From eaa2e5753625b409cfbfb6ebdc47e9f14c5b6d60 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Wed, 18 Aug 2021 23:10:38 +0000 Subject: [PATCH] Further tweaks --- Vagrantfile | 1 + .../cookbooks/firezone/attributes/default.rb | 12 ---- omnibus/cookbooks/firezone/recipes/app.rb | 70 +++++++++---------- omnibus/cookbooks/firezone/recipes/config.rb | 61 ++++++++-------- .../firezone/recipes/log_management.rb | 18 ++--- omnibus/cookbooks/firezone/recipes/nginx.rb | 42 +++++------ omnibus/cookbooks/firezone/recipes/phoenix.rb | 42 +++++------ .../cookbooks/firezone/recipes/show_config.rb | 4 +- omnibus/cookbooks/firezone/recipes/ssl.rb | 44 ++++++------ .../firezone/templates/nginx.conf.erb | 6 +- .../firezone/templates/pg_hba.conf.erb | 8 +-- .../firezone/templates/phoenix.nginx.conf.erb | 4 +- .../firezone/templates/postgresql.conf.erb | 20 +++--- .../firezone/templates/ssl-signing.conf.erb | 14 ++-- .../firezone/templates/sv-nginx-log-run.erb | 2 +- .../firezone/templates/sv-nginx-run.erb | 6 +- .../firezone/templates/sv-phoenix-log-run.erb | 2 +- .../firezone/templates/sv-phoenix-run.erb | 16 ++--- .../templates/sv-postgresql-log-run.erb | 2 +- .../firezone/templates/sv-postgresql-run.erb | 8 +-- 20 files changed, 183 insertions(+), 199 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 53c4801e6..cb683824f 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -41,6 +41,7 @@ Vagrant.configure("2") do |config| debian10.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8802) debian10.vm.provision "shell", reboot: true, inline: <<~SHELL export DEBIAN_FRONTEND=noninteractive + export APT_LISTCHANGES_FRONTEND=none # Add Backports repo sudo bash -c 'echo "deb http://deb.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/backports.list' diff --git a/omnibus/cookbooks/firezone/attributes/default.rb b/omnibus/cookbooks/firezone/attributes/default.rb index a12e3168e..f59346057 100644 --- a/omnibus/cookbooks/firezone/attributes/default.rb +++ b/omnibus/cookbooks/firezone/attributes/default.rb @@ -23,13 +23,6 @@ require 'etc' # These are examples of things you may want to do, depending on how you set up # the application to run. # -# ### Chef Identity -# -# You will have to set this up in order to log into Firezone and upload -# cookbooks with your Chef server keys. -# -# See the "Chef OAuth2 Settings" section below -# # ### Using an external Postgres database # # Disable the provided Postgres instance and connect to your own: @@ -59,11 +52,6 @@ require 'etc' # specified. default['firezone']['fqdn'] = (node['fqdn'] || node['hostname']).downcase -# The URL for the Chef server. Used with the "Chef OAuth2 Settings" and -# "Chef URL Settings" below. If this is not set, authentication and some of the -# links in the application will not work. -default['firezone']['chef_server_url'] = nil - default['firezone']['config_directory'] = '/etc/firezone' default['firezone']['install_directory'] = '/opt/firezone' default['firezone']['app_directory'] = "#{node['firezone']['install_directory']}/embedded/service/firezone" diff --git a/omnibus/cookbooks/firezone/recipes/app.rb b/omnibus/cookbooks/firezone/recipes/app.rb index 07470af27..972990b4b 100644 --- a/omnibus/cookbooks/firezone/recipes/app.rb +++ b/omnibus/cookbooks/firezone/recipes/app.rb @@ -19,75 +19,75 @@ # Common configuration for Phoenix -include_recipe 'omnibus-supermarket::config' -include_recipe 'omnibus-supermarket::phoenix' +include_recipe 'firezone::config' +include_recipe 'firezone::phoenix' file 'environment-variables' do - path "#{node['supermarket']['var_directory']}/etc/env" - content Supermarket::Config.environment_variables_from(node['supermarket'].merge('force_ssl' => node['supermarket']['nginx']['force_ssl'])) - owner node['supermarket']['user'] - group node['supermarket']['group'] + path "#{node['firezone']['var_directory']}/etc/env" + content Firezone::Config.environment_variables_from(node['firezone'].merge('force_ssl' => node['firezone']['nginx']['force_ssl'])) + owner node['firezone']['user'] + group node['firezone']['group'] mode '0600' end -link "#{node['supermarket']['app_directory']}/.env.production" do - to "#{node['supermarket']['var_directory']}/etc/env" +link "#{node['firezone']['app_directory']}/.env.production" do + to "#{node['firezone']['var_directory']}/etc/env" end -file "#{node['supermarket']['var_directory']}/etc/database.yml" do +file "#{node['firezone']['var_directory']}/etc/database.yml" do content(YAML.dump({ 'production' => { 'adapter' => 'postgresql', - 'database' => node['supermarket']['database']['name'], - 'username' => node['supermarket']['database']['user'], - 'password' => node['supermarket']['database']['password'], - 'host' => node['supermarket']['database']['host'], - 'port' => node['supermarket']['database']['port'], - 'pool' => node['supermarket']['database']['pool'], + 'database' => node['firezone']['database']['name'], + 'username' => node['firezone']['database']['user'], + 'password' => node['firezone']['database']['password'], + 'host' => node['firezone']['database']['host'], + 'port' => node['firezone']['database']['port'], + 'pool' => node['firezone']['database']['pool'], } })) - owner node['supermarket']['user'] - group node['supermarket']['group'] + owner node['firezone']['user'] + group node['firezone']['group'] mode '0600' end -link "#{node['supermarket']['app_directory']}/config/database.yml" do - to "#{node['supermarket']['var_directory']}/etc/database.yml" +link "#{node['firezone']['app_directory']}/config/database.yml" do + to "#{node['firezone']['var_directory']}/etc/database.yml" end -# Ensure the db schema is owned by the supermarket user, so dumping the db +# Ensure the db schema is owned by the firezone user, so dumping the db # schema after migrate works -file "#{node['supermarket']['app_directory']}/db/schema.rb" do - owner node['supermarket']['user'] +file "#{node['firezone']['app_directory']}/db/schema.rb" do + owner node['firezone']['user'] end execute 'database schema' do command 'bundle exec rake db:migrate db:seed' - cwd node['supermarket']['app_directory'] + cwd node['firezone']['app_directory'] environment( - 'RAILS_ENV' => 'production', - 'HOME' => node['supermarket']['app_directory'] + 'MIX_ENV' => 'production', + 'HOME' => node['firezone']['app_directory'] ) - user node['supermarket']['user'] + user node['firezone']['user'] end -# tar files for cookbooks are uploaded to /opt/supermarket/embedded/service/supermarket/public/system -directory node['supermarket']['data_directory'] do - owner node['supermarket']['user'] - group node['supermarket']['group'] +# tar files for cookbooks are uploaded to /opt/firezone/embedded/service/firezone/public/system +directory node['firezone']['data_directory'] do + owner node['firezone']['user'] + group node['firezone']['group'] mode '0755' action :create end -link "#{node['supermarket']['app_directory']}/public/system" do - to node['supermarket']['data_directory'] +link "#{node['firezone']['app_directory']}/public/system" do + to node['firezone']['data_directory'] end sitemap_files = ['sitemap.xml.gz', 'sitemap1.xml.gz'] sitemap_files.each do |sitemap_file| - file "#{node['supermarket']['app_directory']}/public/#{sitemap_file}" do - owner node['supermarket']['user'] - group node['supermarket']['group'] + file "#{node['firezone']['app_directory']}/public/#{sitemap_file}" do + owner node['firezone']['user'] + group node['firezone']['group'] mode '0664' action :create end diff --git a/omnibus/cookbooks/firezone/recipes/config.rb b/omnibus/cookbooks/firezone/recipes/config.rb index e0cbc22cb..2b59d8dba 100644 --- a/omnibus/cookbooks/firezone/recipes/config.rb +++ b/omnibus/cookbooks/firezone/recipes/config.rb @@ -23,69 +23,64 @@ # This creates the config_directory if it does not exist as well as the files # in it. Firezone::Config.load_or_create!( - "#{node['supermarket']['config_directory']}/supermarket.rb", + "#{node['firezone']['config_directory']}/firezone.rb", node ) FireZone::Config.load_from_json!( - "#{node['supermarket']['config_directory']}/supermarket.json", + "#{node['firezone']['config_directory']}/firezone.json", node ) Firezone::Config.load_or_create_secrets!( - "#{node['supermarket']['config_directory']}/secrets.json", + "#{node['firezone']['config_directory']}/secrets.json", node ) -Firezone::Config.audit_config(node['supermarket']) +Firezone::Config.audit_config(node['firezone']) Firezone::Config.maybe_turn_on_fips(node) -# Copy things we need from the supermarket namespace to the top level. This is +# Copy things we need from the firezone namespace to the top level. This is # necessary for some community cookbooks. -node.consume_attributes('runit' => node['supermarket']['runit']) +node.consume_attributes('runit' => node['firezone']['runit']) -# set chef_oauth2_url from chef_server_url after this value has been loaded from config -if node['supermarket']['chef_server_url'] && node['supermarket']['chef_oauth2_url'].nil? - node.default['supermarket']['chef_oauth2_url'] = node['supermarket']['chef_server_url'] +user node['firezone']['user'] + +group node['firezone']['group'] do + members [node['firezone']['user']] end -user node['supermarket']['user'] - -group node['supermarket']['group'] do - members [node['supermarket']['user']] +directory node['firezone']['config_directory'] do + owner node['firezone']['user'] + group node['firezone']['group'] end -directory node['supermarket']['config_directory'] do - owner node['supermarket']['user'] - group node['supermarket']['group'] -end - -directory node['supermarket']['var_directory'] do - owner node['supermarket']['user'] - group node['supermarket']['group'] +directory node['firezone']['var_directory'] do + owner node['firezone']['user'] + group node['firezone']['group'] mode '0700' recursive true end -directory node['supermarket']['log_directory'] do - owner node['supermarket']['user'] - group node['supermarket']['group'] +directory node['firezone']['log_directory'] do + owner node['firezone']['user'] + group node['firezone']['group'] mode '0700' recursive true end -directory "#{node['supermarket']['var_directory']}/etc" do - owner node['supermarket']['user'] - group node['supermarket']['group'] +directory "#{node['firezone']['var_directory']}/etc" do + owner node['firezone']['user'] + group node['firezone']['group'] mode '0700' end -file "#{node['supermarket']['config_directory']}/supermarket.rb" do - owner node['supermarket']['user'] - group node['supermarket']['group'] +file "#{node['firezone']['config_directory']}/firezone.rb" do + owner node['firezone']['user'] + group node['firezone']['group'] mode '0600' end -file "#{node['supermarket']['config_directory']}/secrets.json" do - owner node['supermarket']['user'] - group node['supermarket']['group'] +file "#{node['firezone']['config_directory']}/secrets.json" do + owner node['firezone']['user'] + group node['firezone']['group'] mode '0600' end diff --git a/omnibus/cookbooks/firezone/recipes/log_management.rb b/omnibus/cookbooks/firezone/recipes/log_management.rb index b44cd7717..d1192f5ae 100644 --- a/omnibus/cookbooks/firezone/recipes/log_management.rb +++ b/omnibus/cookbooks/firezone/recipes/log_management.rb @@ -1,5 +1,5 @@ # -# Cookbook:: supermarket +# Cookbook:: firezone # Recipe:: log_management # # Copyright:: 2015 Chef Software, Inc. @@ -17,36 +17,36 @@ # limitations under the License. # -# Omnibus Supermarket log management is mostly handled by runit, svlogd +# Firezone log management is mostly handled by runit, svlogd # and each component service logged to STDOUT for svlogd to handle. Some # components do not handle logging to STDOUT well, so logrotate is added # to manage the logs generated by those services. -include_recipe 'omnibus-supermarket::config' +include_recipe 'firezone::config' -directory "#{node['supermarket']['var_directory']}/etc/logrotate.d" do +directory "#{node['firezone']['var_directory']}/etc/logrotate.d" do owner 'root' group 'root' mode '0755' end -template "#{node['supermarket']['var_directory']}/etc/logrotate.conf" do +template "#{node['firezone']['var_directory']}/etc/logrotate.conf" do source 'logrotate.conf.erb' mode '0644' owner 'root' group 'root' variables( - var_directory: node['supermarket']['var_directory'] + var_directory: node['firezone']['var_directory'] ) end -template '/etc/cron.hourly/supermarket_logrotate' do +template '/etc/cron.hourly/firezone_logrotate' do source 'logrotate.cron.erb' mode '0755' owner 'root' group 'root' variables( - install_directory: node['supermarket']['install_directory'], - var_directory: node['supermarket']['var_directory'] + install_directory: node['firezone']['install_directory'], + var_directory: node['firezone']['var_directory'] ) end diff --git a/omnibus/cookbooks/firezone/recipes/nginx.rb b/omnibus/cookbooks/firezone/recipes/nginx.rb index d38bfb927..13905a3d6 100644 --- a/omnibus/cookbooks/firezone/recipes/nginx.rb +++ b/omnibus/cookbooks/firezone/recipes/nginx.rb @@ -1,5 +1,5 @@ # -# Cookbook:: supermarket +# Cookbook:: firezone # Recipe:: nginx # # Copyright:: 2014 Chef Software, Inc. @@ -17,38 +17,38 @@ # limitations under the License. # -include_recipe 