Map LDAP jpegPhoto to vcard-temp PHOTO

Berksfile

@@ -13,9 +13,6 @@ cookbook 'ipfs',
 cookbook 'mediawiki',
   git: 'https://github.com/67P/mediawiki-cookbook.git',
   ref: 'nginx'
-cookbook 'postfix',
-  git: 'https://gitea.kosmos.org/kosmos/postfix-cookbook.git',
-  ref: 'bugfix/sasl_attributes'
 
 cookbook 'apache2',                '= 3.3.0'
 cookbook 'apt',                    '~> 7.3.0'
@@ -35,6 +32,7 @@ cookbook 'ntp',                    '= 3.4.0'
 cookbook 'ohai',                   '~> 5.2.5'
 cookbook 'openssl',                '~> 8.5.5'
 cookbook 'php',                    '~> 8.0.0'
+cookbook 'postfix',                '~> 6.0.26'
 cookbook 'timezone_iii',           '= 1.0.4'
 cookbook 'ulimit',                 '~> 1.0.0'
 cookbook 'users',                  '~> 5.3.1'

Berksfile.lock

@@ -28,10 +28,7 @@ DEPENDENCIES
   ohai (~> 5.2.5)
   openssl (~> 8.5.5)
   php (~> 8.0.0)
-  postfix
+  postfix (~> 6.0.26)
-    git: https://gitea.kosmos.org/kosmos/postfix-cookbook.git
-    revision: dd6598572a775ae73f17527260ec8097b52d385b
-    ref: bugfix/
   redisio (~> 6.4.1)
   ruby_build (~> 2.5.0)
   timezone_iii (= 1.0.4)
@@ -93,7 +90,7 @@ GRAPH
   openssl (8.5.5)
   php (8.0.1)
     yum-epel (>= 0.0.0)
-  postfix (6.4.1)
+  postfix (6.0.26)
   redisio (6.4.1)
     selinux (>= 0.0.0)
   ruby_build (2.5.0)

cookbooks/postfix/.markdownlint-cli2.yaml

@@ -3,5 +3,3 @@ config:
   line-length: false # MD013
   no-duplicate-heading: false # MD024
   reference-links-images: false # MD052
-ignores:
-  - .github/copilot-instructions.md

cookbooks/postfix/.vscode/extensions.json

@@ -1,8 +0,0 @@
-{
-  "recommendations": [
-    "chef-software.chef",
-    "Shopify.ruby-lsp",
-    "editorconfig.editorconfig",
-    "DavidAnson.vscode-markdownlint"
-  ]
-}

cookbooks/postfix/CHANGELOG.md

@@ -2,48 +2,9 @@
 
 This file is used to list changes made in each version of the postfix cookbook.
 
-## Unreleased
-
-## 6.4.1 - *2025-09-04*
-
-## 6.4.0 - *2025-07-30* ## 6.4.0 - *2025-07-30*
-
-Standardise files with files in sous-chefs/repo-management
-
-## 6.4.0 - *2025-07-30*
-
-## 6.3.0 - *2025-07-30*
-
-- Use LMDB instead of hash on el10
-
-## 6.3.0 - *2025-07-30*
-
-## 6.2.2 - *2025-01-30*
-
-## 6.2.1 - *2025-01-30*
-
-## 6.2.0 - *2025-01-30*
-
-## 6.2.0
-
-- Correctly fix aliases quoting logic
-- Convert all serverspec tests to inspec
-- Add Github actions
-- Update platforms to test
-
-## 6.0.29 - *2024-11-18*
-
-- Standardise files with files in sous-chefs/repo-management
-
-## 6.0.28 - *2024-07-15*
-
-- Standardise files with files in sous-chefs/repo-management
-
-## 6.0.27 - *2024-05-06*
-
 ## 6.0.26 - *2023-10-03*
 
-- Add installation of postfix addon packages for RHEL 8
+- add installation of postfix addon packages for RHEL 8
 
 ## 6.0.25 - *2023-10-03*
 

cookbooks/postfix/attributes/default.rb

@@ -13,10 +13,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-default['postfix']['packages'] = value_for_platform(
+
-  amazon: { '>= 2023' => %w(postfix postfix-lmdb) },
+default['postfix']['packages'] = %w(postfix)
-  default: %w(postfix)
+
-)
 # Generic cookbook attributes
 default['postfix']['mail_type'] = 'client'
 default['postfix']['relayhost_role'] = 'relayhost'
@@ -38,19 +37,11 @@ default['postfix']['master_template_source'] = 'postfix'
 default['postfix']['sender_canonical_map_entries'] = {}
 default['postfix']['smtp_generic_map_entries'] = {}
 default['postfix']['recipient_canonical_map_entries'] = {}
-
+default['postfix']['access_db_type'] = 'hash'
-default['postfix']['db_type'] = value_for_platform(
+default['postfix']['aliases_db_type'] = 'hash'
-  %w(centos redhat almalinux rocky oracle) => { '>= 10' => 'lmdb' },
+default['postfix']['transport_db_type'] = 'hash'
-  amazon: { '>= 2023' => 'lmdb' },
+default['postfix']['virtual_alias_db_type'] = 'hash'
-  %w(opensuseleap suse) => { '>= 15' => 'lmdb' },
+default['postfix']['virtual_alias_domains_db_type'] = 'hash'
-  default: 'hash'
-)
-
-default['postfix']['access_db_type'] = lazy { node['postfix']['db_type'] }
-default['postfix']['aliases_db_type'] = lazy { node['postfix']['db_type'] }
-default['postfix']['transport_db_type'] = lazy { node['postfix']['db_type'] }
-default['postfix']['virtual_alias_db_type'] = lazy { node['postfix']['db_type'] }
-default['postfix']['virtual_alias_domains_db_type'] = lazy { node['postfix']['db_type'] }
 
 case node['platform']
 when 'smartos'
@@ -105,9 +96,6 @@ default['postfix']['main']['smtp_sasl_auth_enable'] = 'no'
 default['postfix']['main']['mailbox_size_limit'] = 0
 default['postfix']['main']['mynetworks'] = nil
 default['postfix']['main']['inet_interfaces'] = 'loopback-only'
-default['postfix']['main']['default_database_type'] = lazy { node['postfix']['db_type'] }
-default['postfix']['main']['alias_database'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}" }
-default['postfix']['main']['alias_maps'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}" }
 
 # Conditional attributes, also reference _attributes recipe
 case node['platform_family']
@@ -419,4 +407,4 @@ default['postfix']['aliases'] = if platform?('freebsd')
                                   {}
                                 end
 
