Map LDAP jpegPhoto to vcard-temp PHOTO

2025-05-15 12:04:59 +04:00
25 changed files with 54 additions and 202 deletions
--- a/environments/production.json
+++ b/environments/production.json
@ -105,33 +105,20 @@
    },
    "strfry": {
      "domain": "nostr.kosmos.org",
-      "config": {
+      "real_ip_header": "x-real-ip",
-        "events": {
+      "policy_path": "/opt/strfry/strfry-policy.ts",
          "max_event_size": "524288"
        },
        "relay": {
          "bind": "0.0.0.0",
          "real_ip_header": "x-real-ip",
          "info": {
            "name": "Kosmos Relay",
            "description": "Members-only nostr relay for kosmos.org users",
            "pubkey": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
            "contact": "ops@kosmos.org",
            "icon": "https://assets.kosmos.org/img/app-icon-256px.png"
          },
          "write_policy": {
            "plugin": "/opt/strfry/strfry-policy.ts"
          },
          "logging": {
            "dump_in_all": true
          }
        }
      },
      "known_pubkeys": {
        "_": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
        "accounts": "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a",
        "bitcoincore": "47750177bb6bb113784e4973f6b2e3dd27ef1eff227d6e38d0046d618969e41a",
        "fiatjaf": "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d"
      },
      "info": {
        "name": "Kosmos Relay",
        "description": "Members-only nostr relay for kosmos.org users",
        "pubkey": "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
        "contact": "ops@kosmos.org",
        "icon": "https://assets.kosmos.org/img/app-icon-256px.png"
      }
    },
    "substr": {
--- a/nodes/akkounts-1.json
+++ b/nodes/akkounts-1.json
@ -38,7 +38,6 @@
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
--- a/nodes/drone-1.json
+++ b/nodes/drone-1.json
@ -8,27 +8,26 @@
  "automatic": {
    "fqdn": "drone-1",
    "os": "linux",
-    "os_version": "5.4.0-1133-kvm",
+    "os_version": "5.4.0-1058-kvm",
    "hostname": "drone-1",
    "ipaddress": "192.168.122.200",
    "roles": [
      "kvm_guest",
      "drone",
-      "postgresql_client"
+      "postgresql_client",
      "kvm_guest"
    ],
    "recipes": [
      "kosmos-base",
      "kosmos-base::default",
      "kosmos_kvm::guest",
      "kosmos_postgresql::hostsfile",
      "kosmos_drone",
      "kosmos_drone::default",
      "kosmos_kvm::guest",
      "apt::default",
      "timezone_iii::default",
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
@ -44,13 +43,13 @@
    "cloud": null,
    "chef_packages": {
      "chef": {
-        "version": "18.7.10",
+        "version": "17.9.52",
-        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib",
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.52/lib",
        "chef_effortless": null
      },
      "ohai": {
-        "version": "18.2.5",
+        "version": "17.9.0",
-        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai"
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai"
      }
    }
  },
@ -59,4 +58,4 @@
    "role[kvm_guest]",
    "role[drone]"
  ]
-}
+}
--- a/nodes/gitea-2.json
+++ b/nodes/gitea-2.json
@ -39,7 +39,6 @@
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
@ -50,13 +49,6 @@
      "postfix::sasl_auth",
      "hostname::default",
      "firewall::default",
