.gitignore

@@ -1,4 +1,6 @@
 /.chef/encrypted_data_bag_secret
+.chef/chef_guid
 /.bundle/
 /.vagrant/
+/.kitchen
 /nodes/vagrant-node.json

clients/rsk-testnet-1.json

@@ -0,0 +1,4 @@
+{
+  "name": "rsk-testnet-1",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JU46rCyLGOi5OdeeE2M\nobUUxO+Jqd9t9bP75Pyj0uH8WaxNv1PIdWZJiR+fcE+draBV86/YLxHzOFvsnMi+\nE/qgeXLKErGtTSb12mWq0gYv/wz9uqRbtcsv40gpu2BtNv9ycdXYACB/s0ipnuUO\nX/os4YHDvWV1cshwzgsQ87ad7OdT/Nldggtp4go60TkBi49VaftiJzYqVm1ey3xz\nd7+EsQWqhQHAac6POEuPjwNuM2valf/8+nI4Uday/CiFrDDV1SffRG30sd4rJF15\nh1S1Kxyetr72EmQwIGbJuDJL7eUU7blXjg6UtTxDDsl6rYUO5s/j7wZLoFhmC854\npQIDAQAB\n-----END PUBLIC KEY-----\n"
+}

nodes/rsk-testnet-1.json

@@ -0,0 +1,53 @@
+{
+  "name": "rsk-testnet-1",
+  "normal": {
+    "knife_zero": {
+      "host": "10.1.1.136"
+    }
+  },
+  "automatic": {
+    "fqdn": "rsk-testnet-1",
+    "os": "linux",
+    "os_version": "5.4.0-1026-kvm",
+    "hostname": "rsk-testnet-1",
+    "ipaddress": "192.168.122.196",
+    "roles": [
+
+    ],
+    "recipes": [
+      "kosmos-base",
+      "kosmos-base::default",
+      "apt::default",
+      "timezone_iii::default",
+      "timezone_iii::debian",
+      "ntp::default",
+      "ntp::apparmor",
+      "kosmos-base::systemd_emails",
+      "apt::unattended-upgrades",
+      "kosmos-base::firewall",
+      "kosmos-postfix::default",
+      "postfix::default",
+      "postfix::_common",
+      "postfix::_attributes",
+      "postfix::sasl_auth",
+      "hostname::default"
+    ],
+    "platform": "ubuntu",
+    "platform_version": "20.04",
+    "cloud": null,
+    "chef_packages": {
+      "ohai": {
+        "version": "16.13.0",
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.7.0/gems/ohai-16.13.0/lib/ohai"
+      },
+      "chef": {
+        "version": "16.13.16",
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.7.0/gems/chef-16.13.16/lib",
+        "chef_effortless": null
+      }
+    }
+  },
+  "run_list": [
+    "recipe[kosmos-base]"
+  ]
+}

site-cookbooks/kosmos_rsk/.delivery/project.toml

@@ -0,0 +1,32 @@
+# Delivery for Local Phases Execution
+#
+# This file allows you to execute test phases locally on a workstation or
+# in a CI pipeline. The delivery-cli will read this file and execute the
+# command(s) that are configured for each phase. You can customize them
+# by just modifying the phase key on this file.
+#
+# By default these phases are configured for Cookbook Workflow only
+#
+
+[local_phases]
+unit = "echo skipping unit phase."
+lint = "chef exec cookstyle"
+# foodcritic has been deprecated in favor of cookstyle so we skip the syntax
+# phase now.
+syntax = "echo skipping syntax phase. Use lint phase instead."
+provision = "chef exec kitchen create"
+deploy = "chef exec kitchen converge"
+smoke = "chef exec kitchen verify"
+# The functional phase is optional, you can define it by uncommenting
+# the line below and running the command: `delivery local functional`
+# functional = ""
+cleanup = "chef exec kitchen destroy"
+
+# Remote project.toml file
+#
+# Instead of the local phases above, you may specify a remote URI location for
+# the `project.toml` file. This is useful for teams that wish to centrally
+# manage the behavior of the `delivery local` command across many different
+# projects.
+#
+# remote_file = "https://url/project.toml"

site-cookbooks/kosmos_rsk/.gitignore

@@ -0,0 +1,25 @@
+.vagrant
+*~
+*#
+.#*
+\#*#
+.*.sw[a-z]
+*.un~
+
+# Bundler
+Gemfile.lock
+gems.locked
+bin/*
+.bundle/*
+
+# test kitchen
+.kitchen/
+kitchen.local.yml
+
+# Chef Infra
+Berksfile.lock
+.zero-knife.rb
+Policyfile.lock.json
+
+.idea/
+

site-cookbooks/kosmos_rsk/Berksfile

@@ -0,0 +1,3 @@
+source 'https://supermarket.chef.io'
+
+metadata

site-cookbooks/kosmos_rsk/CHANGELOG.md

@@ -0,0 +1,7 @@
+# kosmos_rsk CHANGELOG
+
+This file is used to list changes made in each version of the kosmos_rsk cookbook.
+
+## 0.1.0
+
+Initial release.

site-cookbooks/kosmos_rsk/LICENSE

@@ -0,0 +1,3 @@
+Copyright 2021 The Authors
+
+All rights reserved, do not redistribute.

site-cookbooks/kosmos_rsk/README.md

@@ -0,0 +1,3 @@
+# kosmos_rsk
+
+Configures/deploys RSK-related software.

site-cookbooks/kosmos_rsk/attributes/default.rb

@@ -0,0 +1,2 @@
+node.default['rskj']['version'] = '2.2.0~focal'
+node.default['rskj']['network'] = 'testnet'

site-cookbooks/kosmos_rsk/chefignore

@@ -0,0 +1,115 @@
+# Put files/directories that should be ignored in this file when uploading
+# to a Chef Infra Server or Supermarket.
+# Lines that start with '# ' are comments.
+
+# OS generated files #
+######################
+.DS_Store
+ehthumbs.db
+Icon?
+nohup.out
+Thumbs.db
+.envrc
+
+# EDITORS #
+###########
+.#*
+.project
+.settings
+*_flymake
+*_flymake.*
+*.bak
+*.sw[a-z]
+*.tmproj
+*~
+\#*
+REVISION
+TAGS*
+tmtags
+.vscode
+.editorconfig
+
+## COMPILED ##
+##############
+*.class
+*.com
+*.dll
+*.exe
+*.o
+*.pyc
+*.so
+*/rdoc/
+a.out
+mkmf.log
+
+# Testing #
+###########
+.circleci/*
+.codeclimate.yml
+.delivery/*
+.foodcritic
+.kitchen*
+.mdlrc
+.overcommit.yml
+.rspec
+.rubocop.yml
+.travis.yml
+.watchr
+.yamllint
+azure-pipelines.yml
+Dangerfile
+examples/*
+features/*
+Guardfile
+kitchen.yml*
+mlc_config.json
+Procfile
+Rakefile
+spec/*
+test/*
+
+# SCM #
+#######
+.git
+.gitattributes
+.gitconfig
+.github/*
+.gitignore
+.gitkeep
+.gitmodules
+.svn
+*/.bzr/*
+*/.git
+*/.hg/*
+*/.svn/*
+
+# Berkshelf #
+#############
+Berksfile
+Berksfile.lock
+cookbooks/*
+tmp
+
+# Bundler #
+###########
+vendor/*
+Gemfile
+Gemfile.lock
+
+# Policyfile #
+##############
+Policyfile.rb
+Policyfile.lock.json
+
+# Documentation #
+#############
+CODE_OF_CONDUCT*
+CONTRIBUTING*
+documentation/*
+TESTING*
+UPGRADING*
+
+# Vagrant #
+###########
+.vagrant
+Vagrantfile

