Add Liquor Cabinet cookbooks and configs, deploy to production #541
| @ -1,51 +1,65 @@ | ||||
| { | ||||
|   "id": "akkounts", | ||||
|   "postgresql_username": { | ||||
|     "encrypted_data": "/Idxzq83imf6o6pbmFAk7bgxg69N7/1KNhgj\n", | ||||
|     "iv": "34BrmVmlxzuA7IJG\n", | ||||
|     "auth_tag": "VyLpWDshrOd417ZiY3432w==\n", | ||||
|     "encrypted_data": "l00Lmdbl5xNq07XU4XmcnRxXsIJaYyMQQ6xI\n", | ||||
|     "iv": "yxvL6hKwlVWmdMzl\n", | ||||
|     "auth_tag": "mMCV9ewJW/0TfVE76WBSZw==\n", | ||||
|     "version": 3, | ||||
|     "cipher": "aes-256-gcm" | ||||
|   }, | ||||
|   "postgresql_password": { | ||||
|     "encrypted_data": "XqEmt+yu7mB6vBOUCT/5AtIptdUamfniz+PrFYCP0A==\n", | ||||
|     "iv": "2XdVUHkeeS1LHzMx\n", | ||||
|     "auth_tag": "mq0v9ikHD7pxTUrGO+VF9A==\n", | ||||
|     "encrypted_data": "Q6xWsH6bmI1GfMzme3mBRYrt3XmDwFJ7E4FjYg2Rrw==\n", | ||||
|     "iv": "jcQmuT7Jz3g3XE8d\n", | ||||
|     "auth_tag": "nNMvf9UmP6ikf1BW93QZIw==\n", | ||||
|     "version": 3, | ||||
|     "cipher": "aes-256-gcm" | ||||
|   }, | ||||
|   "sentry_dsn": { | ||||
|     "encrypted_data": "u82JsPq5HvQRE2eWIbVp73LdqffyuTTylbURtM7XRJ6AXyKp1WD/iwVhNnL7\n/NKSWR24/u63WJCP4rXpW7293ZRU5UW/W3GwlOjNtbdxcaQ=\n", | ||||
|     "iv": "0GIV8v92dh4+Ma/Z\n", | ||||
|     "auth_tag": "XbuxPIZ5VxuMjw/f+usCgA==\n", | ||||
|     "encrypted_data": "V7cqlH2baN1Ix/ggQFeo9PY6dNKKpnDECaB1cO3XuCfy74oN2ot44nbpCQTA\nUl0+1LQv/qNn/L4gmJkqZfdIXZQqhR+iTc06UJxe3aTKJDw=\n", | ||||
|     "iv": "HJtdKYcApwaxhTXI\n", | ||||
|     "auth_tag": "qyIYK9h6nciJTFXBWOjVOA==\n", | ||||
|     "version": 3, | ||||
|     "cipher": "aes-256-gcm" | ||||
|   }, | ||||
|   "rails_master_key": { | ||||
|     "encrypted_data": "31N79um4TTD0tuDurrZVztoSv0sxZ70paV7AhD8P4+lX8kUkfhiugCbdhst0\n12YP5v/8\n", | ||||
|     "iv": "l4qanaerdou8AApw\n", | ||||
|     "auth_tag": "yvkcM4on1EMm1LhmmZ+O+g==\n", | ||||
|     "encrypted_data": "KAl2Kgq1TXjOm4TNxGwZkPwJeOSNLbLLKiRdb4fTyBFfUhIGGeCS9VvV9kIb\n9sQZ6HLU\n", | ||||
|     "iv": "BBPvDNs6nBXDti5I\n", | ||||
|     "auth_tag": "yjM/0nyUwt+5SSGuLC5qWA==\n", | ||||
|     "version": 3, | ||||
|     "cipher": "aes-256-gcm" | ||||
|   }, | ||||
|   "discourse_connect_secret": { | ||||
|     "encrypted_data": "Ebs8KVEA0r4nFxYNjxxZFUWndxwoKes/9ihEgqgKLN76t6yzCUONeJZBMl0G\nXLdI8A==\n", | ||||
|     "iv": "ob8KBWeoHXFlZ7Nk\n", | ||||
|     "auth_tag": "motppQbVEhg6qyKRYpqctA==\n", | ||||
|     "encrypted_data": "YHkZGzXeK3nDHaXt3JKmGtCcvMfgvv3yHbvS2C+CLKagOIOe+0+2/CiNuh4U\nxO1Pug==\n", | ||||
|     "iv": "SnUxDpIMQum8ySfN\n", | ||||
|     "auth_tag": "Ny6I+3EoCA1s74JLjjbbyQ==\n", | ||||
|     "version": 3, | ||||
|     "cipher": "aes-256-gcm" | ||||
|   }, | ||||
|   "lndhub_admin_token": { | ||||
|     "encrypted_data": "I2hSF6X9L3OWbet5QWzrCyA3XyGFhFBgHh/uFr5dQ3RB\n", | ||||
|     "iv": "Kr8u2j5napFSamYc\n", | ||||
|     "auth_tag": "t93UNWomf+6WaZF7VVzTeQ==\n", | ||||
|     "encrypted_data": "dJHxB80Enwkm+2aNuIrp7lILAy2J5tQaChPJCl/BHwMo\n", | ||||
|     "iv": "zHLtD1jTIwvjMt1l\n", | ||||
|     "auth_tag": "IC0adEzsS5YF5YHqabWw2A==\n", | ||||
|     "version": 3, | ||||
|     "cipher": "aes-256-gcm" | ||||
|   }, | ||||
|   "btcpay_auth_token": { | ||||
|     "encrypted_data": "0qesJ5KMvU2DlKdz7lExJWq0X9XYjpsqw61kLXWw4UNYwpNxPyFJSjbR9yKh\ntu0zMdtMB9Vur9izWBY=\n", | ||||
|     "iv": "gw2oAyeF2Kuvb3Em\n", | ||||
|     "auth_tag": "zMtos/E3e3XXeTlAY7o0lg==\n", | ||||
|     "encrypted_data": "YbM0HvgIijluKQBcgfKn6hmWvdbhr0ijR1xKc+BRZCZJsRaJBHTjCbwhH8T9\nVnBESruyjhxphtBetcc=\n", | ||||
|     "iv": "3107v/c2Tonx6/cP\n", | ||||
|     "auth_tag": "jnO9fvoXJW5gbDMRjkdMPA==\n", | ||||
|     "version": 3, | ||||
|     "cipher": "aes-256-gcm" | ||||
|   }, | ||||
|   "s3_access_key": { | ||||
|     "encrypted_data": "PFjQKe1us12SNHlReQ4f0qctulPp4d2F3t5t+AGocp87PS/kZx77rtHQtruK\n", | ||||
|     "iv": "BGD8+XchqwPmhhwi\n", | ||||
|     "auth_tag": "XefaZKCVs8hotszALN+kxQ==\n", | ||||
|     "version": 3, | ||||
|     "cipher": "aes-256-gcm" | ||||
|   }, | ||||
|   "s3_secret_key": { | ||||
|     "encrypted_data": "ziO35x8P1YMaSeenMNQoTWug62b5ZVLFlkMlJEFGnYjHK5qTAn6ir06WnMJC\n0zErzTZsPpcr7KpE/ipWgWHRy7qVbGnd6iVO4t9tf5NjiU2OXfA=\n", | ||||
|     "iv": "S3syCCxh2m+mylLu\n", | ||||
|     "auth_tag": "ZMkyBqXMXr3K3LGqxWvbtA==\n", | ||||
|     "version": 3, | ||||
|     "cipher": "aes-256-gcm" | ||||
|   } | ||||
|  | ||||
							