      "kosmos_gitea::compile_from_source",
      "git::default",
      "git::package",
      "kosmos-nodejs::default",
      "nodejs::nodejs_from_package",
      "nodejs::repo",
      "golang::default",
      "backup::default",
      "logrotate::default"
    ],
--- a/nodes/mastodon-3.json
+++ b/nodes/mastodon-3.json
@ -37,7 +37,6 @@
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
--- a/nodes/postgres-7.json
+++ b/nodes/postgres-7.json
@ -29,7 +29,6 @@
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
--- a/nodes/strfry-1.json
+++ b/nodes/strfry-1.json
@ -33,7 +33,6 @@
      "timezone_iii::debian",
      "ntp::default",
      "ntp::apparmor",
      "kosmos-base::journald_conf",
      "kosmos-base::systemd_emails",
      "apt::unattended-upgrades",
      "kosmos-base::firewall",
--- a/roles/gitea.rb
+++ b/roles/gitea.rb
@ -5,11 +5,3 @@ run_list %w(
  kosmos_gitea::default
  kosmos_gitea::backup
 )
 override_attributes(
  "gitea" => {
    "repo" => "https://github.com/67P/gitea.git",
    "revision" => "ldap_sync",
    "log" => { "level" => "Info" }
  },
 )
--- a/site-cookbooks/deno
+++ b/site-cookbooks/deno
@ -1 +1 @@
-Subproject commit 92839b20a4c3b0a15b99bd86ea7cae16645570a6
+Subproject commit 5ddfe642ebb14b20480e4e2d06199fc01ba9ca71
--- a/site-cookbooks/kosmos-base/attributes/default.rb
+++ b/site-cookbooks/kosmos-base/attributes/default.rb
@ -1,2 +0,0 @@
 node.default["kosmos-base"]["journald"]["system_max_use"] = "256M"
 node.default["kosmos-base"]["journald"]["max_retention_sec"] = "7d"
--- a/site-cookbooks/kosmos-base/recipes/default.rb
+++ b/site-cookbooks/kosmos-base/recipes/default.rb
@ -27,7 +27,6 @@
 include_recipe 'apt'
 include_recipe 'timezone_iii'
 include_recipe 'ntp'
 include_recipe 'kosmos-base::journald_conf'
 include_recipe 'kosmos-base::systemd_emails'
 node.override["apt"]["unattended_upgrades"]["allowed_origins"] = [
--- a/site-cookbooks/kosmos-base/recipes/journald_conf.rb
+++ b/site-cookbooks/kosmos-base/recipes/journald_conf.rb
@ -1,14 +0,0 @@
 #
 # Cookbook Name:: kosmos-base
 # Recipe:: journald_conf
 #
 service "systemd-journald"
 template "/etc/systemd/journald.conf" do
  source "journald.conf.erb"
  variables system_max_use: node["kosmos-base"]["journald"]["system_max_use"],
            max_retention_sec: node["kosmos-base"]["journald"]["max_retention_sec"]
  # Restarting journald is required
  notifies :restart, "service[systemd-journald]", :delayed
 end
--- a/site-cookbooks/kosmos-base/templates/default/journald.conf.erb
+++ b/site-cookbooks/kosmos-base/templates/default/journald.conf.erb
@ -1,6 +0,0 @@
 [Journal]
 # Set the maximum size of the journal logs in bytes
 SystemMaxUse=<%= @system_max_use %>
 # Set the number of days after which logs will be deleted
 MaxRetentionSec=<%= @max_retention_sec %>
--- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb
+++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb
@ -1,5 +1,5 @@
-node.default['bitcoin']['version']   = '29.0'
+node.default['bitcoin']['version']   = '28.0'
-node.default['bitcoin']['checksum']  = '882c782c34a3bf2eacd1fae5cdc58b35b869883512f197f7d6dc8f195decfdaa'
+node.default['bitcoin']['checksum']  = '700ae2d1e204602eb07f2779a6e6669893bc96c0dca290593f80ff8e102ff37f'
 node.default['bitcoin']['username']  = 'satoshi'
 node.default['bitcoin']['usergroup'] = 'bitcoin'
 node.default['bitcoin']['network']   = 'mainnet'