'omnibus-supermarket::config' +include_recipe 'firezone::config' -[node['supermarket']['nginx']['cache']['directory'], - node['supermarket']['nginx']['log_directory'], - node['supermarket']['nginx']['directory'], - "#{node['supermarket']['nginx']['directory']}/conf.d", - "#{node['supermarket']['nginx']['directory']}/sites-enabled"].each do |dir| +[node['firezone']['nginx']['cache']['directory'], + node['firezone']['nginx']['log_directory'], + node['firezone']['nginx']['directory'], + "#{node['firezone']['nginx']['directory']}/conf.d", + "#{node['firezone']['nginx']['directory']}/sites-enabled"].each do |dir| directory dir do - owner node['supermarket']['user'] - group node['supermarket']['group'] + owner node['firezone']['user'] + group node['firezone']['group'] mode '0700' recursive true end end # Link the mime.types -link "#{node['supermarket']['nginx']['directory']}/mime.types" do - to "#{node['supermarket']['install_directory']}/embedded/conf/mime.types" +link "#{node['firezone']['nginx']['directory']}/mime.types" do + to "#{node['firezone']['install_directory']}/embedded/conf/mime.types" end template 'nginx.conf' do - path "#{node['supermarket']['nginx']['directory']}/nginx.conf" + path "#{node['firezone']['nginx']['directory']}/nginx.conf" source 'nginx.conf.erb' - owner node['supermarket']['user'] - group node['supermarket']['group'] + owner node['firezone']['user'] + group node['firezone']['group'] mode '0600' - variables(nginx: node['supermarket']['nginx']) + variables(nginx: node['firezone']['nginx']) end -if node['supermarket']['nginx']['enable'] +if node['firezone']['nginx']['enable'] component_runit_service 'nginx' do - package 'supermarket' + package 'firezone' action :enable subscribes :restart, 'template[nginx.conf]' subscribes :restart, 'template[phoenix.nginx.conf]' @@ -61,15 +61,15 @@ end # setup log rotation with logrotate because nginx and runit's svlogd # differ in opinion about who does the logging -template "#{node['supermarket']['var_directory']}/etc/logrotate.d/nginx" do +template "#{node['firezone']['var_directory']}/etc/logrotate.d/nginx" do source 'logrotate-rule.erb' owner 'root' group 'root' mode '0644' variables( - 'log_directory' => node['supermarket']['nginx']['log_directory'], - 'log_rotation' => node['supermarket']['nginx']['log_rotation'], - 'postrotate' => "#{node['supermarket']['install_directory']}/embedded/sbin/nginx -c #{node['supermarket']['nginx']['directory']}/nginx.conf -s reopen", + 'log_directory' => node['firezone']['nginx']['log_directory'], + 'log_rotation' => node['firezone']['nginx']['log_rotation'], + 'postrotate' => "#{node['firezone']['install_directory']}/embedded/sbin/nginx -c #{node['firezone']['nginx']['directory']}/nginx.conf -s reopen", 'owner' => 'root', 'group' => 'root' ) diff --git a/omnibus/cookbooks/firezone/recipes/phoenix.rb b/omnibus/cookbooks/firezone/recipes/phoenix.rb index e4ef721ec..5db23eaf7 100644 --- a/omnibus/cookbooks/firezone/recipes/phoenix.rb +++ b/omnibus/cookbooks/firezone/recipes/phoenix.rb @@ -18,43 +18,43 @@ # limitations under the License. # -include_recipe 'omnibus-supermarket::config' -include_recipe 'omnibus-supermarket::nginx' +include_recipe 'firezone::config' +include_recipe 'firezone::nginx' -[node['supermarket']['phoenix']['log_directory'], - "#{node['supermarket']['var_directory']}/rails/run"].each do |dir| +[node['firezone']['log_directory'], + "#{node['firezone']['var_directory']}/phoenix/run"].each do |dir| directory dir do - owner node['supermarket']['user'] - group node['supermarket']['group'] + owner node['firezone']['user'] + group node['firezone']['group'] mode '0700' recursive true end end template 'unicorn.rb' do - path "#{node['supermarket']['var_directory']}/etc/unicorn.rb" + path "#{node['firezone']['var_directory']}/etc/unicorn.rb" source 'unicorn.rb.erb' - owner node['supermarket']['user'] - group node['supermarket']['group'] + owner node['firezone']['user'] + group node['firezone']['group'] mode '0600' - variables(node['supermarket']['unicorn'].to_hash) + variables(node['firezone']['unicorn'].to_hash) end template 'phoenix.nginx.conf' do - path "#{node['supermarket']['nginx']['directory']}/sites-enabled/rails" - source 'rails.nginx.conf.erb' - owner node['supermarket']['user'] - group node['supermarket']['group'] + path "#{node['firezone']['nginx']['directory']}/sites-enabled/phoenix" + source 'phoenix.nginx.conf.erb' + owner node['firezone']['user'] + group node['firezone']['group'] mode '0600' - variables(nginx: node['supermarket']['nginx'], - phoenix: node['supermarket']['phoenix'], - fqdn: node['supermarket']['fqdn'], - fips_enabled: node['supermarket']['fips_enabled'], - ssl: node['supermarket']['ssl'], - app_directory: node['supermarket']['app_directory']) + variables(nginx: node['firezone']['nginx'], + phoenix: node['firezone']['phoenix'], + fqdn: node['firezone']['fqdn'], + fips_enabled: node['firezone']['fips_enabled'], + ssl: node['firezone']['ssl'], + app_directory: node['firezone']['app_directory']) end -if node['supermarket']['phoenix']['enable'] +if node['firezone']['phoenix']['enable'] component_runit_service 'phoenix' do package 'firezone' action :enable diff --git a/omnibus/cookbooks/firezone/recipes/show_config.rb b/omnibus/cookbooks/firezone/recipes/show_config.rb index ca2338660..f1312327c 100644 --- a/omnibus/cookbooks/firezone/recipes/show_config.rb +++ b/omnibus/cookbooks/firezone/recipes/show_config.rb @@ -1,5 +1,5 @@ # -# Cookbook:: supermarket +# Cookbook:: firezone # Recipe:: show_config # # Copyright:: 2014 Chef Software, Inc. @@ -17,4 +17,4 @@ # limitations under the License. # -puts Chef::JSONCompat.to_json_pretty(node['supermarket']) +puts Chef::JSONCompat.to_json_pretty(node['firezone']) diff --git a/omnibus/cookbooks/firezone/recipes/ssl.rb b/omnibus/cookbooks/firezone/recipes/ssl.rb index 8e3a2f514..fbb3e2371 100644 --- a/omnibus/cookbooks/firezone/recipes/ssl.rb +++ b/omnibus/cookbooks/firezone/recipes/ssl.rb @@ -1,5 +1,5 @@ # -# Cookbook:: supermarket +# Cookbook:: firezone # Recipe:: ssl # # Copyright:: 2014 Chef Software, Inc. @@ -17,22 +17,22 @@ # limitations under the License. # -include_recipe 'omnibus-supermarket::config' +include_recipe 'firezone::config' -[node['supermarket']['ssl']['directory'], - "#{node['supermarket']['ssl']['directory']}/ca"].each do |dir| +[node['firezone']['ssl']['directory'], + "#{node['firezone']['ssl']['directory']}/ca"].each do |dir| directory dir do - owner node['supermarket']['user'] - group node['supermarket']['group'] + owner node['firezone']['user'] + group node['firezone']['group'] mode '0700' end end # Unless SSL is disabled, sets up SSL certificates. # Creates a self-signed cert if none is provided. -if node['supermarket']['ssl']['enabled'] - supermarket_ca_dir = File.join(node['supermarket']['ssl']['directory'], 'ca') - ssl_dhparam = File.join(supermarket_ca_dir, 'dhparams.pem') +if node['firezone']['ssl']['enabled'] + firezone_ca_dir = File.join(node['firezone']['ssl']['directory'], 'ca') + ssl_dhparam = File.join(firezone_ca_dir, 'dhparams.pem') # Generate dhparams.pem for perfect forward secrecy openssl_dhparam ssl_dhparam do @@ -43,25 +43,25 @@ if node['supermarket']['ssl']['enabled'] mode '0644' end - node.default['supermarket']['ssl']['ssl_dhparam'] ||= ssl_dhparam + node.default['firezone']['ssl']['ssl_dhparam'] ||= ssl_dhparam # A certificate has been supplied - if node['supermarket']['ssl']['certificate'] + if node['firezone']['ssl']['certificate'] # Link the standard CA cert into our certs directory - link "#{node['supermarket']['ssl']['directory']}/cacert.pem" do - to "#{node['supermarket']['install_directory']}/embedded/ssl/certs/cacert.pem" + link "#{node['firezone']['ssl']['directory']}/cacert.pem" do + to "#{node['firezone']['install_directory']}/embedded/ssl/certs/cacert.pem" end # No certificate has been supplied; generate one else - ssl_keyfile = File.join(supermarket_ca_dir, "#{node['supermarket']['fqdn']}.key") - ssl_crtfile = File.join(supermarket_ca_dir, "#{node['supermarket']['fqdn']}.crt") + ssl_keyfile = File.join(firezone_ca_dir, "#{node['firezone']['fqdn']}.key") + ssl_crtfile = File.join(firezone_ca_dir, "#{node['firezone']['fqdn']}.crt") openssl_x509_certificate ssl_crtfile do - common_name node['supermarket']['fqdn'] - org node['supermarket']['ssl']['company_name'] - org_unit node['supermarket']['ssl']['organizational_unit_name'] - country node['supermarket']['ssl']['country_name'] + common_name node['firezone']['fqdn'] + org node['firezone']['ssl']['company_name'] + org_unit node['firezone']['ssl']['organizational_unit_name'] + country node['firezone']['ssl']['country_name'] key_length 2048 expire 3650 owner 'root' @@ -69,10 +69,10 @@ if node['supermarket']['ssl']['enabled'] mode '0644' end - node.default['supermarket']['ssl']['certificate'] ||= ssl_crtfile - node.default['supermarket']['ssl']['certificate_key'] ||= ssl_keyfile + node.default['firezone']['ssl']['certificate'] ||= ssl_crtfile + node.default['firezone']['ssl']['certificate_key'] ||= ssl_keyfile - link "#{node['supermarket']['ssl']['directory']}/cacert.pem" do + link "#{node['firezone']['ssl']['directory']}/cacert.pem" do to ssl_crtfile end end diff --git a/omnibus/cookbooks/firezone/templates/nginx.conf.erb b/omnibus/cookbooks/firezone/templates/nginx.conf.erb index 72b1a9195..81ccda57b 100644 --- a/omnibus/cookbooks/firezone/templates/nginx.conf.erb +++ b/omnibus/cookbooks/firezone/templates/nginx.conf.erb @@ -22,9 +22,9 @@ events { http { <% if @nginx['log_x_forwarded_for'] -%> - log_format supermarket '$http_x_forwarded_for - $remote_user [$time_iso8601] ' + log_format firezone '$http_x_forwarded_for - $remote_user [$time_iso8601] ' <% else -%> - log_format supermarket '$remote_addr - $remote_user [$time_iso8601] ' + log_format firezone '$remote_addr - $remote_user [$time_iso8601] ' <% end -%> '"$request" $status $request_length "$request_time" $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; @@ -33,7 +33,7 @@ http { default_type application/octet-stream; <% unless @nginx['disable_access_log'] -%> - access_log <%= @nginx['log_dir'] %>/access.log supermarket; + access_log <%= @nginx['log_dir'] %>/access.log firezone; <% end %> server_tokens off; diff --git a/omnibus/cookbooks/firezone/templates/pg_hba.conf.erb b/omnibus/cookbooks/firezone/templates/pg_hba.conf.erb index 9b9cb9ea9..bdcbe8fbc 100644 --- a/omnibus/cookbooks/firezone/templates/pg_hba.conf.erb +++ b/omnibus/cookbooks/firezone/templates/pg_hba.conf.erb @@ -63,11 +63,11 @@ # TYPE DATABASE USER CIDR-ADDRESS METHOD # "local" is for Unix domain socket connections only -local all <%= node['supermarket']['postgresql']['username'] %> peer +local all <%= node['firezone']['postgresql']['username'] %> peer -host all <%= node['supermarket']['postgresql']['username'] %> 127.0.0.1/32 trust -host all <%= node['supermarket']['postgresql']['username'] %> ::1/128 trust +host all <%= node['firezone']['postgresql']['username'] %> 127.0.0.1/32 trust +host all <%= node['firezone']['postgresql']['username'] %> ::1/128 trust -<% node['supermarket']['postgresql']['md5_auth_cidr_addresses'].each do |cidr| %> +<% node['firezone']['postgresql']['md5_auth_cidr_addresses'].each do |cidr| %> host all all <%= cidr %> md5 <% end %> diff --git a/omnibus/cookbooks/firezone/templates/phoenix.nginx.conf.erb b/omnibus/cookbooks/firezone/templates/phoenix.nginx.conf.erb index 91e489134..e5ad8e05c 100644 --- a/omnibus/cookbooks/firezone/templates/phoenix.nginx.conf.erb +++ b/omnibus/cookbooks/firezone/templates/phoenix.nginx.conf.erb @@ -7,7 +7,7 @@ upstream phoenix { } <% if @nginx['cache']['enable'] -%> -proxy_cache_path <%= @nginx['cache']['directory'] %>/supermarket levels=1:2 keys_zone=supermarket-cache:512m max_size=1000m inactive=600m; +proxy_cache_path <%= @nginx['cache']['directory'] %>/firezone levels=1:2 keys_zone=firezone-cache:512m max_size=1000m inactive=600m; proxy_temp_path <%= @nginx['cache']['directory'] %>/tmp; log_format cache '$remote_addr - [$time_local] "$request" $upstream_cache_status $upstream_response_time $upstream_status'; @@ -89,7 +89,7 @@ server { proxy_ignore_headers Set-Cookie Cache-Control; proxy_buffering on; - proxy_cache supermarket-cache; + proxy_cache firezone-cache; proxy_cache_valid 200 302 240m; proxy_cache_valid any 5m; expires 240m; diff --git a/omnibus/cookbooks/firezone/templates/postgresql.conf.erb b/omnibus/cookbooks/firezone/templates/postgresql.conf.erb index f1805129c..5d76ab3fe 100644 --- a/omnibus/cookbooks/firezone/templates/postgresql.conf.erb +++ b/omnibus/cookbooks/firezone/templates/postgresql.conf.erb @@ -56,12 +56,12 @@ # - Connection Settings - -listen_addresses = '<%= node['supermarket']['postgresql']['listen_address'] %>' # what IP address(es) to listen on; +listen_addresses = '<%= node['firezone']['postgresql']['listen_address'] %>' # what IP address(es) to listen on; # comma-separated list of addresses; # defaults to 'localhost', '*' = all # (change requires restart) -port = <%= node['supermarket']['postgresql']['port'] %> # (change requires restart) -max_connections = <%= node['supermarket']['postgresql']['max_connections'] %> # (change requires restart) +port = <%= node['firezone']['postgresql']['port'] %> # (change requires restart) +max_connections = <%= node['firezone']['postgresql']['max_connections'] %> # (change requires restart) # Note: Increasing max_connections costs ~400 bytes of shared memory per # connection slot, plus lock space (see max_locks_per_transaction). #superuser_reserved_connections = 3 # (change requires restart) @@ -106,7 +106,7 @@ max_connections = <%= node['supermarket']['postgresql']['max_connections'] %> # - Memory - -shared_buffers = <%= node['supermarket']['postgresql']['shared_buffers'] %> # min 128kB +shared_buffers = <%= node['firezone']['postgresql']['shared_buffers'] %> # min 128kB # (change requires restart) #temp_buffers = 8MB # min 800kB #max_prepared_transactions = 0 # zero disables the feature @@ -115,7 +115,7 @@ shared_buffers = <%= node['supermarket']['postgresql']['shared_buffers'] %> # mi # per transaction slot, plus lock space (see max_locks_per_transaction). # It is not advisable to set max_prepared_transactions nonzero unless you # actively intend to use prepared transactions. -work_mem = <%= node['supermarket']['postgresql']['work_mem'] %> # min 64kB +work_mem = <%= node['firezone']['postgresql']['work_mem'] %> # min 64kB #maintenance_work_mem = 16MB # min 1MB #max_stack_depth = 2MB # min 100kB @@ -171,10 +171,10 @@ work_mem = <%= node['supermarket']['postgresql']['work_mem'] %> # min 64kB # - Checkpoints - -checkpoint_segments = <%= node['supermarket']['postgresql']['checkpoint_segments'] %> # in logfile segments, min 1, 16MB each, default 3 -checkpoint_timeout = <%= node['supermarket']['postgresql']['checkpoint_timeout'] %> # range 30s-1h, default 5min -checkpoint_completion_target = <%= node['supermarket']['postgresql']['checkpoint_completion_target'] %> # checkpoint target duration, 0.0 - 1.0, default 0.5 -checkpoint_warning = <%= node['supermarket']['postgresql']['checkpoint_warning'] %> # 0 disables, default 30s +checkpoint_segments = <%= node['firezone']['postgresql']['checkpoint_segments'] %> # in logfile segments, min 1, 16MB each, default 3 +checkpoint_timeout = <%= node['firezone']['postgresql']['checkpoint_timeout'] %> # range 30s-1h, default 5min +checkpoint_completion_target = <%= node['firezone']['postgresql']['checkpoint_completion_target'] %> # checkpoint target duration, 0.0 - 1.0, default 0.5 +checkpoint_warning = <%= node['firezone']['postgresql']['checkpoint_warning'] %> # 0 disables, default 30s # - Archiving - @@ -245,7 +245,7 @@ checkpoint_warning = <%= node['supermarket']['postgresql']['checkpoint_warning'] #cpu_tuple_cost = 0.01 # same scale as above #cpu_index_tuple_cost = 0.005 # same scale as above #cpu_operator_cost = 0.0025 # same scale as above -effective_cache_size = <%= node['supermarket']['postgresql']['effective_cache_size'] %> # Default 128MB +effective_cache_size = <%= node['firezone']['postgresql']['effective_cache_size'] %> # Default 128MB # - Genetic Query Optimizer - diff --git a/omnibus/cookbooks/firezone/templates/ssl-signing.conf.erb b/omnibus/cookbooks/firezone/templates/ssl-signing.conf.erb index 29af99e9f..8700acd8d 100644 --- a/omnibus/cookbooks/firezone/templates/ssl-signing.conf.erb +++ b/omnibus/cookbooks/firezone/templates/ssl-signing.conf.erb @@ -3,10 +3,10 @@ distinguished_name = req_distinguished_name prompt = no [ req_distinguished_name ] -C = <%= node['supermarket']['ssl']['country_name'] %> -ST = <%= node['supermarket']['ssl']['state_name'] %> -L = <%= node['supermarket']['ssl']['locality_name'] %> -O = <%= node['supermarket']['ssl']['company_name'] %> -OU = <%= node['supermarket']['ssl']['organizational_unit_name'] %> -CN = <%= node['supermarket']['fqdn'] %> -emailAddress = <%= node['supermarket']['ssl']['email_address'] %> +C = <%= node['firezone']['ssl']['country_name'] %> +ST = <%= node['firezone']['ssl']['state_name'] %> +L = <%= node['firezone']['ssl']['locality_name'] %> +O = <%= node['firezone']['ssl']['company_name'] %> +OU = <%= node['firezone']['ssl']['organizational_unit_name'] %> +CN = <%= node['firezone']['fqdn'] %> +emailAddress = <%= node['firezone']['ssl']['email_address'] %> diff --git a/omnibus/cookbooks/firezone/templates/sv-nginx-log-run.erb b/omnibus/cookbooks/firezone/templates/sv-nginx-log-run.erb index e2372e815..a85de9411 100644 --- a/omnibus/cookbooks/firezone/templates/sv-nginx-log-run.erb +++ b/omnibus/cookbooks/firezone/templates/sv-nginx-log-run.erb @@ -1,3 +1,3 @@ #!