From 68b56789c59adb5453a9adf1decadd36a8f7e47d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A2u=20Cao?= <raucao@kip.pe>
Date: Sun, 30 Jul 2023 12:36:14 +0200
Subject: [PATCH] Migrate ejabberd UDP streams to openresty

And remove the other streams in the process, in favor of running haproxy
on all LBs.
---
 nodes/draco.kosmos.org.json                   |  1 +
 roles/openresty_proxy.rb                      |  2 +-
 .../kosmos-ejabberd/recipes/nginx.rb          | 17 +-----
 .../templates/nginx_conf_streams.erb          | 56 +------------------
 4 files changed, 6 insertions(+), 70 deletions(-)

diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json
index c2432b1..0116bb3 100644
--- a/nodes/draco.kosmos.org.json
+++ b/nodes/draco.kosmos.org.json
@@ -45,6 +45,7 @@
       "kosmos_assets::nginx_site",
       "kosmos_discourse::nginx",
       "kosmos_drone::nginx",
+      "kosmos-ejabberd::nginx",
       "kosmos_garage::nginx_web",
       "kosmos_gitea::nginx",
       "kosmos_gitea::nginx_ssh",
diff --git a/roles/openresty_proxy.rb b/roles/openresty_proxy.rb
index e731403..a3107f4 100644
--- a/roles/openresty_proxy.rb
+++ b/roles/openresty_proxy.rb
@@ -20,7 +20,6 @@ development_run_list = %w(
 
 default_run_list = %w(
   role[openresty]
-  kosmos-ejabberd::nginx
 )
 
 production_run_list = %w(
@@ -29,6 +28,7 @@ production_run_list = %w(
   kosmos_assets::nginx_site
   kosmos_discourse::nginx
   kosmos_drone::nginx
+  kosmos-ejabberd::nginx
   kosmos_garage::nginx_web
   kosmos_gitea::nginx
   kosmos_gitea::nginx_ssh
diff --git a/site-cookbooks/kosmos-ejabberd/recipes/nginx.rb b/site-cookbooks/kosmos-ejabberd/recipes/nginx.rb
index 328985c..6189c36 100644
--- a/site-cookbooks/kosmos-ejabberd/recipes/nginx.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/nginx.rb
@@ -17,28 +17,15 @@ rescue IPAddr::InvalidAddressError
   next
 end
 
-template "#{node['nginx']['dir']}/streams-available/ejabberd" do
-  source "nginx_conf_streams.erb"
-  owner 'www-data'
-  mode 0640
-  # variables ejabberd_hosts: ejabberd_hosts
+openresty_stream "ejabberd" do
+  template "nginx_conf_streams.erb"
   variables ejabberd_hosts: ["10.1.1.113"],
             stun_turn_port: node["kosmos-ejabberd"]["stun_turn_port"],
             turn_min_port: node["kosmos-ejabberd"]["turn_min_port"],
             turn_max_port: node["kosmos-ejabberd"]["turn_max_port"]
-  notifies :reload, 'service[nginx]', :delayed
-end
-
-nginx_stream "ejabberd" do
   action :enable
 end
 
-firewall_rule "ejabberd" do
-  port     [5222, 5223, 5269, 5443]
-  protocol :tcp
-  command  :allow
-end
-
 firewall_rule 'ejabberd_stun_turn' do
   port     node["kosmos-ejabberd"]["stun_turn_port"]
   protocol :udp
diff --git a/site-cookbooks/kosmos-ejabberd/templates/nginx_conf_streams.erb b/site-cookbooks/kosmos-ejabberd/templates/nginx_conf_streams.erb
index 1b200dc..52ac7ee 100644
--- a/site-cookbooks/kosmos-ejabberd/templates/nginx_conf_streams.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/nginx_conf_streams.erb
@@ -5,34 +5,6 @@ log_format proxy '$remote_addr [$time_local] '
 
 access_log /var/log/nginx/streams.log proxy buffer=32k flush=1m;
 
-upstream ejabberd_c2s {
-  hash   $remote_addr consistent;
-<% @ejabberd_hosts.each do |ip_address| %>
-  server <%= ip_address %>:5222;
-<% end %>
-}
-
-upstream ejabberd_c2s_tls {
-  hash   $remote_addr consistent;
-<% @ejabberd_hosts.each do |ip_address| %>
-  server <%= ip_address %>:5223;
-<% end %>
-}
-
-upstream ejabberd_s2s {
-  hash   $remote_addr consistent;
-<% @ejabberd_hosts.each do |ip_address| %>
-  server <%= ip_address %>:5269;
-<% end %>
-}
-
-upstream ejabberd_https {
-  hash   $remote_addr consistent;
-<% @ejabberd_hosts.each do |ip_address| %>
-  server <%= ip_address %>:5443;
-<% end %>
-}
-
 upstream ejabberd_stun_turn {
   hash   $remote_addr consistent;
 <% @ejabberd_hosts.each do |ip_address| %>
@@ -50,36 +22,12 @@ upstream ejabberd_turn {
 }
 
 server {
-  listen     5222;
-  proxy_protocol on;
-  proxy_pass ejabberd_c2s;
-}
-
-server {
-  listen     5223;
-  proxy_protocol on;
-  proxy_pass ejabberd_c2s;
-}
-
-server {
-  listen     5269;
-  proxy_protocol on;
-  proxy_pass ejabberd_s2s;
-}
-
-server {
-  listen     5443;
-  proxy_protocol on;
-  proxy_pass ejabberd_https;
-}
-
-server {
-  listen     <%= @stun_turn_port %> udp;
+  listen <%= @stun_turn_port %> udp;
   proxy_pass ejabberd_stun_turn;
 }
 
 server {
-  listen     <%= "#{@turn_min_port}-#{@turn_max_port}" %> udp;
+  listen <%= "#{@turn_min_port}-#{@turn_max_port}" %> udp;
   proxy_pass 10.1.1.113:$server_port;
   #proxy_pass ejabberd_turn;
 }