@ -90,7 +90,7 @@ node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/
 node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"
 node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer'
-node.default['nbxplorer']['revision'] = 'v2.5.26'
+node.default['nbxplorer']['revision'] = 'v2.5.23'
 node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer'
 node.default['nbxplorer']['config_path'] = "/home/#{node['bitcoin']['username']}/.nbxplorer/Main/settings.config"
 node.default['nbxplorer']['port'] = '24445'
@ -98,7 +98,7 @@ node.default['nbxplorer']['postgres']['database'] = 'nbxplorer'
 node.default['nbxplorer']['postgres']['user'] = 'nbxplorer'
 node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver'
-node.default['btcpay']['revision'] = 'v2.1.1'
+node.default['btcpay']['revision'] = 'v2.0.7'
 node.default['btcpay']['source_dir'] = '/opt/btcpay'
 node.default['btcpay']['config_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/Main/settings.config"
 node.default['btcpay']['log_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/debug.log"
--- a/site-cookbooks/kosmos-bitcoin/recipes/bitcoind.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/bitcoind.rb
@ -34,7 +34,7 @@ end
 execute "compile_bitcoin-core_dependencies" do
  cwd "/usr/local/bitcoind/depends"
  environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'})
-  command "make -j $(($(nproc)/2))"
+  command "make -j 2"
  action :nothing
  notifies :run, 'bash[compile_bitcoin-core]', :immediately
 end
@ -43,13 +43,21 @@ bash "compile_bitcoin-core" do
  cwd "/usr/local/bitcoind"
  environment ({'CC' => 'gcc-13', 'CXX' => 'g++-13', 'NO_QT' => '1'})
  code <<-EOH
-    cmake -B build --toolchain depends/x86_64-pc-linux-gnu/toolchain.cmake
+    ./autogen.sh
-    cmake --build build -j $(($(nproc)/2))
+    ./configure --prefix=$PWD/depends/x86_64-pc-linux-gnu
-    cmake --install build
+    make
  EOH
  action :nothing
 end
 link "/usr/local/bin/bitcoind" do
  to "/usr/local/bitcoind/src/bitcoind"
 end
 link "/usr/local/bin/bitcoin-cli" do
  to "/usr/local/bitcoind/src/bitcoin-cli"
 end
 bitcoin_user      = node['bitcoin']['username']
 bitcoin_group     = node['bitcoin']['usergroup']
 bitcoin_datadir   = node['bitcoin']['datadir']
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@ -110,7 +110,6 @@ hosts = [
        access_persistent: muc_create
        access_register: muc_create
        max_user_conferences: 1000
        max_users: 2000
        default_room_options:
          mam: true
        preload_rooms: true
--- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
@ -185,11 +185,8 @@ api_permissions:
    what:
      - "add_rosteritem"
      - "delete_rosteritem"
      - "get_vcard2"
      - "muc_register_nick"
      - "private_set"
      - "send_message"
-      - "send_stanza"
+      - "private_set"
 language: "en"
@ -261,7 +258,10 @@ modules:
        transport: tcp
        restricted: true
  mod_vcard:
    db_type: ldap
    search: false
    ldap_vcard_map:
      PHOTO: {"%s": [jpegPhoto]}
  mod_vcard_xupdate: {}
  mod_avatar: {}
  mod_version: {}
--- a/site-cookbooks/kosmos-mastodon/recipes/default.rb
+++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb
@ -265,44 +265,6 @@ service "mastodon-streaming" do
  action [:enable, :start]
 end
 #
 # Delete cached remote media older than 30 days
 # Will be re-fetched if necessary
 #
 systemd_unit 'mastodon-delete-old-media-cache.service' do
  content({
    Unit: {
      Description: 'Delete old Mastodon media cache'
    },
    Service: {
      Type: "oneshot",
      WorkingDirectory: mastodon_path,
      Environment: "RAILS_ENV=#{rails_env}",
      ExecStart: "#{bundle_path} exec bin/tootctl media remove --days 30",
    }
  })
  triggers_reload true
  action [:create]
 end
 systemd_unit 'mastodon-delete-old-media-cache.timer' do
  content({
    Unit: {
      Description: 'Delete old Mastodon media cache'
    },
    Timer: {
      OnCalendar: '*-*-* 00:00:00',
      Persistent: 'true'
    },
    Install: {
      WantedBy: 'timer.target'
    }
  })
  triggers_reload true
  action [:create, :enable, :start]
 end
 firewall_rule "mastodon_app" do
  port     node['kosmos-mastodon']['app_port']
  source   "10.1.1.0/24"
--- a/site-cookbooks/kosmos_drone/recipes/default.rb
+++ b/site-cookbooks/kosmos_drone/recipes/default.rb
@ -26,7 +26,7 @@ template "#{deploy_path}/docker-compose.yml" do
  mode 0640
  variables domain: node["kosmos_drone"]["domain"],
            upstream_port: node["kosmos_drone"]["upstream_port"],
-            gitea_server: "https://#{node["gitea"]["domain"]}",
+            gitea_server: "https://#{node["kosmos_gitea"]["nginx"]["domain"]}",
            client_id: credentials['client_id'],
            client_secret: credentials['client_secret'],
            rpc_secret: credentials['rpc_secret'],
--- a/site-cookbooks/kosmos_gitea/attributes/default.rb
+++ b/site-cookbooks/kosmos_gitea/attributes/default.rb
@ -1,21 +1,13 @@
-node.default["gitea"]["version"] = "1.23.8"
+node.default["gitea"]["version"] = "1.23.7"
-node.default["gitea"]["checksum"] = "827037e7ca940866918abc62a7488736923396c467fcb4acd0dd9829bb6a6f4c"
+node.default["gitea"]["checksum"] = "3c0a7121ad1d9c525a92c68a7c040546553cd41e7464ce2fa811246b648c0a46"
 node.default["gitea"]["repo"] = nil
 node.default["gitea"]["revision"] = nil
 node.default["gitea"]["working_directory"] = "/var/lib/gitea"
 node.default["gitea"]["port"] = 3000
 node.default["gitea"]["postgresql_host"] = "localhost:5432"
 node.default["gitea"]["domain"] = "gitea.kosmos.org"
 node.default["gitea"]["config"] = {
  "log": {
    "level" => "Info",
    "logger.router.MODE" => "",
    "logger.xorm.MODE" => "",
    "logger.access.MODE" => ""
  },
  "actions": {
-    "enabled" => true
+    "enabled": true
  },
  "webhook":  {
    "allowed_host_list" => "external,127.0.1.1"
--- a/site-cookbooks/kosmos_gitea/metadata.rb
+++ b/site-cookbooks/kosmos_gitea/metadata.rb
@ -10,8 +10,5 @@ chef_version '>= 14.0'
 depends "firewall"
 depends "kosmos_openresty"
 depends "kosmos_postgresql"
 depends "kosmos-dirsrv"
 depends 'kosmos-nodejs'
 depends 'git'
 depends 'golang'
 depends "backup"
 depends "kosmos-dirsrv"
--- a/site-cookbooks/kosmos_gitea/recipes/compile_from_source.rb
+++ b/site-cookbooks/kosmos_gitea/recipes/compile_from_source.rb
@ -1,42 +0,0 @@
 #
 # Cookbook:: kosmos_gitea
 # Recipe:: compile_from_source
 #
 # Compiles/installs Gitea from source
 #
 include_recipe "git"
 node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_20.x"
 include_recipe 'kosmos-nodejs'
 node.override["golang"]["version"] = "1.23.9"
 include_recipe "golang"
 link "/usr/local/bin/go" do
  to "/usr/local/go/bin/go"
 end
 source_dir = "/opt/gitea"
 git source_dir do
  repository node["gitea"]["repo"]
  revision node["gitea"]["revision"]
  action :sync
  notifies :run, "execute[npm_install]", :immediately
 end
 execute "npm_install" do
  cwd source_dir
  command "npm ci"
  action :nothing
  notifies :run, "bash[compile_gitea]", :immediately
 end
 bash "compile_gitea" do
  cwd source_dir
  environment "TAGS" => "bindata"
  code "make build"
  action :nothing
  notifies :restart, "service[gitea]", :delayed
 end
--- a/site-cookbooks/kosmos_gitea/recipes/default.rb
+++ b/site-cookbooks/kosmos_gitea/recipes/default.rb
@ -5,12 +5,11 @@
 version                   = node["gitea"]["version"]
 download_url              = "https://dl.gitea.io/gitea/#{version}/gitea-#{version}-linux-amd64"
 compile_from_source       = node["gitea"]["repo"] && node["gitea"]["revision"]
 working_directory         = node["gitea"]["working_directory"]
 git_home_directory        = "/home/git"
 repository_root_directory = "#{git_home_directory}/gitea-repositories"
 config_directory          = "/etc/gitea"
-gitea_binary_path         = compile_from_source ? "/opt/gitea/gitea" : "/usr/local/bin/gitea"
+gitea_binary_path         = "/usr/local/bin/gitea"
 gitea_data_bag_item       = data_bag_item("credentials", "gitea")
 smtp_credentials          = data_bag_item("credentials", "smtp")
 smtp_addr                 = smtp_credentials["relayhost"].split(":")[0]
@ -19,6 +18,7 @@ jwt_secret                = gitea_data_bag_item["jwt_secret"]
 internal_token            = gitea_data_bag_item["internal_token"]
 secret_key                = gitea_data_bag_item["secret_key"]
 # Dependency
 package "git"
 user "git" do
@ -108,15 +108,11 @@ template "#{config_directory}/app.ini" do
  notifies :restart, "service[gitea]", :delayed
 end
-if compile_from_source
+remote_file gitea_binary_path do
-  include_recipe "kosmos_gitea::compile_from_source"
+  source download_url
-else
+  checksum node['gitea']['checksum']
-  remote_file gitea_binary_path do
+  mode "0755"
-    source download_url
+  notifies :restart, "service[gitea]", :delayed
    checksum node['gitea']['checksum']
    mode "0755"
    notifies :restart, "service[gitea]", :delayed
  end
 end
 execute "systemctl daemon-reload" do
--- a/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb
+++ b/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb
@ -74,11 +74,8 @@ ENABLE_OPENID_SIGNIN = false
 ENABLE_OPENID_SIGNUP = false
 [log]
-MODE = console
+MODE      = console
-LEVEL = <%= @config["log"]["level"] %>
+LEVEL     = Debug
 logger.router.MODE = <%= @config["log"]["logger.router.MODE"] %>
 logger.xorm.MODE = <%= @config["log"]["logger.xorm.MODE"] %>
 logger.access.MODE = <%= @config["log"]["logger.access.MODE"] %>
 [attachment]
 ENABLED = true
--- a/site-cookbooks/strfry
+++ b/site-cookbooks/strfry
@ -1 +1 @@
-Subproject commit 2c6e64d2311d2a50b207f4d970c3a951b73d2a5c
+Subproject commit 8df7c00a147873f5c0ac81dabc993ed25981c544
		`@ -1 +1 @@`
			`Subproject commit 92839b20a4c3b0a15b99bd86ea7cae16645570a6`				`Subproject commit 5ddfe642ebb14b20480e4e2d06199fc01ba9ca71`
		`@ -1,2 +0,0 @@`
			`node.default["kosmos-base"]["journald"]["system_max_use"] = "256M"`
			`node.default["kosmos-base"]["journald"]["max_retention_sec"] = "7d"`
		`@ -1 +1 @@`
			`Subproject commit 2c6e64d2311d2a50b207f4d970c3a951b73d2a5c`				`Subproject commit 8df7c00a147873f5c0ac81dabc993ed25981c544`