-
-
Notifications
You must be signed in to change notification settings - Fork 60
/
Copy pathgoss.yaml
116 lines (113 loc) · 3.34 KB
/
goss.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
file:
/etc/os-release:
exists: true
contains:
- {{getEnv "TARGET" "ubuntu"}}
/home/mastodon/.bashrc:
exists: true
owner: "mastodon"
group: "mastodon"
filetype: "file"
contains: ["rbenv init -", "PATH="]
/usr/bin/node:
exists: true
filetype: "file"
mode: "0755"
/etc/letsencrypt/live/mastodon.local/fullchain.pem:
exists: true
filetype: "symlink"
mode: "0777"
/etc/letsencrypt/live/mastodon.local/privkey.pem:
exists: true
filetype: "symlink"
mode: "0777"
/home/mastodon/.rbenv/plugins/ruby-build/bin/ruby-build:
exists: true
filetype: "file"
{{- if eq (getEnv "TARGET" "ubuntu") "rhel" }}
mode: "0755"
{{- else }}
mode: "0775"
{{- end }}
owner: "mastodon"
/home/mastodon/live:
exists: true
filetype: "directory"
owner: "mastodon"
{{- if eq (getEnv "TARGET" "ubuntu") "rhel" -}}
{{- $nginxConfigLocation := "conf.d"}}
/etc/nginx/{{- $nginxConfigLocation }}/mastodon.conf:
exists: true
filetype: "file"
{{- else -}}
{{- $nginxConfigLocation := "sites-available"}}
{{- $nginxConfigEnabled := "sites-enabled"}}
/etc/nginx/{{- $nginxConfigLocation }}/mastodon.conf:
exists: true
filetype: "file"
/etc/nginx/{{- $nginxConfigEnabled }}/mastodon.conf:
exists: true
filetype: "symlink"
{{- end -}}
{{range .Vars.service_files }}
{{.}}:
exists: true
filetype: "file"
{{end}}
service:
{{range .Vars.services }}
{{.}}:
enabled: true
running: true
{{end}}
command:
ruby:
#Previous implementation was directly checking against a fixed version and required manual update every time mastodon updated it's ruby version
#With this current implementation, we directly check against the ruby version requested by Mastodon against what eventually got installed
#Also can't use True or False as stdout output because Ubuntu is doing something funny and turning the string into a boolean and it fails the test. No I don't know why.
exit-status: 0
exec: >-
[[ "$(sudo -u mastodon -i cat /home/mastodon/live/.ruby-version)" == "$(sudo -u mastodon -i ruby -v | sed 's/^.*[^0-9]\([0-9]*\.[0-9]*\.[0-9]*\).*$/\1/')" ]] && echo "Match" || echo "No Match"
stdout:
- "Match"
crontab:
exit-status: 0
exec: "sudo crontab -l -u mastodon"
stdout:
- "15 1 * * * /bin/bash -c 'export PATH=\"$HOME/.rbenv/bin:$PATH\"; eval \"$(rbenv init -)\"; cd /home/mastodon/live && RAILS_ENV=production ./bin/tootctl media remove'"
{{if eq .Env.TARGET "ubuntu"}}
ufw:
exit-status: 0
exec: "ufw status"
stdout:
{{range .Vars.firewall_open_ports }}
- "/{{.}}/tcp \\s* ALLOW \\s* Anywhere/"
- "/{{.}}/tcp \\(v6\\) \\s* ALLOW \\s* Anywhere \\(v6\\)/"
{{end}}
{{end}}
postgres:
exit-status: 0
exec: "PGPASSWORD=CHANGEME psql -d mastodon_instance -h 127.0.0.1 -U mastodon -c 'CREATE TABLE test (v varchar(20)); DROP TABLE test;'"
jemalloc:
exit-status: 0
exec: "sudo -u mastodon -i bash -c 'ldd $(rbenv which ruby) | grep -q libjemalloc'"
http:
https://mastodon.local/:
status: 200
allow-insecure: true
no-follow-redirects: false
body: [ mastodon.local ]
user:
mastodon:
exists: true
groups:
- mastodon
home: /home/mastodon
shell: /bin/bash
package:
{{if eq .Env.TARGET "ubuntu"}}
{{range .Vars.packages.ubuntu }}
{{.}}:
installed: true
{{end}}
{{end}}