site-cookbooks/kosmos_rsk/kitchen.yml

@@ -0,0 +1,52 @@
+---
+driver:
+  name: dokken
+  pull_platform_image: false
+  pull_chef_image: false
+  memory_limit: 2147483648 # 2GB
+  volumes:
+    # saves the apt archieves outside of the container
+    - /var/cache/apt/archives/:/var/cache/apt/archives/
+  ## The forwarded_port port feature lets you connect to ports on the VM guest via
+  ## localhost on the host.
+  ## see also: https://www.vagrantup.com/docs/networking/forwarded_ports
+  # network:
+  #  - ["forwarded_port", { guest: 4444, host: 4444 }]
+
+transport:
+  name: dokken
+
+provisioner:
+  name: dokken
+  clean_dokken_sandbox: false
+  # You may wish to disable always updating cookbooks in CI or other testing environments.
+  # For example:
+  #   always_update_cookbooks: <%= !ENV['CI'] %>
+  # always_update_cookbooks: false
+
+  ## product_name and product_version specifies a specific Chef product and version to install.
+  ## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/
+  #  product_name: chef
+  #  product_version: 16
+
+verifier:
+  name: inspec
+
+platforms:
+  - name: ubuntu-20.04
+    driver:
+      image: dokken/ubuntu-20.04
+      privileged: true
+      pid_one_command: /usr/lib/systemd/systemd
+      intermediate_instructions:
+        # prevent APT from deleting the APT folder
+        - RUN rm /etc/apt/apt.conf.d/docker-clean
+
+suites:
+  - name: rskj
+    run_list:
+      - recipe[kosmos_rsk::rskj]
+    verifier:
+      inspec_tests:
+        - test/integration/rskj
+    attributes:

site-cookbooks/kosmos_rsk/metadata.rb

@@ -0,0 +1,11 @@
+name 'kosmos_rsk'
+maintainer 'Kosmos Developers'
+maintainer_email 'ops@kosmos.org'
+license 'MIT'
+description 'Installs/configures RSK and related software'
+version '0.1.0'
+chef_version '>= 15.0'
+issues_url 'https://gitea.kosmos.org/kosmos/chef/issues'
+source_url 'https://gitea.kosmos.org/kosmos/chef'
+
+depends 'firewall'

site-cookbooks/kosmos_rsk/recipes/rskj.rb

@@ -0,0 +1,39 @@
+#
+# Cookbook:: kosmos_rsk
+# Recipe:: rskj
+#
+
+group 'rsk' do
+  gid 888
+end
+
+user 'rsk' do
+  uid 888
+  gid 888
+  home '/var/lib/rsk'
+  shell '/sbin/nologin'
+end
+
+apt_repository 'rskj' do
+  uri 'ppa:rsksmart/rskj'
+  key '5EED9995C84A49BC02D4F507DF10691F518C7BEA'
+end
+
+apt_package 'rskj' do
+  response_file 'rskj-preseed.cfg.erb'
+  response_file_variables network: node['rskj']['network']
+  options '--assume-yes'
+  version node['rskj']['version']
+end
+
+service "rsk" do
+  action [:enable, :start]
+end
+
+include_recipe 'firewall'
+
+firewall_rule 'rskj' do
+  port     [4444,50505]
+  protocol :tcp
+  command  :allow
+end

site-cookbooks/kosmos_rsk/templates/rskj-preseed.cfg.erb

@@ -0,0 +1,6 @@
+#_preseed_V1
+# Do you agree to the terms of the applicable licenses?
+rskj shared/accepted-rsk-license-v1-1 boolean true
+# Choose a configuration environment to run your node.
+# Choices: mainnet, testnet, regtest
+rskj shared/config select <%= @network %>

site-cookbooks/kosmos_rsk/test/integration/rskj/rskj_test.rb

@@ -0,0 +1,23 @@
+# InSpec test for recipe kosmos_rsk::rskj
+
+# The Chef InSpec reference, with examples and extensive documentation, can be
+# found at https://docs.chef.io/inspec/resources/
+
+describe user('rsk') do
+  it { should exist }
+end
+
+describe package('rskj') do
+  it { should be_installed }
+  its('version') { should eq '2.2.0~focal' }
+end
+
+describe service('rsk') do
+  it { should be_enabled }
+  it { should be_installed }
+  it { should be_running }
+end
+
+describe port(4444) do
+  it { should be_listening }
+end