kosmos/chef
8
3
Fork 0
Code Issues 33 Pull Requests Projects 2 Activity

Compare commits

base: kosmos:master
Branches Tags
kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg
..
compare: kosmos:74a7d387100d81cf045e048fb1b6db0de792d97c
Branches Tags
kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg

1 Commits
master ... 74a7d38710

Author SHA1 Message Date
Râu Cao
74a7d38710 Configure Gitea commit signing with SSH key 2026-02-13 16:10:22 +04:00
12 changed files with 47 additions and 219 deletions
Expand all files Collapse all files

2
clients/garage-14.json
View File

@@ -1,4 +1,4 @@
{ {
"name": "garage-14", "name": "garage-14",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypINv1zTZ7+pyT0iRhik\n0W70ASYADo7qK7QyE9/3nu2sUrP1IjoNFsv/ceKwicH7Fw2Ei1o+yKZlKn7zJzY7\n93YRZndF04VH2bmqy0uOWK0Bdat7gCld5bvS6FmRflg7g64LFb33/64QIVsVGHGL\nYF2TO//x79t9JKcQDa4h5MOWzJNTFuEcUGa0gJjMYpWGVHEJSgRuIgyhXmyIJJgY\nguj6ymTm5+3VS7NzoNy2fbTt1LRpHb5UWrCR15oiLZiDSMLMx0CcGOCmrhvODi4k\n0umw+2NPd1G50s9z7KVbTqybuQ65se2amRnkVcNfaBIU5qk9bVqcmhZlEozmBZCd\ndwIDAQAB\n-----END PUBLIC KEY-----\n" "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNY8AuaM4byhaTZacfRJ\nv/qyHxcDJOMX/ElF1H908spdbB2ZiLXHOH1Ucw1d+NV6/QUtWk+ikKFPpasnatD7\nmjE57noH+H47Rll0nD7oT+in+fOBDHF9R0P6/qyRSdJbJkHOh0iC0MG4LcUfv0AY\nnVBW5iLZSe/PC3+PvhCv7yrx3ikSs0mg1ZWppw0ka5Ek3ZCZp5FB4L6++GYWpM+1\n6YI0CjMoRcXsaEQsJWhxHXT8/KDhW0BR8woZUGm0/Yn4teLYJzioxRfBep3lbygx\nOIsDN9IJzo2zVTGPDZQLXhVemIhzaepqTC77ibH7F0gN/1vsQBc/qf7UhbwaF4rR\ndQIDAQAB\n-----END PUBLIC KEY-----\n"
} }

4
clients/garage-15.json
View File

@@ -1,4 +0,0 @@
{
"name": "garage-15",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy14sTt5gxVZi9C3KIEBu\nDyUgbb6jc3/GR22fNPTqV6uDHhxzhE2UsYwY/7yuA1RasdwHEOBWZaoC0Om5/Zmi\n8gn6//v1ILyLNaAcw+SQcxZkCN8Sk/0atRS9HYk1agE8Mvh72Fe2z3l+92VMefy7\nJwJUNNBTbnV2WVCchChoWnfhI7bkSLSHp0M2MO2pI+lkpSdmfkJSa5z9zihgxKO8\nXfvhryDCZNvfRVHhwc+ffpap0gLF0H9riGKE4FwLy4YqbuW1Tgm6bObb9bpOIw6Q\nVfH3kC/KMK5FlnxGmYtDkhRJ/wjGInRBk9WK/QOmjyd2FVxipEQmA4RdjlznRC9I\nrwIDAQAB\n-----END PUBLIC KEY-----\n"
}

4
clients/leo.json
View File

@@ -1,4 +0,0 @@
{
"name": "leo",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFfQsJnREjbXTtpT6BVt\naBaUzRmCQi8Du0TzeUG0ENrY0p5Exqleye2rC6bJlB3PER1xr5zdtuXLgbcVumIb\nzroU5JPtFbQk7r/pj0atT+UEYzl16iuEpprQ/bug+f0nE514USr6YG4G+tlZ/jBI\nSHsCQF1P8ufXFLW0ewC7rdvBkgA+DwK14naRxS4jO5MSl4wmNTjs/jymTg508mQq\nf5tG52t8qFdgn9pRdBXmyTpPtwK7I4rZ+1Qn+1E5m4oQUZsxh8Ba1bGbKotVO7Ua\nYL1yCGx7zRRUvLLIdSMvlRXTJBUSQtQ8P4QUDWTY1Na2w3t9sulKg2Lwsw8tktvC\nCwIDAQAB\n-----END PUBLIC KEY-----\n"
}

15
nodes/garage-14.json
View File

@@ -3,15 +3,15 @@
"chef_environment": "production", "chef_environment": "production",
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.151" "host": "10.1.1.157"
} }
}, },
"automatic": { "automatic": {
"fqdn": "garage-14", "fqdn": "garage-14",
"os": "linux", "os": "linux",
"os_version": "5.15.0-1095-kvm", "os_version": "5.15.0-1059-kvm",
"hostname": "garage-14", "hostname": "garage-14",
"ipaddress": "192.168.122.36", "ipaddress": "192.168.122.251",
"roles": [ "roles": [
"base", "base",
"kvm_guest", "kvm_guest",
@@ -30,7 +30,6 @@
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
@@ -47,13 +46,13 @@
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.10.17", "version": "18.8.54",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.8.54/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.2.13", "version": "18.2.8",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.8/lib/ohai"
} }
} }
}, },

65
nodes/garage-15.json
View File

@@ -1,65 +0,0 @@
{
"name": "garage-15",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.82"
}
},
"automatic": {
"fqdn": "garage-15",
"os": "linux",
"os_version": "5.15.0-1095-kvm",
"hostname": "garage-15",
"ipaddress": "192.168.122.57",
"roles": [
"base",
"kvm_guest",
"garage_node"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_garage",
"kosmos_garage::default",
"kosmos_garage::firewall_rpc",
"kosmos_garage::firewall_apis",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default",
"firewall::default"
],
"platform": "ubuntu",
"platform_version": "22.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.10.17",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.2.13",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
}
}
},
"run_list": [
"role[base]",
"role[kvm_guest]",
"role[garage_node]"
]
}

56
nodes/leo.json
View File

@@ -1,56 +0,0 @@
{
"name": "leo",
"normal": {
"knife_zero": {
"host": "leo.kosmos.org"
}
},
"automatic": {
"fqdn": "leo",
"os": "linux",
"os_version": "5.15.0-164-generic",
"hostname": "leo",
"ipaddress": "5.9.81.116",
"roles": [
"base"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::host",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default"
],
"platform": "ubuntu",
"platform_version": "22.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.10.17",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.2.13",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
}
}
},
"run_list": [
"role[base]",
"recipe[kosmos_kvm::host]"
]
}

75
site-cookbooks/kosmos-bitcoin/templates/btc-price-tracker-daily.sh.erb
View File

@@ -1,86 +1,49 @@
#!/bin/bash #!/bin/bash
set -e
set -o pipefail
# Calculate yesterday's date in YYYY-MM-DD format # Calculate yesterday's date in YYYY-MM-DD format
YESTERDAY=$(date -d "yesterday" +%Y-%m-%d) YESTERDAY=$(date -d "yesterday" +%Y-%m-%d)
echo "Starting price tracking for $YESTERDAY" >&2 echo "Starting price tracking for $YESTERDAY" >&2
# Helper function to perform HTTP requests with retries
# Usage: make_request <retries> <method> <url> [data] [header1] [header2] ...
make_request() {
local retries=$1
local method=$2
local url=$3
local data=$4
shift 4
local headers=("$@")
local count=0
local wait_time=3
local response
while [ "$count" -lt "$retries" ]; do
local curl_opts=(-s -S -f -X "$method")
if [ -n "$data" ]; then
curl_opts+=(-d "$data")
fi
for h in "${headers[@]}"; do
curl_opts+=(-H "$h")
done
if response=$(curl "${curl_opts[@]}" "$url"); then
echo "$response"
return 0
fi
echo "Request to $url failed (Attempt $((count+1))/$retries). Retrying in ${wait_time}s..." >&2
sleep "$wait_time"
count=$((count + 1))
done
echo "ERROR: Request to $url failed after $retries attempts" >&2
return 1
}
# Fetch and process rates for a fiat currency # Fetch and process rates for a fiat currency
get_price_data() { get_price_data() {
local currency=$1 local currency=$1
local data avg open24 last local data avg open24 last
if data=$(make_request 3 "GET" "https://www.bitstamp.net/api/v2/ticker/btc${currency,,}/" ""); then data=$(curl -s "https://www.bitstamp.net/api/v2/ticker/btc${currency,,}/")
if [ $? -eq 0 ] && [ ! -z "$data" ]; then
echo "Successfully retrieved ${currency} price data" >&2 echo "Successfully retrieved ${currency} price data" >&2
open24=$(echo "$data" | jq -r '.open_24') open24=$(echo "$data" | jq -r '.open_24')
last=$(echo "$data" | jq -r '.last') last=$(echo "$data" | jq -r '.last')
avg=$(echo "$open24 $last" | awk '{printf "%.0f", ($1 + $2) / 2}') avg=$(( (${open24%.*} + ${last%.*}) / 2 ))
echo $avg echo $avg
else else
echo "ERROR: Failed to retrieve ${currency} price data" >&2 echo "ERROR: Failed to retrieve ${currency} price data" >&2
return 1 exit 1
fi fi
} }
# Get price data for each currency # Get price data for each currency
usd_avg=$(get_price_data "USD") || exit 1 usd_avg=$(get_price_data "USD")
eur_avg=$(get_price_data "EUR") || exit 1 eur_avg=$(get_price_data "EUR")
gbp_avg=$(get_price_data "GBP") || exit 1 gbp_avg=$(get_price_data "GBP")
# Create JSON # Create JSON
json=$(jq -n \ json="{\"EUR\":$eur_avg,\"USD\":$usd_avg,\"GBP\":$gbp_avg}"
--argjson eur "$eur_avg" \
--argjson usd "$usd_avg" \
--argjson gbp "$gbp_avg" \
'{"EUR": $eur, "USD": $usd, "GBP": $gbp}')
echo "Rates: $json" >&2 echo "Rates: $json" >&2
# PUT in remote storage # PUT in remote storage
if make_request 3 "PUT" "<%= @rs_base_url %>/$YESTERDAY" "$json" \ response=$(curl -X PUT \
"Authorization: Bearer $RS_AUTH" \ -H "Authorization: Bearer $RS_AUTH" \
"Content-Type: application/json" > /dev/null; then -H "Content-Type: application/json" \
-d "$json" \
-w "%{http_code}" \
-s \
-o /dev/null \
"<%= @rs_base_url %>/$YESTERDAY")
if [ "$response" -eq 200 ] || [ "$response" -eq 201 ]; then
echo "Successfully uploaded price data" >&2 echo "Successfully uploaded price data" >&2
else else
echo "ERROR: Failed to upload price data" >&2 echo "ERROR: Failed to upload price data. HTTP status: $response" >&2
exit 1 exit 1
fi fi

19
site-cookbooks/kosmos_gitea/recipes/default.rb
View File

@@ -19,17 +19,6 @@ jwt_secret = gitea_data_bag_item["jwt_secret"]
internal_token = gitea_data_bag_item["internal_token"] internal_token = gitea_data_bag_item["internal_token"]
secret_key = gitea_data_bag_item["secret_key"] secret_key = gitea_data_bag_item["secret_key"]
apt_repository "git-core-ppa" do
uri "http://ppa.launchpad.net/git-core/ppa/ubuntu"
components ["main"]
key "E1DF1F24"
action :add
only_if do
node['platform'] == 'ubuntu' &&
Gem::Version.new(node['platform_version']) < Gem::Version.new('22.04')
end
end
package "git" package "git"
user "git" do user "git" do
@@ -37,10 +26,10 @@ user "git" do
home "/home/git" home "/home/git"
end end
directory "/home/git/.ssh" do directory '/home/git/.ssh' do
owner "git" owner 'git'
group "git" group 'git'
mode "0700" mode '0700'
recursive true recursive true
end end

2
site-cookbooks/kosmos_gitea/templates/default/app.ini.erb
View File

@@ -33,7 +33,7 @@ DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true
[repository.signing] [repository.signing]
SIGNING_KEY = <%= @git_home_directory %>/.ssh/id_ed25519.pub SIGNING_KEY = <%= @git_home_directory %>/.ssh/id_ed25519.pub
SIGNING_NAME = Gitea SIGNING_NAME = Gitea
SIGNING_EMAIL = git@<%= @domain %> SIGNING_EMAIL = <%= @email %>
SIGNING_FORMAT = ssh SIGNING_FORMAT = ssh
INITIAL_COMMIT = always INITIAL_COMMIT = always
CRUD_ACTIONS = always CRUD_ACTIONS = always

4
site-cookbooks/kosmos_kvm/attributes/default.rb
View File

@@ -1,9 +1,9 @@
release = "20260320" release = "20240514"
img_filename = "ubuntu-22.04-server-cloudimg-amd64-disk-kvm" img_filename = "ubuntu-22.04-server-cloudimg-amd64-disk-kvm"
node.default["kosmos_kvm"]["host"]["qemu_base_image"] = { node.default["kosmos_kvm"]["host"]["qemu_base_image"] = {
"url" => "https://cloud-images.ubuntu.com/releases/jammy/release-#{release}/#{img_filename}.img", "url" => "https://cloud-images.ubuntu.com/releases/jammy/release-#{release}/#{img_filename}.img",
"checksum" => "f7173eb7137b4f0ebeaea8fffe68ecdab1e3c787bde1fd8dfdf27103554332b3", "checksum" => "2e7698b3ebd7caead06b08bd3ece241e6ce294a6db01f92ea12bcb56d6972c3f",
"path" => "/var/lib/libvirt/images/base/#{img_filename}-#{release}.qcow2" "path" => "/var/lib/libvirt/images/base/#{img_filename}-#{release}.qcow2"
} }

2
site-cookbooks/kosmos_kvm/recipes/host.rb
View File

@@ -3,7 +3,7 @@
# Recipe:: host # Recipe:: host
# #
package %w(virtinst libvirt-daemon-system libvirt-clients) package %w(virtinst libvirt-daemon-system)
directory "/var/lib/libvirt/images/base" do directory "/var/lib/libvirt/images/base" do
recursive true recursive true

18
site-cookbooks/kosmos_kvm/templates/create_vm.erb
View File

@@ -17,7 +17,7 @@ DISKSIZE=${4:-10} # 10GB default
# Directory where image files will be stored # Directory where image files will be stored
IMAGE_DIR=/var/lib/libvirt/images IMAGE_DIR=/var/lib/libvirt/images
IMAGE_PATH=$IMAGE_DIR/${VMNAME}.qcow2 IMAGE_PATH=$IMAGE_DIR/${VMNAME}.qcow2
CIDATA_PATH=${IMAGE_DIR}/${VMNAME}-cloudinit CIDATA_PATH=${IMAGE_DIR}/cidata-${VMNAME}.iso
BASE_FILE=<%= @base_image_path %> BASE_FILE=<%= @base_image_path %>
# Create the VM image if it does not already exist # Create the VM image if it does not already exist
@@ -38,8 +38,9 @@ qemu-img info "$IMAGE_PATH"
# Check if the cloud-init metadata file exists # Check if the cloud-init metadata file exists
# if not, generate it # if not, generate it
if [ ! -r $CIDATA_PATH ]; then if [ ! -r $CIDATA_PATH ]; then
mkdir -p $CIDATA_PATH pushd $(dirname $CIDATA_PATH)
pushd $CIDATA_PATH mkdir -p $VMNAME
cd $VMNAME
cat > user-data <<-EOS cat > user-data <<-EOS
#cloud-config #cloud-config
@@ -61,19 +62,25 @@ instance-id: $VMNAME
local-hostname: $VMNAME local-hostname: $VMNAME
EOS EOS
genisoimage -output "$CIDATA_PATH" -volid cidata -joliet -rock user-data meta-data
chown libvirt-qemu:kvm "$CIDATA_PATH"
chmod 600 "$CIDATA_PATH"
popd popd
fi fi
# setting --os-variant to ubuntu20.04 and ubuntu18.04 breaks SSH and networking
virt-install \ virt-install \
--name "$VMNAME" \ --name "$VMNAME" \
--ram "$RAM" \ --ram "$RAM" \
--vcpus "$CPUS" \ --vcpus "$CPUS" \
--cpu host \ --cpu host \
--arch x86_64 \ --arch x86_64 \
--osinfo detect=on,name=ubuntujammy \ --os-type linux \
--os-variant ubuntu16.04 \
--hvm \ --hvm \
--virt-type kvm \ --virt-type kvm \
--disk "$IMAGE_PATH" \ --disk "$IMAGE_PATH" \
--cdrom "$CIDATA_PATH" \
--boot hd \ --boot hd \
--network=bridge=virbr0,model=virtio \ --network=bridge=virbr0,model=virtio \
--graphics none \ --graphics none \
@@ -81,5 +88,4 @@ virt-install \
--console pty \ --console pty \
--channel unix,mode=bind,path=/var/lib/libvirt/qemu/$VMNAME.guest_agent.0,target_type=virtio,name=org.qemu.guest_agent.0 \ --channel unix,mode=bind,path=/var/lib/libvirt/qemu/$VMNAME.guest_agent.0,target_type=virtio,name=org.qemu.guest_agent.0 \
--autostart \ --autostart \
--import \ --import
--cloud-init root-password-generate=off,disable=on,meta-data=$CIDATA_PATH/meta-data,user-data=$CIDATA_PATH/user-data