diff --git a/data_bags/credentials/postgresql.json b/data_bags/credentials/postgresql.json index d05711a..886b65a 100644 --- a/data_bags/credentials/postgresql.json +++ b/data_bags/credentials/postgresql.json @@ -1,23 +1,23 @@ { "id": "postgresql", "ejabberd_user_password": { - "encrypted_data": "OTwgFCOLHgoFLsdcHs1U04sJf7ZzVepeDwlNmPMtO8FtyzpfySY9\n", - "iv": "k9wX2WEsJyJn+OYs\n", - "auth_tag": "fL/HNcno/MuWE+yQOFCC3g==\n", + "encrypted_data": "s31aNIv9ZTlU8cVXMDUB79Iv+EozZS1NSZVU5ey9xpBf2WYohpSqni/5Wg==\n", + "iv": "a3LWKNYmUZfSMc1Y\n", + "auth_tag": "3P+WFcDw/R1d983g7YoFUw==\n", "version": 3, "cipher": "aes-256-gcm" }, "server_password": { - "encrypted_data": "4Y87daXYAxzfYxRIkR8b+DLOp4+dYJnc91hN22iWmOfO3umv8wZU\n", - "iv": "LDeMAKUEIq9oe2Zu\n", - "auth_tag": "uVaRO+t/KSFebrEB6wp+yQ==\n", + "encrypted_data": "w7zghEF+DjUhS59cze+qviqDcy8mQpIgW6olHabas1IH4t0z+IQ7\n", + "iv": "ppqOzJGczWtwGRnX\n", + "auth_tag": "2Lhqw7Rhm35HcltsDtaJIw==\n", "version": 3, "cipher": "aes-256-gcm" }, "mastodon_user_password": { - "encrypted_data": "s/XxLUwjZsJ/XidEVi50oePBR4OQ0z/3czs9uOcw1fA1c6qqEzb98iHXpw==\n", - "iv": "pKvwLeC05f7P+cke\n", - "auth_tag": "/yHUD+RSCMhLhrnQJAZqrw==\n", + "encrypted_data": "84UPPmtNh/5MH6u4svMPhRHBGK1GFnP4G2tk/a+wQLNxSB8FlDsTuqSC2A==\n", + "iv": "UBl2ILWCc2WKcN6d\n", + "auth_tag": "NF/xcK0tmvbBo1dDFhOf7w==\n", "version": 3, "cipher": "aes-256-gcm" } diff --git a/nodes/andromeda.kosmos.org.json b/nodes/andromeda.kosmos.org.json index 5ff1f3c..7f3025d 100644 --- a/nodes/andromeda.kosmos.org.json +++ b/nodes/andromeda.kosmos.org.json @@ -3,11 +3,13 @@ "role[base]", "kosmos-base::andromeda_firewall", "role[ipfs_cluster_with_tls]", + "kosmos-postgresql", "kosmos-mediawiki", "sockethub", "sockethub::proxy", "kosmos-btcpayserver::proxy", - "role[mastodon]" + "role[mastodon]", + "role[ejabberd]" ], "automatic": { "ipaddress": "andromeda.kosmos.org" diff --git a/roles/ejabberd.rb b/roles/ejabberd.rb new file mode 100644 index 0000000..e126017 --- /dev/null +++ b/roles/ejabberd.rb @@ -0,0 +1,7 @@ +name "ejabberd" + +run_list %w( + kosmos-ejabberd::default + kosmos-ejabberd::letsencrypt + kosmos-ejabberd::backup +) diff --git a/site-cookbooks/backup/attributes/default.rb b/site-cookbooks/backup/attributes/default.rb index 0d9fd55..4ce200a 100644 --- a/site-cookbooks/backup/attributes/default.rb +++ b/site-cookbooks/backup/attributes/default.rb @@ -27,7 +27,8 @@ default["backup"]["mysql"]["username"] = "root" default["backup"]["mysql"]["host"] = "localhost" # PostgreSQL default settings -default["backup"]["postgresql"]["databases"] = [] +default["backup"]["postgresql"]["databases"] = {} +default["backup"]["postgresql"]["username"] = "postgres" default["backup"]["postgresql"]["host"] = "localhost" default["backup"]["postgresql"]["port"] = 5432 diff --git a/site-cookbooks/backup/templates/default/backup.rb.erb b/site-cookbooks/backup/templates/default/backup.rb.erb index d844c20..5267f07 100644 --- a/site-cookbooks/backup/templates/default/backup.rb.erb +++ b/site-cookbooks/backup/templates/default/backup.rb.erb @@ -17,9 +17,14 @@ KosmosBackup.new(:default, 'default backup') do <%- end -%> <%- if node["backup"]["postgresql"] -%> -<%- node["backup"]["postgresql"]["databases"].each do |db_name| -%> - database PostgreSQL, :"<%= db_name.to_sym %>" do |db| +<%- node["backup"]["postgresql"]["databases"].each do |db_name, h| -%> + database PostgreSQL, :"<%= db_name %>" do |db| db.name = "<%= db_name %>" + <%- unless h.nil? -%> + <%- h.each do |k, v| -%> + db.<%= k %> = "<%= v %>" + <%- end -%> + <%- end -%> end <%- end -%> <%- end -%> diff --git a/site-cookbooks/kosmos-base/recipes/andromeda_firewall.rb b/site-cookbooks/kosmos-base/recipes/andromeda_firewall.rb index 3401bff..4bdfc20 100644 --- a/site-cookbooks/kosmos-base/recipes/andromeda_firewall.rb +++ b/site-cookbooks/kosmos-base/recipes/andromeda_firewall.rb @@ -26,12 +26,6 @@ # Temporary extra rules for Andromeda -firewall_rule 'ejabberd' do - port [5222, 5269, 5280, 5443] - protocol :tcp - command :allow -end - firewall_rule 'bitcoind' do port [8333, 8334, 8335] protocol :tcp diff --git a/site-cookbooks/kosmos-ejabberd/.delivery/project.toml b/site-cookbooks/kosmos-ejabberd/.delivery/project.toml new file mode 100644 index 0000000..6d5e361 --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/.delivery/project.toml @@ -0,0 +1 @@ +remote_file = "https://raw.githubusercontent.com/chef-cookbooks/community_cookbook_tools/master/delivery/project.toml" diff --git a/site-cookbooks/kosmos-ejabberd/.gitignore b/site-cookbooks/kosmos-ejabberd/.gitignore new file mode 100644 index 0000000..13e41c4 --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/.gitignore @@ -0,0 +1,22 @@ +.vagrant +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +gems.locked +bin/* +.bundle/* + +# test kitchen +.kitchen/ +.kitchen.local.yml + +# Chef +Berksfile.lock +.zero-knife.rb +Policyfile.lock.json diff --git a/site-cookbooks/kosmos-ejabberd/.kitchen.yml b/site-cookbooks/kosmos-ejabberd/.kitchen.yml new file mode 100644 index 0000000..1650f7d --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/.kitchen.yml @@ -0,0 +1,23 @@ +--- +driver: + name: vagrant + +provisioner: + name: chef_zero + # You may wish to disable always updating cookbooks in CI or other testing environments. + # For example: + # always_update_cookbooks: <%= !ENV['CI'] %> + always_update_cookbooks: true + +verifier: + name: inspec + +platforms: + - name: ubuntu-16.04 + - name: ubuntu-18.04 + +suites: + - name: default + run_list: + - recipe[kosmos-ejabberd::default] + attributes: diff --git a/site-cookbooks/kosmos-ejabberd/Berksfile b/site-cookbooks/kosmos-ejabberd/Berksfile new file mode 100644 index 0000000..8c1347f --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/Berksfile @@ -0,0 +1,6 @@ +# frozen_string_literal: true +source 'https://supermarket.chef.io' +source chef_repo: ".." + +cookbook "kosmos-postgresql", path: "../kosmos-postgresql" +metadata diff --git a/site-cookbooks/kosmos-ejabberd/CHANGELOG.md b/site-cookbooks/kosmos-ejabberd/CHANGELOG.md new file mode 100644 index 0000000..6f203ef --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/CHANGELOG.md @@ -0,0 +1,11 @@ +# kosmos-ejabberd CHANGELOG + +This file is used to list changes made in each version of the kosmos-ejabberd cookbook. + +# 0.1.0 + +Initial release. + +- change 0 +- change 1 + diff --git a/site-cookbooks/kosmos-ejabberd/LICENSE b/site-cookbooks/kosmos-ejabberd/LICENSE new file mode 100644 index 0000000..f3b5d1c --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/LICENSE @@ -0,0 +1,20 @@ +Copyright (c) 2019 Kosmos Developers + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/site-cookbooks/kosmos-ejabberd/README.md b/site-cookbooks/kosmos-ejabberd/README.md new file mode 100644 index 0000000..b9d427d --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/README.md @@ -0,0 +1,4 @@ +# kosmos-ejabberd + +Sets up ejabberd with vhosts for kosmos.org (public server) and 5apps.com +(private server). diff --git a/site-cookbooks/kosmos-ejabberd/attributes/default.rb b/site-cookbooks/kosmos-ejabberd/attributes/default.rb new file mode 100644 index 0000000..3f7d227 --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/attributes/default.rb @@ -0,0 +1,2 @@ +node.default["kosmos-ejabberd"]["version"] = "19.02" +node.default["kosmos-ejabberd"]["checksum"] = "aea550c58e61eab04ca9beb8896d8b04f4a79321c21dee160a67ad6787236f51" diff --git a/site-cookbooks/kosmos-ejabberd/chefignore b/site-cookbooks/kosmos-ejabberd/chefignore new file mode 100644 index 0000000..4439807 --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/chefignore @@ -0,0 +1,104 @@ +# Put files/directories that should be ignored in this file when uploading +# to a chef-server or supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +Icon? +nohup.out +ehthumbs.db +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +\#* +.#* +*~ +*.sw[a-z] +*.bak +REVISION +TAGS* +tmtags +*_flymake.* +*_flymake +*.tmproj +.project +.settings +mkmf.log + +## COMPILED ## +############## +a.out +*.o +*.pyc +*.so +*.com +*.class +*.dll +*.exe +*/rdoc/ + +# Testing # +########### +.watchr +.rspec +spec/* +spec/fixtures/* +test/* +features/* +examples/* +Guardfile +Procfile +.kitchen* +kitchen.yml* +.rubocop.yml +spec/* +Rakefile +.travis.yml +.foodcritic +.codeclimate.yml + +# SCM # +####### +.git +*/.git +.gitignore +.gitmodules +.gitconfig +.gitattributes +.svn +*/.bzr/* +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Cookbooks # +############# +CONTRIBUTING* +CHANGELOG* +TESTING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/site-cookbooks/kosmos-ejabberd/files/pg.sql b/site-cookbooks/kosmos-ejabberd/files/pg.sql new file mode 100644 index 0000000..250a22d --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/files/pg.sql @@ -0,0 +1,454 @@ +-- +-- ejabberd, Copyright (C) 2002-2019 ProcessOne +-- +-- This program is free software; you can redistribute it and/or +-- modify it under the terms of the GNU General Public License as +-- published by the Free Software Foundation; either version 2 of the +-- License, or (at your option) any later version. +-- +-- This program is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +-- General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License along +-- with this program; if not, write to the Free Software Foundation, Inc., +-- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +-- + +CREATE TABLE users ( + username text PRIMARY KEY, + "password" text