Version v0.1.0. Initial release.

@@ -18,3 +18,4 @@ bin/*
 
 .kitchen/
 .kitchen.local.yml
+.chef

 source "https://supermarket.chef.io"
 
 metadata
+
+cookbook 'cfe-users', git: 'https://gitlab.chromedia.com/ops/cfe-users.git', tag: 'v0.1.0'
+cookbook 'cfe-mariadb', git: 'https://gitlab.chromedia.com/ops/cfe-mariadb.git', tag: 'v0.5.0'
+cookbook 'backup-file2s3', git: 'https://gitlab.chromedia.com/ops/backup-file2s3.git', tag: 'v0.3.3'
+cookbook 'cfe-nginx-php-fpm', git: 'https://gitlab.chromedia.com/ops/cfe-nginx-php-fpm.git', tag: 'v0.5.1'
+cookbook 'cfe-simple-iptables', git: 'https://gitlab.chromedia.com/ops/cfe-simple-iptables.git', tag: 'v0.1.0'
+
+cookbook 'cookbook-letsencrypt', git: 'https://github.com/nollieheel/cookbook-letsencrypt.git', tag: 'v0.2.0'
+cookbook 'cookbook-phpmyadmin', git: 'https://github.com/nollieheel/cookbook-phpmyadmin.git', tag: 'v0.1.0'
+cookbook 'cookbook-updater', git: 'https://github.com/nollieheel/cookbook-updater.git', tag: 'v0.2.0'
+cookbook 'cookbook-zabbix', git: 'https://github.com/nollieheel/cookbook-zabbix.git', tag: 'v1.0.1'

-## 0.1.0 - 2016-12-02
+## 0.1.0 - 2016-12-06
 ### Added
 - Initial release of cfe-server cookbook.
 

 # cfe-server-cookbook
 
-TODO: Enter the cookbook description here.
+Integrates the common cookbooks used for most (staging) servers.
 
 ## Supported Platforms
 
-TODO: List your supported platforms.
+Tested on Ubuntu 14.04.
 
 ## Attributes
 
@@ -16,9 +16,9 @@ TODO: List your supported platforms.
     <th>Default</th>
   </tr>
   <tr>
-    <td><tt>['cfe-server']['bacon']</tt></td>
+    <td><tt>['cfe-server']['']</tt></td>
     <td>Boolean</td>
-    <td>whether to include bacon</td>
+    <td>Description</td>
     <td><tt>true</tt></td>
   </tr>
 </table>
@@ -27,7 +27,7 @@ TODO: List your supported platforms.
 
