2 Commits

Author SHA1 Message Date
raucao 7095399ccd Update node info 2025-09-21 12:43:49 +02:00
raucao a653f62d0a Upgrade ejabberd to 25.08 2025-09-21 12:42:29 +02:00
181 changed files with 811 additions and 2830 deletions
+2 -4
View File
@@ -28,7 +28,5 @@ knife[:automatic_attribute_whitelist] = %w[
# Added to /etc/chef/client.rb on node bootstrap # Added to /etc/chef/client.rb on node bootstrap
# https://docs.chef.io/attribute_persistence/ # https://docs.chef.io/attribute_persistence/
# Source of truth: site-cookbooks/kosmos-base/files/default/chef_normal_attributes.yml knife[:normal_attribute_allowlist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
normal_attrs = YAML.load_file(File.expand_path("../site-cookbooks/kosmos-base/files/default/chef_normal_attributes.yml", __dir__)) knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
knife[:normal_attribute_allowlist] = normal_attrs
knife[:allowed_normal_attributes] = normal_attrs
-40
View File
@@ -1,40 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
SCRIPT="$(git rev-parse --show-toplevel)/scripts/util/sanitize_node.sh"
FILES=$(git diff --cached --name-only --diff-filter=ACM -- 'nodes/*.json' || true)
[[ -z "$FILES" ]] && exit 0
DIRTY=0
while IFS= read -r file; do
staged_tmp=$(mktemp)
sanitized_tmp=$(mktemp)
# 1. get staged version
git show ":$file" > "$staged_tmp"
# 2. sanitize IN PLACE (on temp copy)
cp "$staged_tmp" "$sanitized_tmp"
"$SCRIPT" "$sanitized_tmp"
# 3. if sanitizer changed file, update working tree
if ! diff -q "$staged_tmp" "$sanitized_tmp" >/dev/null; then
cp "$sanitized_tmp" "$file"
echo "Sanitized: $file"
DIRTY=1
fi
rm -f "$staged_tmp" "$sanitized_tmp"
done <<< "$FILES"
if [[ "$DIRTY" -ne 0 ]]; then
echo ""
echo "Commit paused, sanitized files must be re-staged."
exit 1
fi
exit 0
-3
View File
@@ -10,6 +10,3 @@
[submodule "site-cookbooks/deno"] [submodule "site-cookbooks/deno"]
path = site-cookbooks/deno path = site-cookbooks/deno
url = git@gitea.kosmos.org:kosmos/deno-cookbook.git url = git@gitea.kosmos.org:kosmos/deno-cookbook.git
[submodule "site-cookbooks/blossom"]
path = site-cookbooks/blossom
url = git@gitea.kosmos.org:kosmos/blossom-cookbook.git
-41
View File
@@ -1,41 +0,0 @@
# AGENTS.md
Welcome, AI Agent! This file contains essential context and rules for interacting with the Kosmos Chef repository. Read this carefully before planning or executing any changes.
## 🏢 Project Overview
This repository contains the infrastructure automation code used by Kosmos to provision and configure bare metal servers (KVM hosts) and Ubuntu virtual machines (KVM guests).
We use **Chef Infra**, managed locally via **Knife Zero** (agentless Chef), and **Berkshelf** for dependency management.
## 📂 Directory Structure & Rules
* **`site-cookbooks/`**: 🟢 **EDITABLE.** This directory contains all custom, internal cookbooks written specifically for Kosmos services (e.g., `kosmos-postgresql`, `kosmos_gitea`, `kosmos-mastodon`). *Active development happens here.*
* **`cookbooks/`**: 🔴 **DO NOT EDIT.** This directory contains third-party/community cookbooks that are vendored. These are managed by Berkshelf. Modifying them directly will result in lost changes.
* **`roles/`**: 🟢 **EDITABLE.** Contains Chef roles written in Ruby (e.g., `base.rb`, `kvm_guest.rb`, `postgresql_primary.rb`). These define run-lists and role-specific default attributes for servers.
* **`environments/`**: Contains Chef environment definitions (like `production.rb`).
* **`data_bags/`**: Contains data bag configurations, often encrypted. Be cautious and do not expose secrets. (Note: Agents should not manage data bag secrets directly unless provided the `.chef/encrypted_data_bag_secret`).
* **`nodes/`**: Contains JSON state files for bootstrapped nodes. *Agents typically do not edit these directly unless cleaning up a deleted node.*
* **`Berksfile`**: Defines community cookbook dependencies.
* **`Vagrantfile` / `.kitchen/`**: Used for local virtualization and integration testing.
## 🛠️ Tooling & Workflows
1. **Dependency Management (Berkshelf)**
If a new community cookbook is required:
- Add it to the `Berksfile` at the root.
- Instruct the user to run `berks install` and `berks vendor cookbooks/ --delete` (or run it via the `bash` tool if permitted).
2. **Provisioning (Knife Zero)**
- Bootstrapping and converging nodes is done using `knife zero`.
- *Example:* `knife zero converge name:server-name.kosmos.org`
3. **Code Style & Conventions**
- Chef recipes, resources, and roles are written in **Ruby**.
- Follow standard Chef and Ruby (RuboCop) idioms. Look at neighboring files in `site-cookbooks/` or `roles/` to match formatting and naming conventions.
## 🚨 Core Directives for AI Agents
1. **Infrastructure as Code**: Manual server configurations are highly discouraged. All changes must be codified in a cookbook or role.
2. **Test Safety Nets**: Look for `.kitchen.yml` within specific `site-cookbooks/<name>` to understand if local integration tests are available.
3. **No Assumptions**: Do not assume standard test commands. Check `README.md` and repository config files first.
4. **Secret Handling**: Avoid hardcoding passwords or API keys in recipes or roles. Assume sensitive information is managed via Chef `data_bags`.
-1
View File
@@ -24,7 +24,6 @@ cookbook 'composer', '~> 2.7.0'
cookbook 'fail2ban', '~> 7.0.4' cookbook 'fail2ban', '~> 7.0.4'
cookbook 'git', '~> 10.0.0' cookbook 'git', '~> 10.0.0'
cookbook 'golang', '~> 5.3.1' cookbook 'golang', '~> 5.3.1'
cookbook 'homebrew', '>= 6.0.0'
cookbook 'hostname', '= 0.4.2' cookbook 'hostname', '= 0.4.2'
cookbook 'hostsfile', '~> 3.0.1' cookbook 'hostsfile', '~> 3.0.1'
cookbook 'java', '~> 4.3.0' cookbook 'java', '~> 4.3.0'
+1 -2
View File
@@ -8,7 +8,6 @@ DEPENDENCIES
firewall (~> 6.2.16) firewall (~> 6.2.16)
git (~> 10.0.0) git (~> 10.0.0)
golang (~> 5.3.1) golang (~> 5.3.1)
homebrew (>= 6.0.0)
hostname (= 0.4.2) hostname (= 0.4.2)
hostsfile (~> 3.0.1) hostsfile (~> 3.0.1)
ipfs ipfs
@@ -63,7 +62,7 @@ GRAPH
git (10.0.0) git (10.0.0)
golang (5.3.1) golang (5.3.1)
ark (>= 6.0) ark (>= 6.0)
homebrew (6.0.2) homebrew (5.4.1)
hostname (0.4.2) hostname (0.4.2)
hostsfile (>= 0.0.0) hostsfile (>= 0.0.0)
hostsfile (3.0.1) hostsfile (3.0.1)
+1 -1
View File
@@ -1,3 +1,3 @@
source 'https://rubygems.org' source 'https://rubygems.org'
gem 'knife-zero', '~> 2.6.0' gem 'knife-zero', '>= 2.4.2'
+183 -307
View File
@@ -1,399 +1,264 @@
GEM GEM
remote: https://rubygems.org/ remote: https://rubygems.org/
specs: specs:
abbrev (0.1.2) addressable (2.8.0)
addressable (2.9.0) public_suffix (>= 2.0.2, < 5.0)
public_suffix (>= 2.0.2, < 8.0) aws-eventstream (1.2.0)
ast (2.4.3) aws-partitions (1.551.0)
aws-eventstream (1.4.0) aws-sdk-core (3.125.6)
aws-partitions (1.1263.0)
aws-sdk-core (3.252.0)
aws-eventstream (~> 1, >= 1.3.0)
aws-partitions (~> 1, >= 1.992.0)
aws-sigv4 (~> 1.9)
base64
bigdecimal
jmespath (~> 1, >= 1.6.1)
logger
aws-sdk-kms (1.129.0)
aws-sdk-core (~> 3, >= 3.248.0)
aws-sigv4 (~> 1.5)
aws-sdk-s3 (1.226.0)
aws-sdk-core (~> 3, >= 3.248.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.5)
aws-sdk-secretsmanager (1.133.0)
aws-sdk-core (~> 3, >= 3.248.0)
aws-sigv4 (~> 1.5)
aws-sigv4 (1.12.1)
aws-eventstream (~> 1, >= 1.0.2) aws-eventstream (~> 1, >= 1.0.2)
base64 (0.3.0) aws-partitions (~> 1, >= 1.525.0)
bcrypt_pbkdf (1.1.2) aws-sigv4 (~> 1.1)
bcrypt_pbkdf (1.1.2-arm64-darwin) jmespath (~> 1.0)
bcrypt_pbkdf (1.1.2-x86_64-darwin) aws-sdk-kms (1.53.0)
benchmark (0.5.0) aws-sdk-core (~> 3, >= 3.125.0)
bigdecimal (4.1.2) aws-sigv4 (~> 1.1)
builder (3.3.0) aws-sdk-s3 (1.111.3)
chef (19.3.15) aws-sdk-core (~> 3, >= 3.125.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.4)
aws-sdk-secretsmanager (1.56.0)
aws-sdk-core (~> 3, >= 3.125.0)
aws-sigv4 (~> 1.1)
aws-sigv4 (1.4.0)
aws-eventstream (~> 1, >= 1.0.2)
bcrypt_pbkdf (1.1.0)
builder (3.2.4)
chef (17.9.42)
addressable addressable
aws-sdk-s3 (~> 1.91) aws-sdk-s3 (~> 1.91)
aws-sdk-secretsmanager (~> 1.46) aws-sdk-secretsmanager (~> 1.46)
bcrypt_pbkdf (~> 1.0) chef-config (= 17.9.42)
chef-config (= 19.3.15) chef-utils (= 17.9.42)
chef-licensing (~> 1.3)
chef-utils (= 19.3.15)
chef-vault chef-vault
chef-zero (~> 15.1.0) chef-zero (>= 14.0.11)
corefoundation (~> 0.3.4) corefoundation (~> 0.3.4)
csv (~> 3.3.5) diff-lcs (>= 1.2.4, < 1.4.0)
diff-lcs (~> 1.6.0)
ed25519 (~> 1.2)
erubis (~> 2.7) erubis (~> 2.7)
ffi (>= 1.15.5, < 1.18.0) ffi (>= 1.5.0)
ffi-libarchive (~> 1.0, >= 1.0.3) ffi-libarchive (~> 1.0, >= 1.0.3)
ffi-yajl (>= 2.2, < 4.0) ffi-yajl (~> 2.2)
iniparse (~> 1.4) iniparse (~> 1.4)
inspec-core (~> 7.0.107) inspec-core (~> 4.23)
license-acceptance (>= 1.0.5, < 3) license-acceptance (>= 1.0.5, < 3)
mixlib-archive (>= 0.4, < 2.0) mixlib-archive (>= 0.4, < 2.0)
mixlib-authentication (>= 2.1, < 4) mixlib-authentication (>= 2.1, < 4)
mixlib-cli (>= 2.1.1, < 3.0) mixlib-cli (>= 2.1.1, < 3.0)
mixlib-log (>= 2.0.3, < 4.0) mixlib-log (>= 2.0.3, < 4.0)
mixlib-shellout (>= 3.3.8, < 3.5.0) mixlib-shellout (>= 3.1.1, < 4.0)
net-ftp net-sftp (>= 2.1.2, < 4.0)
net-sftp (>= 2.1.2, < 5.0) ohai (~> 17.0)
ohai (~> 19.0)
plist (~> 3.2) plist (~> 3.2)
proxifier2 (~> 1.1) proxifier (~> 1.0)
syslog
syslog-logger (~> 1.6) syslog-logger (~> 1.6)
train-core (~> 3.13, >= 3.13.4) train-core (~> 3.2, >= 3.2.28)
train-rest (>= 0.4.1) train-winrm (>= 0.2.5)
train-winrm (>= 0.2.17) uuidtools (>= 2.1.5, < 3.0)
unf_ext (~> 0.0.9.1) vault (~> 0.16)
uri (>= 1.0.4, < 1.2.0) chef-config (17.9.42)
vault (>= 0.18.2, < 0.21.0)
chef-config (19.3.15)
addressable addressable
chef-utils (= 19.3.15) chef-utils (= 17.9.42)
fuzzyurl fuzzyurl
mixlib-config (>= 2.2.12, < 4.0) mixlib-config (>= 2.2.12, < 4.0)
mixlib-shellout (>= 2.0, < 4.0) mixlib-shellout (>= 2.0, < 4.0)
racc tomlrb (~> 1.2)
tomlrb (>= 1.2, < 3.0)
chef-gyoku (1.5.0)
builder (>= 2.1.2)
rexml (~> 3.4)
chef-licensing (1.4.1)
chef-config (>= 15)
faraday (>= 1, < 3)
faraday-http-cache
mixlib-log (~> 3.0)
ostruct (~> 0.6.0)
pstore (~> 0.1.1)
tty-prompt (~> 0.23)
tty-spinner (~> 0.9.3)
chef-telemetry (1.1.1) chef-telemetry (1.1.1)
chef-config chef-config
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
chef-utils (19.3.15) chef-utils (17.9.42)
concurrent-ruby concurrent-ruby
chef-vault (4.2.12) chef-vault (4.1.5)
syslog (~> 0.3) chef-zero (15.0.11)
chef-winrm (2.5.0) ffi-yajl (~> 2.2)
builder (>= 2.1.2) hashie (>= 2.0, < 5.0)
chef-gyoku (~> 1.5)
erubi (~> 1.8)
gssapi (~> 1.2)
httpclient (~> 2.2, >= 2.2.0.2)
logging (>= 1.6.1, < 3.0)
nori (~> 2.7)
rexml (>= 3.4.2, < 4.0)
rubyntlm (~> 0.6.0, >= 0.6.3)
chef-winrm-elevated (1.2.5)
chef-winrm (>= 2.3.11)
chef-winrm-fs (>= 1.3.7)
erubi (~> 1.8)
chef-winrm-fs (1.4.2)
benchmark (~> 0.5.0)
chef-winrm (~> 2.4)
csv (~> 3.3)
erubi (>= 1.7)
logging (>= 1.6.1, < 3.0)
rubyzip (~> 2.0)
chef-zero (15.1.11)
ffi-yajl (>= 2.2, < 4.0)
hashie (>= 2.0, < 6.0)
mixlib-log (>= 2.0, < 4.0) mixlib-log (>= 2.0, < 4.0)
rack (~> 3.2, >= 3.2.6) rack (~> 2.0, >= 2.0.6)
rackup (~> 2.3, >= 2.3.1) uuidtools (~> 2.1)
uuidtools (>= 2.1, < 4.0)
webrick webrick
coderay (1.1.3) coderay (1.1.3)
concurrent-ruby (1.3.7) concurrent-ruby (1.1.9)
connection_pool (2.5.5) corefoundation (0.3.10)
cookstyle (8.7.6)
rubocop (= 1.86.1)
corefoundation (0.3.19)
ffi (>= 1.15.0) ffi (>= 1.15.0)
csv (3.3.5) diff-lcs (1.3)
date (3.5.1) erubi (1.10.0)
diff-lcs (1.6.2)
domain_name (0.6.20240107)
ed25519 (1.4.0)
erubi (1.13.1)
erubis (2.7.0) erubis (2.7.0)
faraday (2.14.3) faraday (1.4.3)
faraday-net_http (>= 2.0, < 3.5) faraday-em_http (~> 1.0)
json faraday-em_synchrony (~> 1.0)
logger faraday-excon (~> 1.1)
faraday-follow_redirects (0.5.0) faraday-net_http (~> 1.0)
faraday (>= 1, < 3) faraday-net_http_persistent (~> 1.1)
faraday-http-cache (2.5.1) multipart-post (>= 1.2, < 3)
faraday (>= 0.8) ruby2_keywords (>= 0.0.4)
faraday-net_http (3.4.4) faraday-em_http (1.0.0)
net-http (~> 0.5) faraday-em_synchrony (1.0.0)
ffi (1.17.4-arm64-darwin) faraday-excon (1.1.0)
ffi (1.17.4-x86_64-darwin) faraday-net_http (1.0.1)
ffi (1.17.4-x86_64-linux-gnu) faraday-net_http_persistent (1.2.0)
ffi-libarchive (1.1.14) faraday_middleware (1.2.0)
faraday (~> 1.0)
ffi (1.15.5)
ffi-libarchive (1.1.3)
ffi (~> 1.0) ffi (~> 1.0)
ffi-yajl (2.7.11) ffi-yajl (2.4.0)
libyajl2 (>= 2.1) libyajl2 (>= 1.2)
fuzzyurl (0.9.0) fuzzyurl (0.9.0)
gssapi (1.3.1) gssapi (1.3.1)
ffi (>= 1.0.1) ffi (>= 1.0.1)
hashie (5.1.0) gyoku (1.3.1)
logger builder (>= 2.1.2)
highline (3.1.2) hashie (4.1.0)
reline highline (2.0.3)
http-accept (1.7.0) httpclient (2.8.3)
http-cookie (1.1.6)
domain_name (~> 0.5)
httpclient (2.9.0)
mutex_m
iniparse (1.5.0) iniparse (1.5.0)
inspec-core (7.0.107) inspec-core (4.52.9)
addressable (~> 2.4) addressable (~> 2.4)
chef-licensing (>= 1.2.0)
chef-telemetry (~> 1.0, >= 1.0.8) chef-telemetry (~> 1.0, >= 1.0.8)
cookstyle faraday (>= 0.9.0, < 1.5)
csv (~> 3.0) faraday_middleware (~> 1.0)
faraday (>= 1, < 3) hashie (>= 3.4, < 5.0)
faraday-follow_redirects (~> 0.3)
hashie (>= 3.4, < 6.0)
license-acceptance (>= 0.2.13, < 3.0) license-acceptance (>= 0.2.13, < 3.0)
method_source (>= 0.8, < 2.0) method_source (>= 0.8, < 2.0)
mixlib-log (~> 3.0) mixlib-log (~> 3.0)
multipart-post (~> 2.0) multipart-post (~> 2.0)
ostruct (>= 0.1, < 0.7)
parallel (~> 1.9) parallel (~> 1.9)
parslet (>= 1.5, < 3.0) parslet (>= 1.5, < 2.0)
pry (~> 0.13) pry (~> 0.13)
rspec (>= 3.9, <= 3.14) rspec (>= 3.9, < 3.11)
rspec-its (>= 1.2, < 3.0) rspec-its (~> 1.2)
rubyzip (>= 1.2.2, < 4.0) rubyzip (>= 1.2.2, < 3.0)
semverse (~> 3.0) semverse (~> 3.0)
sslshake (~> 1.2) sslshake (~> 1.2)
syslog (~> 0.1) thor (>= 0.20, < 2.0)
thor (>= 0.20, < 1.5.0) tomlrb (>= 1.2, < 2.1)
tomlrb (>= 1.3, < 2.1) train-core (~> 3.0)
train-core (~> 3.16, >= 3.16.1)
tty-prompt (~> 0.17) tty-prompt (~> 0.17)
tty-table (~> 0.10) tty-table (~> 0.10)
io-console (0.8.2)
ipaddress (0.8.3) ipaddress (0.8.3)
jmespath (1.6.2) jmespath (1.5.0)
json (2.20.0) json (2.6.1)
knife (19.0.134) knife (17.9.26)
abbrev
bcrypt_pbkdf (~> 1.1) bcrypt_pbkdf (~> 1.1)
chef-licensing (~> 1.2) chef (>= 17)
chef-config (>= 17)
chef-utils (>= 17)
chef-vault chef-vault
ed25519 (>= 1.2, < 2.0)
erubis (~> 2.7) erubis (~> 2.7)
ffi (>= 1.15, < 1.18.0) ffi (>= 1.15)
ffi-yajl (>= 2.2, < 3.0) ffi-yajl (~> 2.2)
highline (>= 1.6.9, < 4) highline (>= 1.6.9, < 3)
license-acceptance (>= 1.0.5, < 3) license-acceptance (>= 1.0.5, < 3)
mixlib-archive (>= 0.4, < 2.0) mixlib-archive (>= 0.4, < 2.0)
mixlib-cli (>= 2.1.1, < 3.0) mixlib-cli (>= 2.1.1, < 3.0)
net-ssh (>= 5.1, < 8) net-ssh (>= 5.1, < 7)
net-ssh-multi (~> 1.2, >= 1.2.1) net-ssh-multi (~> 1.2, >= 1.2.1)
ohai (~> 17.0)
pastel pastel
proxifier2 (~> 1.1) train-core (~> 3.2, >= 3.2.28)
train-core (~> 3.13, >= 3.13.4) train-winrm (>= 0.2.5)
train-winrm (>= 0.2.17)
tty-prompt (~> 0.21) tty-prompt (~> 0.21)
tty-screen (~> 0.6) tty-screen (~> 0.6)
tty-table (~> 0.11) tty-table (~> 0.11)
knife-zero (2.6.0) knife-zero (2.4.2)
chef (>= 16.6) chef (>= 15.0)
knife (>= 17.0) knife (>= 17.0)
language_server-protocol (3.17.0.5)
libyajl2 (2.1.0) libyajl2 (2.1.0)
license-acceptance (2.1.13) license-acceptance (2.1.13)
pastel (~> 0.7) pastel (~> 0.7)
tomlrb (>= 1.2, < 3.0) tomlrb (>= 1.2, < 3.0)
tty-box (~> 0.6) tty-box (~> 0.6)
tty-prompt (~> 0.20) tty-prompt (~> 0.20)
lint_roller (1.1.0)
little-plugger (1.1.4) little-plugger (1.1.4)
logger (1.7.0) logging (2.3.0)
logging (2.4.0)
little-plugger (~> 1.1) little-plugger (~> 1.1)
multi_json (~> 1.14) multi_json (~> 1.14)
method_source (1.1.0) method_source (1.0.0)
mime-types (3.7.0) mixlib-archive (1.1.7)
logger
mime-types-data (~> 3.2025, >= 3.2025.0507)
mime-types-data (3.2026.0701)
mixlib-archive (1.3.3)
mixlib-log mixlib-log
mixlib-authentication (3.0.10) mixlib-authentication (3.0.10)
mixlib-cli (2.1.8) mixlib-cli (2.1.8)
mixlib-config (3.0.27) mixlib-config (3.0.9)
tomlrb tomlrb
mixlib-log (3.2.3) mixlib-log (3.0.9)
ffi (>= 1.15.5) mixlib-shellout (3.2.5)
mixlib-shellout (3.4.10)
chef-utils chef-utils
multi_json (1.19.1) multi_json (1.15.0)
multipart-post (2.4.1) multipart-post (2.1.1)
mutex_m (0.3.0) net-scp (3.0.0)
net-ftp (0.3.9) net-ssh (>= 2.6.5, < 7.0.0)
net-protocol net-sftp (3.0.0)
time net-ssh (>= 5.0.0, < 7.0.0)
net-http (0.9.1) net-ssh (6.1.0)
uri (>= 0.11.1)
net-http-persistent (4.0.8)
connection_pool (>= 2.2.4, < 4)
net-protocol (0.2.2)
timeout
net-scp (4.1.0)
net-ssh (>= 2.6.5, < 8.0.0)
net-sftp (4.0.0)
net-ssh (>= 5.0.0, < 8.0.0)
net-ssh (7.3.3)
net-ssh-gateway (2.0.0) net-ssh-gateway (2.0.0)
net-ssh (>= 4.0.0) net-ssh (>= 4.0.0)
net-ssh-multi (1.2.1) net-ssh-multi (1.2.1)
net-ssh (>= 2.6.5) net-ssh (>= 2.6.5)
net-ssh-gateway (>= 1.2.0) net-ssh-gateway (>= 1.2.0)
netrc (0.11.0) nori (2.6.0)
nori (2.7.1) ohai (17.9.0)
bigdecimal chef-config (>= 14.12, < 18)
ohai (19.1.40) chef-utils (>= 16.0, < 18)
base64 ffi (~> 1.9)
chef-config (>= 14.12, < 20) ffi-yajl (~> 2.2)
chef-utils (>= 16.0, < 20)
ffi (>= 1.15.5)
ffi-yajl (>= 2.2, < 3.0)
ipaddress ipaddress
mixlib-cli (>= 1.7.0) mixlib-cli (>= 1.7.0)
mixlib-config (>= 2.0, < 4.0) mixlib-config (>= 2.0, < 4.0)
mixlib-log (>= 2.0.1, < 4.0) mixlib-log (>= 2.0.1, < 4.0)
mixlib-shellout (>= 3.3.6, < 3.5.0) mixlib-shellout (~> 3.2, >= 3.2.5)
plist (~> 3.1) plist (~> 3.1)
train-core train-core
wmi-lite (~> 1.0) wmi-lite (~> 1.0)
ostruct (0.6.3) parallel (1.21.0)
parallel (1.28.0) parslet (1.8.2)
parser (3.3.11.1)
ast (~> 2.4.1)
racc
parslet (2.0.0)
pastel (0.8.0) pastel (0.8.0)
tty-color (~> 0.5) tty-color (~> 0.5)
plist (3.7.2) plist (3.6.0)
prism (1.9.0) proxifier (1.0.3)
proxifier2 (1.1.0) pry (0.14.1)
pry (0.16.0)
coderay (~> 1.1) coderay (~> 1.1)
method_source (~> 1.0) method_source (~> 1.0)
reline (>= 0.6.0) public_suffix (4.0.6)
pstore (0.1.4) rack (2.2.3)
public_suffix (6.0.2) rspec (3.10.0)
racc (1.8.1) rspec-core (~> 3.10.0)
rack (3.2.6) rspec-expectations (~> 3.10.0)
rackup (2.3.1) rspec-mocks (~> 3.10.0)
rack (>= 3) rspec-core (3.10.2)
rainbow (3.1.1) rspec-support (~> 3.10.0)
regexp_parser (2.12.0) rspec-expectations (3.10.2)
reline (0.6.3)
io-console (~> 0.5)
rest-client (2.1.0)
http-accept (>= 1.7.0, < 2.0)
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 4.0)
netrc (~> 0.8)
rexml (3.4.4)
rspec (3.13.2)
rspec-core (~> 3.13.0)
rspec-expectations (~> 3.13.0)
rspec-mocks (~> 3.13.0)
rspec-core (3.13.6)
rspec-support (~> 3.13.0)
rspec-expectations (3.13.5)
diff-lcs (>= 1.2.0, < 2.0) diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.13.0) rspec-support (~> 3.10.0)
rspec-its (2.0.0) rspec-its (1.3.0)
rspec-core (>= 3.13.0) rspec-core (>= 3.0.0)
rspec-expectations (>= 3.13.0) rspec-expectations (>= 3.0.0)
rspec-mocks (3.13.8) rspec-mocks (3.10.3)
diff-lcs (>= 1.2.0, < 2.0) diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.13.0) rspec-support (~> 3.10.0)
rspec-support (3.13.7) rspec-support (3.10.3)
rubocop (1.86.1) ruby2_keywords (0.0.5)
json (~> 2.3) rubyntlm (0.6.3)
language_server-protocol (~> 3.17.0.2) rubyzip (2.3.2)
lint_roller (~> 1.1.0) semverse (3.0.0)
parallel (>= 1.10)
parser (>= 3.3.0.2)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 2.9.3, < 3.0)
rubocop-ast (>= 1.49.0, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 4.0)
rubocop-ast (1.49.1)
parser (>= 3.3.7.2)
prism (~> 1.7)
ruby-progressbar (1.13.0)
rubyntlm (0.6.5)
base64
rubyzip (2.4.1)
semverse (3.0.2)
socksify (1.8.1)
sslshake (1.3.1) sslshake (1.3.1)
strings (0.2.1) strings (0.2.1)
strings-ansi (~> 0.2) strings-ansi (~> 0.2)
unicode-display_width (>= 1.5, < 3.0) unicode-display_width (>= 1.5, < 3.0)
unicode_utils (~> 1.4) unicode_utils (~> 1.4)
strings-ansi (0.2.0) strings-ansi (0.2.0)
syslog (0.4.0)
logger
syslog-logger (1.6.8) syslog-logger (1.6.8)
thor (1.4.0) thor (1.2.1)
time (0.4.2) tomlrb (1.3.0)
date train-core (3.8.7)
timeout (0.6.1)
tomlrb (2.0.4)
train-core (3.16.5)
addressable (~> 2.5) addressable (~> 2.5)
ffi (>= 1.16.0, < 1.18) ffi (!= 1.13.0)
json (>= 2.19.2, < 3.0) json (>= 1.8, < 3.0)
mixlib-shellout (>= 2.0, < 4.0) mixlib-shellout (>= 2.0, < 4.0)
net-scp (>= 1.2, < 5.0) net-scp (>= 1.2, < 4.0)
net-ssh (>= 2.9, < 8.0) net-ssh (>= 2.9, < 7.0)
train-rest (0.5.0) train-winrm (0.2.12)
aws-sigv4 (~> 1.5) winrm (>= 2.3.6, < 3.0)
rest-client (~> 2.1) winrm-elevated (~> 1.2.2)
train-core (~> 3.0) winrm-fs (~> 1.0)
train-winrm (0.4.3)
chef-winrm (>= 2.4.4, < 3.0)
chef-winrm-elevated (>= 1.2.5, < 2.0)
chef-winrm-fs (>= 1.4.1, < 2.0)
socksify (~> 1.8)
tty-box (0.7.0) tty-box (0.7.0)
pastel (~> 0.8) pastel (~> 0.8)
strings (~> 0.2.0) strings (~> 0.2.0)
@@ -407,34 +272,45 @@ GEM
tty-cursor (~> 0.7) tty-cursor (~> 0.7)
tty-screen (~> 0.8) tty-screen (~> 0.8)
wisper (~> 2.0) wisper (~> 2.0)
tty-screen (0.8.2) tty-screen (0.8.1)
tty-spinner (0.9.3)
tty-cursor (~> 0.7)
tty-table (0.12.0) tty-table (0.12.0)
pastel (~> 0.8) pastel (~> 0.8)
strings (~> 0.2.0) strings (~> 0.2.0)
tty-screen (~> 0.8) tty-screen (~> 0.8)
unf_ext (0.0.9.1) unicode-display_width (2.1.0)
unicode-display_width (2.6.0)
unicode_utils (1.4.0) unicode_utils (1.4.0)
uri (1.1.1) uuidtools (2.2.0)
uuidtools (3.0.0) vault (0.16.0)
vault (0.20.1)
aws-sigv4 aws-sigv4
base64 webrick (1.7.0)
net-http-persistent (~> 4.0, >= 4.0.2) winrm (2.3.6)
webrick (1.9.2) builder (>= 2.1.2)
erubi (~> 1.8)
gssapi (~> 1.2)
gyoku (~> 1.0)
httpclient (~> 2.2, >= 2.2.0.2)
logging (>= 1.6.1, < 3.0)
nori (~> 2.0)
rubyntlm (~> 0.6.0, >= 0.6.3)
winrm-elevated (1.2.3)
erubi (~> 1.8)
winrm (~> 2.0)
winrm-fs (~> 1.0)
winrm-fs (1.3.5)
erubi (~> 1.8)
logging (>= 1.6.1, < 3.0)
rubyzip (~> 2.0)
winrm (~> 2.0)
wisper (2.0.1) wisper (2.0.1)
wmi-lite (1.0.7) wmi-lite (1.0.5)
PLATFORMS PLATFORMS
arm64-darwin-22
x86_64-darwin-18 x86_64-darwin-18
x86_64-darwin-19 x86_64-darwin-19
x86_64-linux x86_64-linux
DEPENDENCIES DEPENDENCIES
knife-zero (~> 2.6.0) knife-zero (>= 2.4.2)
BUNDLED WITH BUNDLED WITH
2.2.15 2.2.15
-4
View File
@@ -28,10 +28,6 @@ Clone this repository, `cd` into it, and run:
bundle install bundle install
### Enable Git hooks
git config core.hooksPath .githooks
## Common tasks ## Common tasks
### Bootstrap a new host server ### Bootstrap a new host server
+4
View File
@@ -0,0 +1,4 @@
{
"name": "garage-10",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2+3Wo+KkXVJCOX1SxT9\nSdwKXgPbCDM3EI9uwoxhMxQfRyN53dxIsBDsQUVOIe1Z8yqm4FenMQlNmeDR+QLE\nvNFf1fisinW+D9VVRm+CjcJy96i/Dyt786Z6YRrDlB860HxCbfTL2Zv5BRtbyIKg\nhz5gO+9PMEpPVR2ij9iue4K6jbM1AAL2ia/P6zDWLJqeIzUocCeHV5N0Z3jXH6qr\nf444v78x35MMJ+3tg5h95SU1/PDCpdSTct4uHEuKIosiN7p4DlYMoM5iSyvVoujr\nflRQPEpGzS9qEt3rDo/F4ltzYMx6bf1tB/0QaBKD+zwPZWTTwf61tSBo5/NkGvJc\nFQIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "garage-14",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypINv1zTZ7+pyT0iRhik\n0W70ASYADo7qK7QyE9/3nu2sUrP1IjoNFsv/ceKwicH7Fw2Ei1o+yKZlKn7zJzY7\n93YRZndF04VH2bmqy0uOWK0Bdat7gCld5bvS6FmRflg7g64LFb33/64QIVsVGHGL\nYF2TO//x79t9JKcQDa4h5MOWzJNTFuEcUGa0gJjMYpWGVHEJSgRuIgyhXmyIJJgY\nguj6ymTm5+3VS7NzoNy2fbTt1LRpHb5UWrCR15oiLZiDSMLMx0CcGOCmrhvODi4k\n0umw+2NPd1G50s9z7KVbTqybuQ65se2amRnkVcNfaBIU5qk9bVqcmhZlEozmBZCd\ndwIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "garage-15",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy14sTt5gxVZi9C3KIEBu\nDyUgbb6jc3/GR22fNPTqV6uDHhxzhE2UsYwY/7yuA1RasdwHEOBWZaoC0Om5/Zmi\n8gn6//v1ILyLNaAcw+SQcxZkCN8Sk/0atRS9HYk1agE8Mvh72Fe2z3l+92VMefy7\nJwJUNNBTbnV2WVCchChoWnfhI7bkSLSHp0M2MO2pI+lkpSdmfkJSa5z9zihgxKO8\nXfvhryDCZNvfRVHhwc+ffpap0gLF0H9riGKE4FwLy4YqbuW1Tgm6bObb9bpOIw6Q\nVfH3kC/KMK5FlnxGmYtDkhRJ/wjGInRBk9WK/QOmjyd2FVxipEQmA4RdjlznRC9I\nrwIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "garage-16",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYCUN4WNP05pjbxVJd1/\nvmDZU6XRrVVZS5piSSRzs+uxrcUQZew9oe8YwnB9Acf7nl1igS1Fa3e3TyVdrdrM\n+zKLIszJfZw8qH0BhUHYhIm5o+NXeUDR6zor5/4msq9yyXxMFM3FY6HSnz1IBY6P\n43GdArRqAhccGZTBzvowHZvVTkG553oYF1ETxlUWn+9l142YZufNK+B2JGUGSnf3\nS0A2vlQi7DGHBcUaPPqCLeaXB1cQ4Q6SqMvnExpi0xTdY2QXLlSIBJvJVowLtQKs\npS5qHxwCabMY/uHVoEKxgmMcGvjp4L0PoaXRcev5I2sDfbLuz1VxYfatjgI/1psg\ntwIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "garage-9",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMHzKE8JBrsQkmRDeMjX\n71mBzvRzNM90cwA8xtvIkXesdTyGqohX9k/PJbCY5ySGK9PpMaYDPVAnwnUP8LFQ\n3G98aSbLxUjqU/PBzRsnWpihehr05uz9zYcNFzr4LTNvGQZsq47nN9Tk+LG3zHP7\nAZViv2mJ4ZRnukXf6KHlyoVvhuTu+tiBM8QzjTF97iP/aguNPzYHmrecy9Uf5bSA\nZrbNZT+ayxtgswC2OclhRucx7XLSuHXtpwFqsQzSAhiX1aQ3wwCyH9WJtVwpfUsE\nlxTjcQiSM9aPZ8iSC0shpBaKD1j3iF/2K2Jk+88++zMhJJPLermvaJxzsdePgvyk\nKQIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "leo",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFfQsJnREjbXTtpT6BVt\naBaUzRmCQi8Du0TzeUG0ENrY0p5Exqleye2rC6bJlB3PER1xr5zdtuXLgbcVumIb\nzroU5JPtFbQk7r/pj0atT+UEYzl16iuEpprQ/bug+f0nE514USr6YG4G+tlZ/jBI\nSHsCQF1P8ufXFLW0ewC7rdvBkgA+DwK14naRxS4jO5MSl4wmNTjs/jymTg508mQq\nf5tG52t8qFdgn9pRdBXmyTpPtwK7I4rZ+1Qn+1E5m4oQUZsxh8Ba1bGbKotVO7Ua\nYL1yCGx7zRRUvLLIdSMvlRXTJBUSQtQ8P4QUDWTY1Na2w3t9sulKg2Lwsw8tktvC\nCwIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "postgres-10",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oBb5omC7ZionWhudgFm\n2NGcRXsI0c7+g1+0duaxj5dziaRTltqzpRJTfiJD6R36FcvEqwGc+qQgYSMzc1Xd\nY4OTvJFIDiFAmROm/DZYgFtTDldVNJZO2bbU3COYf/Z2Poq56gC4zLLd/zf6shgb\n2Mty8PlQ82JJAY9EMI3aAifdnZ1k/g4weFC4LFg9lUcNNXOwlAjp//LJ3ku3aY1r\nwW74msSeWEjE44YZdWyMYgM7Fy1hz5giHFQtRdOLemRCWQ8h26wn/cmWld7lsLg+\nlYqxokxWXGv8r5zR8kDTBkd0dxY7ZMbo7oESY4Uhuf4UReMe2ZGHto1E7w3llSj+\n7wIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "postgres-11",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1foYpuubS2ovlg3uHO12\nQ/ROZ8MpG+LkCAM46uVfPaoWwfY0vdfMsBOanHDgm9DGUCEBJZ6LPrvCvGXbpPy6\n9GSswK75zVWODblNjvvV4ueGFq4bBFwRuZNjyMlqgyzeU+srZL0ivelu5XEuGuoD\nPYCBKWYqGMz85/eMC7/tinTJtKPyOtXe/G8meji+r7gh3j+ypj/EWeKfcRDa4aGe\n/DmMCurIjjPAXFLMAA6fIqPWVfcPw4APNPE60Z92yPGsTbPu7bL54M5f7udmmu7H\nOgk1HjMAmXCuLDzTkfaxqHP+57yELg/YpXR1E93VmBeQuIBsyOFEk6AmUmA1Ib6e\nnQIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "postgres-12",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mYGrYB8keUKmXA8dhWc\ncCLzp50xR0ajSw+bWYydyRqD5wuEVKjiJu4+G9QmTVXkVgJ+AYI0Y9/WZYpDqVH6\nvLUo6BSNQaWx20q93qIdOGLy8YG3Qyznezk4l8T9u9vWZDyDpKw6gCxzikMkrXxb\n0cqOYtyud8+PtSEEMogSjOKhRURVHlVrlVH3SQO7Whke9rkiFcbXzubsK9yjkUtF\nxZafSoGorOlDsPvFTfYnkepVB+GHcgiribRYSrO+73GypC2kqMhCpWrb6a0VWsP/\nh53+q3JL3vBvdvjcv51Wpf4n6JdnXnQGn2/MdXEzw+NXgjU4/IdYtbORSbaI8F5t\nowIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "postgres-7",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArraIm6mXi0qgK4oWDs2I\nOIx+g/LPnfRd5aBXhoHcekGiJKttQTi5dRdN4+T6qVEC2h4Cc9qN47h2TZPLDh/M\neIZvu0AyicpectzXf6DtDZh0hFCnv47RDi9927op9tjMXk0SV1tLel7MN0dawATw\ny0vQkkr/5a3ZdiP4dFv+bdfVrj+Tuh85BYPVyX2mxq9F7Efxrt6rzVBiqr6uJLUY\nStpeB3CCalC4zQApKX2xrdtr2k8aJbqC6C//LiKbb7VKn+ZuZJ32L/+9HDEzQoFC\no0ZZPMhfnjcU+iSHYZuPMTJTNbwgRuOgpn9O8kZ239qYc59z7HEXwwWiYPDevbiM\nCQIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "postgres-9",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dcE9HH0r5TBb/FGj2+e\nOw8ssoxeB61JmR4/psdZ6oPR08gxyqOY0ODziCmyIdXwFhjIcC44HjxCbcB8TU8G\nWGqlmfqWWIJW0x/2xOycHobAWDn5fC5ttTXkR3HC1TutX/2mH26mtfz9UjNdPaTo\nVZFMcxeaBCFSNlYC7hPUQ5f/qBdhhpLxP9uyzU+YFPqtwLP7g8EAUQObM4L+m6Q8\nqE7xgYpnhgaNrPsmvaVuoNylMGwyK0j1whOkcik8UgLprD70ISNSNxxcLehbvA3G\nPQPQRRuFF36fu2gECWGopbrFKwQGNfgJguQoXM1RQZQMQqWHPS933k5i6bi5pnhp\nzwIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "prometheus-1",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7T/OBo/TZm3YqnN4+ok\nHwcJ0kW9w2rl9UfrOlWUvoPHBd2LrqpEv3Az3a150IylQ1H/UozmQA7DtjIoTA7d\nV3oLY970vYrYiURcojOo8qAZBy8EH7dfAHxuZryUeELr+3vdcHF5WrrfSt2FdFVX\nPTY95ikafAnOO0Nt8jvnlPoDn7REV8TOE6KOiUzcHKa2xGlfaIe0oRC21LD86uQm\nR09xY1YaJkVgZfeN/opoRjZawkU3FFs3jlUEVBF8k153oOw9W3bgsFFjSOtRtRRg\nDwyQ7oDeMH83kXnaCdpkNZd59wjzPcpxYAL4LRN52ZXA4Btr4DTi+GxHz98Dr0kU\nUQIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "rsk-testnet-5",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/UHlgcSeh9Do7CTCKXC\n/4/aO2OvT+ijDVmrMYCNtE4sMeuFqKPnV1zxJZmRm4VNhkSQDkdWYD+6XvuFYW60\nyjB/N6D5lLlyjG4HD6fTkfh0K6f7t5mOYV7o4T59OoA3cBZuSROjtWmJ8jEFJ+k9\nII2kcyhPQcFN01ckzvZKRSPbVRccMoc+AKTjB3ZUfs/ERtlVoDrK4jEHluXOxUJO\nBKCcLonjJuLlpRLh7QfKrKFcR4idn5Ir43R6aSUesI/ipKwKsXnR3Bu7vXp74VF3\nMJ3EkdSBG+qJzy51fbRfQiUPAr/vSoVQZwW7FkIhIqqLkMaYCymn7qKfTGujoNU7\nlwIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "rsk-testnet-6",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1p4+F536/peA4XWMJtm\njggPl6yJb42V5bg3kDa8SHoIoQgXn59d3BclZ1Oz2+JhFd3Rrn4FN3Z1wzGpP+gA\nnxQOfgRG1ucahh7Nxaw3IdoHm7r/EdEOc9FrxvGJ+09YnmLfzn4iVQpsUiOiNVS7\n0LXtMXYtsjD+o6BTbOhGU8FMmGhMhQfXFVgoDdTiM/Q62zPw8Vtpa3yFpFJAu+dA\n+mm5h5W6FnaWJXM2arn3PxDOt+JQSWp5PYG4goU1FFreU9iFuoeGEfLy8unlbbXt\ne96QhNuCkOA15xqta0Z3oL7IlXWns7dLgZYlpZT9zaExIs3AEDaQcleacQPzXKSG\nswIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "uploads-1",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJwWaz8TeGv3SFlKzLMx\nqN8GTL/c0N9ppBvv8xNSS/yF9Y40SbL418uxYzm9hIhOXgIygIgLT2EKIXX32t+R\neOJCdYycQFM3At2fhMkjhuUW0gmDRcYBcBJLC5hLh2EZ+A8V7k4qgrBpPLOjEv48\nhQY0vuAw2DGndWr4QLh5NLUmQiOrfuzcZSSNCBOTIgUZgNmRd9QcCHDq4WDH3poa\nosJo4a9JGEGUL1irOivvEdyJPwEd2f++nYAdWwj8pjCYgpRshQlLhxOlylMx7MxB\nQt2bgJC9sahfbfJCOqdlCU3DMJL0bRUiuxK77WeSsxWBJmrsiF3+Ljs2Ix+s7fnS\nywIDAQAB\n-----END PUBLIC KEY-----\n"
}
@@ -3,5 +3,3 @@ config:
line-length: false # MD013 line-length: false # MD013
no-duplicate-heading: false # MD024 no-duplicate-heading: false # MD024
reference-links-images: false # MD052 reference-links-images: false # MD052
ignores:
- .github/copilot-instructions.md
-42
View File
@@ -2,48 +2,6 @@
This file is used to list changes made in each version of the homebrew cookbook. This file is used to list changes made in each version of the homebrew cookbook.
## 6.0.2 - *2025-09-04*
Standardise files with files in sous-chefs/repo-management
Standardise files with files in sous-chefs/repo-management
## 6.0.1 - *2025-03-24*
## 6.0.0 - *2025-03-17*
- Updated library call for new homebrew class name found in chef-client 18.6.2+ releases
## 5.4.9 - *2024-11-18*
Standardise files with files in sous-chefs/repo-management
Standardise files with files in sous-chefs/repo-management
Standardise files with files in sous-chefs/repo-management
Standardise files with files in sous-chefs/repo-management
Standardise files with files in sous-chefs/repo-management
## 5.4.8 - *2024-05-07*
## 5.4.7 - *2024-05-06*
- Explicitly include `Which` module from `Chef` which fixes runs on 18.x clients.
## 5.4.6 - *2024-05-06*
## 5.4.5 - *2023-11-01*
Standardise files with files in sous-chefs/repo-management
## 5.4.4 - *2023-09-28*
## 5.4.3 - *2023-09-04*
## 5.4.2 - *2023-07-10*
## 5.4.1 - *2023-06-01* ## 5.4.1 - *2023-06-01*
## 5.4.0 - *2023-04-24* ## 5.4.0 - *2023-04-24*
+34 -11
View File
@@ -20,9 +20,8 @@
# #
class HomebrewUserWrapper class HomebrewUserWrapper
require 'chef/mixin/homebrew' require 'chef/mixin/homebrew_user'
include Chef::Mixin::Homebrew include Chef::Mixin::HomebrewUser
include Chef::Mixin::Which
end end
module Homebrew module Homebrew
@@ -60,17 +59,41 @@ module Homebrew
def owner def owner
@owner ||= begin @owner ||= begin
HomebrewUserWrapper.new.find_homebrew_username # once we only support 14.0 we can switch this to find_homebrew_username
rescue require 'etc'
Chef::Exceptions::CannotDetermineHomebrewPath ::Etc.getpwuid(HomebrewUserWrapper.new.find_homebrew_uid).name
end.tap do |owner| rescue Chef::Exceptions::CannotDetermineHomebrewOwner
Chef::Log.debug("Homebrew owner is #{owner}") calculate_owner
end end.tap do |owner|
Chef::Log.debug("Homebrew owner is #{owner}")
end
end
private
def calculate_owner
owner = homebrew_owner_attr || sudo_user || current_user
if owner == 'root'
raise Chef::Exceptions::User,
"Homebrew owner is 'root' which is not supported. " \
"To set an explicit owner, please set node['homebrew']['owner']."
end
owner
end
def homebrew_owner_attr
Chef.node['homebrew']['owner']
end
def sudo_user
ENV['SUDO_USER']
end
def current_user
ENV['USER']
end end
end unless defined?(Homebrew) end unless defined?(Homebrew)
class HomebrewWrapper class HomebrewWrapper
include Homebrew include Homebrew
end end
Chef::Mixin::Homebrew.include(Homebrew)
+2 -2
View File
@@ -17,13 +17,13 @@
"recipes": { "recipes": {
}, },
"version": "6.0.2", "version": "5.4.1",
"source_url": "https://github.com/sous-chefs/homebrew", "source_url": "https://github.com/sous-chefs/homebrew",
"issues_url": "https://github.com/sous-chefs/homebrew/issues", "issues_url": "https://github.com/sous-chefs/homebrew/issues",
"privacy": false, "privacy": false,
"chef_versions": [ "chef_versions": [
[ [
">= 18.6.2" ">= 15.3"
] ]
], ],
"ohai_versions": [ "ohai_versions": [
+2 -2
View File
@@ -3,9 +3,9 @@ maintainer 'Sous Chefs'
maintainer_email 'help@sous-chefs.org' maintainer_email 'help@sous-chefs.org'
license 'Apache-2.0' license 'Apache-2.0'
description 'Install Homebrew and includes resources for working with taps and casks' description 'Install Homebrew and includes resources for working with taps and casks'
version '6.0.2' version '5.4.1'
supports 'mac_os_x' supports 'mac_os_x'
source_url 'https://github.com/sous-chefs/homebrew' source_url 'https://github.com/sous-chefs/homebrew'
issues_url 'https://github.com/sous-chefs/homebrew/issues' issues_url 'https://github.com/sous-chefs/homebrew/issues'
chef_version '>= 18.6.2' chef_version '>= 15.3'
+2 -3
View File
@@ -1,10 +1,9 @@
{ {
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:base"], "extends": ["config:base"],
"packageRules": [ "packageRules": [{
{
"groupName": "Actions", "groupName": "Actions",
"matchUpdateTypes": ["minor", "patch", "pin"], "matchUpdateTypes": ["patch", "pin", "digest"],
"automerge": true, "automerge": true,
"addLabels": ["Release: Patch", "Skip: Announcements"] "addLabels": ["Release: Patch", "Skip: Announcements"]
}, },
-1
View File
@@ -19,7 +19,6 @@
# limitations under the License. # limitations under the License.
# #
unified_mode true
chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides)
property :cask_name, String, regex: %r{^[\w/-]+$}, name_property: true property :cask_name, String, regex: %r{^[\w/-]+$}, name_property: true
-1
View File
@@ -19,7 +19,6 @@
# limitations under the License. # limitations under the License.
# #
unified_mode true
chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides) chef_version_for_provides '< 14.0' if respond_to?(:chef_version_for_provides)
property :tap_name, String, name_property: true, regex: %r{^[\w-]+(?:\/[\w-]+)+$} property :tap_name, String, name_property: true, regex: %r{^[\w-]+(?:\/[\w-]+)+$}
-24
View File
@@ -1,24 +0,0 @@
{
"id": "blossom",
"admin_password": {
"encrypted_data": "Gd6AzFmySL0p+xo1PnRn9p4Fwge1m3CQj+NRLIUD8P9u1C8=\n",
"iv": "l6KVzF9xEEBRRAmh\n",
"auth_tag": "P791KMh9TxuHiWJpDKxWQA==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"s3_access_key": {
"encrypted_data": "S8jB2LDQOxI/p5ugggW1Sk50TS9TJe9sLv04O/VD9/v22SSM7J6ETomTA+Hd\n",
"iv": "dUIIZbdAT9q72ioX\n",
"auth_tag": "+5fCNOuTE/+FqdV6rDNbkw==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"s3_secret_key": {
"encrypted_data": "soT63l2frBJDNmHetXmEPvNYBsTpvTyR95FA2rxuZXvVE7hMj21La8/0Amk7\nv+mHOBUMaGG9BTLN0tVFkL0+lGPXdZJTbtDHgluk5l6lLPyc8KY=\n",
"iv": "RuXs2pL9C/wpwJ/w\n",
"auth_tag": "nu7dE2udTkxaUZCR42h09w==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}
+13 -6
View File
@@ -1,16 +1,23 @@
{ {
"id": "gandi_api", "id": "gandi_api",
"key": {
"encrypted_data": "lU7/xYTmP5Sb6SsK5TNNIyegWozzBtUzpg7oDdl6gcz9FEMmG2ft0Ljh5Q==\n",
"iv": "EZPQD3C+wsP/mBhF\n",
"auth_tag": "vF9E8Pj4Z8quJJdOMg/QTw==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"access_token": { "access_token": {
"encrypted_data": "+skwxHnpAj/3d3e2u7s7B9EydbETj8b0flWahvb5gt/o4JYFWHrhIyX/0IVa\n4wgmu08eDgU51i0knGA=\n", "encrypted_data": "1Uw69JkNrmb8LU/qssuod1SlqxxrWR7TJQZeeivRrNzrMIVTEW/1uwJIYL6b\nM4GeeYl9lIRlMMmLBkc=\n",
"iv": "ONKrFCt8Oj3GKIQ5\n", "iv": "cc1GJKu6Cf4DkIgX\n",
"auth_tag": "j9Hrk8ZZFMQub4NUO+2e4g==\n", "auth_tag": "ERem4S7ozG695kjvWIMghw==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
}, },
"domains": { "domains": {
"encrypted_data": "lGfoPHdXEYYdJmoIA9M119wjVl1v4UzIv5gHADwx0A==\n", "encrypted_data": "scZ5blsSjs54DlitR7KZ3enLbyceOR5q0wjHw1golQ==\n",
"iv": "q6XKbxhW7X9ONxNt\n", "iv": "oDcHm7shAzW97b4t\n",
"auth_tag": "ns9WJH8Oe75siWu+sOZkRg==\n", "auth_tag": "62Zais9yf68SwmZRsmZ3hw==\n",
"version": 3, "version": 3,
"cipher": "aes-256-gcm" "cipher": "aes-256-gcm"
} }
-287
View File
@@ -1,287 +0,0 @@
# Migrating PostgreSQL cluster to a new major version
## Summary
1. Dump from a replica
2. Restore to fresh VM running new major version
3. Add logical replication for delta sync from current/old primary
4. Switch primary to new server
5. Remove logical replication on new server
## Runbook
* Primary host: `PRIMARY_HOST`
* Replica host: `REPLICA_HOST`
* New PG14 host: `NEW_HOST`
* PostgreSQL superuser: `postgres`
* Running locally on each machine via `sudo -u postgres`
Adjust hostnames/IPs/etc. where needed.