								
								
									
										17
									
								
								data_bags/credentials/liquor-cabinet.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										17
									
								
								data_bags/credentials/liquor-cabinet.json
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,17 @@ | ||||
| { | ||||
|   "id": "liquor-cabinet", | ||||
|   "s3_access_key": { | ||||
|     "encrypted_data": "TKYUWVboQZUKvw4bqrKsL28dH2DGR5iDBQclAwm5I7GqkxFfkG2d91qLv+BA\n", | ||||
|     "iv": "B8YYzXeFGxMG34WI\n", | ||||
|     "auth_tag": "HOIfcpJOFYIVvf5o8lk4mg==\n", | ||||
|     "version": 3, | ||||
|     "cipher": "aes-256-gcm" | ||||
|   }, | ||||
|   "s3_secret_key": { | ||||
|     "encrypted_data": "GRqGJkGJ/f0zQVtO0r9TcXBqlpnfC5PiwTZK8QmsqEhzQI6U67NAf62QqTgl\nGVI1h8G5ITgC3l0xVhcvH6m2bcs9fjNzFIqnhoZhzGwEt51A5Zk=\n", | ||||
|     "iv": "UAlmoUWLedpd79xa\n", | ||||
|     "auth_tag": "2F/EJhY5/59dtFFwkd106A==\n", | ||||
|     "version": 3, | ||||
|     "cipher": "aes-256-gcm" | ||||
|   } | ||||
| } | ||||
| @ -43,8 +43,9 @@ | ||||
|       "s3_web_root_domain": "web.s3.kosmos.org", | ||||
|       "s3_web_domains": [ | ||||
|         "media.kosmos.chat", | ||||
|         "s3.kosmos.social", | ||||
|         "s3.community.kosmos.org" | ||||
|         "s3.accounts.kosmos.org", | ||||
|         "s3.community.kosmos.org", | ||||
|         "s3.kosmos.social" | ||||
|       ], | ||||
|       "xmpp_upload_bucket": "kosmos-xmpp-uploads" | ||||
|     }, | ||||
| @ -80,6 +81,16 @@ | ||||
|         "mastodon.w7nooprauv6yrnhzh2ajpcnj3doinked2aaztlwfyt6u6pva2qdxqhid.onion" | ||||
|       ] | ||||
|     }, | ||||
|     "liquor-cabinet": { | ||||
|       "ufw_source_allowed": "10.1.1.0/24", | ||||
|       "redis_port": 6379, | ||||
|       "redis_db": 1, | ||||
|       "s3_endpoint": "http://localhost:3900", | ||||
|       "s3_region": "garage", | ||||
|       "s3_bucket": "rs-kosmos", | ||||
|       "domain": "storage.kosmos.org", | ||||
|       "root_redirect_url": "https://accounts.kosmos.org" | ||||
|     }, | ||||
|     "mediawiki": { | ||||
|       "url": "https://wiki.kosmos.org" | ||||
|     }, | ||||
|  | ||||
| @ -17,6 +17,7 @@ | ||||
|       "kvm_guest", | ||||
|       "ldap_client", | ||||
|       "sentry_client", | ||||
|       "garage_gateway", | ||||
|       "akkounts", | ||||
|       "postgresql_client" | ||||
|     ], | ||||
| @ -26,6 +27,9 @@ | ||||
|       "kosmos_kvm::guest", | ||||
|       "kosmos-dirsrv::hostsfile", | ||||
|       "kosmos_sentry::client", | ||||
|       "kosmos_garage", | ||||
|       "kosmos_garage::default", | ||||
|       "kosmos_garage::firewall_rpc", | ||||
|       "kosmos_postgresql::hostsfile", | ||||
|       "kosmos-akkounts", | ||||
|       "kosmos-akkounts::default", | ||||
| @ -43,6 +47,7 @@ | ||||
|       "postfix::_attributes", | ||||
|       "postfix::sasl_auth", | ||||
|       "hostname::default", | ||||
|       "firewall::default", | ||||
|       "redisio::default", | ||||
|       "redisio::_install_prereqs", | ||||
|       "redisio::install", | ||||
| @ -76,6 +81,7 @@ | ||||
|     "role[kvm_guest]", | ||||
|     "role[ldap_client]", | ||||
|     "role[sentry_client]", | ||||
|     "role[garage_gateway]", | ||||
|     "role[akkounts]" | ||||
|   ] | ||||
| } | ||||
| @ -52,6 +52,7 @@ | ||||
|       "kosmos_garage::nginx_s3", | ||||
|       "kosmos_gitea::nginx", | ||||
|       "kosmos_gitea::nginx_ssh", | ||||
|       "kosmos_liquor-cabinet::nginx", | ||||
|       "kosmos_rsk::nginx_testnet", | ||||
|       "kosmos_rsk::nginx_mainnet", | ||||
|       "kosmos_website", | ||||
|  | ||||
| @ -45,6 +45,7 @@ | ||||
|       "kosmos_garage::nginx_s3", | ||||
|       "kosmos_gitea::nginx", | ||||
|       "kosmos_gitea::nginx_ssh", | ||||
|       "kosmos_liquor-cabinet::nginx", | ||||
|       "kosmos_rsk::nginx_testnet", | ||||
|       "kosmos_rsk::nginx_mainnet", | ||||
|       "kosmos_website", | ||||
|  | ||||
| @ -1,5 +1,6 @@ | ||||
| { | ||||
|   "name": "lq-1", | ||||
|   "chef_environment": "production", | ||||
|   "normal": { | ||||
|     "knife_zero": { | ||||
|       "host": "10.1.1.87" | ||||
| @ -8,17 +9,24 @@ | ||||
|   "automatic": { | ||||
|     "fqdn": "lq-1", | ||||
|     "os": "linux", | ||||
|     "os_version": "5.4.0-1090-kvm", | ||||
|     "os_version": "5.4.0-1104-kvm", | ||||
|     "hostname": "lq-1", | ||||
|     "ipaddress": "192.168.122.158", | ||||
|     "roles": [ | ||||
|       "base", | ||||
|       "kvm_guest" | ||||
|       "kvm_guest", | ||||
|       "garage_gateway", | ||||
|       "liquor_cabinet" | ||||
|     ], | ||||
|     "recipes": [ | ||||
|       "kosmos-base", | ||||
|       "kosmos-base::default", | ||||
|       "kosmos_kvm::guest", | ||||
|       "kosmos_garage", | ||||
|       "kosmos_garage::default", | ||||
|       "kosmos_garage::firewall_rpc", | ||||
|       "kosmos_liquor-cabinet", | ||||
|       "kosmos_liquor-cabinet::default", | ||||
|       "apt::default", | ||||
|       "timezone_iii::default", | ||||
|       "timezone_iii::debian", | ||||
| @ -32,7 +40,9 @@ | ||||
|       "postfix::_common", | ||||
|       "postfix::_attributes", | ||||
|       "postfix::sasl_auth", | ||||
|       "hostname::default" | ||||
|       "hostname::default", | ||||
|       "firewall::default", | ||||
|       "liquor_cabinet::default" | ||||
|     ], | ||||
|     "platform": "ubuntu", | ||||
|     "platform_version": "20.04", | ||||
| @ -51,6 +61,8 @@ | ||||
|   }, | ||||
|   "run_list": [ | ||||
|     "role[base]", | ||||
|     "role[kvm_guest]" | ||||
|     "role[kvm_guest]", | ||||
|     "role[garage_gateway]", | ||||
|     "role[liquor_cabinet]" | ||||
|   ] | ||||
| } | ||||
| @ -1,5 +1,6 @@ | ||||
| { | ||||
|   "name": "lq-2", | ||||
|   "chef_environment": "production", | ||||
|   "normal": { | ||||
|     "knife_zero": { | ||||
|       "host": "10.1.1.188" | ||||
| @ -8,17 +9,24 @@ | ||||
|   "automatic": { | ||||
|     "fqdn": "lq-2", | ||||
|     "os": "linux", | ||||
|     "os_version": "5.4.0-1090-kvm", | ||||
|     "os_version": "5.4.0-1104-kvm", | ||||
|     "hostname": "lq-2", | ||||
|     "ipaddress": "192.168.122.47", | ||||
|     "roles": [ | ||||
|       "base", | ||||
|       "kvm_guest" | ||||
|       "kvm_guest", | ||||
|       "garage_gateway", | ||||
|       "liquor_cabinet" | ||||
|     ], | ||||
|     "recipes": [ | ||||
|       "kosmos-base", | ||||
|       "kosmos-base::default", | ||||
|       "kosmos_kvm::guest", | ||||
|       "kosmos_garage", | ||||
|       "kosmos_garage::default", | ||||
|       "kosmos_garage::firewall_rpc", | ||||
|       "liquor_cabinet", | ||||
|       "liquor_cabinet::default", | ||||
|       "apt::default", | ||||
|       "timezone_iii::default", | ||||
|       "timezone_iii::debian", | ||||
| @ -32,7 +40,8 @@ | ||||
|       "postfix::_common", | ||||
|       "postfix::_attributes", | ||||
|       "postfix::sasl_auth", | ||||
|       "hostname::default" | ||||
|       "hostname::default", | ||||
|       "firewall::default" | ||||
|     ], | ||||
|     "platform": "ubuntu", | ||||
|     "platform_version": "20.04", | ||||
| @ -51,6 +60,8 @@ | ||||
|   }, | ||||
|   "run_list": [ | ||||
|     "role[base]", | ||||
|     "role[kvm_guest]" | ||||
|     "role[kvm_guest]", | ||||
|     "role[garage_gateway]", | ||||
|     "role[liquor_cabinet]" | ||||
|   ] | ||||
| } | ||||
							
