Remove obsolete recipe

Merge pull request 'Document script that creates VMs' (#604 ) from feature/244-document_creating_vm into master
Reviewed-on: #604 Reviewed-by: Râu Cao <raucao@kosmos.org>
2025-11-12 13:47:00 +01:00 · 2025-10-30 16:32:02 +00:00 · 2025-10-30 16:18:59 +01:00 · 2025-10-24 18:20:06 +02:00 · 2025-10-24 16:18:35 +00:00 · 2025-10-24 18:16:00 +02:00
81 changed files with 1147 additions and 336 deletions
--- a/4
+++ b/4
@@ -13,6 +13,9 @@ cookbook 'ipfs',
 cookbook 'mediawiki',
  git: 'https://github.com/67P/mediawiki-cookbook.git',
  ref: 'nginx'
 cookbook 'postfix',
  git: 'https://gitea.kosmos.org/kosmos/postfix-cookbook.git',
  ref: 'bugfix/sasl_attributes'
 cookbook 'apache2',                '= 3.3.0'
 cookbook 'apt',                    '~> 7.3.0'
@@ -32,7 +35,6 @@ cookbook 'ntp',                    '= 3.4.0'
 cookbook 'ohai',                   '~> 5.2.5'
 cookbook 'openssl',                '~> 8.5.5'
 cookbook 'php',                    '~> 8.0.0'
 cookbook 'postfix',                '~> 6.0.26'
 cookbook 'timezone_iii',           '= 1.0.4'
 cookbook 'ulimit',                 '~> 1.0.0'
 cookbook 'users',                  '~> 5.3.1'
--- a/Berksfile.lock
+++ b/Berksfile.lock
@@ -28,7 +28,10 @@ DEPENDENCIES
  ohai (~> 5.2.5)
  openssl (~> 8.5.5)
  php (~> 8.0.0)
-  postfix (~> 6.0.26)
+  postfix
    git: https://gitea.kosmos.org/kosmos/postfix-cookbook.git
    revision: dd6598572a775ae73f17527260ec8097b52d385b
    ref: bugfix/
  redisio (~> 6.4.1)
  ruby_build (~> 2.5.0)
  timezone_iii (= 1.0.4)
@@ -90,7 +93,7 @@ GRAPH
  openssl (8.5.5)
  php (8.0.1)
    yum-epel (>= 0.0.0)
-  postfix (6.0.26)
+  postfix (6.4.1)
  redisio (6.4.1)
    selinux (>= 0.0.0)
  ruby_build (2.5.0)
--- a/clients/garage-12.json
+++ b/clients/garage-12.json
@@ -0,0 +1,4 @@
 {
  "name": "garage-12",
  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9GtHHi298BjiIqpZ3WkT\nkYAPfWD60hFe/8icYcq/F/6cHLYKZQ4chek9X/hDCMq4tHEN6Oh58T5x/nuNdPrK\nIAMGyVAGk6ekWlmD4jwdEf6TGb/J3ffJTRDvwX/I8xD/DW3wtXsN+X24T59ByGTm\nrnwRmmmwHF3otRx9wnCsIgDQ0AjiUujsfNNv1FcLXD/WJLys9lEeU5aJ4XtHTwDv\ntJM8YyVEFhEnuvgdKmzn5+F5k9VGdUwForlFOBfvzbCnTZMDMmDVeiUtAUv/7xWQ\nQl2mLUGCtgWuYJYXsQacAJ6pa3h+7cQyshC6w3dwUG+1fS9lNO0Yp1GGX1AGYKpp\nPQIDAQAB\n-----END PUBLIC KEY-----\n"
 }
--- a/clients/garage-13.json
+++ b/clients/garage-13.json
@@ -0,0 +1,4 @@
 {
  "name": "garage-13",
  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbqWc6OwRxgHfsQuTNL4\naxeVvNen5d9srYpZSHjuBB/k9NHB+9P6vU5qF37XHkw1lVUGeYbPHzhYsx3O0/kZ\nH5f4+4SMy/P9jc6SE7AJF4qtYKgJ88koZdqCww07c6K9g+BnEGFFZui/h3hUBxWj\nTfhBHEWPyQ2bl/lr9sIJwsEz+EN0isGn/eIXkmw9J6LdLJ5Q0LLks33K28FNOU7q\nfeAN4MiBVMUtgCGyT2Voe6WrOXwQLSDXQONOp3sfSfFExsIJ1s24xdd7AMD7/9a7\n4sFDZ4swhqAWgWmW2giR7Kb8wTvGQLO/O/uUbmKz3DZXgkOKXHdHCEB/PZx1mRNM\nEwIDAQAB\n-----END PUBLIC KEY-----\n"
 }
--- a/cookbooks/postfix/.markdownlint-cli2.yaml
+++ b/cookbooks/postfix/.markdownlint-cli2.yaml
@@ -3,3 +3,5 @@ config:
  line-length: false # MD013
  no-duplicate-heading: false # MD024
  reference-links-images: false # MD052
 ignores:
  - .github/copilot-instructions.md
--- a/cookbooks/postfix/.vscode/extensions.json
+++ b/cookbooks/postfix/.vscode/extensions.json
@@ -0,0 +1,8 @@
 {
  "recommendations": [
    "chef-software.chef",
    "Shopify.ruby-lsp",
    "editorconfig.editorconfig",
    "DavidAnson.vscode-markdownlint"
  ]
 }
--- a/cookbooks/postfix/CHANGELOG.md
+++ b/cookbooks/postfix/CHANGELOG.md
@@ -2,9 +2,48 @@
 This file is used to list changes made in each version of the postfix cookbook.
 ## Unreleased
 ## 6.4.1 - *2025-09-04*
 ## 6.4.0 - *2025-07-30* ## 6.4.0 - *2025-07-30*
 Standardise files with files in sous-chefs/repo-management
 ## 6.4.0 - *2025-07-30*
 ## 6.3.0 - *2025-07-30*
 - Use LMDB instead of hash on el10
 ## 6.3.0 - *2025-07-30*
 ## 6.2.2 - *2025-01-30*
 ## 6.2.1 - *2025-01-30*
 ## 6.2.0 - *2025-01-30*
 ## 6.2.0
 - Correctly fix aliases quoting logic
 - Convert all serverspec tests to inspec
 - Add Github actions
 - Update platforms to test
 ## 6.0.29 - *2024-11-18*
 - Standardise files with files in sous-chefs/repo-management
 ## 6.0.28 - *2024-07-15*
 - Standardise files with files in sous-chefs/repo-management
 ## 6.0.27 - *2024-05-06*
 ## 6.0.26 - *2023-10-03*
- add installation of postfix addon packages for RHEL 8
+- Add installation of postfix addon packages for RHEL 8
 ## 6.0.25 - *2023-10-03*
--- a/cookbooks/postfix/attributes/default.rb
+++ b/cookbooks/postfix/attributes/default.rb
@@ -13,9 +13,10 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+default['postfix']['packages'] = value_for_platform(
-default['postfix']['packages'] = %w(postfix)
+  amazon: { '>= 2023' => %w(postfix postfix-lmdb) },
-
+  default: %w(postfix)
 )
 # Generic cookbook attributes
 default['postfix']['mail_type'] = 'client'
 default['postfix']['relayhost_role'] = 'relayhost'
@@ -37,11 +38,19 @@ default['postfix']['master_template_source'] = 'postfix'
 default['postfix']['sender_canonical_map_entries'] = {}
 default['postfix']['smtp_generic_map_entries'] = {}
 default['postfix']['recipient_canonical_map_entries'] = {}
-default['postfix']['access_db_type'] = 'hash'
+
-default['postfix']['aliases_db_type'] = 'hash'
+default['postfix']['db_type'] = value_for_platform(
-default['postfix']['transport_db_type'] = 'hash'
+  %w(centos redhat almalinux rocky oracle) => { '>= 10' => 'lmdb' },
-default['postfix']['virtual_alias_db_type'] = 'hash'
+  amazon: { '>= 2023' => 'lmdb' },
-default['postfix']['virtual_alias_domains_db_type'] = 'hash'
+  %w(opensuseleap suse) => { '>= 15' => 'lmdb' },
  default: 'hash'
 )
 default['postfix']['access_db_type'] = lazy { node['postfix']['db_type'] }
 default['postfix']['aliases_db_type'] = lazy { node['postfix']['db_type'] }
 default['postfix']['transport_db_type'] = lazy { node['postfix']['db_type'] }
 default['postfix']['virtual_alias_db_type'] = lazy { node['postfix']['db_type'] }
 default['postfix']['virtual_alias_domains_db_type'] = lazy { node['postfix']['db_type'] }
 case node['platform']
 when 'smartos'
@@ -96,6 +105,9 @@ default['postfix']['main']['smtp_sasl_auth_enable'] = 'no'
 default['postfix']['main']['mailbox_size_limit'] = 0
 default['postfix']['main']['mynetworks'] = nil
 default['postfix']['main']['inet_interfaces'] = 'loopback-only'
 default['postfix']['main']['default_database_type'] = lazy { node['postfix']['db_type'] }
 default['postfix']['main']['alias_database'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}" }
 default['postfix']['main']['alias_maps'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}" }
 # Conditional attributes, also reference _attributes recipe
 case node['platform_family']
@@ -407,4 +419,4 @@ default['postfix']['aliases'] = if platform?('freebsd')
                                  {}
                                end
-default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
+default['postfix']['main']['smtpd_relay_restrictions'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps'] }
--- a/cookbooks/postfix/metadata.json
+++ b/cookbooks/postfix/metadata.json
@@ -26,7 +26,7 @@
  "recipes": {
  },
-  "version": "6.0.26",
+  "version": "6.4.1",
  "source_url": "https://github.com/sous-chefs/postfix",
  "issues_url": "https://github.com/sous-chefs/postfix/issues",
  "privacy": false,
--- a/cookbooks/postfix/metadata.rb
+++ b/cookbooks/postfix/metadata.rb
@@ -3,7 +3,7 @@ maintainer        'Sous Chefs'
 maintainer_email  'help@sous-chefs.org'
 license           'Apache-2.0'
 description       'Installs and configures postfix for client or outbound relayhost, or to do SASL auth'
-version           '6.0.26'
+version           '6.4.1'
 source_url        'https://github.com/sous-chefs/postfix'
 issues_url        'https://github.com/sous-chefs/postfix/issues'
 chef_version      '>= 12.15'
--- a/cookbooks/postfix/recipes/_attributes.rb
+++ b/cookbooks/postfix/recipes/_attributes.rb
@@ -29,24 +29,22 @@ end
 if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
  node.default_unless['postfix']['sasl_password_file'] = "#{node['postfix']['conf_dir']}/sasl_passwd"
-  node.default_unless['postfix']['main']['smtp_sasl_password_maps'] = "hash:#{node['postfix']['sasl_password_file']}"
+  node.default_unless['postfix']['main']['smtp_sasl_password_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['sasl_password_file']}"
  node.default_unless['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous'
  node.default_unless['postfix']['sasl']['smtp_sasl_user_name'] = ''
  node.default_unless['postfix']['sasl']['smtp_sasl_passwd']    = ''
  node.default_unless['postfix']['main']['relayhost'] = ''
 end
-node.default_unless['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps']
+node.default_unless['postfix']['main']['alias_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps']
-node.default_unless['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps']
+node.default_unless['postfix']['main']['transport_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps']
-node.default_unless['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps']
+node.default_unless['postfix']['main']['access_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps']
 node.default_unless['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"] if node['postfix']['use_virtual_aliases']
 node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"] if node['postfix']['use_virtual_aliases_domains']
-node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
+node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "#{node['postfix']['db_type']}:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
 node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1 if node['postfix']['master']['maildrop']['active']
--- a/cookbooks/postfix/recipes/_common.rb
+++ b/cookbooks/postfix/recipes/_common.rb
@@ -155,7 +155,7 @@ unless node['postfix']['sender_canonical_map_entries'].empty?
    notifies :reload, 'service[postfix]'
  end
-  node.default['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps')
+  node.default['postfix']['main']['sender_canonical_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps')
 end
 execute 'update-postfix-smtp_generic' do
@@ -172,7 +172,7 @@ unless node['postfix']['smtp_generic_map_entries'].empty?
    notifies :reload, 'service[postfix]'
  end
-  node.default['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps')
+  node.default['postfix']['main']['smtp_generic_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps')
 end
 execute 'update-postfix-recipient_canonical' do
@@ -189,7 +189,7 @@ unless node['postfix']['recipient_canonical_map_entries'].empty?
    notifies :reload, 'service[postfix]'
  end
-  node.default['postfix']['main']['recipient_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps')
+  node.default['postfix']['main']['recipient_canonical_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps')
 end
 service 'postfix' do
--- a/cookbooks/postfix/recipes/maps.rb
+++ b/cookbooks/postfix/recipes/maps.rb
@@ -18,8 +18,8 @@ node['postfix']['maps'].each do |type, maps|
    package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
  end
-  if platform?('redhat') && node['platform_version'].to_i == 8
+  if platform_family?('rhel') && node['platform_version'].to_i >= 8
-    package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
+    package "postfix-#{type}" if %w(pgsql mysql ldap cdb lmdb).include?(type)
  end
  separator = if %w(pgsql mysql ldap memcache sqlite).include?(type)
@@ -32,7 +32,7 @@ node['postfix']['maps'].each do |type, maps|
      command "postmap #{file}"
      environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
      action :nothing
-    end if %w(btree cdb dbm hash sdbm).include?(type)
+    end if %w(btree cdb dbm hash lmdb sdbm).include?(type)
    template "#{file}-#{type}" do
      path file
      source 'maps.erb'
@@ -41,7 +41,7 @@ node['postfix']['maps'].each do |type, maps|
        map: content,
        separator: separator
      )
-      notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash sdbm).include?(type)
+      notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash lmdb sdbm).include?(type)
      notifies :restart, 'service[postfix]'
    end
  end
--- a/cookbooks/postfix/renovate.json
+++ b/cookbooks/postfix/renovate.json
@@ -1,9 +1,10 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["config:base"],
-  "packageRules": [{
+  "packageRules": [
    {
      "groupName": "Actions",
-      "matchUpdateTypes": ["patch", "pin", "digest"],
+      "matchUpdateTypes": ["minor", "patch", "pin"],
      "automerge": true,
      "addLabels": ["Release: Patch", "Skip: Announcements"]
    },
--- a/cookbooks/postfix/templates/aliases.erb
+++ b/cookbooks/postfix/templates/aliases.erb
@@ -6,5 +6,5 @@
 postmaster:    root
 <% node['postfix']['aliases'].each do |name, value| %>
-<%= name %>: <%= [value].flatten.map{|x| if (x.include?("@")) then x else %Q("#{x}") end}.join(', ') %>
+<%= name.match?(/[\s#:@]/) ? "\"#{name}\"" : name %>: <%= [value].flatten.map{|x| x.include?("|") ? "\"#{x}\"" : x}.join(',') %>
 <% end unless node['postfix']['aliases'].nil? %>
--- a/data_bags/credentials/akkounts.json
+++ b/data_bags/credentials/akkounts.json
@@ -1,72 +1,93 @@
 {
  "id": "akkounts",
-  "postgresql_username": {
+  "rails_master_key": {
-    "encrypted_data": "bDlOkEmhvMgyVzPeTNUzYnzRLf3T9cc0cDxt\n",
+    "encrypted_data": "q/0BtGuFZJQhw+iG4ZmFG12DPaWQDGTb/nCmRoxOnsACkANqMv/zZ39CoNFe\nLPtZiItY\n",
-    "iv": "GCCUoqU5pxQ7fGkv\n",
+    "iv": "JV8R0iu6TrqcZRxL\n",
-    "auth_tag": "Q7mrSHIBluMe3CGVmoR86Q==\n",
+    "auth_tag": "YxZIhEUnrd3XrwR6f9wO4A==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
-  "postgresql_password": {
+  "rails_secret_key_base": {
-    "encrypted_data": "wD0HtdsNe/hl4ZaOy8hyr2k4z8TXQrrSja3KNVE47w==\n",
+    "encrypted_data": "JmDQew3+OR6+yJ1xErwXeTn6jw8N2HwTc9yvAVJ3G+7w1s3N7rKDM6+M50ez\n2zP4Lm/eXzH4WTsTZlQcodlyNpi66pvUCGAkNM36rwTN5yvnhqPUmuSQi7AG\nDTBronBwr9ENvwA/gRuugyyhrRB1iuStpzpYKCMhZ2ae9Mrxdux0+ezfSLn4\nuP22uUrEqdQ/BWsW\n",
-    "iv": "tb5yz8WDer0CsGvJ\n",
+    "iv": "U/+YncCk13U6bYMz\n",
-    "auth_tag": "/+K2anuCff/6M7Pu70Smqw==\n",
+    "auth_tag": "2wPYJ/uVPv4jLKpAW/x6sw==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "rails_encryption_primary_key": {
    "encrypted_data": "u/7z91Og/2eM7PWi2JWYAQMhYX4S5+bMMeVpkFPu778Gqj6Td9pagsWIak/d\nb7AU1zjF\n",
    "iv": "wYhrJWcuWbY8yo8S\n",
    "auth_tag": "WEoEdNy6VBvB2d5gb8DTXw==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "rails_encryption_key_derivation_salt": {
    "encrypted_data": "noOwTZuxfhsH94bjOT9rWCKS9rb3wAoXELGrc4nJZeNrb/B9XnOLTuK/wen8\nfmtoym0P\n",
    "iv": "jiFWs3VXhJdQBNqk\n",
    "auth_tag": "XDpJFgadYp7LyRqU7SO+Fg==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "postgresql": {
    "encrypted_data": "Xorg8R8COxE/Swivu8MqZiwstD6rD+8FmgDx70pFscZ/CTb6WQRpyqGSrGZt\nZ7oL9WrqZs+mQgBb30odU+Sgdr6x\n",
    "iv": "6QWZc3+MY0hBCc/s\n",
    "auth_tag": "ZM+7OYyx5E9PciNG2OILhg==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "ldap": {
    "encrypted_data": "mr2Z7hXF1GOn8RmqeZMMdaUcmiVP4ZeKtTX6RYW1cR+FQiUwoITwTPBE9XUx\n2cqZ9Mcd8uJicmf9vd+PfwPtRtoZFwqHQ4LDRFLW64hBZyiEkZWxWW+HzgPr\n",
    "iv": "k1AkyEplnJ4IZO1Z\n",
    "auth_tag": "zAOcrPex3VLDfRFq38n7fA==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "sentry_dsn": {
-    "encrypted_data": "jCz681x0WVixHYZUb62TO+1cgyJMiJ2UMqWcaztx57yDBOIiKW3oSZjuXdhP\n9WCesfXQF/lgzITZno3IKDqzlKjWgbGLC75y8FLguxidCHI=\n",
+    "encrypted_data": "51cAERaRBCRg/sMb5c13EcnJzsz6VEf7jx6X3ooUSzm9wHoEfC5Hs/qakr/D\nqm9x3s3aGURRzyLUIEoe9jCohGguh6ehrXYVrun0B6pghVU=\n",
-    "iv": "IRNOzN/hLwg1iqax\n",
+    "iv": "hJsiiW6dFQMEQ+2p\n",
-    "auth_tag": "eg9dWnEK04JDb94e4CFa9Q==\n",
+    "auth_tag": "TOIahNrUhhsdQGlzp6UV5g==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "rails_master_key": {
    "encrypted_data": "nUB77VLRp41rluH7hLBwQqPtnh/HsmfLr2VbcIZHWawL3o2TGuY+mj648f9L\n7XsEpgqY\n",
    "iv": "fpdbDitqTRHxEKiv\n",
    "auth_tag": "I44fn8Ott3L/Y5LYr56U/Q==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "discourse_connect_secret": {
-    "encrypted_data": "ENtMn+1XTVFmdEZw7LU6WGoMbSZY654ggm3vPACGfFgqo6r0LhG60c5OTdqv\nZvT5/Q==\n",
+    "encrypted_data": "pvKcwuZgUJsAvClQ4V0BwhwEg09EUEWVxoSx+mFlfG1KpvZE4Cu3u3PalPSD\nldyKsw==\n",
-    "iv": "bL1BmvRhgxFqSM1P\n",
+    "iv": "ED85d6PKyaKB3Wlv\n",
-    "auth_tag": "sEBZzGWwwYFHn+4B4SsyCA==\n",
+    "auth_tag": "XVCU/WigC97tNe0bUK6okQ==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "lndhub_admin_token": {
-    "encrypted_data": "4LPGFoARzI8UYnsJPIk8sax/rAA16pUULEZWn86e2C7L\n",
+    "encrypted_data": "LvCgahQblsKOxK9iNbwDd31atBfemVppHqV7s3K/sR4j\n",
-    "iv": "nvjXrOwgfgutwEVw\n",
+    "iv": "zObzh2jEsqXk2vD2\n",
-    "auth_tag": "A89RUf1sdcS3FVscNPWYLg==\n",
+    "auth_tag": "n9m/sBYBfzggwQLWrGpR2Q==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "btcpay_auth_token": {
-    "encrypted_data": "ky5iWYF06os0Ek6vIRzWqMTekqJhCOh/Q9DTDIeKhSyk8TnT3O71lCNEt1F5\nXCNq6ux3V6oyHVLWj0o=\n",
+    "encrypted_data": "M4kGd6+jresm90nWrJG25mX6rfhaU+VlJlIVd/IjOAUsDABryyulJul3GZFh\nFPSI4uEhgIWtn56I0bA=\n",
-    "iv": "zk6WnxsY89oNW1F9\n",
+    "iv": "hvqHm7A/YfUOJwRJ\n",
-    "auth_tag": "FAIMXKvQ1T7QKezVSNJbwQ==\n",
+    "auth_tag": "DhtT6IeixD1MSRX+D7JxZA==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "s3_access_key": {
-    "encrypted_data": "KfhfEGwPjOonlz6rpnNTinXFPqX/sIbqQn/aby0UDi/G/7cvEcOiNcCkfuSz\n",
+    "encrypted_data": "FPRpLZoIbLcVWPJhOlX7ZeXGv6TZIWYAD+BKTsJOyOHxDG3eRULqQc89cGWi\n",
-    "iv": "Q3rg06v6K9pUDLDY\n",
+    "iv": "f9WiiGLmDxtygp60\n",
-    "auth_tag": "G5ugdlJ896KtYtObKLclJA==\n",
+    "auth_tag": "lGnq4itmByuF/Yp20/6coQ==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "s3_secret_key": {
-    "encrypted_data": "N8s1OoDrYXHjqSydQA0kY7dd68Aelq4+/cgmJlYfP92u4YA17V4TR7fsvQZL\nkqjuUSClNYPc0XiCwf/5gxVirE9AO6OmmvSV7lUyu4hcEY6unrU=\n",
+    "encrypted_data": "JnnwISbHJ+d7JZB/C0NH0fb8p+bDSwoq5t5knSi+bSTltSxKcq6PRX9K6bov\nEbo0GTdWePbuc5NCsyYxfrkzCtpLXTIxeCROtinRmFIgMFNwaOA=\n",
-    "iv": "bXzIVWnX6V0P6PRb\n",
+    "iv": "pKPCaANDqGtbFV3V\n",
-    "auth_tag": "1EOjCfsX9P6ETjUsgBvBsA==\n",
+    "auth_tag": "S//hn2HOhuZH8+UfCNBWDg==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "nostr_private_key": {
-    "encrypted_data": "Sf8PEyQ0sqcgxddSlIDxLOVzPjOkTFObsYuTgcxkbEV7igrati4e8QVVUEBD\n1yoLJXelp8jlCr28Ectci29jc53gYSMTLSQsw97uYas2R0dGCqQ=\n",
+    "encrypted_data": "AKfFiLow+veDyEWBwmCDuLerT3l+o2aJUCeHg2mZZIyoH4oeo/9crZwIdjBn\n70reouqnHNG9mBHuO/+IPGfj53mHLo+oGHh+6LkL3ImI4MFBofY=\n",
-    "iv": "+1CIUyvIUOveLrY4\n",
+    "iv": "bPlOKk2qkJAzdKf+\n",
-    "auth_tag": "GDqS+IuAIfMBmHIeFXaV7A==\n",
+    "auth_tag": "VIp1IOjBGatn2MN5LHVymg==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  }
--- a/data_bags/credentials/gandi_api.json
+++ b/data_bags/credentials/gandi_api.json
@@ -1,23 +1,23 @@
 {
  "id": "gandi_api",
  "key": {
-    "encrypted_data": "Ky1/PdywtEIl5vVXhzu3n2JetqOxnNjpjQ7yCao6qwIAn8oYxnv1c1hFAQ==\n",
+    "encrypted_data": "lU7/xYTmP5Sb6SsK5TNNIyegWozzBtUzpg7oDdl6gcz9FEMmG2ft0Ljh5Q==\n",
-    "iv": "stAc2FxDvUqrh0kt\n",
+    "iv": "EZPQD3C+wsP/mBhF\n",
-    "auth_tag": "rcK4Qt+f2O4Zo5IMmG0fkw==\n",
+    "auth_tag": "vF9E8Pj4Z8quJJdOMg/QTw==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "access_token": {
-    "encrypted_data": "J7zoLhEbPfPjnVWBmFmDdPKRer5GGw2o6Ad0uinznANugfaDiqjyYinOdEDF\nHlAqLmXv4J40rr3F+o4=\n",
+    "encrypted_data": "1Uw69JkNrmb8LU/qssuod1SlqxxrWR7TJQZeeivRrNzrMIVTEW/1uwJIYL6b\nM4GeeYl9lIRlMMmLBkc=\n",
-    "iv": "fAxFqVh9QqrfBsPW\n",
+    "iv": "cc1GJKu6Cf4DkIgX\n",
-    "auth_tag": "9ugi4frDLv8f7X0X1+k4DA==\n",
+    "auth_tag": "ERem4S7ozG695kjvWIMghw==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "domains": {
-    "encrypted_data": "X0KOKlJp5GYbKcq/jzmlaMmTXV1U7exWSqi3UxX9Sw==\n",
+    "encrypted_data": "scZ5blsSjs54DlitR7KZ3enLbyceOR5q0wjHw1golQ==\n",
-    "iv": "9JucnYLlYdQ9N6pd\n",
+    "iv": "oDcHm7shAzW97b4t\n",
-    "auth_tag": "sERYPDnVUJwVfSS8/xrPpQ==\n",
+    "auth_tag": "62Zais9yf68SwmZRsmZ3hw==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  }
--- a/data_bags/credentials/kosmos-rs.json
+++ b/data_bags/credentials/kosmos-rs.json
@@ -0,0 +1,10 @@
 {
  "id": "kosmos-rs",
  "auth_tokens": {
    "encrypted_data": "fiznpRw7VKlm232+U6XV1rqkAf2Z8CpoD8KyvuvOH2JniaymlcTHgazGWQ8s\nGeqK4RU9l4d29e9i+Mh0k4vnhO4q\n",
    "iv": "SvurcL2oNSNWjlxp\n",
    "auth_tag": "JLQ7vGXAuYYJpLEpL6C+Rw==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  }
 }
--- a/data_bags/credentials/lndhub-go.json
+++ b/data_bags/credentials/lndhub-go.json
@@ -1,30 +1,30 @@
 {
  "id": "lndhub-go",
  "jwt_secret": {
-    "encrypted_data": "3T4JYnoISKXCnatCBeLCXyE8wVjzphw5/JU5A0vHfQ2xSDZreIRQ\n",
+    "encrypted_data": "lJsKBTCRzI83xmRHXzpnuRH/4cuMOR+Rd+SBU50G9HdibadIEDhS\n",
-    "iv": "bGQZjCk6FtD/hqVj\n",
+    "iv": "f/SvsWtZIYOVc54X\n",
-    "auth_tag": "CS87+UK1ZIFMiNcNaoyO6w==\n",
+    "auth_tag": "YlJ78EuJbcPfjCPc2eH+ug==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "postgresql_password": {
-    "encrypted_data": "u8kf/6WdSTzyIz2kF+24JgOPLndWH2WmTFZ3CToJsnay\n",
+    "encrypted_data": "aT0yNlWjvk/0S4z2kZB4Ye1u/ngk5J6fGPbwZSfdq6cy\n",
-    "iv": "KqLtV2UuaAzJx7C8\n",
+    "iv": "OgUttF4LlSrL/7gH\n",
-    "auth_tag": "3aqx45+epb2NFkNfOfG89A==\n",
+    "auth_tag": "pcbbGqbQ2RjU+i9dt8c3OQ==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "admin_token": {
-    "encrypted_data": "Z737fXqRE9JHfunRhc2GG281dFFN1bvBvTzTDzl/Vb8O\n",
+    "encrypted_data": "I9EsqCCxMIw+fX6sfu6KX8B5fJj9DX5Y4tbX30jdnmxr\n",
-    "iv": "oKLQJbD67tiz2235\n",
+    "iv": "vnERvIWYInO6+Y8q\n",
-    "auth_tag": "SlVIqC9d9SRoO78M7cBjTw==\n",
+    "auth_tag": "gO+MprZUQgPEWJQUmSF1sA==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "sentry_dsn": {
-    "encrypted_data": "gmDHGDWkTIvaXjcWMs1dnKnbqtsADPJ2mLmWw8Idj6RVevU5CabjvviAxEo1\n3hs2LWuObumRSCQt2QKap191uMq3CL2+da53hbsv+JUkxl4=\n",
+    "encrypted_data": "+sUXWgl6dXpA1/0FqjKC3Jnl54aor6gtM+19EM/NsHwg4qu672YnSgxV+c9x\nHM3JZBYxBYvJ+HYGAvMmhlGvaOOEIvLmFUpCCJeVUXR32S8=\n",
-    "iv": "Yt0fSsxL4SNicwUY\n",
+    "iv": "82+DzAnHiptaX7sO\n",
-    "auth_tag": "j7BWbcNnymHHMNTADWmCNw==\n",
+    "auth_tag": "CDx44iRBVhSIF8DOxb2c+w==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  }
--- a/doc/mastodon.md
+++ b/doc/mastodon.md
@@ -0,0 +1,15 @@
 # Mastodon
 Running on kosmos.social
 ## Ops
 ### Enable maintance mode
 Return a 503 and maintance page for all requests:
    knife ssh -p2222 -a knife_zero.host "role:openresty_proxy" "sudo cp -p /var/www/maintenance.html /var/www/kosmos.social/public/ && sudo systemctl reload openresty"
 ### Stop maintenance mode
    knife ssh -p2222 -a knife_zero.host "role:openresty_proxy" "sudo rm /var/www/kosmos.social/public/maintenance.html && sudo systemctl reload openresty"
--- a/environments/production.json
+++ b/environments/production.json
