├── data_bags ├── .gitkeep └── users │ └── deploy.json ├── nodes ├── .gitkeep └── phoenix_server.json ├── roles ├── .gitkeep ├── postgres-server.json ├── phoenix-app.json └── server.json ├── environments ├── .gitkeep └── production.json ├── site-cookbooks ├── .gitkeep └── phoenix-git │ ├── metadata.rb │ ├── CHANGELOG.md │ ├── attributes │ └── default.rb │ ├── templates │ └── default │ │ └── post-receive.erb │ ├── README.md │ └── recipes │ └── default.rb ├── .gitignore ├── phoenix_server.json ├── Gemfile ├── .chef └── knife.rb ├── Vagrantfile ├── Berksfile ├── LICENSE ├── README.md ├── Berksfile.lock └── Gemfile.lock /data_bags/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /nodes/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /roles/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /environments/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /site-cookbooks/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /cookbooks/ 2 | .vagrant/ 3 | chef-ubuntu-trusty64.box 4 | -------------------------------------------------------------------------------- /phoenix_server.json: -------------------------------------------------------------------------------- 1 | { 2 | "run_list": [ 3 | 4 | ], 5 | "automatic": { 6 | "ipaddress": "128.199.111.164" 7 | } 8 | } -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source "https://rubygems.org" 2 | 3 | gem "knife-solo", "~> 0.4.2" 4 | gem "chef", "~> 12.4.1" 5 | gem "berkshelf", "~> 3.3.0" 6 | -------------------------------------------------------------------------------- /environments/production.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "production", 3 | "default_attributes": { 4 | }, 5 | "json_class":"Chef::Environment", 6 | "chef_type":"environment" 7 | } 8 | -------------------------------------------------------------------------------- /.chef/knife.rb: -------------------------------------------------------------------------------- 1 | cookbook_path ["cookbooks", "site-cookbooks"] 2 | node_path "nodes" 3 | role_path "roles" 4 | environment_path "environments" 5 | data_bag_path "data_bags" 6 | #encrypted_data_bag_secret "data_bag_key" 7 | 8 | knife[:berkshelf_path] = "cookbooks" 9 | -------------------------------------------------------------------------------- /roles/postgres-server.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "postgres-server", 3 | "description": "Postgres database server", 4 | "default_attributes": { 5 | 6 | }, 7 | "json_class": "Chef::Role", 8 | "run_list": [ 9 | "postgresql::server", 10 | "monit_configs-tlq::postgres" 11 | ], 12 | "chef_type": "role" 13 | } 14 | -------------------------------------------------------------------------------- /site-cookbooks/phoenix-git/metadata.rb: -------------------------------------------------------------------------------- 1 | name 'phoenix-git' 2 | maintainer 'Gabriel Jaldon' 3 | maintainer_email 'gjaldon85@gmail.com' 4 | license 'MIT' 5 | description 'Installs/Configures phoenix-git' 6 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) 7 | version '0.1.0' 8 | depends 'database' 9 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure(2) do |config| 5 | config.vm.box = "chef-ubuntu-trusty64" 6 | config.vm.provision "file", source: "~/.ssh/id_rsa.pub", destination: "~/.ssh/me.pub" 7 | config.vm.provision "shell", inline: "cat ~vagrant/.ssh/me.pub >> ~vagrant/.ssh/authorized_keys" 8 | config.vm.network :forwarded_port, guest: 80, host: 4567 9 | 10 | config.ssh.forward_agent = true 11 | 12 | config.vm.provider "virtualbox" do |v| 13 | v.memory = 1024 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /site-cookbooks/phoenix-git/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | phoenix-git CHANGELOG 2 | ===================== 3 | 4 | This file is used to list changes made in each version of the phoenix-git cookbook. 5 | 6 | 0.1.0 7 | ----- 8 | - [your_name] - Initial release of phoenix-git 9 | 10 | - - - 11 | Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown. 12 | 13 | The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown. 14 | -------------------------------------------------------------------------------- /roles/phoenix-app.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "phoenix-app", 3 | "description": "Runs Phoenix apps", 4 | "default_attributes": { 5 | "elixir": { 6 | "version": "1.0.5" 7 | }, 8 | "firewall" : { 9 | "rules" : [ 10 | {"allow http on port 80" : {"port" : 80}}, 11 | {"allow http on port 8080" : {"port" : 8080}}, 12 | {"allow http on port 8081" : {"port" : 8081}} 13 | ] 14 | } 15 | }, 16 | "json_class": "Chef::Role", 17 | "run_list": [ 18 | "recipe[elixir::default]", 19 | "recipe[phoenix-git::default]", 20 | "recipe[ufw::default]" 21 | ], 22 | "chef_type": "role" 23 | } 24 | -------------------------------------------------------------------------------- /site-cookbooks/phoenix-git/attributes/default.rb: -------------------------------------------------------------------------------- 1 | default['phoenix-git']['app_name'] = "app" 2 | default['phoenix-git']['app_port_1'] = "8080" 3 | default['phoenix-git']['app_port_2'] = "8081" 4 | default['phoenix-git']['mix_env'] = "prod" 5 | 6 | # Postgres DB attributes 7 | default['phoenix-git']['db_name'] = "postgres_prod" 8 | default['phoenix-git']['db_connection'] = { 9 | :host => "127.0.0.1", 10 | :port => 5432, 11 | :username => "postgres", 12 | :password => "test" 13 | } 14 | 15 | default['phoenix-git']['node_build_commands'] = [ 16 | "node_modules/bower/bin/bower install", 17 | "node_modules/brunch/bin/brunch build --production" 18 | ] 19 | -------------------------------------------------------------------------------- /data_bags/users/deploy.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "deploy", 3 | // generate this with: openssl passwd -1 "plaintextpassword" 4 | "password": "$1$h8MtHlGj$rbJKmlMV3fccIxmCMs/Px0", 5 | // the below should contain a list of ssh public keys which should 6 | // be able to login as deploy 7 | "ssh_keys": [ 8 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5ib00zUqWzzec3QnITg8q/6Ua9LG5uBkAmtLhzxxAcTNqCTreBj4FWnBIxFnyYoldEkeqEsvfCzvNsRhDh85vN3Q5GbaByIpvG2ZE02p9T+RlAuA9TMZ+Ih/HEKD/ts6cIsmlTCjdUmZawJH6xYnWa5nDGVtmnFG9TnwD2QBVimtdg1N8Cg5Y5eNlNOTQlYxchKkKTbxAlC6k21/pVpPyHms4meJdaHjfKRchme90jW/8dlHo//hH4bGqR7o44P/Eu/KMypvGPPLN99NdIrsUZGfQKyjWEI+hWelCoaPIeMTZg3J0NkQI0mtRTebVp5U8Zo4U7bDOhskZmOp8gAjV gjaldon85@gmail.com" 9 | ], 10 | "groups": ["sysadmin"], 11 | "shell": "\/bin\/bash" 12 | } 13 | -------------------------------------------------------------------------------- /Berksfile: -------------------------------------------------------------------------------- 1 | source "https://supermarket.chef.io" 2 | 3 | cookbook 'apt', github: 'opscode-cookbooks/apt' 4 | cookbook 'chef-solo-search', github: 'edelight/chef-solo-search' 5 | cookbook 'database', github: 'opscode-cookbooks/database' 6 | cookbook 'elixir', github: 'reset/elixir-cookbook' 7 | cookbook 'fail2ban', github: 'opscode-cookbooks/fail2ban' 8 | cookbook 'locales', github: 'phbergsmann/chef-locales' 9 | cookbook 'look_and_feel-tlq', github: 'TalkingQuickly/look_and_feel-tlq' 10 | cookbook 'monit-tlq', github: 'TalkingQuickly/monit-tlq', branch: 'master' 11 | cookbook 