kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Update Chef to 14.11.21 #27

Merged
greg merged 44 commits from chef_14 into master 2019-04-12 11:31:37 +00:00
Conversation 8 Commits 44 Files Changed 80 +1209 -553
80 changed files with 1209 additions and 553 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.chef/config.rb
View File

@ -16,4 +16,4 @@ cookbook_email 'mail@kosmos.org'
# Enable knife-solo's Berkshelf integration
knife[:berkshelf] = true
# Set Chef version installed by `knife solo prepare`
knife[:bootstrap_version] = "13.8.5"
knife[:bootstrap_version] = "14.11.21"

31
Berksfile
View File

@ -4,23 +4,20 @@ source 'https://supermarket.chef.io'
cookbook 'mediawiki',
git: 'https://github.com/67P/mediawiki-cookbook.git',
ref: 'f8d0f6b19af4381fdc390aaa32c51a54bd73afdc'
cookbook 'wordpress',
git: 'https://github.com/67P/wordpress-cookbook.git',
ref: 'relax_dependencies'
ref: '70ae159e8ecc0c2a2d8d94465cc4211e8deb0eaa'
cookbook 'redis',
git: 'https://github.com/phlipper/chef-redis.git',
ref: 'v0.5.6'
cookbook 'postfix', '= 5.0.2'
cookbook 'php-fpm', '= 0.7.9'
cookbook 'php', '= 4.2.0'
cookbook 'php-fpm', '~> 0.8.0'
cookbook 'php', '~> 6.1.1'
cookbook 'composer', '~> 2.6.1'
cookbook 'poise-ruby-build', '~> 1.1.0'
cookbook 'application', '~> 5.2.0'
cookbook 'application_javascript', '~> 1.0.0'
cookbook 'application_ruby', '~> 4.1.0'
cookbook 'application_git', '= 1.1.0' # 1.2.0 doesn't work with knife-solo
cookbook 'poise', '~> 2.8.1'
cookbook 'poise', '~> 2.8.2'
cookbook 'poise-languages', '~> 2.1.1'
cookbook 'poise-ruby', '~> 2.4.0'
cookbook 'poise-javascript', git: 'https://github.com/poise/poise-javascript.git',
@ -28,17 +25,18 @@ cookbook 'poise-javascript', git: 'https://github.com/poise/poise-javascri
cookbook 'poise-archive', '~> 1.5.0'
cookbook 'poise-service', '~> 1.5.2'
cookbook 'users', '~> 5.3.1'
cookbook 'sudo', '~> 5.3.3'
cookbook 'hostname', '= 0.4.2'
cookbook 'firewall', '~> 2.6.3'
cookbook 'nginx', '= 9.0.0'
cookbook 'build-essential', '~> 8.1.1'
cookbook 'mysql', '= 6.1.3'
cookbook 'postgresql', '= 6.1.1'
# Remove when cookbooks stop depending on it, the build_essential resource is
# part of Chef 14 (https://docs.chef.io/resource_build_essential.html)
cookbook 'build-essential', '~> 8.2.1'
cookbook 'mysql', '~> 8.5.1'
cookbook 'postgresql', '= 7.1.4'
cookbook 'apt', '~> 7.0.0'
cookbook 'git', '= 6.0.0'
cookbook 'hostsfile', '= 2.4.5'
cookbook 'ohai', '= 5.0.4'
cookbook 'ohai', '~> 5.2.5'
cookbook 'nodejs', '~> 5.0.0'
# Deprecated, but wordpress and mediawiki depend on it and it would painful
# to change it without moving the databases
@ -48,20 +46,13 @@ cookbook 'chef_client_updater', '= 1.1.1'
cookbook 'timezone_iii', '= 1.0.4'
cookbook 'ark', '= 3.1.0'
cookbook 'logrotate', '= 2.2.0'
cookbook 'openssl', '= 7.1.0'
cookbook 'openssl', '~> 8.5.5'
cookbook 'ntp', '= 3.4.0'
cookbook 'yum', '= 3.13.0'
cookbook 'yum-epel', '= 0.3.6'
cookbook 'yum-mysql-community', '= 2.1.0'
cookbook 'apache2', '= 3.3.0'
cookbook 'chef-sugar', '= 3.3.0'
cookbook 'compat_resource', '= 12.19.0'
cookbook 'dmg', '= 4.0.0'
cookbook 'homebrew', '= 3.0.0'
cookbook 'windows', '= 3.1.1'
cookbook 'iis', '= 6.7.1'
cookbook 'mariadb', '= 0.3.1'
cookbook 'mingw', '= 2.0.0'
cookbook 'ipfs',
git: 'https://github.com/67P/ipfs-cookbook.git',
ref: 'v0.1.2'

97
Berksfile.lock
View File

@ -6,19 +6,17 @@ DEPENDENCIES
application_ruby (= 4.1.0)
apt (~> 7.0.0)
ark (= 3.1.0)
build-essential (~> 8.1.1)
build-essential (~> 8.2.1)
chef-sugar (= 3.3.0)
chef_client_updater (= 1.1.1)
compat_resource (= 12.19.0)
composer (~> 2.6.1)
database (= 6.1.1)
dmg (= 4.0.0)
firewall (~> 2.6.3)
git (= 6.0.0)
homebrew (= 3.0.0)
hostname (= 0.4.2)
hostsfile (= 2.4.5)
iis (= 6.7.1)
ipfs
git: https://github.com/67P/ipfs-cookbook.git
revision: 78d3edfd78c56a25494ac84528e152762f38b3be
@ -27,19 +25,18 @@ DEPENDENCIES
mariadb (= 0.3.1)
mediawiki
git: https://github.com/67P/mediawiki-cookbook.git
revision: f8d0f6b19af4381fdc390aaa32c51a54bd73afdc
ref: f8d0f6b
mingw (= 2.0.0)
mysql (= 6.1.3)
revision: 70ae159e8ecc0c2a2d8d94465cc4211e8deb0eaa
ref: 70ae159
mysql (~> 8.5.1)
mysql2_chef_gem (= 1.1.0)
nginx (= 9.0.0)
nodejs (~> 5.0.0)
ntp (= 3.4.0)
ohai (= 5.0.4)
openssl (= 7.1.0)
php (= 4.2.0)
php-fpm (= 0.7.9)
poise (= 2.8.1)
ohai (~> 5.2.5)
openssl (~> 8.5.5)
php (= 6.1.1)
php-fpm (~> 0.8.0)
poise (~> 2.8.2)
poise-archive (~> 1.5.0)
poise-javascript (~> 1.2.0)
poise-languages (= 2.1.1)
@ -47,22 +44,13 @@ DEPENDENCIES
poise-ruby-build (= 1.1.0)
poise-service (~> 1.5.2)
postfix (= 5.0.2)
postgresql (= 6.1.1)
postgresql (= 7.1.4)
redis
git: https://github.com/phlipper/chef-redis.git
revision: 7476279fc9c8727f082b8d77b5e1922dc2ef437b
ref: v0.5.6
sudo (~> 5.3.3)
timezone_iii (= 1.0.4)
users (~> 5.3.1)
windows (= 3.1.1)
wordpress
git: https://github.com/67P/wordpress-cookbook.git
revision: 593ad2c7957fc427da739510de59f36ad648ee5e
ref: relax_d
yum (= 3.13.0)
yum-epel (= 0.3.6)
yum-mysql-community (= 2.1.0)
GRAPH
apache2 (3.3.0)
@ -88,7 +76,7 @@ GRAPH
build-essential (>= 0.0.0)
seven_zip (>= 0.0.0)
windows (>= 0.0.0)
build-essential (8.1.1)
build-essential (8.2.1)
mingw (>= 1.1)
seven_zip (>= 0.0.0)
chef-sugar (3.3.0)
@ -101,7 +89,7 @@ GRAPH
windows (>= 0.0.0)
database (6.1.1)
postgresql (>= 1.0.0)
dmg (4.0.0)
dmg (4.1.1)
firewall (2.6.3)
chef-sugar (>= 0.0.0)
git (6.0.0)
@ -112,8 +100,6 @@ GRAPH
hostname (0.4.2)
hostsfile (>= 0.0.0)
hostsfile (2.4.5)
iis (6.7.1)
windows (>= 2.0)
ipfs (0.1.2)
ark (>= 0.0.0)
logrotate (2.2.0)
@ -125,15 +111,12 @@ GRAPH
apache2 (>= 0.0.0)
database (>= 0.0.0)
mysql (>= 0.0.0)
mysql2_chef_gem (>= 0.0.0)
nginx (>= 0.0.0)
php (>= 0.0.0)
php-fpm (>= 0.0.0)
mingw (2.0.0)
mingw (2.1.0)
seven_zip (>= 0.0.0)
mysql (6.1.3)
smf (>= 0.0.0)
yum-mysql-community (>= 0.0.0)
mysql (8.5.1)
mysql2_chef_gem (1.1.0)
build-essential (>= 0.0.0)
mariadb (>= 0.0.0)
@ -146,17 +129,13 @@ GRAPH
ark (>= 2.0.2)
build-essential (>= 0.0.0)
ntp (3.4.0)
ohai (5.0.4)
openssl (7.1.0)
php (4.2.0)
build-essential (>= 0.0.0)
mysql (>= 6.0.0)
xml (>= 0.0.0)
ohai (5.2.5)
openssl (8.5.5)
php (6.1.1)
build-essential (>= 5.0)
yum-epel (>= 0.0.0)
php-fpm (0.7.9)
apt (>= 0.0.0)
yum (>= 3.0)
poise (2.8.1)
php-fpm (0.8.0)
poise (2.8.2)
poise-archive (1.5.0)
poise (~> 2.6)
poise-build-essential (1.0.0)
@ -181,41 +160,13 @@ GRAPH
poise-service (1.5.2)
poise (~> 2.0)
postfix (5.0.2)
postgresql (6.1.1)
build-essential (>= 2.0.0)
compat_resource (>= 12.16.3)
openssl (>= 4.0)
rbac (1.0.3)
postgresql (7.1.4)
redis (0.5.6)
apt (>= 0.0.0)
selinux (0.9.0)
seven_zip (2.0.2)
windows (>= 1.2.2)
smf (2.2.8)
rbac (>= 1.0.1)
sudo (5.3.3)
tar (2.2.0)
timezone_iii (1.0.4)
users (5.3.1)
windows (3.1.1)
ohai (>= 4.0.0)
wordpress (3.1.0)
apache2 (>= 2.0.0)
build-essential (>= 0.0.0)
database (>= 1.6.0)
iis (>= 1.6.2)
mysql (>= 6.0)
mysql2_chef_gem (>= 1.0.1)
nginx (>= 0.0.0)
openssl (>= 0.0.0)
php (>= 0.0.0)
php-fpm (>= 0.0.0)
selinux (~> 0.7)
tar (>= 0.3.1)
xml (3.1.2)
build-essential (>= 0.0.0)
yum (3.13.0)
yum-epel (0.3.6)
yum (~> 3.0)
yum-mysql-community (2.1.0)
compat_resource (>= 12.16.3)
windows (5.3.0)
yum (5.1.0)
yum-epel (3.3.0)

2
Gemfile
View File

@ -1,6 +1,6 @@
source 'https://rubygems.org'
gem 'chef', '~> 14.9.13'
gem 'chef', '~> 14.11.21'
gem 'berkshelf', '~> 7.0'
gem 'knife-solo', '~> 0.7.0'
gem 'knife-solo_data_bag'

24
Gemfile.lock
View File

@ -18,10 +18,10 @@ GEM
solve (~> 4.0)
thor (>= 0.20)
builder (3.2.3)
chef (14.9.13)
chef (14.11.21)
addressable
bundler (>= 1.10)
chef-config (= 14.9.13)
chef-config (= 14.11.21)
chef-zero (>= 13.0)
diff-lcs (~> 1.2, >= 1.2.4)
erubis (~> 2.7)
@ -48,16 +48,16 @@ GEM
specinfra (~> 2.10)
syslog-logger (~> 1.6)
uuidtools (~> 2.1.5)
chef-config (14.9.13)
chef-config (14.11.21)
addressable
fuzzyurl
mixlib-config (>= 2.2.12, < 3.0)
mixlib-shellout (~> 2.0)
tomlrb (~> 1.2)
chef-zero (14.0.11)
chef-zero (14.0.12)
ffi-yajl (~> 2.2)
hashie (>= 2.0, < 4.0)
mixlib-log (~> 2.0)
mixlib-log (>= 2.0, < 4.0)
rack (~> 2.0, >= 2.0.6)
uuidtools (~> 2.1)
cleanroom (1.0.0)
@ -92,7 +92,7 @@ GEM
little-plugger (~> 1.1)
multi_json (~> 1.10)
minitar (0.8)
mixlib-archive (0.4.19)
mixlib-archive (0.4.20)
mixlib-log
mixlib-authentication (2.1.1)
mixlib-cli (1.7.0)
@ -122,15 +122,15 @@ GEM
nori (2.6.0)
octokit (4.13.0)
sawyer (~> 0.8.0, >= 0.5.3)
ohai (14.8.10)
ohai (14.8.11)
chef-config (>= 12.8, < 15)
ffi (~> 1.9)
ffi-yajl (~> 2.2)
ipaddress
mixlib-cli (>= 1.7.0)
mixlib-config (~> 2.0)
mixlib-log (~> 2.0, >= 2.0.1)
mixlib-shellout (~> 2.0)
mixlib-config (>= 2.0, < 4.0)
mixlib-log (>= 2.0.1, < 4.0)
mixlib-shellout (>= 2.0, < 4.0)
plist (~> 3.1)
systemu (~> 2.6.4)
wmi-lite (~> 1.0)
@ -186,7 +186,7 @@ GEM
solve (4.0.2)
molinillo (~> 0.6)
semverse (>= 1.1, < 4.0)
specinfra (2.76.9)
specinfra (2.77.0)
net-scp
net-ssh (>= 2.7)
net-telnet (= 0.1.1)
@ -231,7 +231,7 @@ PLATFORMS
DEPENDENCIES
berkshelf (~> 7.0)
chef (~> 14.9.13)
chef (~> 14.11.21)
cookstyle
knife-solo (~> 0.7.0)
knife-solo_data_bag

4
Vagrantfile vendored
View File

@ -12,7 +12,7 @@ Vagrant.configure(2) do |config|
# Every Vagrant development environment requires a box. You can search for
# boxes at https://atlas.hashicorp.com/search.
config.vm.box = "bento/ubuntu-16.04"
config.vm.box = "bento/ubuntu-18.04"
config.vm.provider :virtualbox do |vb|
# Customize the amount of memory on the VM:
@ -90,7 +90,7 @@ Vagrant.configure(2) do |config|
# SHELL
config.vm.provision :chef_zero do |chef|
chef.version = '12.21.3'
chef.version = '14.11.21'
chef.cookbooks_path = ['site-cookbooks']
chef.data_bags_path = 'data_bags'
chef.roles_path = 'roles'

24
data_bags/credentials/postgresql.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "postgresql",
"ejabberd_user_password": {
"encrypted_data": "OTwgFCOLHgoFLsdcHs1U04sJf7ZzVepeDwlNmPMtO8FtyzpfySY9\n",
"iv": "k9wX2WEsJyJn+OYs\n",
"auth_tag": "fL/HNcno/MuWE+yQOFCC3g==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"server_password": {
"encrypted_data": "4Y87daXYAxzfYxRIkR8b+DLOp4+dYJnc91hN22iWmOfO3umv8wZU\n",
"iv": "LDeMAKUEIq9oe2Zu\n",
"auth_tag": "uVaRO+t/KSFebrEB6wp+yQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"mastodon_user_password": {
"encrypted_data": "s/XxLUwjZsJ/XidEVi50oePBR4OQ0z/3czs9uOcw1fA1c6qqEzb98iHXpw==\n",
"iv": "pKvwLeC05f7P+cke\n",
"auth_tag": "/yHUD+RSCMhLhrnQJAZqrw==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}

7
nodes/andromeda.kosmos.org.json
View File

@ -1,8 +1,11 @@
{
"run_list": [
"kosmos-base",
"role[base]",
"kosmos-base::andromeda_firewall",
"role[ipfs_cluster_with_tls]"
"role[ipfs_cluster_with_tls]",
"kosmos-mediawiki",
"sockethub",
"sockethub::proxy"
],
"automatic": {
"ipaddress": "andromeda.kosmos.org"

6
nodes/dev.kosmos.org.json
View File

@ -1,16 +1,14 @@
{
"run_list": [
"kosmos-base",
"role[base]",
"kosmos-redis",
"sockethub",
"sockethub::proxy",
"kosmos-mediawiki",
"kosmos-hubot",
"5apps-xmpp_server",
"5apps-hubot::xmpp_schlupp",
"5apps-hubot::xmpp_botka",
"kosmos-mastodon",
"kosmos-mastodon::nginx",
"sockethub::_firewall",
"kosmos-ipfs::cluster"
],
"normal": {

6
roles/base.rb Normal file
View File

@ -0,0 +1,6 @@
name "base"
run_list %w(
kosmos-base::chef_client
kosmos-base::default
)

20
site-cookbooks/backup/LICENSE Normal file
View File

@ -0,0 +1,20 @@
Copyright (c) 2019 Kosmos Developers
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

38
site-cookbooks/backup/attributes/default.rb
View File

@ -1,41 +1,41 @@
# Directory where backup config and models are stored
set_unless["backup"]["dir"] = "/usr/local/lib/backup"
default["backup"]["dir"] = "/usr/local/lib/backup"
# Use default backup model?
set_unless["backup"]["default_model"] = true
default["backup"]["default_model"] = true
# Compression default settings
set_unless["backup"]["compression"]["best"] = true
set_unless["backup"]["compression"]["fast"] = false
default["backup"]["compression"]["best"] = true
default["backup"]["compression"]["fast"] = false
default['backup']['user'] = 'backup'
# Archive default settings
set_unless["backup"]["archives"] = {}
default["backup"]["archives"] = {}
# MongoDB default settings
if node["mongodb"]
set_unless["backup"]["mongodb"]["databases"] = []
set_unless["backup"]["mongodb"]["host"] = "localhost"
set_unless["backup"]["mongodb"]["ipv6"] = false
set_unless["backup"]["mongodb"]["lock"] = false
default["backup"]["mongodb"]["databases"] = []
default["backup"]["mongodb"]["host"] = "localhost"
default["backup"]["mongodb"]["ipv6"] = false
default["backup"]["mongodb"]["lock"] = false
end
# MySQL default settings
set_unless["backup"]["mysql"]["databases"] = []
set_unless["backup"]["mysql"]["username"] = "root"
set_unless["backup"]["mysql"]["host"] = "localhost"
default["backup"]["mysql"]["databases"] = []
default["backup"]["mysql"]["username"] = "root"
default["backup"]["mysql"]["host"] = "localhost"
# PostgreSQL default settings
set_unless["backup"]["postgresql"]["databases"] = []
set_unless["backup"]["postgresql"]["host"] = "localhost"
set_unless["backup"]["postgresql"]["port"] = 5432
default["backup"]["postgresql"]["databases"] = []
default["backup"]["postgresql"]["host"] = "localhost"
default["backup"]["postgresql"]["port"] = 5432
# Redis default settings
set_unless["backup"]["redis"]["databases"] = []
set_unless["backup"]["redis"]["host"] = "localhost"
set_unless["backup"]["redis"]["invoke_save"] = false
set_unless["backup"]["redis"]["dump_dir"] = "/var/lib/redis"
default["backup"]["redis"]["databases"] = []
default["backup"]["redis"]["host"] = "localhost"
default["backup"]["redis"]["invoke_save"] = false
default["backup"]["redis"]["dump_dir"] = "/var/lib/redis"
default['backup']['orbit']['keep'] = 10
default['backup']['cron']['hour'] = "05"

2
site-cookbooks/backup/metadata.rb
View File

@ -1,6 +1,6 @@
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
license 'MIT'
description "Installs/configures backup via the Backup gem"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
version "0.5.0"

4
site-cookbooks/backup/recipes/default.rb
View File

@ -25,7 +25,8 @@
build_essential 'backup gem'
package ["ruby"]
# Don't try to install packages on older Ubuntu, the repositories are 404
package ["ruby", "ruby-dev"] if node[:platform_version].to_f >= 16.04
gem_package 'backup' do
version '5.0.0.beta.2'
@ -64,6 +65,7 @@ include_recipe 'logrotate'
# Install MySQL client (includes mysqldump)
mysql_client 'default' do
action :create
version '5.7' if node[:platform_version].to_f == 18.04
not_if { node["backup"]["mysql"]["databases"].empty? }
end

20
site-cookbooks/kosmos-base/LICENSE Normal file
View File

@ -0,0 +1,20 @@
Copyright (c) 2019 Kosmos Developers
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

6
site-cookbooks/kosmos-base/metadata.rb
View File

@ -1,14 +1,14 @@
name 'kosmos-base'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
license 'MIT'
description 'The Kosmos base cookbook'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.1'
version '0.2.0'
chef_version '>= 14.0' # Uses the new sudo resource
depends 'apt'
depends 'users'
depends 'sudo'
depends 'kosmos-postfix'
depends 'hostname'
depends 'firewall'

21
site-cookbooks/kosmos-base/recipes/andromeda_firewall.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-base
# Recipe:: andromeda_firewall
#
# Copyright 2018, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
# Temporary extra rules for Andromeda

31
site-cookbooks/kosmos-base/recipes/chef_client.rb Normal file
View File

@ -0,0 +1,31 @@
#
# Cookbook Name:: kosmos-base
# Recipe:: chef_client
#
# The MIT License (MIT)
#
# Copyright:: 2019, Kosmos Developers
raucao commented 2019-04-12 08:05:31 +00:00
Outdated
Review
Copy Link

We only release open-source software for everything in the Kosmos org.

We only release open-source software for everything in the Kosmos org.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
# Update chef to the chosen version
chef_version = '14.11.21'
chef_client_updater "Install #{chef_version}" do
version chef_version
end

36
site-cookbooks/kosmos-base/recipes/default.rb
View File

@ -2,21 +2,32 @@
# Cookbook Name:: kosmos-base
# Recipe:: default
#
# Copyright 2017, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
include_recipe 'apt'
include_recipe 'timezone_iii'
include_recipe 'ntp'
# Update chef to the chosen version
chef_version = '12.22.3'
chef_client_updater "Install #{chef_version}" do
version chef_version
end
package 'mailutils'
package 'mosh'
@ -30,7 +41,10 @@ unless node.chef_environment == "development"
action [:remove, :create]
end
node.override['authorization']['sudo']['sudoers_defaults'] = [
sudo "sysadmin" do
groups "sysadmin"
nopasswd true
defaults [
# not default on Ubuntu, explicitely enable. Uses a minimal white list of
# environment variables
'env_reset',
@ -38,10 +52,6 @@ unless node.chef_environment == "development"
'mail_badpass',
'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"',
]
include_recipe "sudo"
sudo "sysadmin" do
group "sysadmin"
nopasswd true
end
include_recipe 'kosmos-base::firewall'

21
site-cookbooks/kosmos-base/recipes/firewall.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-base
# Recipe:: firewall
#
# Copyright 2015, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
# enable default firewall
firewall 'default'

25
site-cookbooks/kosmos-base/recipes/letsencrypt.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-base
# Recipe:: letsencrypt
#
# Copyright 2018, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
# Install certbot and set up hooks
@ -29,11 +46,13 @@ else
end
end
directory "/etc/letsencrypt/renewal-hooks" do
%w(deploy post pre).each do |subdir|
directory "/etc/letsencrypt/renewal-hooks/#{subdir}" do
recursive true
mode 0755
owner "root"
group "root"
end
end
file "/etc/letsencrypt/renewal-hooks/deploy/nginx" do

2
site-cookbooks/kosmos-hubot/metadata.rb
View File

@ -10,4 +10,4 @@ depends 'kosmos-nodejs'
depends 'kosmos-redis'
depends 'firewall'
depends 'application_javascript'
depends 'ipfs'
depends 'kosmos-ipfs'

18
site-cookbooks/kosmos-hubot/recipes/_user.rb Normal file
View File

@ -0,0 +1,18 @@
#
# Cookbook Name:: kosmos-hubot
# Recipe:: _user
#
# Copyright 2019, Kosmos
#
group "hubot" do
gid 48268
end
user "hubot" do
comment "hubot user"
manage_home true
uid 48268
gid 48268
shell "/bin/bash"
end

5
site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
View File

@ -4,6 +4,11 @@
#
# Copyright 2017-2018, Kosmos
#
build_essential 'botka' do
compile_time true
end
include_recipe "kosmos-nodejs"
include_recipe "kosmos-redis"

12
site-cookbooks/kosmos-hubot/recipes/default.rb
View File

@ -17,16 +17,6 @@ end
include_recipe "kosmos-nodejs"
include_recipe "kosmos-redis"
group "hubot" do
gid 48268
end
user "hubot" do
comment "hubot user"
uid 48268
gid 48268
shell "/bin/bash"
end
include_recipe "kosmos-hubot::_user"
include_recipe "kosmos-hubot::hal8000"
include_recipe "kosmos-hubot::botka_freenode"

6
site-cookbooks/kosmos-hubot/recipes/hal8000.rb
View File

@ -4,8 +4,14 @@
#
# Copyright 2017-2018, Kosmos
#
build_essential 'hal8000' do
compile_time true
end
include_recipe "kosmos-nodejs"
include_recipe "kosmos-redis"
include_recipe "kosmos-hubot::_user"
# Needed for hubot-kredits
include_recipe "kosmos-ipfs"

20
site-cookbooks/kosmos-ipfs/LICENSE Normal file
View File

@ -0,0 +1,20 @@
Copyright (c) 2019 Kosmos Developers
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

2
site-cookbooks/kosmos-ipfs/metadata.rb
View File

@ -1,7 +1,7 @@
name 'kosmos-ipfs'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
license 'MIT'
description 'Installs/Configures kosmos-ipfs'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'

21
site-cookbooks/kosmos-ipfs/recipes/cluster.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-ipfs
# Recipe:: cluster
#
# Copyright 2018, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
node.override['ipfs']['cluster']['version'] = '0.9.0'

21
site-cookbooks/kosmos-ipfs/recipes/default.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-ipfs
# Recipe:: default
#
# Copyright 2017, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
node.override['ipfs']['version'] = '0.4.18'
node.override['ipfs']['checksum'] = '21e6c44c0fa8edf91a727f1e8257342a4c3a879462e656861b0a179e1f6a03f6'

21
site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-ipfs
# Recipe:: letsencrypt
#
# Copyright 2019, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
include_recipe "kosmos-nginx"

20
site-cookbooks/kosmos-mastodon/LICENSE Normal file
View File

@ -0,0 +1,20 @@
Copyright (c) 2019 Kosmos Developers
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

4
site-cookbooks/kosmos-mastodon/metadata.rb
View File

@ -1,7 +1,7 @@
name 'kosmos-mastodon'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
license 'MIT'
description 'Installs/Configures kosmos-mastodon'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'
@ -13,5 +13,5 @@ depends "poise-ruby-build"
depends "application_ruby"
depends "application_javascript"
depends "postgresql"
depends "database"
depends "kosmos-postgresql"
depends "backup"

185
site-cookbooks/kosmos-mastodon/recipes/default.rb
View File

@ -2,38 +2,58 @@
# Cookbook Name:: kosmos-mastodon
# Recipe:: default
#
# Copyright 2017, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
include_recipe "kosmos-nodejs"
include_recipe "kosmos-redis"
include_recipe "kosmos-postgresql"
node.override['postgresql']['enable_pgdg_apt'] = false
include_recipe "postgresql::server"
include_recipe "postgresql::ruby"
unless node.chef_environment == "development"
node.override['postgresql']['config_pgtune']['db_type'] = "web"
include_recipe "postgresql::config_pgtune"
end
# TODO: Remove the condition once we have migrated mastodon to andromeda
unless platform?('ubuntu') && node[:platform_version].to_f < 18.04
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
postgresql_database 'mastodon' do
connection(
host: '127.0.0.1',
port: 5432,
username: 'postgres',
password: node['postgresql']['password']['postgres']
)
postgresql_user 'mastodon' do
action :create
password postgresql_data_bag_item['mastodon_user_password']
end
postgresql_database 'mastodon' do
owner 'mastodon'
action :create
end
else
postgresql_data_bag_item = {}
end
mastodon_path = node["kosmos-mastodon"]["directory"]
group "mastodon" do
mastodon_user = "mastodon"
group mastodon_user do
gid 62786
end
user "mastodon" do
user mastodon_user do
comment "mastodon user"
uid 62786
gid 62786
@ -50,6 +70,46 @@ end
ruby_version = "2.6.0"
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
# mastodon-web service
#
template "/lib/systemd/system/mastodon-web.service" do
source "mastodon-web.systemd.service.erb"
variables user: mastodon_user,
app_dir: mastodon_path,
port: node["kosmos-mastodon"]["puma_port"],
bundle_path: "/opt/ruby_build/builds/#{ruby_version}/bin/bundle"
notifies :run, "execute[systemctl daemon-reload]", :immediately
notifies :restart, "service[mastodon-web]", :delayed
end
# mastodon-sidekiq service
#
template "/lib/systemd/system/mastodon-sidekiq.service" do
source "mastodon-sidekiq.systemd.service.erb"
variables user: mastodon_user,
app_dir: mastodon_path,
bundle_path: "/opt/ruby_build/builds/#{ruby_version}/bin/bundle",
sidekiq_threads: node["kosmos-mastodon"]["sidekiq_threads"]
notifies :run, "execute[systemctl daemon-reload]", :immediately
notifies :restart, "service[mastodon-sidekiq]", :delayed
end
# mastodon-streaming service
#
template "/lib/systemd/system/mastodon-streaming.service" do
source "mastodon-streaming.systemd.service.erb"
variables user: mastodon_user,
app_dir: mastodon_path,
port: node["kosmos-mastodon"]["streaming_port"]
notifies :run, "execute[systemctl daemon-reload]", :immediately
notifies :restart, "service[mastodon-streaming]", :delayed
end
application mastodon_path do
owner "mastodon"
group "mastodon"
@ -62,19 +122,19 @@ application mastodon_path do
end
git do
user "mastodon"
group "mastodon"
user mastodon_user
group mastodon_user
repository "https://gitea.kosmos.org/kosmos/mastodon.git"
revision "production"
end
mastodon_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mastodon')
mastodon_credentials = data_bag_item('credentials', 'mastodon')
template ".env.production" do
source "env.production.erb"
mode "0640"
owner "mastodon"
group "mastodon"
owner mastodon_user
group mastodon_user
variables redis_url: node["kosmos-mastodon"]["redis_url"],
domain: node["kosmos-mastodon"]["server_name"],
paperclip_secret: mastodon_credentials['paperclip_secret'],
@ -88,87 +148,57 @@ application mastodon_path do
aws_secret_access_key: mastodon_credentials['aws_secret_access_key'],
s3_region: "eu-west-1",
vapid_private_key: mastodon_credentials['vapid_private_key'],
vapid_public_key: mastodon_credentials['vapid_public_key']
end
bundle_install do
user "mastodon"
deployment true
without %w(development test)
vapid_public_key: mastodon_credentials['vapid_public_key'],
db_pass: postgresql_data_bag_item['mastodon_user_password']
end
execute do
environment "HOME" => mastodon_path
user "mastodon"
user mastodon_user
cwd mastodon_path
command "/opt/ruby_build/builds/#{ruby_version}/bin/bundle install --without development,test --deployment"
end
execute do
environment "HOME" => mastodon_path
user mastodon_user
cwd mastodon_path
command "yarn install --pure-lockfile"
end
rails do
migrate true
migrate false
rails_env "production"
precompile_assets false # buggy, done manually below
end
execute 'rake db:migrate' do
environment "RAILS_ENV" => "production", "HOME" => mastodon_path
user mastodon_user
group mastodon_user
cwd mastodon_path
command "PATH=\"/opt/ruby_build/builds/#{ruby_version}/bin:$PATH\" bundle exec rake db:migrate"
end
# This is the only way I could find that makes compiling the assets
# successfully for now. application_ruby's precompile_assets crashes because
# it cannot find the bundled gems
execute 'rake assets:precompile' do
environment "RAILS_ENV" => "production", "HOME" => mastodon_path
user "mastodon"
group "mastodon"
user mastodon_user
group mastodon_user
cwd mastodon_path
command "PATH=\"/opt/ruby_build/builds/#{ruby_version}/bin:$PATH\" /opt/ruby_build/builds/#{ruby_version}/bin/bundle exec rake assets:precompile"
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
# mastodon-web service
#
template "/lib/systemd/system/mastodon-web.service" do
source "mastodon-web.systemd.service.erb"
variables user: user,
app_dir: mastodon_path,
port: node["kosmos-mastodon"]["puma_port"],
bundle_path: "/opt/ruby_build/builds/#{ruby_version}/bin/bundle"
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[mastodon-web]", :delayed
command "PATH=\"/opt/ruby_build/builds/#{ruby_version}/bin:$PATH\" bundle exec rake assets:precompile"
end
service "mastodon-web" do
action [:enable, :start]
end
# mastodon-sidekiq service
#
template "/lib/systemd/system/mastodon-sidekiq.service" do
source "mastodon-sidekiq.systemd.service.erb"
variables user: user,
app_dir: mastodon_path,
bundle_path: "/opt/ruby_build/builds/#{ruby_version}/bin/bundle",
sidekiq_threads: node["kosmos-mastodon"]["sidekiq_threads"]
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[mastodon-sidekiq]", :delayed
end
service "mastodon-sidekiq" do
action [:enable, :start]
end
# mastodon-streaming service
#
template "/lib/systemd/system/mastodon-streaming.service" do
source "mastodon-streaming.systemd.service.erb"
variables user: user,
app_dir: mastodon_path,
port: node["kosmos-mastodon"]["streaming_port"]
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[mastodon-streaming]", :delayed
end
service "mastodon-streaming" do
action [:enable, :start]
end
@ -180,8 +210,13 @@ end
unless node.chef_environment == "development"
node.override["backup"]["postgresql"]["host"] = "localhost"
unless platform?('ubuntu') && node[:platform_version].to_f < 18.04
node.override["backup"]["postgresql"]["username"] = "mastodon"
node.override["backup"]["postgresql"]["password"] = postgres_password
else
node.override["backup"]["postgresql"]["username"] = "postgres"
node.override["backup"]["postgresql"]["password"] = node['postgresql']['password']['postgres']
end
unless node["backup"]["postgresql"]["databases"].include? 'mastodon'
node.override["backup"]["postgresql"]["databases"] =
node["backup"]["postgresql"]["databases"].to_a << "mastodon"

21
site-cookbooks/kosmos-mastodon/recipes/nginx.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-mastodon
# Recipe:: nginx
#
# Copyright 2019, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
mastodon_path = node["kosmos-mastodon"]["directory"]
server_name = node["kosmos-mastodon"]["server_name"]

8
site-cookbooks/kosmos-mastodon/templates/default/env.production.erb
View File

@ -1,9 +1,15 @@
# Service dependencies
REDIS_URL=<%= @redis_url %>
DB_HOST=localhost
DB_USER=postgres
DB_NAME=mastodon
# TODO: Remove the condition once we have migrated mastodon to andromeda
raucao commented 2019-04-12 08:22:28 +00:00
Outdated
Review
Copy Link

Would be easier to find with TODO prefix.