-default['postfix']['main']['smtpd_relay_restrictions'] = lazy { "#{node['postfix']['db_type']}:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps'] }
+default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']

cookbooks/postfix/metadata.json

@@ -26,7 +26,7 @@
   "recipes": {
 
   },
-  "version": "6.4.1",
+  "version": "6.0.26",
   "source_url": "https://github.com/sous-chefs/postfix",
   "issues_url": "https://github.com/sous-chefs/postfix/issues",
   "privacy": false,

cookbooks/postfix/metadata.rb

@@ -3,7 +3,7 @@ maintainer        'Sous Chefs'
 maintainer_email  'help@sous-chefs.org'
 license           'Apache-2.0'
 description       'Installs and configures postfix for client or outbound relayhost, or to do SASL auth'
-version           '6.4.1'
+version           '6.0.26'
 source_url        'https://github.com/sous-chefs/postfix'
 issues_url        'https://github.com/sous-chefs/postfix/issues'
 chef_version      '>= 12.15'

cookbooks/postfix/recipes/_attributes.rb

@@ -29,22 +29,24 @@ end
 
 if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
   node.default_unless['postfix']['sasl_password_file'] = "#{node['postfix']['conf_dir']}/sasl_passwd"
-  node.default_unless['postfix']['main']['smtp_sasl_password_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['sasl_password_file']}"
+  node.default_unless['postfix']['main']['smtp_sasl_password_maps'] = "hash:#{node['postfix']['sasl_password_file']}"
   node.default_unless['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous'
+  node.default_unless['postfix']['sasl']['smtp_sasl_user_name'] = ''
+  node.default_unless['postfix']['sasl']['smtp_sasl_passwd']    = ''
   node.default_unless['postfix']['main']['relayhost'] = ''
 end
 
-node.default_unless['postfix']['main']['alias_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps']
+node.default_unless['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps']
 
-node.default_unless['postfix']['main']['transport_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps']
+node.default_unless['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps']
 
-node.default_unless['postfix']['main']['access_maps'] = ["#{node['postfix']['db_type']}:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps']
+node.default_unless['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps']
 
 node.default_unless['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"] if node['postfix']['use_virtual_aliases']
 
 node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"] if node['postfix']['use_virtual_aliases_domains']
 
-node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "#{node['postfix']['db_type']}:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
+node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
 
 node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1 if node['postfix']['master']['maildrop']['active']
 

cookbooks/postfix/recipes/_common.rb

@@ -155,7 +155,7 @@ unless node['postfix']['sender_canonical_map_entries'].empty?
     notifies :reload, 'service[postfix]'
   end
 
-  node.default['postfix']['main']['sender_canonical_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps')
+  node.default['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps')
 end
 
 execute 'update-postfix-smtp_generic' do
@@ -172,7 +172,7 @@ unless node['postfix']['smtp_generic_map_entries'].empty?
     notifies :reload, 'service[postfix]'
   end
 
-  node.default['postfix']['main']['smtp_generic_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps')
+  node.default['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps')
 end
 
 execute 'update-postfix-recipient_canonical' do
@@ -189,7 +189,7 @@ unless node['postfix']['recipient_canonical_map_entries'].empty?
     notifies :reload, 'service[postfix]'
   end
 
-  node.default['postfix']['main']['recipient_canonical_maps'] = "#{node['postfix']['db_type']}:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps')
+  node.default['postfix']['main']['recipient_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps')
 end
 
 service 'postfix' do

cookbooks/postfix/recipes/maps.rb

@@ -18,8 +18,8 @@ node['postfix']['maps'].each do |type, maps|
     package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
   end
 
-  if platform_family?('rhel') && node['platform_version'].to_i >= 8
+  if platform?('redhat') && node['platform_version'].to_i == 8
-    package "postfix-#{type}" if %w(pgsql mysql ldap cdb lmdb).include?(type)
+    package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
   end
 
   separator = if %w(pgsql mysql ldap memcache sqlite).include?(type)
@@ -32,7 +32,7 @@ node['postfix']['maps'].each do |type, maps|
       command "postmap #{file}"
       environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
       action :nothing
-    end if %w(btree cdb dbm hash lmdb sdbm).include?(type)
+    end if %w(btree cdb dbm hash sdbm).include?(type)
     template "#{file}-#{type}" do
       path file
       source 'maps.erb'
@@ -41,7 +41,7 @@ node['postfix']['maps'].each do |type, maps|
         map: content,
         separator: separator
       )
-      notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash lmdb sdbm).include?(type)
+      notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash sdbm).include?(type)
       notifies :restart, 'service[postfix]'
     end
   end

cookbooks/postfix/renovate.json

@@ -1,10 +1,9 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": ["config:base"],
-  "packageRules": [
+  "packageRules": [{
-    {
       "groupName": "Actions",
-      "matchUpdateTypes": ["minor", "patch", "pin"],
+      "matchUpdateTypes": ["patch", "pin", "digest"],
       "automerge": true,
       "addLabels": ["Release: Patch", "Skip: Announcements"]
     },

cookbooks/postfix/templates/aliases.erb

@@ -6,5 +6,5 @@
 postmaster:    root
 
 <% node['postfix']['aliases'].each do |name, value| %>
-<%= name.match?(/[\s#:@]/) ? "\"#{name}\"" : name %>: <%= [value].flatten.map{|x| x.include?("|") ? "\"#{x}\"" : x}.join(',') %>
+<%= name %>: <%= [value].flatten.map{|x| if (x.include?("@")) then x else %Q("#{x}") end}.join(', ') %>
 <% end unless node['postfix']['aliases'].nil? %>

doc/mastodon.md

@@ -1,15 +0,0 @@
-# Mastodon
-
-Running on kosmos.social
-
-## Ops
-
-### Enable maintance mode
-
-Return a 503 and maintance page for all requests:
-
-    knife ssh -p2222 -a knife_zero.host "role:openresty_proxy" "sudo cp -p /var/www/maintenance.html /var/www/kosmos.social/public/ && sudo systemctl reload openresty"
-
-### Stop maintenance mode
-
-    knife ssh -p2222 -a knife_zero.host "role:openresty_proxy" "sudo rm /var/www/kosmos.social/public/maintenance.html && sudo systemctl reload openresty"

