337 Commits

Author SHA1 Message Date
Greg Karekinian 765d0b080e WIP Initial kosmos_prometheus wrapper cookbook 2026-07-03 17:47:13 +02:00
Greg Karekinian 4cd6c41254 Add community prometheus cookbook 2026-07-03 17:46:18 +02:00
raucao ec73dd5b57 Set Chef environment for node 2026-07-03 15:52:46 +02:00
raucao 850db344b7 Add prometheus node 2026-07-03 15:50:15 +02:00
raucao 99e8259696 Merge pull request 'Update Gitea to 1.26.4, Gitea Runner to 2.0.0' (#631) from chore/upgrade_gitea_and_runner into master
Reviewed-on: #631
2026-07-01 12:30:57 +00:00
Greg Karekinian 7810f9f373 Update Gitea to 1.26.4, Gitea Runner to 2.0.0
Two avatar configs were moved to the admin settings.
2026-07-01 14:28:31 +02:00
Greg Karekinian c167c1861f Update knife-zero 2026-07-01 14:11:09 +02:00
raucao 96bab62af1 Merge pull request 'Set up Blossom server on blossom.kosmos.org' (#630) from feature/blossom_server into master
Reviewed-on: #630
Reviewed-by: Greg <greg@kosmos.org>
2026-05-26 12:49:54 +00:00
raucao 2169e7904c Add LDAP support for blossom-server
Only available in our feature branch atm
2026-05-19 16:32:03 +02:00
raucao 5a4905aa97 Upgrade deno 2026-05-14 07:52:45 +02:00
raucao 21e31440a7 Update node config 2026-05-14 07:52:12 +02:00
raucao 894ae3f77e Add new garage node 2026-05-14 07:51:53 +02:00
raucao 8afe2ad05d Update blossom whitelist 2026-05-14 07:51:23 +02:00
raucao ef6e4e3319 Upgrade blossom-server 2026-05-14 07:50:48 +02:00
raucao f8ce544452 Set up Blossom server on blossom.kosmos.org 2026-04-18 16:37:00 +04:00
greg 36e9ea8a01 Merge pull request 'Upgrade .NET and BTCPay Server' (#629) from chore/upgrade_btcpay into master
Reviewed-on: #629
Reviewed-by: Greg <greg@kosmos.org>
2026-04-17 15:02:40 +00:00
raucao 2c2780a9f0 Update node info 2026-04-17 18:57:32 +04:00
raucao 6bcdd3f4d6 Upgrade .NET and BTCPay 2026-04-17 18:56:54 +04:00
raucao abc3f7a0cd Update node info 2026-04-17 15:47:10 +04:00
raucao 6d35c0a415 Update node info 2026-04-14 10:36:48 +04:00
raucao be0d7105d3 Merge pull request 'Migrate PostgreSQL cluster to PG14' (#625) from feature/postgresql_migration into master
Reviewed-on: #625
Reviewed-by: Greg <greg@kosmos.org>
2026-04-12 14:16:22 +00:00
raucao b24a6107d2 Merge branch 'master' into feature/postgresql_migration 2026-04-12 18:15:01 +04:00
raucao 1f7a1d0909 Remove commented lines 2026-04-12 16:11:40 +04:00
greg ba361ad09f Merge pull request 'Create new VMs with Ubuntu 24.04' (#628) from feature/ubuntu_noble into master
Reviewed-on: #628
Reviewed-by: Greg <greg@kosmos.org>
2026-04-12 11:32:49 +00:00
greg 94be0a3543 Merge pull request 'Upgrade rskj to v9.0.1 and Ubuntu 24.04' (#627) from chore/upgrade_rskj into master
Reviewed-on: #627
Reviewed-by: Greg <greg@kosmos.org>
2026-04-12 11:31:26 +00:00
raucao 29fb3ae9c9 Automatically determine OS package name
Co-authored-by: Greg Karékinian <greg@karekinian.com>
2026-04-12 10:32:53 +00:00
raucao 3a1c3e20b8 Add new RSK testnet VM 2026-04-12 10:32:53 +00:00
raucao d7782ba41e Upgrade rskj to v9.0.1 and Ubuntu 24.04 2026-04-12 10:32:53 +00:00
raucao a3be57afbc Fix default apt keyring dir not existing on older Ubuntu
Recent Chef client versions use it
2026-04-12 09:10:58 +04:00
raucao 22d459b558 Create new VMs with Ubuntu 24.04 2026-04-12 08:54:47 +04:00
raucao 5ed5af6d50 Use hardware clock sync on Ubuntu 24.04+ VMs 2026-04-12 08:53:50 +04:00
greg 9bf21e8317 Merge pull request 'Slow down Gitea 404s to mess with scrapers/bots' (#626) from chore/gitea_scraping into master
Reviewed-on: #626
Reviewed-by: Greg <greg@kosmos.org>
2026-04-11 17:08:16 +00:00
raucao aaed9a56d1 Slow down Gitea 404s to mess with scrapers/bots
Seems to have helped quite a lot for dealing with AI scrapers using
up all available server resources
2026-04-11 15:37:38 +04:00
raucao 41e6b29b97 Add AGENTS.md 2026-04-11 15:36:54 +04:00
raucao f0314e0b99 Update vendored cookbooks 2026-04-11 15:34:44 +04:00
raucao ac4fb0c9ca Fix Java/Homebrew cookbook resource failing with recent Chef
Required by our Mastodon cookbook
2026-04-11 15:23:30 +04:00
raucao d5e3d62522 Add new postgres cluster, remove old one 2026-04-11 15:22:34 +04:00
raucao 061880536b Fix akkounts systemd unit stop command
Typo (not using pumactl), but we don't need to specify it to do the
right thing anyway. systemd can just send sigterm on its own.
2026-04-11 14:56:15 +04:00
raucao 9de37cde96 Update doc 2026-04-11 14:55:32 +04:00
raucao 64d5d34d85 Update postgres roles
Reset to normal/final
2026-04-11 14:55:02 +04:00
raucao db9177c9c6 Improve RAM usage allowance
Queries can spawn more processed and then use more RAM than
`shared_buffers`
2026-04-11 14:53:28 +04:00
raucao c92f9157a5 Fix method undefined in heredoc 2026-04-11 14:52:53 +04:00
raucao a89db454d0 Improve postgres management scripts 2026-04-11 14:51:51 +04:00
raucao fddcd4899e Ignore default db for migration/management 2026-04-10 12:57:51 +04:00
raucao 8e11df4544 Update PG migration runbook 2026-04-10 12:49:28 +04:00
raucao 0020677ab2 Drone: Make database details configurable 2026-04-10 08:37:06 +04:00
raucao 09412f69e8 Move doc 2026-04-10 08:36:54 +04:00
raucao bc3f291bd2 WIP Prepare postgres for migration by replication 2026-04-10 08:25:55 +04:00
raucao 6583cd7010 Upgrade WAL config for PG14 2026-04-08 15:41:13 +04:00
raucao 290af8177a Refactor postgres server recipes/resource 2026-04-08 15:41:10 +04:00
raucao 2cb5540a7b Add new postgres replica (v12) 2026-04-07 16:56:01 +04:00
raucao 002ad2ca62 Update Gandi API key
Co-authored-by: Greg Karékinian <greg@karekinian.com>
2026-04-07 16:53:43 +04:00
raucao 7710231fc4 Add CORS headers for Garage web access
Fixes Discourse plugin JS usage
2026-04-07 16:53:09 +04:00
Greg Karekinian d68deb96e9 Update openresty submodule 2026-04-07 11:40:35 +02:00
raucao 01cdd000cb Update nodes 2026-03-27 14:30:46 +04:00
raucao ea8e2de70a Merge pull request 'Use Ubuntu 22.04 for new VMs' (#521) from jammy_jellyfish into master
Reviewed-on: #521
2026-03-27 10:28:22 +00:00
raucao 8ad3674c4d Install libvirt CLI on KVM hosts 2026-03-27 14:27:28 +04:00
Râu Cao 25192ad3ce Use Ubuntu 22.04 for new VMs
Also, remove the custom config image generation and replace it with
`--cloud-init` options.
2026-03-26 20:35:30 +04:00
greg 55b6e24f1e Merge pull request 'Configure Gitea commit signing with SSH key' (#623) from feature/237-gitea_ssh_signing into master
Reviewed-on: #623
Reviewed-by: Greg <greg@kosmos.org>
2026-03-19 13:27:55 +00:00
raucao a23c7d536a Merge pull request 'Improve BTC price tracking script' (#624) from feature/btc_price_tracker into master
Reviewed-on: #624
2026-03-07 06:21:51 +00:00
raucao d492cd18cc Improve BTC price tracking script
1. Robust API helper: Add make_request with retry logic for both
   GET (price data) and PUT (upload) requests
2. Arithmetic precision: Switch to awk for floating-point average
   calculation
3. Correct error handling: Updated get_price_data to return status
   codes and the main script to exit on failure
4. Safer JSON: Use jq to construct valid JSON payloads
5. Safety Flags: Add set -e/-o to fail fast on any command errors
2026-03-06 23:20:12 +04:00
raucao 161b78be97 Configure Gitea commit signing with SSH key 2026-02-13 17:29:23 +04:00
raucao 6e83384da5 Use more attributes for Gitea config 2026-02-13 16:07:24 +04:00
raucao be8278fbdc Upgrade act_runner 2026-02-13 16:06:08 +04:00
raucao ff3f05452f Merge pull request 'Update Gitea to 1.25.4' (#622) from chore/upgrade_gitea into master
Reviewed-on: #622
Reviewed-by: Râu Cao <raucao@kosmos.org>
2026-02-13 10:18:36 +00:00
Greg Karekinian 1fb66092fc Update Gitea to 1.25.4
Back to using the binary from upstream releases
2026-02-13 11:15:07 +01:00
Greg Karekinian 81691f7e21 Run systemctl daemon-reload on gitea service changes 2026-02-13 11:05:08 +01:00
raucao e9dff82628 Merge pull request 'Add IPv6 support for all OpenResty sites' (#618) from feature/614-ipv6 into master
Reviewed-on: #618
2026-02-12 13:09:25 +00:00
raucao 0933e9caa0 Add IPv6 to all OpenResty sites
Co-authored-by: Greg Karékinian <greg@karekinian.com>
2026-02-12 17:05:14 +04:00
greg 9f862a89cc Merge pull request 'Enable Gitea SSH via IPv6' (#613) from chore/612-enable_ipv6_ssh into master
Reviewed-on: #613
Reviewed-by: Greg <greg@kosmos.org>
2026-01-11 13:19:33 +00:00
raucao 039dbdf091 Enable Gitea SSH via IPv6
closes #612
2026-01-09 13:43:06 +07:00
raucao e3559119be Update node info 2025-11-25 10:56:35 +00:00
raucao 16f95170ef Remove old node 2025-11-25 10:55:04 +00:00
raucao 36f5903271 Merge pull request 'Fix URL matcher for substr (vs strfry)' (#608) from bugfix/substr_url_matching into master
Reviewed-on: #608
2025-11-17 11:03:48 +00:00
raucao fd9636441b Fix URL matcher for substr (vs strfry)
I wasn't able to reach https://nostr.kosmos.org/nodeinfo/2.1, which I
stumbled upon in an upstream PR. This one only matches exactly the paths
that substr is serving.

Tested/running in production.
2025-11-17 10:47:50 +01:00
raucao aade479e5b Remove obsolete recipe 2025-11-12 13:47:00 +01:00
raucao a3bb927f95 Merge pull request 'Document script that creates VMs' (#604) from feature/244-document_creating_vm into master
Reviewed-on: #604
Reviewed-by: Râu Cao <raucao@kosmos.org>
2025-10-30 16:32:02 +00:00
Greg Karekinian 5b53635f1a Document script that creates VMs
Closes #244
2025-10-30 16:18:59 +01:00
raucao ea087b1e3e Add new Garage nodes 2025-10-24 18:20:06 +02:00
raucao 9817589a92 Merge pull request 'Upgrade bitcoind to 30.0' (#603) from chore/upgrade_bitcoind into master
Reviewed-on: #603
2025-10-24 16:18:35 +00:00
raucao d632cafd9c Upgrade bitcoind to 30.0
Also disables building the tests, which eats up more than 5GB of disk space.
2025-10-24 18:16:00 +02:00
greg 87b03d3936 Merge pull request 'Upgrade ejabberd from 23.10 to 25.08' (#602) from chore/upgrade_ejabberd into master
Reviewed-on: #602
Reviewed-by: Greg <greg@kosmos.org>
2025-09-21 11:03:39 +00:00
raucao ae3df992e4 Update node info 2025-09-21 12:45:54 +02:00
raucao 2ea5b30224 Upgrade ejabberd to 25.08
Co-authored-by: Greg Karékinian <greg@karekinian.com>
2025-09-21 12:45:20 +02:00
raucao 4ef06cb4b7 Merge pull request 'Modernize kosmos-mediawiki cookbook' (#600) from feature/500-chef_upgrade_mediawiki into master
Reviewed-on: #600
Reviewed-by: Râu Cao <raucao@kosmos.org>
2025-09-17 06:41:30 +00:00
raucao 73e8a2c413 Fix random port being used for EPMD node
Fixes not being able to join a cluster from other nodes, because the
ports are not within the firewall range of allowed ports.

Co-authored-by: Greg Karékinian <greg@karekinian.com>
2025-09-16 17:48:09 +02:00
raucao ea4713c654 Move firewall config
Co-authored-by: Greg Karékinian <greg@karekinian.com>
2025-09-16 17:47:41 +02:00
raucao dde29c4a6c Upgrade ejabberd to 24.02
Co-authored-by: Greg Karékinian <greg@karekinian.com>
2025-09-16 17:01:43 +02:00
raucao 03f1d16998 Update SQL Schema automatically on ejabberd upgrades
Co-authored-by: Greg Karékinian <greg@karekinian.com>
2025-09-16 16:07:10 +02:00
raucao 6534086df2 Update logger configuration
* Remove unused/deprecated options
* Hide user IPs
* Set level to "info"

Co-authored-by: Greg Karékinian <greg@karekinian.com>
2025-09-16 16:07:00 +02:00
raucao dbf0e50abf Merge pull request 'Enable unattended-upgrades' (#598) from bugfix/499-unattended_upgrades into master
Reviewed-on: #598
Reviewed-by: Râu Cao <raucao@kosmos.org>
2025-09-10 08:47:52 +00:00
Greg Karekinian a828d92185 Fix Ruby style
This is using Standard Ruby
2025-09-09 15:29:17 +02:00
Greg Karekinian 0fe6d0bd06 Use the "new" way to set up sasl in the postfix cookbook 2025-09-09 15:28:20 +02:00
Greg Karekinian 9712697569 Fork the postfix cookbook to work around a bug
I ran into the issue described in
https://github.com/sous-chefs/postfix/issues/148
and couldn't figure out a way to work around it without forking it.
2025-09-09 14:54:06 +02:00
Greg Karekinian d32f276b42 Update akkounts-1 node file after Chef run 2025-09-09 10:13:26 +02:00
Greg Karekinian cc40c0db19 Configure unattended-upgrades for ESM 2025-09-09 10:12:35 +02:00
raucao 41339c1040 Add doc for Mastodon maintenance 2025-07-27 09:17:01 +02:00
Greg Karekinian 0cae8dca69 Set the email sender in unattended-upgrades config
Mailgun was rejecting the email as it did not have a valid sender
(the default, which is something like root@akkounts-1). Unattended
upgrades have been working properly, now we will start getting emails
next time an upgrade is done on akkounts-1.
2025-07-15 10:12:02 +02:00
Greg Karekinian 78e5f810b7 Update node file after Chef upgrade
I ended up upgrading Chef manually on the server as I couldn't using
knife-zero

`curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 18.7.10`
2025-07-09 15:42:30 +02:00
Greg Karekinian 443910c7a2 Modernize kosmos-mediawiki
This has been done with the help of `cookstyle` which is very useful to
learn about breaking changes and updates in Chef.

On wiki-1 I managed to update Chef up to 17.10.163. For version 18 I ran
into an issue with the omnibus installer returning a 404

Refs #500
2025-07-09 11:24:14 +02:00
greg 8052c67d23 Merge pull request 'Opt-out of dotnet telemetry for btcpay' (#599) from feature/441-optout_dotnet_telemetry into master
Reviewed-on: #599
Reviewed-by: Râu Cao <raucao@kosmos.org>
2025-06-25 10:01:58 +00:00
Greg Karekinian cd269dca03 Also disable dotnet telemetry during the build 2025-06-25 10:35:07 +02:00
Greg Karekinian 7e47c879a1 Remove unused variable 2025-06-25 10:18:57 +02:00
Greg Karekinian 2b49cb1b2b Restart the btcpay service on config changes
It cannot handle reloads
2025-06-25 10:13:25 +02:00
Greg Karekinian 89fa3ede9e Remove the condition on the postgresql
Also move back the environment variable definitions to the hash
2025-06-25 09:51:35 +02:00
Greg Karekinian efb032fffa Opt-out of dotnet telemetry for btcpay
This is done by setting an environment variable in the systemd unit

Fixes #441
2025-06-24 16:53:59 +02:00
Greg Karekinian 68df49037c Merge remote-tracking branch 'origin/master' into bugfix/499-unattended_upgrades 2025-06-16 16:05:35 +02:00
raucao 364adec80f Upgrade LND to 0.19.1 2025-06-16 17:57:30 +04:00
raucao 092a2edb3c Update node info 2025-06-16 17:57:04 +04:00
raucao 63d0b68c36 Upgrade Deno 2025-06-02 10:53:38 +04:00
raucao 3adb2a1aee Adapt strfry config to cookbook changes, increase allowed event size 2025-06-01 20:06:47 +04:00
raucao 9cff1fb68b Update node info 2025-06-01 20:06:32 +04:00
Greg Karekinian 773950b9a5 Always send an email on unattended-upgrades 2025-05-31 17:00:07 +02:00
Greg Karekinian f39a1ed250 Enable unattended-upgrades
We were missing a positive value on
`["apt"]["unattended_upgrades"]["enable"]` to enable it.

Refs #499
2025-05-31 16:44:01 +02:00
greg 3c51ff261e Merge pull request 'Compile Gitea from source, apply our LDAP fixes' (#596) from feature/compile_gitea_from_source into master
Reviewed-on: #596
Reviewed-by: Greg <greg@kosmos.org>
2025-05-31 12:26:28 +00:00
raucao 0c62ff6c84 Improve Gitea logging 2025-05-31 15:29:18 +04:00
raucao 2c3b381755 Update Gitea stable version 2025-05-31 15:29:03 +04:00
raucao 3492bec627 Use Gitea from source 2025-05-31 15:28:33 +04:00
raucao 00f4c8bd31 Optionally compile Gitea from source 2025-05-31 15:27:21 +04:00
raucao 301596500d Update node info 2025-05-28 10:18:53 +04:00
raucao 8a2bfb6b18 Fix attribute
Was moved to a new name since the recipe was created
2025-05-23 14:44:04 +04:00
raucao 846bf3483a Update node info 2025-05-23 14:43:40 +04:00
greg e3ef1dc3b3 Merge pull request 'Upgrade Bitcoin Core, NBXplorer, BTCPay Server' (#595) from chore/upgrade_bitcoin_software into master
Reviewed-on: #595
Reviewed-by: Greg <greg@noreply.kosmos.org>
2025-05-22 12:32:25 +00:00
raucao 2089999cc8 Upgrade bitcoind to 29.0, switch to cmake 2025-05-22 15:52:22 +04:00
raucao a4aa29de0c Upgrade NBXplorer, BTCPay Server 2025-05-22 15:50:27 +04:00
raucao 98be234a4f Merge pull request 'Configure maximum size and timespan of journald logs' (#594) from feature/506-journald_logs_config into master
Reviewed-on: #594
Reviewed-by: Râu Cao <raucao@kosmos.org>
2025-05-21 12:12:57 +00:00
Greg Karekinian 7dc4f674a0 Use the systemd unit instead of an execute resource
Also extract the attributes so it is possible to override them.
2025-05-21 13:40:12 +02:00
Greg Karekinian 49b636305e Update mastodon-3 node file after Chef run 2025-05-21 11:36:15 +02:00
Greg Karekinian 3e2ee30334 Configure maximum size and timespan of journald logs
Closes #506
2025-05-21 11:36:15 +02:00
raucao d00072ee5a Merge pull request 'Delete old Mastodon media cache every day' (#593) from feature/533-delete_old_mastodon_cached_media into master
Reviewed-on: #593
Reviewed-by: Râu Cao <raucao@kosmos.org>
2025-05-17 07:06:35 +00:00
raucao 14687558fe Minor cleanup 2025-05-17 10:55:06 +04:00
raucao de7cc69505 Allow more users per room 2025-05-17 10:42:41 +04:00
Greg Karekinian b01315f998 Delete old Mastodon media cache every day
This is done using a systemd timer

Closes #533
2025-05-16 19:12:47 +02:00
raucao 160134bd86 Allow more ejabberd API calls from akkounts 2025-05-16 15:17:43 +04:00
greg 766030d716 Merge pull request 'Adapt akkounts recipes for config changes' (#592) from chore/rails_deployment into master
Reviewed-on: #592
Reviewed-by: Greg <greg@noreply.kosmos.org>
2025-05-06 17:11:24 +00:00
raucao 3c436bb9f1 Configure LDAP for akkounts, add more Rails credentials 2025-05-06 19:41:54 +04:00
raucao d029d90214 Generate postgres user/db for akkounts, use credentials from env
Co-authored-by: Greg Karékinian <greg@karekinian.com>
2025-05-06 15:49:43 +04:00
raucao f8e5fd2f3e Fix missing dir for Mastodon maintenance file 2025-04-29 17:53:05 +04:00
raucao cab766c806 Update node.js, install bun, for Rails 8.0 upgrade 2025-04-29 17:51:53 +04:00
raucao 5777a45f0a Fix/improve ejabberd cert renewals 2025-04-22 17:28:44 +04:00
raucao f23c37312e Update deno cookbook 2025-04-18 16:21:07 +04:00
raucao cf1ef4f2f4 Merge pull request 'Upgrade Gitea, disable downloads of repo archives' (#588) from chore/upgrade_gitea into master
Reviewed-on: #588
2025-04-09 13:28:28 +00:00
raucao f65256d229 Disable downloads of repo archives 2025-04-09 17:25:41 +04:00
raucao 2cc0ee5b8a Upgrade Gitea to 1.23.7 2025-04-09 17:25:17 +04:00
raucao 10e8ba5569 Add missing CORS headers to host-meta.json
Otherwise XMPP Web clients cannot fetch the Bosh and WS endpoint info
2025-04-08 00:10:29 +04:00
raucao 6c35a20b89 Merge pull request 'Upgrade rskj to 7.0.0' (#587) from chore/upgrade_rskj into master
Reviewed-on: #587
2025-04-05 09:14:25 +00:00
raucao e3d9a50f09 Upgrade Gitea to 1.23.6 2025-04-04 18:53:46 +04:00
raucao c4652ca2eb Upgrade rskj to 7.0.0 2025-04-04 16:59:11 +04:00
raucao 56440bfd89 Merge pull request 'Upgrade nbxplorer, BTCPay Server' (#586) from chore/upgrade_btcpay into master
Reviewed-on: #586
2025-03-25 10:08:06 +00:00
raucao abee2407bf Upgrade nbxplorer, BTCPay Server 2025-03-25 14:03:34 +04:00
raucao 0cef08fb7b Merge pull request 'Update Gandi API token' (#585) from chore/update_gandi_token into master
Reviewed-on: #585
2025-03-19 14:02:49 +00:00
raucao f246f63594 Update Gandi API token
For certbot renewals. Also set resource to sensitive in ejabberd recipe.

Co-authored-by: Greg Karékinian <greg@karekinian.com>
2025-03-19 18:01:50 +04:00
raucao 2dee25bf23 Update node info 2025-03-19 18:00:07 +04:00
raucao a28d31b415 Upgrade Gitea to 1.23.5 2025-03-05 14:09:03 +04:00
raucao 0bf50bce2e Merge pull request 'Fix postgres running out of available connection slots' (#584) from bugfix/gitea_db_connections into master
Reviewed-on: #584
2025-03-05 10:03:51 +00:00
raucao 6be99aa3de Cap maximum open database connections
Fixes Gitea opening too many connections, which can impact other apps
trying to connect as well.
2025-03-05 13:53:33 +04:00
raucao 90bf66ada9 Upgrade Gitea to 1.23.4 2025-02-21 10:12:27 +04:00
raucao 32cfd6401f Upgrade LND to 0.18.5
Urgent security upgrade
2025-02-19 14:19:10 +04:00
raucao 1124f25069 Upgrade Gitea to 1.23.3 2025-02-12 11:51:14 +04:00
greg f34c7ecd9b Merge pull request 'Publish daily BTC price in public remoteStorage' (#581) from feature/btc-rate-tracker into master
Reviewed-on: #581
Reviewed-by: Greg <greg@noreply.kosmos.org>
2025-01-23 13:28:33 +00:00
raucao 8d149a475d Merge pull request 'Upgrade Gitea to 1.23.1' (#582) from chore/upgrade_gitea into master
Reviewed-on: #582
2025-01-22 14:41:19 +00:00
raucao 905a67475b Upgrade Gitea to 1.23.1 2025-01-22 09:36:33 -05:00
raucao 8251fa83ce Merge pull request 'Deploy substr' (#579) from feature/substr into master
Reviewed-on: #579
2025-01-22 14:27:02 +00:00
raucao 0fa61a585e DRY up code, add GBP rates 2025-01-17 14:52:28 -05:00
raucao 89f1790afc Publish daily BTC price in public remoteStorage 2025-01-17 10:42:09 -05:00
raucao 72ac8c6a84 Update akkounts credentials 2025-01-17 09:17:43 -05:00
raucao b1bb5d0625 Use default value for STUN credentials lifetime 2025-01-14 15:30:42 -05:00
raucao b470110fd4 Upgrade Gitea to 1.22.6 2024-12-16 12:10:08 +04:00
raucao 31b7ff9217 Upgrade Gitea to 1.22.5 2024-12-12 18:32:58 +04:00
raucao d90a374811 Remove outdated flag from certbot command 2024-12-12 18:32:26 +04:00
raucao 12cd14fff5 Deploy new postgres primary 2024-12-12 18:31:54 +04:00
raucao b67d91077d Remove old garage nodes 2024-12-12 18:30:16 +04:00
raucao 070badfeb3 Add postgres replica bootstrap example 2024-12-12 18:29:16 +04:00
raucao 4ce39738fd Allow larger bodies for Gitea file uploads
Needed for uploading larger packages to the registry
2024-12-09 21:19:39 +04:00
raucao d35e57b90e Deploy substr 2024-12-09 21:19:13 +04:00
raucao 2d8a1cebb1 Update node info 2024-12-09 20:44:18 +04:00
raucao c8160e38c8 Turn known pubkeys into object with usernames 2024-12-09 18:21:55 +04:00
raucao 67cd89b7b8 Merge pull request 'Fix TLS cert updates for kosmos.chat' (#578) from chore/fix_cert_updates_kosmos-chat into master
Reviewed-on: #578
2024-12-09 14:21:05 +00:00
raucao e4112a3626 Fix TLS cert updates for kosmos.chat
Some recipes weren't updated for the proxy validation yet. Needed to
split the ejabberd cert in two, so it can do normal validation on
`.org` and proxy validation on `.chat`.
2024-12-09 18:17:10 +04:00
raucao 89813465b2 Merge pull request 'Upgrade Mastodon to 4.3' (#577) from chore/upgrade_mastodon into master
Reviewed-on: #577
2024-12-09 14:14:35 +00:00
raucao 6106e627e2 Upgrade Mastodon to 4.3
Co-authored-by: Greg Karékinian <greg@karekinian.com>
2024-12-09 18:12:45 +04:00
raucao d8baa41c14 Add new node configs 2024-12-09 18:11:51 +04:00
greg 8405b8df52 Merge pull request 'Upgrade lndhub.go to 1.0.2, add service fee config' (#576) from chore/upgrade_lndhub into master
Reviewed-on: #576
Reviewed-by: Greg <greg@noreply.kosmos.org>
2024-10-20 19:27:19 +00:00
raucao 775f2275bb Upgrade Gitea to 1.22.3 2024-10-19 14:42:11 +02:00
raucao b4019b224b Upgrade lndhub.go to 1.0.2, add service fee config
Co-authored-by: Michael Bumann <hello@michaelbumann.com>
2024-10-18 12:36:41 +02:00
raucao 52841d8c53 Add WKD endpoint to website nginx conf 2024-10-17 11:58:53 +02:00
raucao b9b97d5056 Fix mail server VM backups 2024-10-16 12:48:08 +02:00
raucao e5448aa85c Merge pull request 'Upgrade strfry, add new Kosmos profile/pubkey, relay icon' (#575) from chore/upgrade_strfry into master
Reviewed-on: #575
2024-10-16 10:44:47 +00:00
raucao 4d1125ac2b Upgrade strfry to 1.0.1
Also set up and use a new Kosmos pubkey/profile and add a relay icon
2024-10-16 12:42:49 +02:00
raucao 3853f94ae0 Use new proxy domain for ejabberd cert 2024-10-16 12:40:10 +02:00
raucao d1097c7688 Fix and improve nginx redirects, akkounts headers 2024-10-16 12:39:34 +02:00
raucao 7949fd067c Add IPv6 support for nostr.kosmos.org 2024-10-16 12:37:47 +02:00
raucao 0726e58f7c Update ejabberd LDAP filter for new akkounts release 2024-10-16 12:36:30 +02:00
raucao fe581c348a Fix bookmarks disappearing for XMPP users
The limit for PEP nodes was ridiculously low. No idea why, but it means
users were only able to save 10 items (e.g. channel bookmarks) at once.
2024-10-16 12:34:31 +02:00
raucao af62078960 Update node info 2024-10-16 12:34:17 +02:00
raucao 9b4deff91e Remove cln from bitcoin-2 node 2024-10-16 12:34:01 +02:00
raucao 0944bc5266 Merge pull request 'Migrate S3 backups from AWS, fix automatic cleanups' (#574) from chore/move_fix_s3_backups into master
Reviewed-on: #574
2024-10-16 10:33:24 +00:00
raucao eb06926606 Migrate S3 backups from AWS, fix automatic cleanups
The cleanups were broken in that every single archive was also copied to
a shared folder and never deleted from there.

Co-authored-by: Greg Karékinian <greg@karekinian.com>
2024-10-16 12:31:51 +02:00
raucao 15096ca17b Merge pull request 'Bitcoin-related software upgrades' (#573) from chore/bitcoin_upgrades into master
Reviewed-on: #573
2024-10-16 10:25:53 +00:00
raucao 3551b71154 Add sensitive attribute to resource with credentials 2024-10-16 12:23:38 +02:00
raucao 752bb74663 Remove boltz service and RTL integration
We use peerswap these days, and the build process for boltz was made
much more complicated at some point. Not worth upgrading for us.
2024-10-16 12:23:38 +02:00
raucao c64526a944 Upgrade RTL to v0.15.2
Need to use `npm install --force` due to a dependency issue
2024-10-16 12:23:38 +02:00
raucao da242d4817 Upgrade LND to 0.18.3 2024-10-16 12:23:29 +02:00
raucao 0af4bc1d0d Upgrade bitcoind to 28.0
Requires a newer C++ compiler
2024-10-16 11:28:13 +02:00
greg c9f5a745a3 Merge pull request 'Fix Mastodon signup/password/confirmation links' (#570) from chore/562-mastodon_login_urls into master
Reviewed-on: #570
Reviewed-by: Greg <greg@noreply.kosmos.org>
2024-08-23 14:18:12 +00:00
raucao d935b99d7d Fix Mastodon signup/password/confirmation links
Adds ENV vars for our custom fix in b916182bc1

fixes #562
2024-08-22 21:51:49 +02:00
raucao d048bbb297 Merge pull request 'Upgrade Gitea to 1.22.1' (#568) from chore/upgrade_gitea into master
Reviewed-on: #568
2024-08-10 11:45:39 +00:00
raucao 61bd121709 Upgrade Gitea to 1.22.1 2024-08-10 13:44:39 +02:00
raucao ec9b912e45 Merge pull request 'Configure nginx default vhost, add specific redirects for some domains' (#565) from chore/nginx_redirects into master
Reviewed-on: #565
2024-08-09 12:44:29 +00:00
raucao d53ba42a1d Make kosmos.org the default nginx vhost 2024-08-04 16:51:57 +02:00
raucao a99f7f7574 Add config for accounts .well-known proxyying 2024-08-04 16:51:18 +02:00
raucao 1c8ee14bb3 Add HTTP redirects for kosmos.chat and kosmos.cash 2024-08-04 16:49:20 +02:00
raucao cdedf49be3 Merge pull request 'Fix download URLs for Mastodon exports/archives' (#564) from bugfix/mastodon_archive_download_urls into master
Reviewed-on: #564
2024-08-04 14:46:26 +00:00
raucao 5e727ec279 Fix download URLs for Mastodon exports/archives
See https://github.com/mastodon/mastodon/issues/24380
2024-08-04 14:55:22 +02:00
raucao 9d928298d2 Fix Gitea user/repo avatar URLs in certain situations
I encountered a CORS proxy which somehow ended up with http://_gitea_web
URLs.
2024-07-10 11:36:07 +02:00
raucao 1174661b46 Use proxy domain for RS Discourse ACME challenge 2024-07-08 20:31:46 +02:00
greg 2dff7cf850 Merge pull request 'Add new service: nostr.kosmos.org (members-only nostr relay)' (#559) from feature/strfry into master
Reviewed-on: #559
Reviewed-by: Greg <greg@noreply.kosmos.org>
2024-07-05 07:33:40 +00:00
raucao 232360efba Remove commented code 2024-07-03 09:23:13 +02:00
raucao 8b8e8f3438 Move strfry extras into their own directory 2024-07-03 09:22:50 +02:00
raucao 522c213b09 Add Deno lockfile 2024-06-20 18:16:27 +02:00
raucao 80eddfbf56 Configure strfry whitelist
Allow akkounts pubkey to publish to our own relay
2024-06-20 15:38:27 +02:00
raucao 7e664723a1 Configure akkounts nostr relay URL in production 2024-06-20 15:04:17 +02:00
raucao f5961af7fe Create/deploy strfry VM 2024-06-11 23:17:33 +02:00
raucao d1301dad3e Add, configure, deploy strfry policies 2024-06-11 23:12:22 +02:00
raucao 42c46a5645 Deploy strfry reverse proxy 2024-06-11 23:10:24 +02:00
raucao 5be9081613 Header name has to be all lowercase in strfry config 2024-06-11 23:09:49 +02:00
raucao 1649d03665 Update strfry cookbook 2024-06-11 23:09:48 +02:00
raucao b9a3910364 Update strfry cookbook 2024-06-11 23:09:48 +02:00
raucao 9835b85181 Fall back to default port for strfry proxy
When we don't override it elsewhere
2024-06-11 23:09:48 +02:00
raucao dbccd9d2bf Add kosmos_strfry cookbook, configs 2024-06-11 23:09:48 +02:00
raucao 1a5f312699 Add strfry cookbook 2024-06-11 23:09:48 +02:00
greg f843a31e03 Merge pull request 'Improve mail server TLS certificate management' (#556) from chore/mail_server_cert into master
Reviewed-on: #556
Reviewed-by: Greg <greg@noreply.kosmos.org>
2024-06-05 14:49:01 +00:00
raucao ff313525c8 Reload postfix and dovecot on cert renewal
closes #552

Co-authored-by: Greg Karékinian <greg@karekinian.com>
2024-06-05 16:44:18 +02:00
raucao cfb379741e Add imap and smtp subdomains to mail server cert
closes #543

Co-authored-by: Greg Karékinian <greg@karekinian.com>
2024-06-05 15:55:29 +02:00
raucao 0c29fad404 Remove superfluous license header
Co-authored-by: Greg Karékinian <greg@karekinian.com>
2024-06-05 15:50:09 +02:00
raucao 416935d8b5 Merge pull request 'Upgrade Gitea to 1.22' (#555) from chore/upgrade_gitea into master
Reviewed-on: #555
2024-06-02 21:18:07 +00:00
raucao 2b6f81c5d6 Upgrade Gitea to 1.22 2024-06-02 23:17:16 +02:00
raucao 18496bb0da Merge pull request 'Configure akkounts for nostr zaps' (#554) from chore/akkounts_config into master
Reviewed-on: #554
2024-06-02 21:05:15 +00:00
raucao d878b4208e Configure akkounts for nostr zaps 2024-06-02 23:03:06 +02:00
raucao d31440d235 Add CORS headers to kosmos.social LNURL paths 2024-06-02 23:02:22 +02:00
raucao 6f287f14ef Deploy live branch 2024-06-02 23:01:49 +02:00
raucao b77df3d0db Update email aliases 2024-05-16 14:34:09 +02:00
greg f7f5a0069d Merge pull request 'Add support for proxy domain validation to tls_cert resource' (#553) from feature/letsencrypt_proxy_validation into master
Reviewed-on: #553
Reviewed-by: Greg <greg@noreply.kosmos.org>
2024-05-08 12:30:29 +00:00
raucao 989185f951 Support proxy domain validation for Garage web domains
Also rename the data bag item
2024-04-30 12:23:36 +02:00
raucao 4cbda69a6b Add support for proxy domain validation to tls_cert resource 2024-04-26 12:24:17 +02:00
raucao 6931fe05d0 Hide Gitea version and load times in footer 2024-04-07 13:16:19 +03:00
raucao b248ef70db Upgrade Gitea to 1.21.10 2024-04-07 13:10:10 +03:00
raucao 45159ad4e7 Resolve Mastodon addresses as Lightning Address 2024-03-31 08:27:20 +04:00
raucao 612cd0c55e Merge pull request 'Configure LDAP login for Mastodon (merge .social and .org accounts)' (#551) from feature/mastodon_ldap_integration into master
Reviewed-on: #551
Reviewed-by: Greg <greg@noreply.kosmos.org>
2024-03-29 09:51:42 +00:00
raucao 83380047bb Configure LDAP integration for Mastodon 2024-03-29 09:28:13 +04:00
raucao 8aebb386a4 Configure Mastodon user address domain for akkounts 2024-03-27 20:19:24 +04:00
raucao a8c4f0bd0e Merge pull request 'Only allow ejabberd logins when XMPP service is enabled for user' (#550) from feature/xmpp_service_enabled into master
Reviewed-on: #550
2024-03-27 16:17:04 +00:00
raucao 12b4fb37fa Only allow ejabberd logins when XMPP service is enabled 2024-03-27 20:12:33 +04:00
raucao 263eb88b72 Add new env var for akkounts 2024-03-14 23:05:05 +01:00
raucao 25ee38fe27 Update kredits-ipfs-pinner 2024-03-14 23:04:27 +01:00
greg e701938442 Merge pull request 'Support letsencrypt proxy validation via CNAMEs' (#548) from feature/letsencrypt_proxy_validation into master
Reviewed-on: #548
Reviewed-by: greg <greg@noreply.kosmos.org>
2024-03-12 14:11:14 +00:00
raucao 309bc45791 Merge pull request 'Fix backup script removing image after unsuccessful pivot' (#549) from bugfix/vm_backups into master
Reviewed-on: #549
2024-03-11 15:35:50 +00:00
raucao 82a4af05ef Fix backup script removing image after unsuccessful pivot
If pivoting the VM backing storage back to the original image fails
(e.g. VM being down at that time), the script currently still deletes
the hotswap image, which means that all changes since the creation of
the hotswap image are lost.
2024-03-11 16:26:14 +01:00
raucao 4a8ab3abe3 Support letsencrypt proxy validation via CNAMEs
Allows to point other domains' `_acme-challenge.example.com` entries at
`example.com.letsencrypt.kosmos.chat` so we can validate from our side
without access to the other domain's DNS records.

Used for 5apps.com XMPP for now. Can be used for others later.

