.

anthroprose · Apr 6, 2013 · 4541962 · 4541962
1 parent 3414d40
commit 4541962
Show file tree

Hide file tree

Showing 27 changed files with 3,675 additions and 0 deletions.
diff --git a/chef-repo/cookbooks/rpi-mesh/.gitignore b/chef-repo/cookbooks/rpi-mesh/.gitignore
@@ -0,0 +1,2 @@
+Gemfile.lock
+tmp/
diff --git a/chef-repo/cookbooks/rpi-mesh/.travis.yml b/chef-repo/cookbooks/rpi-mesh/.travis.yml
@@ -0,0 +1,6 @@
+language: ruby
+gemfile:
+  - test/support/Gemfile
+rvm:
+  - 1.9.3
+script: BUNDLE_GEMFILE=test/support/Gemfile bundle exec rake test foodcritic
diff --git a/chef-repo/cookbooks/rpi-mesh/CHANGELOG.md b/chef-repo/cookbooks/rpi-mesh/CHANGELOG.md
@@ -0,0 +1,5 @@
+## 0.0.1 
+
+The initial release.
+
+[@anthroprose]: https://github.com/anthroprose
diff --git a/chef-repo/cookbooks/rpi-mesh/attributes/default.rb b/chef-repo/cookbooks/rpi-mesh/attributes/default.rb
diff --git a/chef-repo/cookbooks/rpi-mesh/metadata.rb b/chef-repo/cookbooks/rpi-mesh/metadata.rb
@@ -0,0 +1,11 @@
+maintainer       "Alex Corley"
+maintainer_email "acorley@anthroprose.com"
+license          "Apache 2.0"
+description      "Manages anthroprose.com"
+version          "0.0.1"
+
+supports "ubuntu"
+
+recipe "default", "Default Recipe"
+
+depends           "user"
diff --git a/chef-repo/cookbooks/rpi-mesh/recipes/default.rb b/chef-repo/cookbooks/rpi-mesh/recipes/default.rb
@@ -0,0 +1,73 @@
+execute "hostname" do
+  command "echo #{node['nginx']['default_domain']} >> /etc/hostname;host -F /etc/hostname"
+  creates "#{node['tinytinyrss']['dir']}/db.log"
+end
+
+Array(node['dependencies']).each do |p|
+  package p do
+    action :install
+  end
+end
+
+########################## NGINX
+
+template "/etc/php5/cgi/php.ini" do
+  source "php.ini.erb"
+  owner "root"
+  group "root"
+  mode "0655"
+  variables()
+end
+
+directory "/etc/nginx/ssl/" do
+  owner "root"
+  group "root"
+  mode "0755"
+  action :create
+  recursive true
+end
+
+Array(node['nginx']['sites']).each do |u|
+
+	Chef::Log.info "Generating site configuration for: " << u['domain']
+
+  if u.has_key?('uwsgi_port') then
+  	template "/etc/uwsgi/apps-enabled/#{u['domain']}.ini" do
+  	  source "uwsgi.erb"
+  	  owner "root"
+  	  group "root"
+  	  variables(
+  		:port => u['uwsgi_port'],
+  		:directory => u['directory']
+  	  )
+  	end
+	end
+
+	template "/etc/nginx/sites-enabled/#{u['domain']}.conf" do
+	  source "nginx-site.erb"
+	  owner "root"
+	  group "root"
+	  variables(
+		:uwsgi_port => u['uwsgi_port']||'',
+		:directory => u['directory'],
+		:domain => u['domain'],
+		:proxy => u['proxy']||'false',
+		:https => u['https']||'false',
+		:proxy_location => u['proxy_location']||''
+	  )
+	  notifies :restart, "service[nginx]"
+	end
+
+  script "create-ssl-certs-#{u['domain']}" do
+    not_if { File.exists?("/etc/nginx/ssl/#{u[:domain]}.crt") }
+    interpreter "bash"
+    timeout 3600
+    user "root"
+    group "root"
+    cwd "/etc/nginx/ssl/"
+    code <<-EOH
+      openssl req -new -x509 -nodes -out /etc/nginx/ssl/#{u[:domain]}.crt -keyout /etc/nginx/ssl/#{u[:domain]}.key -subj \"/C=#{node[:nginx][:ssl][:country]}/ST=#{node[:nginx][:ssl][:state]}/L=#{node[:nginx][:ssl][:city]}/O=#{u[:domain]}/OU=#{u[:domain]}/CN=#{u[:domain]}/emailAddress=webmaster@#{u[:domain]}\"
+    EOH
+  end
+
+end
diff --git a/chef-repo/cookbooks/rpi-mesh/recipes/init.rb b/chef-repo/cookbooks/rpi-mesh/recipes/init.rb
@@ -0,0 +1,13 @@
+config = data_bag_item('anthroprose', 'config')
+
+node.default['mysql']['server_root_password'] = config["mysql_root_password"]
+node.default['mysql']['server_debian_password'] = config["mysql_root_password"]
+node.default['mysql']['server_repl_password'] = config["mysql_root_password"]
+node.default['wordpress']['db']['password'] = config["mysql_root_password"]
+node.default['wordpress']['keys']['auth'] = config["wordpress_keys_hash"]
+node.default['wordpress']['keys']['secure_auth'] = config["wordpress_keys_hash"]
+node.default['wordpress']['keys']['logged_in'] = config["wordpress_keys_hash"]
+node.default['wordpress']['keys']['nonce'] = config["wordpress_keys_hash"]
+node.default['diaspora']['facebook']['enable'] = config["diaspora_facebook_enable"]||'false'
+node.default['diaspora']['facebook']['app_id'] = config["diaspora_facebook_app_id"]||''
+node.default['diaspora']['facebook']['secret'] = config["diaspora_facebook_secret"]||''
diff --git a/chef-repo/cookbooks/rpi-mesh/templates/default/10-ssl.conf.erb b/chef-repo/cookbooks/rpi-mesh/templates/default/10-ssl.conf.erb
@@ -0,0 +1,41 @@
+##
+## SSL settings
+##
+
+# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
+ssl = yes
+
+# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+# dropping root privileges, so keep the key file unreadable by anyone but
+# root. Included doc/mkcert.sh can be used to easily generate self-signed
+# certificate, just make sure to update the domains in dovecot-openssl.cnf
+ssl_cert = </etc/nginx/ssl/mail.<%= node['nginx']['default_domain'] %>.crt
+ssl_key = </etc/nginx/ssl/mail.<%= node['nginx']['default_domain'] %>.key
+
+# If key file is password protected, give the password here. Alternatively
+# give it when starting dovecot with -p parameter. Since this file is often
+# world-readable, you may want to place this setting instead to a different
+# root owned 0600 file by using ssl_key_password = <path.
+#ssl_key_password =
+
+# PEM encoded trusted certificate authority. Set this only if you intend to use
+# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
+# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
+#ssl_ca = 
+
+# Request client to send a certificate. If you also want to require it, set
+# auth_ssl_require_client_cert=yes in auth section.
+#ssl_verify_client_cert = no
+
+# Which field from certificate to use for username. commonName and
+# x500UniqueIdentifier are the usual choices. You'll also need to set
+# auth_ssl_username_from_cert=yes.
+#ssl_cert_username_field = commonName
+
+# How often to regenerate the SSL parameters file. Generation is quite CPU
+# intensive operation. The value is in hours, 0 disables regeneration
+# entirely.
+#ssl_parameters_regenerate = 168
+
+# SSL ciphers to use
+#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
diff --git a/chef-repo/cookbooks/rpi-mesh/templates/default/auth-master.conf.erb b/chef-repo/cookbooks/rpi-mesh/templates/default/auth-master.conf.erb
@@ -0,0 +1,9 @@
+userdb {
+	args = /etc/dovecot/dovecot-sql.conf
+	driver = sql
+}
+
+passdb {
+	driver = sql
+	args = /etc/dovecot/dovecot-sql.conf
+}
diff --git a/chef-repo/cookbooks/rpi-mesh/templates/default/conf.php.erb b/chef-repo/cookbooks/rpi-mesh/templates/default/conf.php.erb
@@ -0,0 +1,131 @@
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 968066befa22268df1b08080d9867fa05590d7bc $
+$conf['vhosts'] = false;
+$conf['debug_level'] = E_ALL & ~E_NOTICE;
+$conf['max_exec_time'] = 0;
+$conf['compress_pages'] = true;
+$conf['secret_key'] = '51524fa2-45ec-4e3b-bdc8-16c123605aef';
+$conf['umask'] = 077;
+$conf['testdisable'] = true;
+$conf['use_ssl'] = 1;
+$conf['server']['name'] = $_SERVER['SERVER_NAME'];
+$conf['urls']['token_lifetime'] = 30;
+$conf['urls']['hmac_lifetime'] = 30;
+$conf['urls']['pretty'] = false;
+$conf['safe_ips'] = array();
+$conf['session']['name'] = 'Horde';
+$conf['session']['use_only_cookies'] = true;
+$conf['session']['cache_limiter'] = 'nocache';
+$conf['session']['timeout'] = 0;
+$conf['session']['max_time'] = 0;
+$conf['cookie']['domain'] = $_SERVER['SERVER_NAME'];
+$conf['cookie']['path'] = '/';
+$conf['sql']['username'] = 'root';
+$conf['sql']['password'] = '<%= node['mysql']['server_root_password'] %>';
+$conf['sql']['hostspec'] = '127.0.0.1';
+$conf['sql']['port'] = 3306;
+$conf['sql']['protocol'] = 'tcp';
+$conf['sql']['database'] = '<%= node['horde']['db']['database'] %>';
+$conf['sql']['charset'] = 'utf-8';
+$conf['sql']['ssl'] = false;
+$conf['sql']['splitread'] = false;
+$conf['sql']['phptype'] = 'mysqli';
+$conf['ldap']['useldap'] = false;
+$conf['auth']['admins'] = array('Administrator', '<%= node['horde']['admin_user'] %>');
+$conf['auth']['checkip'] = true;