---
### 🟢 0. PRIMARY — Pre-checks
```bash
sudo -u postgres psql -c "SHOW wal_level;"
sudo -u postgres psql -c "SHOW max_replication_slots;"
```
If needed, edit config:
```bash
sudo -u postgres vi $PGDATA/postgresql.conf
```
Ensure:
```conf
wal_level = logical
max_replication_slots = 10
```
Restart if changed:
```bash
sudo systemctl restart postgresql
```
---
### 🔵🟡 3. Create keypair for syncing dump later
🔵 On NEW_HOST:
```bash
sudo mkdir -p /home/postgres/.ssh && \
sudo chown -R postgres:postgres /home/postgres && \
sudo chmod 700 /home/postgres/.ssh && \
sudo -u postgres bash -c 'ssh-keygen -t ecdsa -b 256 -f /home/postgres/.ssh/id_ecdsa -N "" -C "postgres@$(hostname)"' && \
sudo cat /home/postgres/.ssh/id_ecdsa.pub
```
Copy the public key from the above output
🟡 On replica:
```bash
sudo mkdir -p /home/postgres/.ssh && \
sudo chown -R postgres:postgres /home/postgres && \
sudo chmod 700 /home/postgres/.ssh && \
echo [public_key] | sudo tee /home/postgres/.ssh/authorized_keys > /dev/null && \
sudo chmod 700 /home/postgres/.ssh
```
---
### 🟢 1. PRIMARY — Create publication and replication slots
```bash
sudo -u postgres pg_create_replication_publications
```
or
```bash
sudo -u postgres pg_create_replication_publication [db_name]
```
Listing publications and slots:
```bash
sudo -u postgres pg_list_replication_publications
sudo -u postgres pg_list_replication_slots
```
---
### 🟡 3. REPLICA — Pause replication
```bash
sudo -u postgres psql -c "SELECT pg_wal_replay_pause();"
```
Verify:
```bash
sudo -u postgres psql -c "SELECT pg_is_wal_replay_paused();"
```
---
### 🟡 4. REPLICA — Run dump
```bash
sudo -u postgres pg_dump_all_databases
```
or
```bash
sudo -u postgres bash -c "pg_dumpall --globals-only > /tmp/globals.sql"
sudo -u postgres pg_dump_database [db_name]
```
---
### 🟡 5. REPLICA — Resume replication
```bash
sudo -u postgres psql -c "SELECT pg_wal_replay_resume();"
```
---
### 🔵 6. COPY dumps to NEW HOST
From NEW_HOST:
```bash
export REPLICA_HOST=[private_ip] && \
cd /tmp && \
sudo -u postgres scp "postgres@$REPLICA_HOST:/tmp/globals.sql" . && \
sudo -u postgres scp "postgres@$REPLICA_HOST:/tmp/dump_*.tar.zst" .
```
---
### 🔵 7. NEW HOST (PostgreSQL 14) — Restore
#### 7.1 Restore globals
```bash
sudo -u postgres psql -f /tmp/globals.sql
```
---
#### 7.2 Create databases
```bash
sudo -u postgres psql -Atqc "SELECT datname FROM pg_database WHERE datallowconn AND datname NOT IN ('template1')" | \
xargs -I{} sudo -u postgres createdb {}
```
or
```bash
sudo -u postgres createdb [db_name]
```
---
#### 7.3 Restore each database
```bash
sudo -u postgres pg_restore_all_databases
```
or
```bash
sudo -u postgres pg_restore_database [db_name]
```
---
### 🔵 8. NEW HOST — Create subscriptions
```bash
sudo -u postgres pg_create_replication_subscriptions
```
or
```bash
sudo -u postgres pg_create_replication_subscription [db_name]
```
---
### 🔵 9. NEW HOST — Monitor replication
```bash
sudo -u postgres pg_list_replication_subscriptions
```
---
### 🔴 11. CUTOVER
#### 11.1 Stop writes on old primary
Put app(s) in maintenance mode, stop the app/daemons.
---
#### 11.2 Wait for replication to catch up
TODO: not the best way to check, since WAL LSNs keep increasing
```bash
sudo -u postgres psql -d [db_name] -c "SELECT * FROM pg_stat_subscription;"
```
---
#### 11.3 Fix sequences
Run per DB:
```bash
sudo -u postgres pg_fix_sequences_in_all_databases
```
or
```bash
sudo -u postgres pg_fix_sequences [db_name]
```
---
#### 11.4 Point app to NEW_HOST
1. Update `pg.kosmos.local` in `/etc/hosts` on app server(s). For example:
```bash
export NEW_PG_PRIMARY=[private_ip]
knife ssh roles:ejabberd -a knife_zero.host "sudo sed -r \"s/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\s(pg.kosmos.local)/$NEW_PG_PRIMARY\t\1/\" -i /etc/hosts"
```
Or override node attribute(s) if necessary and/or approporiate.
2. Start the app/daemons, and deactivate maintenance mode.
---
### 🧹 12. CLEANUP NEW_HOST
```bash
sudo -u postgres pg_drop_replication_subscriptions
```
---
### 🧹 13. CLEANUP PRIMARY
TODO: Looks like slots are dropped automatically, when subscriptions are dropped
```bash
sudo -u postgres pg_drop_replication_publications
```
---
### 🧹 13. CLEANUP Chef
Once all apps/databases are migrated, update the role in the node
config of the new primary to 'postgres_primary' and converge it.
Also delete the old primary node config from the Chef repo.
---
### ✅ DONE
---
-10
View File
@@ -18,16 +18,6 @@
"relay_url": "wss://nostr.kosmos.org" "relay_url": "wss://nostr.kosmos.org"
} }
}, },
"blossom": {
"domain": "blossom.kosmos.org",
"storage": {
"s3": {
"endpoint": "s3.kosmos.org",
"region": "garage",
"bucket": "blossom"
}
}
},
"discourse": { "discourse": {
"domain": "community.kosmos.org" "domain": "community.kosmos.org"
}, },
+6 -7
View File
@@ -4,13 +4,12 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.144" "host": "10.1.1.144"
}, }
"vm_host": "draco"
}, },
"automatic": { "automatic": {
"fqdn": "akkounts-1", "fqdn": "akkounts-1",
"os": "linux", "os": "linux",
"os_version": "5.4.0-223-generic", "os_version": "5.4.0-216-generic",
"hostname": "akkounts-1", "hostname": "akkounts-1",
"ipaddress": "192.168.122.160", "ipaddress": "192.168.122.160",
"roles": [ "roles": [
@@ -68,13 +67,13 @@
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.10.17", "version": "18.2.7",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.2.7/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.2.13", "version": "18.1.4",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai"
} }
} }
}, },
+2 -3
View File
@@ -3,13 +3,12 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.163" "host": "10.1.1.163"
}, }
"vm_host": "draco"
}, },
"automatic": { "automatic": {
"fqdn": "bitcoin-2", "fqdn": "bitcoin-2",
"os": "linux", "os": "linux",
"os_version": "5.4.0-216-generic", "os_version": "5.4.0-163-generic",
"hostname": "bitcoin-2", "hostname": "bitcoin-2",
"ipaddress": "192.168.122.148", "ipaddress": "192.168.122.148",
"roles": [ "roles": [
+2 -3
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.35" "host": "10.1.1.35"
}, }
"vm_host": "fornax"
}, },
"automatic": { "automatic": {
"fqdn": "discourse-2", "fqdn": "discourse-2",
@@ -62,7 +61,7 @@
} }
}, },
"run_list": [ "run_list": [
"role[base]", "recipe[kosmos-base]",
"role[kvm_guest]", "role[kvm_guest]",
"role[garage_gateway]", "role[garage_gateway]",
"role[kosmos_discourse]" "role[kosmos_discourse]"
+4 -7
View File
@@ -12,7 +12,6 @@
}, },
"openresty": { "openresty": {
"listen_ip": "148.251.237.111", "listen_ip": "148.251.237.111",
"listen_ipv6": "2a01:4f8:202:804a::2",
"log_formats": { "log_formats": {
"json": "{\"ip\":\"$remote_addr\",\"time\":\"$time_local\",\"host\":\"$host\",\"method\":\"$request_method\",\"uri\":\"$uri\",\"status\":$status,\"size\":$body_bytes_sent,\"referer\":\"$http_referer\",\"upstream_addr\":\"$upstream_addr\",\"upstream_response_time\":\"$upstream_response_time\",\"ua\":\"$http_user_agent\"}" "json": "{\"ip\":\"$remote_addr\",\"time\":\"$time_local\",\"host\":\"$host\",\"method\":\"$request_method\",\"uri\":\"$uri\",\"status\":$status,\"size\":$body_bytes_sent,\"referer\":\"$http_referer\",\"upstream_addr\":\"$upstream_addr\",\"upstream_response_time\":\"$upstream_response_time\",\"ua\":\"$http_user_agent\"}"
} }
@@ -46,7 +45,6 @@
"kosmos_garage::default", "kosmos_garage::default",
"kosmos_garage::firewall_rpc", "kosmos_garage::firewall_rpc",
"kosmos_assets::nginx_site", "kosmos_assets::nginx_site",
"kosmos_blossom::nginx",
"kosmos_discourse::nginx", "kosmos_discourse::nginx",
"kosmos_drone::nginx", "kosmos_drone::nginx",
"kosmos_garage::nginx_web", "kosmos_garage::nginx_web",
@@ -83,7 +81,6 @@
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
@@ -113,13 +110,13 @@
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.10.17", "version": "18.2.7",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.2.7/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.2.13", "version": "18.1.4",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai"
} }
} }
}, },
+2 -3
View File
@@ -3,8 +3,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.128" "host": "10.1.1.128"
}, }
"vm_host": "fornax"
}, },
"automatic": { "automatic": {
"fqdn": "drone-1", "fqdn": "drone-1",
@@ -56,7 +55,7 @@
} }
}, },
"run_list": [ "run_list": [
"role[base]", "recipe[kosmos-base]",
"role[kvm_guest]", "role[kvm_guest]",
"role[drone]" "role[drone]"
] ]
+1 -2
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.113" "host": "10.1.1.113"
}, }
"vm_host": "draco"
}, },
"automatic": { "automatic": {
"fqdn": "ejabberd-4", "fqdn": "ejabberd-4",
+1 -2
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.123" "host": "10.1.1.123"
}, }
"vm_host": "fornax"
}, },
"automatic": { "automatic": {
"fqdn": "ejabberd-8", "fqdn": "ejabberd-8",
+4 -6
View File
@@ -39,7 +39,6 @@
"kosmos_garage::default", "kosmos_garage::default",
"kosmos_garage::firewall_rpc", "kosmos_garage::firewall_rpc",
"kosmos_assets::nginx_site", "kosmos_assets::nginx_site",
"kosmos_blossom::nginx",
"kosmos_discourse::nginx", "kosmos_discourse::nginx",
"kosmos_drone::nginx", "kosmos_drone::nginx",
"kosmos_garage::nginx_web", "kosmos_garage::nginx_web",
@@ -76,7 +75,6 @@
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
@@ -106,13 +104,13 @@
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.10.17", "version": "18.2.7",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.2.7/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.2.13", "version": "18.1.4",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai"
} }
} }
}, },
+12 -15
View File
@@ -1,18 +1,17 @@
{ {
"name": "garage-15", "name": "garage-10",
"chef_environment": "production", "chef_environment": "production",
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.82" "host": "10.1.1.27"
}, }
"vm_host": "leo"
}, },
"automatic": { "automatic": {
"fqdn": "garage-15", "fqdn": "garage-10",
"os": "linux", "os": "linux",
"os_version": "5.15.0-1095-kvm", "os_version": "5.4.0-1090-kvm",
"hostname": "garage-15", "hostname": "garage-10",
"ipaddress": "192.168.122.57", "ipaddress": "192.168.122.70",
"roles": [ "roles": [
"base", "base",
"kvm_guest", "kvm_guest",
@@ -21,7 +20,6 @@
"recipes": [ "recipes": [
"kosmos-base", "kosmos-base",
"kosmos-base::default", "kosmos-base::default",
"kosmos_prometheus::node_exporter",
"kosmos_kvm::guest", "kosmos_kvm::guest",
"kosmos_garage", "kosmos_garage",
"kosmos_garage::default", "kosmos_garage::default",
@@ -32,7 +30,6 @@
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
@@ -45,17 +42,17 @@
"firewall::default" "firewall::default"
], ],
"platform": "ubuntu", "platform": "ubuntu",
"platform_version": "22.04", "platform_version": "20.04",
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.10.17", "version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.2.13", "version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
} }
} }
}, },
+1 -4
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.165" "host": "10.1.1.165"
}, }
"vm_host": "fornax"
}, },
"automatic": { "automatic": {
"fqdn": "garage-11", "fqdn": "garage-11",
@@ -21,7 +20,6 @@
"recipes": [ "recipes": [
"kosmos-base", "kosmos-base",
"kosmos-base::default", "kosmos-base::default",
"kosmos_prometheus::node_exporter",
"kosmos_kvm::guest", "kosmos_kvm::guest",
"kosmos_garage", "kosmos_garage",
"kosmos_garage::default", "kosmos_garage::default",
@@ -32,7 +30,6 @@
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
-65
View File
@@ -1,65 +0,0 @@
{
"name": "garage-16",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.153"
},
"vm_host": "leo"
},
"automatic": {
"fqdn": "garage-16",
"os": "linux",
"os_version": "6.8.0-106-generic",
"hostname": "garage-16",
"ipaddress": "192.168.122.182",
"roles": [
"base",
"kvm_guest",
"garage_node"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_prometheus::node_exporter",
"kosmos_kvm::guest",
"kosmos_garage",
"kosmos_garage::default",
"kosmos_garage::firewall_rpc",
"kosmos_garage::firewall_apis",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default",
"firewall::default"
],
"platform": "ubuntu",
"platform_version": "24.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.10.17",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.2.13",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
}
}
},
"run_list": [
"role[base]",
"role[kvm_guest]",
"role[garage_node]"
]
}
+1 -2
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.40" "host": "10.1.1.40"
}, }
"vm_host": "draco"
}, },
"automatic": { "automatic": {
"fqdn": "garage-2", "fqdn": "garage-2",
+1 -4
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.182" "host": "10.1.1.182"
}, }
"vm_host": "draco"
}, },
"automatic": { "automatic": {
"fqdn": "garage-7", "fqdn": "garage-7",
@@ -21,7 +20,6 @@
"recipes": [ "recipes": [
"kosmos-base", "kosmos-base",
"kosmos-base::default", "kosmos-base::default",
"kosmos_prometheus::node_exporter",
"kosmos_kvm::guest", "kosmos_kvm::guest",
"kosmos_garage", "kosmos_garage",
"kosmos_garage::default", "kosmos_garage::default",
@@ -32,7 +30,6 @@
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
+1 -4
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.61" "host": "10.1.1.61"
}, }
"vm_host": "fornax"
}, },
"automatic": { "automatic": {
"fqdn": "garage-8", "fqdn": "garage-8",
@@ -21,7 +20,6 @@
"recipes": [ "recipes": [
"kosmos-base", "kosmos-base",
"kosmos-base::default", "kosmos-base::default",
"kosmos_prometheus::node_exporter",
"kosmos_kvm::guest", "kosmos_kvm::guest",
"kosmos_garage", "kosmos_garage",
"kosmos_garage::default", "kosmos_garage::default",
@@ -32,7 +30,6 @@
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
+12 -15
View File
@@ -1,18 +1,17 @@
{ {
"name": "garage-14", "name": "garage-9",
"chef_environment": "production", "chef_environment": "production",
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.151" "host": "10.1.1.223"
}, }
"vm_host": "leo"
}, },
"automatic": { "automatic": {
"fqdn": "garage-14", "fqdn": "garage-9",
"os": "linux", "os": "linux",
"os_version": "5.15.0-1095-kvm", "os_version": "5.4.0-1090-kvm",
"hostname": "garage-14", "hostname": "garage-9",
"ipaddress": "192.168.122.36", "ipaddress": "192.168.122.21",
"roles": [ "roles": [
"base", "base",
"kvm_guest", "kvm_guest",
@@ -21,7 +20,6 @@
"recipes": [ "recipes": [
"kosmos-base", "kosmos-base",
"kosmos-base::default", "kosmos-base::default",
"kosmos_prometheus::node_exporter",
"kosmos_kvm::guest", "kosmos_kvm::guest",
"kosmos_garage", "kosmos_garage",
"kosmos_garage::default", "kosmos_garage::default",
@@ -32,7 +30,6 @@
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
@@ -45,17 +42,17 @@
"firewall::default" "firewall::default"
], ],
"platform": "ubuntu", "platform": "ubuntu",
"platform_version": "22.04", "platform_version": "20.04",
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.10.17", "version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.2.13", "version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
} }
} }
}, },
+9 -3
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.21" "host": "10.1.1.21"
}, }
"vm_host": "fornax"
}, },
"automatic": { "automatic": {
"fqdn": "gitea-2", "fqdn": "gitea-2",
@@ -34,7 +33,7 @@
"kosmos_gitea", "kosmos_gitea",
"kosmos_gitea::default", "kosmos_gitea::default",
"kosmos_gitea::backup", "kosmos_gitea::backup",
"kosmos_gitea::runner", "kosmos_gitea::act_runner",
"apt::default", "apt::default",
"timezone_iii::default", "timezone_iii::default",
"timezone_iii::debian", "timezone_iii::debian",
@@ -51,6 +50,13 @@
"postfix::sasl_auth", "postfix::sasl_auth",
"hostname::default", "hostname::default",
"firewall::default", "firewall::default",
"kosmos_gitea::compile_from_source",
"git::default",
"git::package",
"kosmos-nodejs::default",
"nodejs::nodejs_from_package",
"nodejs::repo",
"golang::default",
"backup::default", "backup::default",
"logrotate::default" "logrotate::default"
], ],
+2 -3
View File
@@ -3,8 +3,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.198" "host": "10.1.1.198"
}, }
"vm_host": "draco"
}, },
"automatic": { "automatic": {
"fqdn": "ipfs-1", "fqdn": "ipfs-1",
@@ -61,7 +60,7 @@
} }
}, },
"run_list": [ "run_list": [
"role[base]", "recipe[kosmos-base]",
"role[kvm_guest]", "role[kvm_guest]",
"role[ipfs_gateway]" "role[ipfs_gateway]"
] ]
+2 -3
View File
@@ -3,8 +3,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.6" "host": "10.1.1.6"
}, }
"vm_host": "draco"
}, },
"automatic": { "automatic": {
"fqdn": "ldap-3.kosmos.org", "fqdn": "ldap-3.kosmos.org",
@@ -58,7 +57,7 @@
} }
}, },
"run_list": [ "run_list": [
"role[base]", "recipe[kosmos-base]",
"role[kvm_guest]", "role[kvm_guest]",
"role[dirsrv_supplier]" "role[dirsrv_supplier]"
] ]
+1 -2
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.106" "host": "10.1.1.106"
}, }
"vm_host": "fornax"
}, },
"automatic": { "automatic": {
"fqdn": "ldap-4.kosmos.org", "fqdn": "ldap-4.kosmos.org",
+1 -2
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.87" "host": "10.1.1.87"
}, }
"vm_host": "draco"
}, },
"automatic": { "automatic": {
"fqdn": "lq-1", "fqdn": "lq-1",
+1 -2
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.188" "host": "10.1.1.188"
}, }
"vm_host": "fornax"
}, },
"automatic": { "automatic": {
"fqdn": "lq-2", "fqdn": "lq-2",
+1 -3
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.95" "host": "10.1.1.95"
}, }
"vm_host": "draco"
}, },
"automatic": { "automatic": {
"fqdn": "mail.kosmos.org", "fqdn": "mail.kosmos.org",
@@ -31,7 +30,6 @@
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
+2 -3
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.30" "host": "10.1.1.30"
}, }
"vm_host": "fornax"
}, },
"automatic": { "automatic": {
"fqdn": "mastodon-3", "fqdn": "mastodon-3",
@@ -84,7 +83,7 @@
} }
}, },
"run_list": [ "run_list": [
"role[base]", "recipe[kosmos-base]",
"role[kvm_guest]", "role[kvm_guest]",
"role[ldap_client]", "role[ldap_client]",
"role[garage_gateway]", "role[garage_gateway]",
+1 -2
View File
@@ -3,8 +3,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.138" "host": "10.1.1.138"
}, }
"vm_host": "fornax"
}, },
"automatic": { "automatic": {
"fqdn": "nodejs-4", "fqdn": "nodejs-4",
@@ -1,18 +1,16 @@
{ {
"name": "postgres-11", "name": "postgres-6",
"chef_environment": "production",
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.91" "host": "10.1.1.196"
}, }
"vm_host": "leo"
}, },
"automatic": { "automatic": {
"fqdn": "postgres-11", "fqdn": "postgres-6",
"os": "linux", "os": "linux",
"os_version": "5.15.0-1095-kvm", "os_version": "5.4.0-173-generic",
"hostname": "postgres-11", "hostname": "postgres-6",
"ipaddress": "192.168.122.142", "ipaddress": "192.168.122.60",
"roles": [ "roles": [
"base", "base",
"kvm_guest", "kvm_guest",
@@ -23,20 +21,18 @@
"kosmos-base::default", "kosmos-base::default",
"kosmos_kvm::guest", "kosmos_kvm::guest",
"kosmos_postgresql::primary", "kosmos_postgresql::primary",
"kosmos_postgresql::firewall",
"kosmos-akkounts::pg_db", "kosmos-akkounts::pg_db",
"kosmos-bitcoin::lndhub-go_pg_db", "kosmos-bitcoin::lndhub-go_pg_db",
"kosmos-bitcoin::nbxplorer_pg_db", "kosmos-bitcoin::nbxplorer_pg_db",
"kosmos_drone::pg_db", "kosmos_drone::pg_db",
"kosmos_gitea::pg_db", "kosmos_gitea::pg_db",
"kosmos-mastodon::pg_db", "kosmos-mastodon::pg_db",
"kosmos_postgresql::firewall",
"kosmos_postgresql::management_scripts",
"apt::default", "apt::default",
"timezone_iii::default", "timezone_iii::default",
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
@@ -48,17 +44,17 @@
"hostname::default" "hostname::default"
], ],
"platform": "ubuntu", "platform": "ubuntu",
"platform_version": "22.04", "platform_version": "20.04",
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.10.17", "version": "18.4.2",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.4.2/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.2.13", "version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
} }
} }
}, },
@@ -1,18 +1,17 @@
{ {
"name": "postgres-12", "name": "postgres-7",
"chef_environment": "production", "chef_environment": "production",
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.134" "host": "10.1.1.134"
}, }
"vm_host": "her"
}, },
"automatic": { "automatic": {
"fqdn": "postgres-12", "fqdn": "postgres-7",
"os": "linux", "os": "linux",
"os_version": "5.15.0-1096-kvm", "os_version": "5.4.0-1123-kvm",
"hostname": "postgres-12", "hostname": "postgres-7",
"ipaddress": "192.168.122.139", "ipaddress": "192.168.122.89",
"roles": [ "roles": [
"base", "base",
"kvm_guest", "kvm_guest",
@@ -25,7 +24,6 @@
"kosmos_postgresql::hostsfile", "kosmos_postgresql::hostsfile",
"kosmos_postgresql::replica", "kosmos_postgresql::replica",
"kosmos_postgresql::firewall", "kosmos_postgresql::firewall",
"kosmos_postgresql::management_scripts",
"apt::default", "apt::default",
"timezone_iii::default", "timezone_iii::default",
"timezone_iii::debian", "timezone_iii::debian",
@@ -43,17 +41,17 @@
"hostname::default" "hostname::default"
], ],
"platform": "ubuntu", "platform": "ubuntu",
"platform_version": "22.04", "platform_version": "20.04",
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.10.17", "version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.2.13", "version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
} }
} }
}, },
@@ -1,31 +1,34 @@
{ {
"name": "leo.kosmos.org", "name": "postgres-8",
"chef_environment": "production", "chef_environment": "production",
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.204" "host": "10.1.1.99"
} }
}, },
"automatic": { "automatic": {
"fqdn": "leo.kosmos.org", "fqdn": "postgres-8",
"os": "linux", "os": "linux",
"os_version": "5.15.0-173-generic", "os_version": "5.15.0-1059-kvm",
"hostname": "leo", "hostname": "postgres-8",
"ipaddress": "5.9.81.116", "ipaddress": "192.168.122.100",
"roles": [ "roles": [
"base" "base",
"kvm_guest",
"postgresql_replica"
], ],
"recipes": [ "recipes": [
"kosmos-base", "kosmos-base",
"kosmos-base::default", "kosmos-base::default",
"kosmos_prometheus::node_exporter", "kosmos_kvm::guest",
"kosmos_kvm::host", "kosmos_postgresql::hostsfile",
"kosmos_postgresql::replica",
"kosmos_postgresql::firewall",
"apt::default", "apt::default",
"timezone_iii::default", "timezone_iii::default",
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
@@ -34,26 +37,26 @@
"postfix::_common", "postfix::_common",
"postfix::_attributes", "postfix::_attributes",
"postfix::sasl_auth", "postfix::sasl_auth",
"hostname::default", "hostname::default"
"firewall::default"
], ],
"platform": "ubuntu", "platform": "ubuntu",
"platform_version": "22.04", "platform_version": "22.04",
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.10.17", "version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.2.13", "version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
} }
} }
}, },
"run_list": [ "run_list": [
"role[base]", "role[base]",
"recipe[kosmos_kvm::host]" "role[kvm_guest]",
"role[postgresql_replica]"
] ]
} }
-63
View File
@@ -1,63 +0,0 @@
{
"name": "prometheus-1",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.146"
},
"vm_host": "leo"
},
"automatic": {
"fqdn": "prometheus-1",
"os": "linux",
"os_version": "6.8.0-134-generic",
"hostname": "prometheus-1",
"ipaddress": "192.168.122.166",
"roles": [
"base",
"kvm_guest",
"prometheus_server"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_prometheus::node_exporter",
"kosmos_kvm::guest",
"kosmos_prometheus::server",
"kosmos_prometheus::alertmanager",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default",
"firewall::default"
],
"platform": "ubuntu",
"platform_version": "24.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.10.17",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.2.13",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
}
}
},
"run_list": [
"role[base]",
"role[kvm_guest]",
"role[prometheus_server]"
]
}
+1 -2
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.225" "host": "10.1.1.225"
}, }
"vm_host": "draco"
}, },
"automatic": { "automatic": {
"fqdn": "redis-1", "fqdn": "redis-1",
+1 -2
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.208" "host": "10.1.1.208"
}, }
"vm_host": "fornax"
}, },
"automatic": { "automatic": {
"fqdn": "redis-2", "fqdn": "redis-2",
+2 -3
View File
@@ -3,8 +3,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.187" "host": "10.1.1.187"
}, }
"vm_host": "fornax"
}, },
"automatic": { "automatic": {
"fqdn": "rs-discourse-1", "fqdn": "rs-discourse-1",
@@ -56,7 +55,7 @@
} }
}, },
"run_list": [ "run_list": [
"role[base]", "recipe[kosmos-base]",
"role[kvm_guest]", "role[kvm_guest]",
"role[remotestorage_discourse]" "role[remotestorage_discourse]"
] ]
+1 -2
View File
@@ -3,8 +3,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.150" "host": "10.1.1.150"
}, }
"vm_host": "her"
}, },
"automatic": { "automatic": {
"fqdn": "rsk-mainnet-3", "fqdn": "rsk-mainnet-3",
+1 -2
View File
@@ -3,8 +3,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.126" "host": "10.1.1.126"
}, }
"vm_host": "her"
}, },
"automatic": { "automatic": {
"fqdn": "rsk-testnet-4", "fqdn": "rsk-testnet-4",
@@ -1,17 +1,16 @@
{ {
"name": "rsk-testnet-6", "name": "rsk-testnet-5",
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.20" "host": "10.1.1.194"
}, }
"vm_host": "leo"
}, },
"automatic": { "automatic": {
"fqdn": "rsk-testnet-6", "fqdn": "rsk-testnet-5",
"os": "linux", "os": "linux",
"os_version": "6.8.0-107-generic", "os_version": "5.4.0-1103-kvm",
"hostname": "rsk-testnet-6", "hostname": "rsk-testnet-5",
"ipaddress": "192.168.122.231", "ipaddress": "192.168.122.171",
"roles": [ "roles": [
"base", "base",
"kvm_guest", "kvm_guest",
@@ -25,7 +24,8 @@
"apt::default", "apt::default",
"timezone_iii::default", "timezone_iii::default",
"timezone_iii::debian", "timezone_iii::debian",
"kosmos-base::journald_conf", "ntp::default",
"ntp::apparmor",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
@@ -39,17 +39,17 @@
"firewall::default" "firewall::default"
], ],
"platform": "ubuntu", "platform": "ubuntu",
"platform_version": "24.04", "platform_version": "20.04",
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.10.17", "version": "18.3.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.3.0/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.2.13", "version": "18.1.4",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai"
} }
} }
}, },
+1 -2
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.132" "host": "10.1.1.132"
}, }
"vm_host": "her"
}, },
"automatic": { "automatic": {
"fqdn": "sentry-1", "fqdn": "sentry-1",
+4 -10
View File
@@ -4,8 +4,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.164" "host": "10.1.1.164"
}, }
"vm_host": "draco"
}, },
"automatic": { "automatic": {
"fqdn": "strfry-1", "fqdn": "strfry-1",
@@ -17,8 +16,7 @@
"base", "base",
"kvm_guest", "kvm_guest",
"strfry", "strfry",
"ldap_client", "ldap_client"
"blossom"
], ],
"recipes": [ "recipes": [
"kosmos-base", "kosmos-base",
@@ -30,8 +28,6 @@
"kosmos_strfry::policies", "kosmos_strfry::policies",
"kosmos_strfry::firewall", "kosmos_strfry::firewall",
"kosmos_strfry::substr", "kosmos_strfry::substr",
"kosmos_blossom",
"kosmos_blossom::default",
"apt::default", "apt::default",
"timezone_iii::default", "timezone_iii::default",
"timezone_iii::debian", "timezone_iii::debian",
@@ -47,8 +43,7 @@
"postfix::_attributes", "postfix::_attributes",
"postfix::sasl_auth", "postfix::sasl_auth",
"hostname::default", "hostname::default",
"deno::default", "deno::default"
"blossom::default"
], ],
"platform": "ubuntu", "platform": "ubuntu",
"platform_version": "22.04", "platform_version": "22.04",
@@ -68,7 +63,6 @@
"run_list": [ "run_list": [
"role[base]", "role[base]",
"role[kvm_guest]", "role[kvm_guest]",
"role[strfry]", "role[strfry]"
"role[blossom]"
] ]
} }
+67
View File
@@ -0,0 +1,67 @@
{
"name": "uploads-1",
"normal": {
"knife_zero": {
"host": "10.1.1.98"
}
},
"automatic": {
"fqdn": "uploads-1",
"os": "linux",
"os_version": "5.4.0-128-generic",
"hostname": "uploads-1",
"ipaddress": "192.168.122.230",
"roles": [
"kvm_guest"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos-ejabberd::upload_service",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default",
"kosmos-nginx::with_perl",
"nginx::default",
"nginx::package",
"nginx::ohai_plugin",
"nginx::repo",
"nginx::commons",
"nginx::commons_dir",
"nginx::commons_script",
"nginx::commons_conf",
"kosmos-nginx::firewall",
"kosmos-base::letsencrypt"
],
"platform": "ubuntu",
"platform_version": "20.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "15.14.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib"
},
"ohai": {
"version": "15.12.0",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
}
}
},
"run_list": [
"recipe[kosmos-base]",
"role[kvm_guest]",
"recipe[kosmos-ejabberd::upload_service]"
]
}
+5 -8
View File
@@ -3,8 +3,7 @@
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.206" "host": "10.1.1.206"
}, }
"vm_host": "draco"
}, },
"automatic": { "automatic": {
"fqdn": "wiki-1", "fqdn": "wiki-1",
@@ -29,7 +28,6 @@
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
@@ -68,13 +66,12 @@
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.7.10", "version": "15.13.8",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.13.8/lib"
"chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.2.5", "version": "15.12.0",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
} }
} }
}, },
-1
View File
@@ -2,5 +2,4 @@ name "base"
run_list %w( run_list %w(
kosmos-base::default kosmos-base::default
kosmos_prometheus::node_exporter
) )
-16
View File
@@ -1,16 +0,0 @@
name "blossom"
override_attributes(
"blossom" => {
"allowed_pubkeys" => [
# "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
# "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3",
# "898a73f2c1f9a9f42d9ef4ac363622f92fdd4290c8f190340a0862d8e0f70046"
]
},
)
run_list %w(
role[ldap_client]
kosmos_blossom::default
)
+2 -2
View File
@@ -8,8 +8,8 @@ run_list %w(
override_attributes( override_attributes(
"gitea" => { "gitea" => {
# "repo" => "https://github.com/67P/gitea.git", "repo" => "https://github.com/67P/gitea.git",
# "revision" => "ldap_sync", "revision" => "ldap_sync",
"log" => { "level" => "Info" } "log" => { "level" => "Info" }
}, },
) )
+1 -1
View File
@@ -1,5 +1,5 @@
name "gitea_actions_runner" name "gitea_actions_runner"
run_list %w( run_list %w(
kosmos_gitea::runner kosmos_gitea::act_runner
) )
-1
View File
@@ -19,7 +19,6 @@ production_run_list = %w(
role[openresty] role[openresty]
role[garage_gateway] role[garage_gateway]
kosmos_assets::nginx_site kosmos_assets::nginx_site
kosmos_blossom::nginx
kosmos_discourse::nginx kosmos_discourse::nginx
kosmos_drone::nginx kosmos_drone::nginx
kosmos_garage::nginx_web kosmos_garage::nginx_web
+10 -11
View File
@@ -1,13 +1,12 @@
name "postgresql_primary" name "postgresql_primary"
run_list [ run_list %w(
"kosmos_postgresql::primary", kosmos_postgresql::primary
"kosmos-akkounts::pg_db", kosmos_postgresql::firewall
"kosmos-bitcoin::lndhub-go_pg_db", kosmos-akkounts::pg_db
"kosmos-bitcoin::nbxplorer_pg_db", kosmos-bitcoin::lndhub-go_pg_db
"kosmos_drone::pg_db", kosmos-bitcoin::nbxplorer_pg_db
"kosmos_gitea::pg_db", kosmos_drone::pg_db
"kosmos-mastodon::pg_db", kosmos_gitea::pg_db
"kosmos_postgresql::firewall", kosmos-mastodon::pg_db
"kosmos_postgresql::management_scripts" )
]
+5 -6
View File
@@ -1,8 +1,7 @@
name "postgresql_replica" name "postgresql_replica"
run_list [ run_list %w(
"kosmos_postgresql::hostsfile", kosmos_postgresql::hostsfile
"kosmos_postgresql::replica", kosmos_postgresql::replica
"kosmos_postgresql::firewall", kosmos_postgresql::firewall
"kosmos_postgresql::management_scripts" )
]
-8
View File
@@ -1,8 +0,0 @@
name "postgresql_replica_logical"
run_list [
"kosmos_postgresql::hostsfile",
"kosmos_postgresql::replica_logical",
"kosmos_postgresql::firewall",
"kosmos_postgresql::management_scripts"
]
-12
View File
@@ -1,12 +0,0 @@
name "prometheus_server"
default_run_list = [
"kosmos_prometheus::server",
"kosmos_prometheus::alertmanager"
]
env_run_lists(
"_default" => default_run_list,
"development" => default_run_list,
"production" => default_run_list
)
-69
View File
@@ -1,69 +0,0 @@
#!/usr/bin/env bash
# Strip the top-level "override" and "default" attributes from Chef node JSON files.
#
# Usage:
# ./scripts/util/strip_node_attrs.sh <node> [<node> ...]
# ./scripts/util/strip_node_attrs.sh --all
#
# A <node> may be a bare node name (e.g. "prometheus-1"), a path relative to the
# repository root (e.g. "nodes/prometheus-1.json"), or an absolute path.
#
# Exit codes:
# 0 - all target files processed successfully
# 1 - one or more targets could not be processed (missing args, missing jq,
# file not found, invalid JSON, or write failure)
set -uo pipefail
command -v jq >/dev/null 2>&1 || exit 1
root="$(git rev-parse --show-toplevel 2>/dev/null)" || root="$(pwd)"
targets=()
if [ "$#" -eq 0 ]; then
exit 1
fi
for arg in "$@"; do
if [ "$arg" = "--all" ]; then
shopt -s nullglob
for f in "$root"/nodes/*.json; do
targets+=("$f")
done
shopt -u nullglob
continue
fi
if [[ "$arg" == */* ]]; then
if [[ "$arg" = /* ]]; then
targets+=("$arg")
else
targets+=("$root/$arg")
fi
else
targets+=("$root/nodes/$arg.json")
fi
done
if [ "${#targets[@]}" -eq 0 ]; then
exit 1
fi
rc=0
for file in "${targets[@]}"; do
[ -f "$file" ] || { rc=1; continue; }
jq -e . "$file" >/dev/null 2>&1 || { rc=1; continue; }
tmp="$(mktemp "${file}.XXXXXX")" || { rc=1; continue; }
if jq --indent 2 'del(.override, .default)' "$file" > "$tmp" 2>/dev/null; then
truncate -s -1 "$tmp" 2>/dev/null || true
mv "$tmp" "$file" || { rm -f "$tmp"; rc=1; continue; }
else
rm -f "$tmp"
rc=1
continue
fi
done
exit "$rc"
@@ -8,8 +8,8 @@ upstream _<%= @upstream_name %> {
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
server { server {
server_name <%= @server_name %>; server_name <%= @server_name %>;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen 443 ssl http2;
listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate <%= @ssl_cert %>; ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>; ssl_certificate_key <%= @ssl_key %>;
@@ -230,6 +230,7 @@ systemd_unit "akkounts.service" do
WorkingDirectory: deploy_path, WorkingDirectory: deploy_path,
Environment: "RAILS_ENV=#{rails_env} SOLID_QUEUE_IN_PUMA=true", Environment: "RAILS_ENV=#{rails_env} SOLID_QUEUE_IN_PUMA=true",
ExecStart: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid", ExecStart: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid",
ExecStop: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid stop",
ExecReload: "#{bundle_path} exec pumactl -F config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid phased-restart", ExecReload: "#{bundle_path} exec pumactl -F config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid phased-restart",
PIDFile: "#{deploy_path}/tmp/puma.pid", PIDFile: "#{deploy_path}/tmp/puma.pid",
TimeoutSec: "10", TimeoutSec: "10",
@@ -11,7 +11,7 @@ proxy_cache_path <%= node[:openresty][:cache_dir] %>/akkounts levels=1:2
server { server {
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; listen [::]:443 ssl http2;
server_name <%= @domain %>; server_name <%= @domain %>;
if ($host != $server_name) { if ($host != $server_name) {
@@ -7,7 +7,7 @@ upstream _akkounts_api {
server { server {
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; listen [::]:443 ssl http2;
server_name <%= @domain %>; server_name <%= @domain %>;
ssl_certificate <%= @ssl_cert %>; ssl_certificate <%= @ssl_cert %>;
@@ -1,6 +0,0 @@
---
- knife_zero
- kosmos_kvm
- kosmos-ejabberd
- openresty
- vm_host
@@ -0,0 +1,52 @@
#
# Cookbook Name:: kosmos-base
# Recipe:: andromeda_firewall
#
# The MIT License (MIT)
#
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
# Temporary extra rules for Andromeda
firewall_rule 'bitcoind' do
port [8333, 8334, 8335]
protocol :tcp
command :allow
end
firewall_rule 'lnd' do
port [9736]
# port [9736, 8002]
protocol :tcp
command :allow
end
firewall_rule 'lightningd' do
port [9735]
protocol :tcp
command :allow
end
firewall_rule 'spark_wallet' do
port 8008
protocol :tcp
command :allow
end
+25 -58
View File
@@ -24,44 +24,11 @@
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE. # THE SOFTWARE.
include_recipe "apt" include_recipe 'apt'
include_recipe 'timezone_iii'
cookbook_file "/etc/chef/chef_normal_attributes.yml" do include_recipe 'ntp'
source "chef_normal_attributes.yml" include_recipe 'kosmos-base::journald_conf'
owner "root" include_recipe 'kosmos-base::systemd_emails'
group "root"
mode "0644"
end
ruby_block "update allowed_normal_attributes in client.rb" do
block do
whitelist = YAML.load_file("/etc/chef/chef_normal_attributes.yml")
fe = Chef::Util::FileEdit.new("/etc/chef/client.rb")
fe.search_file_replace_line(
/^allowed_normal_attributes.*/,
"allowed_normal_attributes #{whitelist.inspect}"
)
fe.write_file
Chef::Config[:allowed_normal_attributes] = whitelist
Chef::Config[:normal_attribute_allowlist] = whitelist
end
not_if do
whitelist = YAML.load_file("/etc/chef/chef_normal_attributes.yml")
client_rb = ::File.read("/etc/chef/client.rb")
whitelist.all? { |attr| client_rb.include?(attr) }
end
end
directory "/etc/apt/keyrings" do
mode "0755"
action :create
end
include_recipe "timezone_iii"
include_recipe "ntp" if node["platform"] == "ubuntu" && node["platform_version"].to_f < 24.04
include_recipe "kosmos-base::journald_conf"
include_recipe "kosmos-base::systemd_emails"
node.override["apt"]["unattended_upgrades"]["enable"] = true node.override["apt"]["unattended_upgrades"]["enable"] = true
node.override["apt"]["unattended_upgrades"]["mail_only_on_error"] = false node.override["apt"]["unattended_upgrades"]["mail_only_on_error"] = false
@@ -76,57 +43,57 @@ node.override["apt"]["unattended_upgrades"]["allowed_origins"] = [
] ]
node.override["apt"]["unattended_upgrades"]["mail"] = "ops@kosmos.org" node.override["apt"]["unattended_upgrades"]["mail"] = "ops@kosmos.org"
node.override["apt"]["unattended_upgrades"]["syslog_enable"] = true node.override["apt"]["unattended_upgrades"]["syslog_enable"] = true
include_recipe "apt::unattended-upgrades" include_recipe 'apt::unattended-upgrades'
package "mailutils" package 'mailutils'
package "mosh" package 'mosh'
package "vim" package 'vim'
# Don't create users and rewrite the sudo config in development environment. # Don't create users and rewrite the sudo config in development environment.
