Merge branch 'feature/7-ejabberd_rebased_2' of kosmos/chef into master

data_bags/credentials/postgresql.json

@@ -1,23 +1,23 @@
 {
   "id": "postgresql",
   "ejabberd_user_password": {
-    "encrypted_data": "OTwgFCOLHgoFLsdcHs1U04sJf7ZzVepeDwlNmPMtO8FtyzpfySY9\n",
+    "encrypted_data": "s31aNIv9ZTlU8cVXMDUB79Iv+EozZS1NSZVU5ey9xpBf2WYohpSqni/5Wg==\n",
-    "iv": "k9wX2WEsJyJn+OYs\n",
+    "iv": "a3LWKNYmUZfSMc1Y\n",
-    "auth_tag": "fL/HNcno/MuWE+yQOFCC3g==\n",
+    "auth_tag": "3P+WFcDw/R1d983g7YoFUw==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "server_password": {
-    "encrypted_data": "4Y87daXYAxzfYxRIkR8b+DLOp4+dYJnc91hN22iWmOfO3umv8wZU\n",
+    "encrypted_data": "w7zghEF+DjUhS59cze+qviqDcy8mQpIgW6olHabas1IH4t0z+IQ7\n",
-    "iv": "LDeMAKUEIq9oe2Zu\n",
+    "iv": "ppqOzJGczWtwGRnX\n",
-    "auth_tag": "uVaRO+t/KSFebrEB6wp+yQ==\n",
+    "auth_tag": "2Lhqw7Rhm35HcltsDtaJIw==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "mastodon_user_password": {
-    "encrypted_data": "s/XxLUwjZsJ/XidEVi50oePBR4OQ0z/3czs9uOcw1fA1c6qqEzb98iHXpw==\n",
+    "encrypted_data": "84UPPmtNh/5MH6u4svMPhRHBGK1GFnP4G2tk/a+wQLNxSB8FlDsTuqSC2A==\n",
-    "iv": "pKvwLeC05f7P+cke\n",
+    "iv": "UBl2ILWCc2WKcN6d\n",
-    "auth_tag": "/yHUD+RSCMhLhrnQJAZqrw==\n",
+    "auth_tag": "NF/xcK0tmvbBo1dDFhOf7w==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   }

nodes/andromeda.kosmos.org.json

@@ -3,11 +3,13 @@
     "role[base]",
     "kosmos-base::andromeda_firewall",
     "role[ipfs_cluster_with_tls]",
+    "kosmos-postgresql",
     "kosmos-mediawiki",
     "sockethub",
     "sockethub::proxy",
     "kosmos-btcpayserver::proxy",
-    "role[mastodon]"
+    "role[mastodon]",
+    "role[ejabberd]"
   ],
   "automatic": {
     "ipaddress": "andromeda.kosmos.org"

roles/ejabberd.rb

@@ -0,0 +1,7 @@
+name "ejabberd"
+
+run_list %w(
+  kosmos-ejabberd::default
+  kosmos-ejabberd::letsencrypt
+  kosmos-ejabberd::backup
+)

site-cookbooks/backup/attributes/default.rb

@@ -27,7 +27,8 @@ default["backup"]["mysql"]["username"]  = "root"
 default["backup"]["mysql"]["host"]      = "localhost"
 
 # PostgreSQL default settings
-default["backup"]["postgresql"]["databases"] = []
+default["backup"]["postgresql"]["databases"] = {}
+default["backup"]["postgresql"]["username"]  = "postgres"
 default["backup"]["postgresql"]["host"]      = "localhost"
 default["backup"]["postgresql"]["port"]      = 5432
 

site-cookbooks/backup/templates/default/backup.rb.erb

@@ -17,9 +17,14 @@ KosmosBackup.new(:default, 'default backup') do
 <%- end -%>
 
 <%- if node["backup"]["postgresql"] -%>
-<%- node["backup"]["postgresql"]["databases"].each do |db_name| -%>
+<%- node["backup"]["postgresql"]["databases"].each do |db_name, h| -%>
-  database PostgreSQL, :"<%= db_name.to_sym %>" do |db|
+  database PostgreSQL, :"<%= db_name %>" do |db|
     db.name = "<%= db_name %>"
+    <%- unless h.nil? -%>
+    <%- h.each do |k, v| -%>
+    db.<%= k %> = "<%= v %>"
+    <%- end -%>
+    <%- end -%>
   end
 <%- end -%>
 <%- end -%>

site-cookbooks/kosmos-base/recipes/andromeda_firewall.rb

@@ -26,12 +26,6 @@
 
 # Temporary extra rules for Andromeda
 
-firewall_rule 'ejabberd' do
-  port     [5222, 5269, 5280, 5443]
-  protocol :tcp
-  command  :allow
-end
-
 firewall_rule 'bitcoind' do
   port     [8333, 8334, 8335]
   protocol :tcp

site-cookbooks/kosmos-ejabberd/.delivery/project.toml

@@ -0,0 +1 @@
+remote_file = "https://raw.githubusercontent.com/chef-cookbooks/community_cookbook_tools/master/delivery/project.toml"

site-cookbooks/kosmos-ejabberd/.gitignore

@@ -0,0 +1,22 @@
+.vagrant
+*~
+*#
+.#*
+\#*#
+.*.sw[a-z]
+*.un~
+
+# Bundler
+Gemfile.lock
+gems.locked
+bin/*
+.bundle/*
+
+# test kitchen
+.kitchen/
+.kitchen.local.yml
+
+# Chef
+Berksfile.lock
+.zero-knife.rb
+Policyfile.lock.json

site-cookbooks/kosmos-ejabberd/.kitchen.yml

@@ -0,0 +1,23 @@
+---
+driver:
+  name: vagrant
+
+provisioner:
+  name: chef_zero
+  # You may wish to disable always updating cookbooks in CI or other testing environments.
+  # For example:
+  #   always_update_cookbooks: <%= !ENV['CI'] %>
+  always_update_cookbooks: true
+
+verifier:
+  name: inspec
+
+platforms:
+  - name: ubuntu-16.04
+  - name: ubuntu-18.04
+
+suites:
+  - name: default
+    run_list:
+      - recipe[kosmos-ejabberd::default]
+    attributes:

site-cookbooks/kosmos-ejabberd/Berksfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+source 'https://supermarket.chef.io'
+source chef_repo: ".."
+
+cookbook "kosmos-postgresql", path: "../kosmos-postgresql"
+metadata

site-cookbooks/kosmos-ejabberd/CHANGELOG.md

@@ -0,0 +1,11 @@
+# kosmos-ejabberd CHANGELOG
+
+This file is used to list changes made in each version of the kosmos-ejabberd cookbook.
+
+# 0.1.0
+
+Initial release.
+
+- change 0
+- change 1
+

site-cookbooks/kosmos-ejabberd/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2019 Kosmos Developers
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

site-cookbooks/kosmos-ejabberd/README.md

@@ -0,0 +1,4 @@
+# kosmos-ejabberd
+
+Sets up ejabberd with vhosts for kosmos.org (public server) and 5apps.com
+(private server).

site-cookbooks/kosmos-ejabberd/attributes/default.rb

@@ -0,0 +1,2 @@
+node.default["kosmos-ejabberd"]["version"] = "19.02"
+node.default["kosmos-ejabberd"]["checksum"] = "aea550c58e61eab04ca9beb8896d8b04f4a79321c21dee160a67ad6787236f51"

site-cookbooks/kosmos-ejabberd/chefignore

@@ -0,0 +1,104 @@
+# Put files/directories that should be ignored in this file when uploading
+# to a chef-server or supermarket.
+# Lines that start with '# ' are comments.
+
+# OS generated files #
+######################
+.DS_Store
+Icon?
+nohup.out
+ehthumbs.db
+Thumbs.db
+
+# SASS #
+########
+.sass-cache
+
+# EDITORS #
+###########
+\#*
+.#*
+*~
+*.sw[a-z]
+*.bak
+REVISION
+TAGS*
+tmtags
+*_flymake.*
+*_flymake
+*.tmproj
+.project
+.settings
+mkmf.log
+
+## COMPILED ##
+##############
+a.out
+*.o
+*.pyc
+*.so
+*.com
+*.class
+*.dll
+*.exe
+*/rdoc/
+
+# Testing #
+###########
+.watchr
+.rspec
+spec/*
+spec/fixtures/*
+test/*
+features/*
+examples/*
+Guardfile
+Procfile
+.kitchen*
+kitchen.yml*
+.rubocop.yml
+spec/*
+Rakefile
+.travis.yml
+.foodcritic
+.codeclimate.yml
+
+# SCM #
+#######
+.git
+*/.git
+.gitignore
+.gitmodules
+.gitconfig
+.gitattributes
+.svn
+*/.bzr/*
+*/.hg/*
+*/.svn/*
+
+# Berkshelf #
+#############
+Berksfile
+Berksfile.lock
+cookbooks/*
+tmp
+
+# Bundler #
+###########
+vendor/*
+
+# Policyfile #
+##############
+Policyfile.rb
+Policyfile.lock.json
+
+# Cookbooks #
+#############
+CONTRIBUTING*
+CHANGELOG*
+TESTING*
+
+# Vagrant #
+###########
+.vagrant
+Vagrantfile

site-cookbooks/kosmos-ejabberd/files/pg.sql

@@ -0,0 +1,454 @@
+--
+-- ejabberd, Copyright (C) 2002-2019   ProcessOne
+--
+-- This program is free software; you can redistribute it and/or
+-- modify it under the terms of the GNU General Public License as
+-- published by the Free Software Foundation; either version 2 of the
+-- License, or (at your option) any later version.
+--
+-- This program is distributed in the hope that it will be useful,
+-- but WITHOUT ANY WARRANTY; without even the implied warranty of
+-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+-- General Public License for more details.
+--
+-- You should have received a copy of the GNU General Public License along
+-- with this program; if not, write to the Free Software Foundation, Inc.,
+-- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+--
+
+CREATE TABLE users (
+    username text PRIMARY KEY,
+    "password" text NOT NULL,
+    serverkey text NOT NULL DEFAULT '',
+    salt text NOT NULL DEFAULT '',
+    iterationcount integer NOT NULL DEFAULT 0,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+-- Add support for SCRAM auth to a database created before ejabberd 16.03:
+-- ALTER TABLE users ADD COLUMN serverkey text NOT NULL DEFAULT '';
+-- ALTER TABLE users ADD COLUMN salt text NOT NULL DEFAULT '';
+-- ALTER TABLE users ADD COLUMN iterationcount integer NOT NULL DEFAULT 0;
+
+CREATE TABLE last (
+    username text PRIMARY KEY,
+    seconds text NOT NULL,
+    state text NOT NULL
+);
+
+
+CREATE TABLE rosterusers (
+    username text NOT NULL,
+    jid text NOT NULL,
+    nick text NOT NULL,
+    subscription character(1) NOT NULL,
+    ask character(1) NOT NULL,
+    askmessage text NOT NULL,
+    server character(1) NOT NULL,
+    subscribe text NOT NULL,
+    "type" text,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE UNIQUE INDEX i_rosteru_user_jid ON rosterusers USING btree (username, jid);
+CREATE INDEX i_rosteru_username ON rosterusers USING btree (username);
+CREATE INDEX i_rosteru_jid ON rosterusers USING btree (jid);
+
+
+CREATE TABLE rostergroups (
+    username text NOT NULL,
+    jid text NOT NULL,
+    grp text NOT NULL
+);
+
+CREATE INDEX pk_rosterg_user_jid ON rostergroups USING btree (username, jid);
+
+CREATE TABLE sr_group (
+    name text NOT NULL,
+    opts text NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE TABLE sr_user (
+    jid text NOT NULL,
+    grp text NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE UNIQUE INDEX i_sr_user_jid_grp ON sr_user USING btree (jid, grp);
+CREATE INDEX i_sr_user_jid ON sr_user USING btree (jid);
+CREATE INDEX i_sr_user_grp ON sr_user USING btree (grp);
+
+CREATE TABLE spool (
+    username text NOT NULL,
+    xml text NOT NULL,
+    seq SERIAL,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE INDEX i_despool ON spool USING btree (username);
+
+CREATE TABLE archive (
+    username text NOT NULL,
+    timestamp BIGINT NOT NULL,
+    peer text NOT NULL,
+    bare_peer text NOT NULL,
+    xml text NOT NULL,
+    txt text,
+    id SERIAL,
+    kind text,
+    nick text,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE INDEX i_username_timestamp ON archive USING btree (username, timestamp);
+CREATE INDEX i_username_peer ON archive USING btree (username, peer);
+CREATE INDEX i_username_bare_peer ON archive USING btree (username, bare_peer);
+CREATE INDEX i_timestamp ON archive USING btree (timestamp);
+
+CREATE TABLE archive_prefs (
+    username text NOT NULL PRIMARY KEY,
+    def text NOT NULL,
+    always text NOT NULL,
+    never text NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE TABLE vcard (
+    username text PRIMARY KEY,
+    vcard text NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE TABLE vcard_search (
+    username text NOT NULL,
+    lusername text PRIMARY KEY,
+    fn text NOT NULL,
+    lfn text NOT NULL,
+    family text NOT NULL,
+    lfamily text NOT NULL,
+    given text NOT NULL,
+    lgiven text NOT NULL,
+    middle text NOT NULL,
+    lmiddle text NOT NULL,
+    nickname text NOT NULL,
+    lnickname text NOT NULL,
+    bday text NOT NULL,
+    lbday text NOT NULL,
+    ctry text NOT NULL,
+    lctry text NOT NULL,
+    locality text NOT NULL,
+    llocality text NOT NULL,
+    email text NOT NULL,
+    lemail text NOT NULL,
+    orgname text NOT NULL,
+    lorgname text NOT NULL,
+    orgunit text NOT NULL,
+    lorgunit text NOT NULL
+);
+
+CREATE INDEX i_vcard_search_lfn       ON vcard_search(lfn);
+CREATE INDEX i_vcard_search_lfamily   ON vcard_search(lfamily);
+CREATE INDEX i_vcard_search_lgiven    ON vcard_search(lgiven);
+CREATE INDEX i_vcard_search_lmiddle   ON vcard_search(lmiddle);
+CREATE INDEX i_vcard_search_lnickname ON vcard_search(lnickname);
+CREATE INDEX i_vcard_search_lbday     ON vcard_search(lbday);
+CREATE INDEX i_vcard_search_lctry     ON vcard_search(lctry);
+CREATE INDEX i_vcard_search_llocality ON vcard_search(llocality);
+CREATE INDEX i_vcard_search_lemail    ON vcard_search(lemail);
+CREATE INDEX i_vcard_search_lorgname  ON vcard_search(lorgname);
+CREATE INDEX i_vcard_search_lorgunit  ON vcard_search(lorgunit);
+
+CREATE TABLE privacy_default_list (
+    username text PRIMARY KEY,
+    name text NOT NULL
+);
+
+CREATE TABLE privacy_list (
+    username text NOT NULL,
+    name text NOT NULL,
+    id SERIAL UNIQUE,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE INDEX i_privacy_list_username ON privacy_list USING btree (username);
+CREATE UNIQUE INDEX i_privacy_list_username_name ON privacy_list USING btree (username, name);
+
+CREATE TABLE privacy_list_data (
+    id bigint REFERENCES privacy_list(id) ON DELETE CASCADE,
+    t character(1) NOT NULL,
+    value text NOT NULL,
+    action character(1) NOT NULL,
+    ord NUMERIC NOT NULL,
+    match_all boolean NOT NULL,
+    match_iq boolean NOT NULL,
+    match_message boolean NOT NULL,
+    match_presence_in boolean NOT NULL,
+    match_presence_out boolean NOT NULL
+);
+
+CREATE INDEX i_privacy_list_data_id ON privacy_list_data USING btree (id);
+
+CREATE TABLE private_storage (
+    username text NOT NULL,
+    namespace text NOT NULL,
+    data text NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE INDEX i_private_storage_username ON private_storage USING btree (username);
+CREATE UNIQUE INDEX i_private_storage_username_namespace ON private_storage USING btree (username, namespace);
+
+
+CREATE TABLE roster_version (
+    username text PRIMARY KEY,
+    version text NOT NULL
+);
+
+-- To update from 0.9.8:
+-- CREATE SEQUENCE spool_seq_seq;
+-- ALTER TABLE spool ADD COLUMN seq integer;
+-- ALTER TABLE spool ALTER COLUMN seq SET DEFAULT nextval('spool_seq_seq');
+-- UPDATE spool SET seq = DEFAULT;
+-- ALTER TABLE spool ALTER COLUMN seq SET NOT NULL;
+
+-- To update from 1.x:
+-- ALTER TABLE rosterusers ADD COLUMN askmessage text;
+-- UPDATE rosterusers SET askmessage = '';
+-- ALTER TABLE rosterusers ALTER COLUMN askmessage SET NOT NULL;
+
+CREATE TABLE pubsub_node (
+  host text NOT NULL,
+  node text NOT NULL,
+  parent text NOT NULL DEFAULT '',
+  plugin text NOT NULL,
+  nodeid SERIAL UNIQUE
+);
+CREATE INDEX i_pubsub_node_parent ON pubsub_node USING btree (parent);
+CREATE UNIQUE INDEX i_pubsub_node_tuple ON pubsub_node USING btree (host, node);
+
+CREATE TABLE pubsub_node_option (
+  nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
+  name text NOT NULL,
+  val text NOT NULL
+);
+CREATE INDEX i_pubsub_node_option_nodeid ON pubsub_node_option USING btree (nodeid);
+
+CREATE TABLE pubsub_node_owner (
+  nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
+  owner text NOT NULL
+);
+CREATE INDEX i_pubsub_node_owner_nodeid ON pubsub_node_owner USING btree (nodeid);
+
+CREATE TABLE pubsub_state (
+  nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
+  jid text NOT NULL,
+  affiliation character(1),
+  subscriptions text NOT NULL DEFAULT '',
+  stateid SERIAL UNIQUE
+);
+CREATE INDEX i_pubsub_state_jid ON pubsub_state USING btree (jid);
+CREATE UNIQUE INDEX i_pubsub_state_tuple ON pubsub_state USING btree (nodeid, jid);
+
+CREATE TABLE pubsub_item (
+  nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
+  itemid text NOT NULL,
+  publisher text NOT NULL,
+  creation varchar(32) NOT NULL,
+  modification varchar(32) NOT NULL,
+  payload text NOT NULL DEFAULT ''
+);
+CREATE INDEX i_pubsub_item_itemid ON pubsub_item USING btree (itemid);
+CREATE UNIQUE INDEX i_pubsub_item_tuple ON pubsub_item USING btree (nodeid, itemid);
+
+CREATE TABLE pubsub_subscription_opt (
+  subid text NOT NULL,
+  opt_name varchar(32),
+  opt_value text NOT NULL
+);
+CREATE UNIQUE INDEX i_pubsub_subscription_opt ON pubsub_subscription_opt USING btree (subid, opt_name);
+
+CREATE TABLE muc_room (
+    name text NOT NULL,
+    host text NOT NULL,
+    opts text NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE UNIQUE INDEX i_muc_room_name_host ON muc_room USING btree (name, host);
+
+CREATE TABLE muc_registered (
+    jid text NOT NULL,
+    host text NOT NULL,
+    nick text NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE INDEX i_muc_registered_nick ON muc_registered USING btree (nick);
+CREATE UNIQUE INDEX i_muc_registered_jid_host ON muc_registered USING btree (jid, host);
+
+CREATE TABLE muc_online_room (
+    name text NOT NULL,
+    host text NOT NULL,
+    node text NOT NULL,
+    pid text NOT NULL
+);
+
+CREATE UNIQUE INDEX i_muc_online_room_name_host ON muc_online_room USING btree (name, host);
+
+CREATE TABLE muc_online_users (
+    username text NOT NULL,
+    server text NOT NULL,
+    resource text NOT NULL,
+    name text NOT NULL,
+    host text NOT NULL,
+    node text NOT NULL
+);
+
+CREATE UNIQUE INDEX i_muc_online_users ON muc_online_users USING btree (username, server, resource, name, host);
+CREATE INDEX i_muc_online_users_us ON muc_online_users USING btree (username, server);
+
+CREATE TABLE muc_room_subscribers (
+   room text NOT NULL,
+   host text NOT NULL,
+   jid text NOT NULL,
+   nick text NOT NULL,
+   nodes text NOT NULL,
+   created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE INDEX i_muc_room_subscribers_host_jid ON muc_room_subscribers USING btree (host, jid);
+CREATE UNIQUE INDEX i_muc_room_subscribers_host_room_jid ON muc_room_subscribers USING btree (host, room, jid);
+
+CREATE TABLE motd (
+    username text PRIMARY KEY,
+    xml text,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE TABLE caps_features (
+    node text NOT NULL,
+    subnode text NOT NULL,
+    feature text,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE INDEX i_caps_features_node_subnode ON caps_features USING btree (node, subnode);
+
+CREATE TABLE sm (
+    usec bigint NOT NULL,
+    pid text NOT NULL,
+    node text NOT NULL,
+    username text NOT NULL,
+    resource text NOT NULL,
+    priority text NOT NULL,
+    info text NOT NULL
+);
+
+CREATE UNIQUE INDEX i_sm_sid ON sm USING btree (usec, pid);
+CREATE INDEX i_sm_node ON sm USING btree (node);
+CREATE INDEX i_sm_username ON sm USING btree (username);
+
+CREATE TABLE oauth_token (
+    token text NOT NULL,
+    jid text NOT NULL,
+    scope text NOT NULL,
+    expire bigint NOT NULL
+);
+
+CREATE UNIQUE INDEX i_oauth_token_token ON oauth_token USING btree (token);
+
+CREATE TABLE route (
+    domain text NOT NULL,
+    server_host text NOT NULL,
+    node text NOT NULL,
+    pid text NOT NULL,
+    local_hint text NOT NULL
+);
+
+CREATE UNIQUE INDEX i_route ON route USING btree (domain, server_host, node, pid);
+CREATE INDEX i_route_domain ON route USING btree (domain);
+
+CREATE TABLE bosh (
+    sid text NOT NULL,
+    node text NOT NULL,
+    pid text NOT NULL
+);
+
+CREATE UNIQUE INDEX i_bosh_sid ON bosh USING btree (sid);
+
+CREATE TABLE proxy65 (
+    sid text NOT NULL,
+    pid_t text NOT NULL,
+    pid_i text NOT NULL,
+    node_t text NOT NULL,
+    node_i text NOT NULL,
+    jid_i text NOT NULL
+);
+
+CREATE UNIQUE INDEX i_proxy65_sid ON proxy65 USING btree (sid);
+CREATE INDEX i_proxy65_jid ON proxy65 USING btree (jid_i);
+
+CREATE TABLE push_session (
+    username text NOT NULL,
+    timestamp bigint NOT NULL,
+    service text NOT NULL,
+    node text NOT NULL,
+    xml text NOT NULL
+);
+
+CREATE UNIQUE INDEX i_push_usn ON push_session USING btree (username, service, node);
+CREATE UNIQUE INDEX i_push_ut ON push_session USING btree (username, timestamp);
+
+CREATE TABLE mix_channel (
+    channel text NOT NULL,
+    service text NOT NULL,
+    username text NOT NULL,
+    domain text NOT NULL,
+    jid text NOT NULL,
+    hidden boolean NOT NULL,
+    hmac_key text NOT NULL,
+    created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE UNIQUE INDEX i_mix_channel ON mix_channel (channel, service);
+CREATE INDEX i_mix_channel_serv ON mix_channel (service);
+
+CREATE TABLE mix_participant (
+    channel text NOT NULL,
+    service text NOT NULL,
+    username text NOT NULL,
+    domain text NOT NULL,
+    jid text NOT NULL,
+    id text NOT NULL,
+    nick text NOT NULL,
+    created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE UNIQUE INDEX i_mix_participant ON mix_participant (channel, service, username, domain);
+CREATE INDEX i_mix_participant_chan_serv ON mix_participant (channel, service);
+
+CREATE TABLE mix_subscription (
+    channel text NOT NULL,
+    service text NOT NULL,
+    username text NOT NULL,
+    domain text NOT NULL,
+    node text NOT NULL,
+    jid text NOT NULL
+);
+
+CREATE UNIQUE INDEX i_mix_subscription ON mix_subscription (channel, service, username, domain, node);
+CREATE INDEX i_mix_subscription_chan_serv_ud ON mix_subscription (channel, service, username, domain);
+CREATE INDEX i_mix_subscription_chan_serv_node ON mix_subscription (channel, service, node);
+CREATE INDEX i_mix_subscription_chan_serv ON mix_subscription (channel, service);
+
+CREATE TABLE mix_pam (
+    username text NOT NULL,
+    channel text NOT NULL,
+    service text NOT NULL,
+    id text NOT NULL,
+    created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE UNIQUE INDEX i_mix_pam ON mix_pam (username, channel, service);
+CREATE INDEX i_mix_pam_us ON mix_pam (username);

site-cookbooks/kosmos-ejabberd/metadata.rb

@@ -0,0 +1,25 @@
+name 'kosmos-ejabberd'
+maintainer 'Kosmos'
+maintainer_email 'ops@kosmos.org'
+license 'MIT'
+description 'Installs/Configures kosmos-ejabberd'
+long_description 'Installs/Configures kosmos-ejabberd'
+version '0.1.0'
+chef_version '>= 12.14' if respond_to?(:chef_version)
+
+# The `issues_url` points to the location where issues for this cookbook are
+# tracked.  A `View Issues` link will be displayed on this cookbook's page when
+# uploaded to a Supermarket.
+#
+# issues_url 'https://github.com/<insert_org_here>/kosmos-ejabberd/issues'
+
+# The `source_url` points to the development repository for this cookbook.  A
+# `View Source` link will be displayed on this cookbook's page when uploaded to
+# a Supermarket.
+#
+# source_url 'https://github.com/<insert_org_here>/kosmos-ejabberd'
+
+depends "kosmos-postgresql"
+depends "kosmos-base"
+depends "backup"
+depends "firewall"

site-cookbooks/kosmos-ejabberd/recipes/backup.rb

@@ -0,0 +1,45 @@
+#
+# Cookbook:: kosmos-ejabberd
+# Recipe:: backup
+#
+# The MIT License (MIT)
+#
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
+
+unless node.chef_environment == "development"
+  # backup the data dir and the config files
+  node.override["backup"]["archives"]["ejabberd"] = ["/opt/ejabberd", "/var/www/xmpp.kosmos.org", "/var/www/xmpp.5apps.com"]
+  unless node["backup"]["postgresql"]["databases"].keys.include? "ejabberd"
+    node.override["backup"]["postgresql"]["databases"]["ejabberd"] = {
+      username: "ejabberd",
+      password: postgresql_data_bag_item['ejabberd_user_password']
+    }
+  end
+  unless node["backup"]["postgresql"]["databases"].keys.include? "ejabberd_5apps"
+    node.override["backup"]["postgresql"]["databases"]["ejabberd_5apps"] = {
+      username: "ejabberd",
+      password: postgresql_data_bag_item['ejabberd_user_password']
+    }
+  end
+  include_recipe "backup"
+end