								
								
									
										5
									
								
								roles/liquor_cabinet.rb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								roles/liquor_cabinet.rb
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,5 @@ | ||||
| name "liquor_cabinet" | ||||
| 
 | ||||
| run_list %w( | ||||
|   kosmos_liquor-cabinet::default | ||||
| ) | ||||
| @ -26,6 +26,7 @@ production_run_list = %w( | ||||
|   kosmos_garage::nginx_s3 | ||||
|   kosmos_gitea::nginx | ||||
|   kosmos_gitea::nginx_ssh | ||||
|   kosmos_liquor-cabinet::nginx | ||||
|   kosmos_rsk::nginx_testnet | ||||
|   kosmos_rsk::nginx_mainnet | ||||
|   kosmos_website::default | ||||
|  | ||||
| @ -19,3 +19,9 @@ node.default['akkounts']['lndhub']['api_url'] = nil | ||||
| node.default['akkounts']['lndhub']['public_url'] = nil | ||||
| node.default['akkounts']['lndhub']['public_key'] = nil | ||||
| node.default['akkounts']['lndhub']['postgres_db'] = 'lndhub' | ||||
| 
 | ||||
| node.default['akkounts']['s3_enabled'] = true | ||||
| node.default['akkounts']['s3_endpoint'] = "https://s3.kosmos.org" | ||||
| node.default['akkounts']['s3_region'] = "garage" | ||||
| node.default['akkounts']['s3_bucket'] = "akkounts-production" | ||||
| node.default['akkounts']['s3_alias_host'] = "https://s3.accounts.kosmos.org" | ||||
|  | ||||
| @ -69,17 +69,33 @@ if webhooks_allowed_ips.length > 0 | ||||
|   env[:webhooks_allowed_ips] = webhooks_allowed_ips | ||||
| end | ||||
| 
 | ||||
| # | ||||
| # BTCPay Server | ||||
| # | ||||
| 
 | ||||
| if btcpay_host | ||||
|   env[:btcpay_api_url] = "http://#{btcpay_host}:23001/api/v1" | ||||
|   env[:btcpay_store_id] = node['akkounts']['btcpay']['store_id'] | ||||
|   env[:btcpay_auth_token] = credentials["btcpay_auth_token"] | ||||
| end | ||||
| 
 | ||||
| # | ||||
| # Discourse | ||||
| # | ||||
| 
 | ||||
| env[:discourse_public_url] = "https://#{node['discourse']['domain']}" | ||||
| env[:discourse_connect_secret] = credentials['discourse_connect_secret'] | ||||
| 
 | ||||
| # | ||||
| # Drone CI | ||||
| # | ||||
| 
 | ||||
| env[:droneci_public_url] = node["droneci"]["public_url"] | ||||
| 
 | ||||
| # | ||||
| # ejabberd | ||||
| # | ||||
| 
 | ||||
| ejabberd_private_ip_addresses = [] | ||||
| search(:node, "role:ejabberd").each do |node| | ||||
|   ejabberd_private_ip_addresses << node["knife_zero"]["host"] | ||||
| @ -101,8 +117,16 @@ if ejabberd_private_ip_addresses.size > 0 | ||||
|   env[:ejabberd_admin_url] = node['akkounts']['ejabberd']['admin_url'] | ||||
| end | ||||
| 
 | ||||
| # | ||||
| # Gitea | ||||
| # | ||||
| 
 | ||||
| env[:gitea_public_url] = "https://#{node['gitea']['domain']}" | ||||
| 
 | ||||
| # | ||||
| # lndhub.go | ||||
| # | ||||
| 
 | ||||
| if lndhub_host | ||||
|   node.override["akkounts"]["lndhub"]["api_url"] = "http://#{lndhub_host}:3026" | ||||
|   env[:lndhub_legacy_api_url] = node["akkounts"]["lndhub"]["api_url"] | ||||
| @ -119,10 +143,49 @@ if lndhub_host | ||||
|   end | ||||
| end | ||||
| 
 | ||||
| # | ||||
| # Mastodon | ||||
| # | ||||
| 
 | ||||
| env[:mastodon_public_url] = "https://#{node['kosmos-mastodon']['domain']}" | ||||
| 
 | ||||
| # | ||||
| # MediaWiki | ||||
| # | ||||
| 
 | ||||
| env[:mediawiki_public_url] = node['mediawiki']['url'] | ||||
| 
 | ||||
| # | ||||
| # remoteStorage / Liquor Cabinet | ||||
| # | ||||
| 
 | ||||
| env[:rs_storage_url] = "https://#{node['liquor-cabinet']['domain']}" | ||||
| 
 | ||||
| rs_redis_host = search(:node, "role:redis_server").first["knife_zero"]["host"] rescue nil | ||||
| rs_redis_port = node['liquor-cabinet']['redis_port'] | ||||
| rs_redis_db = node['liquor-cabinet']['redis_db'] | ||||
| if rs_redis_host | ||||
|   env[:rs_redis_url] = "redis://#{rs_redis_host}:#{rs_redis_port}/#{rs_redis_db}" | ||||
| end | ||||
| 
 | ||||
| # | ||||
| # S3 | ||||
| # | ||||
| 
 | ||||
| if node['akkounts']['s3_enabled'] | ||||
|   env[:s3_enabled] = true | ||||
|   env[:s3_endpoint] = node['akkounts']['s3_endpoint'] | ||||
|   env[:s3_region] = node['akkounts']['s3_region'] | ||||
|   env[:s3_bucket] = node['akkounts']['s3_bucket'] | ||||
|   env[:s3_alias_host] = node['akkounts']['s3_alias_host'] | ||||
|   env[:s3_access_key] = credentials['s3_access_key'] | ||||
|   env[:s3_secret_key] = credentials['s3_secret_key'] | ||||
| end | ||||
| 
 | ||||
| # | ||||
| # Akkounts Deployment | ||||
| # | ||||
| 
 | ||||
| systemd_unit "akkounts.service" do | ||||
|   content({ | ||||
|     Unit: { | ||||
|  | ||||
							