NOT NULL, + serverkey text NOT NULL DEFAULT '', + salt text NOT NULL DEFAULT '', + iterationcount integer NOT NULL DEFAULT 0, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +-- Add support for SCRAM auth to a database created before ejabberd 16.03: +-- ALTER TABLE users ADD COLUMN serverkey text NOT NULL DEFAULT ''; +-- ALTER TABLE users ADD COLUMN salt text NOT NULL DEFAULT ''; +-- ALTER TABLE users ADD COLUMN iterationcount integer NOT NULL DEFAULT 0; + +CREATE TABLE last ( + username text PRIMARY KEY, + seconds text NOT NULL, + state text NOT NULL +); + + +CREATE TABLE rosterusers ( + username text NOT NULL, + jid text NOT NULL, + nick text NOT NULL, + subscription character(1) NOT NULL, + ask character(1) NOT NULL, + askmessage text NOT NULL, + server character(1) NOT NULL, + subscribe text NOT NULL, + "type" text, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +CREATE UNIQUE INDEX i_rosteru_user_jid ON rosterusers USING btree (username, jid); +CREATE INDEX i_rosteru_username ON rosterusers USING btree (username); +CREATE INDEX i_rosteru_jid ON rosterusers USING btree (jid); + + +CREATE TABLE rostergroups ( + username text NOT NULL, + jid text NOT NULL, + grp text NOT NULL +); + +CREATE INDEX pk_rosterg_user_jid ON rostergroups USING btree (username, jid); + +CREATE TABLE sr_group ( + name text NOT NULL, + opts text NOT NULL, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +CREATE TABLE sr_user ( + jid text NOT NULL, + grp text NOT NULL, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +CREATE UNIQUE INDEX i_sr_user_jid_grp ON sr_user USING btree (jid, grp); +CREATE INDEX i_sr_user_jid ON sr_user USING btree (jid); +CREATE INDEX i_sr_user_grp ON sr_user USING btree (grp); + +CREATE TABLE spool ( + username text NOT NULL, + xml text NOT NULL, + seq SERIAL, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +CREATE INDEX i_despool ON spool USING btree (username); + +CREATE TABLE archive ( + username text NOT NULL, + timestamp BIGINT NOT NULL, + peer text NOT NULL, + bare_peer text NOT NULL, + xml text NOT NULL, + txt text, + id SERIAL, + kind text, + nick text, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +CREATE INDEX i_username_timestamp ON archive USING btree (username, timestamp); +CREATE INDEX i_username_peer ON archive USING btree (username, peer); +CREATE INDEX i_username_bare_peer ON archive USING btree (username, bare_peer); +CREATE INDEX i_timestamp ON archive USING btree (timestamp); + +CREATE TABLE archive_prefs ( + username text NOT NULL PRIMARY KEY, + def text NOT NULL, + always text NOT NULL, + never text NOT NULL, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +CREATE TABLE vcard ( + username text PRIMARY KEY, + vcard text NOT NULL, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +CREATE TABLE vcard_search ( + username text NOT NULL, + lusername text PRIMARY KEY, + fn text NOT NULL, + lfn text NOT NULL, + family text NOT NULL, + lfamily text NOT NULL, + given text NOT NULL, + lgiven text NOT NULL, + middle text NOT NULL, + lmiddle text NOT NULL, + nickname text NOT NULL, + lnickname text NOT NULL, + bday text NOT NULL, + lbday text NOT NULL, + ctry text NOT NULL, + lctry text NOT NULL, + locality text NOT NULL, + llocality text NOT NULL, + email text NOT NULL, + lemail text NOT NULL, + orgname text NOT NULL, + lorgname text NOT NULL, + orgunit text NOT NULL, + lorgunit text NOT NULL +); + +CREATE INDEX i_vcard_search_lfn ON vcard_search(lfn); +CREATE INDEX i_vcard_search_lfamily ON vcard_search(lfamily); +CREATE INDEX i_vcard_search_lgiven ON vcard_search(lgiven); +CREATE INDEX i_vcard_search_lmiddle ON vcard_search(lmiddle); +CREATE INDEX i_vcard_search_lnickname ON vcard_search(lnickname); +CREATE INDEX i_vcard_search_lbday ON vcard_search(lbday); +CREATE INDEX i_vcard_search_lctry ON vcard_search(lctry); +CREATE INDEX i_vcard_search_llocality ON vcard_search(llocality); +CREATE INDEX i_vcard_search_lemail ON vcard_search(lemail); +CREATE INDEX i_vcard_search_lorgname ON vcard_search(lorgname); +CREATE INDEX i_vcard_search_lorgunit ON vcard_search(lorgunit); + +CREATE TABLE privacy_default_list ( + username text PRIMARY KEY, + name text NOT NULL +); + +CREATE TABLE privacy_list ( + username text NOT NULL, + name text NOT NULL, + id SERIAL UNIQUE, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +CREATE INDEX i_privacy_list_username ON privacy_list USING btree (username); +CREATE UNIQUE INDEX i_privacy_list_username_name ON privacy_list USING btree (username, name); + +CREATE TABLE privacy_list_data ( + id bigint REFERENCES privacy_list(id) ON DELETE CASCADE, + t character(1) NOT NULL, + value text NOT NULL, + action character(1) NOT NULL, + ord NUMERIC NOT NULL, + match_all boolean NOT NULL, + match_iq boolean NOT NULL, + match_message boolean NOT NULL, + match_presence_in boolean NOT NULL, + match_presence_out boolean NOT NULL +); + +CREATE INDEX i_privacy_list_data_id ON privacy_list_data USING btree (id); + +CREATE TABLE private_storage ( + username text NOT NULL, + namespace text NOT NULL, + data text NOT NULL, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +CREATE INDEX i_private_storage_username ON private_storage USING btree (username); +CREATE UNIQUE INDEX i_private_storage_username_namespace ON private_storage USING btree (username, namespace); + + +CREATE TABLE roster_version ( + username text PRIMARY KEY, + version text NOT NULL +); + +-- To update from 0.9.8: +-- CREATE SEQUENCE spool_seq_seq; +-- ALTER TABLE spool ADD COLUMN seq integer; +-- ALTER TABLE spool ALTER COLUMN seq SET DEFAULT nextval('spool_seq_seq'); +-- UPDATE spool SET seq = DEFAULT; +-- ALTER TABLE spool ALTER COLUMN seq SET NOT NULL; + +-- To update from 1.x: +-- ALTER TABLE rosterusers ADD COLUMN askmessage text; +-- UPDATE rosterusers SET askmessage = ''; +-- ALTER TABLE rosterusers ALTER COLUMN askmessage SET NOT NULL; + +CREATE TABLE pubsub_node ( + host text NOT NULL, + node text NOT NULL, + parent text NOT NULL DEFAULT '', + plugin text NOT NULL, + nodeid SERIAL UNIQUE +); +CREATE INDEX i_pubsub_node_parent ON pubsub_node USING btree (parent); +CREATE UNIQUE INDEX i_pubsub_node_tuple ON pubsub_node USING btree (host, node); + +CREATE TABLE pubsub_node_option ( + nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE, + name text NOT NULL, + val text NOT NULL +); +CREATE INDEX i_pubsub_node_option_nodeid ON pubsub_node_option USING btree (nodeid); + +CREATE TABLE pubsub_node_owner ( + nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE, + owner text NOT NULL +); +CREATE INDEX i_pubsub_node_owner_nodeid ON pubsub_node_owner USING btree (nodeid); + +CREATE TABLE pubsub_state ( + nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE, + jid text NOT NULL, + affiliation character(1), + subscriptions text NOT NULL DEFAULT '', + stateid SERIAL UNIQUE +); +CREATE INDEX i_pubsub_state_jid ON pubsub_state USING btree (jid); +CREATE UNIQUE INDEX i_pubsub_state_tuple ON pubsub_state USING btree (nodeid, jid); + +CREATE TABLE pubsub_item ( + nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE, + itemid text NOT NULL, + publisher text NOT NULL, + creation varchar(32) NOT NULL, + modification varchar(32) NOT NULL, + payload text NOT NULL DEFAULT '' +); +CREATE INDEX i_pubsub_item_itemid ON pubsub_item USING btree (itemid); +CREATE UNIQUE INDEX i_pubsub_item_tuple ON pubsub_item USING btree (nodeid, itemid); + +CREATE TABLE pubsub_subscription_opt ( + subid text NOT NULL, + opt_name varchar(32), + opt_value text NOT NULL +); +CREATE UNIQUE INDEX i_pubsub_subscription_opt ON pubsub_subscription_opt USING btree (subid, opt_name); + +CREATE TABLE muc_room ( + name text NOT NULL, + host text NOT NULL, + opts text NOT NULL, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +CREATE UNIQUE INDEX i_muc_room_name_host ON muc_room USING btree (name, host); + +CREATE TABLE muc_registered ( + jid text NOT NULL, + host text NOT NULL, + nick text NOT NULL, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +CREATE INDEX i_muc_registered_nick ON muc_registered USING btree (nick); +CREATE UNIQUE INDEX i_muc_registered_jid_host ON muc_registered USING btree (jid, host); + +CREATE TABLE muc_online_room ( + name text NOT NULL, + host text NOT NULL, + node text NOT NULL, + pid text NOT NULL +); + +CREATE UNIQUE INDEX i_muc_online_room_name_host ON muc_online_room USING btree (name, host); + +CREATE TABLE muc_online_users ( + username text NOT NULL, + server text NOT NULL, + resource text NOT NULL, + name text NOT NULL, + host text NOT NULL, + node text NOT NULL +); + +CREATE UNIQUE INDEX i_muc_online_users ON muc_online_users USING btree (username, server, resource, name, host); +CREATE INDEX i_muc_online_users_us ON muc_online_users USING btree (username, server); + +CREATE TABLE muc_room_subscribers ( + room text NOT NULL, + host text NOT NULL, + jid text NOT NULL, + nick text NOT NULL, + nodes text NOT NULL, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +CREATE INDEX i_muc_room_subscribers_host_jid ON muc_room_subscribers USING btree (host, jid); +CREATE UNIQUE INDEX i_muc_room_subscribers_host_room_jid ON muc_room_subscribers USING btree (host, room, jid); + +CREATE TABLE motd ( + username text PRIMARY KEY, + xml text, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +CREATE TABLE caps_features ( + node text NOT NULL, + subnode text NOT NULL, + feature text, + created_at TIMESTAMP NOT NULL DEFAULT now() +); + +CREATE INDEX i_caps_features_node_subnode ON caps_features USING btree (node, subnode); + +CREATE TABLE sm ( + usec bigint NOT NULL, + pid text NOT NULL, + node text NOT NULL, + username text NOT NULL, + resource text NOT NULL, + priority text NOT NULL, + info text NOT NULL +); + +CREATE UNIQUE INDEX i_sm_sid ON sm USING btree (usec, pid); +CREATE INDEX i_sm_node ON sm USING btree (node); +CREATE INDEX i_sm_username ON sm USING btree (username); + +CREATE TABLE oauth_token ( + token text NOT NULL, + jid text NOT NULL, + scope text NOT NULL, + expire bigint NOT NULL +); + +CREATE UNIQUE INDEX i_oauth_token_token ON oauth_token USING btree (token); + +CREATE TABLE route ( + domain text NOT NULL, + server_host text NOT NULL, + node text NOT NULL, + pid text NOT NULL, + local_hint text NOT NULL +); + +CREATE UNIQUE INDEX i_route ON route USING btree (domain, server_host, node, pid); +CREATE INDEX i_route_domain ON route USING btree (domain); + +CREATE TABLE bosh ( + sid text NOT NULL, + node text NOT NULL, + pid text NOT NULL +); + +CREATE UNIQUE INDEX i_bosh_sid ON bosh USING btree (sid); + +CREATE TABLE proxy65 ( + sid text NOT NULL, + pid_t text NOT NULL, + pid_i text NOT NULL, + node_t text NOT NULL, + node_i text NOT NULL, + jid_i text NOT NULL +); + +CREATE UNIQUE INDEX i_proxy65_sid ON proxy65 USING btree (sid); +CREATE INDEX i_proxy65_jid ON proxy65 USING btree (jid_i); + +CREATE TABLE push_session ( + username text NOT NULL, + timestamp bigint NOT NULL, + service text NOT NULL, + node text NOT NULL, + xml text NOT NULL +); + +CREATE UNIQUE INDEX i_push_usn ON push_session USING btree (username, service, node); +CREATE UNIQUE INDEX i_push_ut ON push_session USING btree (username, timestamp); + +CREATE TABLE mix_channel ( + channel text NOT NULL, + service text NOT NULL, + username text NOT NULL, + domain text NOT NULL, + jid text NOT NULL, + hidden boolean NOT NULL, + hmac_key text NOT NULL, + created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +CREATE UNIQUE INDEX i_mix_channel ON mix_channel (channel, service); +CREATE INDEX i_mix_channel_serv ON mix_channel (service); + +CREATE TABLE mix_participant ( + channel text NOT NULL, + service text NOT NULL, + username text NOT NULL, + domain text NOT NULL, + jid text NOT NULL, + id text NOT NULL, + nick text NOT NULL, + created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +CREATE UNIQUE INDEX i_mix_participant ON mix_participant (channel, service, username, domain); +CREATE INDEX i_mix_participant_chan_serv ON mix_participant (channel, service); + +CREATE TABLE mix_subscription ( + channel text NOT NULL, + service text NOT NULL, + username text NOT NULL, + domain text NOT NULL, + node text NOT NULL, + jid text NOT NULL +); + +CREATE UNIQUE INDEX i_mix_subscription ON mix_subscription (channel, service, username, domain, node); +CREATE INDEX i_mix_subscription_chan_serv_ud ON mix_subscription (channel, service, username, domain); +CREATE INDEX i_mix_subscription_chan_serv_node ON mix_subscription (channel, service, node); +CREATE INDEX i_mix_subscription_chan_serv ON mix_subscription (channel, service); + +CREATE TABLE mix_pam ( + username text NOT NULL, + channel text NOT NULL, + service text NOT NULL, + id text NOT NULL, + created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +CREATE UNIQUE INDEX i_mix_pam ON mix_pam (username, channel, service); +CREATE INDEX i_mix_pam_us ON mix_pam (username); diff --git a/site-cookbooks/kosmos-ejabberd/metadata.rb b/site-cookbooks/kosmos-ejabberd/metadata.rb new file mode 100644 index 0000000..bbd1886 --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/metadata.rb @@ -0,0 +1,25 @@ +name 'kosmos-ejabberd' +maintainer 'Kosmos' +maintainer_email 'ops@kosmos.org' +license 'MIT' +description 'Installs/Configures kosmos-ejabberd' +long_description 'Installs/Configures kosmos-ejabberd' +version '0.1.0' +chef_version '>= 12.14' if respond_to?(:chef_version) + +# The `issues_url` points to the location where issues for this cookbook are +# tracked. A `View Issues` link will be displayed on this cookbook's page when +# uploaded to a Supermarket. +# +# issues_url 'https://github.com//kosmos-ejabberd/issues' + +# The `source_url` points to the development repository for this cookbook. A +# `View Source` link will be displayed on this cookbook's page when uploaded to +# a Supermarket. +# +# source_url 'https://github.com//kosmos-ejabberd' + +depends "kosmos-postgresql" +depends "kosmos-base" +depends "backup" +depends "firewall" diff --git a/site-cookbooks/kosmos-ejabberd/recipes/backup.rb b/site-cookbooks/kosmos-ejabberd/recipes/backup.rb new file mode 100644 index 0000000..57fb43a --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/recipes/backup.rb @@ -0,0 +1,45 @@ +# +# Cookbook:: kosmos-ejabberd +# Recipe:: backup +# +# The MIT License (MIT) +# +# Copyright:: 2019, Kosmos Developers +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +postgresql_data_bag_item = data_bag_item('credentials', 'postgresql') + +unless node.chef_environment == "development" + # backup the data dir and the config files + node.override["backup"]["archives"]["ejabberd"] = ["/opt/ejabberd", "/var/www/xmpp.kosmos.org", "/var/www/xmpp.5apps.com"] + unless node["backup"]["postgresql"]["databases"].keys.include? "ejabberd" + node.override["backup"]["postgresql"]["databases"]["ejabberd"] = { + username: "ejabberd", + password: postgresql_data_bag_item['ejabberd_user_password'] + } + end + unless node["backup"]["postgresql"]["databases"].keys.include? "ejabberd_5apps" + node.override["backup"]["postgresql"]["databases"]["ejabberd_5apps"] = { + username: "ejabberd", + password: postgresql_data_bag_item['ejabberd_user_password'] + } + end + include_recipe "backup" +end diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb new file mode 100644 index 0000000..37bdf96 --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb @@ -0,0 +1,129 @@ +# +# Cookbook:: kosmos-ejabberd +# Recipe:: default +# +# The MIT License (MIT) +# +# Copyright:: 2019, Kosmos Developers +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +include_recipe "kosmos-postgresql" + +cookbook_file "#{Chef::Config[:file_cache_path]}/pg.sql" do + source "pg.sql" + mode "0664" +end + +ejabberd_version = node["kosmos-ejabberd"]["version"] +package_checksum = node["kosmos-ejabberd"]["checksum"] +package_path = "#{Chef::Config['file_cache_path']}/ejabberd_#{ejabberd_version}-0_amd64.deb" + +remote_file package_path do + source "https://www.process-one.net/downloads/downloads-action.php?file=/ejabberd/#{ejabberd_version}/ejabberd_#{ejabberd_version}-0_amd64.deb" + checksum package_checksum + notifies :install, "dpkg_package[ejabberd]", :immediately +end + +dpkg_package "ejabberd" do + source package_path + version "#{ejabberd_version}-0" + action :nothing + notifies :create, "file[/lib/systemd/system/ejabberd.service]", :immediately +end + +postgresql_data_bag_item = data_bag_item('credentials', 'postgresql') + +postgresql_user 'ejabberd' do + action :create + password postgresql_data_bag_item['ejabberd_user_password'] +end + +postgresql_database 'ejabberd' do + owner 'ejabberd' + action :create + notifies :run, "execute[create db schema ejabberd]", :delayed +end + +postgresql_database 'ejabberd_5apps' do + owner 'ejabberd' + action :create + notifies :run, "execute[create db schema ejabberd_5apps]", :delayed +end + +execute "create db schema ejabberd" do + user "ejabberd" + command "psql ejabberd < #{Chef::Config[:file_cache_path]}/pg.sql" + action :nothing +end + +execute "create db schema ejabberd_5apps" do + user "ejabberd" + command "psql ejabberd_5apps < #{Chef::Config[:file_cache_path]}/pg.sql" + action :nothing +end + +template "/opt/ejabberd/conf/ejabberd.yml" do + source "ejabberd.yml.erb" + mode 0640 + sensitive true + variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password'] + notifies :run, "execute[ejabberdctl reload_config]", :delayed +end + +execute "ejabberdctl reload_config" do + command "/opt/ejabberd-#{ejabberd_version}/bin/ejabberdctl reload_config" + action :nothing +end + +file "/etc/init.d/ejabberd" do + action :delete +end + +# Copy the systemd service file +file "/lib/systemd/system/ejabberd.service" do + content lazy { IO.read("/opt/ejabberd-#{ejabberd_version}/bin/ejabberd.service") } + action :nothing + notifies :run, "execute[systemctl daemon-reload]", :immediately + notifies :restart, "service[ejabberd]", :delayed +end + +execute "systemctl daemon-reload" do + command "systemctl daemon-reload" + action :nothing +end + +directory "/var/www/xmpp.kosmos.org/uploads" do + owner "ejabberd" + group "ejabberd" + mode 0750 + recursive true +end + +service "ejabberd" do + action [:enable, :start] +end + +unless node.chef_environment == "development" + firewall_rule 'ejabberd' do + port [5222, 5223, 5269, 5280, 5443] + protocol :tcp + command :allow + end +end diff --git a/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb b/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb new file mode 100644 index 0000000..d4cbd00 --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb @@ -0,0 +1,73 @@ +# +# Cookbook:: kosmos-ejabberd +# Recipe:: letsencrypt +# +# The MIT License (MIT) +# +# Copyright:: 2019, Kosmos Developers +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +include_recipe "kosmos-base::letsencrypt" + +ejabberd_post_hook = <<-EOF +#!