Co-authored-by: Greg Karékinian <greg@karekinian.com>
2024-03-11 16:21:28 +01:00
raucao 21de964e1b Upgrade nbxplorer, btcpay 2024-03-11 16:14:03 +01:00
raucao b4ddfd19e3 Upgrade Ruby for latest Mastodon release 2024-03-11 16:13:48 +01:00
raucao 08c604962c Upgrade Ruby for latest akkounts release 2024-03-11 16:13:30 +01:00
raucao 089574d0de Merge pull request 'Update Gitea and act_runner, improve recipes' (#547) from chore/upgrade_gitea into master
Reviewed-on: #547
2024-03-11 15:12:00 +00:00
raucao d19a8eebfb Update Gitea and act_runner, improve recipes 2024-03-11 16:11:12 +01:00
raucao c0487d0e13 Deploy 5apps Gitea act runner 2024-03-11 16:08:22 +01:00
raucao 023a4261cd Update node info 2024-03-11 16:07:32 +01:00
raucao fea65404cf Deploy new garage node 2024-03-11 16:03:22 +01:00
raucao 5139f242a4 Merge pull request 'Switch postgresql primary, deploy new replica' (#546) from switch_postgres_primary into master
Reviewed-on: #546
2024-03-11 14:59:57 +00:00
raucao 9c2aa9faaa Add info about required, unautomated step to script 2024-03-11 15:57:46 +01:00
raucao 164b974eb8 Switch postgresql primary, deploy new replica 2024-03-11 15:55:05 +01:00
raucao 6e4cc48068 Upgrade Gitea to 1.21.5 2024-02-05 14:39:12 +02:00
raucao c2bd03dc23 Update node info 2024-02-05 10:14:27 +02:00
raucao 210a83a686 Increase max user offline messages for ejabberd 2024-02-04 15:47:55 +02:00
raucao 49db14869d Merge pull request 'Add Liquor Cabinet cookbooks and configs, deploy to production' (#541) from feature/535-liquor_cabinet into master
Reviewed-on: #541
2024-02-04 13:47:05 +00:00
raucao 000a13cec4 Merge pull request 'Set up coturn, switch from ejabberd in production' (#532) from feature/coturn into master
Reviewed-on: #532
2024-02-04 13:46:50 +00:00
raucao 5f7701c288 Fix missing listen IP for storage proxy 2024-01-29 18:16:07 +02:00
raucao bcaee3bb21 Fix ActiveStorage not liking the local S3 endpoint 2024-01-29 18:15:36 +02:00
raucao f352901582 Consolidate akkounts well-known proxying, add Webfinger and Nostr
refs #158
2024-01-29 14:17:15 +02:00
raucao 5c1c63f94e Add S3/Garage config for akkounts 2024-01-26 10:40:36 +03:00
raucao 98543f3e7d Configure RS integration for akkounts 2024-01-26 09:01:55 +03:00
raucao 7ab83d3d82 Section header comments for ENV vars
Improve readability of recipe
2024-01-26 09:00:25 +03:00
raucao b5020efdd5 Merge branch 'master' into feature/535-liquor_cabinet 2024-01-26 08:19:50 +03:00
raucao 2763244fdc Merge pull request 'Config updates and improvements for new akkounts release' (#542) from chore/akkounts_updates into master
Reviewed-on: #542
2024-01-26 05:19:16 +00:00
raucao e10e54c12a Deploy liquor-cabinet proxy to production 2024-01-26 08:16:26 +03:00
raucao 6114f0f799 Add liquor-cabinet proxy recipe 2024-01-26 08:15:53 +03:00
raucao a2ec41b68a Add/use kosmos_liquor-cabinet cookbook 2024-01-25 17:42:56 +03:00
raucao 715fdbc2ba Node-attribute ALL THE THINGS 2024-01-25 17:40:42 +03:00
raucao 211a613e5c Add liquor-cabinet configs, deploy to production 2024-01-25 16:27:31 +03:00
raucao d3c22ea787 Add liquor_cabinet cookbook 2024-01-25 16:26:41 +03:00
greg 6047ea3f84 Merge pull request 'Add support for Redis replication, set up in production' (#540) from feature/redis_replication into master
Reviewed-on: #540
2024-01-25 10:19:12 +00:00
raucao 7d478f0183 Set up Redis replication in production 2024-01-24 18:12:22 +03:00
raucao 88e96747e3 Add Redis replica recipe and role 2024-01-24 18:11:58 +03:00
raucao 4b04aa7cd9 Let akkounts API proxy forward all API requests
... instead of just a specific subdirectory/path
2024-01-24 16:19:04 +03:00
raucao 2597e211ed Add new akkounts configs 2024-01-24 16:18:50 +03:00
raucao f96faf9fa2 Install libvips for image manipulation in akkounts 2024-01-24 16:18:19 +03:00
raucao c32e8bc9e5 Add new garage nodes 2024-01-11 18:38:22 +03:00
Râu Cao 24b22b8f91 Merge pull request 'Add email service' (#526) from feature/email into master
Reviewed-on: #526
2024-01-10 12:09:21 +00:00
raucao 456ec7a5fa Deploy new email VM 2024-01-09 15:57:04 +03:00
raucao daadd9374f Use attribute for root dir 2024-01-08 11:35:04 +03:00
raucao 98acd429de Add configs for virtual email aliases 2024-01-08 11:29:56 +03:00
raucao cfa7da2051 Create vmail dir on fresh systems 2024-01-08 10:47:19 +03:00
raucao 0d3082e1c8 Upgrade Gitea to 1.21.3 2024-01-01 16:13:15 +03:00
raucao e1007f7886 ejabberd disco config additions 2023-12-18 13:23:21 +01:00
raucao 292366a77f Domain vs realm vs IP 2023-12-18 13:23:05 +01:00
raucao ed998fc1d3 Use TCP for TLS connections 2023-12-18 13:22:34 +01:00
raucao 8a97ebf4f8 Use domain instead of IP, add TLS endpoints 2023-12-17 17:57:49 +01:00
raucao ca3f06f831 Increase size of port range for TURN 2023-12-17 17:05:06 +01:00
raucao 1576a8e731 Set up coturn, switch from ejabberd in production
https://github.com/coturn/coturn
2023-12-17 15:20:11 +01:00
raucao 6e3fb80565 Upgrade CLN 2023-12-16 19:23:09 +01:00
Râu Cao 295d95c048 Upgrade Gitea to 1.21.1 2023-12-16 11:49:35 +01:00
raucao 789532fae9 Merge pull request 'Upgrade bitcoind, LND, CLN, RTL, NBXplorer, BTCPay' (#531) from chore/upgrade_bitcoin_software into master
Reviewed-on: #531
2023-12-14 17:15:40 +00:00
Râu Cao 404f492e6e Update node info 2023-12-14 18:14:37 +01:00
Râu Cao 574f78f128 Upgrade bitcoind, LND, CLN, RTL, NBXplorer, BTCPay
Also required upgrading node.js and the .NET SDK.
2023-12-14 18:12:29 +01:00
raucao f4d1009473 Merge pull request 'Switch to virtual domains/aliases/mailboxes' (#530) from feature/email_virtual_domains into feature/email
Reviewed-on: #530
2023-12-13 12:06:44 +00:00
Râu Cao 69af908f6b Virtual domain configs 2023-12-13 13:05:31 +01:00
Râu Cao e8880ded90 Remove vagrant (dev) node config files
No need for sharing them, since the actual roles etc. are defined in the
Vagrantfile.
2023-12-07 10:37:09 +01:00
Râu Cao 10dd3bf16e Add new RSK testnet node, don't serve from current one 2023-12-07 09:55:29 +01:00
Râu Cao ca580bcfe2 Set email report contact in production 2023-12-07 09:37:37 +01:00
raucao 5b0cb438ba Merge pull request 'Set up SpamAssassin' (#529) from feature/spamassassin into feature/email
Reviewed-on: #529
2023-12-06 11:28:14 +00:00
Râu Cao 5a4cdf9c30 Prevent local users from impersonating other local users 2023-12-06 12:27:38 +01:00
Râu Cao b3f2ca415e Set up SpamAssassin
Scan incoming and outgoing email for spam. Use a local Unbound for DNS,
so we don't run into blocks for RBL queries.
2023-12-06 12:22:24 +01:00
Râu Cao 05ccbcc58f Merge branch 'master' into feature/email 2023-12-05 18:37:43 +01:00
Râu Cao e3c4bf8969 Update node config 2023-12-05 18:21:26 +01:00
Râu Cao cc6cebb8a2 Increase TURN throughput allowance 2023-12-05 18:20:27 +01:00
Râu Cao 4dbc960eed Switch ejabberd node handling TURN
Should use the same outgoing IP as for incoming
2023-12-05 18:19:48 +01:00
raucao ce47072b0d Merge pull request 'Improve VM backups, configure backups on "her"' (#528) from feature/backup_improvements into master
Reviewed-on: #528
2023-12-05 17:18:40 +00:00
Râu Cao 7805182457 Change borg backup default interval to 3 hrs 2023-12-05 18:16:15 +01:00
Râu Cao 769ac4a081 Support node-specific borg repo config 2023-12-05 18:09:44 +01:00
Râu Cao b1763cd032 Pattern-match node names for VM backup exclusion 2023-12-05 18:04:57 +01:00
Râu Cao c746b38ebf Update node info 2023-12-05 14:19:52 +01:00
raucao 0a58cac0cf Merge pull request 'Set up DKIM signing and verification' (#527) from feature/email_dkim into feature/email
Reviewed-on: #527
2023-12-04 12:42:37 +00:00
Râu Cao 42c04538d8 Set up DKIM signing and verification 2023-12-04 13:40:37 +01:00
Râu Cao c9ad3c2d18 Create/configure common default mailboxes 2023-12-04 13:33:23 +01:00
Râu Cao fbad0bf896 More explicit postfix configs 2023-12-03 18:33:12 +01:00
Râu Cao 8a7eeb1dd9 Change INBOX location 2023-12-03 18:32:55 +01:00
Râu Cao 568197737a Fix SMTP connection delay when peer hostname cannot be resolved 2023-12-03 18:31:47 +01:00
Râu Cao 738e96f7e4 Fix auth for SMTP submission on port 465 2023-12-03 18:31:12 +01:00
374 changed files with 10466 additions and 17074 deletions
+9
View File
@@ -4,3 +4,12 @@
[submodule "site-cookbooks/openresty"]
path = site-cookbooks/openresty
url = https://github.com/67P/chef-openresty.git
[submodule "site-cookbooks/strfry"]
path = site-cookbooks/strfry
url = git@gitea.kosmos.org:kosmos/strfry-cookbook.git
[submodule "site-cookbooks/deno"]
path = site-cookbooks/deno
url = git@gitea.kosmos.org:kosmos/deno-cookbook.git
[submodule "site-cookbooks/blossom"]
path = site-cookbooks/blossom
url = git@gitea.kosmos.org:kosmos/blossom-cookbook.git
+41
View File
@@ -0,0 +1,41 @@
# AGENTS.md
Welcome, AI Agent! This file contains essential context and rules for interacting with the Kosmos Chef repository. Read this carefully before planning or executing any changes.
## 🏢 Project Overview
This repository contains the infrastructure automation code used by Kosmos to provision and configure bare metal servers (KVM hosts) and Ubuntu virtual machines (KVM guests).
We use **Chef Infra**, managed locally via **Knife Zero** (agentless Chef), and **Berkshelf** for dependency management.
## 📂 Directory Structure & Rules
* **`site-cookbooks/`**: 🟢 **EDITABLE.** This directory contains all custom, internal cookbooks written specifically for Kosmos services (e.g., `kosmos-postgresql`, `kosmos_gitea`, `kosmos-mastodon`). *Active development happens here.*
* **`cookbooks/`**: 🔴 **DO NOT EDIT.** This directory contains third-party/community cookbooks that are vendored. These are managed by Berkshelf. Modifying them directly will result in lost changes.
* **`roles/`**: 🟢 **EDITABLE.** Contains Chef roles written in Ruby (e.g., `base.rb`, `kvm_guest.rb`, `postgresql_primary.rb`). These define run-lists and role-specific default attributes for servers.
* **`environments/`**: Contains Chef environment definitions (like `production.rb`).
* **`data_bags/`**: Contains data bag configurations, often encrypted. Be cautious and do not expose secrets. (Note: Agents should not manage data bag secrets directly unless provided the `.chef/encrypted_data_bag_secret`).
* **`nodes/`**: Contains JSON state files for bootstrapped nodes. *Agents typically do not edit these directly unless cleaning up a deleted node.*
* **`Berksfile`**: Defines community cookbook dependencies.
* **`Vagrantfile` / `.kitchen/`**: Used for local virtualization and integration testing.
## 🛠️ Tooling & Workflows
1. **Dependency Management (Berkshelf)**
If a new community cookbook is required:
- Add it to the `Berksfile` at the root.
- Instruct the user to run `berks install` and `berks vendor cookbooks/ --delete` (or run it via the `bash` tool if permitted).
2. **Provisioning (Knife Zero)**
- Bootstrapping and converging nodes is done using `knife zero`.
- *Example:* `knife zero converge name:server-name.kosmos.org`
3. **Code Style & Conventions**
- Chef recipes, resources, and roles are written in **Ruby**.
- Follow standard Chef and Ruby (RuboCop) idioms. Look at neighboring files in `site-cookbooks/` or `roles/` to match formatting and naming conventions.
## 🚨 Core Directives for AI Agents
1. **Infrastructure as Code**: Manual server configurations are highly discouraged. All changes must be codified in a cookbook or role.
2. **Test Safety Nets**: Look for `.kitchen.yml` within specific `site-cookbooks/<name>` to understand if local integration tests are available.
3. **No Assumptions**: Do not assume standard test commands. Check `README.md` and repository config files first.
4. **Secret Handling**: Avoid hardcoding passwords or API keys in recipes or roles. Assume sensitive information is managed via Chef `data_bags`.
+6 -1
View File
@@ -13,6 +13,9 @@ cookbook 'ipfs',
cookbook 'mediawiki',
git: 'https://github.com/67P/mediawiki-cookbook.git',
ref: 'nginx'
cookbook 'postfix',
git: 'https://gitea.kosmos.org/kosmos/postfix-cookbook.git',
ref: 'bugfix/sasl_attributes'
cookbook 'apache2', '= 3.3.0'
cookbook 'apt', '~> 7.3.0'
@@ -21,6 +24,7 @@ cookbook 'composer', '~> 2.7.0'
cookbook 'fail2ban', '~> 7.0.4'
cookbook 'git', '~> 10.0.0'
cookbook 'golang', '~> 5.3.1'
cookbook 'homebrew', '>= 6.0.0'
cookbook 'hostname', '= 0.4.2'
cookbook 'hostsfile', '~> 3.0.1'
cookbook 'java', '~> 4.3.0'
@@ -32,11 +36,12 @@ cookbook 'ntp', '= 3.4.0'
cookbook 'ohai', '~> 5.2.5'
cookbook 'openssl', '~> 8.5.5'
cookbook 'php', '~> 8.0.0'
cookbook 'postfix', '~> 6.0.26'
cookbook 'timezone_iii', '= 1.0.4'
cookbook 'ulimit', '~> 1.0.0'
cookbook 'users', '~> 5.3.1'
cookbook 'zerotier', '~> 1.0.7'
cookbook 'unbound', '~> 3.0.2'
cookbook 'prometheus', '~> 1.0.0'
# openresty dependency
cookbook 'jemalloc', '~> 0.1.7'
+12 -3
View File
@@ -8,6 +8,7 @@ DEPENDENCIES
firewall (~> 6.2.16)
git (~> 10.0.0)
golang (~> 5.3.1)
homebrew (>= 6.0.0)
hostname (= 0.4.2)
hostsfile (~> 3.0.1)
ipfs
@@ -28,11 +29,16 @@ DEPENDENCIES
ohai (~> 5.2.5)
openssl (~> 8.5.5)
php (~> 8.0.0)
postfix (~> 6.0.26)
postfix
git: https://gitea.kosmos.org/kosmos/postfix-cookbook.git
revision: dd6598572a775ae73f17527260ec8097b52d385b
ref: bugfix/
prometheus (~> 1.0.0)
redisio (~> 6.4.1)
ruby_build (~> 2.5.0)
timezone_iii (= 1.0.4)
ulimit (~> 1.0.0)
unbound (~> 3.0.2)
users (~> 5.3.1)
yum
zerotier (~> 1.0.7)
@@ -58,7 +64,7 @@ GRAPH
git (10.0.0)
golang (5.3.1)
ark (>= 6.0)
homebrew (5.4.1)
homebrew (6.0.2)
hostname (0.4.2)
hostsfile (>= 0.0.0)
hostsfile (3.0.1)
@@ -89,7 +95,9 @@ GRAPH
openssl (8.5.5)
php (8.0.1)
yum-epel (>= 0.0.0)
postfix (6.0.26)
postfix (6.4.1)
prometheus (1.0.0)
ark (>= 0.0.0)
redisio (6.4.1)
selinux (>= 0.0.0)
ruby_build (2.5.0)
@@ -99,6 +107,7 @@ GRAPH
seven_zip (4.2.2)
timezone_iii (1.0.4)
ulimit (1.0.0)
unbound (3.0.2)
users (5.3.1)
windows (7.0.2)
yum (7.4.13)
+1 -1
View File
@@ -1,3 +1,3 @@
source 'https://rubygems.org'
gem 'knife-zero', '>= 2.4.2'
gem 'knife-zero', '~> 2.6.0'
+306 -182
View File
@@ -1,264 +1,399 @@
GEM
remote: https://rubygems.org/
specs:
addressable (2.8.0)
public_suffix (>= 2.0.2, < 5.0)
aws-eventstream (1.2.0)
aws-partitions (1.551.0)
aws-sdk-core (3.125.6)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.525.0)
aws-sigv4 (~> 1.1)
jmespath (~> 1.0)
aws-sdk-kms (1.53.0)
aws-sdk-core (~> 3, >= 3.125.0)
aws-sigv4 (~> 1.1)
aws-sdk-s3 (1.111.3)
aws-sdk-core (~> 3, >= 3.125.0)
abbrev (0.1.2)
addressable (2.9.0)
public_suffix (>= 2.0.2, < 8.0)
ast (2.4.3)
aws-eventstream (1.4.0)
aws-partitions (1.1263.0)
aws-sdk-core (3.252.0)
aws-eventstream (~> 1, >= 1.3.0)
aws-partitions (~> 1, >= 1.992.0)
aws-sigv4 (~> 1.9)
base64
bigdecimal
jmespath (~> 1, >= 1.6.1)
logger
aws-sdk-kms (1.129.0)
aws-sdk-core (~> 3, >= 3.248.0)
aws-sigv4 (~> 1.5)
aws-sdk-s3 (1.226.0)
aws-sdk-core (~> 3, >= 3.248.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.4)
aws-sdk-secretsmanager (1.56.0)
aws-sdk-core (~> 3, >= 3.125.0)
aws-sigv4 (~> 1.1)
aws-sigv4 (1.4.0)
aws-sigv4 (~> 1.5)
aws-sdk-secretsmanager (1.133.0)
aws-sdk-core (~> 3, >= 3.248.0)
aws-sigv4 (~> 1.5)
aws-sigv4 (1.12.1)
aws-eventstream (~> 1, >= 1.0.2)
bcrypt_pbkdf (1.1.0)
builder (3.2.4)
chef (17.9.42)
base64 (0.3.0)
bcrypt_pbkdf (1.1.2)
bcrypt_pbkdf (1.1.2-arm64-darwin)
bcrypt_pbkdf (1.1.2-x86_64-darwin)
benchmark (0.5.0)
bigdecimal (4.1.2)
builder (3.3.0)
chef (19.3.15)
addressable
aws-sdk-s3 (~> 1.91)
aws-sdk-secretsmanager (~> 1.46)
chef-config (= 17.9.42)
chef-utils (= 17.9.42)
bcrypt_pbkdf (~> 1.0)
chef-config (= 19.3.15)
chef-licensing (~> 1.3)
chef-utils (= 19.3.15)
chef-vault
chef-zero (>= 14.0.11)
chef-zero (~> 15.1.0)
corefoundation (~> 0.3.4)
diff-lcs (>= 1.2.4, < 1.4.0)
csv (~> 3.3.5)
diff-lcs (~> 1.6.0)
ed25519 (~> 1.2)
erubis (~> 2.7)
ffi (>= 1.5.0)
ffi (>= 1.15.5, < 1.18.0)
ffi-libarchive (~> 1.0, >= 1.0.3)
ffi-yajl (~> 2.2)
ffi-yajl (>= 2.2, < 4.0)
iniparse (~> 1.4)
inspec-core (~> 4.23)
inspec-core (~> 7.0.107)
license-acceptance (>= 1.0.5, < 3)
mixlib-archive (>= 0.4, < 2.0)
mixlib-authentication (>= 2.1, < 4)
mixlib-cli (>= 2.1.1, < 3.0)
mixlib-log (>= 2.0.3, < 4.0)
mixlib-shellout (>= 3.1.1, < 4.0)
net-sftp (>= 2.1.2, < 4.0)
ohai (~> 17.0)
mixlib-shellout (>= 3.3.8, < 3.5.0)
net-ftp
net-sftp (>= 2.1.2, < 5.0)
ohai (~> 19.0)
plist (~> 3.2)
proxifier (~> 1.0)
proxifier2 (~> 1.1)
syslog
syslog-logger (~> 1.6)
train-core (~> 3.2, >= 3.2.28)
train-winrm (>= 0.2.5)
uuidtools (>= 2.1.5, < 3.0)
vault (~> 0.16)
chef-config (17.9.42)
train-core (~> 3.13, >= 3.13.4)
train-rest (>= 0.4.1)
train-winrm (>= 0.2.17)
unf_ext (~> 0.0.9.1)
uri (>= 1.0.4, < 1.2.0)
vault (>= 0.18.2, < 0.21.0)
chef-config (19.3.15)
addressable
chef-utils (= 17.9.42)
chef-utils (= 19.3.15)
fuzzyurl
mixlib-config (>= 2.2.12, < 4.0)
mixlib-shellout (>= 2.0, < 4.0)
tomlrb (~> 1.2)
racc
tomlrb (>= 1.2, < 3.0)
chef-gyoku (1.5.0)
builder (>= 2.1.2)
rexml (~> 3.4)
chef-licensing (1.4.1)
chef-config (>= 15)
faraday (>= 1, < 3)
faraday-http-cache
mixlib-log (~> 3.0)
ostruct (~> 0.6.0)
pstore (~> 0.1.1)
tty-prompt (~> 0.23)
tty-spinner (~> 0.9.3)
chef-telemetry (1.1.1)
chef-config
concurrent-ruby (~> 1.0)
chef-utils (17.9.42)
chef-utils (19.3.15)
concurrent-ruby
chef-vault (4.1.5)
chef-zero (15.0.11)
ffi-yajl (~> 2.2)
hashie (>= 2.0, < 5.0)
chef-vault (4.2.12)
syslog (~> 0.3)
chef-winrm (2.5.0)
builder (>= 2.1.2)
chef-gyoku (~> 1.5)
erubi (~> 1.8)
gssapi (~> 1.2)
httpclient (~> 2.2, >= 2.2.0.2)
logging (>= 1.6.1, < 3.0)
nori (~> 2.7)
rexml (>= 3.4.2, < 4.0)
rubyntlm (~> 0.6.0, >= 0.6.3)
chef-winrm-elevated (1.2.5)
chef-winrm (>= 2.3.11)
chef-winrm-fs (>= 1.3.7)
erubi (~> 1.8)
chef-winrm-fs (1.4.2)
benchmark (~> 0.5.0)
chef-winrm (~> 2.4)
csv (~> 3.3)
erubi (>= 1.7)
logging (>= 1.6.1, < 3.0)
rubyzip (~> 2.0)
chef-zero (15.1.11)
ffi-yajl (>= 2.2, < 4.0)
hashie (>= 2.0, < 6.0)
mixlib-log (>= 2.0, < 4.0)
rack (~> 2.0, >= 2.0.6)
uuidtools (~> 2.1)
rack (~> 3.2, >= 3.2.6)
rackup (~> 2.3, >= 2.3.1)
uuidtools (>= 2.1, < 4.0)
webrick
coderay (1.1.3)
concurrent-ruby (1.1.9)
corefoundation (0.3.10)
concurrent-ruby (1.3.7)
connection_pool (2.5.5)
cookstyle (8.7.6)
rubocop (= 1.86.1)
corefoundation (0.3.19)
ffi (>= 1.15.0)
diff-lcs (1.3)
erubi (1.10.0)
csv (3.3.5)
date (3.5.1)
diff-lcs (1.6.2)
domain_name (0.6.20240107)
ed25519 (1.4.0)
erubi (1.13.1)
erubis (2.7.0)
faraday (1.4.3)
faraday-em_http (~> 1.0)
faraday-em_synchrony (~> 1.0)
faraday-excon (~> 1.1)
faraday-net_http (~> 1.0)
faraday-net_http_persistent (~> 1.1)
multipart-post (>= 1.2, < 3)
ruby2_keywords (>= 0.0.4)
faraday-em_http (1.0.0)
faraday-em_synchrony (1.0.0)
faraday-excon (1.1.0)
faraday-net_http (1.0.1)
faraday-net_http_persistent (1.2.0)
faraday_middleware (1.2.0)
faraday (~> 1.0)
ffi (1.15.5)
ffi-libarchive (1.1.3)
faraday (2.14.3)
faraday-net_http (>= 2.0, < 3.5)
json
logger
faraday-follow_redirects (0.5.0)
faraday (>= 1, < 3)
faraday-http-cache (2.5.1)
faraday (>= 0.8)
faraday-net_http (3.4.4)
net-http (~> 0.5)
ffi (1.17.4-arm64-darwin)
ffi (1.17.4-x86_64-darwin)
ffi (1.17.4-x86_64-linux-gnu)
ffi-libarchive (1.1.14)
ffi (~> 1.0)
ffi-yajl (2.4.0)
libyajl2 (>= 1.2)
ffi-yajl (2.7.11)
libyajl2 (>= 2.1)
fuzzyurl (0.9.0)
gssapi (1.3.1)
ffi (>= 1.0.1)
gyoku (1.3.1)
builder (>= 2.1.2)
hashie (4.1.0)
highline (2.0.3)
httpclient (2.8.3)
hashie (5.1.0)
logger
highline (3.1.2)
reline
http-accept (1.7.0)
http-cookie (1.1.6)
domain_name (~> 0.5)
httpclient (2.9.0)
mutex_m
iniparse (1.5.0)
inspec-core (4.52.9)
inspec-core (7.0.107)
addressable (~> 2.4)
chef-licensing (>= 1.2.0)
chef-telemetry (~> 1.0, >= 1.0.8)
faraday (>= 0.9.0, < 1.5)
faraday_middleware (~> 1.0)
hashie (>= 3.4, < 5.0)
cookstyle
csv (~> 3.0)
faraday (>= 1, < 3)
faraday-follow_redirects (~> 0.3)
hashie (>= 3.4, < 6.0)
license-acceptance (>= 0.2.13, < 3.0)
method_source (>= 0.8, < 2.0)
mixlib-log (~> 3.0)
multipart-post (~> 2.0)
ostruct (>= 0.1, < 0.7)
parallel (~> 1.9)
parslet (>= 1.5, < 2.0)
parslet (>= 1.5, < 3.0)
pry (~> 0.13)
rspec (>= 3.9, < 3.11)
rspec-its (~> 1.2)
rubyzip (>= 1.2.2, < 3.0)
rspec (>= 3.9, <= 3.14)
rspec-its (>= 1.2, < 3.0)
rubyzip (>= 1.2.2, < 4.0)
semverse (~> 3.0)
sslshake (~> 1.2)
thor (>= 0.20, < 2.0)
tomlrb (>= 1.2, < 2.1)
train-core (~> 3.0)
syslog (~> 0.1)
thor (>= 0.20, < 1.5.0)
tomlrb (>= 1.3, < 2.1)
train-core (~> 3.16, >= 3.16.1)
tty-prompt (~> 0.17)
tty-table (~> 0.10)
io-console (0.8.2)
ipaddress (0.8.3)
jmespath (1.5.0)
json (2.6.1)
knife (17.9.26)
jmespath (1.6.2)
json (2.20.0)
knife (19.0.134)
abbrev
bcrypt_pbkdf (~> 1.1)
chef (>= 17)
chef-config (>= 17)
chef-utils (>= 17)
chef-licensing (~> 1.2)
chef-vault
ed25519 (>= 1.2, < 2.0)
erubis (~> 2.7)
ffi (>= 1.15)
ffi-yajl (~> 2.2)
highline (>= 1.6.9, < 3)
ffi (>= 1.15, < 1.18.0)
ffi-yajl (>= 2.2, < 3.0)
highline (>= 1.6.9, < 4)
license-acceptance (>= 1.0.5, < 3)
mixlib-archive (>= 0.4, < 2.0)
mixlib-cli (>= 2.1.1, < 3.0)
net-ssh (>= 5.1, < 7)
net-ssh (>= 5.1, < 8)
net-ssh-multi (~> 1.2, >= 1.2.1)
ohai (~> 17.0)
pastel
train-core (~> 3.2, >= 3.2.28)
train-winrm (>= 0.2.5)
proxifier2 (~> 1.1)
train-core (~> 3.13, >= 3.13.4)
train-winrm (>= 0.2.17)
tty-prompt (~> 0.21)
tty-screen (~> 0.6)
tty-table (~> 0.11)
knife-zero (2.4.2)
chef (>= 15.0)
knife-zero (2.6.0)
chef (>= 16.6)
knife (>= 17.0)
language_server-protocol (3.17.0.5)
libyajl2 (2.1.0)
license-acceptance (2.1.13)
pastel (~> 0.7)
tomlrb (>= 1.2, < 3.0)
tty-box (~> 0.6)
tty-prompt (~> 0.20)
lint_roller (1.1.0)
little-plugger (1.1.4)
logging (2.3.0)
logger (1.7.0)
logging (2.4.0)
little-plugger (~> 1.1)
multi_json (~> 1.14)
method_source (1.0.0)
mixlib-archive (1.1.7)
method_source (1.1.0)
mime-types (3.7.0)
logger
mime-types-data (~> 3.2025, >= 3.2025.0507)
mime-types-data (3.2026.0701)
mixlib-archive (1.3.3)
mixlib-log
mixlib-authentication (3.0.10)
mixlib-cli (2.1.8)
mixlib-config (3.0.9)
mixlib-config (3.0.27)
tomlrb
mixlib-log (3.0.9)
mixlib-shellout (3.2.5)
mixlib-log (3.2.3)
ffi (>= 1.15.5)
mixlib-shellout (3.4.10)
chef-utils
multi_json (1.15.0)
multipart-post (2.1.1)
net-scp (3.0.0)
net-ssh (>= 2.6.5, < 7.0.0)
net-sftp (3.0.0)
net-ssh (>= 5.0.0, < 7.0.0)
net-ssh (6.1.0)
multi_json (1.19.1)
multipart-post (2.4.1)
mutex_m (0.3.0)
net-ftp (0.3.9)
net-protocol
time
net-http (0.9.1)
uri (>= 0.11.1)
net-http-persistent (4.0.8)
connection_pool (>= 2.2.4, < 4)
net-protocol (0.2.2)
timeout
net-scp (4.1.0)
net-ssh (>= 2.6.5, < 8.0.0)
net-sftp (4.0.0)
net-ssh (>= 5.0.0, < 8.0.0)
net-ssh (7.3.3)
net-ssh-gateway (2.0.0)
net-ssh (>= 4.0.0)
net-ssh-multi (1.2.1)
net-ssh (>= 2.6.5)
net-ssh-gateway (>= 1.2.0)
nori (2.6.0)
ohai (17.9.0)
chef-config (>= 14.12, < 18)
chef-utils (>= 16.0, < 18)
ffi (~> 1.9)
ffi-yajl (~> 2.2)
netrc (0.11.0)
nori (2.7.1)
bigdecimal
ohai (19.1.40)
base64
chef-config (>= 14.12, < 20)
chef-utils (>= 16.0, < 20)
ffi (>= 1.15.5)
ffi-yajl (>= 2.2, < 3.0)
ipaddress
mixlib-cli (>= 1.7.0)
mixlib-config (>= 2.0, < 4.0)
mixlib-log (>= 2.0.1, < 4.0)
mixlib-shellout (~> 3.2, >= 3.2.5)
mixlib-shellout (>= 3.3.6, < 3.5.0)
plist (~> 3.1)
train-core
wmi-lite (~> 1.0)
parallel (1.21.0)
parslet (1.8.2)
ostruct (0.6.3)
parallel (1.28.0)
parser (3.3.11.1)
ast (~> 2.4.1)
racc
parslet (2.0.0)
pastel (0.8.0)
tty-color (~> 0.5)
plist (3.6.0)
proxifier (1.0.3)
pry (0.14.1)
plist (3.7.2)
prism (1.9.0)
proxifier2 (1.1.0)
pry (0.16.0)
coderay (~> 1.1)
method_source (~> 1.0)
public_suffix (4.0.6)
rack (2.2.3)
rspec (3.10.0)
rspec-core (~> 3.10.0)
rspec-expectations (~> 3.10.0)
rspec-mocks (~> 3.10.0)
rspec-core (3.10.2)
rspec-support (~> 3.10.0)
rspec-expectations (3.10.2)
reline (>= 0.6.0)
pstore (0.1.4)
public_suffix (6.0.2)
racc (1.8.1)
rack (3.2.6)
rackup (2.3.1)
rack (>= 3)
rainbow (3.1.1)
regexp_parser (2.12.0)
reline (0.6.3)
io-console (~> 0.5)
rest-client (2.1.0)
http-accept (>= 1.7.0, < 2.0)
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 4.0)
netrc (~> 0.8)
rexml (3.4.4)
rspec (3.13.2)
rspec-core (~> 3.13.0)
rspec-expectations (~> 3.13.0)
rspec-mocks (~> 3.13.0)
rspec-core (3.13.6)
rspec-support (~> 3.13.0)
rspec-expectations (3.13.5)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.10.0)
rspec-its (1.3.0)
rspec-core (>= 3.0.0)
rspec-expectations (>= 3.0.0)
rspec-mocks (3.10.3)
rspec-support (~> 3.13.0)
rspec-its (2.0.0)
rspec-core (>= 3.13.0)
rspec-expectations (>= 3.13.0)
rspec-mocks (3.13.8)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.10.0)
rspec-support (3.10.3)
ruby2_keywords (0.0.5)
rubyntlm (0.6.3)
rubyzip (2.3.2)
semverse (3.0.0)
rspec-support (~> 3.13.0)
rspec-support (3.13.7)
rubocop (1.86.1)
json (~> 2.3)
language_server-protocol (~> 3.17.0.2)
lint_roller (~> 1.1.0)
parallel (>= 1.10)
parser (>= 3.3.0.2)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 2.9.3, < 3.0)
rubocop-ast (>= 1.49.0, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 4.0)
rubocop-ast (1.49.1)
parser (>= 3.3.7.2)
prism (~> 1.7)
ruby-progressbar (1.13.0)
rubyntlm (0.6.5)
base64
rubyzip (2.4.1)
semverse (3.0.2)
socksify (1.8.1)
sslshake (1.3.1)
strings (0.2.1)
strings-ansi (~> 0.2)
unicode-display_width (>= 1.5, < 3.0)
unicode_utils (~> 1.4)
strings-ansi (0.2.0)
syslog (0.4.0)
logger
syslog-logger (1.6.8)
thor (1.2.1)
tomlrb (1.3.0)
train-core (3.8.7)
thor (1.4.0)
time (0.4.2)
date
timeout (0.6.1)
tomlrb (2.0.4)
train-core (3.16.5)
addressable (~> 2.5)
ffi (!= 1.13.0)
json (>= 1.8, < 3.0)
ffi (>= 1.16.0, < 1.18)
json (>= 2.19.2, < 3.0)
mixlib-shellout (>= 2.0, < 4.0)
net-scp (>= 1.2, < 4.0)
net-ssh (>= 2.9, < 7.0)
train-winrm (0.2.12)
winrm (>= 2.3.6, < 3.0)
winrm-elevated (~> 1.2.2)
winrm-fs (~> 1.0)
net-scp (>= 1.2, < 5.0)
net-ssh (>= 2.9, < 8.0)
train-rest (0.5.0)
aws-sigv4 (~> 1.5)
rest-client (~> 2.1)
train-core (~> 3.0)
train-winrm (0.4.3)
chef-winrm (>= 2.4.4, < 3.0)
chef-winrm-elevated (>= 1.2.5, < 2.0)
chef-winrm-fs (>= 1.4.1, < 2.0)
socksify (~> 1.8)
tty-box (0.7.0)
pastel (~> 0.8)
strings (~> 0.2.0)
@@ -272,45 +407,34 @@ GEM
tty-cursor (~> 0.7)
tty-screen (~> 0.8)
wisper (~> 2.0)
tty-screen (0.8.1)
tty-screen (0.8.2)
tty-spinner (0.9.3)
tty-cursor (~> 0.7)
tty-table (0.12.0)
pastel (~> 0.8)
strings (~> 0.2.0)
tty-screen (~> 0.8)
unicode-display_width (2.1.0)
unf_ext (0.0.9.1)
unicode-display_width (2.6.0)
unicode_utils (1.4.0)
uuidtools (2.2.0)
vault (0.16.0)
uri (1.1.1)
uuidtools (3.0.0)
vault (0.20.1)
aws-sigv4
webrick (1.7.0)
winrm (2.3.6)
builder (>= 2.1.2)
erubi (~> 1.8)
gssapi (~> 1.2)
gyoku (~> 1.0)
httpclient (~> 2.2, >= 2.2.0.2)
logging (>= 1.6.1, < 3.0)
nori (~> 2.0)
rubyntlm (~> 0.6.0, >= 0.6.3)
winrm-elevated (1.2.3)
erubi (~> 1.8)
winrm (~> 2.0)
winrm-fs (~> 1.0)
winrm-fs (1.3.5)
erubi (~> 1.8)
logging (>= 1.6.1, < 3.0)
rubyzip (~> 2.0)
winrm (~> 2.0)
base64
net-http-persistent (~> 4.0, >= 4.0.2)
webrick (1.9.2)
wisper (2.0.1)
wmi-lite (1.0.5)
wmi-lite (1.0.7)
PLATFORMS
arm64-darwin-22
x86_64-darwin-18
x86_64-darwin-19
x86_64-linux
DEPENDENCIES
knife-zero (>= 2.4.2)
knife-zero (~> 2.6.0)
BUNDLED WITH
2.2.15
+4
View File
@@ -38,6 +38,10 @@ Clone this repository, `cd` into it, and run:
knife zero bootstrap ubuntu@zerotier-ip-address -x ubuntu --sudo --run-list "role[base],role[kvm_guest]" --secret-file .chef/encrypted_data_bag_secret
### Bootstrap a new VM with environment and role/app (postgres replica as example)
knife zero bootstrap ubuntu@10.1.1.134 -x ubuntu --sudo --environment production --run-list "role[base],role[kvm_guest],role[postgresql_replica]" --secret-file .chef/encrypted_data_bag_secret
### Run Chef Zero on a host server
knife zero converge -p2222 name:server-name.kosmos.org
+4
View File
@@ -0,0 +1,4 @@
{
"name": "garage-10",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2+3Wo+KkXVJCOX1SxT9\nSdwKXgPbCDM3EI9uwoxhMxQfRyN53dxIsBDsQUVOIe1Z8yqm4FenMQlNmeDR+QLE\nvNFf1fisinW+D9VVRm+CjcJy96i/Dyt786Z6YRrDlB860HxCbfTL2Zv5BRtbyIKg\nhz5gO+9PMEpPVR2ij9iue4K6jbM1AAL2ia/P6zDWLJqeIzUocCeHV5N0Z3jXH6qr\nf444v78x35MMJ+3tg5h95SU1/PDCpdSTct4uHEuKIosiN7p4DlYMoM5iSyvVoujr\nflRQPEpGzS9qEt3rDo/F4ltzYMx6bf1tB/0QaBKD+zwPZWTTwf61tSBo5/NkGvJc\nFQIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "garage-11",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfZcNEQojtmaogd9vGP/\nMsVPhAOlQ4kxKgrUas+p+XT7lXRan6b3M8UZEleIaL1HWsjSVwtFWRnNl8kg8rF8\nNEkLeOX8kHf7IoXDFOQa2TXanY8tSqrfh9/heFunt4Q3DluVt7S3bBdwukbDXm/n\nXJS2EQP33eJT4reL6FpVR0oVlFCzI3Vmf7ieSHIBXrbXy7AIvGC2+NVXvQle6pqp\nx0rqU6Wc6ef/VtIv+vK3YFnt9ue3tC63mexyeNKgRYf1YjDx61wo2bOY2t8rqN8y\nHeZ3dmAN8/Vwjk5VGnZqK7kRQ92G4IcE+mEp7MuwXcLqQ9WB960o+evay+o1R5JS\nhwIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "garage-12",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9GtHHi298BjiIqpZ3WkT\nkYAPfWD60hFe/8icYcq/F/6cHLYKZQ4chek9X/hDCMq4tHEN6Oh58T5x/nuNdPrK\nIAMGyVAGk6ekWlmD4jwdEf6TGb/J3ffJTRDvwX/I8xD/DW3wtXsN+X24T59ByGTm\nrnwRmmmwHF3otRx9wnCsIgDQ0AjiUujsfNNv1FcLXD/WJLys9lEeU5aJ4XtHTwDv\ntJM8YyVEFhEnuvgdKmzn5+F5k9VGdUwForlFOBfvzbCnTZMDMmDVeiUtAUv/7xWQ\nQl2mLUGCtgWuYJYXsQacAJ6pa3h+7cQyshC6w3dwUG+1fS9lNO0Yp1GGX1AGYKpp\nPQIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "garage-13",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbqWc6OwRxgHfsQuTNL4\naxeVvNen5d9srYpZSHjuBB/k9NHB+9P6vU5qF37XHkw1lVUGeYbPHzhYsx3O0/kZ\nH5f4+4SMy/P9jc6SE7AJF4qtYKgJ88koZdqCww07c6K9g+BnEGFFZui/h3hUBxWj\nTfhBHEWPyQ2bl/lr9sIJwsEz+EN0isGn/eIXkmw9J6LdLJ5Q0LLks33K28FNOU7q\nfeAN4MiBVMUtgCGyT2Voe6WrOXwQLSDXQONOp3sfSfFExsIJ1s24xdd7AMD7/9a7\n4sFDZ4swhqAWgWmW2giR7Kb8wTvGQLO/O/uUbmKz3DZXgkOKXHdHCEB/PZx1mRNM\nEwIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "garage-14",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypINv1zTZ7+pyT0iRhik\n0W70ASYADo7qK7QyE9/3nu2sUrP1IjoNFsv/ceKwicH7Fw2Ei1o+yKZlKn7zJzY7\n93YRZndF04VH2bmqy0uOWK0Bdat7gCld5bvS6FmRflg7g64LFb33/64QIVsVGHGL\nYF2TO//x79t9JKcQDa4h5MOWzJNTFuEcUGa0gJjMYpWGVHEJSgRuIgyhXmyIJJgY\nguj6ymTm5+3VS7NzoNy2fbTt1LRpHb5UWrCR15oiLZiDSMLMx0CcGOCmrhvODi4k\n0umw+2NPd1G50s9z7KVbTqybuQ65se2amRnkVcNfaBIU5qk9bVqcmhZlEozmBZCd\ndwIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "garage-15",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy14sTt5gxVZi9C3KIEBu\nDyUgbb6jc3/GR22fNPTqV6uDHhxzhE2UsYwY/7yuA1RasdwHEOBWZaoC0Om5/Zmi\n8gn6//v1ILyLNaAcw+SQcxZkCN8Sk/0atRS9HYk1agE8Mvh72Fe2z3l+92VMefy7\nJwJUNNBTbnV2WVCchChoWnfhI7bkSLSHp0M2MO2pI+lkpSdmfkJSa5z9zihgxKO8\nXfvhryDCZNvfRVHhwc+ffpap0gLF0H9riGKE4FwLy4YqbuW1Tgm6bObb9bpOIw6Q\nVfH3kC/KMK5FlnxGmYtDkhRJ/wjGInRBk9WK/QOmjyd2FVxipEQmA4RdjlznRC9I\nrwIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "garage-16",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYCUN4WNP05pjbxVJd1/\nvmDZU6XRrVVZS5piSSRzs+uxrcUQZew9oe8YwnB9Acf7nl1igS1Fa3e3TyVdrdrM\n+zKLIszJfZw8qH0BhUHYhIm5o+NXeUDR6zor5/4msq9yyXxMFM3FY6HSnz1IBY6P\n43GdArRqAhccGZTBzvowHZvVTkG553oYF1ETxlUWn+9l142YZufNK+B2JGUGSnf3\nS0A2vlQi7DGHBcUaPPqCLeaXB1cQ4Q6SqMvnExpi0xTdY2QXLlSIBJvJVowLtQKs\npS5qHxwCabMY/uHVoEKxgmMcGvjp4L0PoaXRcev5I2sDfbLuz1VxYfatjgI/1psg\ntwIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "garage-3",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRSB8/ObjvQq6WuOVS/f\nypdX/2fLsUlt5tQ8GNuSY9rSM8gdvcXUvnPlxthZO4yvcPX85wmtBZX8fRJFdkJg\nYRCJbuVKO9sLTq8OUWXYpfU1q10FUhl034zxOMslpxVB6toirnk025vyq9jbuKP+\nYO+c40KZr67mgm0hveJfylayfiKP1HGm4HrV0maFivCgC8D+MPDDv75CsqRe5WSc\nh2CoauDJwVlhKZ92yq87ugGBhJJRUGOQZcfEvkUGj/HNAS6tuHl8YmVmhO8hBdee\nNto6RF54E1zB80R9oT/qitw23miEyUcHHVxhTR4tTWflZgd8l4wDOhX3Nf20xknu\nFQIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "garage-4",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8it7QtT6zDiJJqlyHKfQ\nLqwu6bLblD15WWxlUSiOdhz3njWDv1BIDCAdkCR3HAXgxvk8sMj9QkvWS7u1+bc4\nxvHrY4Tgfg+Tk1h3gGa7ukll8s1WLIbGjj89vrK8PFr4iuDqRytYRMmcdMsNzPkS\nKcsOjFYWGV7KM/OwoQGVIOUPB+WtkrFAvNkXtIU6Wd5orzFMjt/9DPF2aO7QegL8\nG1mQmXcPGl9NSDUXptn/kzFKm/p4n7pjy6OypFT192ak7OA/s+CvQlaVE2tb/M3c\ne4J6A+PInV5AGKY6BxI3QRQLZIlqE0FXawFKr1iRU4JP4tVnICXZqy+SDXQU1zar\nTQIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "garage-5",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJxLFOBbml94W/GAe7nm\ntZs1Ziy8IbqXySsm8bSwWhRMQ8UuseqQLG30R3Q5X5AoJbtNfd26l63qLtP2fFtL\n5km9dV+2FoIJWFetl8Wzr7CaLYAiNzTQSFHlV7+6DKmPMDcJ63GKrFR77vkSGOG6\nOWL1bJy5BOaClp/sKL/0WQ0+mRbTP6RCQ2eI+46clAg702SenBU6Nz9HDm+teKN7\nYlP1CvzXgfgfpDOsat7wGn5+oKcmKavZxcdn8bt5jRpg8v3JezaZIjMXt7XcNS4n\n0F4XO/efnZE5B5SN68j4BpD8N79zJw4HlRIGP+RaYv2qLtBeWgLHCCs9wXQXfj6b\nLwIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "garage-7",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoAigZUSwsfbBHx2PQ6W\n38Ght6eCvbpW1lsS58hTieRmRn+pgZVjvixhsBh57rUasCjaBywXk9BpNj2Foxck\nReHeoDI0RHsgniClyMrYj80y2NhoB6J8NB+cHkhdzIKplm6AH6M5xaAedtZU639a\n1nHMtpDlJhzgIYsiq1q06Aqd1w0Z9tf1RXQ1WvMDhTY4wlE5RZ2epBb6Usnlbjo2\nSqCIGIjRLmZxdsSWoiUUTlVPdUCzTNsN5G/ZVdRswhgseDmVJCIkK2Aji/XzhIrR\nh4RvUv9dhFemOVsFctJ/dQILXz5MZLUgakKf970M5R/Zggv//pqRSsYcB2UfaBpV\nLQIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "garage-8",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4hXODzgHsIeWxXJm/F6\nSTFJ8JC89mWru7pOFzPWenOVMHgp4UpUB4rDTwQqojsWTDiq0x3ckUyOPw3Nj0jv\nxP4MMGS4SI0oRSJKzrYYss0hgUDTOBBd+Wxn0UiNEpN/PfQo9VZj9v/jak57cz7z\n5+rpl5v27fhgUIChjsHxdy+EamvCrYc+1JhyrLOlwlt8JxkZ8UPhoeZLWAbDgGLS\nEzHWSSVtBUPK+KYmVb2OK4lB56zPfek0U3gKN+04a1650jzOit8LzE6NaT180QDv\nX+gG6tk53vSXDmkBXsQ1mtB8aF+HaEG2Pra5HyihlweCPYdJT+e28wpq6+P5l3YR\ndQIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "garage-9",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMHzKE8JBrsQkmRDeMjX\n71mBzvRzNM90cwA8xtvIkXesdTyGqohX9k/PJbCY5ySGK9PpMaYDPVAnwnUP8LFQ\n3G98aSbLxUjqU/PBzRsnWpihehr05uz9zYcNFzr4LTNvGQZsq47nN9Tk+LG3zHP7\nAZViv2mJ4ZRnukXf6KHlyoVvhuTu+tiBM8QzjTF97iP/aguNPzYHmrecy9Uf5bSA\nZrbNZT+ayxtgswC2OclhRucx7XLSuHXtpwFqsQzSAhiX1aQ3wwCyH9WJtVwpfUsE\nlxTjcQiSM9aPZ8iSC0shpBaKD1j3iF/2K2Jk+88++zMhJJPLermvaJxzsdePgvyk\nKQIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "leo",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFfQsJnREjbXTtpT6BVt\naBaUzRmCQi8Du0TzeUG0ENrY0p5Exqleye2rC6bJlB3PER1xr5zdtuXLgbcVumIb\nzroU5JPtFbQk7r/pj0atT+UEYzl16iuEpprQ/bug+f0nE514USr6YG4G+tlZ/jBI\nSHsCQF1P8ufXFLW0ewC7rdvBkgA+DwK14naRxS4jO5MSl4wmNTjs/jymTg508mQq\nf5tG52t8qFdgn9pRdBXmyTpPtwK7I4rZ+1Qn+1E5m4oQUZsxh8Ba1bGbKotVO7Ua\nYL1yCGx7zRRUvLLIdSMvlRXTJBUSQtQ8P4QUDWTY1Na2w3t9sulKg2Lwsw8tktvC\nCwIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "postgres-10",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oBb5omC7ZionWhudgFm\n2NGcRXsI0c7+g1+0duaxj5dziaRTltqzpRJTfiJD6R36FcvEqwGc+qQgYSMzc1Xd\nY4OTvJFIDiFAmROm/DZYgFtTDldVNJZO2bbU3COYf/Z2Poq56gC4zLLd/zf6shgb\n2Mty8PlQ82JJAY9EMI3aAifdnZ1k/g4weFC4LFg9lUcNNXOwlAjp//LJ3ku3aY1r\nwW74msSeWEjE44YZdWyMYgM7Fy1hz5giHFQtRdOLemRCWQ8h26wn/cmWld7lsLg+\nlYqxokxWXGv8r5zR8kDTBkd0dxY7ZMbo7oESY4Uhuf4UReMe2ZGHto1E7w3llSj+\n7wIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "postgres-11",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1foYpuubS2ovlg3uHO12\nQ/ROZ8MpG+LkCAM46uVfPaoWwfY0vdfMsBOanHDgm9DGUCEBJZ6LPrvCvGXbpPy6\n9GSswK75zVWODblNjvvV4ueGFq4bBFwRuZNjyMlqgyzeU+srZL0ivelu5XEuGuoD\nPYCBKWYqGMz85/eMC7/tinTJtKPyOtXe/G8meji+r7gh3j+ypj/EWeKfcRDa4aGe\n/DmMCurIjjPAXFLMAA6fIqPWVfcPw4APNPE60Z92yPGsTbPu7bL54M5f7udmmu7H\nOgk1HjMAmXCuLDzTkfaxqHP+57yELg/YpXR1E93VmBeQuIBsyOFEk6AmUmA1Ib6e\nnQIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "postgres-12",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mYGrYB8keUKmXA8dhWc\ncCLzp50xR0ajSw+bWYydyRqD5wuEVKjiJu4+G9QmTVXkVgJ+AYI0Y9/WZYpDqVH6\nvLUo6BSNQaWx20q93qIdOGLy8YG3Qyznezk4l8T9u9vWZDyDpKw6gCxzikMkrXxb\n0cqOYtyud8+PtSEEMogSjOKhRURVHlVrlVH3SQO7Whke9rkiFcbXzubsK9yjkUtF\nxZafSoGorOlDsPvFTfYnkepVB+GHcgiribRYSrO+73GypC2kqMhCpWrb6a0VWsP/\nh53+q3JL3vBvdvjcv51Wpf4n6JdnXnQGn2/MdXEzw+NXgjU4/IdYtbORSbaI8F5t\nowIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "postgres-4",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6fPxOZeKloF/EgYvU0k\nOwv8bJjsCQcWaMTPle5//mRTszA6PM2z9RI+Mfr45qxTlsL9pQY8WJOWF6QOK31x\nszuqcr7oOjtAhrLI8f/oNDEDjcx325FqG9gNKQEAD7d4zodh+PhDe6x7GIyIS7lG\nIcD5Zre9iDwv8FGLR+5GLqS8SJOPL/wJkQ8w+N0f8YDFw81kiTta5NLhAx3fMDs0\n2kmoNlbmKlNZTtLjCfCV+/pa9oY6wycjck3GvobiFE/4cWaNkeGlPc+uAwlfmrOv\nHy0tq1XBX/BCvE5kMXmhnMT23JXjm2s2PgCLgEVGAXilXk/T597KDm+z4oBpAQma\nnQIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "postgres-5",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXZv6Gk+dhIVkTXH9hJ1\nt2oqsMSLmTUj71uPN+4j0rxCQriXa095Nle9ifJAxfwzQyKEpWKyZd1Hpyye6bL1\nwgWATZ/u5ZS4B63NhRFyDxgPlHWBBohaZBN42zeq0Y0PNGHPVGDH/zFDrpP22Q9Q\nYScsyXTauE/Yf8a/rKR5jdnoVsVVMxk0LHxka8FcM2cqVsDAcK7GqIG6epqNFY8P\nUb1P+mVxRwnkzvf1VtG212ezV/yw9uiQcUkHS+JwZMAgbC34k9iDyRmk6l4sj/Zk\nNem20ImMqdDzsrX8zEe21K+KNvpejPH9fxaNCwR8W+woBMMzqD3I7P9PbLjc70Rx\nRwIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "postgres-6",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVzM0fwlimmq11jTGTko\nK87LRYSar61tNF3qVWp9axNSMa6BSxVark9eYOqY4eLh/5vJVDqXDFq30/IUWg40\nH8hHWaOEvQrP2dm/XFw1RmunfbfN9gN07TuhaT3xFD5t+jFBuOSoJ4cPnFIABuVt\nFLrjgtYYjtZe5hGE9ZPmS7o2ATM5EU9mxeQ+TkgDbr8StvSPGdZ1ykhagf1pegGU\nRIfZ+4ZKzyDUAq+fYNhIbmlm5h2gP+XdtakPy43j7n0iN1vwDgBqJ2pdaVs/GcFf\nvaztoltguoknI2NPSez1N217asTTLuth0nHxVXiKCVXnqwDjxgWmuP6X2B7VYjyc\nxQIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "postgres-8",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx88DgM/x1UbKRzgPexXE\nSyfrAsqaDVjqZz7yF3tqAc9A52Ol0KOM6NESoPWBVMbS86WtAjBcMHcOoQBJ+ovp\nXcjNlRtO1Il6/d4uCRr4CEDX+yeS0Qrt0SOORnoTbVlkq9VlVljyCmxk8VBCILzk\ndHvFr62mahMy6vOEcpCQgCwYE3ISH2jlTDz2agoK/CjIyyqFTlB1N7mJVGLrJdcA\nA2JOxDRE8HqOdpY7bHcHj4uyMWaKuM3zxXK04lhrvuPRfJUhXgsK9r5jeTEa8407\nqV9K+mB17R1dBeHmWEPDRt02HELe2SUjYmlmyVX73H2mWKDLBFpAFjOfz86CJ6jf\nDQIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "postgres-9",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dcE9HH0r5TBb/FGj2+e\nOw8ssoxeB61JmR4/psdZ6oPR08gxyqOY0ODziCmyIdXwFhjIcC44HjxCbcB8TU8G\nWGqlmfqWWIJW0x/2xOycHobAWDn5fC5ttTXkR3HC1TutX/2mH26mtfz9UjNdPaTo\nVZFMcxeaBCFSNlYC7hPUQ5f/qBdhhpLxP9uyzU+YFPqtwLP7g8EAUQObM4L+m6Q8\nqE7xgYpnhgaNrPsmvaVuoNylMGwyK0j1whOkcik8UgLprD70ISNSNxxcLehbvA3G\nPQPQRRuFF36fu2gECWGopbrFKwQGNfgJguQoXM1RQZQMQqWHPS933k5i6bi5pnhp\nzwIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "prometheus-1",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7T/OBo/TZm3YqnN4+ok\nHwcJ0kW9w2rl9UfrOlWUvoPHBd2LrqpEv3Az3a150IylQ1H/UozmQA7DtjIoTA7d\nV3oLY970vYrYiURcojOo8qAZBy8EH7dfAHxuZryUeELr+3vdcHF5WrrfSt2FdFVX\nPTY95ikafAnOO0Nt8jvnlPoDn7REV8TOE6KOiUzcHKa2xGlfaIe0oRC21LD86uQm\nR09xY1YaJkVgZfeN/opoRjZawkU3FFs3jlUEVBF8k153oOw9W3bgsFFjSOtRtRRg\nDwyQ7oDeMH83kXnaCdpkNZd59wjzPcpxYAL4LRN52ZXA4Btr4DTi+GxHz98Dr0kU\nUQIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "rsk-testnet-5",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/UHlgcSeh9Do7CTCKXC\n/4/aO2OvT+ijDVmrMYCNtE4sMeuFqKPnV1zxJZmRm4VNhkSQDkdWYD+6XvuFYW60\nyjB/N6D5lLlyjG4HD6fTkfh0K6f7t5mOYV7o4T59OoA3cBZuSROjtWmJ8jEFJ+k9\nII2kcyhPQcFN01ckzvZKRSPbVRccMoc+AKTjB3ZUfs/ERtlVoDrK4jEHluXOxUJO\nBKCcLonjJuLlpRLh7QfKrKFcR4idn5Ir43R6aSUesI/ipKwKsXnR3Bu7vXp74VF3\nMJ3EkdSBG+qJzy51fbRfQiUPAr/vSoVQZwW7FkIhIqqLkMaYCymn7qKfTGujoNU7\nlwIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "rsk-testnet-6",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1p4+F536/peA4XWMJtm\njggPl6yJb42V5bg3kDa8SHoIoQgXn59d3BclZ1Oz2+JhFd3Rrn4FN3Z1wzGpP+gA\nnxQOfgRG1ucahh7Nxaw3IdoHm7r/EdEOc9FrxvGJ+09YnmLfzn4iVQpsUiOiNVS7\n0LXtMXYtsjD+o6BTbOhGU8FMmGhMhQfXFVgoDdTiM/Q62zPw8Vtpa3yFpFJAu+dA\n+mm5h5W6FnaWJXM2arn3PxDOt+JQSWp5PYG4goU1FFreU9iFuoeGEfLy8unlbbXt\ne96QhNuCkOA15xqta0Z3oL7IlXWns7dLgZYlpZT9zaExIs3AEDaQcleacQPzXKSG\nswIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "strfry-1",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDV/RMGMXVDbvoA6PNh8\nQzhtHwYDCFcUSkbrwP6tzh6GpVunGEOdOdhj2V63T2tF1H+lujxQXh5pK7C0D6VZ\niO04ftJlo7/svyxUcwWr+znyN5sFdQRh3cBZiGSBYolizwoqgtPFlbNhmWAzV0Du\n9t8mhz70IK3B+UdwWyHtoK0NNsJGnQ9YzAvcjyDmEO/3sCjAhNnxVpmXftpcSmd9\nMonzFtIDBbRRll4AHZYRbmXCzx63+VmelvdnufnbY82liol0zzBwJaBD1wyNlG0y\ni96p3Kx03bLNlIaYVGbjZeJi+6oo2VDWJ4OloLLAYoHDSipeHT9qWfUdnE6ge4Lm\nywIDAQAB\n-----END PUBLIC KEY-----\n"
}
@@ -3,3 +3,5 @@ config:
line-length: false # MD013
no-duplicate-heading: false # MD024
reference-links-images: false # MD052
ignores:
- .github/copilot-instructions.md
+42
View File
@@ -2,6 +2,48 @@
This file is used to list changes made in each version of the homebrew cookbook.
## 6.0.2 - *2025-09-04*
Standardise files with files in sous-chefs/repo-management
Standardise files with files in sous-chefs/repo-management
## 6.0.1 - *2025-03-24*
## 6.0.0 - *2025-03-17*
- Updated library call for new homebrew class name found in chef-client 18.6.2+ releases
## 5.4.9 - *2024-11-18*
Standardise files with files in sous-chefs/repo-management
Standardise files with files in sous-chefs/repo-management
Standardise files with files in sous-chefs/repo-management
Standardise files with files in sous-chefs/repo-management
Standardise files with files in sous-chefs/repo-management
## 5.4.8 - *2024-05-07*
## 5.4.7 - *2024-05-06*
- Explicitly include `Which` module from `Chef` which fixes runs on 18.x clients.
## 5.4.6 - *2024-05-06*
## 5.4.5 - *2023-11-01*
Standardise files with files in sous-chefs/repo-management
## 5.4.4 - *2023-09-28*
## 5.4.3 - *2023-09-04*
## 5.4.2 - *2023-07-10*
## 5.4.1 - *2023-06-01*
## 5.4.0 - *2023-04-24*
+11 -34
View File
@@ -20,8 +20,9 @@
#
class HomebrewUserWrapper
require 'chef/mixin/homebrew_user'
include Chef::Mixin::HomebrewUser
require 'chef/mixin/homebrew'
include Chef::Mixin::Homebrew
include Chef::Mixin::Which
end
module Homebrew
@@ -59,41 +60,17 @@ module Homebrew
def owner
@owner ||= begin
# once we only support 14.0 we can switch this to find_homebrew_username
require 'etc'
::Etc.getpwuid(HomebrewUserWrapper.new.find_homebrew_uid).name
rescue Chef::Exceptions::CannotDetermineHomebrewOwner
calculate_owner
end.tap do |owner|
Chef::Log.debug("Homebrew owner is #{owner}")
end
end
private
def calculate_owner
owner = homebrew_owner_attr || sudo_user || current_user
if owner == 'root'
raise Chef::Exceptions::User,
"Homebrew owner is 'root' which is not supported. " \
"To set an explicit owner, please set node['homebrew']['owner']."
end
owner
end
def homebrew_owner_attr
Chef.node['homebrew']['owner']
end
def sudo_user
ENV['SUDO_USER']
end
def current_user
ENV['USER']
HomebrewUserWrapper.new.find_homebrew_username
rescue
Chef::Exceptions::CannotDetermineHomebrewPath
end.tap do |owner|
Chef::Log.debug("Homebrew owner is #{owner}")
end
end
end unless defined?(Homebrew)
class HomebrewWrapper
include Homebrew
end
Chef::Mixin::Homebrew.include(Homebrew)
+2 -2
View File
@@ -17,13 +17,13 @@
"recipes": {
},
"version": "5.4.1",
"version": "6.0.2",
"source_url": "https://github.com/sous-chefs/homebrew",
"issues_url": "https://github.com/sous-chefs/homebrew/issues",
"privacy": false,
"chef_versions": [
[
">= 15.3"
">= 18.6.2"
]
],
"ohai_versions": [
+2 -2
View File
@@ -3,9 +3,9 @@ maintainer 'Sous Chefs'
maintainer_email 'help@sous-chefs.org'
license 'Apache-2.0'
description 'Install Homebrew and includes resources for working with taps and casks'
version '5.4.1'
version '6.0.2'
supports 'mac_os_x'
source_url 'https://github.com/sous-chefs/homebrew'
issues_url 'https://github.com/sous-chefs/homebrew/issues'
chef_version '>= 15.3'
chef_version '>= 18.6.2'
+3 -2
View File
@@ -1,9 +1,10 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:base"],
"packageRules": [{
"packageRules": [
{
"groupName": "Actions",
"matchUpdateTypes": ["patch", "pin", "digest"],
"matchUpdateTypes": ["minor", "patch", "pin"],
"automerge": true,
"addLabels": ["Release: Patch", "Skip: Announcements"]
},
+1
View File
@@ -19,6 +19,7 @@
# limitations under the License.
#
unified_mode true
chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides)
property :cask_name, String, regex: %r{^[\w/-]+$}, name_property: true
+1
View File
@@ -19,6 +19,7 @@
# limitations under the License.
#
unified_mode true
chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides)
property :tap_name, String, name_property: true, regex: %r{^[\w-]+(?:\/[\w-]+)+$}
@@ -3,3 +3,5 @@ config:
line-length: false # MD013
no-duplicate-heading: false # MD024
reference-links-images: false # MD052
ignores:
- .github/copilot-instructions.md
+8
View File
@@ -0,0 +1,8 @@
{
"recommendations": [
"chef-software.chef",
"Shopify.ruby-lsp",
"editorconfig.editorconfig",
"DavidAnson.vscode-markdownlint"
]
}
+40 -1
View File
@@ -2,9 +2,48 @@
This file is used to list changes made in each version of the postfix cookbook.
## Unreleased
## 6.4.1 - *2025-09-04*
## 6.4.0 - *2025-07-30* ## 6.4.0 - *2025-07-30*
Standardise files with files in sous-chefs/repo-management
## 6.4.0 - *2025-07-30*
## 6.3.0 - *2025-07-30*
- Use LMDB instead of hash on el10
## 6.3.0 - *2025-07-30*
## 6.2.2 - *2025-01-30*
## 6.2.1 - *2025-01-30*
## 6.2.0 - *2025-01-30*
## 6.2.0
- Correctly fix aliases quoting logic
- Convert all serverspec tests to inspec
- Add Github actions
- Update platforms to test
## 6.0.29 - *2024-11-18*
- Standardise files with files in sous-chefs/repo-management
## 6.0.28 - *2024-07-15*
- Standardise files with files in sous-chefs/repo-management
## 6.0.27 - *2024-05-06*
## 6.0.26 - *2023-10-03*
- add installation of postfix addon packages for RHEL 8
- Add installation of postfix addon packages for RHEL 8
## 6.0.25 - *2023-10-03*
+21 -9
View File
@@ -13,9 +13,10 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
default['postfix']['packages'] = %w(postfix)
default['postfix']['packages'] = value_for_platform(
amazon: { '>= 2023' => %w(postfix postfix-lmdb) },
default: %w(postfix)
)
# Generic cookbook attributes
default['postfix']['mail_type'] = 'client'
default['postfix']['relayhost_role'] = 'relayhost'
@@ -37,11 +38,19 @@ default['postfix']['master_template_source'] = 'postfix'
default['postfix']['sender_canonical_map_entries'] = {}
default['postfix']['smtp_generic_map_entries'] = {}
default['postfix']['recipient_canonical_map_entries'] = {}
default['postfix']['access_db_type'] = 'hash'
default['postfix']['aliases_db_type'] = 'hash'
default['postfix']['transport_db_type'] = 'hash'
default['postfix']['virtual_alias_db_type'] = 'hash'
default['postfix']['virtual_alias_domains_db_type'] = 'hash'
default['postfix']['db_type'] = value_for_platform(
%w(centos redhat almalinux rocky oracle) => { '>= 10' => 'lmdb' },
amazon: { '>= 2023' => 'lmdb' },
%w(opensuseleap suse) => { '>= 15' => 'lmdb' },
default: 'hash'
)
default['postfix']['access_db_type'] = lazy { node['postfix']['db_type'] }
default['postfix']['aliases_db_type'] = lazy { node['postfix']['db_type'] }
default['postfix']['transport_db_type'] = lazy { node['postfix']['db_type'] }
default['postfix']['virtual_alias_db_type'] = lazy { node['postfix']['db_type'] }
default['postfix']['virtual_alias_domains_db_type'] = lazy { node['postfix']['db_type'] }
case node['platform']
when 'smartos'
@@ -96,6 +105,9 @@ default['postfix']['main']['smtp_sasl_auth_enable'] = 'no'
default['postfix']['main']['mailbox_size_limit'] = 0
default['postfix']['main']['mynetworks'] = nil
default['postfix']['main']['inet_interfaces'] = 'loopback-only'
default['postfix']['main']['default_database_type'] = lazy { node['postfix']['db_type'] }
default['postfix']['main']['alias_database'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}" }
default['postfix']['main']['alias_maps'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}" }
# Conditional attributes, also reference _attributes recipe
case node['platform_family']
@@ -407,4 +419,4 @@ default['postfix']['aliases'] = if platform?('freebsd')
{}
end
default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
default['postfix']['main']['smtpd_relay_restrictions'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps'] }
+1 -1
View File
@@ -26,7 +26,7 @@
"recipes": {
},
"version": "6.0.26",
"version": "6.4.1",
"source_url": "https://github.com/sous-chefs/postfix",
"issues_url": "https://github.com/sous-chefs/postfix/issues",
"privacy": false,
+1 -1
View File
@@ -3,7 +3,7 @@ maintainer 'Sous Chefs'
maintainer_email 'help@sous-chefs.org'
license 'Apache-2.0'
description 'Installs and configures postfix for client or outbound relayhost, or to do SASL auth'
version '6.0.26'
version '6.4.1'
source_url 'https://github.com/sous-chefs/postfix'
issues_url 'https://github.com/sous-chefs/postfix/issues'
chef_version '>= 12.15'
+5 -7
View File
@@ -29,24 +29,22 @@ end
if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
node.default_unless['postfix']['sasl_password_file'] = "#{node['postfix']['conf_dir']}/sasl_passwd"
node.default_unless['postfix']['main']['smtp_sasl_password_maps'] = "hash:#{node['postfix']['sasl_password_file']}"
node.default_unless['postfix']['main']['smtp_sasl_password_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['sasl_password_file']}"
node.default_unless['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous'
node.default_unless['postfix']['sasl']['smtp_sasl_user_name'] = ''
node.default_unless['postfix']['sasl']['smtp_sasl_passwd'] = ''
node.default_unless['postfix']['main']['relayhost'] = ''
end
node.default_unless['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps']
node.default_unless['postfix']['main']['alias_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps']
node.default_unless['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps']
node.default_unless['postfix']['main']['transport_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps']
node.default_unless['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps']
node.default_unless['postfix']['main']['access_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps']
node.default_unless['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"] if node['postfix']['use_virtual_aliases']
node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"] if node['postfix']['use_virtual_aliases_domains']
node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "#{node['postfix']['db_type']}:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1 if node['postfix']['master']['maildrop']['active']
+3 -3
View File
@@ -155,7 +155,7 @@ unless node['postfix']['sender_canonical_map_entries'].empty?
notifies :reload, 'service[postfix]'
end
node.default['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps')
node.default['postfix']['main']['sender_canonical_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps')
end
execute 'update-postfix-smtp_generic' do
@@ -172,7 +172,7 @@ unless node['postfix']['smtp_generic_map_entries'].empty?
notifies :reload, 'service[postfix]'
end
node.default['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps')
node.default['postfix']['main']['smtp_generic_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps')
end
execute 'update-postfix-recipient_canonical' do
@@ -189,7 +189,7 @@ unless node['postfix']['recipient_canonical_map_entries'].empty?
notifies :reload, 'service[postfix]'
end
node.default['postfix']['main']['recipient_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps')
node.default['postfix']['main']['recipient_canonical_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps')
end
service 'postfix' do
+4 -4
View File
@@ -18,8 +18,8 @@ node['postfix']['maps'].each do |type, maps|
package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
end
if platform?('redhat') && node['platform_version'].to_i == 8
package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
if platform_family?('rhel') && node['platform_version'].to_i >= 8
package "postfix-#{type}" if %w(pgsql mysql ldap cdb lmdb).include?(type)
end
separator = if %w(pgsql mysql ldap memcache sqlite).include?(type)
@@ -32,7 +32,7 @@ node['postfix']['maps'].each do |type, maps|
command "postmap #{file}"
environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
action :nothing
end if %w(btree cdb dbm hash sdbm).include?(type)
end if %w(btree cdb dbm hash lmdb sdbm).include?(type)
template "#{file}-#{type}" do
path file
source 'maps.erb'
@@ -41,7 +41,7 @@ node['postfix']['maps'].each do |type, maps|
map: content,
separator: separator
)
notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash sdbm).include?(type)
notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash lmdb sdbm).include?(type)
notifies :restart, 'service[postfix]'
end
end
+3 -2
View File
@@ -1,9 +1,10 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:base"],
"packageRules": [{
"packageRules": [
{
"groupName": "Actions",
"matchUpdateTypes": ["patch", "pin", "digest"],
"matchUpdateTypes": ["minor", "patch", "pin"],
"automerge": true,
"addLabels": ["Release: Patch", "Skip: Announcements"]
},
+1 -1
View File
@@ -6,5 +6,5 @@
postmaster: root
<% node['postfix']['aliases'].each do |name, value| %>
<%= name %>: <%= [value].flatten.map{|x| if (x.include?("@")) then x else %Q("#{x}") end}.join(', ') %>
<%= name.match?(/[\s#:@]/) ? "\"#{name}\"" : name %>: <%= [value].flatten.map{|x| x.include?("|") ? "\"#{x}\"" : x}.join(',') %>
<% end unless node['postfix']['aliases'].nil? %>
+8
View File
@@ -0,0 +1,8 @@
ruby:
config_file: .rubocop.yml
java_script:
enabled: false
scss:
enabled: false
@@ -0,0 +1,9 @@
config:
ul-indent: false # MD007
line-length: false # MD013
no-duplicate-heading: false # MD024
reference-links-images: false # MD052
no-multiple-blanks:
maximum: 2
ignores:
- .github/copilot-instructions.md
@@ -0,0 +1,3 @@
{
".": "1.0.0"
}
+104
View File
@@ -0,0 +1,104 @@
# Change Log
All notable changes to this project will be documented in this file.
## [1.0.0](https://github.com/sous-chefs/prometheus/compare/v0.7.6...v1.0.0) (2026-04-29)
### ⚠ BREAKING CHANGES
* migrate prometheus resources ([#36](https://github.com/sous-chefs/prometheus/issues/36))
### Features
* migrate prometheus resources ([#36](https://github.com/sous-chefs/prometheus/issues/36)) ([6698649](https://github.com/sous-chefs/prometheus/commit/66986492fe0f069bc69474e19423b16e21563c16))
### Bug Fixes
* **ci:** Update workflows to use release pipeline ([#29](https://github.com/sous-chefs/prometheus/issues/29)) ([b991214](https://github.com/sous-chefs/prometheus/commit/b991214225164d55694966e535478a38e720a8f0))
## [0.7.6](https://github.com/sous-chefs/prometheus/compare/0.7.5...v0.7.6) (2025-10-16)
### Bug Fixes
* **ci:** Update workflows to use release pipeline ([#29](https://github.com/sous-chefs/prometheus/issues/29)) ([b991214](https://github.com/sous-chefs/prometheus/commit/b991214225164d55694966e535478a38e720a8f0))
## 0.7.2 - *2022-02-08*
* Remove delivery folder
Standardise files with files in sous-chefs/repo-management
## 0.7.1 - *2021-06-01*
* resolved cookstyle error: Thorfile:1:1 convention: `Style/Encoding`
* resolved cookstyle error: test/shared/spec_helper.rb:6:10 convention: `Style/ExpandPathArguments`
## [0.7.1 - *2021-06-01*][0.7.1 - *2021-06-01*]
### Changed
* Updated attributes and templates for Prometheus 0.15 release.
### Added
* Added upstart init for ubuntu platform.
## [0.5.1] - 2015-03-25
Changed
* Updated documentation.
## [0.5.0] - 2015-03-25
Added
* Added systemd init for redhat platform family version 7 or greater.
* Default init style per platform.
* Install Prometheus via pre-compiled binary.
* Added the prometheus_job resource for defining Prometheus scraping jobs.
* Attribute flag to externally manage prometheus.conf file.
Changed
* Removed flags that were deprecated in the prometheus 0.12.0 release.
### Contributors for this release
* [Eric Richardson](https://github.com/ewr) - External jobs config and prometheus job resource.
Thank You!
## [0.4.0] - 2015-03-12
### Fixed
* Fix init template path bug on chef 11.x.
## [0.3.0] - 2015-03-11
Fixed
* Fixed cookbook badge in README
## [0.2.0] - 2015-03-11
Fixed
* License defined in metadata.
## 0.1.0 - 2015-03-11
Changed
