Added Chef cookbooks and settings.

.gitmodules

@@ -0,0 +1,39 @@
+[submodule "chef/cookbooks/git"]
+	path = chef/cookbooks/git
+	url = git://github.com/opscode-cookbooks/git.git
+[submodule "chef/cookbooks/ufw"]
+	path = chef/cookbooks/ufw
+	url = git://github.com/opscode-cookbooks/ufw.git
+[submodule "chef/cookbooks/firewall"]
+	path = chef/cookbooks/firewall
+	url = git://github.com/opscode-cookbooks/firewall.git
+[submodule "chef/cookbooks/runit"]
+	path = chef/cookbooks/runit
+	url = git://github.com/opscode-cookbooks/runit.git
+[submodule "chef/cookbooks/build-essential"]
+	path = chef/cookbooks/build-essential
+	url = git://github.com/opscode-cookbooks/build-essential.git
+[submodule "chef/cookbooks/nginx"]
+	path = chef/cookbooks/nginx
+	url = git://github.com/opscode-cookbooks/nginx.git
+[submodule "chef/cookbooks/ohai"]
+	path = chef/cookbooks/ohai
+	url = git://github.com/opscode-cookbooks/ohai.git
+[submodule "chef/cookbooks/rvm"]
+	path = chef/cookbooks/rvm
+	url = git://github.com/fnichol/chef-rvm.git
+[submodule "chef/cookbooks/memcached"]
+	path = chef/cookbooks/memcached
+	url = git://github.com/opscode-cookbooks/memcached.git
+[submodule "chef/cookbooks/mysql"]
+	path = chef/cookbooks/mysql
+	url = git://github.com/opscode-cookbooks/mysql.git
+[submodule "chef/cookbooks/openssl"]
+	path = chef/cookbooks/openssl
+	url = git://github.com/opscode-cookbooks/openssl.git
+[submodule "chef/cookbooks/redis"]
+	path = chef/cookbooks/redis
+	url = git://github.com/CXInc/chef-redis.git
+[submodule "chef/cookbooks/nodejs"]
+	path = chef/cookbooks/nodejs
+	url = git://github.com/mdxp/nodejs-cookbook.git

Vagrantfile

@@ -68,7 +68,7 @@ Vagrant::Config.run do |config|
   # some recipes and/or roles.
   #
   config.vm.provision :chef_solo do |chef|
-    chef_root = File.expand_path('../../test-chef-solo/chef', __FILE__)
+    chef_root = File.expand_path('../chef', __FILE__)
     chef.cookbooks_path = ["#{chef_root}/cookbooks", "#{chef_root}/site-cookbooks"]
     chef.data_bags_path = "#{chef_root}/data_bags"
 

chef/data_bags/firewall/nginx__source.json

@@ -0,0 +1,8 @@
+{
+  "id": "nginx__source",
+  "rules": [
+    {"http": {
+      "port": "80"
+    }}
+  ]
+}

chef/data_bags/users/cjoudrey.json

@@ -0,0 +1,7 @@
+{
+  "id": "cjoudrey",
+  "groups": ["admin"],
+  "home": "/home/cjoudrey",
+  "shell": "/bin/bash",
+  "ssh_keys": ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDODP3Io7mZWwPuBfP3GylZ+ojAqeoV9mQKtmyN5x7n2GCXsUKV1Wirg17QfYeKR1aELZ1FpqK120g8tHEMwnCGk+ewLXOfEZOw4jEyQ8kmpOf79aG53wVAz3Tlc175DVoT/4SAaZdbVmSpO/ut68lS+uHicxdsbXKySN6Ih3UlAVRjjML3XKdPbBT6F4c2LEFTb25gXjmx8bo+iOdQXEhsOXlDoPWP0sYDxopD5YYdZbO5hG2bNjnJBjklk4fBmRGa516LS99kmJ+i83e25VGlw25qixE8apdoBgveba00kfBTTrVLa03Fbh/oKrZPOKnmL0S9MEP2+8jq8Jk9ttNb MBA"]
+}

chef/data_bags/users/deploy.json

@@ -0,0 +1,7 @@
+{
+  "id": "deploy",
+  "groups": ["admin"],
+  "home": "/home/deploy",
+  "shell": "/bin/bash",
+  "ssh_keys": ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDODP3Io7mZWwPuBfP3GylZ+ojAqeoV9mQKtmyN5x7n2GCXsUKV1Wirg17QfYeKR1aELZ1FpqK120g8tHEMwnCGk+ewLXOfEZOw4jEyQ8kmpOf79aG53wVAz3Tlc175DVoT/4SAaZdbVmSpO/ut68lS+uHicxdsbXKySN6Ih3UlAVRjjML3XKdPbBT6F4c2LEFTb25gXjmx8bo+iOdQXEhsOXlDoPWP0sYDxopD5YYdZbO5hG2bNjnJBjklk4fBmRGa516LS99kmJ+i83e25VGlw25qixE8apdoBgveba00kfBTTrVLa03Fbh/oKrZPOKnmL0S9MEP2+8jq8Jk9ttNb MBA"]
+}

chef/node.json

@@ -0,0 +1,41 @@
+{
+  "run_list": [
+    "recipe[build-essential]",
+    "recipe[ufw::databag]",
+    "recipe[openssh]",
+    "recipe[users]",
+    "recipe[git]",
+    "recipe[rvm::system]",
+    "recipe[memcached]",
+    "recipe[mysql::server]",
+    "recipe[nginx::source]",
+    "recipe[redis::server_source]",
+    "recipe[redis::_server_service]",
+    "recipe[nodejs]"
+  ],
+  "nginx": {
+    "version": "1.2.1"
+  },
+  "rvm": {
+    "default_ruby": "ruby-1.9.3-p194",
+    "user_default_ruby": "ruby-1.9.3-p194"
+  },
+  "mysql": {
+    "server_root_password": "temporary_password_Pqa7RkzyDic4YMD2R3vDtFHpJ4hmoECzpz74T4zxfmE",
+    "server_repl_password": "temporary_password_Pqa7RkzyDic4YMD2R3vDtFHpJ4hmoECzpz74T4zxfmE",
+    "server_debian_password": "temporary_password_Pqa7RkzyDic4YMD2R3vDtFHpJ4hmoECzpz74T4zxfmE",
+    "package_name": "mysql-server-5.5",
+    "use_upstart": true,
+    "skip-innodb": true,
+    "tunable": {
+      "sort_buffer_size": "64K",
+      "net_buffer_length": "2K"
+    }
+  },
+  "redis": {
+    "source": {
+      "sha": "9e388d2c070b15136da1277f4d21f1c788694b12",
+      "version": "2.4.15"
+    }
+  }
+}

chef/site-cookbooks/memcached/recipes/default.rb

@@ -0,0 +1,7 @@
+package "memcached"
+
+service "memcached" do
+  action [:stop, :disable]
+end
+
+memcached_instance "main"

chef/site-cookbooks/openssh/files/default/sshd_config

@@ -0,0 +1,89 @@
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+AllowAgentForwarding yes
+
+# What ports, IPs and protocols we listen for
+Port 22
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin no
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile %h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+PasswordAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes

chef/site-cookbooks/openssh/recipes/default.rb

@@ -0,0 +1,10 @@
+cookbook_file '/etc/ssh/sshd_config' do
+  source 'sshd_config'
+  owner 'root'
+  group 'root'
+  mode '0644'
+end
+
+service 'ssh' do
+  action :restart
+end

chef/site-cookbooks/users/recipes/default.rb

@@ -0,0 +1,42 @@
+users = data_bag('users')
+
+users.each do |name|
+  u = data_bag_item('users', name)
+
+  user(name) do
+    gid u['gid'] if u['gid']
+    shell u['shell']
+    comment u['comment']
+    if u['home']
+      home u['home']
+      supports :manage_home => true
+    else
+      supports :manage_home => false
+    end
+  end
+
+  if u['home']
+    directory "#{u['home']}/.ssh" do
+      owner u['id']
+      group u['gid'] || u['id']
+      mode '0700'
+    end
+
+    if u['ssh_keys']
+      template "#{u['home']}/.ssh/authorized_keys" do
+        source 'authorized_keys.erb'
+        owner u['id']
+        group u['gid'] || u['id']
+        mode '0600'
+        variables :ssh_keys => u['ssh_keys']
+      end
+    end
+  end
+
+  u['groups'].each do |g|
+    group g do
+      members name
+      append true
+    end
+  end
+end

chef/site-cookbooks/users/templates/default/authorized_keys.erb

@@ -0,0 +1,4 @@
+# Dropped off by Chef, thanks!
+<% Array(@ssh_keys).each do |key| %>
+<%= key %>
+<% end %>