/usr/bin/env bash + +set -e + +# Copy the ejabberd certificate and restart the server if it has been renewed +# This is necessary because the ejabberd user doesn't have access to the +# letsencrypt live folder +for domain in $RENEWED_DOMAINS; do + case $domain in + kosmos.org|5apps.com) + cp "${RENEWED_LINEAGE}/privkey.pem" /opt/ejabberd/conf/$domain.key + cp "${RENEWED_LINEAGE}/fullchain.pem" /opt/ejabberd/conf/$domain.crt + chown ejabberd:ejabberd /opt/ejabberd/conf/$domain.* + chmod 600 /opt/ejabberd/conf/$domain.* + /opt/ejabberd-#{node["kosmos-ejabberd"]["version"]}/bin/ejabberdctl reload_config + ;; + esac +done +EOF + +file "/etc/letsencrypt/renewal-hooks/post/ejabberd" do + content ejabberd_post_hook + mode 0755 + owner "root" + group "root" +end + +# Generate a Let's Encrypt cert (only if no cert has been generated before). +# The systemd timer will take care of renewing +execute "letsencrypt cert for kosmos xmpp" do + command "/usr/bin/certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@kosmos.org -d kosmos.org -d chat.kosmos.org -d xmpp.kosmos.org -n" + not_if do + File.exist?("/etc/letsencrypt/live/kosmos.org/fullchain.pem") + end +end + +# Generate a Let's Encrypt cert (only if no cert has been generated before). +# The systemd timer will take care of renewing +execute "letsencrypt cert for 5apps xmpp" do + command "/usr/bin/certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@5apps.com -d 5apps.com -d muc.5apps.com -d xmpp.5apps.com -n" + not_if do + File.exist?("/etc/letsencrypt/live/5apps.com/fullchain.pem") + end +end diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb new file mode 100644 index 0000000..7671a07 --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb @@ -0,0 +1,294 @@ +loglevel: 4 + +log_rotate_size: 10485760 +log_rotate_date: "" +log_rotate_count: 1 + +log_rate_limit: 100 + +hosts: + - "kosmos.org" + - "5apps.com" + +host_config: + "kosmos.org": + sql_type: pgsql + sql_server: "localhost" + sql_database: "ejabberd" + sql_username: "ejabberd" + sql_password: "<%= @pgsql_password %>" + "5apps.com": + sql_type: pgsql + sql_server: "localhost" + sql_database: "ejabberd_5apps" + sql_username: "ejabberd" + sql_password: "<%= @pgsql_password %>" + +<% if (File.exist?("/opt/ejabberd/conf/kosmos.org.crt") && File.exist?("/opt/ejabberd/conf/kosmos.org.key")) || + (File.exist?("/opt/ejabberd/conf/5apps.com.crt") && File.exist?("/opt/ejabberd/conf/5apps.com.key")) -%> +certfiles: +<% if File.exist?("/opt/ejabberd/conf/kosmos.org.crt") && File.exist?("/opt/ejabberd/conf/kosmos.org.key") -%> + - "/opt/ejabberd/conf/kosmos.org.crt" + - "/opt/ejabberd/conf/kosmos.org.key" +<% end -%> +<% if File.exist?("/opt/ejabberd/conf/5apps.com.crt") && File.exist?("/opt/ejabberd/conf/5apps.com.key") -%> + - "/opt/ejabberd/conf/5apps.com.crt" + - "/opt/ejabberd/conf/5apps.com.key" +<% end -%> +<% end -%> + +ca_file: "/opt/ejabberd/conf/cacert.pem" + +define_macro: + 'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH" + 'TLS_OPTIONS': + - "no_sslv3" + - "cipher_server_preference" + - "no_compression" + 'DH_FILE': "/opt/ejabberd/conf/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048 + +c2s_dhfile: 'DH_FILE' +s2s_dhfile: 'DH_FILE' +c2s_ciphers: 'TLS_CIPHERS' +s2s_ciphers: 'TLS_CIPHERS' +c2s_protocol_options: 'TLS_OPTIONS' +s2s_protocol_options: 'TLS_OPTIONS' + +listen: + - + port: 5222 + ip: "::" + module: ejabberd_c2s + starttls: true + max_stanza_size: 65536 + shaper: c2s_shaper + access: c2s + - + port: 5223 + ip: "::" + module: ejabberd_c2s + tls: true + max_stanza_size: 65536 + shaper: c2s_shaper + access: c2s + - + port: 5269 + ip: "::" + module: ejabberd_s2s_in + max_stanza_size: 131072 + shaper: s2s_shaper + - + port: 5443 + ip: "::" + module: ejabberd_http + request_handlers: + "/ws": ejabberd_http_ws + "/bosh": mod_bosh + "/api": mod_http_api + "/upload": mod_http_upload + custom_headers: + "Access-Control-Allow-Origin": "*" + "Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT" + "Access-Control-Allow-Headers": "Authorization" + "Access-Control-Allow-Credentials": "true" + tls: true + ## "/pub/archive": mod_http_fileserver + web_admin: true + ## register: true + captcha: false + +s2s_use_starttls: optional + +auth_password_format: scram +auth_method: sql + +default_db: sql + +shaper: + normal: 1000 + fast: 50000 + +max_fsm_queue: 10000 + +acl: + admin: + user: + - "greg@5apps.com" + - "sebastian@5apps.com" + - "garret@5apps.com" + - "raucao@kosmos.org" + - "greg@kosmos.org" + - "galfert@kosmos.org" + + local: + user_regexp: "" + + loopback: + ip: + - "127.0.0.0/8" + - "::1/128" + - "::FFFF:127.0.0.1/128" + +shaper_rules: + max_user_sessions: 10 + max_user_offline_messages: + - 5000: admin + - 100 + c2s_shaper: + - none: admin + - normal + s2s_shaper: fast + +access_rules: + local: + - allow: local + c2s: + - deny: blocked + - allow + announce: + - allow: admin + configure: + - allow: admin + muc_create: + - allow: admin + - allow: local + pubsub_createnode: + - allow: local + register: + - allow + trusted_network: + - allow: loopback + +api_permissions: + "console commands": + from: + - ejabberd_ctl + who: all + what: "*" + "admin access": + who: + - access: + - allow: + - acl: loopback + - acl: admin + - oauth: + - scope: "ejabberd:admin" + - access: + - allow: + - acl: loopback + - acl: admin + what: + - "*" + - "!stop" + - "!start" + "public commands": + who: + - ip: "127.0.0.1/8" + what: + - "status" + - "connected_users_number" + +language: "en" + +modules: + mod_adhoc: {} + mod_admin_extra: {} + mod_announce: # recommends mod_adhoc + access: announce + mod_blocking: {} # requires mod_privacy + mod_caps: {} + mod_carboncopy: {} + mod_client_state: {} + mod_configure: {} # requires mod_adhoc + mod_disco: + server_info: + - + modules: all + name: "abuse-addresses" + urls: ["mailto:abuse@@HOST@"] + mod_bosh: {} + mod_http_upload: + docroot: "/var/www/xmpp.@HOST@/uploads/" + put_url: "https://xmpp.@HOST@:5443/upload" + thumbnail: false # otherwise needs the identify command from ImageMagick installed + mod_last: {} + mod_mam: + default: always + request_activates_archiving: true + mod_muc_admin: {} + mod_offline: + access_max_user_messages: max_user_offline_messages + mod_ping: {} + mod_privacy: {} + mod_private: {} + mod_proxy65: {} + mod_pubsub: + access_createnode: pubsub_createnode + ignore_pep_from_offline: false + last_item_cache: false + max_items_node: 10 + plugins: + - "flat" + - "pep" # pep requires mod_caps + mod_push: {} + mod_push_keepalive: {} + mod_register: + welcome_message: + subject: "Welcome!" + body: |- + Hi. + Welcome to this XMPP server. + ip_access: trusted_network + access: register + mod_roster: + versioning: true + store_current_id: true + mod_shared_roster: {} + mod_vcard: + search: false + mod_vcard_xupdate: {} + mod_avatar: {} + mod_version: {} + mod_stream_mgmt: {} + mod_s2s_dialback: {} + mod_http_api: {} + +append_host_config: + "5apps.com": + modules: + mod_muc: + host: "muc.@HOST@" + access: + - allow: local + access_admin: + - allow: admin + access_create: muc_create + access_persistent: muc_create + max_user_conferences: 1000 + default_room_options: + anonymous: false + public: true + members_only: true + public_list: false + persistent: true + mam: true + "kosmos.org": + modules: + mod_muc: + host: "chat.@HOST@" + access: + - allow + access_admin: + - allow: admin + access_create: muc_create + access_persistent: muc_create + max_user_conferences: 1000 + default_room_options: + mam: true + +allow_contrib_modules: true + +### Local Variables: +### mode: yaml +### End: +### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker: diff --git a/site-cookbooks/kosmos-ejabberd/test/integration/default/serverspec/default_spec.rb b/site-cookbooks/kosmos-ejabberd/test/integration/default/serverspec/default_spec.rb new file mode 100644 index 0000000..703630b --- /dev/null +++ b/site-cookbooks/kosmos-ejabberd/test/integration/default/serverspec/default_spec.rb @@ -0,0 +1,23 @@ +require 'serverspec' + +# Required by serverspec +set :backend, :exec + +describe 'ejabberd' do + describe package('ejabberd') do + it { should be_installed } + end + + it 'is listening on port 5222 (client-to-server)' do + expect(port(5222)).to be_listening + end + + it 'is listening on port 5269 (server-to-server)' do + expect(port(5269)).to be_listening + end + + it 'runs the ejabberd service' do + expect(service('ejabberd')).to be_running + expect(service('ejabberd')).to be_enabled + end +end diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb index a9c866f..99bd11d 100644 --- a/site-cookbooks/kosmos-mastodon/recipes/default.rb +++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb @@ -209,17 +209,11 @@ end # unless node.chef_environment == "development" - node.override["backup"]["postgresql"]["host"] = "localhost" - unless platform?('ubuntu') && node[:platform_version].to_f < 18.04 - node.override["backup"]["postgresql"]["username"] = "mastodon" - node.override["backup"]["postgresql"]["password"] = postgresql_data_bag_item['mastodon_user_password'] - else - node.override["backup"]["postgresql"]["username"] = "postgres" - node.override["backup"]["postgresql"]["password"] = node['postgresql']['password']['postgres'] - end - unless node["backup"]["postgresql"]["databases"].include? 'mastodon' - node.override["backup"]["postgresql"]["databases"] = - node["backup"]["postgresql"]["databases"].to_a << "mastodon" + unless node["backup"]["postgresql"]["databases"].keys.include? 'mastodon' + node.override["backup"]["postgresql"]["databases"]["mastodon"] = { + username: "mastodon", + password: postgresql_data_bag_item['mastodon_user_password'] + } end include_recipe "backup"