environments/production.json

@@ -105,33 +105,20 @@
     },
     "strfry": {
       "domain": "nostr.kosmos.org",
-      "config": {
+      "real_ip_header": "x-real-ip",
-        "events": {
+      "policy_path": "/opt/strfry/strfry-policy.ts",
-          "max_event_size": "524288"
-        },
-        "relay": {
-          "bind": "0.0.0.0",
-          "real_ip_header": "x-real-ip",
-          "info": {
-            "name": "Kosmos Relay",
-            "description": "Members-only nostr relay for kosmos.org users",
-            "pubkey": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
-            "contact": "ops@kosmos.org",
-            "icon": "https://assets.kosmos.org/img/app-icon-256px.png"
-          },
-          "write_policy": {
-            "plugin": "/opt/strfry/strfry-policy.ts"
-          },
-          "logging": {
-            "dump_in_all": true
-          }
-        }
-      },
       "known_pubkeys": {
         "_": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
         "accounts": "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a",
         "bitcoincore": "47750177bb6bb113784e4973f6b2e3dd27ef1eff227d6e38d0046d618969e41a",
         "fiatjaf": "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"
+      },
+      "info": {
+        "name": "Kosmos Relay",
+        "description": "Members-only nostr relay for kosmos.org users",
+        "pubkey": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
+        "contact": "ops@kosmos.org",
+        "icon": "https://assets.kosmos.org/img/app-icon-256px.png"
       }
     },
     "substr": {

nodes/akkounts-1.json

@@ -9,7 +9,7 @@
   "automatic": {
     "fqdn": "akkounts-1",
     "os": "linux",
-    "os_version": "5.4.0-216-generic",
+    "os_version": "5.4.0-148-generic",
     "hostname": "akkounts-1",
     "ipaddress": "192.168.122.160",
     "roles": [
@@ -38,7 +38,6 @@
       "timezone_iii::debian",
       "ntp::default",
       "ntp::apparmor",
-      "kosmos-base::journald_conf",
       "kosmos-base::systemd_emails",
       "apt::unattended-upgrades",
       "kosmos-base::firewall",

nodes/bitcoin-2.json

@@ -44,7 +44,6 @@
       "timezone_iii::debian",
       "ntp::default",
       "ntp::apparmor",
-      "kosmos-base::journald_conf",
       "kosmos-base::systemd_emails",
       "apt::unattended-upgrades",
       "kosmos-base::firewall",

nodes/drone-1.json

@@ -8,27 +8,26 @@
   "automatic": {
     "fqdn": "drone-1",
     "os": "linux",
-    "os_version": "5.4.0-1133-kvm",
+    "os_version": "5.4.0-1058-kvm",
     "hostname": "drone-1",
     "ipaddress": "192.168.122.200",
     "roles": [
-      "kvm_guest",
       "drone",
-      "postgresql_client"
+      "postgresql_client",
+      "kvm_guest"
     ],
     "recipes": [
       "kosmos-base",
       "kosmos-base::default",
-      "kosmos_kvm::guest",
       "kosmos_postgresql::hostsfile",
       "kosmos_drone",
       "kosmos_drone::default",
+      "kosmos_kvm::guest",
       "apt::default",
       "timezone_iii::default",
       "timezone_iii::debian",
       "ntp::default",
       "ntp::apparmor",
-      "kosmos-base::journald_conf",
       "kosmos-base::systemd_emails",
       "apt::unattended-upgrades",
       "kosmos-base::firewall",
@@ -44,13 +43,13 @@
     "cloud": null,
     "chef_packages": {
       "chef": {
-        "version": "18.7.10",
+        "version": "17.9.52",
-        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib",
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.52/lib",
         "chef_effortless": null
       },
       "ohai": {
-        "version": "18.2.5",
+        "version": "17.9.0",
-        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai"
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai"
       }
     }
   },

nodes/ejabberd-4.json

@@ -37,7 +37,6 @@
       "timezone_iii::debian",
       "ntp::default",
       "ntp::apparmor",
-      "kosmos-base::journald_conf",
       "kosmos-base::systemd_emails",
       "apt::unattended-upgrades",
       "kosmos-base::firewall",

nodes/ejabberd-8.json

@@ -37,7 +37,6 @@
       "timezone_iii::debian",
       "ntp::default",
       "ntp::apparmor",
-      "kosmos-base::journald_conf",
       "kosmos-base::systemd_emails",
       "apt::unattended-upgrades",
       "kosmos-base::firewall",

nodes/gitea-2.json

@@ -39,7 +39,6 @@
       "timezone_iii::debian",
       "ntp::default",
       "ntp::apparmor",
-      "kosmos-base::journald_conf",
       "kosmos-base::systemd_emails",
       "apt::unattended-upgrades",
       "kosmos-base::firewall",
@@ -50,13 +49,6 @@
       "postfix::sasl_auth",
       "hostname::default",
       "firewall::default",
-      "kosmos_gitea::compile_from_source",
-      "git::default",
-      "git::package",
-      "kosmos-nodejs::default",
-      "nodejs::nodejs_from_package",
-      "nodejs::repo",
-      "golang::default",
       "backup::default",
       "logrotate::default"
     ],

nodes/mastodon-3.json

@@ -37,7 +37,6 @@
       "timezone_iii::debian",
       "ntp::default",
       "ntp::apparmor",
-      "kosmos-base::journald_conf",
       "kosmos-base::systemd_emails",
       "apt::unattended-upgrades",
       "kosmos-base::firewall",

nodes/postgres-7.json

@@ -29,7 +29,6 @@
       "timezone_iii::debian",
       "ntp::default",
       "ntp::apparmor",
-      "kosmos-base::journald_conf",
       "kosmos-base::systemd_emails",
       "apt::unattended-upgrades",
       "kosmos-base::firewall",

nodes/strfry-1.json

@@ -33,7 +33,6 @@
       "timezone_iii::debian",
       "ntp::default",
       "ntp::apparmor",
-      "kosmos-base::journald_conf",
       "kosmos-base::systemd_emails",
       "apt::unattended-upgrades",
       "kosmos-base::firewall",

nodes/wiki-1.json

@@ -28,7 +28,6 @@
       "timezone_iii::debian",
       "ntp::default",
       "ntp::apparmor",
-      "kosmos-base::journald_conf",
       "kosmos-base::systemd_emails",
       "apt::unattended-upgrades",
       "kosmos-base::firewall",
@@ -67,13 +66,12 @@
     "cloud": null,
     "chef_packages": {
       "chef": {
-        "version": "18.7.10",
+        "version": "15.13.8",
-        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib",
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.13.8/lib"
-        "chef_effortless": null
       },
       "ohai": {
-        "version": "18.2.5",
+        "version": "15.12.0",
-        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai"
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
       }
     }
   },

roles/gitea.rb

@@ -5,11 +5,3 @@ run_list %w(
   kosmos_gitea::default
   kosmos_gitea::backup
 )
-
-override_attributes(
-  "gitea" => {
-    "repo" => "https://github.com/67P/gitea.git",
-    "revision" => "ldap_sync",
-    "log" => { "level" => "Info" }
-  },
-)

site-cookbooks/deno

@@ -1 +1 @@
-Subproject commit 92839b20a4c3b0a15b99bd86ea7cae16645570a6
+Subproject commit 5ddfe642ebb14b20480e4e2d06199fc01ba9ca71

site-cookbooks/kosmos-base/attributes/default.rb

@@ -1,2 +0,0 @@
-node.default["kosmos-base"]["journald"]["system_max_use"] = "256M"
-node.default["kosmos-base"]["journald"]["max_retention_sec"] = "7d"

site-cookbooks/kosmos-base/recipes/default.rb

@@ -27,19 +27,11 @@
 include_recipe 'apt'
 include_recipe 'timezone_iii'
 include_recipe 'ntp'
-include_recipe 'kosmos-base::journald_conf'
 include_recipe 'kosmos-base::systemd_emails'
 
