Add imap and smtp subdomains to mail server cert

closes #543

Co-authored-by: Greg Karékinian <greg@karekinian.com>

site-cookbooks/kosmos-base/resources/tls_cert_for.rb

@@ -3,7 +3,6 @@ provides :tls_cert_for
 
 property :domain, [String, Array], name_property: true
 property :auth, [String, NilClass], default: nil
-property :deploy_hook, [String, NilClass], default: nil
 property :acme_domain, [String, NilClass], default: nil
 
 default_action :create
@@ -37,19 +36,6 @@ action :create do
       sensitive true
     end
 
-    if new_resource.deploy_hook
-      deploy_hook_path = "/etc/letsencrypt/renewal-hooks/#{domains.first}"
-
-      file deploy_hook_path do
-        content new_resource.deploy_hook
-        mode 0755
-        owner "root"
-        group "root"
-      end
-    elsif node.run_list.roles.include?("openresty_proxy")
-      deploy_hook_path = "/etc/letsencrypt/renewal-hooks/post/openresty"
-    end
-
     # Generate a Let's Encrypt cert (only if no cert has been generated before).
     # The systemd timer will take care of renewing
     execute "letsencrypt cert for #{domains.join(', ')}" do
@@ -61,7 +47,7 @@ action :create do
         --manual-auth-hook '#{hook_auth_command}' \
         --manual-cleanup-hook '#{hook_cleanup_command}' \
         --email ops@kosmos.org \
-        #{"--deploy-hook #{deploy_hook_path}" if defined?(deploy_hook_path)} \
+        #{node.run_list.roles.include?("openresty_proxy") ? '--deploy-hook /etc/letsencrypt/renewal-hooks/post/openresty' : nil } \
         #{domains.map {|d| "-d #{d}" }.join(" ")}
       CMD
       not_if do

site-cookbooks/kosmos_email/recipes/default.rb

@@ -26,7 +26,6 @@ end
 tls_cert_for hostname do
   domain ([hostname]+extra_hostnames)
   auth "gandi_dns"
-  deploy_hook "systemctl reload postfix.service && systemctl reload dovecot.service"
   action :create
 end
 

site-cookbooks/kosmos_kvm/attributes/default.rb

@@ -1,9 +1,9 @@
-release = "20240514"
+ubuntu_server_cloud_image_release = "20230506"
 
 node.default["kosmos_kvm"]["host"]["qemu_base_image"] = {
-  "url" => "https://cloud-images.ubuntu.com/releases/jammy/release-#{release}/ubuntu-22.04-server-cloudimg-amd64-disk-kvm.img",
-  "checksum" => "2e7698b3ebd7caead06b08bd3ece241e6ce294a6db01f92ea12bcb56d6972c3f",
-  "path" => "/var/lib/libvirt/images/base/ubuntu-22.04-server-cloudimg-amd64-disk-kvm-#{release}.qcow2"
+  "url" => "https://cloud-images.ubuntu.com/releases/focal/release-#{ubuntu_server_cloud_image_release}/ubuntu-20.04-server-cloudimg-amd64-disk-kvm.img",
+  "checksum" => "27d2b91fd2b715729d739e2a3155dce70d1aaae4f05c177f338b9d4b60be638c",
+  "path" => "/var/lib/libvirt/images/base/ubuntu-20.04-server-cloudimg-amd64-disk-kvm-#{ubuntu_server_cloud_image_release}.qcow2"
 }
 
 # A systemd.timer OnCalendar config value

site-cookbooks/kosmos_kvm/templates/create_vm.erb

@@ -17,7 +17,7 @@ DISKSIZE=${4:-10} # 10GB default
 # Directory where image files will be stored
 IMAGE_DIR=/var/lib/libvirt/images
 IMAGE_PATH=$IMAGE_DIR/${VMNAME}.qcow2
-CIDATA_PATH=${IMAGE_DIR}/${VMNAME}-cloudinit
+CIDATA_PATH=${IMAGE_DIR}/cidata-${VMNAME}.iso
 BASE_FILE=<%= @base_image_path %>
 
 # Create the VM image if it does not already exist
@@ -38,8 +38,9 @@ qemu-img info "$IMAGE_PATH"
 # Check if the cloud-init metadata file exists
 # if not, generate it
 if [ ! -r $CIDATA_PATH ]; then
-  mkdir -p $CIDATA_PATH
-  pushd $CIDATA_PATH
+  pushd $(dirname $CIDATA_PATH)
+  mkdir -p $VMNAME
+  cd $VMNAME
 
   cat > user-data <<-EOS
 #cloud-config
@@ -61,19 +62,25 @@ instance-id: $VMNAME
 local-hostname: $VMNAME
 EOS
 
+  genisoimage -output "$CIDATA_PATH" -volid cidata -joliet -rock user-data meta-data
+  chown libvirt-qemu:kvm "$CIDATA_PATH"
+  chmod 600 "$CIDATA_PATH"
   popd
 fi
 
+# setting --os-variant to ubuntu20.04 and ubuntu18.04 breaks SSH and networking
 virt-install \
   --name "$VMNAME" \
   --ram "$RAM" \
   --vcpus "$CPUS" \
   --cpu host \
   --arch x86_64 \
-  --osinfo detect=on,name=ubuntujammy \
+  --os-type linux \
+  --os-variant ubuntu16.04 \
   --hvm \
   --virt-type kvm \
   --disk "$IMAGE_PATH" \
+  --cdrom "$CIDATA_PATH" \
   --boot hd \
   --network=bridge=virbr0,model=virtio \
   --graphics none \
@@ -81,5 +88,4 @@ virt-install \
   --console pty \
   --channel unix,mode=bind,path=/var/lib/libvirt/qemu/$VMNAME.guest_agent.0,target_type=virtio,name=org.qemu.guest_agent.0 \
   --autostart \
-  --import \
-  --cloud-init root-password-generate=off,disable=on,meta-data=$CIDATA_PATH/meta-data,user-data=$CIDATA_PATH/user-data
+  --import