-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
3414d40
commit 4541962
Showing
27 changed files
with
3,675 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
Gemfile.lock | ||
tmp/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
language: ruby | ||
gemfile: | ||
- test/support/Gemfile | ||
rvm: | ||
- 1.9.3 | ||
script: BUNDLE_GEMFILE=test/support/Gemfile bundle exec rake test foodcritic |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
## 0.0.1 | ||
|
||
The initial release. | ||
|
||
[@anthroprose]: https://github.com/anthroprose |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
maintainer "Alex Corley" | ||
maintainer_email "acorley@anthroprose.com" | ||
license "Apache 2.0" | ||
description "Manages anthroprose.com" | ||
version "0.0.1" | ||
|
||
supports "ubuntu" | ||
|
||
recipe "default", "Default Recipe" | ||
|
||
depends "user" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
execute "hostname" do | ||
command "echo #{node['nginx']['default_domain']} >> /etc/hostname;host -F /etc/hostname" | ||
creates "#{node['tinytinyrss']['dir']}/db.log" | ||
end | ||
|
||
Array(node['dependencies']).each do |p| | ||
package p do | ||
action :install | ||
end | ||
end | ||
|
||
########################## NGINX | ||
|
||
template "/etc/php5/cgi/php.ini" do | ||
source "php.ini.erb" | ||
owner "root" | ||
group "root" | ||
mode "0655" | ||
variables() | ||
end | ||
|
||
directory "/etc/nginx/ssl/" do | ||
owner "root" | ||
group "root" | ||
mode "0755" | ||
action :create | ||
recursive true | ||
end | ||
|
||
Array(node['nginx']['sites']).each do |u| | ||
|
||
Chef::Log.info "Generating site configuration for: " << u['domain'] | ||
|
||
if u.has_key?('uwsgi_port') then | ||
template "/etc/uwsgi/apps-enabled/#{u['domain']}.ini" do | ||
source "uwsgi.erb" | ||
owner "root" | ||
group "root" | ||
variables( | ||
:port => u['uwsgi_port'], | ||
:directory => u['directory'] | ||
) | ||
end | ||
end | ||
|
||
template "/etc/nginx/sites-enabled/#{u['domain']}.conf" do | ||
source "nginx-site.erb" | ||
owner "root" | ||
group "root" | ||
variables( | ||
:uwsgi_port => u['uwsgi_port']||'', | ||
:directory => u['directory'], | ||
:domain => u['domain'], | ||
:proxy => u['proxy']||'false', | ||
:https => u['https']||'false', | ||
:proxy_location => u['proxy_location']||'' | ||
) | ||
notifies :restart, "service[nginx]" | ||
end | ||
|
||
script "create-ssl-certs-#{u['domain']}" do | ||
not_if { File.exists?("/etc/nginx/ssl/#{u[:domain]}.crt") } | ||
interpreter "bash" | ||
timeout 3600 | ||
user "root" | ||
group "root" | ||
cwd "/etc/nginx/ssl/" | ||
code <<-EOH | ||
openssl req -new -x509 -nodes -out /etc/nginx/ssl/#{u[:domain]}.crt -keyout /etc/nginx/ssl/#{u[:domain]}.key -subj \"/C=#{node[:nginx][:ssl][:country]}/ST=#{node[:nginx][:ssl][:state]}/L=#{node[:nginx][:ssl][:city]}/O=#{u[:domain]}/OU=#{u[:domain]}/CN=#{u[:domain]}/emailAddress=webmaster@#{u[:domain]}\" | ||
EOH | ||
end | ||
|
||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
config = data_bag_item('anthroprose', 'config') | ||
|
||
node.default['mysql']['server_root_password'] = config["mysql_root_password"] | ||
node.default['mysql']['server_debian_password'] = config["mysql_root_password"] | ||
node.default['mysql']['server_repl_password'] = config["mysql_root_password"] | ||
node.default['wordpress']['db']['password'] = config["mysql_root_password"] | ||
node.default['wordpress']['keys']['auth'] = config["wordpress_keys_hash"] | ||
node.default['wordpress']['keys']['secure_auth'] = config["wordpress_keys_hash"] | ||
node.default['wordpress']['keys']['logged_in'] = config["wordpress_keys_hash"] | ||
node.default['wordpress']['keys']['nonce'] = config["wordpress_keys_hash"] | ||
node.default['diaspora']['facebook']['enable'] = config["diaspora_facebook_enable"]||'false' | ||
node.default['diaspora']['facebook']['app_id'] = config["diaspora_facebook_app_id"]||'' | ||
node.default['diaspora']['facebook']['secret'] = config["diaspora_facebook_secret"]||'' |
41 changes: 41 additions & 0 deletions
41
chef-repo/cookbooks/rpi-mesh/templates/default/10-ssl.conf.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
## | ||
## SSL settings | ||
## | ||
|
||
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> | ||
ssl = yes | ||
|
||
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before | ||
# dropping root privileges, so keep the key file unreadable by anyone but | ||
# root. Included doc/mkcert.sh can be used to easily generate self-signed | ||
# certificate, just make sure to update the domains in dovecot-openssl.cnf | ||
ssl_cert = </etc/nginx/ssl/mail.<%= node['nginx']['default_domain'] %>.crt | ||
ssl_key = </etc/nginx/ssl/mail.<%= node['nginx']['default_domain'] %>.key | ||
|
||
# If key file is password protected, give the password here. Alternatively | ||
# give it when starting dovecot with -p parameter. Since this file is often | ||
# world-readable, you may want to place this setting instead to a different | ||
# root owned 0600 file by using ssl_key_password = <path. | ||
#ssl_key_password = | ||
|
||
# PEM encoded trusted certificate authority. Set this only if you intend to use | ||
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s) | ||
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem) | ||
#ssl_ca = | ||
|
||
# Request client to send a certificate. If you also want to require it, set | ||
# auth_ssl_require_client_cert=yes in auth section. | ||
#ssl_verify_client_cert = no | ||
|
||
# Which field from certificate to use for username. commonName and | ||
# x500UniqueIdentifier are the usual choices. You'll also need to set | ||
# auth_ssl_username_from_cert=yes. | ||
#ssl_cert_username_field = commonName | ||
|
||
# How often to regenerate the SSL parameters file. Generation is quite CPU | ||
# intensive operation. The value is in hours, 0 disables regeneration | ||
# entirely. | ||
#ssl_parameters_regenerate = 168 | ||
|
||
# SSL ciphers to use | ||
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL |
9 changes: 9 additions & 0 deletions
9
chef-repo/cookbooks/rpi-mesh/templates/default/auth-master.conf.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
userdb { | ||
args = /etc/dovecot/dovecot-sql.conf | ||
driver = sql | ||
} | ||
|
||
passdb { | ||
driver = sql | ||
args = /etc/dovecot/dovecot-sql.conf | ||
} |
131 changes: 131 additions & 0 deletions
131
chef-repo/cookbooks/rpi-mesh/templates/default/conf.php.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,131 @@ | ||
<?php | ||
/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */ | ||
// $Id: 968066befa22268df1b08080d9867fa05590d7bc $ | ||
$conf['vhosts'] = false; | ||
$conf['debug_level'] = E_ALL & ~E_NOTICE; | ||
$conf['max_exec_time'] = 0; | ||
$conf['compress_pages'] = true; | ||
$conf['secret_key'] = '51524fa2-45ec-4e3b-bdc8-16c123605aef'; | ||
$conf['umask'] = 077; | ||
$conf['testdisable'] = true; | ||
$conf['use_ssl'] = 1; | ||
$conf['server']['name'] = $_SERVER['SERVER_NAME']; | ||
$conf['urls']['token_lifetime'] = 30; | ||
$conf['urls']['hmac_lifetime'] = 30; | ||
$conf['urls']['pretty'] = false; | ||
$conf['safe_ips'] = array(); | ||
$conf['session']['name'] = 'Horde'; | ||
$conf['session']['use_only_cookies'] = true; | ||
$conf['session']['cache_limiter'] = 'nocache'; | ||
$conf['session']['timeout'] = 0; | ||
$conf['session']['max_time'] = 0; | ||
$conf['cookie']['domain'] = $_SERVER['SERVER_NAME']; | ||
$conf['cookie']['path'] = '/'; | ||
$conf['sql']['username'] = 'root'; | ||
$conf['sql']['password'] = '<%= node['mysql']['server_root_password'] %>'; | ||
$conf['sql']['hostspec'] = '127.0.0.1'; | ||
$conf['sql']['port'] = 3306; | ||
$conf['sql']['protocol'] = 'tcp'; | ||
$conf['sql']['database'] = '<%= node['horde']['db']['database'] %>'; | ||
$conf['sql']['charset'] = 'utf-8'; | ||
$conf['sql']['ssl'] = false; | ||
$conf['sql']['splitread'] = false; | ||
$conf['sql']['phptype'] = 'mysqli'; | ||
$conf['ldap']['useldap'] = false; | ||
$conf['auth']['admins'] = array('Administrator', '<%= node['horde']['admin_user'] %>'); | ||
$conf['auth']['checkip'] = true; | ||
$conf['auth']['checkbrowser'] = true; | ||
$conf['auth']['resetpassword'] = true; | ||
$conf['auth']['alternate_login'] = false; | ||
$conf['auth']['redirect_on_logout'] = false; | ||
$conf['auth']['list_users'] = 'list'; | ||
$conf['auth']['params']['hostspec'] = 'localhost'; | ||
$conf['auth']['params']['port'] = 993; | ||
$conf['auth']['params']['secure'] = 'ssl'; | ||
$conf['auth']['driver'] = 'imap'; | ||
$conf['auth']['params']['count_bad_logins'] = false; | ||
$conf['auth']['params']['login_block'] = false; | ||
$conf['auth']['params']['login_block_count'] = 5; | ||
$conf['auth']['params']['login_block_time'] = 5; | ||
$conf['signup']['allow'] = false; | ||
$conf['log']['priority'] = 'DEBUG'; | ||
$conf['log']['ident'] = 'HORDE'; | ||
$conf['log']['name'] = LOG_USER; | ||
$conf['log']['type'] = 'syslog'; | ||
$conf['log']['enabled'] = true; | ||
$conf['log_accesskeys'] = false; | ||
$conf['prefs']['params']['driverconfig'] = 'horde'; | ||
$conf['prefs']['driver'] = 'Sql'; | ||
$conf['alarms']['params']['driverconfig'] = 'horde'; | ||
$conf['alarms']['params']['ttl'] = 300; | ||
$conf['alarms']['driver'] = 'Sql'; | ||
$conf['group']['driverconfig'] = 'horde'; | ||
$conf['group']['driver'] = 'Sql'; | ||
$conf['perms']['driverconfig'] = 'horde'; | ||
$conf['perms']['driver'] = 'Sql'; | ||
$conf['share']['no_sharing'] = false; | ||
$conf['share']['auto_create'] = true; | ||
$conf['share']['world'] = true; | ||
$conf['share']['any_group'] = false; | ||
$conf['share']['hidden'] = false; | ||
$conf['share']['cache'] = false; | ||
$conf['share']['driver'] = 'Sqlng'; | ||
$conf['cache']['default_lifetime'] = 86400; | ||
$conf['cache']['params']['sub'] = 0; | ||
$conf['cache']['driver'] = 'File'; | ||
$conf['cache']['compress'] = true; | ||
$conf['cache']['use_memorycache'] = ''; | ||
$conf['cachecssparams']['url_version_param'] = true; | ||
$conf['cachecss'] = false; | ||
$conf['cachejsparams']['url_version_param'] = true; | ||
$conf['cachejs'] = false; | ||
$conf['cachethemes'] = false; | ||
$conf['lock']['params']['driverconfig'] = 'horde'; | ||
$conf['lock']['driver'] = 'Sql'; | ||
$conf['token']['params']['driverconfig'] = 'horde'; | ||
$conf['token']['driver'] = 'Sql'; | ||
$conf['mailer']['params']['sendmail_path'] = '/usr/lib/sendmail'; | ||
$conf['mailer']['params']['sendmail_args'] = '-oi'; | ||
$conf['mailer']['type'] = 'sendmail'; | ||
$conf['mailformat']['brokenrfc2231'] = false; | ||
$conf['vfs']['params']['driverconfig'] = 'horde'; | ||
$conf['vfs']['type'] = 'Sql'; | ||
$conf['sessionhandler']['params']['driverconfig'] = 'horde'; | ||
$conf['sessionhandler']['type'] = 'Sql'; | ||
$conf['sessionhandler']['memcache'] = false; | ||
$conf['spell']['params']['path'] = '/usr/bin/aspell'; | ||
$conf['spell']['driver'] = 'aspell'; | ||
$conf['gnupg']['keyserver'] = array('pool.sks-keyservers.net'); | ||
$conf['gnupg']['timeout'] = 10; | ||
$conf['nobase64_img'] = false; | ||
$conf['image']['driver'] = false; | ||
$conf['exif']['driver'] = 'Bundled'; | ||
$conf['timezone']['location'] = 'ftp://ftp.iana.org/tz/tzdata-latest.tar.gz'; | ||
$conf['problems']['email'] = 'webmaster@<%= node['nginx']['default_domain'] %>'; | ||
$conf['problems']['maildomain'] = '<%= node['nginx']['default_domain'] %>'; | ||
$conf['problems']['tickets'] = false; | ||
$conf['problems']['attachments'] = true; | ||
$conf['menu']['links']['help'] = 'all'; | ||
$conf['menu']['links']['prefs'] = 'authenticated'; | ||
$conf['menu']['links']['problem'] = 'all'; | ||
$conf['menu']['links']['login'] = 'all'; | ||
$conf['menu']['links']['logout'] = 'authenticated'; | ||
$conf['portal']['fixed_blocks'] = array(); | ||
$conf['accounts']['driver'] = 'null'; | ||
$conf['user']['verify_from_addr'] = false; | ||
$conf['user']['select_view'] = true; | ||
$conf['facebook']['enabled'] = false; | ||
$conf['twitter']['enabled'] = false; | ||
$conf['urlshortener'] = false; | ||
$conf['weather']['provider'] = false; | ||
$conf['imap']['server'] = 'localhost'; | ||
$conf['imap']['port'] = 993; | ||
$conf['imap']['secure'] = 'ssl'; | ||
$conf['imap']['maildomain'] = '<%= node['nginx']['default_domain'] %>'; | ||
$conf['imap']['cache_folders'] = true; | ||
$conf['imap']['enabled'] = true; | ||
$conf['imsp']['enabled'] = false; | ||
$conf['kolab']['enabled'] = false; | ||
$conf['memcache']['enabled'] = false; | ||
$conf['activesync']['enabled'] = false; | ||
/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */ |
Oops, something went wrong.