site-cookbooks/kosmos-ejabberd/recipes/default.rb

@@ -0,0 +1,129 @@
+#
+# Cookbook:: kosmos-ejabberd
+# Recipe:: default
+#
+# The MIT License (MIT)
+#
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+include_recipe "kosmos-postgresql"
+
+cookbook_file "#{Chef::Config[:file_cache_path]}/pg.sql" do
+  source "pg.sql"
+  mode "0664"
+end
+
+ejabberd_version = node["kosmos-ejabberd"]["version"]
+package_checksum = node["kosmos-ejabberd"]["checksum"]
+package_path = "#{Chef::Config['file_cache_path']}/ejabberd_#{ejabberd_version}-0_amd64.deb"
+
+remote_file package_path do
+  source "https://www.process-one.net/downloads/downloads-action.php?file=/ejabberd/#{ejabberd_version}/ejabberd_#{ejabberd_version}-0_amd64.deb"
+  checksum package_checksum
+  notifies :install, "dpkg_package[ejabberd]", :immediately
+end
+
+dpkg_package "ejabberd" do
+  source package_path
+  version "#{ejabberd_version}-0"
+  action :nothing
+  notifies :create, "file[/lib/systemd/system/ejabberd.service]", :immediately
+end
+
+postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
+
+postgresql_user 'ejabberd' do
+  action :create
+  password postgresql_data_bag_item['ejabberd_user_password']
+end
+
+postgresql_database 'ejabberd' do
+  owner 'ejabberd'
+  action :create
+  notifies :run, "execute[create db schema ejabberd]", :delayed
+end
+
+postgresql_database 'ejabberd_5apps' do
+  owner 'ejabberd'
+  action :create
+  notifies :run, "execute[create db schema ejabberd_5apps]", :delayed
+end
+
+execute "create db schema ejabberd" do
+  user "ejabberd"
+  command "psql ejabberd < #{Chef::Config[:file_cache_path]}/pg.sql"
+  action :nothing
+end
+
+execute "create db schema ejabberd_5apps" do
+  user "ejabberd"
+  command "psql ejabberd_5apps < #{Chef::Config[:file_cache_path]}/pg.sql"
+  action :nothing
+end
+
+template "/opt/ejabberd/conf/ejabberd.yml" do
+  source    "ejabberd.yml.erb"
+  mode      0640
+  sensitive true
+  variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password']
+  notifies :run, "execute[ejabberdctl reload_config]", :delayed
+end
+
+execute "ejabberdctl reload_config" do
+  command "/opt/ejabberd-#{ejabberd_version}/bin/ejabberdctl reload_config"
+  action :nothing
+end
+
+file "/etc/init.d/ejabberd" do
+  action :delete
+end
+
+# Copy the systemd service file
+file "/lib/systemd/system/ejabberd.service" do
+  content lazy { IO.read("/opt/ejabberd-#{ejabberd_version}/bin/ejabberd.service") }
+  action :nothing
+  notifies :run, "execute[systemctl daemon-reload]", :immediately
+  notifies :restart, "service[ejabberd]", :delayed
+end
+
+execute "systemctl daemon-reload" do
+  command "systemctl daemon-reload"
+  action :nothing
+end
+
+directory "/var/www/xmpp.kosmos.org/uploads" do
+  owner "ejabberd"
+  group "ejabberd"
+  mode 0750
+  recursive true
+end
+
+service "ejabberd" do
+  action [:enable, :start]
+end
+
+unless node.chef_environment == "development"
+  firewall_rule 'ejabberd' do
+    port     [5222, 5223, 5269, 5280, 5443]
+    protocol :tcp
+    command  :allow
+  end
+end

site-cookbooks/kosmos-ejabberd/recipes/letsencrypt.rb

@@ -0,0 +1,73 @@
+#
+# Cookbook:: kosmos-ejabberd
+# Recipe:: letsencrypt
+#
+# The MIT License (MIT)
+#
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+include_recipe "kosmos-base::letsencrypt"
+
+ejabberd_post_hook = <<-EOF
+#!/usr/bin/env bash
+
+set -e
+
+# Copy the ejabberd certificate and restart the server if it has been renewed
+# This is necessary because the ejabberd user doesn't have access to the
+# letsencrypt live folder
+for domain in $RENEWED_DOMAINS; do
+  case $domain in
+  kosmos.org|5apps.com)
+    cp "${RENEWED_LINEAGE}/privkey.pem" /opt/ejabberd/conf/$domain.key
+    cp "${RENEWED_LINEAGE}/fullchain.pem" /opt/ejabberd/conf/$domain.crt
+    chown ejabberd:ejabberd /opt/ejabberd/conf/$domain.*
+    chmod 600 /opt/ejabberd/conf/$domain.*
+    /opt/ejabberd-#{node["kosmos-ejabberd"]["version"]}/bin/ejabberdctl reload_config
+    ;;
+  esac
+done
+EOF
+
+file "/etc/letsencrypt/renewal-hooks/post/ejabberd" do
+  content ejabberd_post_hook
+  mode 0755
+  owner "root"
+  group "root"
+end
+
+# Generate a Let's Encrypt cert (only if no cert has been generated before).
+# The systemd timer will take care of renewing
+execute "letsencrypt cert for kosmos xmpp" do
+  command "/usr/bin/certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@kosmos.org -d kosmos.org -d chat.kosmos.org -d xmpp.kosmos.org -n"
+  not_if do
+    File.exist?("/etc/letsencrypt/live/kosmos.org/fullchain.pem")
+  end
+end
+
+# Generate a Let's Encrypt cert (only if no cert has been generated before).
+# The systemd timer will take care of renewing
+execute "letsencrypt cert for 5apps xmpp" do
+  command "/usr/bin/certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos --manual-auth-hook \"/root/gandi_dns_certbot_hook.sh auth\" --manual-cleanup-hook \"/root/gandi_dns_certbot_hook.sh cleanup\" --deploy-hook \"/etc/letsencrypt/renewal-hooks/post/ejabberd\" --email ops@5apps.com -d 5apps.com -d muc.5apps.com -d xmpp.5apps.com -n"
+  not_if do
+    File.exist?("/etc/letsencrypt/live/5apps.com/fullchain.pem")
+  end
+end