+$conf['auth']['checkbrowser'] = true;
+$conf['auth']['resetpassword'] = true;
+$conf['auth']['alternate_login'] = false;
+$conf['auth']['redirect_on_logout'] = false;
+$conf['auth']['list_users'] = 'list';
+$conf['auth']['params']['hostspec'] = 'localhost';
+$conf['auth']['params']['port'] = 993;
+$conf['auth']['params']['secure'] = 'ssl';
+$conf['auth']['driver'] = 'imap';
+$conf['auth']['params']['count_bad_logins'] = false;
+$conf['auth']['params']['login_block'] = false;
+$conf['auth']['params']['login_block_count'] = 5;
+$conf['auth']['params']['login_block_time'] = 5;
+$conf['signup']['allow'] = false;
+$conf['log']['priority'] = 'DEBUG';
+$conf['log']['ident'] = 'HORDE';
+$conf['log']['name'] = LOG_USER;
+$conf['log']['type'] = 'syslog';
+$conf['log']['enabled'] = true;
+$conf['log_accesskeys'] = false;
+$conf['prefs']['params']['driverconfig'] = 'horde';
+$conf['prefs']['driver'] = 'Sql';
+$conf['alarms']['params']['driverconfig'] = 'horde';
+$conf['alarms']['params']['ttl'] = 300;
+$conf['alarms']['driver'] = 'Sql';
+$conf['group']['driverconfig'] = 'horde';
+$conf['group']['driver'] = 'Sql';
+$conf['perms']['driverconfig'] = 'horde';
+$conf['perms']['driver'] = 'Sql';
+$conf['share']['no_sharing'] = false;
+$conf['share']['auto_create'] = true;
+$conf['share']['world'] = true;
+$conf['share']['any_group'] = false;
+$conf['share']['hidden'] = false;
+$conf['share']['cache'] = false;
+$conf['share']['driver'] = 'Sqlng';
+$conf['cache']['default_lifetime'] = 86400;
+$conf['cache']['params']['sub'] = 0;
+$conf['cache']['driver'] = 'File';
+$conf['cache']['compress'] = true;
+$conf['cache']['use_memorycache'] = '';
+$conf['cachecssparams']['url_version_param'] = true;
+$conf['cachecss'] = false;
+$conf['cachejsparams']['url_version_param'] = true;
+$conf['cachejs'] = false;
+$conf['cachethemes'] = false;
+$conf['lock']['params']['driverconfig'] = 'horde';
+$conf['lock']['driver'] = 'Sql';
+$conf['token']['params']['driverconfig'] = 'horde';
+$conf['token']['driver'] = 'Sql';
+$conf['mailer']['params']['sendmail_path'] = '/usr/lib/sendmail';
+$conf['mailer']['params']['sendmail_args'] = '-oi';
+$conf['mailer']['type'] = 'sendmail';
+$conf['mailformat']['brokenrfc2231'] = false;
+$conf['vfs']['params']['driverconfig'] = 'horde';
+$conf['vfs']['type'] = 'Sql';
+$conf['sessionhandler']['params']['driverconfig'] = 'horde';
+$conf['sessionhandler']['type'] = 'Sql';
+$conf['sessionhandler']['memcache'] = false;
+$conf['spell']['params']['path'] = '/usr/bin/aspell';
+$conf['spell']['driver'] = 'aspell';
+$conf['gnupg']['keyserver'] = array('pool.sks-keyservers.net');
+$conf['gnupg']['timeout'] = 10;
+$conf['nobase64_img'] = false;
+$conf['image']['driver'] = false;
+$conf['exif']['driver'] = 'Bundled';
+$conf['timezone']['location'] = 'ftp://ftp.iana.org/tz/tzdata-latest.tar.gz';
+$conf['problems']['email'] = 'webmaster@<%= node['nginx']['default_domain'] %>';
+$conf['problems']['maildomain'] = '<%= node['nginx']['default_domain'] %>';
+$conf['problems']['tickets'] = false;
+$conf['problems']['attachments'] = true;
+$conf['menu']['links']['help'] = 'all';
+$conf['menu']['links']['prefs'] = 'authenticated';
+$conf['menu']['links']['problem'] = 'all';
+$conf['menu']['links']['login'] = 'all';
+$conf['menu']['links']['logout'] = 'authenticated';
+$conf['portal']['fixed_blocks'] = array();
+$conf['accounts']['driver'] = 'null';
+$conf['user']['verify_from_addr'] = false;
+$conf['user']['select_view'] = true;
+$conf['facebook']['enabled'] = false;
+$conf['twitter']['enabled'] = false;
+$conf['urlshortener'] = false;
+$conf['weather']['provider'] = false;
+$conf['imap']['server'] = 'localhost';
+$conf['imap']['port'] = 993;
+$conf['imap']['secure'] = 'ssl';
+$conf['imap']['maildomain'] = '<%= node['nginx']['default_domain'] %>';
+$conf['imap']['cache_folders'] = true;
+$conf['imap']['enabled'] = true;
+$conf['imsp']['enabled'] = false;
+$conf['kolab']['enabled'] = false;
+$conf['memcache']['enabled'] = false;
+$conf['activesync']['enabled'] = false;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */