] = 'lndhub.kosmos.org' node.default['lndhub-go']['domain'] = 'lndhub.kosmos.org'
@@ -73,8 +73,10 @@ node.default['lndhub-go']['postgres']['database'] = 'lndhub'
node.default['lndhub-go']['postgres']['user'] = 'lndhub' node.default['lndhub-go']['postgres']['user'] = 'lndhub'
node.default['lndhub-go']['postgres']['port'] = 5432 node.default['lndhub-go']['postgres']['port'] = 5432
node.default['lndhub-go']['default_rate_limit'] = 20 node.default['lndhub-go']['default_rate_limit'] = 20
node.default['lndhub-go']['strict_rate_limit'] = 1 node.default['lndhub-go']['strict_rate_limit'] = 1
node.default['lndhub-go']['burst_rate_limit'] = 10 node.default['lndhub-go']['burst_rate_limit'] = 10
node.default['lndhub-go']['service_fee'] = 1
node.default['lndhub-go']['no_service_fee_up_to_amount'] = 1000
node.default['lndhub-go']['branding'] = { node.default['lndhub-go']['branding'] = {
'title' => 'LndHub - Kosmos Lightning', 'title' => 'LndHub - Kosmos Lightning',
'desc' => 'Kosmos accounts for the Lightning Network', 'desc' => 'Kosmos accounts for the Lightning Network',

2
site-cookbooks/kosmos-bitcoin/recipes/lndhub-go.rb
View File

@@ -66,6 +66,8 @@ template "#{source_dir}/.env" do
default_rate_limit: node['lndhub-go']['default_rate_limit'], default_rate_limit: node['lndhub-go']['default_rate_limit'],
strict_rate_limit: node['lndhub-go']['strict_rate_limit'], strict_rate_limit: node['lndhub-go']['strict_rate_limit'],
burst_rate_limit: node['lndhub-go']['burst_rate_limit'], burst_rate_limit: node['lndhub-go']['burst_rate_limit'],
service_fee: 1,
no_service_fee_up_to_amount: 1000,
branding: node['lndhub-go']['branding'], branding: node['lndhub-go']['branding'],
webhook_url: node['lndhub-go']['webhook_url'], webhook_url: node['lndhub-go']['webhook_url'],
sentry_dsn: credentials['sentry_dsn'] sentry_dsn: credentials['sentry_dsn']

10
site-cookbooks/kosmos-ejabberd/recipes/default.rb
View File

@@ -84,6 +84,12 @@ hosts = [
sql_database: "ejabberd", sql_database: "ejabberd",
ldap_enabled: true, ldap_enabled: true,
ldap_password: ejabberd_credentials['kosmos_ldap_password'], ldap_password: ejabberd_credentials['kosmos_ldap_password'],
certfiles: [
"/opt/ejabberd/conf/kosmos.org.crt",
"/opt/ejabberd/conf/kosmos.org.key",
"/opt/ejabberd/conf/kosmos.chat.crt",
"/opt/ejabberd/conf/kosmos.chat.key"
],
append_host_config: <<-EOF append_host_config: <<-EOF
modules: modules:
mod_disco: mod_disco:
@@ -114,6 +120,10 @@ hosts = [
sql_database: "ejabberd_5apps", sql_database: "ejabberd_5apps",
ldap_enabled: true, ldap_enabled: true,
ldap_password: ejabberd_credentials['5apps_ldap_password'], ldap_password: ejabberd_credentials['5apps_ldap_password'],
certfiles: [
"/opt/ejabberd/conf/5apps.com.crt",
"/opt/ejabberd/conf/5apps.com.key"
],
append_host_config: <<-EOF append_host_config: <<-EOF
modules: modules:
mod_disco: mod_disco:

13
site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb
View File

@@ -15,7 +15,7 @@ set -e
# letsencrypt live folder # letsencrypt live folder
for domain in $RENEWED_DOMAINS; do for domain in $RENEWED_DOMAINS; do
case $domain in case $domain in
kosmos.org|5apps.com) kosmos.org|kosmos.chat|5apps.com)
cp "${RENEWED_LINEAGE}/privkey.pem" /opt/ejabberd/conf/$domain.key cp "${RENEWED_LINEAGE}/privkey.pem" /opt/ejabberd/conf/$domain.key
cp "${RENEWED_LINEAGE}/fullchain.pem" /opt/ejabberd/conf/$domain.crt cp "${RENEWED_LINEAGE}/fullchain.pem" /opt/ejabberd/conf/$domain.crt
chown ejabberd:ejabberd /opt/ejabberd/conf/$domain.* chown ejabberd:ejabberd /opt/ejabberd/conf/$domain.*
@@ -42,13 +42,20 @@ end
# Generate a Let's Encrypt cert (only if no cert has been generated before). # Generate a Let's Encrypt cert (only if no cert has been generated before).
# The systemd timer will take care of renewing # The systemd timer will take care of renewing
execute "letsencrypt cert for kosmos xmpp" do execute "letsencrypt cert for kosmos.org domains" do
command "certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@kosmos.org -d kosmos.org -d xmpp.kosmos.org -d chat.kosmos.org -d kosmos.chat -d uploads.xmpp.kosmos.org -n" command "certbot certonly --manual --preferred-challenges dns --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup letsencrypt.kosmos.org\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@kosmos.org -d kosmos.org -d xmpp.kosmos.org -d chat.kosmos.org -d uploads.xmpp.kosmos.org -n"
not_if do not_if do
File.exist?("/etc/letsencrypt/live/kosmos.org/fullchain.pem") File.exist?("/etc/letsencrypt/live/kosmos.org/fullchain.pem")
end end
end end
execute "letsencrypt cert for kosmos.chat" do
command "certbot certonly --manual --preferred-challenges dns --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth letsencrypt.kosmos.org\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup letsencrypt.kosmos.org\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@kosmos.org -d kosmos.chat -n"
not_if do
File.exist?("/etc/letsencrypt/live/kosmos.chat/fullchain.pem")
end
end
# Generate a Let's Encrypt cert (only if no cert has been generated before). # Generate a Let's Encrypt cert (only if no cert has been generated before).
# The systemd timer will take care of renewing # The systemd timer will take care of renewing
execute "letsencrypt cert for 5apps xmpp" do execute "letsencrypt cert for 5apps xmpp" do

5
site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb
View File

@@ -1,7 +1,8 @@
# Generated by Chef for <%= @host[:name] %> # Generated by Chef for <%= @host[:name] %>
certfiles: certfiles:
- "/opt/ejabberd/conf/<%= @host[:name] %>.crt" <% @host[:certfiles].each do |certfile| %>
- "/opt/ejabberd/conf/<%= @host[:name] %>.key" - <%= certfile %>
<% end %>
host_config: host_config:
"<%= @host[:name] %>": "<%= @host[:name] %>":
sql_type: pgsql sql_type: pgsql

1
site-cookbooks/kosmos-hubot/recipes/nginx_botka_irc-libera-chat.rb
View File

@@ -4,6 +4,7 @@ upstream_host = search(:node, "role:hubot").first["knife_zero"]["host"]
tls_cert_for domain do tls_cert_for domain do
auth "gandi_dns" auth "gandi_dns"
acme_domain "letsencrypt.kosmos.org"
action :create action :create
end end

1
site-cookbooks/kosmos-hubot/recipes/nginx_hal8000_xmpp.rb
View File

@@ -5,6 +5,7 @@ upstream_host = search(:node, "role:hubot").first["knife_zero"]["host"]
tls_cert_for domain do tls_cert_for domain do
auth "gandi_dns" auth "gandi_dns"
acme_domain "letsencrypt.kosmos.org"
action :create action :create
end end

2
site-cookbooks/kosmos-mastodon/attributes/default.rb
View File

@@ -1,5 +1,5 @@
node.default["kosmos-mastodon"]["repo"] = "https://gitea.kosmos.org/kosmos/mastodon.git" node.default["kosmos-mastodon"]["repo"] = "https://gitea.kosmos.org/kosmos/mastodon.git"
node.default["kosmos-mastodon"]["revision"] = "production" node.default["kosmos-mastodon"]["revision"] = "production-4.3"
node.default["kosmos-mastodon"]["directory"] = "/opt/mastodon" node.default["kosmos-mastodon"]["directory"] = "/opt/mastodon"
node.default["kosmos-mastodon"]["bind_ip"] = "127.0.0.1" node.default["kosmos-mastodon"]["bind_ip"] = "127.0.0.1"
node.default["kosmos-mastodon"]["app_port"] = 3000 node.default["kosmos-mastodon"]["app_port"] = 3000

13
site-cookbooks/kosmos-mastodon/recipes/default.rb
View File

@@ -3,7 +3,7 @@
# Recipe:: default # Recipe:: default
# #
node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_16.x" node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_18.x"
include_recipe "kosmos-nodejs" include_recipe "kosmos-nodejs"
include_recipe "java" include_recipe "java"
@@ -71,11 +71,7 @@ package %w(build-essential imagemagick ffmpeg libxml2-dev libxslt1-dev file git
curl pkg-config libprotobuf-dev protobuf-compiler libidn11 curl pkg-config libprotobuf-dev protobuf-compiler libidn11
libidn11-dev libjemalloc2 libpq-dev) libidn11-dev libjemalloc2 libpq-dev)
npm_package "yarn" do ruby_version = "3.3.5"
version "1.22.4"
end
ruby_version = "3.3.0"
ruby_path = "/opt/ruby_build/builds/#{ruby_version}" ruby_path = "/opt/ruby_build/builds/#{ruby_version}"
bundle_path = "#{ruby_path}/bin/bundle" bundle_path = "#{ruby_path}/bin/bundle"
@@ -194,6 +190,9 @@ template "#{mastodon_path}/.env.#{rails_env}" do
variables redis_url: node["kosmos-mastodon"]["redis_url"], variables redis_url: node["kosmos-mastodon"]["redis_url"],
domain: node["kosmos-mastodon"]["domain"], domain: node["kosmos-mastodon"]["domain"],
alternate_domains: node["kosmos-mastodon"]["alternate_domains"], alternate_domains: node["kosmos-mastodon"]["alternate_domains"],
active_record_encryption_deterministic_key: credentials["active_record_encryption_deterministic_key"],
active_record_encryption_key_derivation_salt: credentials["active_record_encryption_key_derivation_salt"],
active_record_encryption_primary_key: credentials["active_record_encryption_primary_key"],
paperclip_secret: credentials['paperclip_secret'], paperclip_secret: credentials['paperclip_secret'],
secret_key_base: credentials['secret_key_base'], secret_key_base: credentials['secret_key_base'],
otp_secret: credentials['otp_secret'], otp_secret: credentials['otp_secret'],
@@ -231,7 +230,7 @@ execute "yarn install" do
environment deploy_env environment deploy_env
user mastodon_user user mastodon_user
cwd mastodon_path cwd mastodon_path
command "yarn install --frozen-lockfile" command "corepack prepare && yarn install --immutable"
end end
execute "rake assets:precompile" do execute "rake assets:precompile" do

3
site-cookbooks/kosmos-mastodon/templates/default/env.erb
View File

@@ -12,6 +12,9 @@ LOCAL_HTTPS=true
# Application secrets # Application secrets
# Generate each with the `rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose) # Generate each with the `rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=<%= @active_record_encryption_deterministic_key %>
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=<%= @active_record_encryption_key_derivation_salt %>
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=<%= @active_record_encryption_primary_key %>
PAPERCLIP_SECRET=<%= @paperclip_secret %> PAPERCLIP_SECRET=<%= @paperclip_secret %>
SECRET_KEY_BASE=<%= @secret_key_base %> SECRET_KEY_BASE=<%= @secret_key_base %>
OTP_SECRET=<%= @otp_secret %> OTP_SECRET=<%= @otp_secret %>

25
site-cookbooks/kosmos_akaunting/.gitignore vendored Normal file
View File

@@ -0,0 +1,25 @@
.vagrant
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Bundler
Gemfile.lock
gems.locked
bin/*
.bundle/*
# test kitchen
.kitchen/
kitchen.local.yml
# Chef Infra
Berksfile.lock
.zero-knife.rb
Policyfile.lock.json
.idea/

16
site-cookbooks/kosmos_akaunting/Policyfile.rb Normal file
View File

@@ -0,0 +1,16 @@
# Policyfile.rb - Describe how you want Chef Infra Client to build your system.
#
# For more information on the Policyfile feature, visit
# https://docs.chef.io/policyfile/
# A name that describes what the system you're building with Chef does.
name 'kosmos_akaunting'
# Where to find external cookbooks:
default_source :supermarket
# run_list: chef-client will run these recipes in the order specified.
run_list 'kosmos_akaunting::default'
# Specify a custom source for a single cookbook:
cookbook 'kosmos_akaunting', path: '.'

4
site-cookbooks/kosmos_akaunting/README.md Normal file
View File

@@ -0,0 +1,4 @@
# kosmos_akaunting
TODO: Enter the cookbook description here.

5
site-cookbooks/kosmos_akaunting/attributes/default.rb Normal file
View File

@@ -0,0 +1,5 @@
node.default["akaunting"]["user"] = "deploy"
node.default["akaunting"]["group"] = "www-data"
node.default["akaunting"]["repo"] = "https://github.com/akaunting/akaunting.git"
node.default["akaunting"]["revision"] = "3.1.12"
node.default["akaunting"]["port"] = 80

115
site-cookbooks/kosmos_akaunting/chefignore Normal file
View File

@@ -0,0 +1,115 @@
# Put files/directories that should be ignored in this file when uploading
# to a Chef Infra Server or Supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
ehthumbs.db
Icon?
nohup.out
Thumbs.db
.envrc
# EDITORS #
###########
.#*
.project
.settings
*_flymake
*_flymake.*
*.bak
*.sw[a-z]
*.tmproj
*~
\#*
REVISION
TAGS*
tmtags
.vscode
.editorconfig
## COMPILED ##
##############
*.class
*.com
*.dll
*.exe
*.o
*.pyc
*.so
*/rdoc/
a.out
mkmf.log
# Testing #
###########
.circleci/*
.codeclimate.yml
.delivery/*
.foodcritic
.kitchen*
.mdlrc
.overcommit.yml
.rspec
.rubocop.yml
.travis.yml
.watchr
.yamllint
azure-pipelines.yml
Dangerfile
examples/*
features/*
Guardfile
kitchen.yml*
mlc_config.json
Procfile
Rakefile
spec/*
test/*
# SCM #
#######
.git
.gitattributes
.gitconfig
.github/*
.gitignore
.gitkeep
.gitmodules
.svn
*/.bzr/*
*/.git
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
Gemfile
Gemfile.lock
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Documentation #
#############
CODE_OF_CONDUCT*
CONTRIBUTING*
documentation/*
TESTING*
UPGRADING*
# Vagrant #
###########
.vagrant
Vagrantfile

31
site-cookbooks/kosmos_akaunting/kitchen.yml Normal file
View File

@@ -0,0 +1,31 @@
---
driver:
name: vagrant
## The forwarded_port port feature lets you connect to ports on the VM guest
## via localhost on the host.
## see also: https://www.vagrantup.com/docs/networking/forwarded_ports
# network:
# - ["forwarded_port", {guest: 80, host: 8080}]
provisioner:
name: chef_zero
## product_name and product_version specifies a specific Chef product and version to install.
## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/
# product_name: chef
# product_version: 17
verifier:
name: inspec
platforms:
- name: ubuntu-20.04
- name: centos-8
suites:
- name: default
verifier:
inspec_tests:
- test/integration/default

9
site-cookbooks/kosmos_akaunting/metadata.rb Normal file
View File

@@ -0,0 +1,9 @@
name 'kosmos_akaunting'
maintainer 'Kosmos Developers'
maintainer_email 'mail@kosmos.org'
license 'MIT'
description 'Installs/configures akaunting for Kosmos'
version '0.1.0'
chef_version '>= 18.0'
depends 'kosmos-nodejs'

148
site-cookbooks/kosmos_akaunting/recipes/default.rb Normal file
View File

@@ -0,0 +1,148 @@
#
# Cookbook:: kosmos_akaunting
# Recipe:: default
#
app_name = "akaunting"
deploy_user = node["akaunting"]["user"]
deploy_group = node["akaunting"]["group"]
deploy_path = "/opt/#{app_name}"
credentials = data_bag_item("credentials", "akaunting")
pg_host = search(:node, "role:postgresql_primary").first["knife_zero"]["host"] rescue "localhost"
env = {
app_name: "Akaunting",
app_env: "production",
app_locale: "en-US",
app_installed: "true",
app_key: credentials["app_key"],
app_debug: "true",
app_schedule_time: "\"09:00\"",
app_url: "http://akaunting.kosmos.org",
db_connection: "pgsql",
db_host: pg_host,
db_port: "5432",
db_database: credentials["pg_database"],
db_username: credentials["pg_username"],
db_password: credentials["pg_password"],
log_level: "debug"
# mail_mailer: "mail",
# mail_host: "localhost",
# mail_port: "2525",
# mail_username: "null",
# mail_password: "null",
# mail_encryption: "null",
# mail_from_name: "null",
# mail_from_address: "null",
}
%w[
unzip nginx php8.1 php8.1-cli php8.1-bcmath php8.1-ctype php8.1-curl
php8.1-dom php8.1-fileinfo php8.1-intl php8.1-fpm php8.1-gd php8.1-mbstring
php8.1-pdo php8.1-pgsql php8.1-tokenizer php8.1-xml php8.1-zip
].each do |pkg|
package pkg
end
# TODO install composer
node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_18.x"
include_recipe "kosmos-nodejs"
group deploy_group
user deploy_user do
group deploy_group
manage_home true
shell "/bin/bash"
end
directory deploy_path do
owner deploy_user
group deploy_group
mode "0775"
end
git deploy_path do
repository node[app_name]["repo"]
revision node[app_name]["revision"]
user deploy_user
group deploy_group
action :sync
notifies :run, "execute[composer_install]", :immediately
notifies :run, "execute[npm_install]", :immediately
notifies :restart, "service[php8.1-fpm]", :delayed
end
execute "composer_install" do
user deploy_user
cwd deploy_path
command "composer install"
action :nothing
end
execute "npm_install" do
user deploy_user
cwd deploy_path
command "npm install"
action :nothing
notifies :run, "execute[compile_assets]", :immediately
end
execute "compile_assets" do
user deploy_user
cwd deploy_path
command "npm run prod"
action :nothing
end
execute "set_storage_permissions" do
command "chown -R www-data:www-data #{deploy_path}/storage"
end
template "#{deploy_path}/.env" do
source 'env.erb'
owner deploy_user
group deploy_group
mode 0660
sensitive true
variables config: env
notifies :restart, "service[php8.1-fpm]", :delayed
end
template "/etc/nginx/sites-available/default" do
source 'nginx-local.conf.erb'
owner deploy_user
group deploy_group
mode 0660
variables deploy_path: deploy_path,
port: node["akaunting"]["port"]
notifies :restart, "service[nginx]", :delayed
end
# template "/etc/php/8.1/fpm/pool.d/akaunting.conf" do
# source 'php-fpm.pool.erb'
# owner deploy_user
# group deploy_group
# mode 0600
# variables user: deploy_user,
# group: deploy_group,
# chdir: deploy_path,
# port: node["akaunting"]["port"]
# notifies :restart, "service[php8.1-fpm]", :delayed
# end
service "php8.1-fpm" do
action [:enable, :start]
end
service "nginx" do
action [:enable, :start]
end
firewall_rule "akaunting_zerotier" do
command :allow
port node["akaunting"]["port"]
protocol :tcp
source "10.1.1.0/24"
end

16
site-cookbooks/kosmos_akaunting/recipes/pg_db.rb Normal file
View File

@@ -0,0 +1,16 @@
#
# Cookbook:: kosmos_akaunting
# Recipe:: pg_db
#
credentials = data_bag_item("credentials", "akaunting")
postgresql_user credentials["pg_username"] do
action :create
password credentials["pg_password"]
end
postgresql_database credentials["pg_database"] do
owner credentials["pg_username"]
action :create
end

11
site-cookbooks/kosmos_akaunting/templates/env.erb Normal file
View File

@@ -0,0 +1,11 @@
<% @config.each do |key, value| %>
<% if value.is_a?(Hash) %>
<% value.each do |k, v| %>
<%= "#{key.upcase}_#{k.upcase}" %>=<%= v.to_s %>
<% end %>
<% else %>
<% if value %>
<%= key.upcase %>=<%= value.to_s %>
<% end %>
<% end %>
<% end %>

49
site-cookbooks/kosmos_akaunting/templates/nginx-local.conf.erb Normal file
View File

@@ -0,0 +1,49 @@
server {
listen 80 default_server;
server_name akaunting.kosmos.org;
root <%= @deploy_path %>;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# Prevent Direct Access To Protected Files
location ~ \.(env|log) {
deny all;
}
# Prevent Direct Access To Protected Folders
location ~ ^/(^app$|bootstrap|config|database|overrides|resources|routes|storage|tests|artisan) {
deny all;
}
# Prevent Direct Access To modules/vendor Folders Except Assets
location ~ ^/(modules|vendor)\/(.*)\.((?!ico|gif|jpg|jpeg|png|js\b|css|less|sass|font|woff|woff2|eot|ttf|svg|xls|xlsx).)*$ {
deny all;
}
error_page 404 /index.php;
# Pass PHP Scripts To FastCGI Server
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; # Depends On The PHP Version
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}

18
site-cookbooks/kosmos_akaunting/templates/php-fpm.pool.erb Normal file
View File

@@ -0,0 +1,18 @@
[akaunting]
user = <%= @user %>
group = <%= @group %>
listen = 0.0.0.0:<%= @port %>
listen.owner = <%= @user %>
listen.group = <%= @group %>
listen.mode = 0660
pm = dynamic
pm.max_children = 10
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 6
pm.max_requests = 500
chdir = <%= @chdir %>
catch_workers_output = yes
php_admin_flag[log_errors] = on

16
site-cookbooks/kosmos_akaunting/test/integration/default/default_test.rb Normal file
View File

@@ -0,0 +1,16 @@
# Chef InSpec test for recipe kosmos_akaunting::default
# The Chef InSpec reference, with examples and extensive documentation, can be
# found at https://docs.chef.io/inspec/resources/
unless os.windows?
# This is an example test, replace with your own test.
describe user('root'), :skip do
it { should exist }
end
end
# This is an example test, replace it with your own test.
describe port(80), :skip do
it { should_not be_listening }
end

4
site-cookbooks/kosmos_gitea/attributes/default.rb
View File

@@ -1,5 +1,5 @@
node.default["gitea"]["version"] = "1.22.3" node.default["gitea"]["version"] = "1.22.5"
node.default["gitea"]["checksum"] = "a720ff937912a6eb6c0cacf6ebcdd774deed5197cd945ecc34f5744cb5c517e8" node.default["gitea"]["checksum"] = "ce2c7e4fff3c1e3ed59f5b5e00e3f2d301f012c34e329fccd564bc5129075460"
node.default["gitea"]["working_directory"] = "/var/lib/gitea" node.default["gitea"]["working_directory"] = "/var/lib/gitea"
node.default["gitea"]["port"] = 3000 node.default["gitea"]["port"] = 3000
node.default["gitea"]["postgresql_host"] = "localhost:5432" node.default["gitea"]["postgresql_host"] = "localhost:5432"

1
site-cookbooks/kosmos_website/recipes/redirects.rb
View File

@@ -6,6 +6,7 @@
redirects = [ redirects = [
{ {
domain: "kosmos.chat", domain: "kosmos.chat",
acme_domain: "letsencrypt.kosmos.org",
target: "https://kosmos.org", target: "https://kosmos.org",
http_status: 307 http_status: 307
}, },