								
								
									
										25
									
								
								site-cookbooks/kosmos_liquor-cabinet/.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								site-cookbooks/kosmos_liquor-cabinet/.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,25 @@ | ||||
| .vagrant | ||||
| *~ | ||||
| *# | ||||
| .#* | ||||
| \#*# | ||||
| .*.sw[a-z] | ||||
| *.un~ | ||||
| 
 | ||||
| # Bundler | ||||
| Gemfile.lock | ||||
| gems.locked | ||||
| bin/* | ||||
| .bundle/* | ||||
| 
 | ||||
| # test kitchen | ||||
| .kitchen/ | ||||
| kitchen.local.yml | ||||
| 
 | ||||
| # Chef Infra | ||||
| Berksfile.lock | ||||
| .zero-knife.rb | ||||
| Policyfile.lock.json | ||||
| 
 | ||||
| .idea/ | ||||
| 
 | ||||
							
								
								
									
										7
									
								
								site-cookbooks/kosmos_liquor-cabinet/CHANGELOG.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								site-cookbooks/kosmos_liquor-cabinet/CHANGELOG.md
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,7 @@ | ||||
| # kosmos_liquor-cabinet CHANGELOG | ||||
| 
 | ||||
| This file is used to list changes made in each version of the kosmos_liquor-cabinet cookbook. | ||||
| 
 | ||||
| ## 0.1.0 | ||||
| 
 | ||||
| Initial release. | ||||
							
								
								
									
										21
									
								
								site-cookbooks/kosmos_liquor-cabinet/LICENSE
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								site-cookbooks/kosmos_liquor-cabinet/LICENSE
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,21 @@ | ||||
| The MIT License (MIT) | ||||
| 
 | ||||
| Copyright (c) 2024 Kosmos Developers | ||||
| 
 | ||||
| Permission is hereby granted, free of charge, to any person obtaining a copy | ||||
| of this software and associated documentation files (the "Software"), to deal | ||||
| in the Software without restriction, including without limitation the rights | ||||
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||||
| copies of the Software, and to permit persons to whom the Software is | ||||
| furnished to do so, subject to the following conditions: | ||||
| 
 | ||||
| The above copyright notice and this permission notice shall be included in | ||||
| all copies or substantial portions of the Software. | ||||
| 
 | ||||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||||
| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||||
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||||
| AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||||
| LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||||
| OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||||
| THE SOFTWARE. | ||||
							
								
								
									
										7
									
								
								site-cookbooks/kosmos_liquor-cabinet/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								site-cookbooks/kosmos_liquor-cabinet/README.md
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,7 @@ | ||||
| # kosmos_liquor-cabinet | ||||
| 
 | ||||
| Installs/configures the [Liquor Cabinet][1] [remoteStorage][2] API server and | ||||
| reverse proxy. | ||||
| 
 | ||||
| [1]: https://gitea.kosmos.org/5apps/liquor-cabinet | ||||
| [2]: https://remotestorage.io | ||||
| @ -0,0 +1,4 @@ | ||||
| node.default['liquor-cabinet']['app_server_role'] = 'liquor_cabinet' | ||||
| node.default['liquor-cabinet']['max_upload_size'] = 100 # MB | ||||
| node.default['liquor-cabinet']['server_name'] = 'storage.example.com' | ||||
| node.default['liquor-cabinet']['root_redirect_url'] = 'https://example.com/storage' | ||||
							
								
								
									
										115
									
								
								site-cookbooks/kosmos_liquor-cabinet/chefignore
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										115
									
								
								site-cookbooks/kosmos_liquor-cabinet/chefignore
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,115 @@ | ||||
| # Put files/directories that should be ignored in this file when uploading | ||||
| # to a Chef Infra Server or Supermarket. | ||||
| # Lines that start with '# ' are comments. | ||||
| 
 | ||||
| # OS generated files # | ||||
| ###################### | ||||
| .DS_Store | ||||
| ehthumbs.db | ||||
| Icon? | ||||
| nohup.out | ||||
| Thumbs.db | ||||
| .envrc | ||||
| 
 | ||||
| # EDITORS # | ||||
| ########### | ||||
| .#* | ||||
| .project | ||||
| .settings | ||||
| *_flymake | ||||
| *_flymake.* | ||||
| *.bak | ||||
| *.sw[a-z] | ||||
| *.tmproj | ||||
| *~ | ||||
| \#* | ||||
| REVISION | ||||
| TAGS* | ||||
| tmtags | ||||
| .vscode | ||||
| .editorconfig | ||||
| 
 | ||||
| ## COMPILED ## | ||||
| ############## | ||||
| *.class | ||||
| *.com | ||||
| *.dll | ||||
| *.exe | ||||
| *.o | ||||
| *.pyc | ||||
| *.so | ||||
| */rdoc/ | ||||
| a.out | ||||
| mkmf.log | ||||
| 
 | ||||
| # Testing # | ||||
| ########### | ||||
| .circleci/* | ||||
| .codeclimate.yml | ||||
| .delivery/* | ||||
| .foodcritic | ||||
| .kitchen* | ||||
| .mdlrc | ||||
| .overcommit.yml | ||||
| .rspec | ||||
| .rubocop.yml | ||||
| .travis.yml | ||||
| .watchr | ||||
| .yamllint | ||||
| azure-pipelines.yml | ||||
| Dangerfile | ||||
| examples/* | ||||
| features/* | ||||
| Guardfile | ||||
| kitchen.yml* | ||||
| mlc_config.json | ||||
| Procfile | ||||
| Rakefile | ||||
| spec/* | ||||
| test/* | ||||
| 
 | ||||
| # SCM # | ||||
| ####### | ||||
| .git | ||||
| .gitattributes | ||||
| .gitconfig | ||||
| .github/* | ||||
| .gitignore | ||||
| .gitkeep | ||||
| .gitmodules | ||||
| .svn | ||||
| */.bzr/* | ||||
| */.git | ||||
| */.hg/* | ||||
| */.svn/* | ||||
| 
 | ||||
| # Berkshelf # | ||||
| ############# | ||||
| Berksfile | ||||
| Berksfile.lock | ||||
| cookbooks/* | ||||
| tmp | ||||
| 
 | ||||
| # Bundler # | ||||
| ########### | ||||
| vendor/* | ||||
| Gemfile | ||||
| Gemfile.lock | ||||
| 
 | ||||
| # Policyfile # | ||||
| ############## | ||||
| Policyfile.rb | ||||
| Policyfile.lock.json | ||||
| 
 | ||||
| # Documentation # | ||||
| ############# | ||||
| CODE_OF_CONDUCT* | ||||
| CONTRIBUTING* | ||||
| documentation/* | ||||
| TESTING* | ||||
| UPGRADING* | ||||
| 
 | ||||
| # Vagrant # | ||||
| ########### | ||||
| .vagrant | ||||
| Vagrantfile | ||||
							
								
								
									
										37
									
								
								site-cookbooks/kosmos_liquor-cabinet/kitchen.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										37
									
								
								site-cookbooks/kosmos_liquor-cabinet/kitchen.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,37 @@ | ||||
| --- | ||||
| driver: | ||||
|   name: dokken | ||||
|   privileged: true  # allows systemd services to start | ||||
| 
 | ||||
| provisioner: | ||||
|   name: dokken | ||||
| 
 | ||||
| transport: | ||||
|   name: dokken | ||||
| 
 | ||||
| verifier: | ||||
|   name: inspec | ||||
| 
 | ||||
| platforms: | ||||
|   # @see https://github.com/chef-cookbooks/testing_examples/blob/main/kitchen.dokken.yml | ||||
|   # @see https://hub.docker.com/u/dokken | ||||
|   - name: ubuntu-20.04 | ||||
|     driver: | ||||
|       image: dokken/ubuntu-20.04 | ||||
|       pid_one_command: /bin/systemd | ||||
|       intermediate_instructions: | ||||
|         - RUN /usr/bin/apt-get update | ||||
| 
 | ||||
|   - name: centos-8 | ||||
|     driver: | ||||
|       image: dokken/centos-8 | ||||
|       pid_one_command: /usr/lib/systemd/systemd | ||||
| 
 | ||||
| suites: | ||||
|   - name: default | ||||
|     run_list: | ||||
|       - recipe[kosmos_liquor-cabinet::default] | ||||
|     verifier: | ||||
|       inspec_tests: | ||||
|         - test/integration/default | ||||
|     attributes: | ||||
							
								
								
									
										12
									
								
								site-cookbooks/kosmos_liquor-cabinet/metadata.rb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								site-cookbooks/kosmos_liquor-cabinet/metadata.rb
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,12 @@ | ||||
| name 'kosmos_liquor-cabinet' | ||||
| maintainer 'Kosmos Developers' | ||||
| maintainer_email 'ops@kosmos.org' | ||||
| license 'MIT' | ||||
| description 'Installs/configures Liquor Cabinet API and reverse proxy' | ||||
| version '0.1.0' | ||||
| chef_version '>= 18.2' | ||||
| issues_url 'https://gitea.kosmos.org/kosmos/chef/issues' | ||||
| # source_url 'https://gitea.kosmos.org/kosmos/chef' | ||||
| 
 | ||||
| depends 'liquor_cabinet' | ||||
| depends 'kosmos_openresty' | ||||
							
								
								
									
										6
									
								
								site-cookbooks/kosmos_liquor-cabinet/recipes/default.rb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								site-cookbooks/kosmos_liquor-cabinet/recipes/default.rb
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,6 @@ | ||||
| # | ||||
| # Cookbook:: kosmos_liquor-cabinet | ||||
| # Recipe:: default | ||||
| # | ||||
| 
 | ||||
| include_recipe 'liquor_cabinet' | ||||
							
								
								
									
										30
									
								
								site-cookbooks/kosmos_liquor-cabinet/recipes/nginx.rb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										30
									
								
								site-cookbooks/kosmos_liquor-cabinet/recipes/nginx.rb
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,30 @@ | ||||
| # | ||||
| # Cookbook:: kosmos_liquor-cabinet | ||||
| # Recipe:: nginx | ||||
| # | ||||
| 
 | ||||
| app_name = node['liquor-cabinet']['app_name'] | ||||
| domain   = node[app_name]['domain'] | ||||
| 
 | ||||
| tls_cert_for domain do | ||||
|   auth "gandi_dns" | ||||
|   action :create | ||||
| end | ||||
| 
 | ||||
| upstream_hosts = [] | ||||
| search(:node, "role:#{node[app_name]['app_server_role']}").each do |node| | ||||
|   upstream_hosts << node["knife_zero"]["host"] | ||||
| end | ||||
| upstream_hosts.push("localhost") if upstream_hosts.empty? | ||||
| 
 | ||||
| openresty_site domain do | ||||
|   template "nginx_conf_liquor-cabinet.erb" | ||||
|   variables app_name: app_name, | ||||
|             server_name: domain, | ||||
|             root_redirect_url: node[app_name]['root_redirect_url'], | ||||
|             max_upload_size: node['liquor-cabinet']['max_upload_size'], | ||||
|             upstream_hosts: upstream_hosts, | ||||
|             upstream_port: node[app_name]['rainbows']['port'], | ||||
|             ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", | ||||
|             ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem" | ||||
| end | ||||
| @ -0,0 +1,79 @@ | ||||
| # | ||||
| # Generated by Chef | ||||
| # | ||||
| upstream _<%= @app_name %> { | ||||
| <% @upstream_hosts.each do |host| -%> | ||||
|   server <%= host %>:<%= @upstream_port %>; | ||||
| <% end -%> | ||||
| } | ||||
| 
 | ||||
| # TODO use cookbook attribute when enabling | ||||
| # variables_hash_max_size 2048; | ||||
| 
 | ||||
| server { | ||||
|   listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>80; | ||||
|   listen [::]:80; | ||||
|   server_name <%= @server_name %>; | ||||
|   # Redirect to https | ||||
|   location / { | ||||
|     return 301 https://<%= @server_name %>$request_uri; | ||||
|   } | ||||
| } | ||||
| 
 | ||||
| server { | ||||
|   listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; | ||||
|   listen [::]:443 ssl http2; | ||||
|   server_name <%= @server_name %>; | ||||
| 
 | ||||
|   access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log; # TODO json_liquor_cabinet; | ||||
|   error_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.error.log warn; | ||||
| 
 | ||||
|   add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; | ||||
| 
 | ||||
|   # TODO | ||||
|   # log_by_lua_file "<%= @log_by_lua_file %>"; | ||||
| 
 | ||||
|   # We need strong ETags, disable compression | ||||
|   gzip off; | ||||
|   # brotli off; | ||||
|   # pagespeed off; | ||||
| 
 | ||||
|   # Set a large maximum upload size | ||||
|   client_max_body_size <%= @max_upload_size %>m; | ||||
| 
 | ||||
|   # TODO | ||||
|   # Use rate limiting (the zone is defined in | ||||
|   # /etc/nginx/conf.d/rate_limiting.conf) | ||||
|   # limit_req zone=per_ip burst=5000; | ||||
| 
 | ||||
|   location = / { | ||||
|     return 301 <%= @root_redirect_url %>; | ||||
|   } | ||||
| 
 | ||||
|   location / { | ||||
|     try_files $uri @proxy; | ||||
|   } | ||||
| 
 | ||||
|   location @proxy { | ||||
|     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|     proxy_set_header X-Forwarded-Proto https; | ||||
|     proxy_set_header Host $http_host; | ||||
| 
 | ||||
|     proxy_redirect off; | ||||
| 
 | ||||
|     proxy_buffering on; | ||||
|     # Increase number of buffers. Default is 8 | ||||
|     proxy_buffers 1024 8k; | ||||
| 
 | ||||
|     # Needed for big uploads | ||||
|     proxy_read_timeout 180s; | ||||
|     proxy_send_timeout 180s; | ||||
| 
 | ||||
|     proxy_pass http://_<%= @app_name %>; | ||||
| 
 | ||||
|     proxy_next_upstream error timeout http_502 http_500; | ||||
|   } | ||||
| 
 | ||||
|   ssl_certificate <%= @ssl_cert %>; | ||||
|   ssl_certificate_key <%= @ssl_key %>; | ||||
| } | ||||
| @ -18,15 +18,8 @@ server { | ||||
|   ssl_certificate     <%= @ssl_cert %>; | ||||
|   ssl_certificate_key <%= @ssl_key %>; | ||||
| 
 | ||||
|   location /.well-known/lnurlp/ { | ||||
|   location ~ ^/.well-known/(webfinger|nostr|lnurlp|keysend) { | ||||
|     proxy_ssl_server_name on; | ||||
|     rewrite /.well-known/lnurlp/([^/]+) /lnurlpay/$1@kosmos.org break; | ||||
|     proxy_pass https://accounts.kosmos.org; | ||||
|   } | ||||
| 
 | ||||
|   location /.well-known/keysend/ { | ||||
|     proxy_ssl_server_name on; | ||||
|     rewrite /.well-known/keysend/([^/]+) /keysend/$1@kosmos.org break; | ||||
|     proxy_pass https://accounts.kosmos.org; | ||||
|   } | ||||
| } | ||||
|  | ||||
							
								
								
									
										25
									
								
								site-cookbooks/liquor_cabinet/.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								site-cookbooks/liquor_cabinet/.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,25 @@ | ||||
| .vagrant | ||||
| *~ | ||||
| *# | ||||
| .#* | ||||
| \#*# | ||||
| .*.sw[a-z] | ||||
| *.un~ | ||||
| 
 | ||||
| # Bundler | ||||
| Gemfile.lock | ||||
| gems.locked | ||||
| bin/* | ||||
| .bundle/* | ||||
| 
 | ||||
| # test kitchen | ||||
| .kitchen/ | ||||
| kitchen.local.yml | ||||
| 
 | ||||
| # Chef Infra | ||||
| Berksfile.lock | ||||
| .zero-knife.rb | ||||
| Policyfile.lock.json | ||||
| 
 | ||||
| .idea/ | ||||
| 
 | ||||
							
								
								
									
										7
									
								
								site-cookbooks/liquor_cabinet/CHANGELOG.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								site-cookbooks/liquor_cabinet/CHANGELOG.md
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,7 @@ | ||||
| # liquor_cabinet CHANGELOG | ||||
| 
 | ||||
| This file is used to list changes made in each version of the liquor_cabinet cookbook. | ||||
| 
 | ||||
| ## 0.1.0 | ||||
| 
 | ||||
| Initial release. | ||||
							
								
								
									
										21
									
								
								site-cookbooks/liquor_cabinet/LICENSE
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								site-cookbooks/liquor_cabinet/LICENSE
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,21 @@ | ||||
| The MIT License (MIT) | ||||
| 
 | ||||
| Copyright (c) 2024 Kosmos Developers | ||||
| 
 | ||||
| Permission is hereby granted, free of charge, to any person obtaining a copy | ||||
| of this software and associated documentation files (the "Software"), to deal | ||||
| in the Software without restriction, including without limitation the rights | ||||
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||||
| copies of the Software, and to permit persons to whom the Software is | ||||
| furnished to do so, subject to the following conditions: | ||||
| 
 | ||||
| The above copyright notice and this permission notice shall be included in | ||||
| all copies or substantial portions of the Software. | ||||
| 
 | ||||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||||
| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||||
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||||
| AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||||
| LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||||
| OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||||
| THE SOFTWARE. | ||||
							
								
								
									
										6
									
								
								site-cookbooks/liquor_cabinet/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								site-cookbooks/liquor_cabinet/README.md
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,6 @@ | ||||
| # liquor_cabinet | ||||
| 
 | ||||
| Installs/configures the [Liquor Cabinet][1] [remoteStorage][2] API server. | ||||
| 
 | ||||
| [1]: https://gitea.kosmos.org/5apps/liquor-cabinet | ||||
| [2]: https://remotestorage.io | ||||
							
								
								
									
										28
									
								
								site-cookbooks/liquor_cabinet/attributes/default.rb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								site-cookbooks/liquor_cabinet/attributes/default.rb
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,28 @@ | ||||
| node.default['liquor-cabinet']['app_name'] = "liquor-cabinet" | ||||
| node.default['liquor-cabinet']['user'] = "deploy" | ||||
| node.default['liquor-cabinet']['group'] = "deploy" | ||||
| node.default['liquor-cabinet']['repo'] = 'https://gitea.kosmos.org/5apps/liquor-cabinet.git' | ||||
| node.default['liquor-cabinet']['revision'] = 'master' | ||||
| node.default['liquor-cabinet']['deploy_path'] = "/opt/#{node['liquor-cabinet']['app_name']}" | ||||
| node.default['liquor-cabinet']['redis_server_role'] = 'redis_server' | ||||
| node.default['liquor-cabinet']['redis_port'] = 6379 | ||||
| node.default['liquor-cabinet']['redis_db'] = 1 | ||||
| node.default['liquor-cabinet']['s3_endpoint'] = nil | ||||
| node.default['liquor-cabinet']['s3_region'] = nil | ||||
| node.default['liquor-cabinet']['s3_bucket'] = nil | ||||
| node.default['liquor-cabinet']['ufw_source_allowed'] = nil | ||||
| node.default['liquor-cabinet']['maintenance_mode_enabled'] = false | ||||
| node.default['liquor-cabinet']['ruby']['version'] = "3.1.4" | ||||
| node.default['liquor-cabinet']['rainbows'] = { | ||||
|   'port' => 3000, | ||||
|   'preload_app' => true, | ||||
|   'timeout' => 60, | ||||
|   'worker_processes' => node['cpu']['total'], | ||||
|   'worker_connections' => 100, | ||||
|   'client_header_buffer_size' => 1024, | ||||
|   'client_max_body_size' => 104857600, | ||||
|   'client_max_header_size' => 114688, | ||||
|   'copy_stream' => 'IO', | ||||
|   'keepalive_requests' => 100, | ||||
|   'keepalive_timeout' => 5 | ||||
| } | ||||
							
								
								
									
										115
									
								
								site-cookbooks/liquor_cabinet/chefignore
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										115
									
								
								site-cookbooks/liquor_cabinet/chefignore
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,115 @@ | ||||
| # Put files/directories that should be ignored in this file when uploading | ||||
| # to a Chef Infra Server or Supermarket. | ||||
| # Lines that start with '# ' are comments. | ||||
| 
 | ||||
| # OS generated files # | ||||
| ###################### | ||||
| .DS_Store | ||||
| ehthumbs.db | ||||
| Icon? | ||||
| nohup.out | ||||
| Thumbs.db | ||||
| .envrc | ||||
| 
 | ||||
| # EDITORS # | ||||
| ########### | ||||
| .#* | ||||
| .project | ||||
| .settings | ||||
| *_flymake | ||||
| *_flymake.* | ||||
| *.bak | ||||
| *.sw[a-z] | ||||
| *.tmproj | ||||
| *~ | ||||
| \#* | ||||
| REVISION | ||||
| TAGS* | ||||
| tmtags | ||||
| .vscode | ||||
| .editorconfig | ||||
| 
 | ||||
| ## COMPILED ## | ||||
| ############## | ||||
| *.class | ||||
| *.com | ||||
| *.dll | ||||
| *.exe | ||||
| *.o | ||||
| *.pyc | ||||
| *.so | ||||
| */rdoc/ | ||||
| a.out | ||||
| mkmf.log | ||||
| 
 | ||||
| # Testing # | ||||
| ########### | ||||
| .circleci/* | ||||
| .codeclimate.yml | ||||
| .delivery/* | ||||
| .foodcritic | ||||
| .kitchen* | ||||
| .mdlrc | ||||
| .overcommit.yml | ||||
| .rspec | ||||
| .rubocop.yml | ||||
| .travis.yml | ||||
| .watchr | ||||
| .yamllint | ||||
| azure-pipelines.yml | ||||
| Dangerfile | ||||
| examples/* | ||||
| features/* | ||||
| Guardfile | ||||
| kitchen.yml* | ||||
| mlc_config.json | ||||
| Procfile | ||||
| Rakefile | ||||
| spec/* | ||||
| test/* | ||||
| 
 | ||||
| # SCM # | ||||
| ####### | ||||
| .git | ||||
| .gitattributes | ||||
| .gitconfig | ||||
| .github/* | ||||
| .gitignore | ||||
| .gitkeep | ||||
| .gitmodules | ||||
| .svn | ||||
| */.bzr/* | ||||
| */.git | ||||
| */.hg/* | ||||
| */.svn/* | ||||
| 
 | ||||
| # Berkshelf # | ||||
| ############# | ||||
| Berksfile | ||||
| Berksfile.lock | ||||
| cookbooks/* | ||||
| tmp | ||||
| 
 | ||||
| # Bundler # | ||||
| ########### | ||||
| vendor/* | ||||
| Gemfile | ||||
| Gemfile.lock | ||||
| 
 | ||||
| # Policyfile # | ||||
| ############## | ||||
| Policyfile.rb | ||||
| Policyfile.lock.json | ||||
| 
 | ||||
| # Documentation # | ||||
| ############# | ||||
| CODE_OF_CONDUCT* | ||||
| CONTRIBUTING* | ||||
| documentation/* | ||||
| TESTING* | ||||
| UPGRADING* | ||||
| 
 | ||||
| # Vagrant # | ||||
| ########### | ||||
| .vagrant | ||||
| Vagrantfile | ||||
							
								
								
									
										37
									
								
								site-cookbooks/liquor_cabinet/kitchen.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										37
									
								
								site-cookbooks/liquor_cabinet/kitchen.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,37 @@ | ||||
| --- | ||||
| driver: | ||||
|   name: dokken | ||||
|   privileged: true  # allows systemd services to start | ||||
| 
 | ||||
| provisioner: | ||||
|   name: dokken | ||||
| 
 | ||||
| transport: | ||||
|   name: dokken | ||||
| 
 | ||||
| verifier: | ||||
|   name: inspec | ||||
| 
 | ||||
| platforms: | ||||
|   # @see https://github.com/chef-cookbooks/testing_examples/blob/main/kitchen.dokken.yml | ||||
|   # @see https://hub.docker.com/u/dokken | ||||
|   - name: ubuntu-20.04 | ||||
|     driver: | ||||
|       image: dokken/ubuntu-20.04 | ||||
|       pid_one_command: /bin/systemd | ||||
|       intermediate_instructions: | ||||
|         - RUN /usr/bin/apt-get update | ||||
| 
 | ||||
|   - name: centos-8 | ||||
|     driver: | ||||
|       image: dokken/centos-8 | ||||
|       pid_one_command: /usr/lib/systemd/systemd | ||||
| 
 | ||||
| suites: | ||||
|   - name: default | ||||
|     run_list: | ||||
|       - recipe[liquor_cabinet::default] | ||||
|     verifier: | ||||
|       inspec_tests: | ||||
|         - test/integration/default | ||||
|     attributes: | ||||
							
								
								
									
										12
									
								
								site-cookbooks/liquor_cabinet/metadata.rb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								site-cookbooks/liquor_cabinet/metadata.rb
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,12 @@ | ||||
| name 'liquor_cabinet' | ||||
| maintainer 'Kosmos Developers' | ||||
| maintainer_email 'ops@kosmos.org' | ||||
| license 'MIT' | ||||
| description 'Installs/configures the Liquor Cabinet remoteStorage API server' | ||||
| version '0.1.0' | ||||
| chef_version '>= 18.2' | ||||
| issues_url 'https://gitea.kosmos.org/kosmos/chef/issues' | ||||
| # source_url 'https://gitea.kosmos.org/kosmos/chef' | ||||
| 
 | ||||
| depends 'firewall' | ||||
| depends "ruby_build" | ||||
							
								
								
									
										139
									
								
								site-cookbooks/liquor_cabinet/recipes/default.rb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										139
									
								
								site-cookbooks/liquor_cabinet/recipes/default.rb
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,139 @@ | ||||
| # | ||||
| # Cookbook:: liquor_cabinet | ||||
| # Recipe:: default | ||||
| # | ||||
| 
 | ||||
| app_name     = node['liquor-cabinet']['app_name'] | ||||
| deploy_user  = node[app_name]['user'] | ||||
| deploy_group = node[app_name]['group'] | ||||
| deploy_path  = node[app_name]['deploy_path'] | ||||
| credentials  = Chef::EncryptedDataBagItem.load('credentials', app_name) | ||||
| 
 | ||||
| ruby_version = node[app_name]['ruby']['version'] | ||||
| ruby_path    = "/opt/ruby_build/builds/#{ruby_version}" | ||||
| bundle_path  = "#{ruby_path}/bin/bundle" | ||||
| rack_env     = node.chef_environment == "production" ? "production" : "development" | ||||
| 
 | ||||
| ruby_build_install 'v20231225' | ||||
| ruby_build_definition ruby_version do | ||||
|   prefix_path ruby_path | ||||
| end | ||||
| 
 | ||||
| group deploy_group | ||||
| 
 | ||||
| user deploy_user do | ||||
|   group       deploy_group | ||||
|   manage_home true | ||||
|   shell       "/bin/bash" | ||||
| end | ||||
| 
 | ||||
| directory deploy_path do | ||||
|   owner deploy_user | ||||
|   group deploy_group | ||||
|   mode  '0750' | ||||
| end | ||||
| 
 | ||||
| redis_server_role = node[app_name]['redis_server_role'] | ||||
| redis_host = search(:node, "role:#{redis_server_role}").first['knife_zero']['host'] rescue nil | ||||
| if redis_host.nil? | ||||
|   Chef::Log.warn("No node found with '#{redis_server_role}' role. Stopping here.") | ||||
|   return | ||||
| end | ||||
| 
 | ||||
| git deploy_path do | ||||
|   repository node[app_name]['repo'] | ||||
|   revision node[app_name]['revision'] | ||||
|   user  deploy_user | ||||
|   group deploy_group | ||||
|   notifies :restart, "service[#{app_name}]", :delayed | ||||
| end | ||||
| 
 | ||||
| directory "#{deploy_path}/tmp" do | ||||
|   owner deploy_user | ||||
|   group deploy_group | ||||
|   mode  0750 | ||||
| end | ||||
| 
 | ||||
| execute "bundle install" do | ||||
|   user deploy_user | ||||
|   cwd deploy_path | ||||
|   command "#{bundle_path} install --without development,test --deployment" | ||||
| end | ||||
| 
 | ||||
| template "#{deploy_path}/config.yml.erb" do | ||||
|   source 'config.yml.erb' | ||||
|   owner deploy_user | ||||
|   group deploy_group | ||||
|   mode '0600' | ||||
|   sensitive true | ||||
|   variables environment: rack_env, | ||||
|             redis_host: redis_host, | ||||
|             redis_port: node[app_name]['redis_port'], | ||||
|             redis_db: node[app_name]['redis_db'], | ||||
|             s3_endpoint: node[app_name]['s3_endpoint'], | ||||
|             s3_region: node[app_name]['s3_region'], | ||||
|             s3_bucket: node[app_name]['s3_bucket'], | ||||
|             s3_access_key: credentials['s3_access_key'], | ||||
|             s3_secret_key: credentials['s3_secret_key'], | ||||
|             maintenance_mode_enabled: node[app_name]['maintenance_mode_enabled'] | ||||
|             # TODO sentry_dsn: credentials['sentry_dsn'] | ||||
|   notifies :restart, "service[#{app_name}]", :delayed | ||||
| end | ||||
| 
 | ||||
| directory '/etc/rainbows' do | ||||
|   owner deploy_user | ||||
|   group deploy_group | ||||
|   mode  '0750' | ||||
| end | ||||
| 
 | ||||
| template "/etc/rainbows/#{app_name}.rb" do | ||||
|   source 'rainbows.rb.erb' | ||||
|   owner deploy_user | ||||
|   group deploy_group | ||||
|   mode '0640' | ||||
|   variables user: deploy_user, | ||||
|             group: deploy_group, | ||||
|             app_name: app_name, | ||||
|             working_directory: deploy_path, | ||||
|             config: node[app_name]['rainbows'] | ||||
|   notifies :restart, "service[#{app_name}]", :delayed | ||||
| end | ||||
| 
 | ||||
| systemd_unit "#{app_name}.service" do | ||||
|   content({ | ||||
|     Unit: { | ||||
|       Description: "Liquor Cabinet remoteStorage HTTP API", | ||||
|       Documentation: ["https://gitea.kosmos.org/5apps/liquor-cabinet"], | ||||
|       After: "syslog.target network.target" | ||||
|     }, | ||||
|     Service: { | ||||
|       Type: "simple", | ||||
|       User: deploy_user, | ||||
|       WorkingDirectory: deploy_path, | ||||
|       Environment: "RACK_ENV=#{rack_env}", | ||||
|       ExecStart: "#{bundle_path} exec rainbows -c /etc/rainbows/#{app_name}.rb -E #{rack_env}", | ||||
|       PIDFile: "#{deploy_path}/tmp/rainbows.pid", | ||||
|       TimeoutSec: "10", | ||||
|       Restart: "on-failure", | ||||
|     }, | ||||
|     Install: { | ||||
|       WantedBy: "multi-user.target" | ||||
|     } | ||||
|   }) | ||||
|   verify false | ||||
|   triggers_reload true | ||||
|   action [:create, :enable] | ||||
| end | ||||
| 
 | ||||
| service app_name do | ||||
|   action [:enable, :start] | ||||
| end | ||||
| 
 | ||||
| if node[app_name]['ufw_source_allowed'] | ||||
|   firewall_rule app_name do | ||||
|     command  :allow | ||||
|     protocol :tcp | ||||
|     port     node[app_name]['rainbows']['port'] | ||||
|     source   node[app_name]['ufw_source_allowed'] | ||||
|   end | ||||
| end | ||||
							
								
								
									
										12
									
								
								site-cookbooks/liquor_cabinet/templates/config.yml.erb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								site-cookbooks/liquor_cabinet/templates/config.yml.erb
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,12 @@ | ||||
| <%= @environment %>: | ||||
|   maintenance: <%= @maintenance_mode_enabled %> | ||||
|   redis: | ||||
|     host: <%= @redis_host %> | ||||
|     port: <%= @redis_port %> | ||||
|     db: <%= @redis_db %> | ||||
|   s3: | ||||
|     endpoint: <%= @s3_endpoint %> | ||||
|     region: <%= @s3_region %> | ||||
|     bucket: <%= @s3_bucket %> | ||||
|     access_key_id: <%= @s3_access_key %> | ||||
|     secret_key_id: <%= @s3_secret_key %> | ||||
							
								
								
									
										32
									
								
								site-cookbooks/liquor_cabinet/templates/rainbows.rb.erb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								site-cookbooks/liquor_cabinet/templates/rainbows.rb.erb
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,32 @@ | ||||
| ## | ||||
| # Rainbows config at /etc/rainbows/<%= @app_name %>.rb | ||||
| # Managed by Chef - Local changes will be overwritten by Chef runs | ||||
| ## | ||||
| 
 | ||||
| # What ports/sockets to listen on, and what options for them. | ||||
| listen "<%= @config['port'] %>", { tcp_nodelay: true, backlog: 100 } | ||||
| 
 | ||||
| # What the timeout for killing busy workers is, in seconds | ||||
| timeout <%= @config['timeout'] %> | ||||
| 
 | ||||
| # Whether the app should be pre-loaded | ||||
| preload_app <%= @config['preload_app'] %> | ||||
| 
 | ||||
| # How many worker processes | ||||
| worker_processes <%= @config['worker_processes'] %> | ||||
| 
 | ||||
| # Run forked children as specified user/group | ||||
| user "<%= @user %>", "<%= @group %>" | ||||
| 
 | ||||
| pid "<%= @working_directory %>/tmp/rainbows.pid" | ||||
| 
 | ||||
| Rainbows! do | ||||
|   use :ThreadSpawn | ||||
|   client_header_buffer_size <%= @config['client_header_buffer_size'] %> | ||||
|   client_max_body_size <%= @config['client_max_body_size'] %> | ||||
|   client_max_header_size <%= @config['client_max_header_size'] %> | ||||
|   copy_stream <%= @config['copy_stream'] %> | ||||
|   keepalive_requests <%= @config['keepalive_requests'] %> | ||||
|   keepalive_timeout <%= @config['keepalive_timeout'] %> | ||||
|   worker_connections <%= @config['worker_connections'] %> | ||||
| end | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user