@@ -105,19 +105,39 @@
    },
    "strfry": {
      "domain": "nostr.kosmos.org",
-      "real_ip_header": "x-real-ip",
+      "config": {
-      "policy_path": "/opt/strfry/strfry-policy.ts",
+        "events": {
-      "whitelist_pubkeys": [
+          "max_event_size": "524288"
-        "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a",
+        },
-        "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf"
+        "relay": {
-      ],
+          "bind": "0.0.0.0",
-      "info": {
+          "real_ip_header": "x-real-ip",
-        "name": "Kosmos Relay",
+          "info": {
-        "description": "Members-only nostr relay for kosmos.org users",
+            "name": "Kosmos Relay",
-        "pubkey": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
+            "description": "Members-only nostr relay for kosmos.org users",
-        "contact": "ops@kosmos.org",
+            "pubkey": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
-        "icon": "https://assets.kosmos.org/img/app-icon-256px.png"
+            "contact": "ops@kosmos.org",
            "icon": "https://assets.kosmos.org/img/app-icon-256px.png"
          },
          "write_policy": {
            "plugin": "/opt/strfry/strfry-policy.ts"
          },
          "logging": {
            "dump_in_all": true
          }
        }
      },
      "known_pubkeys": {
        "_": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
        "accounts": "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a",
        "bitcoincore": "47750177bb6bb113784e4973f6b2e3dd27ef1eff227d6e38d0046d618969e41a",
        "fiatjaf": "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"
      }
    },
    "substr": {
      "relay_urls": [
        "ws://localhost:7777"
      ]
    }
  }
 }
--- a/nodes/akkounts-1.json
+++ b/nodes/akkounts-1.json
@@ -9,7 +9,7 @@
  "automatic": {
    "fqdn": "akkounts-1",
    "os": "linux",
-    "os_version": "5.4.0-148-generic",
+    "os_version": "5.4.0-216-generic",
    "hostname": "akkounts-1",
    "ipaddress": "192.168.122.160",
    "roles": [
@@ -38,6 +38,7 @@
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
--- a/nodes/bitcoin-2.json
+++ b/nodes/bitcoin-2.json
@@ -38,11 +38,13 @@
      "kosmos-bitcoin::dotnet",
      "kosmos-bitcoin::nbxplorer",
      "kosmos-bitcoin::btcpay",
      "kosmos-bitcoin::price_tracking",
      "apt::default",
      "timezone_iii::default",
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
@@ -102,6 +104,7 @@
    "role[bitcoind]",
    "role[lnd]",
    "role[lndhub]",
-    "role[btcpay]"
+    "role[btcpay]",
    "recipe[kosmos-bitcoin::price_tracking]"
  ]
 }
--- a/nodes/draco.kosmos.org.json
+++ b/nodes/draco.kosmos.org.json
@@ -20,7 +20,7 @@
  "automatic": {
    "fqdn": "draco.kosmos.org",
    "os": "linux",
-    "os_version": "5.4.0-54-generic",
+    "os_version": "5.4.0-187-generic",
    "hostname": "draco",
    "ipaddress": "148.251.237.73",
    "roles": [
--- a/nodes/drone-1.json
+++ b/nodes/drone-1.json
@@ -8,26 +8,27 @@
  "automatic": {
    "fqdn": "drone-1",
    "os": "linux",
-    "os_version": "5.4.0-1058-kvm",
+    "os_version": "5.4.0-1133-kvm",
    "hostname": "drone-1",
    "ipaddress": "192.168.122.200",
    "roles": [
      "kvm_guest",
      "drone",
-      "postgresql_client",
+      "postgresql_client"
      "kvm_guest"
    ],
    "recipes": [
      "kosmos-base",
      "kosmos-base::default",
      "kosmos_kvm::guest",
      "kosmos_postgresql::hostsfile",
      "kosmos_drone",
      "kosmos_drone::default",
      "kosmos_kvm::guest",
      "apt::default",
      "timezone_iii::default",
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
@@ -43,13 +44,13 @@
    "cloud": null,
    "chef_packages": {
      "chef": {
-        "version": "17.9.52",
+        "version": "18.7.10",
-        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.52/lib",
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib",
        "chef_effortless": null
      },
      "ohai": {
-        "version": "17.9.0",
+        "version": "18.2.5",
-        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai"
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai"
      }
    }
  },
@@ -58,4 +59,4 @@
    "role[kvm_guest]",
    "role[drone]"
  ]
-}
+}
--- a/nodes/ejabberd-4.json
+++ b/nodes/ejabberd-4.json
@@ -37,6 +37,7 @@
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
--- a/nodes/ejabberd-8.json
+++ b/nodes/ejabberd-8.json
@@ -37,6 +37,7 @@
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
--- a/nodes/garage-12.json
+++ b/nodes/garage-12.json
@@ -0,0 +1,65 @@
 {
  "name": "garage-12",
  "chef_environment": "production",
  "normal": {
    "knife_zero": {
      "host": "10.1.1.224"
    }
  },
  "automatic": {
    "fqdn": "garage-12",
    "os": "linux",
    "os_version": "5.15.0-1059-kvm",
    "hostname": "garage-12",
    "ipaddress": "192.168.122.173",
    "roles": [
      "base",
      "kvm_guest",
      "garage_node"
    ],
    "recipes": [
      "kosmos-base",
      "kosmos-base::default",
      "kosmos_kvm::guest",
      "kosmos_garage",
      "kosmos_garage::default",
      "kosmos_garage::firewall_rpc",
      "kosmos_garage::firewall_apis",
      "apt::default",
      "timezone_iii::default",
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
      "kosmos-postfix::default",
      "postfix::default",
      "postfix::_common",
      "postfix::_attributes",
      "postfix::sasl_auth",
      "hostname::default",
      "firewall::default"
    ],
    "platform": "ubuntu",
    "platform_version": "22.04",
    "cloud": null,
    "chef_packages": {
      "chef": {
        "version": "18.7.10",
        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib",
        "chef_effortless": null
      },
      "ohai": {
        "version": "18.2.5",
        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai"
      }
    }
  },
  "run_list": [
    "role[base]",
    "role[kvm_guest]",
    "role[garage_node]"
  ]
 }
--- a/nodes/garage-13.json
+++ b/nodes/garage-13.json
@@ -0,0 +1,65 @@
 {
  "name": "garage-13",
  "chef_environment": "production",
  "normal": {
    "knife_zero": {
      "host": "10.1.1.179"
    }
  },
  "automatic": {
    "fqdn": "garage-13",
    "os": "linux",
    "os_version": "5.15.0-1059-kvm",
    "hostname": "garage-13",
    "ipaddress": "192.168.122.27",
    "roles": [
      "base",
      "kvm_guest",
      "garage_node"
    ],
    "recipes": [
      "kosmos-base",
      "kosmos-base::default",
      "kosmos_kvm::guest",
      "kosmos_garage",
      "kosmos_garage::default",
      "kosmos_garage::firewall_rpc",
      "kosmos_garage::firewall_apis",
      "apt::default",
      "timezone_iii::default",
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
      "kosmos-postfix::default",
      "postfix::default",
      "postfix::_common",
      "postfix::_attributes",
      "postfix::sasl_auth",
      "hostname::default",
      "firewall::default"
    ],
    "platform": "ubuntu",
    "platform_version": "22.04",
    "cloud": null,
    "chef_packages": {
      "chef": {
        "version": "18.7.10",
        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib",
        "chef_effortless": null
      },
      "ohai": {
        "version": "18.2.5",
        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai"
      }
    }
  },
  "run_list": [
    "role[base]",
    "role[kvm_guest]",
    "role[garage_node]"
  ]
 }
--- a/nodes/gitea-2.json
+++ b/nodes/gitea-2.json
@@ -9,7 +9,7 @@
  "automatic": {
    "fqdn": "gitea-2",
    "os": "linux",
-    "os_version": "5.4.0-1096-kvm",
+    "os_version": "5.4.0-1123-kvm",
    "hostname": "gitea-2",
    "ipaddress": "192.168.122.189",
    "roles": [
@@ -39,6 +39,7 @@
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
@@ -49,6 +50,13 @@
      "postfix::sasl_auth",
      "hostname::default",
      "firewall::default",
      "kosmos_gitea::compile_from_source",
      "git::default",
      "git::package",
      "kosmos-nodejs::default",
      "nodejs::nodejs_from_package",
      "nodejs::repo",
      "golang::default",
      "backup::default",
      "logrotate::default"
    ],
--- a/nodes/mastodon-3.json
+++ b/nodes/mastodon-3.json
@@ -37,6 +37,7 @@
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
--- a/nodes/postgres-6.json
+++ b/nodes/postgres-6.json
@@ -22,6 +22,7 @@
      "kosmos_kvm::guest",
      "kosmos_postgresql::primary",
      "kosmos_postgresql::firewall",
      "kosmos-akkounts::pg_db",
      "kosmos-bitcoin::lndhub-go_pg_db",
      "kosmos-bitcoin::nbxplorer_pg_db",
      "kosmos_drone::pg_db",
--- a/nodes/postgres-7.json
+++ b/nodes/postgres-7.json
@@ -29,6 +29,7 @@
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
--- a/nodes/strfry-1.json
+++ b/nodes/strfry-1.json
@@ -27,11 +27,13 @@
      "strfry::default",
      "kosmos_strfry::policies",
      "kosmos_strfry::firewall",
      "kosmos_strfry::substr",
      "apt::default",
      "timezone_iii::default",
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
--- a/nodes/wiki-1.json
+++ b/nodes/wiki-1.json
@@ -28,6 +28,7 @@
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
@@ -66,12 +67,13 @@
    "cloud": null,
    "chef_packages": {
      "chef": {
-        "version": "15.13.8",
+        "version": "18.7.10",
-        "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.13.8/lib"
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib",
        "chef_effortless": null
      },
      "ohai": {
-        "version": "15.12.0",
+        "version": "18.2.5",
-        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai"
      }
    }
  },
--- a/roles/gitea.rb
+++ b/roles/gitea.rb
@@ -5,3 +5,11 @@ run_list %w(
  kosmos_gitea::default
  kosmos_gitea::backup
 )
 override_attributes(
  "gitea" => {
    "repo" => "https://github.com/67P/gitea.git",
    "revision" => "ldap_sync",
    "log" => { "level" => "Info" }
  },
 )
--- a/roles/postgresql_primary.rb
+++ b/roles/postgresql_primary.rb
@@ -3,6 +3,7 @@ name "postgresql_primary"
 run_list %w(
  kosmos_postgresql::primary
  kosmos_postgresql::firewall
  kosmos-akkounts::pg_db
  kosmos-bitcoin::lndhub-go_pg_db
  kosmos-bitcoin::nbxplorer_pg_db
  kosmos_drone::pg_db
--- a/roles/strfry.rb
+++ b/roles/strfry.rb
@@ -5,4 +5,5 @@ run_list %w(
  strfry::default
  kosmos_strfry::policies
  kosmos_strfry::firewall
  kosmos_strfry::substr
 )
--- a/site-cookbooks/deno
+++ b/site-cookbooks/deno
--- a/site-cookbooks/kosmos-akkounts/recipes/default.rb
+++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb
@@ -24,13 +24,12 @@ package "libvips"
 include_recipe 'redisio::default'
 include_recipe 'redisio::enable'
 node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_20.x"
 include_recipe 'kosmos-nodejs'
 npm_package "bun"
-npm_package "yarn" do
+ruby_version = "3.3.8"
  version "1.22.4"
 end
 ruby_version = "3.3.0"
 ruby_path = "/opt/ruby_build/builds/#{ruby_version}"
 bundle_path = "#{ruby_path}/bin/bundle"
 rails_env = node.chef_environment == "development" ? "development" : "production"
@@ -48,7 +47,28 @@ webhooks_allowed_ips = [lndhub_host].compact.uniq.join(',')
 env = {
  primary_domain: node['akkounts']['primary_domain'],
  akkounts_domain: node['akkounts']['domain'],
-  rails_serve_static_files: true
+  rails_serve_static_files: true,
  secret_key_base: credentials["rails_secret_key_base"],
  encryption_primary_key: credentials["rails_encryption_primary_key"],
  encryption_key_derivation_salt: credentials["rails_encryption_key_derivation_salt"],
  db_adapter: "postgresql",
  pg_host: "pg.kosmos.local",
  pg_port: 5432,
  pg_database: "akkounts",
  pg_database_queue: "akkounts_queue",
  pg_username: credentials["postgresql"]["username"],
  pg_password: credentials["postgresql"]["password"]
 }
 env[:ldap] = {
  host: "ldap.kosmos.local",
  port: 389,
  use_tls: false,
  uid_attr: "cn",
  base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org",
  admin_user: credentials["ldap"]["admin_user"],
  admin_password: credentials["ldap"]["admin_password"],
  suffix: "dc=kosmos,dc=org"
 }
 smtp_server, smtp_port = smtp_credentials[:relayhost].split(":")
@@ -138,9 +158,9 @@ if lndhub_host
  if postgres_readonly_host
    env[:lndhub_admin_ui] = true
    env[:lndhub_pg_host] = postgres_readonly_host
-    env[:lndhub_pg_database] = node['akkounts']['lndhub']['postgres_db']
+    env[:lndhub_pg_database] = node["akkounts"]["lndhub"]["postgres_db"]
-    env[:lndhub_pg_username] = credentials['postgresql_username']
+    env[:lndhub_pg_username] = credentials["postgresql"]["username"]
-    env[:lndhub_pg_password] = credentials['postgresql_password']
+    env[:lndhub_pg_password] = credentials["postgresql"]["password"]
  end
 end
@@ -208,7 +228,7 @@ systemd_unit "akkounts.service" do
      Type: "simple",
      User: deploy_user,
      WorkingDirectory: deploy_path,
-      Environment: "RAILS_ENV=#{rails_env}",
+      Environment: "RAILS_ENV=#{rails_env} SOLID_QUEUE_IN_PUMA=true",
      ExecStart: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid",
      ExecStop: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid stop",
      ExecReload: "#{bundle_path} exec pumactl -F config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid phased-restart",
@@ -225,36 +245,6 @@ systemd_unit "akkounts.service" do
  action [:create, :enable]
 end
 systemd_unit "akkounts-sidekiq.service" do
  content({
    Unit: {
      Description: "Kosmos Accounts async/background jobs",
      Documentation: ["https://gitea.kosmos.org/kosmos/akkounts"],
      Requires: "redis@6379.service",
      After: "syslog.target network.target redis@6379.service"
    },
    Service: {
      Type: "notify",
      User: deploy_user,
      WorkingDirectory: deploy_path,
      Environment: "MALLOC_ARENA_MAX=2",
      ExecStart: "#{bundle_path} exec sidekiq -C #{deploy_path}/config/sidekiq.yml -e #{rails_env}",
      WatchdogSec: "10",
      Restart: "on-failure",
      RestartSec: "1",
      StandardOutput: "syslog",
      StandardError: "syslog",
      SyslogIdentifier: "sidekiq"
    },
    Install: {
      WantedBy: "multi-user.target"
    }
  })
  verify false
  triggers_reload true
  action [:create, :enable]
 end
 deploy_env = {
  "HOME" => deploy_path,
  "PATH" => "#{ruby_path}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin",
@@ -267,15 +257,7 @@ git deploy_path do
  revision node[app_name]["revision"]
  user  deploy_user
  group deploy_group
  # Restart services on deployments
  notifies :run, "execute[restart #{app_name} services]", :delayed
 end
 execute "restart #{app_name} services" do
  command "true"
  action :nothing
  notifies :restart, "service[#{app_name}]", :delayed
  notifies :restart, "service[#{app_name}-sidekiq]", :delayed
 end
 file "#{deploy_path}/config/master.key" do
@@ -283,7 +265,7 @@ file "#{deploy_path}/config/master.key" do
  mode '0400'
  owner deploy_user
  group deploy_group
-  notifies :run, "execute[restart #{app_name} services]", :delayed
+  notifies :restart, "service[#{app_name}]", :delayed
 end
 template "#{deploy_path}/.env.#{rails_env}" do
@@ -293,7 +275,7 @@ template "#{deploy_path}/.env.#{rails_env}" do
  mode 0600
  sensitive true
  variables config: env
-  notifies :run, "execute[restart #{app_name} services]", :delayed
+  notifies :restart, "service[#{app_name}]", :delayed
 end
 execute "bundle install" do
@@ -303,13 +285,6 @@ execute "bundle install" do
  command "bundle install --without development,test --deployment"
 end
 execute "yarn install" do
  environment deploy_env
  user deploy_user
  cwd deploy_path
  command "yarn install --pure-lockfile"
 end
 execute 'rake db:migrate' do
  environment deploy_env
  user deploy_user
@@ -330,10 +305,6 @@ service "akkounts" do
  action [:enable, :start]
 end
 service "akkounts-sidekiq" do
  action [:enable, :start]
 end
 firewall_rule "akkounts_zerotier" do
  command  :allow
  port     node["akkounts"]["port"]
--- a/site-cookbooks/kosmos-akkounts/recipes/pg_db.rb
+++ b/site-cookbooks/kosmos-akkounts/recipes/pg_db.rb
@@ -0,0 +1,22 @@
 #
 # Cookbook:: kosmos-akkounts
 # Recipe:: pg_db
 #
 credentials = data_bag_item("credentials", "akkounts")
 pg_username = credentials["postgresql"]["username"]
 pg_password = credentials["postgresql"]["password"]
 postgresql_user pg_username do
  action :create
  password pg_password
 end
 databases = ["akkounts", "akkounts_queue"]
 databases.each do |database|
  postgresql_database database do
    owner pg_username
    action :create
  end
 end
--- a/site-cookbooks/kosmos-base/attributes/default.rb
+++ b/site-cookbooks/kosmos-base/attributes/default.rb
@@ -0,0 +1,2 @@
 node.default["kosmos-base"]["journald"]["system_max_use"] = "256M"
 node.default["kosmos-base"]["journald"]["max_retention_sec"] = "7d"
--- a/site-cookbooks/kosmos-base/recipes/andromeda_firewall.rb
+++ b/site-cookbooks/kosmos-base/recipes/andromeda_firewall.rb
@@ -1,52 +0,0 @@
 #
 # Cookbook Name:: kosmos-base
 # Recipe:: andromeda_firewall
 #
 # The MIT License (MIT)
 #
 # Copyright:: 2019, Kosmos Developers
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
 # in the Software without restriction, including without limitation the rights
 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 # copies of the Software, and to permit persons to whom the Software is
 # furnished to do so, subject to the following conditions:
 #
 # The above copyright notice and this permission notice shall be included in
 # all copies or substantial portions of the Software.
 #
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 # Temporary extra rules for Andromeda
 firewall_rule 'bitcoind' do
  port     [8333, 8334, 8335]
  protocol :tcp
  command  :allow
 end
 firewall_rule 'lnd' do
  port     [9736]
  # port     [9736, 8002]
  protocol :tcp
  command  :allow
 end
 firewall_rule 'lightningd' do
  port     [9735]
  protocol :tcp
  command  :allow
 end
 firewall_rule 'spark_wallet' do
  port     8008
  protocol :tcp
  command  :allow
 end
--- a/site-cookbooks/kosmos-base/recipes/default.rb
+++ b/site-cookbooks/kosmos-base/recipes/default.rb
@@ -27,11 +27,19 @@
 include_recipe 'apt'
 include_recipe 'timezone_iii'
 include_recipe 'ntp'
 include_recipe 'kosmos-base::journald_conf'
 include_recipe 'kosmos-base::systemd_emails'
 node.override["apt"]["unattended_upgrades"]["enable"] = true
 node.override["apt"]["unattended_upgrades"]["mail_only_on_error"] = false
 node.override["apt"]["unattended_upgrades"]["sender"] = "ops@kosmos.org"
 node.override["apt"]["unattended_upgrades"]["allowed_origins"] = [
  "${distro_id}:${distro_codename}-security",
-  "${distro_id}:${distro_codename}-updates"
+  "${distro_id}:${distro_codename}-updates",
  "${distro_id}ESMApps:${distro_codename}-apps-security",
  "${distro_id}ESMApps:${distro_codename}-apps-updates",
  "${distro_id}ESM:${distro_codename}-infra-security",
  "${distro_id}ESM:${distro_codename}-infra-updates"
 ]
 node.override["apt"]["unattended_upgrades"]["mail"] = "ops@kosmos.org"
 node.override["apt"]["unattended_upgrades"]["syslog_enable"] = true
--- a/site-cookbooks/kosmos-base/recipes/journald_conf.rb
+++ b/site-cookbooks/kosmos-base/recipes/journald_conf.rb
@@ -0,0 +1,14 @@
 #
 # Cookbook Name:: kosmos-base
 # Recipe:: journald_conf
 #
 service "systemd-journald"
 template "/etc/systemd/journald.conf" do
  source "journald.conf.erb"
  variables system_max_use: node["kosmos-base"]["journald"]["system_max_use"],
            max_retention_sec: node["kosmos-base"]["journald"]["max_retention_sec"]
  # Restarting journald is required
  notifies :restart, "service[systemd-journald]", :delayed
 end
--- a/site-cookbooks/kosmos-base/templates/default/journald.conf.erb
+++ b/site-cookbooks/kosmos-base/templates/default/journald.conf.erb
@@ -0,0 +1,6 @@
 [Journal]
 # Set the maximum size of the journal logs in bytes
 SystemMaxUse=<%= @system_max_use %>
 # Set the number of days after which logs will be deleted
 MaxRetentionSec=<%= @max_retention_sec %>
--- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb
+++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb
@@ -1,5 +1,5 @@
-node.default['bitcoin']['version']   = '28.0'
+node.default['bitcoin']['version']   = '30.0'
-node.default['bitcoin']['checksum']  = '700ae2d1e204602eb07f2779a6e6669893bc96c0dca290593f80ff8e102ff37f'
+node.default['bitcoin']['checksum']  = '9b472a4d51dfed9aa9d0ded2cb8c7bcb9267f8439a23a98f36eb509c1a5e6974'
 node.default['bitcoin']['username']  = 'satoshi'
 node.default['bitcoin']['usergroup'] = 'bitcoin'
 node.default['bitcoin']['network']   = 'mainnet'
@@ -41,7 +41,7 @@ node.default['c-lightning']['log_level'] = 'info'
 node.default['c-lightning']['public_ip'] = '148.251.237.73'
 node.default['lnd']['repo'] = 'https://github.com/lightningnetwork/lnd'
-node.default['lnd']['revision'] = 'v0.18.3-beta'
+node.default['lnd']['revision'] = 'v0.19.1-beta'
 node.default['lnd']['source_dir'] = '/opt/lnd'
 node.default['lnd']['lnd_dir'] = "/home/#{node['bitcoin']['username']}/.lnd"
 node.default['lnd']['alias'] = 'ln2.kosmos.org'
@@ -90,7 +90,7 @@ node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/
 node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"
 node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer'
-node.default['nbxplorer']['revision'] = 'v2.5.0'
+node.default['nbxplorer']['revision'] = 'v2.5.26'
 node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer'
 node.default['nbxplorer']['config_path'] = "/home/#{node['bitcoin']['username']}/.nbxplorer/Main/settings.config"
 node.default['nbxplorer']['port'] = '24445'
@@ -98,7 +98,7 @@ node.default['nbxplorer']['postgres']['database'] = 'nbxplorer'
 node.default['nbxplorer']['postgres']['user'] = 'nbxplorer'
 node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver'
-node.default['btcpay']['revision'] = 'v1.12.5'
+node.default['btcpay']['revision'] = 'v2.1.1'
 node.default['btcpay']['source_dir'] = '/opt/btcpay'
 node.default['btcpay']['config_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/Main/settings.config"
 node.default['btcpay']['log_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/debug.log"
@@ -111,3 +111,5 @@ node.default['btcpay']['postgres']['user'] = 'satoshi'
 node.default['peerswap']['repo'] = 'https://github.com/ElementsProject/peerswap.git'
 node.default['peerswap']['revision'] = 'master'
 node.default['peerswap-lnd']['source_dir'] = '/opt/peerswap'
 node.default['price_tracking']['rs_base_url'] = "https://storage.kosmos.org/kosmos/public/btc-price"
--- a/site-cookbooks/kosmos-bitcoin/recipes/bitcoind.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/bitcoind.rb
@@ -34,7 +34,7 @@ end
 execute "compile_bitcoin-core_dependencies" do
  cwd "/usr/local/bitcoind/depends"
  environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'})
-  command "make -j 2"
+  command "make -j $(($(nproc)/2))"
  action :nothing
  notifies :run, 'bash[compile_bitcoin-core]', :immediately
 end
@@ -43,21 +43,13 @@ bash "compile_bitcoin-core" do
  cwd "/usr/local/bitcoind"
  environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'})
  code <<-EOH
-    ./autogen.sh
+    cmake -B build --toolchain depends/x86_64-pc-linux-gnu/toolchain.cmake -DBUILD_TESTS=OFF
-    ./configure --prefix=$PWD/depends/x86_64-pc-linux-gnu
+    cmake --build build -j $(($(nproc)/2))
-    make
+    cmake --install build
  EOH
  action :nothing
 end
 link "/usr/local/bin/bitcoind" do
  to "/usr/local/bitcoind/src/bitcoind"
 end
 link "/usr/local/bin/bitcoin-cli" do
  to "/usr/local/bitcoind/src/bitcoin-cli"
 end
 bitcoin_user      = node['bitcoin']['username']
 bitcoin_group     = node['bitcoin']['usergroup']
 bitcoin_datadir   = node['bitcoin']['datadir']
--- a/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb
@@ -21,6 +21,7 @@ bash 'build_btcpay' do
    systemctl stop btcpayserver.service
    ./build.sh
  EOH
  environment "DOTNET_CLI_TELEMETRY_OPTOUT" => 1
  action :nothing
  notifies :restart, "service[btcpayserver]", :delayed
 end
@@ -87,7 +88,7 @@ systemd_unit 'btcpayserver.service' do
      Group: node['bitcoin']['usergroup'],
      Type: 'simple',
      WorkingDirectory: node['btcpay']['source_dir'],
-      Environment: defined?(nbxpg_connect) ? "'BTCPAY_EXPLORERPOSTGRES=#{nbxpg_connect}'" : '',
+      Environment: "'BTCPAY_EXPLORERPOSTGRES=#{nbxpg_connect}' 'DOTNET_CLI_TELEMETRY_OPTOUT=1'",
      ExecStart: "#{node['btcpay']['source_dir']}/run.sh --conf=#{node['btcpay']['config_path']}",
      PIDFile: '/run/btcpayserver/btcpayserver.pid',
      Restart: 'on-failure',
@@ -103,6 +104,8 @@ systemd_unit 'btcpayserver.service' do
  verify false
  triggers_reload true
  action [:create]
  # reload is not applicable
  notifies :restart, "service[btcpayserver]", :delayed
 end
 service "btcpayserver" do
--- a/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb
@@ -58,9 +58,7 @@ directory '/run/nbxplorer' do
 end
 env = {
-  NBXPLORER_POSTGRES: "User ID=#{postgres_user};Password=#{credentials['postgresql_password']};Database=#{postgres_database};Host=pg.kosmos.local;Port=5432;Application Name=nbxplorer;MaxPoolSize=20",
+  NBXPLORER_POSTGRES: "User ID=#{postgres_user};Password=#{credentials['postgresql_password']};Database=#{postgres_database};Host=pg.kosmos.local;Port=5432;Application Name=nbxplorer;MaxPoolSize=20"
  NBXPLORER_AUTOMIGRATE: "1",
  NBXPLORER_NOMIGRATEEVTS: "1"
 }
 systemd_unit 'nbxplorer.service' do
--- a/site-cookbooks/kosmos-bitcoin/recipes/price_tracking.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/price_tracking.rb
@@ -0,0 +1,59 @@
 #
 # Cookbook:: kosmos-bitcoin
 # Recipe:: price_tracking
 #
 # Track BTC rates and publish them via remoteStorage
 #
 %w[curl jq].each do |pkg|
  apt_package pkg
 end
 daily_tracker_path = "/usr/local/bin/btc-price-tracker-daily"
 credentials = Chef::EncryptedDataBagItem.load('credentials', 'kosmos-rs')
 template daily_tracker_path do
  source "btc-price-tracker-daily.sh.erb"
  mode '0740'
  variables rs_base_url: node['price_tracking']['rs_base_url']
  notifies :restart, "systemd_unit[lnd-channel-backup.service]", :delayed
 end
 systemd_unit 'btc-price-tracker-daily.service' do
  content({
    Unit: {
      Description: 'BTC price tracker (daily rates)',
      After: 'network-online.target',
      Wants: 'network-online.target'
    },
    Service: {
      Type: 'oneshot',
      ExecStart: daily_tracker_path,
      Environment: "RS_AUTH=#{credentials["auth_tokens"]["/btc-price"]}"
    },
    Install: {
      WantedBy: 'multi-user.target'
    }
  })
  sensitive true
  triggers_reload true
  action [:create]
 end
 systemd_unit 'btc-price-tracker-daily.timer' do
  content({
    Unit: {
      Description: 'Run BTC price tracker daily'
    },
    Timer: {
      OnCalendar: '*-*-* 00:00:00',
      Persistent: 'true'
    },
    Install: {
      WantedBy: 'timers.target'
    }
  })
  triggers_reload true
  action [:create, :enable, :start]
 end
--- a/site-cookbooks/kosmos-bitcoin/templates/btc-price-tracker-daily.sh.erb
+++ b/site-cookbooks/kosmos-bitcoin/templates/btc-price-tracker-daily.sh.erb
@@ -0,0 +1,49 @@
 #!/bin/bash
 # Calculate yesterday's date in YYYY-MM-DD format
 YESTERDAY=$(date -d "yesterday" +%Y-%m-%d)
 echo "Starting price tracking for $YESTERDAY" >&2
 # Fetch and process rates for a fiat currency
 get_price_data() {
    local currency=$1
    local data avg open24 last
    data=$(curl -s "https://www.bitstamp.net/api/v2/ticker/btc${currency,,}/")
    if [ $? -eq 0 ] && [ ! -z "$data" ]; then
        echo "Successfully retrieved ${currency} price data" >&2
        open24=$(echo "$data" | jq -r '.open_24')
        last=$(echo "$data" | jq -r '.last')
        avg=$(( (${open24%.*} + ${last%.*}) / 2 ))
        echo $avg
    else
        echo "ERROR: Failed to retrieve ${currency} price data" >&2
        exit 1
    fi
 }
 # Get price data for each currency
 usd_avg=$(get_price_data "USD")
 eur_avg=$(get_price_data "EUR")
 gbp_avg=$(get_price_data "GBP")
 # Create JSON
 json="{\"EUR\":$eur_avg,\"USD\":$usd_avg,\"GBP\":$gbp_avg}"
 echo "Rates: $json" >&2
 # PUT in remote storage
 response=$(curl -X PUT \
    -H "Authorization: Bearer $RS_AUTH" \
    -H "Content-Type: application/json" \
    -d "$json" \
    -w "%{http_code}" \
    -s \
    -o /dev/null \
    "<%= @rs_base_url %>/$YESTERDAY")
 if [ "$response" -eq 200 ] || [ "$response" -eq 201 ]; then
   echo "Successfully uploaded price data" >&2
 else
   echo "ERROR: Failed to upload price data. HTTP status: $response" >&2
   exit 1
 fi
--- a/site-cookbooks/kosmos-ejabberd/attributes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/attributes/default.rb
@@ -1,6 +1,6 @@
-node.default["ejabberd"]["version"] = "23.10"
+node.default["ejabberd"]["version"] = "25.08"
 node.default["ejabberd"]["package_version"] = "1"
-node.default["ejabberd"]["checksum"] = "1b02108c81e22ab28be84630d54061f0584b76d5c2702e598352269736b05e77"
+node.default["ejabberd"]["checksum"] = "e4703bc41b5843fc4b76e8b54a9380d5895f9b3dcd4795e05ad0c260ed9b9a23"
 node.default["ejabberd"]["turn_domain"] = "turn.kosmos.org"
 node.default["ejabberd"]["stun_auth_realm"] = "kosmos.org"
 node.default["ejabberd"]["stun_turn_port"] = 3478
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@@ -65,15 +65,13 @@ file "/opt/ejabberd/.hosts.erlang" do
  content ejabberd_hostnames.map{|h| "#{h}."}.join("\n")
 end
-ruby_block "configure ERLANG_NODE" do
+template "/opt/ejabberd/conf/ejabberdctl.cfg" do
-  block do
+  source    "ejabberdctl.cfg.erb"
-    file = Chef::Util::FileEdit.new("/opt/ejabberd/conf/ejabberdctl.cfg")
+  mode      0644
-    file.search_file_replace_line(
+  owner     'ejabberd'
-      %r{#ERLANG_NODE=ejabberd@localhost},
+  group     'ejabberd'
-      "ERLANG_NODE=ejabberd@#{node['name']}"
+  variables epmd_node_name: "ejabberd@#{node['name']}"
-    )
+  notifies :reload, "service[ejabberd]", :delayed
    file.write_file
  end
 end
 postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
@@ -110,6 +108,7 @@ hosts = [
        access_persistent: muc_create
        access_register: muc_create
        max_user_conferences: 1000
        max_users: 2000
        default_room_options:
          mam: true
        preload_rooms: true
@@ -224,10 +223,3 @@ end
 unless node.chef_environment == "development"
  include_recipe "kosmos-ejabberd::firewall"
 end
 firewall_rule 'ejabberd_http' do
  port     [80]
  source   "10.1.1.0/24"
  protocol :tcp
  command  :allow
 end
--- a/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb
@@ -35,3 +35,10 @@ firewall_rule 'ejabberd_turn' do
  protocol :udp
  command  :allow
 end
 firewall_rule 'ejabberd_http' do
  port     [80]
  source   "10.1.1.0/24"
  protocol :tcp
  command  :allow
 end
--- a/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb
@@ -16,8 +16,8 @@ set -e
 for domain in $RENEWED_DOMAINS; do
  case $domain in
  kosmos.org|kosmos.chat|5apps.com)
-    cp "${RENEWED_LINEAGE}/privkey.pem" /opt/ejabberd/conf/$domain.key
+    cp "/etc/letsencrypt/live/${domain}/privkey.pem" /opt/ejabberd/conf/$domain.key
-    cp "${RENEWED_LINEAGE}/fullchain.pem" /opt/ejabberd/conf/$domain.crt
+    cp "/etc/letsencrypt/live/${domain}/fullchain.pem" /opt/ejabberd/conf/$domain.crt
    chown ejabberd:ejabberd /opt/ejabberd/conf/$domain.*
    chmod 600 /opt/ejabberd/conf/$domain.*
    /opt/ejabberd-#{node["ejabberd"]["version"]}/bin/ejabberdctl reload_config
@@ -38,12 +38,13 @@ gandi_api_credentials = data_bag_item('credentials', 'gandi_api')
 template "/root/gandi_dns_certbot_hook.sh" do
  variables access_token: gandi_api_credentials["access_token"]
  mode 0700
  sensitive true
 end
 # Generate a Let's Encrypt cert (only if no cert has been generated before).
 # The systemd timer will take care of renewing
 execute "letsencrypt cert for kosmos.org domains" do
-  command "certbot certonly --manual --preferred-challenges dns --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup letsencrypt.kosmos.org\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@kosmos.org -d kosmos.org -d xmpp.kosmos.org -d chat.kosmos.org -d uploads.xmpp.kosmos.org -n"
+  command "certbot certonly --manual --preferred-challenges dns --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@kosmos.org -d kosmos.org -d xmpp.kosmos.org -d chat.kosmos.org -d upload.kosmos.org -d proxy.kosmos.org -d pubsub.kosmos.org -d uploads.xmpp.kosmos.org -n"
  not_if do
    File.exist?("/etc/letsencrypt/live/kosmos.org/fullchain.pem")
  end
--- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
@@ -1,10 +1,11 @@
 loglevel: 4
 log_rotate_size: 10485760
 log_rotate_date: ""
 log_rotate_count: 1
-log_rate_limit: 100
+loglevel: info
 hide_sensitive_log_data: true
 log_modules_fully:
  - mod_s3_upload
 hosts:
 <% @hosts.each do |host| -%>
@@ -95,6 +96,8 @@ auth_method: sql
 default_db: sql
 update_sql_schema: true
 shaper:
  normal:
    rate: 3000
@@ -119,6 +122,15 @@ acl:
      - "::1/128"
      - "::FFFF:127.0.0.1/128"
 api_permissions:
  "webadmin commands":
    who:
      - admin
    from:
      - ejabberd_web_admin
    what:
      - "*"
 shaper_rules:
  max_user_sessions: 10
  max_user_offline_messages:
@@ -185,8 +197,11 @@ api_permissions:
    what:
      - "add_rosteritem"
      - "delete_rosteritem"
-      - "send_message"
+      - "get_vcard2"
      - "muc_register_nick"
      - "private_set"
      - "send_message"
      - "send_stanza"
 language: "en"
@@ -231,7 +246,6 @@ modules:
  mod_shared_roster: {}
  mod_stun_disco:
    offer_local_services: false
    credentials_lifetime: 300
    secret: <%= @stun_secret %>
    services:
      -
--- a/site-cookbooks/kosmos-ejabberd/templates/ejabberdctl.cfg.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberdctl.cfg.erb
@@ -0,0 +1,175 @@
 #
 # In this file you can configure options that are passed by ejabberdctl
 # to the erlang runtime system when starting ejabberd
 #
 #' POLL: Kernel polling ([true|false])
 #
 # The kernel polling option requires support in the kernel.
 # Additionally, you need to enable this feature while compiling Erlang.
 #
 # Default: true
 #
 #POLL=true
 #.
 #' SMP: SMP support ([enable|auto|disable])
 #
 # Explanation in Erlang/OTP documentation:
 # enable: starts the Erlang runtime system with SMP support enabled.
 #   This may fail if no runtime system with SMP support is available.
 # auto: starts the Erlang runtime system with SMP support enabled if it
 #   is available and more than one logical processor are detected.
 # disable: starts a runtime system without SMP support.
 #
 # Default: enable
 #
 #SMP=enable
 #.
 #' ERL_MAX_PORTS: Maximum number of simultaneously open Erlang ports
 #
 # ejabberd consumes two or three ports for every connection, either
 # from a client or from another Jabber server. So take this into
 # account when setting this limit.
 #
 # Default: 32000
 # Maximum: 268435456
 #
 #ERL_MAX_PORTS=32000
 #.
 #' FIREWALL_WINDOW: Range of allowed ports to pass through a firewall
 #
 # If Ejabberd is configured to run in cluster, and a firewall is blocking ports,
 # it's possible to make Erlang use a defined range of port (instead of dynamic
 # ports) for node communication.
 #
 # Default: not defined
 # Example: 4200-4210
 #
 FIREWALL_WINDOW=4200-4210
 #.
 #' INET_DIST_INTERFACE: IP address where this Erlang node listens other nodes
 #
 # This communication is used by ejabberdctl command line tool,
 # and in a cluster of several ejabberd nodes.
 #
 # Default: 0.0.0.0
 #
 #INET_DIST_INTERFACE=127.0.0.1
 #.
 #' ERL_EPMD_ADDRESS: IP addresses where epmd listens for connections
 #
 # IMPORTANT: This option works only in Erlang/OTP R14B03 and newer.
 #
 # This environment variable may be set to a comma-separated
 # list of IP addresses, in which case the epmd daemon
 # will listen only on the specified address(es) and on the
 # loopback address (which is implicitly added to the list if it
 # has not been specified). The default behaviour is to listen on
 # all available IP addresses.
 #
 # Default: 0.0.0.0
 #
 #ERL_EPMD_ADDRESS=127.0.0.1
 #.
 #' ERL_PROCESSES: Maximum number of Erlang processes
 #
 # Erlang consumes a lot of lightweight processes. If there is a lot of activity
 # on ejabberd so that the maximum number of processes is reached, people will
 # experience greater latency times. As these processes are implemented in
 # Erlang, and therefore not related to the operating system processes, you do
 # not have to worry about allowing a huge number of them.
 #
 # Default: 250000
 # Maximum: 268435456
 #
 #ERL_PROCESSES=250000
 #.
 #' ERL_MAX_ETS_TABLES: Maximum number of ETS and Mnesia tables
 #
 # The number of concurrent ETS and Mnesia tables is limited. When the limit is
 # reached, errors will appear in the logs:
 #   ** Too many db tables **
 # You can safely increase this limit when starting ejabberd. It impacts memory
 # consumption but the difference will be quite small.
 #
 # Default: 1400
 #
 #ERL_MAX_ETS_TABLES=1400
 #.
 #' ERL_OPTIONS: Additional Erlang options
 #
 # The next variable allows to specify additional options passed to erlang while
 # starting ejabberd. Some useful options are -noshell, -detached, -heart. When
 # ejabberd is started from an init.d script options -noshell and -detached are
 # added implicitly. See erl(1) for more info.
 #
 # It might be useful to add "-pa /usr/local/lib/ejabberd/ebin" if you
 # want to add local modules in this path.
 #
 # Default: ""
 #
 #ERL_OPTIONS=""
 #.
 #' ERLANG_NODE: Erlang node name
 #
 # The next variable allows to explicitly specify erlang node for ejabberd
 # It can be given in different formats:
 # ERLANG_NODE=ejabberd
 #   Lets erlang add hostname to the node (ejabberd uses short name in this case)
 # ERLANG_NODE=ejabberd@hostname
 #   Erlang uses node name as is (so make sure that hostname is a real
 #   machine hostname or you'll not be able to control ejabberd)
 # ERLANG_NODE=ejabberd@hostname.domainname
 #   The same as previous, but erlang will use long hostname
 #   (see erl (1) manual for details)
 #
 # Default: ejabberd@localhost
 #
 ERLANG_NODE=<%= @epmd_node_name %>
 #.
 #' EJABBERD_PID_PATH: ejabberd PID file
 #
 # Indicate the full path to the ejabberd Process identifier (PID) file.
 # If this variable is defined, ejabberd writes the PID file when starts,
 # and deletes it when stops.
 # Remember to create the directory and grant write permission to ejabberd.
 #
 # Default: don't write PID file
 #
 #EJABBERD_PID_PATH=/var/run/ejabberd/ejabberd.pid
 #.
 #' CONTRIB_MODULES_PATH: contributed ejabberd modules path
 #
 # Specify the full path to the contributed ejabberd modules. If the path is not
 # defined, ejabberd will use ~/.ejabberd-modules in home of user running ejabberd.
 #
 # Default: $HOME/.ejabberd-modules
 #
 #CONTRIB_MODULES_PATH=/opt/ejabberd-modules
 #.
 #' CONTRIB_MODULES_CONF_DIR: configuration directory for contributed modules
 #
 # Specify the full path to the configuration directory for contributed ejabberd
 # modules. In order to configure a module named mod_foo, a mod_foo.yml file can
 # be created in this directory. This file will then be used instead of the
 # default configuration file provided with the module.
 #
 # Default: $CONTRIB_MODULES_PATH/conf
 #
 #CONTRIB_MODULES_CONF_DIR=/etc/ejabberd/modules
 #.
 #'
 # vim: foldmarker=#',#. foldmethod=marker:
--- a/site-cookbooks/kosmos-mastodon/recipes/default.rb
+++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb
@@ -265,6 +265,44 @@ service "mastodon-streaming" do
  action [:enable, :start]
 end
 #
 # Delete cached remote media older than 30 days
 # Will be re-fetched if necessary
 #
 systemd_unit 'mastodon-delete-old-media-cache.service' do
  content({
    Unit: {
      Description: 'Delete old Mastodon media cache'
    },
    Service: {
      Type: "oneshot",
      WorkingDirectory: mastodon_path,
      Environment: "RAILS_ENV=#{rails_env}",
      ExecStart: "#{bundle_path} exec bin/tootctl media remove --days 30",
    }
  })
  triggers_reload true
  action [:create]
 end
 systemd_unit 'mastodon-delete-old-media-cache.timer' do
  content({
    Unit: {
      Description: 'Delete old Mastodon media cache'
    },
    Timer: {
      OnCalendar: '*-*-* 00:00:00',
      Persistent: 'true'
    },
    Install: {
      WantedBy: 'timer.target'
    }
  })
  triggers_reload true
  action [:create, :enable, :start]
 end
 firewall_rule "mastodon_app" do
  port     node['kosmos-mastodon']['app_port']
  source   "10.1.1.0/24"
--- a/site-cookbooks/kosmos-mastodon/recipes/nginx.rb
+++ b/site-cookbooks/kosmos-mastodon/recipes/nginx.rb
@@ -12,6 +12,13 @@ search(:node, "role:mastodon").each do |node|
 end
 if upstream_hosts.any?
  web_root_dir = "/var/www/#{server_name}/public"
  directory web_root_dir do
    action :create
    recursive true
    owner 'www-data'
    group 'www-data'
    mode 0755
  end
 else
  web_root_dir = "#{app_dir}/public"
  upstream_hosts << "localhost"
--- a/site-cookbooks/kosmos-mediawiki/metadata.rb
+++ b/site-cookbooks/kosmos-mediawiki/metadata.rb
@@ -3,7 +3,6 @@ maintainer       'Kosmos'
 maintainer_email 'mail@kosmos.org'
 license          'MIT'
 description      'Installs/Configures kosmos-mediawiki'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 version          '0.3.1'
 depends "mediawiki"
--- a/site-cookbooks/kosmos-mediawiki/recipes/default.rb
+++ b/site-cookbooks/kosmos-mediawiki/recipes/default.rb
@@ -1,9 +1,9 @@
 #
-# Cookbook Name:: kosmos-mediawiki
+# Cookbook:: kosmos-mediawiki
-# Recipe:: default
+# Recipe:: default.rb
 #
-include_recipe 'apt'
+apt_update
 include_recipe 'ark'
 include_recipe 'composer'
@@ -11,15 +11,15 @@ apt_package 'imagemagick'
 server_name = 'wiki.kosmos.org'
-node.override['mediawiki']['version']         = "1.34.2"
+node.override['mediawiki']['version'] = "1.34.2"
-node.override['mediawiki']['webdir']          = "#{node['mediawiki']['docroot_dir']}/mediawiki-#{node['mediawiki']['version']}"
+node.override['mediawiki']['webdir'] = "#{node['mediawiki']['docroot_dir']}/mediawiki-#{node['mediawiki']['version']}"
 node.override['mediawiki']['tarball']['name'] = "mediawiki-#{node['mediawiki']['version']}.tar.gz"
-node.override['mediawiki']['tarball']['url']  = "https://releases.wikimedia.org/mediawiki/1.34/#{node['mediawiki']['tarball']['name']}"
+node.override['mediawiki']['tarball']['url'] = "https://releases.wikimedia.org/mediawiki/1.34/#{node['mediawiki']['tarball']['name']}"
-node.override['mediawiki']['language_code']   = 'en'
+node.override['mediawiki']['language_code'] = 'en'
-node.override['mediawiki']['server_name']     = server_name
+node.override['mediawiki']['server_name'] = server_name
-node.override['mediawiki']['site_name']       = 'Kosmos Wiki'
+node.override['mediawiki']['site_name'] = 'Kosmos Wiki'
 protocol = node.chef_environment == "development" ? "http" : "https"
-node.override['mediawiki']['server']          = "#{protocol}://#{server_name}"
+node.override['mediawiki']['server'] = "#{protocol}://#{server_name}"
 mysql_credentials = data_bag_item('credentials', 'mysql')
 mediawiki_credentials = data_bag_item('credentials', 'mediawiki')
@@ -30,14 +30,14 @@ directory "#{node['mediawiki']['webdir']}/skins/common/images" do
  owner node['nginx']['user']
  group node['nginx']['group']
  recursive true
-  mode 0750
+  mode "750"
 end
 cookbook_file "#{node['mediawiki']['webdir']}/skins/common/images/kosmos.png" do
  source 'kosmos.png'
  owner node['nginx']['user']
  group node['nginx']['group']
-  mode 0640
+  mode "640"
 end
 directory "#{node['mediawiki']['webdir']}/.well-known/acme-challenge" do
@@ -80,14 +80,14 @@ nginx_certbot_site server_name
 # Extensions
 #
-mediawiki_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mediawiki')
+mediawiki_credentials = data_bag_item('credentials', 'mediawiki')
 #
 # MediawikiHubot extension
 #
 # requires curl extension
-if platform?('ubuntu') && node[:platform_version].to_f < 16.04
+if platform?('ubuntu') && node["platform_version"].to_f < 16.04
  package "php5-curl"
 else
  package "php-curl"
@@ -100,7 +100,7 @@ ark "MediawikiHubot" do
  action :cherry_pick
 end
-hubot_credentials = Chef::EncryptedDataBagItem.load('credentials', 'hal8000_xmpp')
+hubot_credentials = data_bag_item('credentials', 'hal8000_xmpp')
 webhook_token = hubot_credentials['webhook_token']
 template "#{node['mediawiki']['webdir']}/extensions/MediawikiHubot/DefaultConfig.php" do
@@ -145,7 +145,7 @@ end
 ruby_block "configuration" do
  block do
-    # FIXME This is internal Chef API and should not be used from recipes, as
+    # FIXME: This is internal Chef API and should not be used from recipes, as
    # it is unsupported for that
    file = Chef::Util::FileEdit.new("#{node['mediawiki']['webdir']}/LocalSettings.php")
    file.search_file_replace_line(%r{\$wgLogo\ =\ \"\$wgResourceBasePath\/resources\/assets\/wiki.png\";},
@@ -235,7 +235,7 @@ wfLoadExtension( 'LDAPAuthentication2' );
 $wgGroupPermissions['*']['createaccount'] = false;
 $wgGroupPermissions['*']['autocreateaccount'] = true;
                                 EOF
-                                 )
+      )
      file.write_file
    end
@@ -247,9 +247,7 @@ end
 #
 file "#{node['mediawiki']['webdir']}/composer.local.json" do
-  requires = { "require": {
+  requires = { "require": { "mediawiki/mermaid": "~1.0" } }.to_json
    "mediawiki/mermaid": "~1.0"
  }}.to_json
  content requires
  owner node['nginx']['user']
  group node['nginx']['group']
--- a/site-cookbooks/kosmos-nginx/recipes/default.rb
+++ b/site-cookbooks/kosmos-nginx/recipes/default.rb
@@ -59,7 +59,7 @@ cookbook_file "#{node["nginx"]["user_home"]}/maintenance.html" do
  source "maintenance.html"
  owner node['nginx']['user']
  group node['nginx']['group']
-  mode "0640"
+  mode "0755"
 end
 unless node.chef_environment == "development"
--- a/site-cookbooks/kosmos-postfix/recipes/default.rb
+++ b/site-cookbooks/kosmos-postfix/recipes/default.rb
@@ -3,20 +3,23 @@
 # Recipe:: default
 #
-node.default['postfix']['main']['smtp_tls_CAfile']  = '/etc/ssl/certs/ca-certificates.crt'
+node.default["postfix"]["main"]["smtp_tls_CAfile"]  = "/etc/ssl/certs/ca-certificates.crt"
-node.default['postfix']['main']['smtpd_tls_CAfile'] = '/etc/ssl/certs/ca-certificates.crt'
+node.default["postfix"]["main"]["smtpd_tls_CAfile"] = "/etc/ssl/certs/ca-certificates.crt"
 return if node.run_list.roles.include?("email_server")
-smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp')
+smtp_credentials = Chef::EncryptedDataBagItem.load("credentials", "smtp")
-node.default['postfix']['sasl']['smtp_sasl_user_name']        = smtp_credentials['user_name']
+node.default["postfix"]["sasl"] = {
-node.default['postfix']['sasl']['smtp_sasl_passwd']           = smtp_credentials['password']
+  smtp_credentials["relayhost"] => {
-node.default['postfix']['sasl_password_file']                 = "#{node['postfix']['conf_dir']}/sasl_passwd"
+    "username" => smtp_credentials["user_name"],
-# Postfix doesn't support smtps relayhost, use STARTSSL instead
+    "password" => smtp_credentials["password"]
-node.default['postfix']['main']['relayhost']                  = smtp_credentials['relayhost']
+  }
-node.default['postfix']['main']['smtp_sasl_auth_enable']      = 'yes'
+}
 node.default['postfix']['main']['smtp_sasl_password_maps']    = "hash:#{node['postfix']['sasl_password_file']}"
 node.default['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous'
-include_recipe 'postfix::default'
+# Postfix doesn"t support smtps relayhost, use STARTSSL instead
 node.default["postfix"]["main"]["relayhost"]                  = smtp_credentials["relayhost"]
 node.default["postfix"]["main"]["smtp_sasl_auth_enable"]      = "yes"
 node.default["postfix"]["main"]["smtp_sasl_security_options"] = "noanonymous"
 include_recipe "postfix::default"
--- a/site-cookbooks/kosmos_drone/recipes/default.rb
+++ b/site-cookbooks/kosmos_drone/recipes/default.rb
@@ -26,7 +26,7 @@ template "#{deploy_path}/docker-compose.yml" do
  mode 0640
  variables domain: node["kosmos_drone"]["domain"],
            upstream_port: node["kosmos_drone"]["upstream_port"],
-            gitea_server: "https://#{node["kosmos_gitea"]["nginx"]["domain"]}",
+            gitea_server: "https://#{node["gitea"]["domain"]}",
            client_id: credentials['client_id'],
            client_secret: credentials['client_secret'],
            rpc_secret: credentials['rpc_secret'],
--- a/site-cookbooks/kosmos_gitea/attributes/default.rb
+++ b/site-cookbooks/kosmos_gitea/attributes/default.rb
@@ -1,13 +1,21 @@
-node.default["gitea"]["version"] = "1.22.5"
+node.default["gitea"]["version"] = "1.23.8"
-node.default["gitea"]["checksum"] = "ce2c7e4fff3c1e3ed59f5b5e00e3f2d301f012c34e329fccd564bc5129075460"
+node.default["gitea"]["checksum"] = "827037e7ca940866918abc62a7488736923396c467fcb4acd0dd9829bb6a6f4c"
 node.default["gitea"]["repo"] = nil
 node.default["gitea"]["revision"] = nil
 node.default["gitea"]["working_directory"] = "/var/lib/gitea"
 node.default["gitea"]["port"] = 3000
 node.default["gitea"]["postgresql_host"] = "localhost:5432"
 node.default["gitea"]["domain"] = "gitea.kosmos.org"
 node.default["gitea"]["config"] = {
  "log": {
    "level" => "Info",
    "logger.router.MODE" => "",
    "logger.xorm.MODE" => "",
    "logger.access.MODE" => ""
  },
  "actions": {
-    "enabled": true
+    "enabled" => true
  },
  "webhook":  {
    "allowed_host_list" => "external,127.0.1.1"
--- a/site-cookbooks/kosmos_gitea/metadata.rb
+++ b/site-cookbooks/kosmos_gitea/metadata.rb
@@ -10,5 +10,8 @@ chef_version '>= 14.0'
 depends "firewall"
 depends "kosmos_openresty"
 depends "kosmos_postgresql"
 depends "backup"
 depends "kosmos-dirsrv"
 depends 'kosmos-nodejs'
 depends 'git'
 depends 'golang'
 depends "backup"
--- a/site-cookbooks/kosmos_gitea/recipes/compile_from_source.rb
+++ b/site-cookbooks/kosmos_gitea/recipes/compile_from_source.rb
@@ -0,0 +1,42 @@
 #
 # Cookbook:: kosmos_gitea
 # Recipe:: compile_from_source
 #
 # Compiles/installs Gitea from source
 #
 include_recipe "git"
 node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_20.x"
 include_recipe 'kosmos-nodejs'
 node.override["golang"]["version"] = "1.23.9"
 include_recipe "golang"
 link "/usr/local/bin/go" do
  to "/usr/local/go/bin/go"
 end
 source_dir = "/opt/gitea"
 git source_dir do
  repository node["gitea"]["repo"]
  revision node["gitea"]["revision"]
  action :sync
  notifies :run, "execute[npm_install]", :immediately
 end
 execute "npm_install" do
  cwd source_dir
  command "npm ci"
  action :nothing
  notifies :run, "bash[compile_gitea]", :immediately
 end
 bash "compile_gitea" do
  cwd source_dir
  environment "TAGS" => "bindata"
  code "make build"
  action :nothing
  notifies :restart, "service[gitea]", :delayed
 end
--- a/site-cookbooks/kosmos_gitea/recipes/default.rb
+++ b/site-cookbooks/kosmos_gitea/recipes/default.rb
@@ -5,11 +5,12 @@
 version                   = node["gitea"]["version"]
 download_url              = "https://dl.gitea.io/gitea/#{version}/gitea-#{version}-linux-amd64"
 compile_from_source       = node["gitea"]["repo"] && node["gitea"]["revision"]
 working_directory         = node["gitea"]["working_directory"]
 git_home_directory        = "/home/git"
 repository_root_directory = "#{git_home_directory}/gitea-repositories"
 config_directory          = "/etc/gitea"
-gitea_binary_path         = "/usr/local/bin/gitea"
+gitea_binary_path         = compile_from_source ? "/opt/gitea/gitea" : "/usr/local/bin/gitea"
 gitea_data_bag_item       = data_bag_item("credentials", "gitea")
 smtp_credentials          = data_bag_item("credentials", "smtp")
 smtp_addr                 = smtp_credentials["relayhost"].split(":")[0]
@@ -18,7 +19,6 @@ jwt_secret                = gitea_data_bag_item["jwt_secret"]
 internal_token            = gitea_data_bag_item["internal_token"]
 secret_key                = gitea_data_bag_item["secret_key"]
 # Dependency
 package "git"
 user "git" do
@@ -108,11 +108,15 @@ template "#{config_directory}/app.ini" do
  notifies :restart, "service[gitea]", :delayed
 end
-remote_file gitea_binary_path do
+if compile_from_source
-  source download_url
+  include_recipe "kosmos_gitea::compile_from_source"
-  checksum node['gitea']['checksum']
+else
-  mode "0755"
+  remote_file gitea_binary_path do
-  notifies :restart, "service[gitea]", :delayed
+    source download_url
    checksum node['gitea']['checksum']
    mode "0755"
    notifies :restart, "service[gitea]", :delayed
  end
 end
 execute "systemctl daemon-reload" do
--- a/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb
+++ b/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb
@@ -24,9 +24,11 @@ NAME    = gitea
 USER    = gitea
 PASSWD  = <%= @postgresql_password %>
 SSL_MODE = disable
 MAX_OPEN_CONNS = 20
 [repository]
 ROOT = <%= @repository_root_directory %>
 DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true
 # [indexer]
 # ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
@@ -72,8 +74,11 @@ ENABLE_OPENID_SIGNIN = false
 ENABLE_OPENID_SIGNUP = false
 [log]
-MODE      = console
+MODE = console
-LEVEL     = Debug
+LEVEL = <%= @config["log"]["level"] %>
 logger.router.MODE = <%= @config["log"]["logger.router.MODE"] %>
 logger.xorm.MODE = <%= @config["log"]["logger.xorm.MODE"] %>
 logger.access.MODE = <%= @config["log"]["logger.access.MODE"] %>
 [attachment]
 ENABLED = true
--- a/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_web.erb
+++ b/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_web.erb
@@ -16,7 +16,7 @@ server {
  add_header Strict-Transport-Security "max-age=31536000";
-  client_max_body_size 20M;
+  client_max_body_size 121M;
  location ~ ^/(avatars|repo-avatars)/.*$ {
    proxy_buffers 1024 8k;
--- a/site-cookbooks/kosmos_kvm/README.md
+++ b/site-cookbooks/kosmos_kvm/README.md
@@ -1,4 +1,14 @@
 # kosmos_kvm
-TODO: Enter the cookbook description here.
+## Create a new VM
 A script is deployed by the `host` recipe to `/usr/local/sbin/create_vm`
 ### Usage
 ```
 create_vm VMNAME RAM CPUS DISKSIZE
 ```
 * `RAM` in megabytes
 * `DISKSIZE` in gigabytes, defaults to 10
--- a/site-cookbooks/kosmos_rsk/attributes/default.rb
+++ b/site-cookbooks/kosmos_rsk/attributes/default.rb
@@ -1,4 +1,4 @@
-node.default['rskj']['version'] = '5.3.0~jammy'
+node.default['rskj']['version'] = '7.0.0~jammy'
 node.default['rskj']['network'] = 'testnet'
 node.default['rskj']['nginx']['domain'] = nil
--- a/site-cookbooks/kosmos_rsk/recipes/rskj.rb
+++ b/site-cookbooks/kosmos_rsk/recipes/rskj.rb
@@ -19,6 +19,8 @@ apt_repository 'rskj' do
  key '5EED9995C84A49BC02D4F507DF10691F518C7BEA'
 end
 apt_package 'openjdk-17-jdk'
 apt_package 'rskj' do
  response_file 'rskj-preseed.cfg.erb'
  response_file_variables network: node['rskj']['network']
--- a/site-cookbooks/kosmos_rsk/test/integration/rskj/rskj_test.rb
+++ b/site-cookbooks/kosmos_rsk/test/integration/rskj/rskj_test.rb
@@ -9,7 +9,7 @@ end
 describe package('rskj') do
  it { should be_installed }
-  its('version') { should eq '5.3.0~jammy' }
+  its('version') { should eq '7.0.0~jammy' }
 end
 describe service('rsk') do
--- a/site-cookbooks/kosmos_strfry/attributes/default.rb
+++ b/site-cookbooks/kosmos_strfry/attributes/default.rb
@@ -1,2 +1,10 @@
 node.default["strfry"]["ldap_search_dn"] = "ou=kosmos.org,cn=users,dc=kosmos,dc=org"
 node.default["strfry"]["extras_dir"] = "/opt/strfry"
 # node.default["substr"]["repo"] = "https://gitea.kosmos.org/kosmos/substr.git"
 # node.default["substr"]["revision"] = "master"
 node.default["substr"]["version"] = "nightly"
 node.default["substr"]["download_url"] = "https://gitea.kosmos.org/api/packages/kosmos/generic/substr/#{node["substr"]["version"]}/substr_x86_64-unknown-linux-gnu"
 node.default["substr"]["workdir"] = "/opt/substr"
 node.default["substr"]["port"] = 30023
 node.default["substr"]["relay_urls"] = ["ws://localhost:7777"]
--- a/site-cookbooks/kosmos_strfry/recipes/policies.rb
+++ b/site-cookbooks/kosmos_strfry/recipes/policies.rb
@@ -24,7 +24,7 @@ env = {
  ldap_bind_dn: ldap_credentials["service_dn"],
  ldap_password: ldap_credentials["service_password"],
  ldap_search_dn: node["strfry"]["ldap_search_dn"],
-  whitelist_pubkeys: node["strfry"]["whitelist_pubkeys"].join(",")
+  whitelist_pubkeys: node["strfry"]["known_pubkeys"].values.join(",")
 }
 template "#{extras_dir}/.env" do
--- a/site-cookbooks/kosmos_strfry/recipes/substr.rb
+++ b/site-cookbooks/kosmos_strfry/recipes/substr.rb
@@ -0,0 +1,100 @@
 #
 # Cookbook:: kosmos_strfry
 # Recipe:: substr
 #
 unless platform?("ubuntu")
  raise "This recipe only supports Ubuntu installs at the moment"
 end
 apt_package "imagemagick"
 directory node["substr"]["workdir"] do
  owner node["strfry"]["user"]
  group node["strfry"]["group"]
  mode "0755"
 end
 if node["substr"]["download_url"]
  remote_file '/usr/local/bin/substr' do
    source node["substr"]["download_url"]
    checksum node["substr"]["checksum"]
    mode '0755'
    show_progress true
    notifies :restart, "service[substr]", :delayed
  end
  exec_start = "/usr/local/bin/substr"
 else
  # TODO Install Deno 2
  git node["substr"]["workdir"] do
    user node["strfry"]["user"]
    group node["strfry"]["group"]
    repository node['substr']['repo']
    revision node['substr']['revision']
    action :sync
    notifies :restart, "service[substr]", :delayed
  end
  exec_start = "deno task server"
 end
 file "#{node["substr"]["workdir"]}/users.yaml" do
  mode "0644"
  owner node["strfry"]["user"]
  group node["strfry"]["group"]
  content node["strfry"]["known_pubkeys"].to_yaml
  notifies :restart, "service[substr]", :delayed
 end
 ldap_credentials = Chef::EncryptedDataBagItem.load('credentials', 'dirsrv')
 env = {
  port: node['substr']['port'],
  base_url: "https://#{node["strfry"]["domain"]}",
  relay_urls: node['substr']['relay_urls'].join(","),
  ldap_url: 'ldap://ldap.kosmos.local:389', # requires "ldap_client" role
  ldap_bind_dn: ldap_credentials["service_dn"],
  ldap_password: ldap_credentials["service_password"],
  ldap_search_dn: node["strfry"]["ldap_search_dn"],
 }
 template "#{node["substr"]["workdir"]}/.env" do
  source 'env.erb'
  owner node["strfry"]["user"]
  group node["strfry"]["group"]
  mode 0600
  sensitive true
  variables config: env
  notifies :restart, "service[substr]", :delayed
 end
 systemd_unit "substr.service" do
  content({
    Unit: {
      Description: "substr for nostr",
      Documentation: ["https://gitea.kosmos.org/kosmos/substr"],
    },
    Service: {
      Type: "simple",
      User: node["strfry"]["user"],
      WorkingDirectory: node["substr"]["workdir"],
      ExecStart: exec_start,
      Restart: "on-failure",
      RestartSec: "5",
      ProtectHome: "no",
      NoNewPrivileges: "yes",
      ProtectSystem: "full"
    },
    Install: {
      WantedBy: "multi-user.target"
    }
  })
  triggers_reload true
  action :create
 end
 service "substr" do
  action [:enable, :start]
 end
--- a/site-cookbooks/kosmos_strfry/templates/nginx_conf_strfry.erb
+++ b/site-cookbooks/kosmos_strfry/templates/nginx_conf_strfry.erb
@@ -4,6 +4,12 @@ upstream _strfry {
 <% end %>
 }
 upstream _substr {
 <% @upstream_hosts.each do |host| %>
  server <%= host %>:30023;
 <% end %>
 }
 server {
  server_name <%= @domain %>;
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
@@ -15,6 +21,16 @@ server {
  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
  location = /favicon.ico {
    alias /var/www/assets.kosmos.org/site/img/favicon.ico;
  }
  location ~* ^/[@~n]|^/assets {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://_substr;
  }
  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
--- a/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb
+++ b/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb
@@ -29,11 +29,15 @@ server {
  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
  location /.well-known/host-meta.json {
    add_header 'Access-Control-Allow-Origin' '*';
  }
 <% if @accounts_url %>
  location ~ ^/.well-known/(keysend|lnurlp|nostr|openpgpkey|webfinger) {
    proxy_ssl_server_name on;
    proxy_set_header X-Forwarded-Host $host;
-    proxy_pass https://accounts.kosmos.org;
+    proxy_pass <%= @accounts_url %>;
  }
 <% end %>
 }
--- a/site-cookbooks/strfry
+++ b/site-cookbooks/strfry
Author	SHA1	Message	Date
Râu Cao	aade479e5b	Remove obsolete recipe	2025-11-12 13:47:00 +01:00
Râu Cao	a3bb927f95	Merge pull request 'Document script that creates VMs' (#604 ) from feature/244-document_creating_vm into master Reviewed-on: #604 Reviewed-by: Râu Cao <raucao@kosmos.org>	2025-10-30 16:32:02 +00:00
Greg Karekinian	5b53635f1a	Document script that creates VMs Closes #244	2025-10-30 16:18:59 +01:00
Râu Cao	ea087b1e3e	Add new Garage nodes	2025-10-24 18:20:06 +02:00
Râu Cao	9817589a92	Merge pull request 'Upgrade bitcoind to 30.0' (#603 ) from chore/upgrade_bitcoind into master Reviewed-on: #603	2025-10-24 16:18:35 +00:00