-node.override["apt"]["unattended_upgrades"]["enable"] = true
-node.override["apt"]["unattended_upgrades"]["mail_only_on_error"] = false
-node.override["apt"]["unattended_upgrades"]["sender"] = "ops@kosmos.org"
 node.override["apt"]["unattended_upgrades"]["allowed_origins"] = [
   "${distro_id}:${distro_codename}-security",
-  "${distro_id}:${distro_codename}-updates",
+  "${distro_id}:${distro_codename}-updates"
-  "${distro_id}ESMApps:${distro_codename}-apps-security",
-  "${distro_id}ESMApps:${distro_codename}-apps-updates",
-  "${distro_id}ESM:${distro_codename}-infra-security",
-  "${distro_id}ESM:${distro_codename}-infra-updates"
 ]
 node.override["apt"]["unattended_upgrades"]["mail"] = "ops@kosmos.org"
 node.override["apt"]["unattended_upgrades"]["syslog_enable"] = true

site-cookbooks/kosmos-base/recipes/journald_conf.rb

@@ -1,14 +0,0 @@
-#
-# Cookbook Name:: kosmos-base
-# Recipe:: journald_conf
-#
-
-service "systemd-journald"
-
-template "/etc/systemd/journald.conf" do
-  source "journald.conf.erb"
-  variables system_max_use: node["kosmos-base"]["journald"]["system_max_use"],
-            max_retention_sec: node["kosmos-base"]["journald"]["max_retention_sec"]
-  # Restarting journald is required
-  notifies :restart, "service[systemd-journald]", :delayed
-end

site-cookbooks/kosmos-base/templates/default/journald.conf.erb

@@ -1,6 +0,0 @@
-[Journal]
-# Set the maximum size of the journal logs in bytes
-SystemMaxUse=<%= @system_max_use %>
-
-# Set the number of days after which logs will be deleted
-MaxRetentionSec=<%= @max_retention_sec %>

site-cookbooks/kosmos-bitcoin/attributes/default.rb

@@ -1,5 +1,5 @@
-node.default['bitcoin']['version']   = '29.0'
+node.default['bitcoin']['version']   = '28.0'
-node.default['bitcoin']['checksum']  = '882c782c34a3bf2eacd1fae5cdc58b35b869883512f197f7d6dc8f195decfdaa'
+node.default['bitcoin']['checksum']  = '700ae2d1e204602eb07f2779a6e6669893bc96c0dca290593f80ff8e102ff37f'
 node.default['bitcoin']['username']  = 'satoshi'
 node.default['bitcoin']['usergroup'] = 'bitcoin'
 node.default['bitcoin']['network']   = 'mainnet'
@@ -41,7 +41,7 @@ node.default['c-lightning']['log_level'] = 'info'
 node.default['c-lightning']['public_ip'] = '148.251.237.73'
 
 node.default['lnd']['repo'] = 'https://github.com/lightningnetwork/lnd'
-node.default['lnd']['revision'] = 'v0.19.1-beta'
+node.default['lnd']['revision'] = 'v0.18.5-beta'
 node.default['lnd']['source_dir'] = '/opt/lnd'
 node.default['lnd']['lnd_dir'] = "/home/#{node['bitcoin']['username']}/.lnd"
 node.default['lnd']['alias'] = 'ln2.kosmos.org'
@@ -90,7 +90,7 @@ node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/
 node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"
 
 node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer'
-node.default['nbxplorer']['revision'] = 'v2.5.26'
+node.default['nbxplorer']['revision'] = 'v2.5.23'
 node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer'
 node.default['nbxplorer']['config_path'] = "/home/#{node['bitcoin']['username']}/.nbxplorer/Main/settings.config"
 node.default['nbxplorer']['port'] = '24445'
@@ -98,7 +98,7 @@ node.default['nbxplorer']['postgres']['database'] = 'nbxplorer'
 node.default['nbxplorer']['postgres']['user'] = 'nbxplorer'
 
 node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver'
-node.default['btcpay']['revision'] = 'v2.1.1'
+node.default['btcpay']['revision'] = 'v2.0.7'
 node.default['btcpay']['source_dir'] = '/opt/btcpay'
 node.default['btcpay']['config_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/Main/settings.config"
 node.default['btcpay']['log_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/debug.log"

site-cookbooks/kosmos-bitcoin/recipes/bitcoind.rb

@@ -34,7 +34,7 @@ end
 execute "compile_bitcoin-core_dependencies" do
   cwd "/usr/local/bitcoind/depends"
   environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'})
-  command "make -j $(($(nproc)/2))"
+  command "make -j 2"
   action :nothing
   notifies :run, 'bash[compile_bitcoin-core]', :immediately
 end
@@ -43,13 +43,21 @@ bash "compile_bitcoin-core" do
   cwd "/usr/local/bitcoind"
   environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'})
   code <<-EOH
-    cmake -B build --toolchain depends/x86_64-pc-linux-gnu/toolchain.cmake
+    ./autogen.sh
-    cmake --build build -j $(($(nproc)/2))
+    ./configure --prefix=$PWD/depends/x86_64-pc-linux-gnu
-    cmake --install build
+    make
   EOH
   action :nothing
 end
 
+link "/usr/local/bin/bitcoind" do
+  to "/usr/local/bitcoind/src/bitcoind"
+end
+
+link "/usr/local/bin/bitcoin-cli" do
+  to "/usr/local/bitcoind/src/bitcoin-cli"
+end
+
 bitcoin_user      = node['bitcoin']['username']
 bitcoin_group     = node['bitcoin']['usergroup']
 bitcoin_datadir   = node['bitcoin']['datadir']

site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb

@@ -21,7 +21,6 @@ bash 'build_btcpay' do
     systemctl stop btcpayserver.service
     ./build.sh
   EOH
-  environment "DOTNET_CLI_TELEMETRY_OPTOUT" => 1
   action :nothing
   notifies :restart, "service[btcpayserver]", :delayed
 end
@@ -88,7 +87,7 @@ systemd_unit 'btcpayserver.service' do
       Group: node['bitcoin']['usergroup'],
       Type: 'simple',
       WorkingDirectory: node['btcpay']['source_dir'],
-      Environment: "'BTCPAY_EXPLORERPOSTGRES=#{nbxpg_connect}' 'DOTNET_CLI_TELEMETRY_OPTOUT=1'",
+      Environment: defined?(nbxpg_connect) ? "'BTCPAY_EXPLORERPOSTGRES=#{nbxpg_connect}'" : '',
       ExecStart: "#{node['btcpay']['source_dir']}/run.sh --conf=#{node['btcpay']['config_path']}",
       PIDFile: '/run/btcpayserver/btcpayserver.pid',
       Restart: 'on-failure',
@@ -104,8 +103,6 @@ systemd_unit 'btcpayserver.service' do
   verify false
   triggers_reload true
   action [:create]
-  # reload is not applicable
-  notifies :restart, "service[btcpayserver]", :delayed
 end
 
 service "btcpayserver" do

site-cookbooks/kosmos-ejabberd/attributes/default.rb

@@ -1,6 +1,6 @@
-node.default["ejabberd"]["version"] = "25.08"
+node.default["ejabberd"]["version"] = "23.10"
 node.default["ejabberd"]["package_version"] = "1"
-node.default["ejabberd"]["checksum"] = "e4703bc41b5843fc4b76e8b54a9380d5895f9b3dcd4795e05ad0c260ed9b9a23"
+node.default["ejabberd"]["checksum"] = "1b02108c81e22ab28be84630d54061f0584b76d5c2702e598352269736b05e77"
 node.default["ejabberd"]["turn_domain"] = "turn.kosmos.org"
 node.default["ejabberd"]["stun_auth_realm"] = "kosmos.org"
 node.default["ejabberd"]["stun_turn_port"] = 3478

site-cookbooks/kosmos-ejabberd/recipes/default.rb

@@ -65,13 +65,15 @@ file "/opt/ejabberd/.hosts.erlang" do
   content ejabberd_hostnames.map{|h| "#{h}."}.join("\n")
 end
 
-template "/opt/ejabberd/conf/ejabberdctl.cfg" do
+ruby_block "configure ERLANG_NODE" do
-  source    "ejabberdctl.cfg.erb"
+  block do
-  mode      0644
+    file = Chef::Util::FileEdit.new("/opt/ejabberd/conf/ejabberdctl.cfg")
-  owner     'ejabberd'
+    file.search_file_replace_line(
-  group     'ejabberd'
+      %r{#ERLANG_NODE=ejabberd@localhost},
-  variables epmd_node_name: "ejabberd@#{node['name']}"
+      "ERLANG_NODE=ejabberd@#{node['name']}"
-  notifies :reload, "service[ejabberd]", :delayed
+    )
+    file.write_file
+  end
 end
 
 postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
@@ -108,7 +110,6 @@ hosts = [
         access_persistent: muc_create
         access_register: muc_create
         max_user_conferences: 1000
-        max_users: 2000
         default_room_options:
           mam: true
         preload_rooms: true
@@ -223,3 +224,10 @@ end
 unless node.chef_environment == "development"
   include_recipe "kosmos-ejabberd::firewall"
 end
+
+firewall_rule 'ejabberd_http' do
+  port     [80]
+  source   "10.1.1.0/24"
+  protocol :tcp
+  command  :allow
+end

site-cookbooks/kosmos-ejabberd/recipes/firewall.rb

@@ -35,10 +35,3 @@ firewall_rule 'ejabberd_turn' do
   protocol :udp
   command  :allow
 end
-
-firewall_rule 'ejabberd_http' do
-  port     [80]
-  source   "10.1.1.0/24"
-  protocol :tcp
-  command  :allow
-end

site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb

@@ -1,11 +1,10 @@
+loglevel: 4
+
 log_rotate_size: 10485760
+log_rotate_date: ""
 log_rotate_count: 1
 
-loglevel: info
+log_rate_limit: 100
-hide_sensitive_log_data: true
-
-log_modules_fully:
-  - mod_s3_upload
 
 hosts:
 <% @hosts.each do |host| -%>
@@ -96,8 +95,6 @@ auth_method: sql
 
 default_db: sql
 
-update_sql_schema: true
-
 shaper:
   normal:
     rate: 3000
@@ -122,15 +119,6 @@ acl:
       - "::1/128"
       - "::FFFF:127.0.0.1/128"
 
-api_permissions:
-  "webadmin commands":
-    who:
-      - admin
-    from:
-      - ejabberd_web_admin
-    what:
-      - "*"
-
 shaper_rules:
   max_user_sessions: 10
   max_user_offline_messages:
@@ -197,11 +185,8 @@ api_permissions:
     what:
       - "add_rosteritem"
       - "delete_rosteritem"
-      - "get_vcard2"
-      - "muc_register_nick"
-      - "private_set"
       - "send_message"
-      - "send_stanza"
+      - "private_set"
 
 language: "en"
 
@@ -273,7 +258,10 @@ modules:
         transport: tcp
         restricted: true
   mod_vcard:
+    db_type: ldap
     search: false
+    ldap_vcard_map:
+      PHOTO: {"%s": [jpegPhoto]}
   mod_vcard_xupdate: {}
   mod_avatar: {}
   mod_version: {}

site-cookbooks/kosmos-ejabberd/templates/ejabberdctl.cfg.erb

@@ -1,175 +0,0 @@
-#
-# In this file you can configure options that are passed by ejabberdctl
-# to the erlang runtime system when starting ejabberd
-#
-
-#' POLL: Kernel polling ([true|false])
-#
-# The kernel polling option requires support in the kernel.
-# Additionally, you need to enable this feature while compiling Erlang.
-#
-# Default: true
-#
-#POLL=true
-
-#.
-#' SMP: SMP support ([enable|auto|disable])
-#
-# Explanation in Erlang/OTP documentation:
-# enable: starts the Erlang runtime system with SMP support enabled.
-#   This may fail if no runtime system with SMP support is available.
-# auto: starts the Erlang runtime system with SMP support enabled if it
-#   is available and more than one logical processor are detected.
-# disable: starts a runtime system without SMP support.
-#
-# Default: enable
-#
-#SMP=enable
-
-#.
-#' ERL_MAX_PORTS: Maximum number of simultaneously open Erlang ports
-#
-# ejabberd consumes two or three ports for every connection, either
-# from a client or from another Jabber server. So take this into
-# account when setting this limit.
-#
-# Default: 32000
-# Maximum: 268435456
-#
-#ERL_MAX_PORTS=32000
-
-#.
-#' FIREWALL_WINDOW: Range of allowed ports to pass through a firewall
-#
-# If Ejabberd is configured to run in cluster, and a firewall is blocking ports,
-# it's possible to make Erlang use a defined range of port (instead of dynamic
-# ports) for node communication.
-#
-# Default: not defined
-# Example: 4200-4210
-#
-FIREWALL_WINDOW=4200-4210
-
-#.
-#' INET_DIST_INTERFACE: IP address where this Erlang node listens other nodes
-#
-# This communication is used by ejabberdctl command line tool,
-# and in a cluster of several ejabberd nodes.
-#
-# Default: 0.0.0.0
-#
-#INET_DIST_INTERFACE=127.0.0.1
-
-#.
-#' ERL_EPMD_ADDRESS: IP addresses where epmd listens for connections
-#
-# IMPORTANT: This option works only in Erlang/OTP R14B03 and newer.
-#
-# This environment variable may be set to a comma-separated
-# list of IP addresses, in which case the epmd daemon
-# will listen only on the specified address(es) and on the
-# loopback address (which is implicitly added to the list if it
-# has not been specified). The default behaviour is to listen on
-# all available IP addresses.
-#
-# Default: 0.0.0.0
-#
-#ERL_EPMD_ADDRESS=127.0.0.1
-
-#.
-#' ERL_PROCESSES: Maximum number of Erlang processes
-#
-# Erlang consumes a lot of lightweight processes. If there is a lot of activity
-# on ejabberd so that the maximum number of processes is reached, people will
-# experience greater latency times. As these processes are implemented in
-# Erlang, and therefore not related to the operating system processes, you do
-# not have to worry about allowing a huge number of them.
-#
-# Default: 250000
-# Maximum: 268435456
-#
-#ERL_PROCESSES=250000
-
-#.
-#' ERL_MAX_ETS_TABLES: Maximum number of ETS and Mnesia tables
-#
-# The number of concurrent ETS and Mnesia tables is limited. When the limit is
-# reached, errors will appear in the logs:
-#   ** Too many db tables **
-# You can safely increase this limit when starting ejabberd. It impacts memory
-# consumption but the difference will be quite small.
-#
-# Default: 1400
-#
-#ERL_MAX_ETS_TABLES=1400
-
-#.
-#' ERL_OPTIONS: Additional Erlang options
-#
-# The next variable allows to specify additional options passed to erlang while
-# starting ejabberd. Some useful options are -noshell, -detached, -heart. When
-# ejabberd is started from an init.d script options -noshell and -detached are
-# added implicitly. See erl(1) for more info.
-#
-# It might be useful to add "-pa /usr/local/lib/ejabberd/ebin" if you
-# want to add local modules in this path.
-#
-# Default: ""
-#
-#ERL_OPTIONS=""
-
-#.
-#' ERLANG_NODE: Erlang node name
-#
-# The next variable allows to explicitly specify erlang node for ejabberd
-# It can be given in different formats:
-# ERLANG_NODE=ejabberd
-#   Lets erlang add hostname to the node (ejabberd uses short name in this case)
-# ERLANG_NODE=ejabberd@hostname
-#   Erlang uses node name as is (so make sure that hostname is a real
-#   machine hostname or you'll not be able to control ejabberd)
-# ERLANG_NODE=ejabberd@hostname.domainname
-#   The same as previous, but erlang will use long hostname
-#   (see erl (1) manual for details)
-#
-# Default: ejabberd@localhost
-#
-ERLANG_NODE=<%= @epmd_node_name %>
-
-#.
-#' EJABBERD_PID_PATH: ejabberd PID file
-#
-# Indicate the full path to the ejabberd Process identifier (PID) file.
-# If this variable is defined, ejabberd writes the PID file when starts,
-# and deletes it when stops.
-# Remember to create the directory and grant write permission to ejabberd.
-#
-# Default: don't write PID file
-#
-#EJABBERD_PID_PATH=/var/run/ejabberd/ejabberd.pid
-
-#.
-#' CONTRIB_MODULES_PATH: contributed ejabberd modules path
-#
-# Specify the full path to the contributed ejabberd modules. If the path is not
-# defined, ejabberd will use ~/.ejabberd-modules in home of user running ejabberd.
-#
-# Default: $HOME/.ejabberd-modules
-#
-#CONTRIB_MODULES_PATH=/opt/ejabberd-modules
-
-#.
-#' CONTRIB_MODULES_CONF_DIR: configuration directory for contributed modules
-#
-# Specify the full path to the configuration directory for contributed ejabberd
-# modules. In order to configure a module named mod_foo, a mod_foo.yml file can
-# be created in this directory. This file will then be used instead of the
-# default configuration file provided with the module.
-#
-# Default: $CONTRIB_MODULES_PATH/conf
-#
-#CONTRIB_MODULES_CONF_DIR=/etc/ejabberd/modules
-
-#.
-#'
-# vim: foldmarker=#',#. foldmethod=marker:

site-cookbooks/kosmos-mastodon/recipes/default.rb

@@ -265,44 +265,6 @@ service "mastodon-streaming" do
   action [:enable, :start]
 end
 
-#
-# Delete cached remote media older than 30 days
-# Will be re-fetched if necessary
-#
-
-systemd_unit 'mastodon-delete-old-media-cache.service' do
-  content({
-    Unit: {
-      Description: 'Delete old Mastodon media cache'
-    },
-    Service: {
-      Type: "oneshot",
-      WorkingDirectory: mastodon_path,
-      Environment: "RAILS_ENV=#{rails_env}",
-      ExecStart: "#{bundle_path} exec bin/tootctl media remove --days 30",
-    }
-  })
-  triggers_reload true
-  action [:create]
-end
-
-systemd_unit 'mastodon-delete-old-media-cache.timer' do
-  content({
-    Unit: {
-      Description: 'Delete old Mastodon media cache'
-    },
-    Timer: {
-      OnCalendar: '*-*-* 00:00:00',
-      Persistent: 'true'
-    },
-    Install: {
-      WantedBy: 'timer.target'
-    }
-  })
-  triggers_reload true
-  action [:create, :enable, :start]
-end
-
 firewall_rule "mastodon_app" do
   port     node['kosmos-mastodon']['app_port']
   source   "10.1.1.0/24"

site-cookbooks/kosmos-mediawiki/metadata.rb

@@ -3,6 +3,7 @@ maintainer       'Kosmos'
 maintainer_email 'mail@kosmos.org'
 license          'MIT'
 description      'Installs/Configures kosmos-mediawiki'
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 version          '0.3.1'
 
 depends "mediawiki"

site-cookbooks/kosmos-mediawiki/recipes/default.rb

@@ -1,9 +1,9 @@
 #
-# Cookbook:: kosmos-mediawiki
+# Cookbook Name:: kosmos-mediawiki
-# Recipe:: default.rb
+# Recipe:: default
 #
 
-apt_update
+include_recipe 'apt'
 include_recipe 'ark'
 include_recipe 'composer'
 
@@ -11,15 +11,15 @@ apt_package 'imagemagick'
 
 server_name = 'wiki.kosmos.org'
 
-node.override['mediawiki']['version'] = "1.34.2"
+node.override['mediawiki']['version']         = "1.34.2"
-node.override['mediawiki']['webdir'] = "#{node['mediawiki']['docroot_dir']}/mediawiki-#{node['mediawiki']['version']}"
+node.override['mediawiki']['webdir']          = "#{node['mediawiki']['docroot_dir']}/mediawiki-#{node['mediawiki']['version']}"
 node.override['mediawiki']['tarball']['name'] = "mediawiki-#{node['mediawiki']['version']}.tar.gz"
-node.override['mediawiki']['tarball']['url'] = "https://releases.wikimedia.org/mediawiki/1.34/#{node['mediawiki']['tarball']['name']}"
+node.override['mediawiki']['tarball']['url']  = "https://releases.wikimedia.org/mediawiki/1.34/#{node['mediawiki']['tarball']['name']}"
-node.override['mediawiki']['language_code'] = 'en'
+node.override['mediawiki']['language_code']   = 'en'
-node.override['mediawiki']['server_name'] = server_name
+node.override['mediawiki']['server_name']     = server_name
-node.override['mediawiki']['site_name'] = 'Kosmos Wiki'
+node.override['mediawiki']['site_name']       = 'Kosmos Wiki'
 protocol = node.chef_environment == "development" ? "http" : "https"
-node.override['mediawiki']['server'] = "#{protocol}://#{server_name}"
+node.override['mediawiki']['server']          = "#{protocol}://#{server_name}"
 mysql_credentials = data_bag_item('credentials', 'mysql')
 mediawiki_credentials = data_bag_item('credentials', 'mediawiki')
 
@@ -30,14 +30,14 @@ directory "#{node['mediawiki']['webdir']}/skins/common/images" do
   owner node['nginx']['user']
   group node['nginx']['group']
   recursive true
-  mode "750"
+  mode 0750
 end
 
 cookbook_file "#{node['mediawiki']['webdir']}/skins/common/images/kosmos.png" do
   source 'kosmos.png'
   owner node['nginx']['user']
   group node['nginx']['group']
-  mode "640"
+  mode 0640
 end
 
 directory "#{node['mediawiki']['webdir']}/.well-known/acme-challenge" do
@@ -80,14 +80,14 @@ nginx_certbot_site server_name
 # Extensions
 #
 
-mediawiki_credentials = data_bag_item('credentials', 'mediawiki')
+mediawiki_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mediawiki')
 
 #
 # MediawikiHubot extension
 #
 
 # requires curl extension
-if platform?('ubuntu') && node["platform_version"].to_f < 16.04
+if platform?('ubuntu') && node[:platform_version].to_f < 16.04
   package "php5-curl"
 else
   package "php-curl"
@@ -100,7 +100,7 @@ ark "MediawikiHubot" do
   action :cherry_pick
 end
 
-hubot_credentials = data_bag_item('credentials', 'hal8000_xmpp')
+hubot_credentials = Chef::EncryptedDataBagItem.load('credentials', 'hal8000_xmpp')
 webhook_token = hubot_credentials['webhook_token']
 
 template "#{node['mediawiki']['webdir']}/extensions/MediawikiHubot/DefaultConfig.php" do
@@ -145,7 +145,7 @@ end
 
 ruby_block "configuration" do
   block do
-    # FIXME: This is internal Chef API and should not be used from recipes, as
+    # FIXME This is internal Chef API and should not be used from recipes, as
     # it is unsupported for that
     file = Chef::Util::FileEdit.new("#{node['mediawiki']['webdir']}/LocalSettings.php")
     file.search_file_replace_line(%r{\$wgLogo\ =\ \"\$wgResourceBasePath\/resources\/assets\/wiki.png\";},
@@ -235,7 +235,7 @@ wfLoadExtension( 'LDAPAuthentication2' );
 $wgGroupPermissions['*']['createaccount'] = false;
 $wgGroupPermissions['*']['autocreateaccount'] = true;
                                  EOF
-      )
+                                 )
 
       file.write_file
     end
@@ -247,7 +247,9 @@ end
 #
 
 file "#{node['mediawiki']['webdir']}/composer.local.json" do
-  requires = { "require": { "mediawiki/mermaid": "~1.0" } }.to_json
+  requires = { "require": {
+    "mediawiki/mermaid": "~1.0"
+  }}.to_json
   content requires
   owner node['nginx']['user']
   group node['nginx']['group']

site-cookbooks/kosmos-postfix/recipes/default.rb

@@ -3,23 +3,20 @@
 # Recipe:: default
 #
 
-node.default["postfix"]["main"]["smtp_tls_CAfile"]  = "/etc/ssl/certs/ca-certificates.crt"
+node.default['postfix']['main']['smtp_tls_CAfile']  = '/etc/ssl/certs/ca-certificates.crt'
-node.default["postfix"]["main"]["smtpd_tls_CAfile"] = "/etc/ssl/certs/ca-certificates.crt"
+node.default['postfix']['main']['smtpd_tls_CAfile'] = '/etc/ssl/certs/ca-certificates.crt'
 
 return if node.run_list.roles.include?("email_server")
 
-smtp_credentials = Chef::EncryptedDataBagItem.load("credentials", "smtp")
+smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp')
 
-node.default["postfix"]["sasl"] = {
+node.default['postfix']['sasl']['smtp_sasl_user_name']        = smtp_credentials['user_name']
-  smtp_credentials["relayhost"] => {
+node.default['postfix']['sasl']['smtp_sasl_passwd']           = smtp_credentials['password']
-    "username" => smtp_credentials["user_name"],
+node.default['postfix']['sasl_password_file']                 = "#{node['postfix']['conf_dir']}/sasl_passwd"
-    "password" => smtp_credentials["password"]
+# Postfix doesn't support smtps relayhost, use STARTSSL instead
-  }
+node.default['postfix']['main']['relayhost']                  = smtp_credentials['relayhost']
-}
+node.default['postfix']['main']['smtp_sasl_auth_enable']      = 'yes'
+node.default['postfix']['main']['smtp_sasl_password_maps']    = "hash:#{node['postfix']['sasl_password_file']}"
+node.default['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous'
 
-# Postfix doesn"t support smtps relayhost, use STARTSSL instead
+include_recipe 'postfix::default'
-node.default["postfix"]["main"]["relayhost"]                  = smtp_credentials["relayhost"]
-node.default["postfix"]["main"]["smtp_sasl_auth_enable"]      = "yes"
-node.default["postfix"]["main"]["smtp_sasl_security_options"] = "noanonymous"
-
-include_recipe "postfix::default"

site-cookbooks/kosmos_drone/recipes/default.rb

@@ -26,7 +26,7 @@ template "#{deploy_path}/docker-compose.yml" do
   mode 0640
   variables domain: node["kosmos_drone"]["domain"],
             upstream_port: node["kosmos_drone"]["upstream_port"],
-            gitea_server: "https://#{node["gitea"]["domain"]}",
+            gitea_server: "https://#{node["kosmos_gitea"]["nginx"]["domain"]}",
             client_id: credentials['client_id'],
             client_secret: credentials['client_secret'],
             rpc_secret: credentials['rpc_secret'],

site-cookbooks/kosmos_gitea/attributes/default.rb

@@ -1,21 +1,13 @@
-node.default["gitea"]["version"] = "1.23.8"
+node.default["gitea"]["version"] = "1.23.7"
-node.default["gitea"]["checksum"] = "827037e7ca940866918abc62a7488736923396c467fcb4acd0dd9829bb6a6f4c"
+node.default["gitea"]["checksum"] = "3c0a7121ad1d9c525a92c68a7c040546553cd41e7464ce2fa811246b648c0a46"
-node.default["gitea"]["repo"] = nil
-node.default["gitea"]["revision"] = nil
 node.default["gitea"]["working_directory"] = "/var/lib/gitea"
 node.default["gitea"]["port"] = 3000
 node.default["gitea"]["postgresql_host"] = "localhost:5432"
 node.default["gitea"]["domain"] = "gitea.kosmos.org"
 
 node.default["gitea"]["config"] = {
-  "log": {
-    "level" => "Info",
-    "logger.router.MODE" => "",
-    "logger.xorm.MODE" => "",
-    "logger.access.MODE" => ""
-  },
   "actions": {
-    "enabled" => true
+    "enabled": true
   },
   "webhook":  {
     "allowed_host_list" => "external,127.0.1.1"

site-cookbooks/kosmos_gitea/metadata.rb

@@ -10,8 +10,5 @@ chef_version '>= 14.0'
 depends "firewall"
 depends "kosmos_openresty"
 depends "kosmos_postgresql"
-depends "kosmos-dirsrv"
-depends 'kosmos-nodejs'
-depends 'git'
-depends 'golang'
 depends "backup"
+depends "kosmos-dirsrv"

site-cookbooks/kosmos_gitea/recipes/compile_from_source.rb

@@ -1,42 +0,0 @@
-#
-# Cookbook:: kosmos_gitea
-# Recipe:: compile_from_source
-#
-# Compiles/installs Gitea from source
-#
-
-include_recipe "git"
-
-node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_20.x"
-include_recipe 'kosmos-nodejs'
-
-node.override["golang"]["version"] = "1.23.9"
-include_recipe "golang"
-
-link "/usr/local/bin/go" do
-  to "/usr/local/go/bin/go"
-end
-
-source_dir = "/opt/gitea"
-
-git source_dir do
-  repository node["gitea"]["repo"]
-  revision node["gitea"]["revision"]
-  action :sync
-  notifies :run, "execute[npm_install]", :immediately
-end
-
-execute "npm_install" do
-  cwd source_dir
-  command "npm ci"
-  action :nothing
-  notifies :run, "bash[compile_gitea]", :immediately
-end
-
-bash "compile_gitea" do
-  cwd source_dir
-  environment "TAGS" => "bindata"
-  code "make build"
-  action :nothing
-  notifies :restart, "service[gitea]", :delayed
-end

site-cookbooks/kosmos_gitea/recipes/default.rb

@@ -5,12 +5,11 @@
 
 version                   = node["gitea"]["version"]
 download_url              = "https://dl.gitea.io/gitea/#{version}/gitea-#{version}-linux-amd64"
-compile_from_source       = node["gitea"]["repo"] && node["gitea"]["revision"]
 working_directory         = node["gitea"]["working_directory"]
 git_home_directory        = "/home/git"
 repository_root_directory = "#{git_home_directory}/gitea-repositories"
 config_directory          = "/etc/gitea"
-gitea_binary_path         = compile_from_source ? "/opt/gitea/gitea" : "/usr/local/bin/gitea"
+gitea_binary_path         = "/usr/local/bin/gitea"
 gitea_data_bag_item       = data_bag_item("credentials", "gitea")
 smtp_credentials          = data_bag_item("credentials", "smtp")
 smtp_addr                 = smtp_credentials["relayhost"].split(":")[0]
@@ -19,6 +18,7 @@ jwt_secret                = gitea_data_bag_item["jwt_secret"]
 internal_token            = gitea_data_bag_item["internal_token"]
 secret_key                = gitea_data_bag_item["secret_key"]
 
+# Dependency
 package "git"
 
 user "git" do
@@ -108,15 +108,11 @@ template "#{config_directory}/app.ini" do
   notifies :restart, "service[gitea]", :delayed
 end
 
-if compile_from_source
+remote_file gitea_binary_path do
-  include_recipe "kosmos_gitea::compile_from_source"
+  source download_url
-else
+  checksum node['gitea']['checksum']
-  remote_file gitea_binary_path do
+  mode "0755"
-    source download_url
+  notifies :restart, "service[gitea]", :delayed
-    checksum node['gitea']['checksum']
-    mode "0755"
-    notifies :restart, "service[gitea]", :delayed
-  end
 end
 
 execute "systemctl daemon-reload" do

site-cookbooks/kosmos_gitea/templates/default/app.ini.erb

@@ -74,11 +74,8 @@ ENABLE_OPENID_SIGNIN = false
 ENABLE_OPENID_SIGNUP = false
 
 [log]
-MODE = console
+MODE      = console
-LEVEL = <%= @config["log"]["level"] %>
+LEVEL     = Debug
-logger.router.MODE = <%= @config["log"]["logger.router.MODE"] %>
-logger.xorm.MODE = <%= @config["log"]["logger.xorm.MODE"] %>
-logger.access.MODE = <%= @config["log"]["logger.access.MODE"] %>
 
 [attachment]
 ENABLED = true

site-cookbooks/strfry

@@ -1 +1 @@
-Subproject commit 2c6e64d2311d2a50b207f4d970c3a951b73d2a5c
+Subproject commit 8df7c00a147873f5c0ac81dabc993ed25981c544