site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb

@@ -0,0 +1,294 @@
+loglevel: 4
+
+log_rotate_size: 10485760
+log_rotate_date: ""
+log_rotate_count: 1
+
+log_rate_limit: 100
+
+hosts:
+  - "kosmos.org"
+  - "5apps.com"
+
+host_config:
+  "kosmos.org":
+    sql_type: pgsql
+    sql_server: "localhost"
+    sql_database: "ejabberd"
+    sql_username: "ejabberd"
+    sql_password: "<%= @pgsql_password %>"
+  "5apps.com":
+    sql_type: pgsql
+    sql_server: "localhost"
+    sql_database: "ejabberd_5apps"
+    sql_username: "ejabberd"
+    sql_password: "<%= @pgsql_password %>"
+
+<% if (File.exist?("/opt/ejabberd/conf/kosmos.org.crt") && File.exist?("/opt/ejabberd/conf/kosmos.org.key")) ||
+    (File.exist?("/opt/ejabberd/conf/5apps.com.crt") && File.exist?("/opt/ejabberd/conf/5apps.com.key")) -%>
+certfiles:
+<% if File.exist?("/opt/ejabberd/conf/kosmos.org.crt") && File.exist?("/opt/ejabberd/conf/kosmos.org.key") -%>
+  - "/opt/ejabberd/conf/kosmos.org.crt"
+  - "/opt/ejabberd/conf/kosmos.org.key"
+<% end -%>
+<% if File.exist?("/opt/ejabberd/conf/5apps.com.crt") && File.exist?("/opt/ejabberd/conf/5apps.com.key") -%>
+  - "/opt/ejabberd/conf/5apps.com.crt"
+  - "/opt/ejabberd/conf/5apps.com.key"
+<% end -%>
+<% end -%>
+
+ca_file: "/opt/ejabberd/conf/cacert.pem"
+
+define_macro:
+  'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
+  'TLS_OPTIONS':
+    - "no_sslv3"
+    - "cipher_server_preference"
+    - "no_compression"
+  'DH_FILE': "/opt/ejabberd/conf/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
+
+c2s_dhfile: 'DH_FILE'
+s2s_dhfile: 'DH_FILE'
+c2s_ciphers: 'TLS_CIPHERS'
+s2s_ciphers: 'TLS_CIPHERS'
+c2s_protocol_options: 'TLS_OPTIONS'
+s2s_protocol_options: 'TLS_OPTIONS'
+
+listen:
+  -
+    port: 5222
+    ip: "::"
+    module: ejabberd_c2s
+    starttls: true
+    max_stanza_size: 65536
+    shaper: c2s_shaper
+    access: c2s
+  -
+    port: 5223
+    ip: "::"
+    module: ejabberd_c2s
+    tls: true
+    max_stanza_size: 65536
+    shaper: c2s_shaper
+    access: c2s
+  -
+    port: 5269
+    ip: "::"
+    module: ejabberd_s2s_in
+    max_stanza_size: 131072
+    shaper: s2s_shaper
+  -
+    port: 5443
+    ip: "::"
+    module: ejabberd_http
+    request_handlers:
+      "/ws": ejabberd_http_ws
+      "/bosh": mod_bosh
+      "/api": mod_http_api
+      "/upload": mod_http_upload
+    custom_headers:
+      "Access-Control-Allow-Origin": "*"
+      "Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT"
+      "Access-Control-Allow-Headers": "Authorization"
+      "Access-Control-Allow-Credentials": "true"
+    tls: true
+    ##  "/pub/archive": mod_http_fileserver
+    web_admin: true
+    ## register: true
+    captcha: false
+
+s2s_use_starttls: optional
+
+auth_password_format: scram
+auth_method: sql
+
+default_db: sql
+
+shaper:
+  normal: 1000
+  fast: 50000
+
+max_fsm_queue: 10000
+
+acl:
+  admin:
+    user:
+      - "greg@5apps.com"
+      - "sebastian@5apps.com"
+      - "garret@5apps.com"
+      - "raucao@kosmos.org"
+      - "greg@kosmos.org"
+      - "galfert@kosmos.org"
+
+  local:
+    user_regexp: ""
+
+  loopback:
+    ip:
+      - "127.0.0.0/8"
+      - "::1/128"
+      - "::FFFF:127.0.0.1/128"
+
+shaper_rules:
+  max_user_sessions: 10
+  max_user_offline_messages:
+    - 5000: admin
+    - 100
+  c2s_shaper:
+    - none: admin
+    - normal
+  s2s_shaper: fast
+
+access_rules:
+  local:
+    - allow: local
+  c2s:
+    - deny: blocked
+    - allow
+  announce:
+    - allow: admin
+  configure:
+    - allow: admin
+  muc_create:
+    - allow: admin
+    - allow: local
+  pubsub_createnode:
+    - allow: local
+  register:
+    - allow
+  trusted_network:
+    - allow: loopback
+
+api_permissions:
+  "console commands":
+    from:
+      - ejabberd_ctl
+    who: all
+    what: "*"
+  "admin access":
+    who:
+      - access:
+          - allow:
+            - acl: loopback
+            - acl: admin
+      - oauth:
+        - scope: "ejabberd:admin"
+        - access:
+          - allow:
+            - acl: loopback
+            - acl: admin
+    what:
+      - "*"
+      - "!stop"
+      - "!start"
+  "public commands":
+    who:
+      - ip: "127.0.0.1/8"
+    what:
+      - "status"
+      - "connected_users_number"
+
+language: "en"
+
+modules:
+  mod_adhoc: {}
+  mod_admin_extra: {}
+  mod_announce: # recommends mod_adhoc
+    access: announce
+  mod_blocking: {} # requires mod_privacy
+  mod_caps: {}
+  mod_carboncopy: {}
+  mod_client_state: {}
+  mod_configure: {} # requires mod_adhoc
+  mod_disco:
+    server_info:
+      -
+        modules: all
+        name: "abuse-addresses"
+        urls: ["mailto:abuse@@HOST@"]
+  mod_bosh: {}
+  mod_http_upload:
+    docroot: "/var/www/xmpp.@HOST@/uploads/"
+    put_url: "https://xmpp.@HOST@:5443/upload"
+    thumbnail: false # otherwise needs the identify command from ImageMagick installed
+  mod_last: {}
+  mod_mam:
+    default: always
+    request_activates_archiving: true
+  mod_muc_admin: {}
+  mod_offline:
+    access_max_user_messages: max_user_offline_messages
+  mod_ping: {}
+  mod_privacy: {}
+  mod_private: {}
+  mod_proxy65: {}
+  mod_pubsub:
+    access_createnode: pubsub_createnode
+    ignore_pep_from_offline: false
+    last_item_cache: false
+    max_items_node: 10
+    plugins:
+      - "flat"
+      - "pep" # pep requires mod_caps
+  mod_push: {}
+  mod_push_keepalive: {}
+  mod_register:
+    welcome_message:
+      subject: "Welcome!"
+      body: |-
+        Hi.
+        Welcome to this XMPP server.
+    ip_access: trusted_network
+    access: register
+  mod_roster:
+    versioning: true
+    store_current_id: true
+  mod_shared_roster: {}
+  mod_vcard:
+    search: false
+  mod_vcard_xupdate: {}
+  mod_avatar: {}
+  mod_version: {}
+  mod_stream_mgmt: {}
+  mod_s2s_dialback: {}
+  mod_http_api: {}
+
+append_host_config:
+  "5apps.com":
+    modules:
+      mod_muc:
+        host: "muc.@HOST@"
+        access:
+          - allow: local
+        access_admin:
+          - allow: admin
+        access_create: muc_create
+        access_persistent: muc_create
+        max_user_conferences: 1000
+        default_room_options:
+          anonymous: false
+          public: true
+          members_only: true
+          public_list: false
+          persistent: true
+          mam: true
+  "kosmos.org":
+    modules:
+      mod_muc:
+        host: "chat.@HOST@"
+        access:
+          - allow
+        access_admin:
+          - allow: admin
+        access_create: muc_create
+        access_persistent: muc_create
+        max_user_conferences: 1000
+        default_room_options:
+          mam: true
+
+allow_contrib_modules: true
+
+### Local Variables:
+### mode: yaml
+### End:
+### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:

site-cookbooks/kosmos-ejabberd/test/integration/default/serverspec/default_spec.rb

@@ -0,0 +1,23 @@
+require 'serverspec'
+
+# Required by serverspec
+set :backend, :exec
+
+describe 'ejabberd' do
+  describe package('ejabberd') do
+    it { should be_installed }
+  end
+
+  it 'is listening on port 5222 (client-to-server)' do
+    expect(port(5222)).to be_listening
+  end
+
+  it 'is listening on port 5269 (server-to-server)' do
+    expect(port(5269)).to be_listening
+  end
+
+  it 'runs the ejabberd service' do
+    expect(service('ejabberd')).to be_running
+    expect(service('ejabberd')).to be_enabled
+  end
+end

site-cookbooks/kosmos-mastodon/recipes/default.rb

@@ -209,17 +209,11 @@ end
 #
 
 unless node.chef_environment == "development"
-  node.override["backup"]["postgresql"]["host"]     = "localhost"
+  unless node["backup"]["postgresql"]["databases"].keys.include? 'mastodon'
-  unless platform?('ubuntu') && node[:platform_version].to_f < 18.04
+    node.override["backup"]["postgresql"]["databases"]["mastodon"] = {
-    node.override["backup"]["postgresql"]["username"] = "mastodon"
+      username: "mastodon",
-    node.override["backup"]["postgresql"]["password"] = postgresql_data_bag_item['mastodon_user_password']
+      password: postgresql_data_bag_item['mastodon_user_password']
-  else
+    }
-    node.override["backup"]["postgresql"]["username"] = "postgres"
-    node.override["backup"]["postgresql"]["password"] = node['postgresql']['password']['postgres']
-  end
-  unless node["backup"]["postgresql"]["databases"].include? 'mastodon'
-    node.override["backup"]["postgresql"]["databases"] =
-      node["backup"]["postgresql"]["databases"].to_a << "mastodon"
   end
 
   include_recipe "backup"