/bin/sh exec <%= node['runit']['svlogd_bin'] %> \ - -tt <%= node['supermarket']['nginx']['log_directory'] %> + -tt <%= node['firezone']['nginx']['log_directory'] %> diff --git a/omnibus/cookbooks/firezone/templates/sv-nginx-run.erb b/omnibus/cookbooks/firezone/templates/sv-nginx-run.erb index 3a221c8a2..96f1859ee 100644 --- a/omnibus/cookbooks/firezone/templates/sv-nginx-run.erb +++ b/omnibus/cookbooks/firezone/templates/sv-nginx-run.erb @@ -1,8 +1,8 @@ #!/bin/sh exec 2>&1 -<%= "export OPENSSL_FIPS=1" if node['supermarket']['fips_enabled'] == true %> +<%= "export OPENSSL_FIPS=1" if node['firezone']['fips_enabled'] == true %> exec <%= node['runit']['chpst_bin'] %> \ -P \ - <%= node['supermarket']['install_directory'] %>/embedded/sbin/nginx \ - -c <%= node['supermarket']['nginx']['directory'] %>/nginx.conf + <%= node['firezone']['install_directory'] %>/embedded/sbin/nginx \ + -c <%= node['firezone']['nginx']['directory'] %>/nginx.conf diff --git a/omnibus/cookbooks/firezone/templates/sv-phoenix-log-run.erb b/omnibus/cookbooks/firezone/templates/sv-phoenix-log-run.erb index 7e1c08a36..3746e01d2 100644 --- a/omnibus/cookbooks/firezone/templates/sv-phoenix-log-run.erb +++ b/omnibus/cookbooks/firezone/templates/sv-phoenix-log-run.erb @@ -1,3 +1,3 @@ #!/bin/sh exec <%= node['runit']['svlogd_bin'] %> \ - -tt <%= node['supermarket']['phoenix']['log_directory'] %> + -tt <%= node['firezone']['phoenix']['log_directory'] %> diff --git a/omnibus/cookbooks/firezone/templates/sv-phoenix-run.erb b/omnibus/cookbooks/firezone/templates/sv-phoenix-run.erb index 93d4026aa..48de79b2b 100644 --- a/omnibus/cookbooks/firezone/templates/sv-phoenix-run.erb +++ b/omnibus/cookbooks/firezone/templates/sv-phoenix-run.erb @@ -1,18 +1,18 @@ #!/bin/sh exec 2>&1 -export PATH=<%= node['supermarket']['install_directory'] %>/embedded/bin:$PATH -export LD_LIBRARY_PATH=<%= node['supermarket']['install_directory'] %>/embedded/lib -export DIR=<%= node['supermarket']['app_directory'] %> +export PATH=<%= node['firezone']['install_directory'] %>/embedded/bin:$PATH +export LD_LIBRARY_PATH=<%= node['firezone']['install_directory'] %>/embedded/lib +export DIR=<%= node['firezone']['app_directory'] %> export HOME=$DIR -<%= "export OPENSSL_FIPS=1" if node['supermarket']['fips_enabled'] == true %> +<%= "export OPENSSL_FIPS=1" if node['firezone']['fips_enabled'] == true %> cd $DIR exec <%= node['runit']['chpst_bin'] %> \ -P \ - -U <%= node['supermarket']['unicorn']['forked_user'] %> \ - -u <%= node['supermarket']['unicorn']['forked_user'] %> \ + -U <%= node['firezone']['unicorn']['forked_user'] %> \ + -u <%= node['firezone']['unicorn']['forked_user'] %> \ bundle exec unicorn -E production \ - -c <%= node['supermarket']['var_directory'] %>/etc/unicorn.rb - <%= node['supermarket']['install_directory'] %>/embedded/service/supermarket/config.ru + -c <%= node['firezone']['var_directory'] %>/etc/unicorn.rb + <%= node['firezone']['install_directory'] %>/embedded/service/firezone/config.ru diff --git a/omnibus/cookbooks/firezone/templates/sv-postgresql-log-run.erb b/omnibus/cookbooks/firezone/templates/sv-postgresql-log-run.erb index b38c88c1e..654254c6a 100644 --- a/omnibus/cookbooks/firezone/templates/sv-postgresql-log-run.erb +++ b/omnibus/cookbooks/firezone/templates/sv-postgresql-log-run.erb @@ -1,3 +1,3 @@ #!/bin/sh exec <%= node['runit']['svlogd_bin'] %> \ - -tt <%= node['supermarket']['postgresql']['log_directory'] %> + -tt <%= node['firezone']['postgresql']['log_directory'] %> diff --git a/omnibus/cookbooks/firezone/templates/sv-postgresql-run.erb b/omnibus/cookbooks/firezone/templates/sv-postgresql-run.erb index b95a09991..251a713b3 100644 --- a/omnibus/cookbooks/firezone/templates/sv-postgresql-run.erb +++ b/omnibus/cookbooks/firezone/templates/sv-postgresql-run.erb @@ -2,7 +2,7 @@ exec 2>&1 exec chpst \ -P \ - -U <%= node['supermarket']['postgresql']['username'] %> \ - -u <%= node['supermarket']['postgresql']['username'] %> \ - <%= node['supermarket']['install_directory']%>/embedded/bin/postgres \ - -D <%= node['supermarket']['postgresql']['data_directory'] %> + -U <%= node['firezone']['postgresql']['username'] %> \ + -u <%= node['firezone']['postgresql']['username'] %> \ + <%= node['firezone']['install_directory']%>/embedded/bin/postgres \ + -D <%= node['firezone']['postgresql']['data_directory'] %>