Râu Cao	d632cafd9c	Upgrade bitcoind to 30.0 Also disables building the tests, which eats up more than 5GB of disk space.	2025-10-24 18:16:00 +02:00
Greg	87b03d3936	Merge pull request 'Upgrade ejabberd from 23.10 to 25.08' (#602 ) from chore/upgrade_ejabberd into master Reviewed-on: #602 Reviewed-by: Greg <greg@kosmos.org>	2025-09-21 11:03:39 +00:00
Râu Cao	ae3df992e4	Update node info	2025-09-21 12:45:54 +02:00
Râu Cao	2ea5b30224	Upgrade ejabberd to 25.08 Co-authored-by: Greg Karékinian <greg@karekinian.com>	2025-09-21 12:45:20 +02:00
Râu Cao	4ef06cb4b7	Merge pull request 'Modernize kosmos-mediawiki cookbook' (#600 ) from feature/500-chef_upgrade_mediawiki into master Reviewed-on: #600 Reviewed-by: Râu Cao <raucao@kosmos.org>	2025-09-17 06:41:30 +00:00
Râu Cao	73e8a2c413	Fix random port being used for EPMD node Fixes not being able to join a cluster from other nodes, because the ports are not within the firewall range of allowed ports. Co-authored-by: Greg Karékinian <greg@karekinian.com>	2025-09-16 17:48:09 +02:00
Râu Cao	ea4713c654	Move firewall config Co-authored-by: Greg Karékinian <greg@karekinian.com>	2025-09-16 17:47:41 +02:00
Râu Cao	dde29c4a6c	Upgrade ejabberd to 24.02 Co-authored-by: Greg Karékinian <greg@karekinian.com>	2025-09-16 17:01:43 +02:00
Râu Cao	03f1d16998	Update SQL Schema automatically on ejabberd upgrades Co-authored-by: Greg Karékinian <greg@karekinian.com>	2025-09-16 16:07:10 +02:00
Râu Cao	6534086df2	Update logger configuration * Remove unused/deprecated options * Hide user IPs * Set level to "info" Co-authored-by: Greg Karékinian <greg@karekinian.com>	2025-09-16 16:07:00 +02:00
Râu Cao	dbf0e50abf	Merge pull request 'Enable unattended-upgrades' (#598 ) from bugfix/499-unattended_upgrades into master Reviewed-on: #598 Reviewed-by: Râu Cao <raucao@kosmos.org>	2025-09-10 08:47:52 +00:00
Greg Karekinian	a828d92185	Fix Ruby style This is using Standard Ruby	2025-09-09 15:29:17 +02:00
Greg Karekinian	0fe6d0bd06	Use the "new" way to set up sasl in the postfix cookbook	2025-09-09 15:28:20 +02:00
Greg Karekinian	9712697569	Fork the postfix cookbook to work around a bug I ran into the issue described in https://github.com/sous-chefs/postfix/issues/148 and couldn't figure out a way to work around it without forking it.	2025-09-09 14:54:06 +02:00
Greg Karekinian	d32f276b42	Update akkounts-1 node file after Chef run	2025-09-09 10:13:26 +02:00
Greg Karekinian	cc40c0db19	Configure unattended-upgrades for ESM	2025-09-09 10:12:35 +02:00
Râu Cao	41339c1040	Add doc for Mastodon maintenance	2025-07-27 09:17:01 +02:00
Greg Karekinian	0cae8dca69	Set the email sender in unattended-upgrades config Mailgun was rejecting the email as it did not have a valid sender (the default, which is something like root@akkounts-1). Unattended upgrades have been working properly, now we will start getting emails next time an upgrade is done on akkounts-1.	2025-07-15 10:12:02 +02:00
Greg Karekinian	78e5f810b7	Update node file after Chef upgrade I ended up upgrading Chef manually on the server as I couldn't using knife-zero `curl https://omnitruck.chef.io/install.sh \| sudo bash -s -- -P chef -v 18.7.10`	2025-07-09 15:42:30 +02:00
Greg Karekinian	443910c7a2	Modernize kosmos-mediawiki This has been done with the help of `cookstyle` which is very useful to learn about breaking changes and updates in Chef. On wiki-1 I managed to update Chef up to 17.10.163. For version 18 I ran into an issue with the omnibus installer returning a 404 Refs #500	2025-07-09 11:24:14 +02:00
Greg	8052c67d23	Merge pull request 'Opt-out of dotnet telemetry for btcpay' (#599 ) from feature/441-optout_dotnet_telemetry into master Reviewed-on: #599 Reviewed-by: Râu Cao <raucao@kosmos.org>	2025-06-25 10:01:58 +00:00
Greg Karekinian	cd269dca03	Also disable dotnet telemetry during the build	2025-06-25 10:35:07 +02:00
Greg Karekinian	7e47c879a1	Remove unused variable	2025-06-25 10:18:57 +02:00
Greg Karekinian	2b49cb1b2b	Restart the btcpay service on config changes It cannot handle reloads	2025-06-25 10:13:25 +02:00
Greg Karekinian	89fa3ede9e	Remove the condition on the postgresql Also move back the environment variable definitions to the hash	2025-06-25 09:51:35 +02:00
Greg Karekinian	efb032fffa	Opt-out of dotnet telemetry for btcpay This is done by setting an environment variable in the systemd unit Fixes #441	2025-06-24 16:53:59 +02:00
Greg Karekinian	68df49037c	Merge remote-tracking branch 'origin/master' into bugfix/499-unattended_upgrades	2025-06-16 16:05:35 +02:00
Râu Cao	364adec80f	Upgrade LND to 0.19.1	2025-06-16 17:57:30 +04:00
Râu Cao	092a2edb3c	Update node info	2025-06-16 17:57:04 +04:00
Râu Cao	63d0b68c36	Upgrade Deno	2025-06-02 10:53:38 +04:00
Râu Cao	3adb2a1aee	Adapt strfry config to cookbook changes, increase allowed event size	2025-06-01 20:06:47 +04:00
Râu Cao	9cff1fb68b	Update node info	2025-06-01 20:06:32 +04:00
Greg Karekinian	773950b9a5	Always send an email on unattended-upgrades	2025-05-31 17:00:07 +02:00
Greg Karekinian	f39a1ed250	Enable unattended-upgrades We were missing a positive value on `["apt"]["unattended_upgrades"]["enable"]` to enable it. Refs #499	2025-05-31 16:44:01 +02:00
Greg	3c51ff261e	Merge pull request 'Compile Gitea from source, apply our LDAP fixes' (#596 ) from feature/compile_gitea_from_source into master Reviewed-on: #596 Reviewed-by: Greg <greg@kosmos.org>	2025-05-31 12:26:28 +00:00
Râu Cao	0c62ff6c84	Improve Gitea logging	2025-05-31 15:29:18 +04:00
Râu Cao	2c3b381755	Update Gitea stable version	2025-05-31 15:29:03 +04:00
Râu Cao	3492bec627	Use Gitea from source	2025-05-31 15:28:33 +04:00
Râu Cao	00f4c8bd31	Optionally compile Gitea from source	2025-05-31 15:27:21 +04:00
Râu Cao	301596500d	Update node info	2025-05-28 10:18:53 +04:00
Râu Cao	8a2bfb6b18	Fix attribute Was moved to a new name since the recipe was created	2025-05-23 14:44:04 +04:00
Râu Cao	846bf3483a	Update node info	2025-05-23 14:43:40 +04:00
Greg	e3ef1dc3b3	Merge pull request 'Upgrade Bitcoin Core, NBXplorer, BTCPay Server' (#595 ) from chore/upgrade_bitcoin_software into master Reviewed-on: #595 Reviewed-by: Greg <greg@noreply.kosmos.org>	2025-05-22 12:32:25 +00:00
Râu Cao	2089999cc8	Upgrade bitcoind to 29.0, switch to cmake	2025-05-22 15:52:22 +04:00
Râu Cao	a4aa29de0c	Upgrade NBXplorer, BTCPay Server	2025-05-22 15:50:27 +04:00
Râu Cao	98be234a4f	Merge pull request 'Configure maximum size and timespan of journald logs' (#594 ) from feature/506-journald_logs_config into master Reviewed-on: #594 Reviewed-by: Râu Cao <raucao@kosmos.org>	2025-05-21 12:12:57 +00:00
Greg Karekinian	7dc4f674a0	Use the systemd unit instead of an execute resource Also extract the attributes so it is possible to override them.	2025-05-21 13:40:12 +02:00
Greg Karekinian	49b636305e	Update mastodon-3 node file after Chef run	2025-05-21 11:36:15 +02:00
Greg Karekinian	3e2ee30334	Configure maximum size and timespan of journald logs Closes #506	2025-05-21 11:36:15 +02:00
Râu Cao	d00072ee5a	Merge pull request 'Delete old Mastodon media cache every day' (#593 ) from feature/533-delete_old_mastodon_cached_media into master Reviewed-on: #593 Reviewed-by: Râu Cao <raucao@kosmos.org>	2025-05-17 07:06:35 +00:00
Râu Cao	14687558fe	Minor cleanup	2025-05-17 10:55:06 +04:00
Râu Cao	de7cc69505	Allow more users per room	2025-05-17 10:42:41 +04:00
Greg Karekinian	b01315f998	Delete old Mastodon media cache every day This is done using a systemd timer Closes #533	2025-05-16 19:12:47 +02:00
Râu Cao	160134bd86	Allow more ejabberd API calls from akkounts	2025-05-16 15:17:43 +04:00
Greg	766030d716	Merge pull request 'Adapt akkounts recipes for config changes' (#592 ) from chore/rails_deployment into master Reviewed-on: #592 Reviewed-by: Greg <greg@noreply.kosmos.org>	2025-05-06 17:11:24 +00:00
Râu Cao	3c436bb9f1	Configure LDAP for akkounts, add more Rails credentials	2025-05-06 19:41:54 +04:00
Râu Cao	d029d90214	Generate postgres user/db for akkounts, use credentials from env Co-authored-by: Greg Karékinian <greg@karekinian.com>	2025-05-06 15:49:43 +04:00
Râu Cao	f8e5fd2f3e	Fix missing dir for Mastodon maintenance file	2025-04-29 17:53:05 +04:00
Râu Cao	cab766c806	Update node.js, install bun, for Rails 8.0 upgrade	2025-04-29 17:51:53 +04:00
Râu Cao	5777a45f0a	Fix/improve ejabberd cert renewals	2025-04-22 17:28:44 +04:00
Râu Cao	f23c37312e	Update deno cookbook	2025-04-18 16:21:07 +04:00
Râu Cao	cf1ef4f2f4	Merge pull request 'Upgrade Gitea, disable downloads of repo archives' (#588 ) from chore/upgrade_gitea into master Reviewed-on: #588	2025-04-09 13:28:28 +00:00
Râu Cao	f65256d229	Disable downloads of repo archives	2025-04-09 17:25:41 +04:00
Râu Cao	2cc0ee5b8a	Upgrade Gitea to 1.23.7	2025-04-09 17:25:17 +04:00
Râu Cao	10e8ba5569	Add missing CORS headers to host-meta.json Otherwise XMPP Web clients cannot fetch the Bosh and WS endpoint info	2025-04-08 00:10:29 +04:00
Râu Cao	6c35a20b89	Merge pull request 'Upgrade rskj to 7.0.0' (#587 ) from chore/upgrade_rskj into master Reviewed-on: #587	2025-04-05 09:14:25 +00:00
Râu Cao	e3d9a50f09	Upgrade Gitea to 1.23.6	2025-04-04 18:53:46 +04:00
Râu Cao	c4652ca2eb	Upgrade rskj to 7.0.0	2025-04-04 16:59:11 +04:00
Râu Cao	56440bfd89	Merge pull request 'Upgrade nbxplorer, BTCPay Server' (#586 ) from chore/upgrade_btcpay into master Reviewed-on: #586	2025-03-25 10:08:06 +00:00
Râu Cao	abee2407bf	Upgrade nbxplorer, BTCPay Server	2025-03-25 14:03:34 +04:00
Râu Cao	0cef08fb7b	Merge pull request 'Update Gandi API token' (#585 ) from chore/update_gandi_token into master Reviewed-on: #585	2025-03-19 14:02:49 +00:00
Râu Cao	f246f63594	Update Gandi API token For certbot renewals. Also set resource to sensitive in ejabberd recipe. Co-authored-by: Greg Karékinian <greg@karekinian.com>	2025-03-19 18:01:50 +04:00
Râu Cao	2dee25bf23	Update node info	2025-03-19 18:00:07 +04:00
Râu Cao	a28d31b415	Upgrade Gitea to 1.23.5	2025-03-05 14:09:03 +04:00
Râu Cao	0bf50bce2e	Merge pull request 'Fix postgres running out of available connection slots' (#584 ) from bugfix/gitea_db_connections into master Reviewed-on: #584	2025-03-05 10:03:51 +00:00
Râu Cao	6be99aa3de	Cap maximum open database connections Fixes Gitea opening too many connections, which can impact other apps trying to connect as well.	2025-03-05 13:53:33 +04:00
Râu Cao	90bf66ada9	Upgrade Gitea to 1.23.4	2025-02-21 10:12:27 +04:00
Râu Cao	32cfd6401f	Upgrade LND to 0.18.5 Urgent security upgrade	2025-02-19 14:19:10 +04:00
Râu Cao	1124f25069	Upgrade Gitea to 1.23.3	2025-02-12 11:51:14 +04:00
Greg	f34c7ecd9b	Merge pull request 'Publish daily BTC price in public remoteStorage' (#581 ) from feature/btc-rate-tracker into master Reviewed-on: #581 Reviewed-by: Greg <greg@noreply.kosmos.org>	2025-01-23 13:28:33 +00:00
Râu Cao	8d149a475d	Merge pull request 'Upgrade Gitea to 1.23.1' (#582 ) from chore/upgrade_gitea into master Reviewed-on: #582	2025-01-22 14:41:19 +00:00
Râu Cao	905a67475b	Upgrade Gitea to 1.23.1	2025-01-22 09:36:33 -05:00
Râu Cao	8251fa83ce	Merge pull request 'Deploy substr' (#579 ) from feature/substr into master Reviewed-on: #579	2025-01-22 14:27:02 +00:00
Râu Cao	0fa61a585e	DRY up code, add GBP rates	2025-01-17 14:52:28 -05:00
Râu Cao	89f1790afc	Publish daily BTC price in public remoteStorage	2025-01-17 10:42:09 -05:00
Râu Cao	72ac8c6a84	Update akkounts credentials	2025-01-17 09:17:43 -05:00
Râu Cao	b1bb5d0625	Use default value for STUN credentials lifetime	2025-01-14 15:30:42 -05:00
Râu Cao	b470110fd4	Upgrade Gitea to 1.22.6	2024-12-16 12:10:08 +04:00
Râu Cao	4ce39738fd	Allow larger bodies for Gitea file uploads Needed for uploading larger packages to the registry	2024-12-09 21:19:39 +04:00
Râu Cao	d35e57b90e	Deploy substr	2024-12-09 21:19:13 +04:00
Râu Cao	c8160e38c8	Turn known pubkeys into object with usernames	2024-12-09 18:21:55 +04:00
		`@@ -0,0 +1,2 @@`
							`node.default["kosmos-base"]["journald"]["system_max_use"] = "256M"`
							`node.default["kosmos-base"]["journald"]["max_retention_sec"] = "7d"`