kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Compare commits

base: kosmos:chore/ejabberd_service_avatar
Branches Tags
kosmos:master kosmos:feature/237-gitea_ssh_signing kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish
..
compare: kosmos:3551b711547a47e25f9ae4f76fb356a47b66e504
Branches Tags
kosmos:feature/237-gitea_ssh_signing kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish

7 Commits
chore/ejab ... 3551b71154

Author SHA1 Message Date
Râu Cao
3551b71154 Add sensitive attribute to resource with credentials 2024-10-16 12:23:38 +02:00
Râu Cao
752bb74663 Remove boltz service and RTL integration 
We use peerswap these days, and the build process for boltz was made
much more complicated at some point. Not worth upgrading for us.
 2024-10-16 12:23:38 +02:00
Râu Cao
c64526a944 Upgrade RTL to v0.15.2 
Need to use `npm install --force` due to a dependency issue
 2024-10-16 12:23:38 +02:00
Râu Cao
da242d4817 Upgrade LND to 0.18.3 2024-10-16 12:23:29 +02:00
Râu Cao
0af4bc1d0d Upgrade bitcoind to 28.0 
Requires a newer C++ compiler
 2024-10-16 11:28:13 +02:00
Greg
c9f5a745a3 Merge pull request 'Fix Mastodon signup/password/confirmation links' (#570) from chore/562-mastodon_login_urls into master 
Reviewed-on: #570
Reviewed-by: Greg <greg@noreply.kosmos.org>
 2024-08-23 14:18:12 +00:00
Râu Cao
d935b99d7d Fix Mastodon signup/password/confirmation links 
Adds ENV vars for our custom fix in b916182bc1

fixes #562
 2024-08-22 21:51:49 +02:00
15 changed files with 42 additions and 162 deletions
Expand all files Collapse all files

1
nodes/bitcoin-2.json
View File

@@ -33,7 +33,6 @@
"kosmos-bitcoin::c-lightning",
"kosmos-bitcoin::lnd",
"kosmos-bitcoin::lnd-scb-s3",
"kosmos-bitcoin::boltz",
"kosmos-bitcoin::rtl",
"kosmos-bitcoin::peerswap-lnd",
"kosmos_postgresql::hostsfile",

1
roles/lnd.rb
View File

@@ -3,7 +3,6 @@ name "lnd"
run_list %w(
kosmos-bitcoin::lnd
kosmos-bitcoin::lnd-scb-s3
kosmos-bitcoin::boltz
kosmos-bitcoin::rtl
kosmos-bitcoin::peerswap-lnd
)

22
site-cookbooks/kosmos-bitcoin/attributes/default.rb
View File

@@ -1,5 +1,5 @@
node.default['bitcoin']['version'] = '26.0'
node.default['bitcoin']['checksum'] = 'ab1d99276e28db62d1d9f3901e85ac358d7f1ebcb942d348a9c4e46f0fcdc0a1'
node.default['bitcoin']['version'] = '28.0'
node.default['bitcoin']['checksum'] = '700ae2d1e204602eb07f2779a6e6669893bc96c0dca290593f80ff8e102ff37f'
node.default['bitcoin']['username'] = 'satoshi'
node.default['bitcoin']['usergroup'] = 'bitcoin'
node.default['bitcoin']['network'] = 'mainnet'
@@ -24,7 +24,8 @@ node.default['bitcoin']['conf'] = {
rpcbind: "127.0.0.1:8332",
gen: 0,
zmqpubrawblock: 'tcp://127.0.0.1:8337',
zmqpubrawtx: 'tcp://127.0.0.1:8338'
zmqpubrawtx: 'tcp://127.0.0.1:8338',
deprecatedrpc: 'warnings' # TODO remove when upgrading to LND 0.18.4
}
# Also enables Tor for LND
@@ -40,7 +41,7 @@ node.default['c-lightning']['log_level'] = 'info'
node.default['c-lightning']['public_ip'] = '148.251.237.73'
node.default['lnd']['repo'] = 'https://github.com/lightningnetwork/lnd'
node.default['lnd']['revision'] = 'v0.17.3-beta'
node.default['lnd']['revision'] = 'v0.18.3-beta'
node.default['lnd']['source_dir'] = '/opt/lnd'
node.default['lnd']['lnd_dir'] = "/home/#{node['bitcoin']['username']}/.lnd"
node.default['lnd']['alias'] = 'ln2.kosmos.org'
@@ -58,19 +59,8 @@ node.default['lnd']['tor'] = {
'skip-proxy-for-clearnet-targets' => 'true'
}
node.default['boltz']['repo'] = 'https://github.com/BoltzExchange/boltz-lnd.git'
node.default['boltz']['revision'] = 'v1.2.7'
node.default['boltz']['source_dir'] = '/opt/boltz'
node.default['boltz']['boltz_dir'] = "/home/#{node['bitcoin']['username']}/.boltz-lnd"
node.default['boltz']['grpc_host'] = '127.0.0.1'
node.default['boltz']['grpc_port'] = '9002'
node.default['boltz']['rest_disabled'] = 'false'
node.default['boltz']['rest_host'] = '127.0.0.1'
node.default['boltz']['rest_port'] = '9003'
node.default['boltz']['no_macaroons'] = 'false'
node.default['rtl']['repo'] = 'https://github.com/Ride-The-Lightning/RTL.git'
node.default['rtl']['revision'] = 'v0.15.0'
node.default['rtl']['revision'] = 'v0.15.2'
node.default['rtl']['host'] = '10.1.1.163'
node.default['rtl']['port'] = '3000'

1
site-cookbooks/kosmos-bitcoin/recipes/aws-client.rb
View File

@@ -11,6 +11,7 @@ credentials = Chef::EncryptedDataBagItem.load('credentials', 'backup')
file "/root/.aws/config" do
mode "600"
sensitive true
content lazy { <<-EOF
[default]
region = #{credentials["s3_region"]}

16
site-cookbooks/kosmos-bitcoin/recipes/bitcoind.rb
View File

@@ -12,8 +12,15 @@ if node["bitcoin"]["blocksdir_mount_type"]
include_recipe "kosmos-bitcoin::blocksdir-mount"
end
%w{ libtool autotools-dev make automake cmake curl g++-multilib libtool
binutils-gold bsdmainutils pkg-config python3 patch }.each do |pkg|
apt_repository "ubuntu-toolchain-r" do
# provides g++-13, needed for better c++-20 support
uri "ppa:ubuntu-toolchain-r/test"
end
%w{
gcc-13 g++-13 libtool autotools-dev make automake cmake curl bison
binutils-gold pkg-config python3 patch
}.each do |pkg|
apt_package pkg
end
@@ -26,20 +33,21 @@ end
execute "compile_bitcoin-core_dependencies" do
cwd "/usr/local/bitcoind/depends"
command "make NO_QT=1"
environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'})
command "make -j 2"
action :nothing
notifies :run, 'bash[compile_bitcoin-core]', :immediately
end
bash "compile_bitcoin-core" do
cwd "/usr/local/bitcoind"
environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'})
code <<-EOH
./autogen.sh
./configure --prefix=$PWD/depends/x86_64-pc-linux-gnu
make
EOH
action :nothing
notifies :restart, "systemd_unit[bitcoind.service]", :delayed
end
link "/usr/local/bin/bitcoind" do

87
site-cookbooks/kosmos-bitcoin/recipes/boltz.rb
View File

@@ -1,87 +0,0 @@
#
# Cookbook:: kosmos-bitcoin
# Recipe:: boltz
#
include_recipe "git"
include_recipe "kosmos-bitcoin::golang"
git node['boltz']['source_dir'] do
repository node['boltz']['repo']
revision node['boltz']['revision']
action :sync
notifies :run, 'bash[compile_and_install_boltz]', :immediately
end
bash "compile_and_install_boltz" do
cwd node['boltz']['source_dir']
code <<-EOH
go mod vendor && \
make build && \
make install
EOH
action :nothing
notifies :restart, "systemd_unit[boltzd.service]", :delayed
end
bitcoin_user = node['bitcoin']['username']
bitcoin_group = node['bitcoin']['usergroup']
boltz_dir = node['boltz']['boltz_dir']
lnd_dir = node['lnd']['lnd_dir']
directory boltz_dir do
owner bitcoin_user
group bitcoin_group
mode '0750'
action :create
end
template "#{boltz_dir}/boltz.toml" do
source "boltz.toml.erb"
owner bitcoin_user
group bitcoin_group
mode '0640'
variables lnd_grpc_host: '127.0.0.1',
lnd_grpc_port: '10009',
lnd_macaroon_path: "#{lnd_dir}/data/chain/bitcoin/mainnet/admin.macaroon",
lnd_tlscert_path: "#{lnd_dir}/tls.cert",
boltz_config: node['boltz']
notifies :restart, "systemd_unit[boltzd.service]", :delayed
end
systemd_unit 'boltzd.service' do
content({
Unit: {
Description: 'Boltz Daemon',
Documentation: ['https://lnd.docs.boltz.exchange'],
Requires: 'lnd.service',
After: 'lnd.service'
},
Service: {
User: bitcoin_user,
Group: bitcoin_group,
Type: 'simple',
ExecStart: "/opt/boltz/boltzd",
Restart: 'always',
RestartSec: '30',
TimeoutSec: '240',
LimitNOFILE: '128000',
PrivateTmp: true,
ProtectSystem: 'full',
NoNewPrivileges: true,
PrivateDevices: true,
MemoryDenyWriteExecute: true
},
Install: {
WantedBy: 'multi-user.target'
}
})
verify false
triggers_reload true
action [:create, :enable, :start]
end
unless node.chef_environment == 'development'
node.override['backup']['archives']['boltz'] = [node['boltz']['boltz_dir']]
include_recipe 'backup'
end

2
site-cookbooks/kosmos-bitcoin/recipes/golang.rb
View File

@@ -5,7 +5,7 @@
# Internal recipe for managing the Go installation in one place
#
node.override['golang']['version'] = "1.20.3"
node.override['golang']['version'] = "1.23.1"
include_recipe "golang"
link '/usr/local/bin/go' do

12
site-cookbooks/kosmos-bitcoin/recipes/rtl.rb
View File

@@ -46,24 +46,22 @@ rtl_config = {
multiPassHashed: credentials["multiPassHashed"]
}
if node['boltz']
# TODO adapt for multi-node usage
rtl_config[:nodes][0][:Authentication][:boltzMacaroonPath] = "#{node['boltz']['boltz_dir']}/macaroons"
rtl_config[:nodes][0][:Settings][:boltzServerUrl] = "https://#{node['boltz']['rest_host']}:#{node['boltz']['rest_port']}"
end
git rtl_dir do
user bitcoin_user
group bitcoin_group
repository node['rtl']['repo']
revision node['rtl']['revision']
notifies :run, "execute[npm_install]", :immediately
notifies :restart, "systemd_unit[#{app_name}.service]", :delayed
end
execute "npm install" do
execute "npm_install" do
cwd rtl_dir
environment "HOME" => rtl_dir
user bitcoin_user
# TODO remove --force when upstream dependency issues have been resolved
command "npm install --force"
action :nothing
end
file "#{rtl_dir}/RTL-Config.json" do

32
site-cookbooks/kosmos-bitcoin/templates/boltz.toml.erb
View File

@@ -1,32 +0,0 @@
[LND]
# Host of the gRPC interface of LND
host = "<%= @lnd_grpc_host %>"
# Port of the gRPC interface of LND
port = <%= @lnd_grpc_port %>
# Path to a macaroon file of LND
# The daemon needs to have permission to read various endpoints, generate addresses and pay invoices
macaroon = "<%= @lnd_macaroon_path %>"
# Path to the TLS certificate of LND
certificate = "<%= @lnd_tlscert_path %>"
[RPC]
# Host of the gRPC interface
host = "<%= @boltz_config['grpc_host'] %>"
# Port of the gRPC interface
port = <%= @boltz_config['grpc_port'] %>
# Whether the REST proxy for the gRPC interface should be disabled
restDisabled = <%= @boltz_config['rest_disabled'] %>
# Host of the REST proxy
restHost = "<%= @boltz_config['rest_host'] %>"
# Port of the REST proxy
restPort = <%= @boltz_config['rest_port'] %>
# Whether the macaroon authentication for the gRPC and REST interface should be disabled
noMacaroons = <%= @boltz_config['no_macaroons'] %>

1
site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb
View File

@@ -12,7 +12,6 @@ minchansize=<%= @lnd_minchansize %>
autopilot.active=0
[Bitcoin]
bitcoin.active=1
bitcoin.mainnet=1
bitcoin.node=bitcoind
bitcoin.basefee=<%= @lnd_basefee %>

12
site-cookbooks/kosmos-ejabberd/recipes/default.rb
View File

File diff suppressed because one or more lines are too long

4
site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
View File

@@ -216,7 +216,7 @@ modules:
access_createnode: pubsub_createnode
ignore_pep_from_offline: false
last_item_cache: false
max_items_node: 1000
max_items_node: 10
plugins:
- "flat"
- "pep" # pep requires mod_caps
@@ -258,6 +258,8 @@ modules:
type: turns
transport: tcp
restricted: true
mod_vcard:
search: false
mod_vcard_xupdate: {}
mod_avatar: {}
mod_version: {}

6
site-cookbooks/kosmos-mastodon/attributes/default.rb
View File

@@ -10,7 +10,7 @@ node.default["kosmos-mastodon"]["redis_url"] = "redis://localhost:6379/0
node.default["kosmos-mastodon"]["sidekiq_threads"] = 25
node.default["kosmos-mastodon"]["allowed_private_addresses"] = "127.0.0.1"
node.default["kosmos-mastodon"]["onion_address"] = nil
node.default["kosmos-mastodon"]["onion_address"] = nil
# Allocate this amount of RAM to the Java heap for Elasticsearch
node.default["kosmos-mastodon"]["elasticsearch"]["allocated_memory"] = "1536m"
@@ -20,6 +20,10 @@ node.default["kosmos-mastodon"]["s3_region"] = nil
node.default["kosmos-mastodon"]["s3_bucket"] = nil
node.default["kosmos-mastodon"]["s3_alias_host"] = nil
node.default["kosmos-mastodon"]["sso_account_sign_up_url"] = "https://kosmos.org"
node.default["kosmos-mastodon"]["sso_account_reset_password_url"] = "https://accounts.kosmos.org/users/password/new"
node.default["kosmos-mastodon"]["sso_account_resend_confirmation_url"] = "https://accounts.kosmos.org/users/confirmation/new"
node.default["kosmos-mastodon"]["default_locale"] = "en"
node.default["kosmos-mastodon"]["libre_translate_endpoint"] = nil

4
site-cookbooks/kosmos-mastodon/recipes/default.rb
View File

@@ -190,6 +190,7 @@ template "#{mastodon_path}/.env.#{rails_env}" do
mode "0640"
owner mastodon_user
group mastodon_user
sensitive true
variables redis_url: node["kosmos-mastodon"]["redis_url"],
domain: node["kosmos-mastodon"]["domain"],
alternate_domains: node["kosmos-mastodon"]["alternate_domains"],
@@ -210,6 +211,9 @@ template "#{mastodon_path}/.env.#{rails_env}" do
vapid_public_key: credentials['vapid_public_key'],
db_pass: postgresql_credentials['mastodon_user_password'],
db_host: "pg.kosmos.local",
sso_account_sign_up_url: node["kosmos-mastodon"]["sso_account_sign_up_url"],
sso_account_reset_password_url: node["kosmos-mastodon"]["sso_account_reset_password_url"],
sso_account_resend_confirmation_url: node["kosmos-mastodon"]["sso_account_resend_confirmation_url"],
default_locale: node["kosmos-mastodon"]["default_locale"],
allowed_private_addresses: node["kosmos-mastodon"]["allowed_private_addresses"],
libre_translate_endpoint: node["kosmos-mastodon"]["libre_translate_endpoint"]

3
site-cookbooks/kosmos-mastodon/templates/default/env.erb
View File

@@ -44,6 +44,9 @@ LDAP_SEARCH_FILTER='<%= @ldap[:search_filter] %>'
LDAP_UID_CONVERSION_ENABLED=<%= @ldap[:uid_conversion_enabled] %>
LDAP_UID_CONVERSION_SEARCH=<%= @ldap[:uid_conversion_search] %>
LDAP_UID_CONVERSION_REPLACE=<%= @ldap[:uid_conversion_replace] %>
SSO_ACCOUNT_SIGN_UP=<%= @sso_account_sign_up_url %>
SSO_ACCOUNT_RESET_PASSWORD=<%= @sso_account_reset_password_url %>
SSO_ACCOUNT_RESEND_CONFIRMATION=<%= @sso_account_resend_confirmation_url %>
<% end %>
# Optional asset host for multi-server setups