 ### cfe-server::default
 
-Include `cfe-server` in your node's `run_list`:
+Enter proper attributes for the different wrapped cookbooks, including this one. Then include `cfe-server` in your node's `run_list`:
 
 ```json
 {

+#
+# Author:: Earth U (<sysadmin @ chromedia.com>)
+# Cookbook Name:: cfe-server
+# Attribute:: default
+#
+# Copyright 2016, Chromedia Far East, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+cb = 'cfe-server'
+
+default[cb]['db']['mariadb']['install'] = false
+default[cb]['db']['include_mongodb']    = true
+
+default[cb]['filesystem']['swapfile'] = false
+default[cb]['filesystem']['swapsize'] = '2G'
+default[cb]['filesystem']['perms'] = [
+#  {
+#    :path => '/path',
+#    :owner => nil, # Optional
+#    :group => nil, # Optional
+#    :mode  => nil # Optional
+#  }
+]
+default[cb]['filesystem']['symlinks'] = {
+#  '/link/name' => '/target/path'
+}
+
+default[cb]['tls']['include_letsencrypt'] = true
+
+default[cb]['app']['include_postfix'] = true
+default[cb]['app']['include_php']     = true
+default[cb]['app']['include_pma']     = false
+
+default[cb]['app']['composer']['project_paths'] = [
+#  '/composer/proj/path/to/install'
+]
+
+default[cb]['misc']['cronjobs'] = [
+#  {
+#    :name    => 'arbitrary_name_of_cronjob',
+#    :command => 'command to perform',
+#    :sched   => '0 0 * * *',
+#    :mailto  => '""',
+#    :enable  => true
+#  }
+]
+default[cb]['misc']['logrotatejobs'] = [
+#  {
+#    :name    => 'arbitrary_name_of_job', # a filename, no spaces
+#    :path    => '/path/to/rotate/*.log',
+#    :options => %w{ weekly rotate\ 12 missingok compress notifempty },
+#    :enable  => true
+#  }
+]
+
+default[cb]['misc']['logrotate']['conf_dir'] = '/etc/logrotate.d'
+default[cb]['misc']['sshd']['ports']         = [ 22, 8765 ]
+default[cb]['misc']['sshd']['conf_path']     = '/etc/ssh/sshd_config'
+
+default[cb]['web']['include_nginx'] = true

+{
+  "comment": "Test User",
+  "shell": "/bin/bash",
+  "groups": [
+    "test",
+    "devs",
+    "adm",
+    "plugdev",
+    "netdev"
+  ],
+  "ssh_keys": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCx7fx78WXwHhrB3BGUVyrw2XONh/qE6waU/8/0aZ6bkBSGu2z2GnkXI6JSfAuAO7spBHlXJZRtwTV5VuJx4n28zmQpTksGjS8xP/a1vphwwVkABomempxY97V4PBJqpWSzCoHG2zmotARcwBKJcwQd4FFE7vngrBk9SxczyWer26rMkY8SyjUFQm2o8dPuZuaY8rHqK9QUw1YJg3rSDd6qfi2dlunAc8fbTdDnZ5hjgmlrfyFLgoP31Ix0OVL9ogFYE//tV9CjHbwV2wKCJEI57rXJ/AMX4ZTTR6L6ljoKDxis9QiJwae/x0J+fi8EADtaLrbdZ0y5nu4/UtSURVXt cfe_stg_20161109",
+  "id": "test"
+}

+{
+  "comment": "Chromedia SysAdmin",
+  "shell": "/bin/bash",
+  "groups": [
+    "cfe",
+    "sysadmins",
+    "adm",
+    "plugdev",
+    "netdev"
+  ],
+  "ssh_keys": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCx7fx78WXwHhrB3BGUVyrw2XONh/qE6waU/8/0aZ6bkBSGu2z2GnkXI6JSfAuAO7spBHlXJZRtwTV5VuJx4n28zmQpTksGjS8xP/a1vphwwVkABomempxY97V4PBJqpWSzCoHG2zmotARcwBKJcwQd4FFE7vngrBk9SxczyWer26rMkY8SyjUFQm2o8dPuZuaY8rHqK9QUw1YJg3rSDd6qfi2dlunAc8fbTdDnZ5hjgmlrfyFLgoP31Ix0OVL9ogFYE//tV9CjHbwV2wKCJEI57rXJ/AMX4ZTTR6L6ljoKDxis9QiJwae/x0J+fi8EADtaLrbdZ0y5nu4/UtSURVXt cfe_stg_20161109",
+  "id": "cfe"
+}

@@ -6,4 +6,19 @@ description      'Simplifies setting up common Linux servers.'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 version          '0.1.0'
 
+%w{
+  cfe-users           cfe-mariadb 
+  backup-file2s3      cfe-nginx-php-fpm 
+  cfe-simple-iptables
+
+  cookbook-letsencrypt cookbook-phpmyadmin
+  cookbook-updater     cookbook-zabbix 
+}.each do |cb|
+  depends cb
+end
+
+depends 'mongodb3', '~> 5.2.0'
+depends 'composer', '~> 2.5.2'
+depends 'cron', '~> 1.7.6'
+
 supports 'ubuntu', '>= 14.04'

+#
+# Author:: Earth U (<sysadmin @ chromedia.com>)
+# Cookbook Name:: cfe-server
+# Recipes:: app
+#
+# Copyright 2016, Chromedia Far East, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if node[cookbook_name]['app']['include_postfix']
+  include_recipe 'cfe-nginx-php-fpm::postfix'
+end
+
+if node[cookbook_name]['app']['include_php']
+  node.default['composer']['php_recipe'] = 'cfe-nginx-php-fpm::php-fpm'
+  package 'unzip'
+  include_recipe 'composer'
+
+  node[cookbook_name]['app']['composer']['project_paths'].each do |xpath|
+    composer_project(xpath) { quiet false }
+  end
+end
+
+if node[cookbook_name]['app']['include_pma']
+  include_recipe 'cookbook-phpmyadmin'
+end

+#
+# Author:: Earth U (<sysadmin @ chromedia.com>)
+# Cookbook Name:: cfe-server
+# Recipes:: db
+#
+# Copyright 2016, Chromedia Far East, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if node[cookbook_name]['db']['mariadb']['install']
+  include_recipe 'cfe-mariadb'
+else
+  include_recipe 'mariadb::client'
+  include_recipe 'cfe-mariadb::schema'
+end
+
+include_recipe 'cfe-mariadb::reload_from_s3'
+include_recipe 'cfe-mariadb::backup2s3'
+
+if node[cookbook_name]['db']['include_mongodb']
+  include_recipe 'mongodb3'
+end

 #
+# Author:: Earth U (<sysadmin @ chromedia.com>)
 # Cookbook Name:: cfe-server
-# Recipe:: default
+# Recipes:: default
 #
-# Copyright (C) 2016 YOUR_NAME
+# Copyright 2016, Chromedia Far East, Inc.
 #
-# All rights reserved - Do Not Redistribute
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
 #
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "#{cookbook_name}::os"