'monit_configs-tlq', github: 'TalkingQuickly/monit_configs-tlq', branch: 'master' 12 | cookbook 'ntp', github: 'gmiranda23/ntp' 13 | cookbook 'openssh', github: 'opscode-cookbooks/openssh' 14 | cookbook 'postgresql', github: 'opscode-cookbooks/postgresql' 15 | cookbook 'sudo', github: 'opscode-cookbooks/sudo' 16 | cookbook 'ufw', github: 'opscode-cookbooks/ufw' 17 | cookbook 'users', github: 'opscode-cookbooks/users' 18 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Gabriel Jaldon 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Phoenix Server Template 2 | 3 | ### Introduction 4 | 5 | This is a Chef template for provisioning a Phoenix server that accepts `git push` deploys 6 | on Ubuntu Trusty. It includes Postgresql as database and Node for compiling static assets. 7 | 8 | This has only been tested in Vagrant and DigitalOcean. It is likely going to work in other 9 | cloud providers, but haven't tried out myself. 10 | 11 | ### Usage 12 | 13 | This template was designed with the use of `chef-solo` in mind so we will be using `knife-solo` 14 | commands. 15 | 16 | 1. We need to prepare the VPS for provisioning by installing Chef and its dependencies by doing: 17 | 18 | ```elixir 19 | knife solo prepare root@yourserverip 20 | ``` 21 | 22 | 2. Provision your server! 23 | 24 | ```elixir 25 | knife solo cook root@yourserverip nodes/phoenix_server.json 26 | ``` 27 | 28 | You can customize the attributes to adapt this template according to your needs. Keep in mind to 29 | secure your secrets in your attributes by using `chef-vault` or encrypted attributes. 30 | 31 | 32 | ### Important Links 33 | 34 | - [Chef docs](https://docs.chef.io/resources.html) 35 | - [License](https://github.com/gjaldon/phoenix_server_template/blob/master/LICENSE) 36 | 37 | 38 | 39 | PS - Contributions and Feedback are always welcome! 40 | -------------------------------------------------------------------------------- /nodes/phoenix_server.json: -------------------------------------------------------------------------------- 1 | { 2 | "environment":"production", 3 | "authorization": { 4 | "sudo": { 5 | // the deploy user specifically gets sudo rights 6 | // if you're using vagrant it's worth adding "vagrant" 7 | // to this array 8 | // The password for the deploy user is set in data_bags/users/deploy.json 9 | // and should be generated using: 10 | // openssl passwd -1 "plaintextpassword" 11 | "users": ["deploy", "vagrant"] 12 | } 13 | }, 14 | "postgresql" : { 15 | "password" : { 16 | // this should be generated with: 17 | // openssl passwd -1 "plaintextpassword" 18 | // currently test 19 | "postgres" : "test" 20 | } 21 | }, 22 | "monit": { 23 | "notify_emails" : ["email@example.com"], 24 | "enable_emails" : false, 25 | "web_interface" : { 26 | // the plaintext monit username and password 27 | "allow" : ["your_username","your_password"] 28 | }, 29 | "mailserver" : { 30 | // the easiest option is to use something like 31 | // Mailgun or Sengrid 32 | "host" : "mailserver.example.com", 33 | "port" : "999", 34 | "username" : "your_username", 35 | "password" : "your_password", 36 | "hostname" : "the_hostname" 37 | } 38 | }, 39 | "build_essential": { 40 | "compiletime": true 41 | }, 42 | "run_list": [ 43 | "role[server]", 44 | "role[postgres-server]", 45 | "role[phoenix-app]" 46 | ], 47 | "automatic": { 48 | "ipaddress": "127.0.0.1" 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /site-cookbooks/phoenix-git/templates/default/post-receive.erb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | app_name=<%= node["phoenix-git"]['app_name'] %> 4 | app_port_1=<%= node["phoenix-git"]['app_port_1'] %> 5 | app_port_2=<%= node["phoenix-git"]['app_port_2'] %> 6 | 7 | for f in /etc/profile.d/*; do source $f; done 8 | 9 | git --work-tree=/var/www/$app_name.com --git-dir=/var/repo/$app_name.git checkout -f 10 | 11 | mix local.hex --force 12 | mix local.rebar --force 13 | 14 | cd /var/www/$app_name.com 15 | 16 | <%= (["npm install"] + node["phoenix-git"]["node_build_commands"]).join(" && ") %> 17 | 18 | if [ $PORT = $app_port_1 ]; then 19 | PORT=8888 mix do deps.get, deps.compile, phoenix.digest, ecto.migrate && 20 | PORT=$app_port_2 elixir --detached -S mix phoenix.server && 21 | sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port $app_port_2 22 | sleep 5 && sudo iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-port $app_port_1 23 | previous_port=$(sudo lsof -t -i:$app_port_1) 24 | if [ -n $previous_port ]; then 25 | sudo kill $previous_port 26 | fi 27 | echo "export PORT=$app_port_2" > /etc/profile.d/PORT.sh 28 | else 29 | PORT=8888 mix do deps.get, deps.compile, phoenix.digest, ecto.migrate && 30 | PORT=$app_port_1 elixir --detached -S mix phoenix.server && 31 | sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port $app_port_1 32 | sleep 5 && sudo iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-port $app_port_2 33 | previous_port=$(sudo lsof -t -i:$app_port_2) 34 | if [ -n $previous_port ]; then 35 | sudo kill $previous_port 36 | fi 37 | echo "export PORT=$app_port_1" > /etc/profile.d/PORT.sh 38 | fi 39 | -------------------------------------------------------------------------------- /site-cookbooks/phoenix-git/README.md: -------------------------------------------------------------------------------- 1 | phoenix-git Cookbook 2 | ==================== 3 | TODO: Enter the cookbook description here. 4 | 5 | e.g. 6 | This cookbook makes your favorite breakfast sandwich. 7 | 8 | Requirements 9 | ------------ 10 | TODO: List your cookbook requirements. Be sure to include any requirements this cookbook has on platforms, libraries, other cookbooks, packages, operating systems, etc. 11 | 12 | e.g. 13 | #### packages 14 | - `toaster` - phoenix-git needs toaster to brown your bagel. 15 | 16 | Attributes 17 | ---------- 18 | TODO: List your cookbook attributes here. 19 | 20 | e.g. 21 | #### phoenix-git::default 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 |
KeyTypeDescriptionDefault
['phoenix-git']['bacon']Booleanwhether to include bacontrue
36 | 37 | Usage 38 | ----- 39 | #### phoenix-git::default 40 | TODO: Write usage instructions for each cookbook. 41 | 42 | e.g. 43 | Just include `phoenix-git` in your node's `run_list`: 44 | 45 | ```json 46 | { 47 | "name":"my_node", 48 | "run_list": [ 49 | "recipe[phoenix-git]" 50 | ] 51 | } 52 | ``` 53 | 54 | Contributing 55 | ------------ 56 | TODO: (optional) If this is a public cookbook, detail the process for contributing. If this is a private cookbook, remove this section. 57 | 58 | e.g. 59 | 1. Fork the repository on Github 60 | 2. Create a named feature branch (like `add_component_x`) 61 | 3. Write your change 62 | 4. Write tests for your change (if applicable) 63 | 5. Run the tests, ensuring they all pass 64 | 6. Submit a Pull Request using Github 65 | 66 | License and Authors 67 | ------------------- 68 | Authors: TODO: List authors 69 | -------------------------------------------------------------------------------- /site-cookbooks/phoenix-git/recipes/default.rb: -------------------------------------------------------------------------------- 1 | include_recipe "database::postgresql" 2 | 3 | require 'securerandom' 4 | 5 | package "nodejs-legacy" 6 | package "npm" 7 | package "git" 8 | 9 | file "/etc/profile.d/MIX_ENV.sh" do 10 | content "export MIX_ENV=#{node['phoenix-git']['mix_env']}" 11 | owner "root" 12 | group "sysadmin" 13 | action :create_if_missing 14 | end 15 | 16 | file "/etc/profile.d/SECRET_KEY_BASE.sh" do 17 | content "export SECRET_KEY_BASE=#{SecureRandom.base64(64)}" 18 | owner "root" 19 | group "sysadmin" 20 | action :create_if_missing 21 | end 22 | 23 | db_conn = node['phoenix-git']['db_connection'] 24 | database_url = "postgresql://#{db_conn[:username]}:#{db_conn[:password]}@#{db_conn[:host]}/#{node['phoenix-git']['db_name']}" 25 | 26 | file "/etc/profile.d/DATABASE_URL.sh" do 27 | content "export DATABASE_URL='#{database_url}'" 28 | owner "root" 29 | group "sysadmin" 30 | action :create_if_missing 31 | end 32 | 33 | file "/etc/profile.d/PORT.sh" do 34 | content "export PORT=#{node['phoenix-git']['app_port_1']}" 35 | owner "root" 36 | group "sysadmin" 37 | mode "0775" 38 | action :create_if_missing 39 | end 40 | 41 | postgresql_database node['phoenix-git']['db_name'] do 42 | connection(node['phoenix-git']['db_connection']) 43 | action :create 44 | end 45 | 46 | %W(/var/repo /var/repo/#{node['phoenix-git']['app_name']}.git).each do |path| 47 | directory path do 48 | owner "deploy" 49 | group "sysadmin" 50 | action :create 51 | end 52 | end 53 | 54 | execute "set-up bare git repo" do 55 | cwd "/var/repo/#{node['phoenix-git']['app_name']}.git" 56 | creates "/var/repo/#{node['phoenix-git']['app_name']}.git/config" 57 | command "git init --bare" 58 | user "deploy" 59 | group "sysadmin" 60 | action :run 61 | end 62 | 63 | template "/var/repo/#{node['phoenix-git']['app_name']}.git/hooks/post-receive" do 64 | owner "deploy" 65 | group "sysadmin" 66 | mode "0555" 67 | source "post-receive.erb" 68 | end 69 | 70 | %W(/var/www /var/www/#{node['phoenix-git']['app_name']}.com).each do |path| 71 | directory path do 72 | owner "deploy" 73 | group "sysadmin" 74 | action :create 75 | end 76 | end 77 | -------------------------------------------------------------------------------- /Berksfile.lock: -------------------------------------------------------------------------------- 1 | DEPENDENCIES 2 | apt 3 | git: git://github.com/opscode-cookbooks/apt.git 4 | revision: 497732c18e2d80296b04e96df09899b032ec84fd 5 | chef-solo-search 6 | git: git://github.com/edelight/chef-solo-search.git 7 | revision: 72bd5e3507056e5c931ee0cf7516ce1bfbce6d51 8 | database 9 | git: git://github.com/opscode-cookbooks/database.git 10 | revision: 988b3f905d672cd0e7ad584a127ce70a7c17dd3d 11 | elixir 12 | git: git://github.com/reset/elixir-cookbook.git 13 | revision: b95c7ed785ffca4505647806672d38ed63e99e79 14 | fail2ban 15 | git: git://github.com/opscode-cookbooks/fail2ban.git 16 | revision: ec228bab671f8eed3ba7c2a40d4af43bc1ca9093 17 | locales 18 | git: git://github.com/phbergsmann/chef-locales.git 19 | revision: 5ad79628e627a66edf028fe55fa7c92d26687cf0 20 | look_and_feel-tlq 21 | git: git://github.com/TalkingQuickly/look_and_feel-tlq.git 22 | revision: 214b18d5266909721e85fe3acac4f7c926a0c609 23 | monit-tlq 24 | git: git://github.com/TalkingQuickly/monit-tlq.git 25 | revision: 28bbdc06702a00c5cb5ace1fd7f79a51a127ed0c 26 | branch: master 27 | monit_configs-tlq 28 | git: git://github.com/TalkingQuickly/monit_configs-tlq.git 29 | revision: c10ee522a69db1ec48672a2b1c8a42ae92e027e1 30 | branch: master 31 | ntp 32 | git: git://github.com/gmiranda23/ntp.git 33 | revision: 95bec55b5b895c370e63aef2c5aef2d2ca6abc89 34 | openssh 35 | git: git://github.com/opscode-cookbooks/openssh.git 36 | revision: 3d1f169a42189412d3a11d64462152cd966fefb4 37 | postgresql 38 | git: git://github.com/opscode-cookbooks/postgresql.git 39 | revision: d57d9e820f90d7e09fc4467d51ff9b5408be9048 40 | sudo 41 | git: git://github.com/opscode-cookbooks/sudo.git 42 | revision: 3ee091a8cf9c531038a09602fb562de54399c8bc 43 | ufw 44 | git: git://github.com/opscode-cookbooks/ufw.git 45 | revision: d80d4071aa55c54dd6978cb46e778246e39dd1f9 46 | users 47 | git: git://github.com/opscode-cookbooks/users.git 48 | revision: 70585d1eda03c2d6ef0244f33cf359bab21a1b63 49 | 50 | GRAPH 51 | apt (2.7.0) 52 | build-essential (2.2.3) 53 | chef-solo-search (0.5.2) 54 | chef-sugar (3.1.1) 55 | chef_handler (1.2.0) 56 | database (4.0.6) 57 | postgresql (>= 1.0.0) 58 | dmg (2.2.2) 59 | elixir (0.10.0) 60 | apt (~> 2.7) 61 | erlang (>= 0.0.0) 62 | git (>= 0.0.0) 63 | github (>= 0.0.0) 64 | libarchive (~> 0.4) 65 | erlang (1.5.8) 66 | apt (>= 1.7.0) 67 | build-essential (>= 0.0.0) 68 | yum (~> 3.0) 69 | yum-epel (>= 0.0.0) 70 | yum-erlang_solutions (>= 0.0.0) 71 | fail2ban (2.2.1) 72 | yum (~> 3.0) 73 | yum-epel (>= 0.0.0) 74 | firewall (1.5.0) 75 | poise (~> 2.0) 76 | git (4.2.2) 77 | build-essential (>= 0.0.0) 78 | dmg (>= 0.0.0) 79 | windows (>= 0.0.0) 80 | yum-epel (>= 0.0.0) 81 | github (0.3.0) 82 | libarchive (>= 0.0.0) 83 | iptables (1.0.0) 84 | libarchive (0.5.0) 85 | apt (~> 2.5) 86 | build-essential (~> 2.0) 87 | locales (0.3.1) 88 | look_and_feel-tlq (0.0.5) 89 | locales (>= 0.0.0) 90 | monit-tlq (0.3.11) 91 | monit_configs-tlq (0.1.2) 92 | ntp (1.8.6) 93 | openssh (1.5.2) 94 | iptables (>= 0.0.0) 95 | openssl (4.0.0) 96 | chef-sugar (>= 0.0.0) 97 | poise (2.1.0) 98 | postgresql (3.4.20) 99 | apt (>= 1.9.0) 100 | build-essential (>= 0.0.0) 101 | openssl (~> 4.0.0) 102 | sudo (2.7.1) 103 | ufw (0.7.5) 104 | firewall (>= 0.9.0) 105 | users (1.8.3) 106 | windows (1.37.0) 107 | chef_handler (>= 0.0.0) 108 | yum (3.6.1) 109 | yum-epel (0.6.2) 110 | yum (~> 3.2) 111 | yum-erlang_solutions (0.2.0) 112 | yum (~> 3.0) 113 | -------------------------------------------------------------------------------- /roles/server.json: -------------------------------------------------------------------------------- 1 | // Things we want standard on all server boxes, primarily: 2 | // - Security 3 | // - Look and feel 4 | // - default users, groups etc 5 | { 6 | "name": "server", 7 | "description": "A server of some kind...", 8 | "default_attributes": { 9 | "apt" : { 10 | "unattended_upgrades" : { 11 | "enable" : true, 12 | "allowed_origins" : [ 13 | "${distro_id} stable", 14 | "${distro_id} ${distro_codename}-security" 15 | ], 16 | "automatic_reboot" : true 17 | } 18 | }, 19 | "authorization": { 20 | "sudo": { 21 | // everyone in the group sysadmin gets sudo rights 22 | "groups": ["sysadmin"], 23 | // the deploy user specifically gets sudo rights 24 | "users": ["deploy"], 25 | // whether a user with sudo rights can execute sudo 26 | // commands without entering their password. 27 | "passwordless": true 28 | } 29 | }, 30 | "locales" : { 31 | "packages" : ["locales"], 32 | "default" : "en_US.utf8" 33 | }, 34 | "look_and_feel-tlq" : { 35 | // any extra locales we want available. Useful if your 36 | // local dev machine uses a locale which doesn't match 37 | // the servers locale. 38 | "additional_locales" : ["en_GB.utf8"] 39 | }, 40 | "monit": { 41 | // which lucky person gets monit emails if enabled 42 | "notify_emails" : ["user@example.com"], 43 | // enable or disable monit emails 44 | "enable_emails" : false, 45 | "mailserver" : { 46 | "host" : "your-server", 47 | "port" : "587", 48 | "username" : "yourusername", 49 | "password" : "yourpassword", 50 | "hostname" : "yourhostname" 51 | }, 52 | "web_interface" : { 53 | // access credentials for the web interface. Just 54 | // enabling this won't set up the web interface, 55 | // it will need either a vhost in nginx or its port 56 | // being allowed through ufw 57 | "allow" : ["yourusername","yourpassword"] 58 | } 59 | }, 60 | "monit_address" : "monit.devops.local", 61 | "openssh" : { 62 | "server" : { 63 | "password_authentication" : "no", 64 | "challenge_response_authentication" : "no", 65 | "permit_empty_passwords" : "no", 66 | "use_pam" : "no", 67 | "x11_forwarding" : "no", 68 | "permit_root_login" : "yes" 69 | } 70 | } 71 | }, 72 | "json_class": "Chef::Role", 73 | "run_list": [ 74 | // required for generating secure passwords 75 | "recipe[openssl::default]", 76 | // required for building from source 77 | "recipe[build-essential::default]", 78 | // required by the users cookbook when using chef solo 79 | "recipe[chef-solo-search::default]", 80 | // setup standard sysadmin users 81 | "recipe[users::sysadmins]", 82 | // install and enable ufw 83 | "recipe[ufw::default]", 84 | // enable unattended upgrades 85 | "recipe[apt::unattended-upgrades]", 86 | // enable automatic time sync 87 | "recipe[ntp::default]", 88 | // make sure deploy user has sudo rights 89 | "recipe[sudo::default]", 90 | // Make sure we have a valid locale setup 91 | "recipe[locales::default]", 92 | // Block repeated failed login attempts 93 | "recipe[fail2ban::default]", 94 | // Visual tweaks and tools 95 | "recipe[look_and_feel-tlq::default]", 96 | // get monit up and running (config is down to 97 | // individual apps/ a separate recipe) 98 | "recipe[monit-tlq::default]", 99 | // monit configurations for a standard ubuntu system 100 | "recipe[monit_configs-tlq::system]" 101 | ], 102 | "chef_type": "role", 103 | "override_attributes": { 104 | } 105 | } 106 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | addressable (2.3.8) 5 | berkshelf (3.3.0) 6 | addressable (~> 2.3.4) 7 | berkshelf-api-client (~> 1.2) 8 | buff-config (~> 1.0) 9 | buff-extensions (~> 1.0) 10 | buff-shell_out (~> 0.1) 11 | celluloid (~> 0.16.0) 12 | celluloid-io (~> 0.16.1) 13 | cleanroom (~> 1.0) 14 | faraday (~> 0.9.0) 15 | httpclient (~> 2.6.0) 16 | minitar (~> 0.5.4) 17 | octokit (~> 3.0) 18 | retryable (~> 2.0) 19 | ridley (~> 4.0) 20 | solve (~> 1.1) 21 | thor (~> 0.19) 22 | berkshelf-api-client (1.3.0) 23 | faraday (~> 0.9.0) 24 | httpclient (~> 2.6.0) 25 | buff-config (1.0.1) 26 | buff-extensions (~> 1.0) 27 | varia_model (~> 0.4) 28 | buff-extensions (1.0.0) 29 | buff-ignore (1.1.1) 30 | buff-ruby_engine (0.1.0) 31 | buff-shell_out (0.2.0) 32 | buff-ruby_engine (~> 0.1.0) 33 | builder (3.2.2) 34 | celluloid (0.16.0) 35 | timers (~> 4.0.0) 36 | celluloid-io (0.16.2) 37 | celluloid (>= 0.16.0) 38 | nio4r (>= 1.1.0) 39 | chef (12.4.1) 40 | chef-config (= 12.4.1) 41 | chef-zero (~> 4.2, >= 4.2.2) 42 | diff-lcs (~> 1.2, >= 1.2.4) 43 | erubis (~> 2.7) 44 | ffi-yajl (~> 2.2) 45 | highline (~> 1.6, >= 1.6.9) 46 | mixlib-authentication (~> 1.3) 47 | mixlib-cli (~> 1.4) 48 | mixlib-log (~> 1.3) 49 | mixlib-shellout (>= 2.0.0.rc.0, < 3.0) 50 | net-ssh (~> 2.6) 51 | net-ssh-multi (~> 1.1) 52 | ohai (~> 8.0) 53 | plist (~> 3.1.0) 54 | pry (~> 0.9) 55 | rspec-core (~> 3.2) 56 | rspec-expectations (~> 3.2) 57 | rspec-mocks (~> 3.2) 58 | rspec_junit_formatter (~> 0.2.0) 59 | serverspec (~> 2.7) 60 | specinfra (~> 2.10) 61 | syslog-logger (~> 1.6) 62 | chef-config (12.4.1) 63 | mixlib-config (~> 2.0) 64 | mixlib-shellout (~> 2.0) 65 | chef-zero (4.2.3) 66 | ffi-yajl (>= 1.1, < 3.0) 67 | hashie (~> 2.0) 68 | mixlib-log (~> 1.3) 69 | rack 70 | uuidtools (~> 2.1) 71 | cleanroom (1.0.0) 72 | coderay (1.1.0) 73 | dep-selector-libgecode (1.0.2) 74 | dep_selector (1.0.3) 75 | dep-selector-libgecode (~> 1.0) 76 | ffi (~> 1.9) 77 | diff-lcs (1.2.5) 78 | erubis (2.7.0) 79 | faraday (0.9.1) 80 | multipart-post (>= 1.2, < 3) 81 | ffi (1.9.10) 82 | ffi-yajl (2.2.0) 83 | libyajl2 (~> 1.2) 84 | hashie (2.1.2) 85 | highline (1.7.2) 86 | hitimes (1.2.2) 87 | httpclient (2.6.0.1) 88 | ipaddress (0.8.0) 89 | json (1.8.3) 90 | knife-solo (0.4.2) 91 | chef (>= 10.12) 92 | erubis (~> 2.7.0) 93 | net-ssh (>= 2.2.2, < 3.0) 94 | libyajl2 (1.2.0) 95 | method_source (0.8.2) 96 | mime-types (2.6.1) 97 | minitar (0.5.4) 98 | mixlib-authentication (1.3.0) 99 | mixlib-log 100 | mixlib-cli (1.5.0) 101 | mixlib-config (2.2.1) 102 | mixlib-log (1.6.0) 103 | mixlib-shellout (2.1.0) 104 | multi_json (1.11.2) 105 | multipart-post (2.0.0) 106 | net-http-persistent (2.9.4) 107 | net-scp (1.2.1) 108 | net-ssh (>= 2.6.5) 109 | net-ssh (2.9.2) 110 | net-ssh-gateway (1.2.0) 111 | net-ssh (>= 2.6.5) 112 | net-ssh-multi (1.2.1) 113 | net-ssh (>= 2.6.5) 114 | net-ssh-gateway (>= 1.2.0) 115 | net-telnet (0.1.1) 116 | nio4r (1.1.0) 117 | octokit (3.8.0) 118 | sawyer (~> 0.6.0, >= 0.5.3) 119 | ohai (8.5.0) 120 | ffi (~> 1.9) 121 | ffi-yajl (~> 2.2) 122 | ipaddress 123 | mime-types (~> 2.0) 124 | mixlib-cli 125 | mixlib-config (~> 2.0) 126 | mixlib-log 127 | mixlib-shellout (~> 2.0) 128 | rake (~> 10.1) 129 | systemu (~> 2.6.4) 130 | wmi-lite (~> 1.0) 131 | plist (3.1.0) 132 | pry (0.10.1) 133 | coderay (~> 1.1.0) 134 | method_source (~> 0.8.1) 135 | slop (~> 3.4) 136 | rack (1.6.4) 137 | rake (10.4.2) 138 | retryable (2.0.1) 139 | ridley (4.2.0) 140 | addressable 141 | buff-config (~> 1.0) 142 | buff-extensions (~> 1.0) 143 | buff-ignore (~> 1.1) 144 | buff-shell_out (~> 0.1) 145 | celluloid (~> 0.16.0) 146 | celluloid-io (~> 0.16.1) 147 | erubis 148 | faraday (~> 0.9.0) 149 | hashie (>= 2.0.2, < 3.0.0) 150 | json (>= 1.7.7) 151 | mixlib-authentication (>= 1.3.0) 152 | net-http-persistent (>= 2.8) 153 | retryable (~> 2.0) 154 | semverse (~> 1.1) 155 | varia_model (~> 0.4) 156 | rspec (3.3.0) 157 | rspec-core (~> 3.3.0) 158 | rspec-expectations (~> 3.3.0) 159 | rspec-mocks (~> 3.3.0) 160 | rspec-core (3.3.1) 161 | rspec-support (~> 3.3.0) 162 | rspec-expectations (3.3.0) 163 | diff-lcs (>= 1.2.0, < 2.0) 164 | rspec-support (~> 3.3.0) 165 | rspec-its (1.2.0) 166 | rspec-core (>= 3.0.0) 167 | rspec-expectations (>= 3.0.0) 168 | rspec-mocks (3.3.1) 169 | diff-lcs (>= 1.2.0, < 2.0) 170 | rspec-support (~> 3.3.0) 171 | rspec-support (3.3.0) 172 | rspec_junit_formatter (0.2.3) 173 | builder (< 4) 174 | rspec-core (>= 2, < 4, != 2.12.0) 175 | sawyer (0.6.0) 176 | addressable (~> 2.3.5) 177 | faraday (~> 0.8, < 0.10) 178 | semverse (1.2.1) 179 | serverspec (2.19.0) 180 | multi_json 181 | rspec (~> 3.0) 182 | rspec-its 183 | specinfra (~> 2.35) 184 | sfl (2.2) 185 | slop (3.6.0) 186 | solve (1.2.1) 187 | dep_selector (~> 1.0) 188 | semverse (~> 1.1) 189 | specinfra (2.37.2) 190 | net-scp 191 | net-ssh (~> 2.7) 192 | net-telnet 193 | sfl 194 | syslog-logger (1.6.8) 195 | systemu (2.6.5) 196 | thor (0.19.1) 197 | timers (4.0.1) 198 | hitimes 199 | uuidtools (2.1.5) 200 | varia_model (0.4.0) 201 | buff-extensions (~> 1.0) 202 | hashie (>= 2.0.2, < 3.0.0) 203 | wmi-lite (1.0.0) 204 | 205 | PLATFORMS 206 | ruby 207 | 208 | DEPENDENCIES 209 | berkshelf (~> 3.3.0) 210 | chef (~> 12.4.1) 211 | knife-solo (~> 0.4.2) 212 | --------------------------------------------------------------------------------