Would be easier to find with TODO prefix.
<% if node[:platform_version].to_f < 18.04 -%>
DB_USER=postgres
DB_PASS=<%= node['postgresql']['password']['postgres'] %>
<% else -%>
DB_USER=mastodon
DB_PASS=<%= @db_pass %>
<% end -%>
DB_PORT=5432
# Federation

20
site-cookbooks/kosmos-mediawiki/LICENSE Normal file
View File

@ -0,0 +1,20 @@
Copyright (c) 2019 Kosmos Developers
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

2
site-cookbooks/kosmos-mediawiki/metadata.rb
View File

@ -1,7 +1,7 @@
name 'kosmos-mediawiki'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
license 'MIT'
description 'Installs/Configures kosmos-mediawiki'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'

27
site-cookbooks/kosmos-mediawiki/recipes/default.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-mediawiki
# Recipe:: default
#
# Copyright 2016, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
include_recipe 'apt'
include_recipe 'ark'
@ -16,10 +33,10 @@ server_name = 'wiki.kosmos.org'
# FIXME: For now run the update script manually after updating:
#
# sudo su - /var/www/mediawiki-1.xx.y/maintenance/update.php
node.override['mediawiki']['version'] = "1.28.0"
node.override['mediawiki']['version'] = "1.32.0"
node.override['mediawiki']['webdir'] = "#{node['mediawiki']['docroot_dir']}/mediawiki-#{node['mediawiki']['version']}"
node.override['mediawiki']['tarball']['name'] = "mediawiki-#{node['mediawiki']['version']}.tar.gz"
node.override['mediawiki']['tarball']['url'] = "https://releases.wikimedia.org/mediawiki/1.28/#{node['mediawiki']['tarball']['name']}"
node.override['mediawiki']['tarball']['url'] = "https://releases.wikimedia.org/mediawiki/1.32/#{node['mediawiki']['tarball']['name']}"
node.override['mediawiki']['language_code'] = 'en'
node.override['mediawiki']['server_name'] = server_name
node.override['mediawiki']['site_name'] = 'Kosmos Wiki'
@ -84,7 +101,7 @@ nginx_site server_name do
action :enable
end
nginx_certbot_site server_name
nginx_certbot_site server_name unless node.chef_environment == "development"
#
# Extensions

8
site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb
View File

@ -1,6 +1,9 @@
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
server {
<% if node.chef_environment != "development" && File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
listen 443 ssl;
<% else -%>
listen 80;
<% end -%>
server_name <%= @server_name %>;
access_log /var/log/nginx/<%= @server_name %>.access.log;
@ -24,7 +27,8 @@ server {
}
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
<% if node.chef_environment != "development" && File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
<% end -%>
}
<% end -%>

20
site-cookbooks/kosmos-nginx/LICENSE Normal file
View File

@ -0,0 +1,20 @@
Copyright (c) 2019 Kosmos Developers
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

2
site-cookbooks/kosmos-nginx/metadata.rb
View File

@ -1,7 +1,7 @@
name 'kosmos-nginx'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
license 'MIT'
description 'Installs/Configures kosmos-nginx'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.2.0'

22
site-cookbooks/kosmos-nginx/recipes/default.rb
View File

@ -2,10 +2,28 @@
# Cookbook Name:: kosmos-nginx
# Recipe:: default
#
# Copyright 2015, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
node.override['nginx']['default_site_enabled'] = false
node.override['nginx']['server_tokens'] = 'off'
node.override['nginx']['log_formats']['json'] = <<-EOF

2
site-cookbooks/kosmos-nodejs/metadata.rb
View File

@ -1,7 +1,7 @@
name 'kosmos-nodejs'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
license 'MIT'
description 'Installs/Configures kosmos-nodejs'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.1'

36
site-cookbooks/kosmos-nodejs/recipes/default.rb
View File

@ -2,20 +2,40 @@
# Cookbook Name:: kosmos-nodejs
# Recipe:: default
#
# Copyright 2015, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
# Get package for trusty when still using vivid
if node['lsb']['codename'] == "vivid"
node.override['nodejs']['install_repo'] = false
apt_repository 'node.js' do
node.override["nodejs"]["install_repo"] = false
apt_repository "node.js" do
uri "https://deb.nodesource.com/node_8.x"
distribution "trusty"
components ['main']
keyserver node['nodejs']['keyserver']
key node['nodejs']['key']
components ["main"]
keyserver node["nodejs"]["keyserver"]
key node["nodejs"]["key"]
end
include_recipe "nodejs"
else
node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_10.x"
include_recipe "nodejs::nodejs_from_package"
end
include_recipe 'nodejs'

20
site-cookbooks/kosmos-parity/LICENSE Normal file
View File

@ -0,0 +1,20 @@
Copyright (c) 2019 Kosmos Developers
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

2
site-cookbooks/kosmos-parity/metadata.rb
View File

@ -1,7 +1,7 @@
name 'kosmos-parity'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
license 'MIT'
description 'Installs/Configures kosmos-parity'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'

21
site-cookbooks/kosmos-parity/recipes/create_package_from_github.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-parity
# Recipe:: create_package_from_github
#
# Copyright 2017, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
include_recipe 'kosmos-parity::user'
include_recipe 'build-essential'

21
site-cookbooks/kosmos-parity/recipes/default.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-parity
# Recipe:: default
#
# Copyright 2017, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
include_recipe 'kosmos-parity::user'

21
site-cookbooks/kosmos-parity/recipes/from_package.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-parity
# Recipe:: default
#
# Copyright 2017, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
include_recipe 'kosmos-parity::user'

21
site-cookbooks/kosmos-parity/recipes/node_dev.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-parity
# Recipe:: node_dev
#
# Copyright 2017, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
# Sets up a parity node running on the dev chain on port 8545 (behind nginx,
# with HTTPS)

21
site-cookbooks/kosmos-parity/recipes/node_mainnet.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-parity
# Recipe:: node_mainnet
#
# Copyright 2017, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
# Sets up a parity node running on the mainnet chain on port 8547 (behind
# nginx, with HTTPS)

21
site-cookbooks/kosmos-parity/recipes/node_testnet.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-parity
# Recipe:: node_testnet
#
# Copyright 2017, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
# Sets up a parity node running on the testnet chain on port 8546 (behind
# nginx, with HTTPS)

21
site-cookbooks/kosmos-parity/recipes/user.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-parity
# Recipe:: user
#
# Copyright 2017, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
group "parity" do
gid 72748

2
site-cookbooks/kosmos-postfix/metadata.rb
View File

@ -1,7 +1,7 @@
name 'kosmos-postfix'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
license 'MIT'
description 'A wrapper cookbook for postfix'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'

21
site-cookbooks/kosmos-postfix/recipes/default.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-postfix
# Recipe:: default
#
# Copyright 2015, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp')

22
site-cookbooks/kosmos-postgresql/.gitignore vendored Normal file
View File

@ -0,0 +1,22 @@
.vagrant
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Bundler
Gemfile.lock
gems.locked
bin/*
.bundle/*
# test kitchen
.kitchen/
.kitchen.local.yml
# Chef
Berksfile.lock
.zero-knife.rb
Policyfile.lock.json

4
site-cookbooks/kosmos-postgresql/Berksfile Normal file
View File

@ -0,0 +1,4 @@
# frozen_string_literal: true
source 'https://supermarket.chef.io'
metadata

5
site-cookbooks/kosmos-postgresql/CHANGELOG.md Normal file
View File

@ -0,0 +1,5 @@
# kosmos-postgresql CHANGELOG
# 0.1.0
Initial release.

20
site-cookbooks/kosmos-postgresql/LICENSE Normal file
View File

@ -0,0 +1,20 @@
Copyright (c) 2019 Kosmos Developers
Permission is hereby granted, free of charge, to any person obtaining
raucao commented 2019-04-12 08:25:09 +00:00
Outdated
Review
Copy Link

Same as above.

Same as above.
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

4
site-cookbooks/kosmos-postgresql/README.md Normal file
View File

@ -0,0 +1,4 @@
# kosmos-postgresql
TODO: Enter the cookbook description here.

104
site-cookbooks/kosmos-postgresql/chefignore Normal file
View File

@ -0,0 +1,104 @@
# Put files/directories that should be ignored in this file when uploading
# to a chef-server or supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
Icon?
nohup.out
ehthumbs.db
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
\#*
.#*
*~
*.sw[a-z]
*.bak
REVISION
TAGS*
tmtags
*_flymake.*
*_flymake
*.tmproj
.project
.settings
mkmf.log
## COMPILED ##
##############
a.out
*.o
*.pyc
*.so
*.com
*.class
*.dll
*.exe
*/rdoc/
# Testing #
###########
.watchr
.rspec
spec/*
spec/fixtures/*
test/*
features/*
examples/*
Guardfile
Procfile
.kitchen*
kitchen.yml*
.rubocop.yml
spec/*
Rakefile
.travis.yml
.foodcritic
.codeclimate.yml
# SCM #
#######
.git
*/.git
.gitignore
.gitmodules
.gitconfig
.gitattributes
.svn
*/.bzr/*
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Cookbooks #
#############
CONTRIBUTING*
CHANGELOG*
TESTING*
# Vagrant #
###########
.vagrant
Vagrantfile

23
site-cookbooks/kosmos-postgresql/metadata.rb Normal file
View File

@ -0,0 +1,23 @@
name 'kosmos-postgresql'
maintainer 'Kosmos'
maintainer_email 'ops@5apps.com'
license 'MIT'
raucao commented 2019-04-12 08:26:00 +00:00
Review
Copy Link

And another one.

And another one.
description 'Installs/Configures kosmos-postgresql'
long_description 'Installs/Configures kosmos-postgresql'
version '0.1.0'
chef_version '>= 12.14' if respond_to?(:chef_version)
# The `issues_url` points to the location where issues for this cookbook are
# tracked. A `View Issues` link will be displayed on this cookbook's page when
# uploaded to a Supermarket.
#
# issues_url 'https://github.com/<insert_org_here>/kosmos-postgresql/issues'
# The `source_url` points to the development repository for this cookbook. A
# `View Source` link will be displayed on this cookbook's page when uploaded to
# a Supermarket.
#
# source_url 'https://github.com/<insert_org_here>/kosmos-postgresql'
depends "postgresql", ">= 7.0.0"
depends "build-essential"

51
site-cookbooks/kosmos-postgresql/recipes/default.rb Normal file
View File

@ -0,0 +1,51 @@
#
# Cookbook:: kosmos-postgresql
# Recipe:: default
#
# The MIT License (MIT)
#
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
return if platform?('ubuntu') && node[:platform_version].to_f < 18.04
node.override['build-essential']['compile_time'] = true
include_recipe 'build-essential::default'
package("libpq-dev") { action :nothing }.run_action(:install)
chef_gem 'pg' do
compile_time true
end
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
postgresql_server_install "main" do
version "10"
setup_repo false
password postgresql_data_bag_item['server_password']
action :install
end
postgresql_client_install "main" do
version "10"
setup_repo false
action :install
end

20
site-cookbooks/kosmos-redis/LICENSE Normal file
View File

@ -0,0 +1,20 @@
Copyright (c) 2019 Kosmos Developers
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

2
site-cookbooks/kosmos-redis/metadata.rb
View File

@ -1,7 +1,7 @@
name 'kosmos-redis'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
license 'MIT'
description 'redis wrapper cookbook'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'

21
site-cookbooks/kosmos-redis/recipes/default.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: kosmos-redis
# Recipe:: default
#
# Copyright 2015, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
node.override['redis']['unixsocket'] = ''
include_recipe 'redis::server'

6
site-cookbooks/kosmos-wordpress/CHANGELOG.md
View File

@ -1,6 +0,0 @@
kosmos-wordpress CHANGELOG
==========================
0.1.0
-----
- [Greg Karékinian] - Initial release of kosmos-wordpress

68
site-cookbooks/kosmos-wordpress/README.md
View File

@ -1,68 +0,0 @@
kosmos-wordpress Cookbook
=========================
TODO: Enter the cookbook description here.
e.g.
This cookbook makes your favorite breakfast sandwich.
Requirements
------------
TODO: List your cookbook requirements. Be sure to include any requirements this cookbook has on platforms, libraries, other cookbooks, packages, operating systems, etc.
e.g.
#### packages
- `toaster` - kosmos-wordpress needs toaster to brown your bagel.
Attributes
----------
TODO: List your cookbook attributes here.
e.g.
#### kosmos-wordpress::default
<table>
<tr>
<th>Key</th>
<th>Type</th>
<th>Description</th>
<th>Default</th>
</tr>
<tr>
<td><tt>['kosmos-wordpress']['bacon']</tt></td>
<td>Boolean</td>
<td>whether to include bacon</td>
<td><tt>true</tt></td>
</tr>
</table>
Usage
-----
#### kosmos-wordpress::default
TODO: Write usage instructions for each cookbook.
e.g.
Just include `kosmos-wordpress` in your node's `run_list`:
```json
{
"name":"my_node",
"run_list": [
"recipe[kosmos-wordpress]"
]
}
```
Contributing
------------
TODO: (optional) If this is a public cookbook, detail the process for contributing. If this is a private cookbook, remove this section.
e.g.
1. Fork the repository on Github
2. Create a named feature branch (like `add_component_x`)
3. Write your change
4. Write tests for your change (if applicable)
5. Run the tests, ensuring they all pass
6. Submit a Pull Request using Github
License and Authors
-------------------
Authors: TODO: List authors

1
site-cookbooks/kosmos-wordpress/attributes/default.rb
View File

@ -1 +0,0 @@
node.default["kosmos-wordpress"]["nginx"]["domain"] = "blog.kosmos.org"

13
site-cookbooks/kosmos-wordpress/metadata.rb
View File

@ -1,13 +0,0 @@
name 'kosmos-wordpress'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
description 'Installs/Configures kosmos-wordpress'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'
depends 'wordpress'
depends 'php-fpm'
depends 'backup'
depends 'kosmos-base'
depends 'kosmos-nginx'

38
site-cookbooks/kosmos-wordpress/recipes/default.rb
View File

@ -1,38 +0,0 @@
#
# Cookbook Name:: kosmos-wordpress
# Recipe:: default
#
# Copyright 2016, Kosmos
#
# All rights reserved - Do Not Redistribute
#
mysql_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mysql')
node.override['wordpress']['db']['root_password'] = mysql_credentials["root_password"]
node.override['wordpress']['server_name'] = "blog.kosmos.org"
node.override['wordpress']['server_aliases'] = ["blog.kosmos.org"]
node.override['wordpress']['server_port'] = "443"
credentials = Chef::EncryptedDataBagItem.load('credentials', 'wordpress')
node.set['wordpress']['db']['pass'] = credentials["db_pass"]
node.set['wordpress']['keys']['auth'] = credentials["keys_auth"]
node.set['wordpress']['keys']['secure_auth'] = credentials["keys_secure_auth"]
node.set['wordpress']['keys']['logged_in'] = credentials["keys_logged_in"]
node.set['wordpress']['keys']['nonce'] = credentials["keys_nonce"]
node.set['wordpress']['salt']['auth'] = credentials["keys_auth"]
node.set['wordpress']['salt']['secure_auth'] = credentials["saltsecure_auth"]
node.set['wordpress']['salt']['logged_in'] = credentials["salt_logged_in"]
node.set['wordpress']['salt']['nonce'] = credentials["salt_nonce"]
include_recipe 'kosmos-wordpress::nginx'
unless node.chef_environment == "development"
node.override["backup"]["mysql"]["host"] = "localhost"
node.override["backup"]["mysql"]["username"] = "root"
node.override["backup"]["mysql"]["password"] = node["wordpress"]["db"]["root_password"]
unless node["backup"]["mysql"]["databases"].include? "wordpressdb"
node.override["backup"]["mysql"]["databases"] =
node["backup"]["mysql"]["databases"].to_a << "wordpressdb"
end
include_recipe "backup"
end

59
site-cookbooks/kosmos-wordpress/recipes/nginx.rb
View File

@ -1,59 +0,0 @@
#
# Cookbook Name:: kosmos-wordpress
# Recipe:: nginx
#
# Copyright 2016, Kosmos
#
# All rights reserved - Do Not Redistribute
#
node.set_unless['php-fpm']['pools'] = []
include_recipe "php-fpm"
include_recipe 'php-fpm::repository' unless node['php-fpm']['skip_repository_install']
include_recipe "php-fpm::install"
php_fpm_pool "www" do
enable false
end
php_fpm_pool "wordpress" do
listen "127.0.0.1:9001"
user node['wordpress']['install']['user']
group node['wordpress']['install']['group']
listen_owner node['wordpress']['install']['user']
listen_group node['wordpress']['install']['group']
php_options node['wordpress']['php_options']
start_servers 5
enable true
end
include_recipe "php::module_mysql"
include_recipe "kosmos-nginx"
include_recipe "wordpress::app"
server_name = node['wordpress']['server_name']
ssl_cert = "/etc/letsencrypt/live/#{server_name}/fullchain.pem"
ssl_key = "/etc/letsencrypt/live/#{server_name}/privkey.pem"
template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
source "nginx.conf.erb"
variables(
docroot: node['wordpress']['dir'],
server_name: server_name,
server_aliases: node['wordpress']['server_aliases'],
server_port: node['wordpress']['server_port'],
ssl_cert: ssl_cert,
ssl_key: ssl_key
)
action :create
notifies :reload, "service[nginx]", :delayed
end
nginx_site server_name do
action :enable
end
nginx_certbot_site server_name

44
site-cookbooks/kosmos-wordpress/templates/default/nginx.conf.erb
View File

@ -1,44 +0,0 @@
server {
listen 80;
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
listen <%= @server_port %> ssl http2;
<% end -%>
server_name <%= @server_name %> <%= @server_aliases.join(" ") %>;
access_log /var/log/nginx/<%= @server_name %>.access.log;
error_log /var/log/nginx/<%= @server_name %>.error.log;
client_max_body_size 20m;
root <%= @docroot %>;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
set $redirect_to_ssl "no";
if ($ssl_protocol = "") {
set $redirect_to_ssl "yes";
}
if ($redirect_to_ssl = yes) {
rewrite ^(.*) https://$host$1 permanent;
}
<% end -%>
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9001;
fastcgi_param SCRIPT_FILENAME <%= @docroot %>$fastcgi_script_name;
# Remove the HTTP_PROXY parameter, protect from the HTTPoxy vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
fastcgi_param HTTP_PROXY "";
}
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
<% end -%>
}

20
site-cookbooks/sockethub/LICENSE Normal file
View File

@ -0,0 +1,20 @@
Copyright (c) 2019 Kosmos Developers
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

2
site-cookbooks/sockethub/attributes/default.rb
View File

@ -1,4 +1,4 @@
node.default['sockethub']['port'] = '10551'
node.default['sockethub']['external_port'] = '10550'
node.default['sockethub']['revision'] = 'v2.0.5'
node.default['sockethub']['revision'] = 'v3.0.1'
node.default['sockethub']['nginx']['server_name'] = 'sockethub.kosmos.org'

4
site-cookbooks/sockethub/metadata.rb
View File

@ -1,10 +1,10 @@
name 'sockethub'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
license 'MIT'
description 'Installs/Configures sockethub'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'
version '0.1.1'
depends 'application_javascript'
depends 'kosmos-redis'

35
site-cookbooks/sockethub/recipes/_firewall.rb Normal file
View File

@ -0,0 +1,35 @@
#
# Cookbook Name:: sockethub
# Recipe:: _firewall
#
# The MIT License (MIT)
#
# Copyright:: 2019, Kosmos Developers
raucao commented 2019-04-12 08:26:41 +00:00
Review
Copy Link

And one more.

And one more.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
unless node.chef_environment == "development"
include_recipe "firewall"
firewall_rule 'sockethub' do
port node['sockethub']['external_port'].to_i
protocol :tcp
command :allow
end
end

25
site-cookbooks/sockethub/recipes/default.rb
View File

@ -2,10 +2,27 @@
# Cookbook Name:: sockethub
# Recipe:: default
#
# Copyright 2015-2017, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
include_recipe 'kosmos-nodejs'
include_recipe 'kosmos-redis'
@ -54,7 +71,9 @@ application path_to_deploy do
app_dir: path_to_deploy,
entry: "/usr/bin/node /usr/bin/npm start",
environment: { 'DEBUG' => '*',
'PORT' => node['sockethub']['port'] }
'PORT' => node['sockethub']['port'],
# Use the second database (index starts at 0)
'REDIS_URL' => "redis://localhost:6379/1" }
)
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[sockethub_nodejs]", :delayed

31
site-cookbooks/sockethub/recipes/proxy.rb
View File

@ -2,20 +2,29 @@
# Cookbook Name:: sockethub
# Recipe:: proxy
#
# Copyright 2015-2019, Kosmos
# The MIT License (MIT)
#
# All rights reserved - Do Not Redistribute
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
unless node.chef_environment == "development"
include_recipe "firewall"
firewall_rule 'sockethub' do
port node['sockethub']['external_port'].to_i
protocol :tcp
command :allow
end
end
include_recipe 'sockethub::_firewall'
include_recipe 'kosmos-nginx'
server_name = node['sockethub']['nginx']['server_name']