# It breaks the vagrant user # It breaks the vagrant user
unless node.chef_environment == "development" unless node.chef_environment == "development"
# Searches data bag "users" for groups attribute "sysadmin". # Searches data bag "users" for groups attribute "sysadmin".
# Places returned users in Unix group "sysadmin" with GID 2300. # Places returned users in Unix group "sysadmin" with GID 2300.
users_manage "sysadmin" do users_manage 'sysadmin' do
group_id 2300 group_id 2300
action %i[remove create] action [:remove, :create]
end end
sudo "sysadmin" do sudo "sysadmin" do
groups "sysadmin" groups "sysadmin"
nopasswd true nopasswd true
defaults [ defaults [
# not default on Ubuntu, explicitely enable. Uses a minimal white list of # not default on Ubuntu, explicitely enable. Uses a minimal white list of
# environment variables # environment variables
"env_reset", 'env_reset',
# Send emails on unauthorized attempts # Send emails on unauthorized attempts
"mail_badpass", 'mail_badpass',
'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"' 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"',
] ]
end end
include_recipe "kosmos-base::firewall" include_recipe "kosmos-base::firewall"
include_recipe "kosmos-postfix" include_recipe 'kosmos-postfix'
node.override["set_fqdn"] = "*" node.override['set_fqdn'] = '*'
include_recipe "hostname" include_recipe 'hostname'
package "ca-certificates" package 'ca-certificates'
directory "/usr/local/share/ca-certificates/cacert" do directory '/usr/local/share/ca-certificates/cacert' do
action :create action :create
end end
["http://www.cacert.org/certs/root.crt", "http://www.cacert.org/certs/class3.crt"].each do |cert| ['http://www.cacert.org/certs/root.crt', 'http://www.cacert.org/certs/class3.crt'].each do |cert|
remote_file "/usr/local/share/ca-certificates/cacert/#{File.basename(cert)}" do remote_file "/usr/local/share/ca-certificates/cacert/#{File.basename(cert)}" do
source cert source cert
action :create_if_missing action :create_if_missing
notifies :run, "execute[update-ca-certificates]", :immediately notifies :run, 'execute[update-ca-certificates]', :immediately
end end
end end
execute "update-ca-certificates" do execute 'update-ca-certificates' do
action :nothing action :nothing
end end
end end
@@ -10,10 +10,10 @@ tor_service "ejabberd" do
public_key tor_services['ejabberd']['public_key'] public_key tor_services['ejabberd']['public_key']
secret_key tor_services['ejabberd']['secret_key'] secret_key tor_services['ejabberd']['secret_key']
# TODO configure IP from node attribute # TODO configure IP from node attribute
# (This is hardcoded for ejabberd-4 atm) # (This is hardcoded for draco atm)
ports [ "5222 10.1.1.113:5222", ports [ "5222 148.251.237.73:5222",
"5223 10.1.1.113:5223", "5223 148.251.237.73:5223",
"5269 10.1.1.113:5269" ] "5269 148.251.237.73:5269" ]
end end
tor_service "web" do tor_service "web" do
@@ -1,5 +1,5 @@
node.default['bitcoin']['version'] = '30.0' node.default['bitcoin']['version'] = '29.0'
node.default['bitcoin']['checksum'] = '9b472a4d51dfed9aa9d0ded2cb8c7bcb9267f8439a23a98f36eb509c1a5e6974' node.default['bitcoin']['checksum'] = '882c782c34a3bf2eacd1fae5cdc58b35b869883512f197f7d6dc8f195decfdaa'
node.default['bitcoin']['username'] = 'satoshi' node.default['bitcoin']['username'] = 'satoshi'
node.default['bitcoin']['usergroup'] = 'bitcoin' node.default['bitcoin']['usergroup'] = 'bitcoin'
node.default['bitcoin']['network'] = 'mainnet' node.default['bitcoin']['network'] = 'mainnet'
@@ -86,6 +86,9 @@ node.default['lndhub-go']['branding'] = {
'footer' => 'about=https://kosmos.org' 'footer' => 'about=https://kosmos.org'
} }
node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb"
node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"
node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer' node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer'
node.default['nbxplorer']['revision'] = 'v2.5.26' node.default['nbxplorer']['revision'] = 'v2.5.26'
node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer' node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer'
@@ -95,7 +98,7 @@ node.default['nbxplorer']['postgres']['database'] = 'nbxplorer'
node.default['nbxplorer']['postgres']['user'] = 'nbxplorer' node.default['nbxplorer']['postgres']['user'] = 'nbxplorer'
node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver' node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver'
node.default['btcpay']['revision'] = 'v2.3.7' node.default['btcpay']['revision'] = 'v2.1.1'
node.default['btcpay']['source_dir'] = '/opt/btcpay' node.default['btcpay']['source_dir'] = '/opt/btcpay'
node.default['btcpay']['config_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/Main/settings.config" node.default['btcpay']['config_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/Main/settings.config"
node.default['btcpay']['log_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/debug.log" node.default['btcpay']['log_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/debug.log"
@@ -43,7 +43,7 @@ bash "compile_bitcoin-core" do
cwd "/usr/local/bitcoind" cwd "/usr/local/bitcoind"
environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'}) environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'})
code <<-EOH code <<-EOH
cmake -B build --toolchain depends/x86_64-pc-linux-gnu/toolchain.cmake -DBUILD_TESTS=OFF cmake -B build --toolchain depends/x86_64-pc-linux-gnu/toolchain.cmake
cmake --build build -j $(($(nproc)/2)) cmake --build build -j $(($(nproc)/2))
cmake --install build cmake --install build
EOH EOH
@@ -5,16 +5,29 @@
build_essential build_essential
remote_file "/opt/dotnet-install.sh" do apt_repository 'universe' do
source "https://dot.net/v1/dotnet-install.sh" uri 'http://archive.ubuntu.com/ubuntu/'
mode "0755" distribution 'focal'
components ['universe']
end end
execute "install_dotnet_10" do apt_package 'apt-transport-https'
command "/opt/dotnet-install.sh -c 10.0 --install-dir /usr/share/dotnet"
not_if '/usr/share/dotnet/dotnet --version | grep -q "^10\."' remote_file '/opt/packages-microsoft-prod.deb' do
source node['dotnet']['ms_packages_src_url']
checksum node['dotnet']['ms_packages_src_checksum']
action :create_if_missing
end end
link "/usr/bin/dotnet" do dpkg_package 'packages-microsoft-prod' do
to "/usr/share/dotnet/dotnet" source '/opt/packages-microsoft-prod.deb'
action :install
notifies :run, 'execute[apt_update]'
end end
execute 'apt_update' do
command 'apt update'
action :nothing
end
apt_package 'dotnet-sdk-8.0'
@@ -1,86 +1,49 @@
#!/bin/bash #!/bin/bash
set -e
set -o pipefail
# Calculate yesterday's date in YYYY-MM-DD format # Calculate yesterday's date in YYYY-MM-DD format
YESTERDAY=$(date -d "yesterday" +%Y-%m-%d) YESTERDAY=$(date -d "yesterday" +%Y-%m-%d)
echo "Starting price tracking for $YESTERDAY" >&2 echo "Starting price tracking for $YESTERDAY" >&2
# Helper function to perform HTTP requests with retries
# Usage: make_request <retries> <method> <url> [data] [header1] [header2] ...
make_request() {
local retries=$1
local method=$2
local url=$3
local data=$4
shift 4
local headers=("$@")
local count=0
local wait_time=3
local response
while [ "$count" -lt "$retries" ]; do
local curl_opts=(-s -S -f -X "$method")
if [ -n "$data" ]; then
curl_opts+=(-d "$data")
fi
for h in "${headers[@]}"; do
curl_opts+=(-H "$h")
done
if response=$(curl "${curl_opts[@]}" "$url"); then
echo "$response"
return 0
fi
echo "Request to $url failed (Attempt $((count+1))/$retries). Retrying in ${wait_time}s..." >&2
sleep "$wait_time"
count=$((count + 1))
done
echo "ERROR: Request to $url failed after $retries attempts" >&2
return 1
}
# Fetch and process rates for a fiat currency # Fetch and process rates for a fiat currency
get_price_data() { get_price_data() {
local currency=$1 local currency=$1
local data avg open24 last local data avg open24 last
if data=$(make_request 3 "GET" "https://www.bitstamp.net/api/v2/ticker/btc${currency,,}/" ""); then data=$(curl -s "https://www.bitstamp.net/api/v2/ticker/btc${currency,,}/")
if [ $? -eq 0 ] && [ ! -z "$data" ]; then
echo "Successfully retrieved ${currency} price data" >&2 echo "Successfully retrieved ${currency} price data" >&2
open24=$(echo "$data" | jq -r '.open_24') open24=$(echo "$data" | jq -r '.open_24')
last=$(echo "$data" | jq -r '.last') last=$(echo "$data" | jq -r '.last')
avg=$(echo "$open24 $last" | awk '{printf "%.0f", ($1 + $2) / 2}') avg=$(( (${open24%.*} + ${last%.*}) / 2 ))
echo $avg echo $avg
else else
echo "ERROR: Failed to retrieve ${currency} price data" >&2 echo "ERROR: Failed to retrieve ${currency} price data" >&2
return 1 exit 1
fi fi
} }
# Get price data for each currency # Get price data for each currency
usd_avg=$(get_price_data "USD") || exit 1 usd_avg=$(get_price_data "USD")
eur_avg=$(get_price_data "EUR") || exit 1 eur_avg=$(get_price_data "EUR")
gbp_avg=$(get_price_data "GBP") || exit 1 gbp_avg=$(get_price_data "GBP")
# Create JSON # Create JSON
json=$(jq -n \ json="{\"EUR\":$eur_avg,\"USD\":$usd_avg,\"GBP\":$gbp_avg}"
--argjson eur "$eur_avg" \
--argjson usd "$usd_avg" \
--argjson gbp "$gbp_avg" \
'{"EUR": $eur, "USD": $usd, "GBP": $gbp}')
echo "Rates: $json" >&2 echo "Rates: $json" >&2
# PUT in remote storage # PUT in remote storage
if make_request 3 "PUT" "<%= @rs_base_url %>/$YESTERDAY" "$json" \ response=$(curl -X PUT \
"Authorization: Bearer $RS_AUTH" \ -H "Authorization: Bearer $RS_AUTH" \
"Content-Type: application/json" > /dev/null; then -H "Content-Type: application/json" \
-d "$json" \
-w "%{http_code}" \
-s \
-o /dev/null \
"<%= @rs_base_url %>/$YESTERDAY")
if [ "$response" -eq 200 ] || [ "$response" -eq 201 ]; then
echo "Successfully uploaded price data" >&2 echo "Successfully uploaded price data" >&2
else else
echo "ERROR: Failed to upload price data" >&2 echo "ERROR: Failed to upload price data. HTTP status: $response" >&2
exit 1 exit 1
fi fi
@@ -49,7 +49,7 @@ server {
client_max_body_size 100M; client_max_body_size 100M;
server_name <%= @server_name %>; server_name <%= @server_name %>;
listen 443 ssl http2; listen 443 ssl http2;
listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; listen [::]:443 ssl http2;
access_log <%= node[:nginx][:log_dir] %>/btcpayserver.access.log json; access_log <%= node[:nginx][:log_dir] %>/btcpayserver.access.log json;
error_log <%= node[:nginx][:log_dir] %>/btcpayserver.error.log warn; error_log <%= node[:nginx][:log_dir] %>/btcpayserver.error.log warn;
@@ -7,7 +7,7 @@ upstream _lndhub {
server { server {
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2; listen [::]:443 ssl http2;
server_name <%= @server_name %>; server_name <%= @server_name %>;
add_header Strict-Transport-Security "max-age=15768000"; add_header Strict-Transport-Security "max-age=15768000";

Some files were not shown because too many files have changed in this diff Show More