From 56d9144ad6b644e29127d83377b84fa0978e625e Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Tue, 8 Dec 2020 14:30:29 +0100
Subject: [PATCH 1/3] Disable ACME

Throws a warning when reloading the config, because it is enabled by
default, but not configured entirely. Disabling it explicitly removes
the warning.
---
 site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
index 0c82cc1..32db826 100644
--- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
@@ -32,6 +32,9 @@ s2s_ciphers: 'TLS_CIPHERS'
 c2s_protocol_options: 'TLS_OPTIONS'
 s2s_protocol_options: 'TLS_OPTIONS'
 
+acme:
+  auto: false
+
 listen:
   -
     port: 5222

From 8e0a66184cadcb156ede6cc8ea0a8a1ad7d995dd Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Tue, 8 Dec 2020 19:59:51 +0100
Subject: [PATCH 2/3] Use role for akkounts

Lets us search by role
---
 nodes/akkounts-1.json |  5 ++---
 roles/akkounts.rb     | 12 ++++++++++++
 2 files changed, 14 insertions(+), 3 deletions(-)
 create mode 100644 roles/akkounts.rb

diff --git a/nodes/akkounts-1.json b/nodes/akkounts-1.json
index 4e69606..b85f6d1 100644
--- a/nodes/akkounts-1.json
+++ b/nodes/akkounts-1.json
@@ -68,7 +68,6 @@
   },
   "run_list": [
     "recipe[kosmos-base]",
-    "recipe[kosmos-akkounts::default]",
-    "recipe[kosmos-akkounts::nginx]"
+    "role[akkounts]"
   ]
-}
\ No newline at end of file
+}
diff --git a/roles/akkounts.rb b/roles/akkounts.rb
new file mode 100644
index 0000000..1dae0bb
--- /dev/null
+++ b/roles/akkounts.rb
@@ -0,0 +1,12 @@
+name "akkounts"
+
+default_run_list = %w(
+  kosmos-akkounts::default
+  kosmos-akkounts::nginx
+)
+
+env_run_lists(
+  '_default' => default_run_list,
+  'development' => default_run_list,
+  'production' => default_run_list
+)

From 239b6aed51c4d8a58b573927d67bd66690698017 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Tue, 8 Dec 2020 20:00:31 +0100
Subject: [PATCH 3/3] Add API permissions for akkounts VMs

Using the zerotier IP, which is the same as the knife-zero host.
---
 site-cookbooks/kosmos-ejabberd/recipes/default.rb         | 8 +++++++-
 site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb | 8 ++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
index 0cde474..9533351 100644
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@@ -169,6 +169,11 @@ hosts.each do |host|
   end
 end
 
+akkounts_ip_addresses = []
+search(:node, "role:akkounts").each do |node|
+  akkounts_ip_addresses << node["knife_zero"]["host"]
+end
+
 template "/opt/ejabberd/conf/ejabberd.yml" do
   source    "ejabberd.yml.erb"
   mode      0640
@@ -178,7 +183,8 @@ template "/opt/ejabberd/conf/ejabberd.yml" do
             stun_auth_realm: "kosmos.org",
             turn_ip_address: node['ipaddress'],
             turn_min_port: node["kosmos-ejabberd"]["turn_min_port"],
-            turn_max_port: node["kosmos-ejabberd"]["turn_max_port"]
+            turn_max_port: node["kosmos-ejabberd"]["turn_max_port"],
+            akkounts_ip_addresses: akkounts_ip_addresses
   notifies :run, "execute[ejabberdctl reload_config]", :delayed
 end
 
diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
index 32db826..e1dca82 100644
--- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
@@ -174,6 +174,14 @@ api_permissions:
     what:
       - "status"
       - "connected_users_number"
+  "akkounts":
+    who:
+<% @akkounts_ip_addresses.each do |ip| -%>
+      - ip: "<%= ip %>/8"
+<% end -%>
+    what:
+      - "add_rosteritem"
+      - "delete_rosteritem"
 
 language: "en"