Compare commits
9 Commits
chore/ejab
...
3524e9205c
| Author | SHA1 | Date | |
|---|---|---|---|
3524e9205c
|
|||
|
a26f03824e
|
|||
|
d51d4f9ae1
|
|||
|
0b2e3150aa
|
|||
|
b550fb3841
|
|||
|
adb160af2e
|
|||
|
0763574610
|
|||
|
ef413bdcf6
|
|||
|
c13a74e865
|
@@ -14,8 +14,7 @@
|
||||
"public_key": "024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946"
|
||||
},
|
||||
"nostr": {
|
||||
"public_key": "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a",
|
||||
"relay_url": "wss://nostr.kosmos.org"
|
||||
"public_key": "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a"
|
||||
}
|
||||
},
|
||||
"discourse": {
|
||||
@@ -106,10 +105,7 @@
|
||||
"strfry": {
|
||||
"domain": "nostr.kosmos.org",
|
||||
"real_ip_header": "x-real-ip",
|
||||
"policy_path": "/opt/strfry/strfry-policy.ts",
|
||||
"whitelist_pubkeys": [
|
||||
"b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a"
|
||||
],
|
||||
"policy_path": "/opt/strfry-policy.ts",
|
||||
"info": {
|
||||
"name": "Kosmos Relay",
|
||||
"description": "Members-only nostr relay for kosmos.org users",
|
||||
|
||||
@@ -57,7 +57,6 @@
|
||||
"kosmos_strfry::nginx",
|
||||
"kosmos_website",
|
||||
"kosmos_website::default",
|
||||
"kosmos_website::redirects",
|
||||
"kosmos-akkounts::nginx",
|
||||
"kosmos-akkounts::nginx_api",
|
||||
"kosmos-bitcoin::nginx_lndhub",
|
||||
|
||||
@@ -51,7 +51,6 @@
|
||||
"kosmos_strfry::nginx",
|
||||
"kosmos_website",
|
||||
"kosmos_website::default",
|
||||
"kosmos_website::redirects",
|
||||
"kosmos-akkounts::nginx",
|
||||
"kosmos-akkounts::nginx_api",
|
||||
"kosmos-bitcoin::nginx_lndhub",
|
||||
|
||||
1254
nodes/strfry-1.json
1254
nodes/strfry-1.json
File diff suppressed because it is too large
Load Diff
@@ -30,7 +30,6 @@ production_run_list = %w(
|
||||
kosmos_rsk::nginx_mainnet
|
||||
kosmos_strfry::nginx
|
||||
kosmos_website::default
|
||||
kosmos_website::redirects
|
||||
kosmos-akkounts::nginx
|
||||
kosmos-akkounts::nginx_api
|
||||
kosmos-bitcoin::nginx_lndhub
|
||||
|
||||
@@ -22,7 +22,6 @@ node.default['akkounts']['lndhub']['public_key'] = nil
|
||||
node.default['akkounts']['lndhub']['postgres_db'] = 'lndhub'
|
||||
|
||||
node.default['akkounts']['nostr']['public_key'] = nil
|
||||
node.default['akkounts']['nostr']['relay_url'] = nil
|
||||
|
||||
node.default['akkounts']['s3_enabled'] = true
|
||||
node.default['akkounts']['s3_endpoint'] = "https://s3.kosmos.org"
|
||||
|
||||
@@ -163,7 +163,6 @@ env[:mediawiki_public_url] = node['mediawiki']['url']
|
||||
|
||||
env[:nostr_private_key] = credentials['nostr_private_key']
|
||||
env[:nostr_public_key] = node['akkounts']['nostr']['public_key']
|
||||
env[:nostr_relay_url] = node['akkounts']['nostr']['relay_url']
|
||||
|
||||
#
|
||||
# remoteStorage / Liquor Cabinet
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -216,7 +216,7 @@ modules:
|
||||
access_createnode: pubsub_createnode
|
||||
ignore_pep_from_offline: false
|
||||
last_item_cache: false
|
||||
max_items_node: 1000
|
||||
max_items_node: 10
|
||||
plugins:
|
||||
- "flat"
|
||||
- "pep" # pep requires mod_caps
|
||||
@@ -258,6 +258,8 @@ modules:
|
||||
type: turns
|
||||
transport: tcp
|
||||
restricted: true
|
||||
mod_vcard:
|
||||
search: false
|
||||
mod_vcard_xupdate: {}
|
||||
mod_avatar: {}
|
||||
mod_version: {}
|
||||
|
||||
@@ -28,9 +28,7 @@ template "#{node['openresty']['dir']}/snippets/mastodon.conf" do
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables web_root_dir: web_root_dir,
|
||||
server_name: server_name,
|
||||
s3_private_url: "#{node["kosmos-mastodon"]["s3_endpoint"]}/#{node["kosmos-mastodon"]["s3_bucket"]}/",
|
||||
s3_public_url: "https://#{node["kosmos-mastodon"]["s3_alias_host"]}/"
|
||||
server_name: server_name
|
||||
notifies :reload, 'service[openresty]', :delayed
|
||||
end
|
||||
|
||||
|
||||
@@ -108,13 +108,11 @@ location @proxy {
|
||||
|
||||
proxy_pass http://mastodon_app;
|
||||
proxy_buffering on;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
# https://github.com/mastodon/mastodon/issues/24380
|
||||
proxy_redirect <%= @s3_private_url %> <%= @s3_public_url %>;
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
node.default["gitea"]["version"] = "1.22.1"
|
||||
node.default["gitea"]["checksum"] = "b8043324545eec269fc8f18c22b49fc365ed367e0dd41e081b79832de2570f9c"
|
||||
node.default["gitea"]["version"] = "1.22.0"
|
||||
node.default["gitea"]["checksum"] = "a31086f073cb9592d28611394b2de3655db515d961e4fdcf5b549cb40753ef3d"
|
||||
node.default["gitea"]["working_directory"] = "/var/lib/gitea"
|
||||
node.default["gitea"]["port"] = 3000
|
||||
node.default["gitea"]["postgresql_host"] = "localhost:5432"
|
||||
|
||||
@@ -21,13 +21,8 @@ server {
|
||||
location ~ ^/(avatars|repo-avatars)/.*$ {
|
||||
proxy_buffers 1024 8k;
|
||||
proxy_pass http://_gitea_web;
|
||||
proxy_http_version 1.1;
|
||||
expires 30d;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Docker registry
|
||||
@@ -35,22 +30,12 @@ server {
|
||||
client_max_body_size 0;
|
||||
proxy_buffers 1024 8k;
|
||||
proxy_pass http://_gitea_web;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_buffers 1024 8k;
|
||||
proxy_pass http://_gitea_web;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,2 +1 @@
|
||||
node.default["strfry"]["ldap_search_dn"] = "ou=kosmos.org,cn=users,dc=kosmos,dc=org"
|
||||
node.default["strfry"]["extras_dir"] = "/opt/strfry"
|
||||
|
||||
@@ -11,23 +11,14 @@ include_recipe "deno"
|
||||
|
||||
ldap_credentials = Chef::EncryptedDataBagItem.load('credentials', 'dirsrv')
|
||||
|
||||
extras_dir = node["strfry"]["extras_dir"]
|
||||
|
||||
directory extras_dir do
|
||||
owner node["strfry"]["user"]
|
||||
group node["strfry"]["group"]
|
||||
mode "0755"
|
||||
end
|
||||
|
||||
env = {
|
||||
ldap_url: 'ldap://ldap.kosmos.local:389', # requires "ldap_client" role
|
||||
ldap_bind_dn: ldap_credentials["service_dn"],
|
||||
ldap_password: ldap_credentials["service_password"],
|
||||
ldap_search_dn: node["strfry"]["ldap_search_dn"],
|
||||
whitelist_pubkeys: node["strfry"]["whitelist_pubkeys"].join(",")
|
||||
ldap_search_dn: node["strfry"]["ldap_search_dn"]
|
||||
}
|
||||
|
||||
template "#{extras_dir}/.env" do
|
||||
template "/opt/.env" do
|
||||
source 'env.erb'
|
||||
owner node["strfry"]["user"]
|
||||
group node["strfry"]["group"]
|
||||
@@ -41,25 +32,9 @@ end
|
||||
# strfry deno scripts
|
||||
#
|
||||
|
||||
base_url = "https://gitea.kosmos.org/kosmos/akkounts/raw/branch/live/extras/strfry"
|
||||
base_url = "https://gitea.kosmos.org/kosmos/akkounts/raw/branch/master/extras/strfry"
|
||||
|
||||
remote_file "#{extras_dir}/deno.json" do
|
||||
source "#{base_url}/deno.json"
|
||||
owner node["strfry"]["user"]
|
||||
group node["strfry"]["group"]
|
||||
mode "0644"
|
||||
notifies :restart, "service[strfry]", :delayed
|
||||
end
|
||||
|
||||
remote_file "#{extras_dir}/deno.lock" do
|
||||
source "#{base_url}/deno.lock"
|
||||
owner node["strfry"]["user"]
|
||||
group node["strfry"]["group"]
|
||||
mode "0644"
|
||||
notifies :restart, "service[strfry]", :delayed
|
||||
end
|
||||
|
||||
remote_file "#{extras_dir}/strfry-policy.ts" do
|
||||
remote_file "/opt/strfry-policy.ts" do
|
||||
source "#{base_url}/strfry-policy.ts"
|
||||
owner node["strfry"]["user"]
|
||||
group node["strfry"]["group"]
|
||||
@@ -67,7 +42,7 @@ remote_file "#{extras_dir}/strfry-policy.ts" do
|
||||
notifies :restart, "service[strfry]", :delayed
|
||||
end
|
||||
|
||||
remote_file "#{extras_dir}/ldap-policy.ts" do
|
||||
remote_file "/opt/ldap-policy.ts" do
|
||||
source "#{base_url}/ldap-policy.ts"
|
||||
owner node["strfry"]["user"]
|
||||
group node["strfry"]["group"]
|
||||
@@ -75,9 +50,13 @@ remote_file "#{extras_dir}/ldap-policy.ts" do
|
||||
notifies :restart, "service[strfry]", :delayed
|
||||
end
|
||||
|
||||
remote_file "#{extras_dir}/strfry-sync.ts" do
|
||||
remote_file "/opt/strfry-sync.ts" do
|
||||
source "#{base_url}/strfry-sync.ts"
|
||||
owner node["strfry"]["user"]
|
||||
group node["strfry"]["group"]
|
||||
mode "0644"
|
||||
end
|
||||
|
||||
# service "strfry" do
|
||||
# action :nothing
|
||||
# end
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
node.default["kosmos_website"]["domain"] = "kosmos.org"
|
||||
node.default["kosmos_website"]["repo"] = "https://gitea.kosmos.org/kosmos/website.git"
|
||||
node.default["kosmos_website"]["revision"] = "chore/content"
|
||||
node.default["kosmos_website"]["accounts_url"] = "https://accounts.kosmos.org"
|
||||
node.default["kosmos_website"]["domain"] = "kosmos.org"
|
||||
node.default["kosmos_website"]["repo"] = "https://gitea.kosmos.org/kosmos/website.git"
|
||||
node.default["kosmos_website"]["revision"] = "chore/content"
|
||||
|
||||
@@ -23,7 +23,6 @@ end
|
||||
openresty_site domain do
|
||||
template "nginx_conf_website.erb"
|
||||
variables domain: domain,
|
||||
accounts_url: node.default["kosmos_website"]["accounts_url"],
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
|
||||
end
|
||||
|
||||
@@ -1,35 +0,0 @@
|
||||
#
|
||||
# Cookbook:: kosmos_website
|
||||
# Recipe:: redirects
|
||||
#
|
||||
|
||||
redirects = [
|
||||
{
|
||||
domain: "kosmos.chat",
|
||||
target: "https://kosmos.org",
|
||||
http_status: 307
|
||||
},
|
||||
{
|
||||
domain: "kosmos.cash",
|
||||
acme_domain: "letsencrypt.kosmos.org",
|
||||
target: "https://kosmos.org",
|
||||
http_status: 307
|
||||
}
|
||||
]
|
||||
|
||||
redirects.each do |redirect|
|
||||
tls_cert_for redirect[:domain] do
|
||||
auth "gandi_dns"
|
||||
acme_domain redirect[:acme_domain] unless redirect[:acme_domain].nil?
|
||||
action :create
|
||||
end
|
||||
|
||||
openresty_site redirect[:domain] do
|
||||
template "nginx_conf_redirect.erb"
|
||||
variables domain: redirect[:domain],
|
||||
target: redirect[:target],
|
||||
http_status: redirect[:http_status],
|
||||
ssl_cert: "/etc/letsencrypt/live/#{redirect[:domain]}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{redirect[:domain]}/privkey.pem"
|
||||
end
|
||||
end
|
||||
@@ -1,20 +0,0 @@
|
||||
# Generated by Chef
|
||||
|
||||
server {
|
||||
server_name <%= @domain %>;
|
||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log;
|
||||
error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn;
|
||||
|
||||
gzip_static on;
|
||||
gzip_comp_level 5;
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
||||
location / {
|
||||
return <%= @http_status || 301 %> <%= @target %>;
|
||||
}
|
||||
}
|
||||
@@ -1,18 +0,0 @@
|
||||
# Generated by Chef
|
||||
|
||||
server {
|
||||
server_name <%= @domain %>;
|
||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
root /var/www/<%= @domain %>/public;
|
||||
|
||||
access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log;
|
||||
error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn;
|
||||
|
||||
gzip_static on;
|
||||
gzip_comp_level 5;
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
}
|
||||
@@ -1,18 +1,9 @@
|
||||
# Generated by Chef
|
||||
|
||||
server {
|
||||
server_name _;
|
||||
listen 80 default_server;
|
||||
|
||||
location / {
|
||||
return 301 https://<%= @domain %>;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
server_name <%= @domain %>;
|
||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2 default_server;
|
||||
listen [::]:443 ssl http2 default_server;
|
||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
root /var/www/<%= @domain %>/public;
|
||||
|
||||
@@ -27,10 +18,8 @@ server {
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
||||
<% if @accounts_url %>
|
||||
location ~ ^/.well-known/(webfinger|nostr|lnurlp|keysend) {
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://accounts.kosmos.org;
|
||||
}
|
||||
<% end %>
|
||||
}
|
||||
|
||||
@@ -18,7 +18,6 @@ end
|
||||
|
||||
tls_cert_for domain do
|
||||
auth "gandi_dns"
|
||||
acme_domain "letsencrypt.kosmos.org"
|
||||
action :create
|
||||
end
|
||||
|
||||
|
||||
Reference in New Issue
Block a user