* Initial release of prometheus cookbook
[0.7.1 - *2021-06-01*]: https://github.com/rayrod2030/chef-prometheus/compare/0.5.1...HEAD
[0.5.1]: https://github.com/rayrod2030/chef-prometheus/compare/0.5.0...0.5.1
[0.5.0]: https://github.com/rayrod2030/chef-prometheus/compare/0.4.0...0.5.0
[0.4.0]: https://github.com/rayrod2030/chef-prometheus/compare/0.3.0...0.4.0
[0.3.0]: https://github.com/rayrod2030/chef-prometheus/compare/0.2.0...0.3.0
[0.2.0]: https://github.com/rayrod2030/chef-prometheus/compare/0.1.0...0.2.0
+201
View File
@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
+36
View File
@@ -0,0 +1,36 @@
# Limitations
This cookbook manages Prometheus and Alertmanager from upstream release archives or source builds.
## Upstream Support
Prometheus publishes precompiled archives for Prometheus and Alertmanager from the official download page and GitHub releases. As of April 28, 2026, the cookbook defaults to:
* Prometheus 3.11.2 `linux-amd64` and `linux-arm64`
* Alertmanager 0.32.0 `linux-amd64` and `linux-arm64`
The upstream projects also publish Docker images and archives for other operating systems. This cookbook only supports Linux systemd hosts.
## Platform Support
Supported platforms are modern systemd Linux distributions declared in `metadata.rb`:
* AlmaLinux 8+
* Amazon Linux 2023+
* CentOS Stream 9+
* Debian 12+
* Fedora
* Oracle Linux 8+
* Red Hat Enterprise Linux 8+
* Rocky Linux 8+
* Ubuntu 20.04+
Legacy init systems are not supported. The cookbook no longer manages runit, upstart, or SysV init services.
## Installation Constraints
The default binary installation path uses official Linux tarballs for `amd64` or `arm64`. Override `architecture`, `binary_url`, `checksum`, and `file_extension` when using another upstream artifact or a private mirror.
Source installs require build tooling, Git, and the upstream Go build chain expected by the selected Prometheus or Alertmanager version. Source builds are retained for compatibility but binary installs are the primary supported path.
Prometheus and Alertmanager are not installed from operating system package repositories by these resources.
+67
View File
@@ -0,0 +1,67 @@
# prometheus Cookbook
This cookbook provides custom resources for installing and configuring [Prometheus][] and Alertmanager.
## Requirements
* Chef Infra Client 16.0 or later
* A systemd Linux platform listed in [LIMITATIONS.md](LIMITATIONS.md)
See [LIMITATIONS.md](LIMITATIONS.md) for upstream platform and installation constraints.
## Resources
* [prometheus_install](documentation/prometheus_install.md)
* [prometheus_config](documentation/prometheus_config.md)
* [prometheus_service](documentation/prometheus_service.md)
* [prometheus_job](documentation/prometheus_job.md)
* [prometheus_alertmanager_install](documentation/prometheus_alertmanager_install.md)
* [prometheus_alertmanager_config](documentation/prometheus_alertmanager_config.md)
* [prometheus_alertmanager_service](documentation/prometheus_alertmanager_service.md)
See [migration.md](migration.md) for migration notes from the legacy recipe and attribute interface.
## Usage
```ruby
prometheus_install 'prometheus'
prometheus_config 'prometheus'
prometheus_job 'prometheus' do
scrape_interval '15s'
target 'localhost:9090'
end
prometheus_service 'prometheus'
```
Alertmanager:
```ruby
prometheus_alertmanager_install 'alertmanager'
prometheus_alertmanager_config 'alertmanager'
prometheus_alertmanager_service 'alertmanager'
```
## License & Authors
* Author: Ray Rodriguez <rayrod2030@gmail.com>
* Author: kristian järvenpää <kristian.jarvenpaa@gmail.com>
* Maintainer: Sous Chefs
```text
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```
[Prometheus]: https://github.com/prometheus/prometheus
+10
View File
@@ -0,0 +1,10 @@
require 'bundler'
require 'bundler/setup'
require 'berkshelf/thor'
begin
require 'kitchen/thor_tasks'
Kitchen::ThorTasks.new
rescue LoadError
puts '>>>>> Kitchen gem not loaded, omitting tasks' unless ENV['CI']
end
+115
View File
@@ -0,0 +1,115 @@
# Put files/directories that should be ignored in this file when uploading
# to a Chef Infra Server or Supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
ehthumbs.db
Icon?
nohup.out
Thumbs.db
.envrc
# EDITORS #
###########
.#*
.project
.settings
*_flymake
*_flymake.*
*.bak
*.sw[a-z]
*.tmproj
*~
\#*
REVISION
TAGS*
tmtags
.vscode
.editorconfig
## COMPILED ##
##############
*.class
*.com
*.dll
*.exe
*.o
*.pyc
*.so
*/rdoc/
a.out
mkmf.log
# Testing #
###########
.circleci/*
.codeclimate.yml
.delivery/*
.foodcritic
.kitchen*
.mdlrc
.overcommit.yml
.rspec
.rubocop.yml
.travis.yml
.watchr
.yamllint
azure-pipelines.yml
Dangerfile
examples/*
features/*
Guardfile
kitchen*.yml
mlc_config.json
Procfile
Rakefile
spec/*
test/*
# SCM #
#######
.git
.gitattributes
.gitconfig
.github/*
.gitignore
.gitkeep
.gitmodules
.svn
*/.bzr/*
*/.git
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
Gemfile
Gemfile.lock
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Documentation #
#############
CODE_OF_CONDUCT*
CONTRIBUTING*
documentation/*
TESTING*
UPGRADING*
# Vagrant #
###########
.vagrant
Vagrantfile
+78
View File
@@ -0,0 +1,78 @@
# frozen_string_literal: true
require 'uri'
module PrometheusCookbook
module Helpers
def archive_name(component, version, url)
basename = ::File.basename(URI.parse(url).path)
basename.sub(/(?:\.tar\.gz|\.tgz|\.tar\.bz2|\.tar\.xz|\.zip)\z/, '')
rescue URI::InvalidURIError
"#{component}-#{version}"
end
def install_dir_parent(install_dir)
::File.dirname(install_dir)
end
def install_dir_name(install_dir)
::File.basename(install_dir)
end
def prometheus_flags(resource)
flag_pairs = if Gem::Version.new(resource.version) < Gem::Version.new('2.0.0-alpha.0')
resource.flags.map { |key, value| "-#{key}=#{value}" unless value == '' }
else
resource.cli_options.map { |key, value| "--#{key}=#{value}" unless value == '' } +
resource.cli_flags.map { |flag| "--#{flag}" unless flag == '' }
end
flag_pairs.compact.join(' ')
end
def prometheus_unit_content(resource)
{
Unit: {
Description: 'Prometheus',
After: 'network.target auditd.service',
},
Service: {
Type: 'simple',
Environment: "GOMAXPROCS=#{node['cpu']['total'] || 1}",
User: resource.user,
Group: resource.group,
ExecStart: "#{resource.binary} #{prometheus_flags(resource)}",
ExecReload: '/bin/kill -HUP $MAINPID',
Restart: 'always',
},
Install: {
WantedBy: 'multi-user.target',
},
}
end
def alertmanager_unit_content(resource)
{
Unit: {
Description: 'Prometheus Alertmanager',
After: 'network.target',
},
Service: {
User: resource.user,
Group: resource.group,
ExecStart: [
resource.binary,
"--log.level=#{resource.log_level}",
"--storage.path=#{resource.storage_path}",
"--config.file=#{resource.config_file}",
"--web.external-url=#{resource.external_url}",
].join(' '),
Restart: 'always',
},
Install: {
WantedBy: 'multi-user.target',
},
}
end
end
end
+44
View File
@@ -0,0 +1,44 @@
{
"name": "prometheus",
"description": "Provides custom resources for installing and configuring Prometheus and Alertmanager",
"long_description": "",
"maintainer": "Sous Chefs",
"maintainer_email": "help@sous-chefs.org",
"license": "Apache-2.0",
"platforms": {
"almalinux": ">= 8.0",
"amazon": ">= 2023.0",
"centos_stream": ">= 9.0",
"debian": ">= 12.0",
"fedora": ">= 0.0.0",
"oracle": ">= 8.0",
"redhat": ">= 8.0",
"rocky": ">= 8.0",
"ubuntu": ">= 20.04"
},
"dependencies": {
"ark": ">= 0.0.0"
},
"providing": {
},
"recipes": {
},
"version": "1.0.0",
"source_url": "https://github.com/sous-chefs/prometheus",
"issues_url": "https://github.com/sous-chefs/prometheus/issues",
"privacy": false,
"chef_versions": [
[
">= 16.0"
]
],
"ohai_versions": [
],
"gems": [
],
"eager_load_libraries": true
}
+23
View File
@@ -0,0 +1,23 @@
# frozen_string_literal: true
name 'prometheus'
maintainer 'Sous Chefs'
maintainer_email 'help@sous-chefs.org'
license 'Apache-2.0'
description 'Provides custom resources for installing and configuring Prometheus and Alertmanager'
version '1.0.0'
source_url 'https://github.com/sous-chefs/prometheus'
issues_url 'https://github.com/sous-chefs/prometheus/issues'
chef_version '>= 16.0'
depends 'ark'
supports 'almalinux', '>= 8.0'
supports 'amazon', '>= 2023.0'
supports 'centos_stream', '>= 9.0'
supports 'debian', '>= 12.0'
supports 'fedora'
supports 'oracle', '>= 8.0'
supports 'redhat', '>= 8.0'
supports 'rocky', '>= 8.0'
supports 'ubuntu', '>= 20.04'
+36
View File
@@ -0,0 +1,36 @@
# Migration
This cookbook has been migrated from recipes and attributes to custom resources.
## Removed Entry Points
The `recipes/` and `attributes/` directories were removed. Wrapper cookbooks should call the resources directly and pass property values instead of overriding `node['prometheus']` attributes.
Legacy runit, upstart, and SysV init behavior was removed. Services are managed with Chef's `systemd_unit` resource.
## Resource Mapping
Use these resources in place of the old recipes:
* `prometheus_install` replaces `prometheus::binary`, `prometheus::shell_binary`, and `prometheus::source`.
* `prometheus_config` replaces the Prometheus configuration portion of `prometheus::default`.
* `prometheus_service` replaces `prometheus::service`.
* `prometheus_alertmanager_install` replaces `prometheus::alertmanager_binary` and `prometheus::alertmanager_source`.
* `prometheus_alertmanager_config` replaces the Alertmanager configuration portion of `prometheus::alertmanager`.
* `prometheus_alertmanager_service` replaces the Alertmanager service portion of `prometheus::alertmanager`.
* `prometheus_job` remains available and now uses explicit properties instead of node attributes.
## Example
```ruby
prometheus_install 'prometheus'
prometheus_config 'prometheus'
prometheus_job 'prometheus' do
scrape_interval '15s'
target 'localhost:9090'
end
prometheus_service 'prometheus'
```
@@ -0,0 +1,12 @@
{
"packages": {
".": {
"package-name": "prometheus",
"changelog-path": "CHANGELOG.md",
"release-type": "ruby",
"include-component-in-tag": false,
"version-file": "metadata.rb"
}
},
"$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json"
}
+18
View File
@@ -0,0 +1,18 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:base"],
"packageRules": [
{
"groupName": "Actions",
"matchUpdateTypes": ["minor", "patch", "pin"],
"automerge": true,
"addLabels": ["Release: Patch", "Skip: Announcements"]
},
{
"groupName": "Actions",
"matchUpdateTypes": ["major"],
"automerge": false,
"addLabels": ["Release: Patch", "Skip: Announcements"]
}
]
}
@@ -0,0 +1,21 @@
# frozen_string_literal: true
property :version, String, default: '0.32.0'
property :binary, String, default: '/opt/prometheus/alertmanager'
property :architecture, String, equal_to: %w(amd64 arm64), default: lazy {
node['kernel']['machine'] == 'aarch64' ? 'arm64' : 'amd64'
}
property :binary_url, String, default: lazy { "https://github.com/prometheus/alertmanager/releases/download/v#{version}/alertmanager-#{version}.linux-#{architecture}.tar.gz" }
property :checksum, String, default: lazy {
{
'amd64' => 'be72f50f6124ec53d944c0f100f8ec8108d969bade02fcc9f06a3068ff6c726f',
'arm64' => '7812e12699694974f57ecc0b0400913c6c0d90190630d4332a7994a44982b1ed',
}[architecture]
}
property :file_extension, String, default: ''
property :source_repository, String, default: 'https://github.com/prometheus/alertmanager.git'
property :source_revision, String, default: lazy { "v#{version}" }
property :config_file, String, default: '/opt/prometheus/alertmanager.yml'
property :storage_path, String, default: '/opt/prometheus/data'
property :external_url, String, default: 'http://127.0.0.1/alert-manager/'
property :log_level, String, default: 'debug'
@@ -0,0 +1,8 @@
# frozen_string_literal: true
property :install_dir, String, default: '/opt/prometheus'
property :log_dir, String, default: '/var/log/prometheus'
property :user, String, default: 'prometheus'
property :group, String, default: 'prometheus'
property :use_existing_user, [true, false], default: false
property :install_method, String, equal_to: %w(binary shell_binary source), default: 'binary'
@@ -0,0 +1,71 @@
# frozen_string_literal: true
property :version, String, default: '3.11.2'
property :binary, String, default: '/opt/prometheus/prometheus'
property :architecture, String, equal_to: %w(amd64 arm64), default: lazy {
node['kernel']['machine'] == 'aarch64' ? 'arm64' : 'amd64'
}
property :binary_url, String, default: lazy { "https://github.com/prometheus/prometheus/releases/download/v#{version}/prometheus-#{version}.linux-#{architecture}.tar.gz" }
property :checksum, String, default: lazy {
{
'amd64' => 'f643ea1ee90d109329302d27bddb1fb2e52655b1fa84e9e26f9a6f340da144a6',
'arm64' => '4e40f115655a3021744137f49287846bc5a59e02835565748ff66b23e776a73d',
}[architecture]
}
property :file_extension, String, default: ''
property :source_repository, String, default: 'https://github.com/prometheus/prometheus.git'
property :source_revision, String, default: lazy { "v#{version}" }
property :config_file, String, default: '/opt/prometheus/prometheus.yml'
property :storage_path, String, default: '/var/lib/prometheus'
property :flags, Hash, default: lazy {
legacy_flags = {
'config.file' => config_file,
'log.level' => 'info',
'alertmanager.timeout' => '10s',
'alertmanager.notification-queue-capacity' => 100,
'alertmanager.url' => 'http://127.0.0.1/alert-manager/',
'query.max-concurrency' => 20,
'query.staleness-delta' => '5m',
'query.timeout' => '2m',
'storage.local.checkpoint-dirty-series-limit' => 5000,
'storage.local.checkpoint-interval' => '5m',
'storage.local.dirty' => false,
'storage.local.index-cache-size.fingerprint-to-metric' => 10_485_760,
'storage.local.index-cache-size.fingerprint-to-timerange' => 5_242_880,
'storage.local.index-cache-size.label-name-to-label-values' => 10_485_760,
'storage.local.index-cache-size.label-pair-to-fingerprints' => 20_971_520,
'storage.local.memory-chunks' => 1_048_576,
'storage.local.path' => storage_path,
'storage.local.pedantic-checks' => false,
'storage.local.retention' => '360h0m0s',
'storage.local.series-sync-strategy' => 'adaptive',
'storage.remote.influxdb-url' => '',
'storage.remote.influxdb.database' => 'prometheus',
'storage.remote.influxdb.retention-policy' => 'default',
'storage.remote.opentsdb-url' => '',
'storage.remote.timeout' => '30s',
'web.console.libraries' => 'console_libraries',
'web.console.templates' => 'consoles',
'web.enable-remote-shutdown' => false,
'web.external-url' => '',
'web.listen-address' => ':9090',
'web.telemetry-path' => '/metrics',
'web.user-assets' => '',
}
legacy_flags['web.use-local-assets'] = false if Gem::Version.new(version) <= Gem::Version.new('0.16.2')
legacy_flags
}
property :cli_options, Hash, default: lazy {
{
'config.file' => config_file,
'log.level' => 'info',
'query.max-concurrency' => 20,
'query.lookback-delta' => '5m',
'query.timeout' => '2m',
'storage.tsdb.path' => storage_path,
'storage.tsdb.retention.time' => '15d',
'web.listen-address' => ':9090',
'web.telemetry-path' => '/metrics',
}
}
property :cli_flags, Array, default: ['web.enable-lifecycle']
@@ -0,0 +1,30 @@
# frozen_string_literal: true
provides :prometheus_alertmanager_config
unified_mode true
use '_partial/_common'
use '_partial/_alertmanager'
property :template_cookbook, String, default: 'prometheus'
property :template_source, String, default: 'alertmanager.yml.erb'
property :notification_config, Hash, default: {}
default_action :create
action :create do
template new_resource.config_file do
cookbook new_resource.template_cookbook
source new_resource.template_source
mode '0644'
owner new_resource.user
group new_resource.group
variables(notification_config: new_resource.notification_config)
end
end
action :delete do
file new_resource.config_file do
action :delete
end
end
@@ -0,0 +1,89 @@
# frozen_string_literal: true
provides :prometheus_alertmanager_install
unified_mode true
use '_partial/_common'
use '_partial/_alertmanager'
default_action :install
action_class do
include PrometheusCookbook::Helpers
end
action :install do
user new_resource.user do
system true
shell '/bin/false'
home new_resource.install_dir
not_if { new_resource.use_existing_user || new_resource.user == 'root' }
end
directory new_resource.install_dir do
owner new_resource.user
group new_resource.group
mode '0755'
recursive true
end
directory new_resource.log_dir do
owner new_resource.user
group new_resource.group
mode '0755'
recursive true
end
directory new_resource.storage_path do
owner new_resource.user
group new_resource.group
mode '0755'
recursive true
end
case new_resource.install_method
when 'binary'
package %w(tar bzip2)
ark install_dir_name(new_resource.install_dir) do
url new_resource.binary_url
checksum new_resource.checksum
version new_resource.version
prefix_root Chef::Config['file_cache_path']
path install_dir_parent(new_resource.install_dir)
owner new_resource.user
group new_resource.group
extension new_resource.file_extension unless new_resource.file_extension.empty?
action :put
end
when 'shell_binary'
package %w(tar bzip2)
remote_file "#{Chef::Config[:file_cache_path]}/alertmanager-#{new_resource.version}.tar.gz" do
source new_resource.binary_url
checksum new_resource.checksum
action :create
notifies :run, 'execute[install_alertmanager_archive]', :immediately
end
execute 'install_alertmanager_archive' do
command "tar -xzf #{Chef::Config[:file_cache_path]}/alertmanager-#{new_resource.version}.tar.gz -C #{new_resource.install_dir} --strip-components=1"
action :nothing
end
when 'source'
build_essential 'install compilation tools'
package %w(curl git-core mercurial gzip sed)
git "#{Chef::Config[:file_cache_path]}/alertmanager-#{new_resource.version}" do
repository new_resource.source_repository
revision new_resource.source_revision
action :checkout
end
bash 'compile_alertmanager_source' do
cwd "#{Chef::Config[:file_cache_path]}/alertmanager-#{new_resource.version}"
code "make && mv alertmanager #{new_resource.install_dir}"
end
end
end
@@ -0,0 +1,56 @@
# frozen_string_literal: true
provides :prometheus_alertmanager_service
unified_mode true
use '_partial/_common'
use '_partial/_alertmanager'
default_action :create
action_class do
include PrometheusCookbook::Helpers
end
action :create do
systemd_unit 'alertmanager.service' do
content alertmanager_unit_content(new_resource)
action [:create, :enable, :start]
end
end
action :enable do
systemd_unit 'alertmanager.service' do
action :enable
end
end
action :start do
systemd_unit 'alertmanager.service' do
action :start
end
end
action :restart do
systemd_unit 'alertmanager.service' do
action :restart
end
end
action :reload do
systemd_unit 'alertmanager.service' do
action :reload
end
end
action :stop do
systemd_unit 'alertmanager.service' do
action [:stop, :disable]
end
end
action :delete do
systemd_unit 'alertmanager.service' do
action [:stop, :disable, :delete]
end
end
+44
View File
@@ -0,0 +1,44 @@
# frozen_string_literal: true
provides :prometheus_config
unified_mode true
use '_partial/_common'
use '_partial/_prometheus'
property :template_cookbook, String, default: 'prometheus'
property :template_source, String, default: 'prometheus.yml.erb'
property :rule_filenames, [Array, nil], default: nil
property :global_config, Hash, default: {
'scrape_interval' => '60s',
'evaluation_interval' => '60s',
}
property :allow_external_config, [true, false], default: false
default_action :create
action :create do
config_resource = new_resource
with_run_context :root do
template config_resource.config_file do
cookbook config_resource.template_cookbook
source config_resource.template_source
mode '0644'
owner config_resource.user
group config_resource.group
variables(
global_config: config_resource.global_config,
jobs: {},
rule_filenames: config_resource.rule_filenames
)
not_if { config_resource.allow_external_config }
end
end
end
action :delete do
file new_resource.config_file do
action :delete
end
end
+98
View File
@@ -0,0 +1,98 @@
# frozen_string_literal: true
provides :prometheus_install
unified_mode true
use '_partial/_common'
use '_partial/_prometheus'
default_action :install
action_class do
include PrometheusCookbook::Helpers
end
action :install do
user new_resource.user do
system true
shell '/bin/false'
home new_resource.install_dir
not_if { new_resource.use_existing_user || new_resource.user == 'root' }
end
directory new_resource.install_dir do
owner new_resource.user
group new_resource.group
mode '0755'
recursive true
end
directory new_resource.log_dir do
owner new_resource.user
group new_resource.group
mode '0755'
recursive true
end
directory new_resource.storage_path do
owner new_resource.user
group new_resource.group
mode '0755'
recursive true
end
case new_resource.install_method
when 'binary'
package %w(tar bzip2)
ark install_dir_name(new_resource.install_dir) do
url new_resource.binary_url
checksum new_resource.checksum
version new_resource.version
prefix_root Chef::Config['file_cache_path']
path install_dir_parent(new_resource.install_dir)
owner new_resource.user
group new_resource.group
extension new_resource.file_extension unless new_resource.file_extension.empty?
action :put
end
when 'shell_binary'
package %w(tar bzip2)
remote_file "#{Chef::Config[:file_cache_path]}/prometheus-#{new_resource.version}.tar.gz" do
source new_resource.binary_url
checksum new_resource.checksum
action :create
notifies :run, 'execute[install_prometheus_archive]', :immediately
end
execute 'install_prometheus_archive' do
command "tar -xzf #{Chef::Config[:file_cache_path]}/prometheus-#{new_resource.version}.tar.gz -C #{new_resource.install_dir} --strip-components=1"
action :nothing
end
when 'source'
build_essential 'install compilation tools'
package %w(curl git-core mercurial gzip sed)
git "#{Chef::Config[:file_cache_path]}/prometheus-#{new_resource.version}" do
repository new_resource.source_repository
revision new_resource.source_revision
action :checkout
end
bash 'compile_prometheus_source' do
cwd "#{Chef::Config[:file_cache_path]}/prometheus-#{new_resource.version}"
environment(
'PATH' => "/usr/local/go/bin:#{ENV.fetch('PATH', nil)}",
'GOPATH' => '/opt/go:/opt/go/src/github.com/prometheus/promu/vendor'
)
code <<~EOH
make build
mv prometheus #{new_resource.install_dir}
cp -R console_libraries #{new_resource.install_dir}
cp -R consoles #{new_resource.install_dir}
EOH
end
end
end
+41
View File
@@ -0,0 +1,41 @@
# frozen_string_literal: true
provides :prometheus_job
unified_mode true
property :scrape_interval, String
property :scrape_timeout, String
property :labels, Hash
property :target, [Array, String], required: true
property :metrics_path, String, default: '/metrics'
property :config_file, String, default: '/opt/prometheus/prometheus.yml'
property :allow_external_config, [true, false], default: false
default_action :create
action :create do
job_resource = new_resource
with_run_context :root do
edit_resource(:template, job_resource.config_file) do
variables[:jobs] ||= {}
variables[:jobs][job_resource.name] ||= {}
variables[:jobs][job_resource.name]['scrape_interval'] = job_resource.scrape_interval
variables[:jobs][job_resource.name]['scrape_timeout'] = job_resource.scrape_timeout
variables[:jobs][job_resource.name]['target'] = job_resource.target
variables[:jobs][job_resource.name]['metrics_path'] = job_resource.metrics_path
variables[:jobs][job_resource.name]['labels'] = job_resource.labels
action :nothing
delayed_action :create
not_if { job_resource.allow_external_config }
end
end
end
action :delete do
file new_resource.config_file do
action :delete
end
end
+56
View File
@@ -0,0 +1,56 @@
# frozen_string_literal: true
provides :prometheus_service
unified_mode true
use '_partial/_common'
use '_partial/_prometheus'
default_action :create
action_class do
include PrometheusCookbook::Helpers
end
action :create do
systemd_unit 'prometheus.service' do
content prometheus_unit_content(new_resource)
action [:create, :enable, :start]
end
end
action :enable do
systemd_unit 'prometheus.service' do
action :enable
end
end
action :start do
systemd_unit 'prometheus.service' do
action :start
end
end
action :restart do
systemd_unit 'prometheus.service' do
action :restart
end
end
action :reload do
systemd_unit 'prometheus.service' do
action :reload
end
end
action :stop do
systemd_unit 'prometheus.service' do
action [:stop, :disable]
end
end
action :delete do
systemd_unit 'prometheus.service' do
action [:stop, :disable, :delete]
end
end
@@ -0,0 +1,115 @@
global:
# The smarthost and SMTP sender used for mail notifications.
smtp_smarthost: 'localhost:25'
smtp_from: 'alertmanager@example.org'
# The root route on which each incoming alert enters.
route:
# The root route must not have any matchers as it is the entry point for
# all alerts. It needs to have a receiver configured so alerts that do not
# match any of the sub-routes are sent to someone.
receiver: 'team-X-mails'
# The labels by which incoming alerts are grouped together. For example,
# multiple alerts coming in for cluster=A and alertname=LatencyHigh would
# be batched into a single group.
group_by: ['alertname', 'cluster']
# When a new group of alerts is created by an incoming alert, wait at
# least 'group_wait' to send the initial notification.
# This way ensures that you get multiple alerts for the same group that start
# firing shortly after another are batched together on the first
# notification.
group_wait: 30s
# When the first notification was sent, wait 'group_interval' to send a batch
# of new alerts that started firing for that group.
group_interval: 5m
# If an alert has successfully been sent, wait 'repeat_interval' to
# resend them.
repeat_interval: 3h
# All the above attributes are inherited by all child routes and can
# overwritten on each.
# The child route trees.
routes:
# This routes performs a regular expression match on alert labels to
# catch alerts that are related to a list of services.
- match_re:
service: ^(foo1|foo2|baz)$
receiver: team-X-mails
# The service has a sub-route for critical alerts, any alerts
# that do not match, i.e. severity != critical, fall-back to the
# parent node and are sent to 'team-X-mails'
routes:
- match:
severity: critical
receiver: team-X-pager
- match:
service: files
receiver: team-Y-mails
routes:
- match:
severity: critical
receiver: team-Y-pager
# This route handles all alerts coming from a database service. If there's
# no team to handle it, it defaults to the DB team.
- match:
service: database
receiver: team-DB-pager
# Also group alerts by affected database.
group_by: [alertname, cluster, database]
routes:
- match:
owner: team-X
receiver: team-X-pager
- match:
owner: team-Y
receiver: team-Y-pager
# Inhibition rules allow to mute a set of alerts given that another alert is
# firing.
# We use this to mute any warning-level notifications if the same alert is
# already critical.
inhibit_rules:
- source_match:
severity: 'critical'
target_match:
severity: 'warning'
# Apply inhibition if the alertname is the same.
equal: ['alertname']
receivers:
- name: 'team-X-mails'
email_configs:
- to: 'team-X+alerts@example.org'
- name: 'team-X-pager'
email_configs:
- to: 'team-X+alerts-critical@example.org'
pagerduty_configs:
- service_key: <team-X-key>
- name: 'team-Y-mails'
email_configs:
- to: 'team-Y+alerts@example.org'
- name: 'team-Y-pager'
pagerduty_configs:
- service_key: <team-Y-key>
- name: 'team-DB-pager'
pagerduty_configs:
- service_key: <team-DB-key>
@@ -0,0 +1,33 @@
# Global default settings.
global:
<% @global_config.each do |k,v| %>
<%=k%>: "<%=v%>"
<% end %>
scrape_configs:
<% @jobs.each do |name, job| %>
- job_name: "<%= name %>"
<% if job['scrape_interval'] %>
scrape_interval: "<%= job['scrape_interval'] %>"
<% end %>
<% if job['scrape_timeout'] %>
scrape_timeout: "<%= job['scrape_timeout'] %>"
<% end %>
metrics_path: "<%= job['metrics_path'] %>"
static_configs:
- targets: <%= Array(job['target']) %>
<%if job['labels'] %>
labels:
<% job['labels'].each do |label,label_config| %>
<%=label%>: <%=label_config%>
<%end%>
<%end%>
<% end %>
<% if @rule_filenames %>
rule_files:
<% @rule_filenames.each do |filename| %>
- <%= filename %>
<% end %>
<% end %>
+64
View File
@@ -0,0 +1,64 @@
# CHANGELOG
This file is used to list changes made in each version of the unbound cookbook.
## 3.0.2 - *2023-10-02*
- Update Ci files and remove CircleCI config
## 3.0.1 - *2022-09-30*
- Add missing `fallback-enable` setting to `config_authority_zone`
## 3.0.0 - *2022-04-04*
- Add separate configuration resources
- Default recipe now only runs installation
- Refactor configuration template to be Hash driven
## 2.0.3 - *2022-03-04*
- resolved cookstyle error: .delivery/project.toml:2:8 convention: `Style/StringLiterals`
- resolved cookstyle error: .delivery/project.toml:4:10 convention: `Style/StringLiterals`
- resolved cookstyle error: .delivery/project.toml:5:13 convention: `Style/StringLiterals`
- resolved cookstyle error: .delivery/project.toml:6:10 convention: `Style/StringLiterals`
- resolved cookstyle error: .delivery/project.toml:7:9 convention: `Style/StringLiterals`
- resolved cookstyle error: .delivery/project.toml:8:14 convention: `Style/StringLiterals`
- resolved cookstyle error: .delivery/project.toml:9:11 convention: `Style/StringLiterals`
## 2.0.2 - *2021-08-31*
- Standardise files with files in sous-chefs/repo-management
## 2.0.1 - *2021-06-01*
- Updated tests folder to match other cookbooks
- Updated spec platform to supported version
## 2.0.0 - 2020-05-05
- Upgraded to circleci for testing
- Minimum Chef Infra Client version is now **13.0**
- Removed unused long_description metadata.rb field
- Simplify overly complex platform logic
- Migrate to actions for testing
## [1.0.1]
- Simplify logic with root_group
- Fix `root_group` not using new_resource
- Use strings for file modes
- Resolve foodcritic warnings in the `rr` resource
- Fix platform_family logic on the service Update platforms.
- Use dokken images for travis testing.
- Don't test on debian-8/9 and centos-6 as these services don't currently start.
- Account for a list of forward-addrs / effectively disable remote control (#27)
## [1.0.0]
- Add new custom resources `unbound_install` & `unbound_configure`
## [0.1.1]
- Adding support and kitchen testing for forward_zone generation
- Updating to use Sous Chefs guidelines
+201
View File
@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
+78
View File
@@ -0,0 +1,78 @@
# Unbound Cookbook
[![Cookbook Version](https://img.shields.io/cookbook/v/unbound.svg)](https://supermarket.chef.io/cookbooks/unbound)
[![Build Status](https://img.shields.io/circleci/project/github/sous-chefs/unbound/master.svg)](https://circleci.com/gh/sous-chefs/unbound)
[![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers)
[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors)
[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0)
Installs and manages the unbound DNS server.
- [http://unbound.net](http://unbound.net)
## Maintainers
This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If youd like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF).
## Requirements
### Platform
A platform with unbound available as a native package. The following platforms have unbound packaged, but note that the filesystem locations are not consistent and at this time only Linux + FHS is supported.
- Ubuntu/Debian
- Red Hat/CentOS/Fedora (requires EPEL)
- FreeBSD
### Chef
- Chef 16
## Resources
- [unbound_config_authority_zone](documentation/unbound_config_authority_zone.md)
- [unbound_config_cachedb](documentation/unbound_config_cachedb.md)
- [unbound_config_dns64](documentation/unbound_config_dns64.md)
- [unbound_config_dnscrypt](documentation/unbound_config_dnscrypt.md)
- [unbound_config_dnstap](documentation/unbound_config_dnstap.md)
- [unbound_config_dynamic_library](documentation/unbound_config_dynamic_library.md)
- [unbound_config_forward_zone](documentation/unbound_config_forward_zone.md)
- [unbound_config_python_script](documentation/unbound_config_python_script.md)
- [unbound_config_remote_control](documentation/unbound_config_remote_control.md)
- [unbound_config_rpz_zone](documentation/unbound_config_rpz_zone.md)
- [unbound_config_server](documentation/unbound_config_server.md)
- [unbound_config_stub_zone](documentation/unbound_config_stub_zone.md)
- [unbound_config_view](documentation/unbound_config_view.md)
- [unbound_package](documentation/unbound_package.md)
- [unbound_service](documentation/unbound_service.md)
## Recipes
### default
Installs unbound using defaults.
## Contributors
This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false)
### Backers
Thank you to all our backers!
![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40)
### Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website.
![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100)
+115
View File
@@ -0,0 +1,115 @@
# Put files/directories that should be ignored in this file when uploading
# to a Chef Infra Server or Supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
ehthumbs.db
Icon?
nohup.out
Thumbs.db
.envrc
# EDITORS #
###########
.#*
.project
.settings
*_flymake
*_flymake.*
*.bak
*.sw[a-z]
*.tmproj
*~
\#*
REVISION
TAGS*
tmtags
.vscode
.editorconfig
## COMPILED ##
##############
*.class
*.com
*.dll
*.exe
*.o
*.pyc
*.so
*/rdoc/
a.out
mkmf.log
# Testing #
###########
.circleci/*
.codeclimate.yml
.delivery/*
.foodcritic
.kitchen*
.mdlrc
.overcommit.yml
.rspec
.rubocop.yml
.travis.yml
.watchr
.yamllint
azure-pipelines.yml
Dangerfile
examples/*
features/*
Guardfile
kitchen.yml*
mlc_config.json
Procfile
Rakefile
spec/*
test/*
# SCM #
#######
.git
.gitattributes
.gitconfig
.github/*
.gitignore
.gitkeep
.gitmodules
.svn
*/.bzr/*
*/.git
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
Gemfile
Gemfile.lock
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Documentation #
#############
CODE_OF_CONDUCT*
CONTRIBUTING*
documentation/*
TESTING*
UPGRADING*
# Vagrant #
###########
.vagrant
Vagrantfile
+56
View File
@@ -0,0 +1,56 @@
---
driver:
name: dokken
privileged: true
chef_version: <%= ENV['CHEF_VERSION'] || 'current' %>
transport:
name: dokken
provisioner:
name: dokken
platforms:
- name: centos-7
driver:
image: dokken/centos-7
pid_one_command: /usr/lib/systemd/systemd
- name: centos-stream-8
driver:
image: dokken/centos-stream-8
pid_one_command: /usr/lib/systemd/systemd
- name: fedora-latest
driver:
image: dokken/fedora-latest
pid_one_command: /usr/lib/systemd/systemd
- name: ubuntu-18.04
driver:
image: dokken/ubuntu-18.04
pid_one_command: /bin/systemd
intermediate_instructions:
- RUN /usr/bin/apt-get update
- name: ubuntu-20.04
driver:
image: dokken/ubuntu-20.04
pid_one_command: /bin/systemd
intermediate_instructions:
- RUN /usr/bin/apt-get update
- name: debian-10
driver:
image: dokken/debian-10
pid_one_command: /bin/systemd
intermediate_instructions:
- RUN /usr/bin/apt-get update
- name: debian-11
driver:
image: dokken/debian-11
pid_one_command: /bin/systemd
intermediate_instructions:
- RUN /usr/bin/apt-get update
...
+59
View File
@@ -0,0 +1,59 @@
#
# Cookbook:: unbound
# Library:: helpers
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module Unbound
module Cookbook
module Helpers
def default_config_dir
return '/etc/unbound' if %i(unbound_config unbound_configure unbound_config_server).include?(declared_type)
return '/etc/unbound/unbound.conf.d' if platform?('debian', 'ubuntu')
case declared_type
when :unbound_config_local
'/etc/unbound/local.d'
when :unbound_config_key
'/etc/unbound/keys.d'
else
'/etc/unbound/conf.d'
end
end
def default_includes_dir
case node['platform_family']
when 'rhel', 'fedora'
%w(/etc/unbound/conf.d/*.conf /etc/unbound/local.d/*.conf)
when 'debian'
%w(/etc/unbound/unbound.conf.d/*.conf)
else
raise "Unsupported platform family #{node['platform_family']}"
end
end
def unbound_yes_no?(value)
case value
when true
'yes'
when false
'no'
when 'yes', 'YES', 'no', 'NO'
value.downcase
end
end
end
end
end
+26
View File
@@ -0,0 +1,26 @@
#
# Cookbook:: unbound
# Library:: template
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module Unbound
module Cookbook
module TemplateHelpers
def template_partial_indent(output, level, spaces = 2)
output.split("\n").each { |l| l.prepend(' ' * (level * spaces)) }.join("\n")
end
end
end
end
+42
View File
@@ -0,0 +1,42 @@
{
"name": "unbound",
"description": "Manages unbound DNS resolver",
"long_description": "",
"maintainer": "Sous Chefs",
"maintainer_email": "help@sous-chefs.org",
"license": "Apache-2.0",
"platforms": {
"debian": ">= 0.0.0",
"ubuntu": ">= 0.0.0",
"centos": ">= 0.0.0",
"redhat": ">= 0.0.0",
"scientific": ">= 0.0.0",
"oracle": ">= 0.0.0",
"amazon": ">= 0.0.0"
},
"dependencies": {
},
"providing": {
},
"recipes": {
},
"version": "3.0.2",
"source_url": "https://github.com/sous-chefs/unbound",
"issues_url": "https://github.com/sous-chefs/unbound/issues",
"privacy": false,
"chef_versions": [
[
">= 16"
]
],
"ohai_versions": [
],
"gems": [
],
"eager_load_libraries": true
}
+13
View File
@@ -0,0 +1,13 @@
name 'unbound'
maintainer 'Sous Chefs'
maintainer_email 'help@sous-chefs.org'
license 'Apache-2.0'
description 'Manages unbound DNS resolver'
version '3.0.2'
issues_url 'https://github.com/sous-chefs/unbound/issues'
source_url 'https://github.com/sous-chefs/unbound'
chef_version '>= 16'
%w(debian ubuntu centos redhat scientific oracle amazon).each do |os|
supports os
end
+25
View File
@@ -0,0 +1,25 @@
#
# Cookbook:: unbound
# Recipe:: default
#
# Copyright:: 2011, Joshua Timberman
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
log 'v3_warning' do
message 'Version 3.0.0 of this cookbook removed all configuration actions from the default recipe'
level :warn
end
unbound_package 'unbound'
+6
View File
@@ -0,0 +1,6 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
]
}
@@ -0,0 +1,93 @@
#
# Cookbook:: unbound
# Resource:: config_authority_zone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
provides :unbound_config_auth_zone
use 'partials/_config_file'
property :config_file, String,
default: lazy { "#{config_dir}/authority-zone-#{name}.conf" },
desired_state: false,
description: 'Set to override unbound configuration file.'
property :zone_name, String,
default: lazy { name }
property :primary, [String, Array],
coerce: proc { |p| Array(p) }
property :master, [String, Array],
coerce: proc { |p| Array(p) }
property :url, [String, Array],
coerce: proc { |p| Array(p) }
property :allow_notify, [String, Array],
coerce: proc { |p| Array(p) }
property :fallback_enabled, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :for_downstream, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :for_upstream, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :zonemd_check, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :zonemd_reject_absence, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :zonefile, String
load_current_value do |new_resource|
current_value_does_not_exist! unless ::File.exist?(new_resource.config_file)
if ::File.exist?(new_resource.config_file)
owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name
group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name
mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1]
end
end
action_class do
def do_template_action
zone_config = {
'name' => new_resource.zone_name,
'primary' => new_resource.primary.dup,
'master' => new_resource.master.dup,
'url' => new_resource.url.dup,
'allow-notify' => new_resource.allow_notify.dup,
'fallback-enabled' => new_resource.fallback_enabled,
'for-downstream' => new_resource.for_downstream,
'for-upstream' => new_resource.for_upstream,
'zonemd-check' => new_resource.zonemd_check,
'zonemd-reject-absence' => new_resource.zonemd_reject_absence,
'zonefile' => new_resource.zonefile,
}.compact
config = {
'auth-zone' => zone_config,
}
perform_config_action(config)
end
end
@@ -0,0 +1,67 @@
#
# Cookbook:: unbound
# Resource:: config_cachedb
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
use 'partials/_config_file'
property :config_file, String,
default: lazy { "#{config_dir}/cachedb.conf" },
desired_state: false,
description: 'Set to override unbound configuration file.'
property :backend, String
property :secret_seed, String
property :redis_server_host, String
property :redis_server_port, Integer
property :redis_timeout, Integer
property :redis_expire_records, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
load_current_value do |new_resource|
current_value_does_not_exist! unless ::File.exist?(new_resource.config_file)
if ::File.exist?(new_resource.config_file)
owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name
group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name
mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1]
end
end
action_class do
def do_template_action
cachedb_config = {
'backend' => new_resource.backend,
'secret-seed' => new_resource.secret_seed,
'redis-server-host' => new_resource.redis_server_host,
'redis-server-port' => new_resource.redis_server_port,
'redis-timeout' => new_resource.redis_timeout,
'redis-expire-records' => new_resource.redis_expire_records,
}.compact
config = {
'cachedb' => cachedb_config,
}
perform_config_action(config)
end
end
@@ -0,0 +1,58 @@
#
# Cookbook:: unbound
# Resource:: config_dns64
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
use 'partials/_config_file'
property :config_file, String,
default: lazy { "#{config_dir}/dns64.conf" },
desired_state: false,
description: 'Set to override unbound configuration file.'
property :dns64_prefix, String
property :dns64_synthall, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :dns64_ignore_aaaa, String
load_current_value do |new_resource|
current_value_does_not_exist! unless ::File.exist?(new_resource.config_file)
if ::File.exist?(new_resource.config_file)
owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name
group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name
mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1]
end
end
action_class do
def do_template_action
dns64_config = {
'dns64-prefix' => new_resource.dns64_prefix,
'dns64-synthall' => new_resource.dns64_synthall,
'dns64-ignore-aaaa' => new_resource.dns64_ignore_aaaa,
}.compact
config = {
'server' => dns64_config,
}
perform_config_action(config)
end
end
@@ -0,0 +1,80 @@
#
# Cookbook:: unbound
# Resource:: config_dnscrypt
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
use 'partials/_config_file'
property :config_file, String,
default: lazy { "#{config_dir}/dnscrypt.conf" },
desired_state: false,
description: 'Set to override unbound configuration file.'
property :dnscrypt_enable, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :dnscrypt_port, Integer
property :dnscrypt_provider, [String, Array],
coerce: proc { |p| Array(p) }
property :dnscrypt_secret_key, String
property :dnscrypt_provider_cert, String
property :dnscrypt_provider_cert_rotated, String
property :dnscrypt_shared_secret_cache_size, String
property :dnscrypt_shared_secret_cache_slabs, Integer
property :dnscrypt_nonce_cache_size, String
property :dnscrypt_nonce_cache_slabs, Integer
load_current_value do |new_resource|
current_value_does_not_exist! unless ::File.exist?(new_resource.config_file)
if ::File.exist?(new_resource.config_file)
owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name
group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name
mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1]
end
end
action_class do
def do_template_action
dnscrypt_config = {
'dnscrypt-enable' => new_resource.dnscrypt_enable,
'dnscrypt-port' => new_resource.dnscrypt_port,
'dnscrypt-provider' => new_resource.dnscrypt_provider.dup,
'dnscrypt-secret-key' => new_resource.dnscrypt_secret_key,
'dnscrypt-provider-cert' => new_resource.dnscrypt_provider_cert,
'dnscrypt-provider-cert-rotated' => new_resource.dnscrypt_provider_cert_rotated,
'dnscrypt-shared-secret-cache-size' => new_resource.dnscrypt_shared_secret_cache_size,
'dnscrypt-shared-secret-cache-slabs' => new_resource.dnscrypt_shared_secret_cache_slabs,
'dnscrypt-nonce-cache-size' => new_resource.dnscrypt_nonce_cache_size,
'dnscrypt-nonce-cache-slabs' => new_resource.dnscrypt_nonce_cache_slabs,
}.compact
config = {
'dnscrypt' => dnscrypt_config,
}
perform_config_action(config)
end
end
@@ -0,0 +1,116 @@
#
# Cookbook:: unbound
# Resource:: config_dnstap
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
use 'partials/_config_file'
property :config_file, String,
default: lazy { "#{config_dir}/dnstap.conf" },
desired_state: false,
description: 'Set to override unbound configuration file.'
property :dnstap_enable, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :dnstap_bidirectional, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :dnstap_socket_path, String
property :dnstap_ip, String
property :dnstap_tls, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :dnstap_tls_server_name, String
property :dnstap_tls_cert_bundle, String
property :dnstap_tls_client_key_file, String
property :dnstap_tls_client_cert_file, String
property :dnstap_send_identity, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :dnstap_send_version, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :dnstap_identity, String
property :dnstap_version, String
property :dnstap_log_resolver_query_messages, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :dnstap_log_resolver_response_messages, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :dnstap_log_client_query_messages, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :dnstap_log_client_response_messages, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :dnstap_log_forwarder_query_messages, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :dnstap_log_forwarder_response_messages, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
load_current_value do |new_resource|
current_value_does_not_exist! unless ::File.exist?(new_resource.config_file)
if ::File.exist?(new_resource.config_file)
owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name
group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name
mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1]
end
end
action_class do
def do_template_action
zone_config = {
'dnstap-enable' => new_resource.dnstap_enable,
'dnstap-bidirectional' => new_resource.dnstap_bidirectional,
'dnstap-socket-path' => new_resource.dnstap_socket_path,
'dnstap-ip' => new_resource.dnstap_ip,
'dnstap-tls' => new_resource.dnstap_tls,
'dnstap-tls-server-name' => new_resource.dnstap_tls_server_name,
'dnstap-tls-cert-bundle' => new_resource.dnstap_tls_cert_bundle,
'dnstap-tls-client-key-file' => new_resource.dnstap_tls_client_key_file,
'dnstap-tls-client-cert-file' => new_resource.dnstap_tls_client_cert_file,
'dnstap-send-identity' => new_resource.dnstap_send_identity,
'dnstap-send-version' => new_resource.dnstap_send_version,
'dnstap-identity' => new_resource.dnstap_identity,
'dnstap-version' => new_resource.dnstap_version,
'dnstap-log-resolver-query-messages' => new_resource.dnstap_log_resolver_query_messages,
'dnstap-log-resolver-response-messages' => new_resource.dnstap_log_resolver_response_messages,
'dnstap-log-client-query-messages' => new_resource.dnstap_log_client_query_messages,
'dnstap-log-client-response-messages' => new_resource.dnstap_log_client_response_messages,
'dnstap-log-forwarder-query-messages' => new_resource.dnstap_log_forwarder_query_messages,
'dnstap-log-forwarder-response-messages' => new_resource.dnstap_log_forwarder_response_messages,
}.compact
config = {
'dnstap' => zone_config,
}
perform_config_action(config)
end
end
@@ -0,0 +1,48 @@
#
# Cookbook:: unbound
# Resource:: config_dynamic_library
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
use 'partials/_config_file'
property :config_file, String,
default: lazy { "#{config_dir}/dyn-lib-#{name}.conf" },
desired_state: false,
description: 'Set to override unbound configuration file.'
property :dynlib_file, [String, Array],
coerce: proc { |p| Array(p) }
load_current_value do |new_resource|
current_value_does_not_exist! unless ::File.exist?(new_resource.config_file)
if ::File.exist?(new_resource.config_file)
owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name
group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name
mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1]
end
end
action_class do
def do_template_action
config = {
'dynlib-file' => new_resource.dynlib_file.dup,
}
perform_config_action(config)
end
end
@@ -0,0 +1,80 @@
#
# Cookbook:: unbound
# Resource:: config_forward_zone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
use 'partials/_config_file'
property :config_file, String,
default: lazy { "#{config_dir}/forward-zone-#{name}.conf" },
desired_state: false,
description: 'Set to override unbound configuration file.'
property :zone_name, String,
default: lazy { name }
property :forward_host, [String, Array],
coerce: proc { |p| Array(p) }
property :forward_addr, [String, Array],
coerce: proc { |p| Array(p) }
property :forward_first, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :forward_tls_upstream, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :forward_ssl_upstream, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :forward_tcp_upstream, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :forward_no_cache, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
load_current_value do |new_resource|
current_value_does_not_exist! unless ::File.exist?(new_resource.config_file)
if ::File.exist?(new_resource.config_file)
owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name
group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name
mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1]
end
end
action_class do
def do_template_action
zone_config = {
'name' => new_resource.zone_name,
'forward-host' => new_resource.forward_host.dup,
'forward-addr' => new_resource.forward_addr.dup,
'forward-first' => new_resource.forward_first,
'forward-tls-upstream' => new_resource.forward_tls_upstream,
'forward-ssl-upstream' => new_resource.forward_ssl_upstream,
'forward-tcp-upstream' => new_resource.forward_tcp_upstream,
'forward-no-cache' => new_resource.forward_no_cache,
}.compact
config = {
'forward-zone' => zone_config,
}
perform_config_action(config)
end
end
@@ -0,0 +1,53 @@
#
# Cookbook:: unbound
# Resource:: config_python_script
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
use 'partials/_config_file'
property :config_file, String,
default: lazy { "#{config_dir}/python-script-#{name}.conf" },
desired_state: false,
description: 'Set to override unbound configuration file.'
property :python_script, [String, Array],
coerce: proc { |p| Array(p) },
required: true
load_current_value do |new_resource|
current_value_does_not_exist! unless ::File.exist?(new_resource.config_file)
if ::File.exist?(new_resource.config_file)
owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name
group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name
mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1]
end
end
action_class do
def do_template_action
declare_resource(:package, 'python3-unbound')
config = {
'python' => {
'python-script' => new_resource.python_script.dup,
},
}
perform_config_action(config)
end
end
@@ -0,0 +1,77 @@
#
# Cookbook:: unbound
# Resource:: config_remote_control
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
use 'partials/_config_file'
property :config_file, String,
default: lazy { "#{config_dir}/remote-control.conf" },
desired_state: false,
description: 'Set to override unbound configuration file.'
property :control_enable, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :control_interface, [String, Array],
coerce: proc { |p| Array(p) }
property :control_port, Integer
property :control_use_cert, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :control_key_file, String
property :control_cert_file, String
property :server, String
property :server_key_file, String
property :server_cert_file, String
load_current_value do |new_resource|
current_value_does_not_exist! unless ::File.exist?(new_resource.config_file)
if ::File.exist?(new_resource.config_file)
owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name
group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name
mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1]
end
end
action_class do
def do_template_action
remote_control = {
'control-enable' => new_resource.control_enable,
'control-interface' => new_resource.control_interface.dup,
'control-port' => new_resource.control_port,
'control-use-cert' => new_resource.control_use_cert,
'control-key-file' => new_resource.control_key_file,
'control-cert-file' => new_resource.control_cert_file,
'server-key-file' => new_resource.server_key_file,
'server-cert-file' => new_resource.server_cert_file,
}.compact
config = {
'remote-control' => remote_control,
}
perform_config_action(config)
end
end
@@ -0,0 +1,98 @@
#
# Cookbook:: unbound
# Resource:: config_rpz_zone
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
unified_mode true
use 'partials/_config_file'
property :config_file, String,
default: lazy { "#{config_dir}/rpz-zone-#{name}.conf" },
desired_state: false,
description: 'Set to override unbound configuration file.'
property :zone_name, String,
default: lazy { name }
property :primary, [String, Array],
coerce: proc { |p| Array(p) }
property :master, [String, Array],
coerce: proc { |p| Array(p) }
property :url, [String, Array],
coerce: proc { |p| Array(p) }
property :allow_notify, [String, Array],
coerce: proc { |p| Array(p) }
property :zonefile, String
property :rpz_action_override, [String, Symbol],
equal_to: %w(nxdomain nodata passthru drop disabled cname),
coerce: proc { |p| p.to_s }
property :rpz_cname_override, String
property :rpz_log, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :rpz_log_name, String
property :rpz_signal_nxdomain_ra, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :for_downstream, [String, true, false],
coerce: proc { |p| unbound_yes_no?(p) }
property :tags, [String, Array],
coerce: proc { |p| "\"#{p.to_a.join(' ')} \"" }
load_current_value do |new_resource|
current_value_does_not_exist! unless ::File.exist?(new_resource.config_file)
if ::File.exist?(new_resource.config_file)
owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name
group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name
mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1]
end
end
action_class do
def do_template_action
zone_config = {
'name' => new_resource.zone_name,
'primary' => new_resource.primary.dup,
'master' => new_resource.master.dup,
'url' => new_resource.url.dup,
'allow-notify' => new_resource.allow_notify.dup,
'zonefile' => new_resource.zonefile,
'rpz-action-override' => new_resource.rpz_action_override,
'rpz-cname-override' => new_resource.rpz_cname_override,
'rpz-log' => new_resource.rpz_log,
'rpz-log-name' => new_resource.rpz_log_name,
'rpz-signal-nxfomain-ra' => new_resource.rpz_signal_nxdomain_ra,
'for-downstream' => new_resource.for_downstream,
'tags' => new_resource.tags.dup,
}.compact
config = {
'rpz' => zone_config,
}
perform_config_action(config)
end
end

Some files were not shown because too many files have changed in this diff Show More