+include_recipe "#{cookbook_name}::db"
+include_recipe "#{cookbook_name}::filesystem"
+include_recipe "#{cookbook_name}::tls"
+include_recipe "#{cookbook_name}::app"
+include_recipe "#{cookbook_name}::misc"
+include_recipe "#{cookbook_name}::web"

+#
+# Author:: Earth U (<sysadmin @ chromedia.com>)
+# Cookbook Name:: cfe-server
+# Recipes:: filesystem
+#
+# Copyright 2016, Chromedia Far East, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+swapfile = node[cookbook_name]['filesystem']['swapfile']
+bash 'enable_swap' do
+  code <<-EOF.gsub(/^\s+/, '')
+    set -e
+    if [[ ! -f #{swapfile} ]] ; then
+      fallocate -l #{node[cookbook_name]['filesystem']['swapsize']} #{swapfile}
+      chmod 600 #{swapfile}
+      mkswap #{swapfile}
+      swapon #{swapfile}
+      echo "#{swapfile} none swap sw 0 0" >> /etc/fstab
+    fi
+  EOF
+  only_if { swapfile }
+end
+
+if node['backup-file2s3']['backups']
+  node['backup-file2s3']['backups'].each do |xback|
+    xback[:paths].each do |xpath|
+
+      # Each path spec can have the following additional attributes:
+      # {
+      #   :extract     => true, # Default: true
+      #   :ex_creates  => 'filename', # Relative to path.
+      #   :ex_priv_key => nil # Default is a node attribute
+      # }
+      unless xpath.has_key?(:extract) && xpath[:extract] == false
+        tdir = ::File.dirname(xpath[:path])
+        crea = "#{xpath[:path]}/#{xpath[:ex_creates]}"
+        encr = xpath[:bak_encrypted]
+        pkey = xpath.has_key?(:ex_priv_key) ? xpath[:ex_priv_key] : nil
+
+        aws_tar_extract xpath[:bak_filename] do
+          target_dir tdir
+          creates    crea
+          encrypted  encr
+          priv_key   pkey
+        end
+      end
+
+    end
+  end
+end
+
+include_recipe 'backup-file2s3'
+
+node[cookbook_name]['filesystem']['perms'].each do |perm|
+  if perm[:owner] && perm[:group]
+    execute "chown -R #{perm[:owner]}:#{perm[:group]} #{perm[:path]}"
+  elsif perm[:owner]
+    execute "chown -R #{perm[:owner]} #{perm[:path]}"
+  elsif perm[:group]
+    execute "chown -R #{perm[:group]} #{perm[:path]}"
+  end
+
+  if perm[:mode]
+    execute "chmod -R #{perm[:mode]} #{perm[:path]}"
+  end
+end
+
+node[cookbook_name]['filesystem']['symlinks'].each do |xfrom, xto|
+  directory(::File.dirname(xfrom)) { recursive true }
+  link(xfrom) { to xto }
+end

+#
+# Author:: Earth U (<sysadmin @ chromedia.com>)
+# Cookbook Name:: cfe-server
+# Recipes:: misc
+#
+# Copyright 2016, Chromedia Far East, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+node[cookbook_name]['misc']['cronjobs'].each do |cjob|
+  sched = cjob[:sched].split(' ')
+  is_enable = cjob.has_key?(:enable) ? cjob[:enable] : true
+  cron_d cjob[:name] do
+    command cjob[:command]
+    minute  sched[0]
+    hour    sched[1]
+    day     sched[2]
+    month   sched[3]
+    weekday sched[4]
+    mailto  cjob[:mailto]
+    path    '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin'
+    action( is_enable ? :create : :delete )
+  end
+end
+
+package 'logrotate'
+
+node[cookbook_name]['misc']['logrotatejobs'].each do |ljob|
+  jname = "#{node[cookbook_name]['misc']['logrotate']['conf_dir']}/"\
+          "#{ljob[:name]}"
+  is_enable = ljob.has_key?(:enable) ? ljob[:enable] : true
+  template jname do
+    source 'logrotate.erb'
+    variables(
+      :path    => ljob[:path],
+      :options => ljob[:options]
+    )
+    action( is_enable ? :create : :delete )
+  end
+end
+
+template node[cookbook_name]['misc']['sshd']['conf_path'] do
+  mode 0644
+  variables(
+    :ports => node[cookbook_name]['misc']['sshd']['ports']
+  )
+end

+#
+# Author:: Earth U (<sysadmin @ chromedia.com>)
+# Cookbook Name:: cfe-server
+# Recipes:: os
+#
+# Copyright 2016, Chromedia Far East, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'cookbook-updater::onetime'
+include_recipe 'cookbook-updater::packages'
+include_recipe 'cfe-users'

+#
+# Author:: Earth U (<sysadmin @ chromedia.com>)
+# Cookbook Name:: cfe-server
+# Recipes:: tls
+#
+# Copyright 2016, Chromedia Far East, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if node[cookbook_name]['tls']['include_letsencrypt']
+  include_recipe 'cookbook-letsencrypt'
+end

+#
+# Author:: Earth U (<sysadmin @ chromedia.com>)
+# Cookbook Name:: cfe-server
+# Recipes:: web
+#
+# Copyright 2016, Chromedia Far East, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if node[cookbook_name]['web']['include_nginx']
+  include_recipe 'cfe-nginx-php-fpm::nginx'
+end

+<%= @path %> {
+<% @options.each do |str| -%>
+  <%= str %>
+<% end -%>
+}

+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+# What ports, IPs and protocols we listen for
+<% @ports.each do |port| -%>
+Port <%= port %>
+<% end -%>
+
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 1024
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin no
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile %h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+PasswordAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding no
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp internal-sftp
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes