Initial kosmos-ejabberd cookbook

site-cookbooks/kosmos-ejabberd/.delivery/project.toml

@@ -0,0 +1 @@
+remote_file = "https://raw.githubusercontent.com/chef-cookbooks/community_cookbook_tools/master/delivery/project.toml"

site-cookbooks/kosmos-ejabberd/.gitignore

@@ -0,0 +1,22 @@
+.vagrant
+*~
+*#
+.#*
+\#*#
+.*.sw[a-z]
+*.un~
+
+# Bundler
+Gemfile.lock
+gems.locked
+bin/*
+.bundle/*
+
+# test kitchen
+.kitchen/
+.kitchen.local.yml
+
+# Chef
+Berksfile.lock
+.zero-knife.rb
+Policyfile.lock.json

site-cookbooks/kosmos-ejabberd/.kitchen.yml

@@ -0,0 +1,23 @@
+---
+driver:
+  name: vagrant
+
+provisioner:
+  name: chef_zero
+  # You may wish to disable always updating cookbooks in CI or other testing environments.
+  # For example:
+  #   always_update_cookbooks: <%= !ENV['CI'] %>
+  always_update_cookbooks: true
+
+verifier:
+  name: inspec
+
+platforms:
+  - name: ubuntu-16.04
+  - name: ubuntu-18.04
+
+suites:
+  - name: default
+    run_list:
+      - recipe[kosmos-ejabberd::default]
+    attributes:

site-cookbooks/kosmos-ejabberd/Berksfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+source 'https://supermarket.chef.io'
+source chef_repo: ".."
+
+cookbook "kosmos-postgresql", path: "../kosmos-postgresql"
+metadata

site-cookbooks/kosmos-ejabberd/CHANGELOG.md

@@ -0,0 +1,11 @@
+# kosmos-ejabberd CHANGELOG
+
+This file is used to list changes made in each version of the kosmos-ejabberd cookbook.
+
+# 0.1.0
+
+Initial release.
+
+- change 0
+- change 1
+

site-cookbooks/kosmos-ejabberd/LICENSE

@@ -0,0 +1,3 @@
+Copyright 2019 Kosmos
+
+All rights reserved, do not redistribute.

site-cookbooks/kosmos-ejabberd/README.md

@@ -0,0 +1,4 @@
+# kosmos-ejabberd
+
+Sets up ejabberd with vhosts for kosmos.org (public server) and 5apps.com
+(private server).

site-cookbooks/kosmos-ejabberd/attributes/default.rb

@@ -0,0 +1,2 @@
+node.default["kosmos-ejabberd"]["version"] = "19.02"
+node.default["kosmos-ejabberd"]["checksum"] = "aea550c58e61eab04ca9beb8896d8b04f4a79321c21dee160a67ad6787236f51"

site-cookbooks/kosmos-ejabberd/chefignore

@@ -0,0 +1,104 @@
+# Put files/directories that should be ignored in this file when uploading
+# to a chef-server or supermarket.
+# Lines that start with '# ' are comments.
+
+# OS generated files #
+######################
+.DS_Store
+Icon?
+nohup.out
+ehthumbs.db
+Thumbs.db
+
+# SASS #
+########
+.sass-cache
+
+# EDITORS #
+###########
+\#*
+.#*
+*~
+*.sw[a-z]
+*.bak
+REVISION
+TAGS*
+tmtags
+*_flymake.*
+*_flymake
+*.tmproj
+.project
+.settings
+mkmf.log
+
+## COMPILED ##
+##############
+a.out
+*.o
+*.pyc
+*.so
+*.com
+*.class
+*.dll
+*.exe
+*/rdoc/
+
+# Testing #
+###########
+.watchr
+.rspec
+spec/*
+spec/fixtures/*
+test/*
+features/*
+examples/*
+Guardfile
+Procfile
+.kitchen*
+kitchen.yml*
+.rubocop.yml
+spec/*
+Rakefile
+.travis.yml
+.foodcritic
+.codeclimate.yml
+
+# SCM #
+#######
+.git
+*/.git
+.gitignore
+.gitmodules
+.gitconfig
+.gitattributes
+.svn
+*/.bzr/*
+*/.hg/*
+*/.svn/*
+
+# Berkshelf #
+#############
+Berksfile
+Berksfile.lock
+cookbooks/*
+tmp
+
+# Bundler #
+###########
+vendor/*
+
+# Policyfile #
+##############
+Policyfile.rb
+Policyfile.lock.json
+
+# Cookbooks #
+#############
+CONTRIBUTING*
+CHANGELOG*
+TESTING*
+
+# Vagrant #
+###########
+.vagrant
+Vagrantfile

site-cookbooks/kosmos-ejabberd/files/pg.new.sql

@@ -0,0 +1,644 @@
+--
+-- ejabberd, Copyright (C) 2002-2019   ProcessOne
+--
+-- This program is free software; you can redistribute it and/or
+-- modify it under the terms of the GNU General Public License as
+-- published by the Free Software Foundation; either version 2 of the
+-- License, or (at your option) any later version.
+--
+-- This program is distributed in the hope that it will be useful,
+-- but WITHOUT ANY WARRANTY; without even the implied warranty of
+-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+-- General Public License for more details.
+--
+-- You should have received a copy of the GNU General Public License along
+-- with this program; if not, write to the Free Software Foundation, Inc.,
+-- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+--
+
+-- To update from the old schema, replace <HOST> with the host's domain:
+
+-- ALTER TABLE users ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- ALTER TABLE users DROP CONSTRAINT users_pkey;
+-- ALTER TABLE users ADD PRIMARY KEY (server_host, username);
+-- ALTER TABLE users ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE last ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- ALTER TABLE last DROP CONSTRAINT last_pkey;
+-- ALTER TABLE last ADD PRIMARY KEY (server_host, username);
+-- ALTER TABLE last ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE rosterusers ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- DROP INDEX i_rosteru_user_jid;
+-- DROP INDEX i_rosteru_username;
+-- DROP INDEX i_rosteru_jid;
+-- CREATE UNIQUE INDEX i_rosteru_sh_user_jid ON rosterusers USING btree (server_host, username, jid);
+-- CREATE INDEX i_rosteru_sh_username ON rosterusers USING btree (server_host, username);
+-- CREATE INDEX i_rosteru_sh_jid ON rosterusers USING btree (server_host, jid);
+-- ALTER TABLE rosterusers ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE rostergroups ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- DROP INDEX pk_rosterg_user_jid;
+-- CREATE INDEX i_rosterg_sh_user_jid ON rostergroups USING btree (server_host, username, jid);
+-- ALTER TABLE rostergroups ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE sr_group ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- ALTER TABLE sr_group ADD PRIMARY KEY (server_host, name);
+-- ALTER TABLE sr_group ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE sr_user ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- DROP INDEX i_sr_user_jid_grp;
+-- DROP INDEX i_sr_user_jid;
+-- DROP INDEX i_sr_user_grp;
+-- ALTER TABLE sr_user ADD PRIMARY KEY (server_host, jid, grp);
+-- CREATE INDEX i_sr_user_sh_jid ON sr_user USING btree (server_host, jid);
+-- CREATE INDEX i_sr_user_sh_grp ON sr_user USING btree (server_host, grp);
+-- ALTER TABLE sr_user ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE spool ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- DROP INDEX i_despool;
+-- CREATE INDEX i_spool_sh_username ON spool USING btree (server_host, username);
+-- ALTER TABLE spool ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE archive ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- DROP INDEX i_username_timestamp;
+-- DROP INDEX i_username_peer;
+-- DROP INDEX i_username_bare_peer;
+-- DROP INDEX i_timestamp;
+-- CREATE INDEX i_archive_sh_username_timestamp ON archive USING btree (server_host, username, timestamp);
+-- CREATE INDEX i_archive_sh_username_peer ON archive USING btree (server_host, username, peer);
+-- CREATE INDEX i_archive_sh_username_bare_peer ON archive USING btree (server_host, username, bare_peer);
+-- CREATE INDEX i_archive_sh_timestamp ON archive USING btree (server_host, timestamp);
+-- ALTER TABLE archive ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE archive_prefs ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- ALTER TABLE archive_prefs DROP CONSTRAINT archive_prefs_pkey;
+-- ALTER TABLE archive_prefs ADD PRIMARY KEY (server_host, username);
+-- ALTER TABLE archive_prefs ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE vcard ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- ALTER TABLE vcard DROP CONSTRAINT vcard_pkey;
+-- ALTER TABLE vcard ADD PRIMARY KEY (server_host, username);
+-- ALTER TABLE vcard ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE vcard_search ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- ALTER TABLE vcard_search DROP CONSTRAINT vcard_search_pkey;
+-- DROP INDEX i_vcard_search_lfn;
+-- DROP INDEX i_vcard_search_lfamily;
+-- DROP INDEX i_vcard_search_lgiven;
+-- DROP INDEX i_vcard_search_lmiddle;
+-- DROP INDEX i_vcard_search_lnickname;
+-- DROP INDEX i_vcard_search_lbday;
+-- DROP INDEX i_vcard_search_lctry;
+-- DROP INDEX i_vcard_search_llocality;
+-- DROP INDEX i_vcard_search_lemail;
+-- DROP INDEX i_vcard_search_lorgname;
+-- DROP INDEX i_vcard_search_lorgunit;
+-- ALTER TABLE vcard_search ADD PRIMARY KEY (server_host, username);
+-- CREATE INDEX i_vcard_search_sh_lfn       ON vcard_search(server_host, lfn);
+-- CREATE INDEX i_vcard_search_sh_lfamily   ON vcard_search(server_host, lfamily);
+-- CREATE INDEX i_vcard_search_sh_lgiven    ON vcard_search(server_host, lgiven);
+-- CREATE INDEX i_vcard_search_sh_lmiddle   ON vcard_search(server_host, lmiddle);
+-- CREATE INDEX i_vcard_search_sh_lnickname ON vcard_search(server_host, lnickname);
+-- CREATE INDEX i_vcard_search_sh_lbday     ON vcard_search(server_host, lbday);
+-- CREATE INDEX i_vcard_search_sh_lctry     ON vcard_search(server_host, lctry);
+-- CREATE INDEX i_vcard_search_sh_llocality ON vcard_search(server_host, llocality);
+-- CREATE INDEX i_vcard_search_sh_lemail    ON vcard_search(server_host, lemail);
+-- CREATE INDEX i_vcard_search_sh_lorgname  ON vcard_search(server_host, lorgname);
+-- CREATE INDEX i_vcard_search_sh_lorgunit  ON vcard_search(server_host, lorgunit);
+-- ALTER TABLE vcard_search ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE privacy_default_list ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- ALTER TABLE privacy_default_list DROP CONSTRAINT privacy_default_list_pkey;
+-- ALTER TABLE privacy_default_list ADD PRIMARY KEY (server_host, username);
+-- ALTER TABLE privacy_default_list ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE privacy_list ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- DROP INDEX i_privacy_list_username;
+-- DROP INDEX i_privacy_list_username_name;
+-- CREATE INDEX i_privacy_list_sh_username ON privacy_list USING btree (server_host, username);
+-- CREATE UNIQUE INDEX i_privacy_list_sh_username_name ON privacy_list USING btree (server_host, username, name);
+-- ALTER TABLE privacy_list ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE private_storage ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- DROP INDEX i_private_storage_username;
+-- DROP INDEX i_private_storage_username_namespace;
+-- ALTER TABLE private_storage ADD PRIMARY KEY (server_host, username, namespace);
+-- CREATE INDEX i_private_storage_sh_username ON private_storage USING btree (server_host, username);
+-- ALTER TABLE private_storage ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE roster_version ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- ALTER TABLE roster_version DROP CONSTRAINT roster_version_pkey;
+-- ALTER TABLE roster_version ADD PRIMARY KEY (server_host, username);
+-- ALTER TABLE roster_version ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE muc_room ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- ALTER TABLE muc_room ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE muc_registered ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- ALTER TABLE muc_registered ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE muc_online_room ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- ALTER TABLE muc_online_room ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE muc_online_users ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- ALTER TABLE muc_online_users ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE motd ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- ALTER TABLE motd DROP CONSTRAINT motd_pkey;
+-- ALTER TABLE motd ADD PRIMARY KEY (server_host, username);
+-- ALTER TABLE motd ALTER COLUMN server_host DROP DEFAULT;
+
+-- ALTER TABLE sm ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
+-- DROP INDEX i_sm_sid;
+-- DROP INDEX i_sm_username;
+-- ALTER TABLE sm ADD PRIMARY KEY (usec, pid);
+-- CREATE INDEX i_sm_sh_username ON sm USING btree (server_host, username);
+-- ALTER TABLE sm ALTER COLUMN server_host DROP DEFAULT;
+
+
+CREATE TABLE users (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    "password" text NOT NULL,
+    serverkey text NOT NULL DEFAULT '',
+    salt text NOT NULL DEFAULT '',
+    iterationcount integer NOT NULL DEFAULT 0,
+    created_at TIMESTAMP NOT NULL DEFAULT now(),
+    PRIMARY KEY (server_host, username)
+);
+
+-- Add support for SCRAM auth to a database created before ejabberd 16.03:
+-- ALTER TABLE users ADD COLUMN serverkey text NOT NULL DEFAULT '';
+-- ALTER TABLE users ADD COLUMN salt text NOT NULL DEFAULT '';
+-- ALTER TABLE users ADD COLUMN iterationcount integer NOT NULL DEFAULT 0;
+
+CREATE TABLE last (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    seconds text NOT NULL,
+    state text NOT NULL,
+    PRIMARY KEY (server_host, username)
+);
+
+
+CREATE TABLE rosterusers (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    jid text NOT NULL,
+    nick text NOT NULL,
+    subscription character(1) NOT NULL,
+    ask character(1) NOT NULL,
+    askmessage text NOT NULL,
+    server character(1) NOT NULL,
+    subscribe text NOT NULL,
+    "type" text,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE UNIQUE INDEX i_rosteru_sh_user_jid ON rosterusers USING btree (server_host, username, jid);
+CREATE INDEX i_rosteru_sh_username ON rosterusers USING btree (server_host, username);
+CREATE INDEX i_rosteru_sh_jid ON rosterusers USING btree (server_host, jid);
+
+
+CREATE TABLE rostergroups (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    jid text NOT NULL,
+    grp text NOT NULL
+);
+
+CREATE INDEX i_rosterg_sh_user_jid ON rostergroups USING btree (server_host, username, jid);
+
+CREATE TABLE sr_group (
+    name text NOT NULL,
+    server_host text NOT NULL,
+    opts text NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT now(),
+    PRIMARY KEY (server_host, name)
+);
+
+CREATE TABLE sr_user (
+    jid text NOT NULL,
+    server_host text NOT NULL,
+    grp text NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT now(),
+    PRIMARY KEY (server_host, jid, grp)
+);
+
+CREATE INDEX i_sr_user_sh_jid ON sr_user USING btree (server_host, jid);
+CREATE INDEX i_sr_user_sh_grp ON sr_user USING btree (server_host, grp);
+
+CREATE TABLE spool (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    xml text NOT NULL,
+    seq SERIAL,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE INDEX i_spool_sh_username ON spool USING btree (server_host, username);
+
+CREATE TABLE archive (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    timestamp BIGINT NOT NULL,
+    peer text NOT NULL,
+    bare_peer text NOT NULL,
+    xml text NOT NULL,
+    txt text,
+    id SERIAL,
+    kind text,
+    nick text,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE INDEX i_archive_sh_username_timestamp ON archive USING btree (server_host, username, timestamp);
+CREATE INDEX i_archive_sh_username_peer ON archive USING btree (server_host, username, peer);
+CREATE INDEX i_archive_sh_username_bare_peer ON archive USING btree (server_host, username, bare_peer);
+CREATE INDEX i_archive_sh_timestamp ON archive USING btree (server_host, timestamp);
+
+CREATE TABLE archive_prefs (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    def text NOT NULL,
+    always text NOT NULL,
+    never text NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT now(),
+    PRIMARY KEY (server_host, username)
+);
+
+CREATE TABLE vcard (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    vcard text NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT now(),
+    PRIMARY KEY (server_host, username)
+);
+
+CREATE TABLE vcard_search (
+    username text NOT NULL,
+    lusername text NOT NULL,
+    server_host text NOT NULL,
+    fn text NOT NULL,
+    lfn text NOT NULL,
+    family text NOT NULL,
+    lfamily text NOT NULL,
+    given text NOT NULL,
+    lgiven text NOT NULL,
+    middle text NOT NULL,
+    lmiddle text NOT NULL,
+    nickname text NOT NULL,
+    lnickname text NOT NULL,
+    bday text NOT NULL,
+    lbday text NOT NULL,
+    ctry text NOT NULL,
+    lctry text NOT NULL,
+    locality text NOT NULL,
+    llocality text NOT NULL,
+    email text NOT NULL,
+    lemail text NOT NULL,
+    orgname text NOT NULL,
+    lorgname text NOT NULL,
+    orgunit text NOT NULL,
+    lorgunit text NOT NULL,
+    PRIMARY KEY (server_host, username)
+);
+
+CREATE INDEX i_vcard_search_sh_lfn       ON vcard_search(server_host, lfn);
+CREATE INDEX i_vcard_search_sh_lfamily   ON vcard_search(server_host, lfamily);
+CREATE INDEX i_vcard_search_sh_lgiven    ON vcard_search(server_host, lgiven);
+CREATE INDEX i_vcard_search_sh_lmiddle   ON vcard_search(server_host, lmiddle);
+CREATE INDEX i_vcard_search_sh_lnickname ON vcard_search(server_host, lnickname);
+CREATE INDEX i_vcard_search_sh_lbday     ON vcard_search(server_host, lbday);
+CREATE INDEX i_vcard_search_sh_lctry     ON vcard_search(server_host, lctry);
+CREATE INDEX i_vcard_search_sh_llocality ON vcard_search(server_host, llocality);
+CREATE INDEX i_vcard_search_sh_lemail    ON vcard_search(server_host, lemail);
+CREATE INDEX i_vcard_search_sh_lorgname  ON vcard_search(server_host, lorgname);
+CREATE INDEX i_vcard_search_sh_lorgunit  ON vcard_search(server_host, lorgunit);
+
+CREATE TABLE privacy_default_list (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    name text NOT NULL,
+    PRIMARY KEY (server_host, username)
+);
+
+CREATE TABLE privacy_list (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    name text NOT NULL,
+    id SERIAL UNIQUE,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE INDEX i_privacy_list_sh_username ON privacy_list USING btree (server_host, username);
+CREATE UNIQUE INDEX i_privacy_list_sh_username_name ON privacy_list USING btree (server_host, username, name);
+
+CREATE TABLE privacy_list_data (
+    id bigint REFERENCES privacy_list(id) ON DELETE CASCADE,
+    t character(1) NOT NULL,
+    value text NOT NULL,
+    action character(1) NOT NULL,
+    ord NUMERIC NOT NULL,
+    match_all boolean NOT NULL,
+    match_iq boolean NOT NULL,
+    match_message boolean NOT NULL,
+    match_presence_in boolean NOT NULL,
+    match_presence_out boolean NOT NULL
+);
+
+CREATE INDEX i_privacy_list_data_id ON privacy_list_data USING btree (id);
+
+CREATE TABLE private_storage (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    namespace text NOT NULL,
+    data text NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT now(),
+    PRIMARY KEY (server_host, username, namespace)
+);
+
+CREATE INDEX i_private_storage_sh_username ON private_storage USING btree (server_host, username);
+
+
+CREATE TABLE roster_version (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    version text NOT NULL,
+    PRIMARY KEY (server_host, username)
+);
+
+-- To update from 0.9.8:
+-- CREATE SEQUENCE spool_seq_seq;
+-- ALTER TABLE spool ADD COLUMN seq integer;
+-- ALTER TABLE spool ALTER COLUMN seq SET DEFAULT nextval('spool_seq_seq');
+-- UPDATE spool SET seq = DEFAULT;
+-- ALTER TABLE spool ALTER COLUMN seq SET NOT NULL;
+
+-- To update from 1.x:
+-- ALTER TABLE rosterusers ADD COLUMN askmessage text;
+-- UPDATE rosterusers SET askmessage = '';
+-- ALTER TABLE rosterusers ALTER COLUMN askmessage SET NOT NULL;
+
+CREATE TABLE pubsub_node (
+  host text NOT NULL,
+  node text NOT NULL,
+  parent text NOT NULL DEFAULT '',
+  plugin text NOT NULL,
+  nodeid SERIAL UNIQUE
+);
+CREATE INDEX i_pubsub_node_parent ON pubsub_node USING btree (parent);
+CREATE UNIQUE INDEX i_pubsub_node_tuple ON pubsub_node USING btree (host, node);
+
+CREATE TABLE pubsub_node_option (
+  nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
+  name text NOT NULL,
+  val text NOT NULL
+);
+CREATE INDEX i_pubsub_node_option_nodeid ON pubsub_node_option USING btree (nodeid);
+
+CREATE TABLE pubsub_node_owner (
+  nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
+  owner text NOT NULL
+);
+CREATE INDEX i_pubsub_node_owner_nodeid ON pubsub_node_owner USING btree (nodeid);
+
+CREATE TABLE pubsub_state (
+  nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
+  jid text NOT NULL,
+  affiliation character(1),
+  subscriptions text NOT NULL DEFAULT '',
+  stateid SERIAL UNIQUE
+);
+CREATE INDEX i_pubsub_state_jid ON pubsub_state USING btree (jid);
+CREATE UNIQUE INDEX i_pubsub_state_tuple ON pubsub_state USING btree (nodeid, jid);
+
+CREATE TABLE pubsub_item (
+  nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
+  itemid text NOT NULL,
+  publisher text NOT NULL,
+  creation varchar(32) NOT NULL,
+  modification varchar(32) NOT NULL,
+  payload text NOT NULL DEFAULT ''
+);
+CREATE INDEX i_pubsub_item_itemid ON pubsub_item USING btree (itemid);
+CREATE UNIQUE INDEX i_pubsub_item_tuple ON pubsub_item USING btree (nodeid, itemid);
+
+CREATE TABLE pubsub_subscription_opt (
+  subid text NOT NULL,
+  opt_name varchar(32),
+  opt_value text NOT NULL
+);
+CREATE UNIQUE INDEX i_pubsub_subscription_opt ON pubsub_subscription_opt USING btree (subid, opt_name);
+
+CREATE TABLE muc_room (
+    name text NOT NULL,
+    host text NOT NULL,
+    server_host text NOT NULL,
+    opts text NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE UNIQUE INDEX i_muc_room_name_host ON muc_room USING btree (name, host);
+
+CREATE TABLE muc_registered (
+    jid text NOT NULL,
+    host text NOT NULL,
+    server_host text NOT NULL,
+    nick text NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE INDEX i_muc_registered_nick ON muc_registered USING btree (nick);
+CREATE UNIQUE INDEX i_muc_registered_jid_host ON muc_registered USING btree (jid, host);
+
+CREATE TABLE muc_online_room (
+    name text NOT NULL,
+    host text NOT NULL,
+    server_host text NOT NULL,
+    node text NOT NULL,
+    pid text NOT NULL
+);
+
+CREATE UNIQUE INDEX i_muc_online_room_name_host ON muc_online_room USING btree (name, host);
+
+CREATE TABLE muc_online_users (
+    username text NOT NULL,
+    server text NOT NULL,
+    resource text NOT NULL,
+    name text NOT NULL,
+    host text NOT NULL,
+    server_host text NOT NULL,
+    node text NOT NULL
+);
+
+CREATE UNIQUE INDEX i_muc_online_users ON muc_online_users USING btree (username, server, resource, name, host);
+CREATE INDEX i_muc_online_users_us ON muc_online_users USING btree (username, server);
+
+CREATE TABLE muc_room_subscribers (
+   room text NOT NULL,
+   host text NOT NULL,
+   jid text NOT NULL,
+   nick text NOT NULL,
+   nodes text NOT NULL,
+   created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE INDEX i_muc_room_subscribers_host_jid ON muc_room_subscribers USING btree (host, jid);
+CREATE UNIQUE INDEX i_muc_room_subscribers_host_room_jid ON muc_room_subscribers USING btree (host, room, jid);
+
+CREATE TABLE motd (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    xml text,
+    created_at TIMESTAMP NOT NULL DEFAULT now(),
+    PRIMARY KEY (server_host, username)
+);
+
+CREATE TABLE caps_features (
+    node text NOT NULL,
+    subnode text NOT NULL,
+    feature text,
+    created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+CREATE INDEX i_caps_features_node_subnode ON caps_features USING btree (node, subnode);
+
+CREATE TABLE sm (
+    usec bigint NOT NULL,
+    pid text NOT NULL,
+    node text NOT NULL,
+    username text NOT NULL,
+    server_host text NOT NULL,
+    resource text NOT NULL,
+    priority text NOT NULL,
+    info text NOT NULL,
+    PRIMARY KEY (usec, pid)
+);
+
+CREATE INDEX i_sm_node ON sm USING btree (node);
+CREATE INDEX i_sm_sh_username ON sm USING btree (server_host, username);
+
+CREATE TABLE oauth_token (
+    token text NOT NULL,
+    jid text NOT NULL,
+    scope text NOT NULL,
+    expire bigint NOT NULL
+);
+
+CREATE UNIQUE INDEX i_oauth_token_token ON oauth_token USING btree (token);
+
+CREATE TABLE route (
+    domain text NOT NULL,
+    server_host text NOT NULL,
+    node text NOT NULL,
+    pid text NOT NULL,
+    local_hint text NOT NULL
+);
+
+CREATE UNIQUE INDEX i_route ON route USING btree (domain, server_host, node, pid);
+CREATE INDEX i_route_domain ON route USING btree (domain);
+
+CREATE TABLE bosh (
+    sid text NOT NULL,
+    node text NOT NULL,
+    pid text NOT NULL
+);
+
+CREATE UNIQUE INDEX i_bosh_sid ON bosh USING btree (sid);
+
+CREATE TABLE proxy65 (
+    sid text NOT NULL,
+    pid_t text NOT NULL,
+    pid_i text NOT NULL,
+    node_t text NOT NULL,
+    node_i text NOT NULL,
+    jid_i text NOT NULL
+);
+
+CREATE UNIQUE INDEX i_proxy65_sid ON proxy65 USING btree (sid);
+CREATE INDEX i_proxy65_jid ON proxy65 USING btree (jid_i);
+
+CREATE TABLE push_session (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    timestamp bigint NOT NULL,
+    service text NOT NULL,
+    node text NOT NULL,
+    xml text NOT NULL,
+    PRIMARY KEY (server_host, username, timestamp)
+);
+
+CREATE UNIQUE INDEX i_push_session_susn ON push_session USING btree (server_host, username, service, node);
+
+CREATE TABLE mix_channel (
+    channel text NOT NULL,
+    service text NOT NULL,
+    username text NOT NULL,
+    domain text NOT NULL,
+    jid text NOT NULL,
+    hidden boolean NOT NULL,
+    hmac_key text NOT NULL,
+    created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE UNIQUE INDEX i_mix_channel ON mix_channel (channel, service);
+CREATE INDEX i_mix_channel_serv ON mix_channel (service);
+
+CREATE TABLE mix_participant (
+    channel text NOT NULL,
+    service text NOT NULL,
+    username text NOT NULL,
+    domain text NOT NULL,
+    jid text NOT NULL,
+    id text NOT NULL,
+    nick text NOT NULL,
+    created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE UNIQUE INDEX i_mix_participant ON mix_participant (channel, service, username, domain);
+CREATE INDEX i_mix_participant_chan_serv ON mix_participant (channel, service);
+
+CREATE TABLE mix_subscription (
+    channel text NOT NULL,
+    service text NOT NULL,
+    username text NOT NULL,
+    domain text NOT NULL,
+    node text NOT NULL,
+    jid text NOT NULL
+);
+
+CREATE UNIQUE INDEX i_mix_subscription ON mix_subscription (channel, service, username, domain, node);
+CREATE INDEX i_mix_subscription_chan_serv_ud ON mix_subscription (channel, service, username, domain);
+CREATE INDEX i_mix_subscription_chan_serv_node ON mix_subscription (channel, service, node);
+CREATE INDEX i_mix_subscription_chan_serv ON mix_subscription (channel, service);
+
+CREATE TABLE mix_pam (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    channel text NOT NULL,
+    service text NOT NULL,
+    id text NOT NULL,
+    created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE UNIQUE INDEX i_mix_pam ON mix_pam (username, server_host, channel, service);
+CREATE INDEX i_mix_pam_us ON mix_pam (username, server_host);
+
+CREATE TABLE mqtt_pub (
+    username text NOT NULL,
+    server_host text NOT NULL,
+    resource text NOT NULL,
+    topic text NOT NULL,
+    qos smallint NOT NULL,
+    payload bytea NOT NULL,
+    payload_format smallint NOT NULL,
+    content_type text NOT NULL,
+    response_topic text NOT NULL,
+    correlation_data bytea NOT NULL,
+    user_properties bytea NOT NULL,
+    expiry bigint NOT NULL
+);
+
+CREATE UNIQUE INDEX i_mqtt_topic_server ON mqtt_pub (topic, server_host);

site-cookbooks/kosmos-ejabberd/metadata.rb

@@ -0,0 +1,23 @@
+name 'kosmos-ejabberd'
+maintainer 'Kosmos'
+maintainer_email 'ops@5apps.com'
+license 'All Rights Reserved'
+description 'Installs/Configures kosmos-ejabberd'
+long_description 'Installs/Configures kosmos-ejabberd'
+version '0.1.0'
+chef_version '>= 12.14' if respond_to?(:chef_version)
+
+# The `issues_url` points to the location where issues for this cookbook are
+# tracked.  A `View Issues` link will be displayed on this cookbook's page when
+# uploaded to a Supermarket.
+#
+# issues_url 'https://github.com/<insert_org_here>/kosmos-ejabberd/issues'
+
+# The `source_url` points to the development repository for this cookbook.  A
+# `View Source` link will be displayed on this cookbook's page when uploaded to
+# a Supermarket.
+#
+# source_url 'https://github.com/<insert_org_here>/kosmos-ejabberd'
+
+depends "kosmos-postgresql"
+depends "backup"

site-cookbooks/kosmos-ejabberd/recipes/default.rb

@@ -0,0 +1,89 @@
+#
+# Cookbook:: kosmos-ejabberd
+# Recipe:: default
+#
+# Copyright:: 2019, Kosmos, All Rights Reserved.
+#
+
+include_recipe "kosmos-postgresql"
+
+cookbook_file "#{Chef::Config[:file_cache_path]}/pg.new.sql" do
+  source "pg.new.sql"
+  mode "0664"
+end
+
+ejabberd_version = node["kosmos-ejabberd"]["version"]
+package_checksum = node["kosmos-ejabberd"]["checksum"]
+package_path = "#{Chef::Config['file_cache_path']}/ejabberd_#{ejabberd_version}-0_amd64.deb"
+
+remote_file package_path do
+  source "https://www.process-one.net/downloads/downloads-action.php?file=/ejabberd/#{ejabberd_version}/ejabberd_#{ejabberd_version}-0_amd64.deb"
+  checksum package_checksum
+  notifies :install, "dpkg_package[ejabberd]", :immediately
+end
+
+dpkg_package "ejabberd" do
+  source package_path
+  action :nothing
+  notifies :create, "file[/lib/systemd/system/ejabberd.service]", :immediately
+end
+
+postgresql_connection_info = {
+    host:     '127.0.0.1',
+    port:     5432,
+    username: 'postgres',
+    password: node['postgresql']['password']['postgres']
+}
+
+postgresql_database 'ejabberd' do
+  connection postgresql_connection_info
+  action :create
+  notifies :run, "execute[create db schema]", :delayed
+end
+
+postgresql_database_user 'ejabberd' do
+  connection postgresql_connection_info
+  password   'super_secret'
+  database_name 'ejabberd'
+  privileges    [:all]
+  action     [:create, :grant]
+end
+
+execute "create db schema" do
+  user "ejabberd"
+  command "psql ejabberd < #{Chef::Config[:file_cache_path]}/pg.new.sql"
+  action :nothing
+end
+
+template "/opt/ejabberd/conf/ejabberd.yml" do
+  source    "ejabberd.yml.erb"
+  mode      0640
+  sensitive true
+  variables pgsql_password: "super_secret"
+  notifies :run, "execute[ejabberdctl reload_config]", :delayed
+end
+
+execute "ejabberdctl reload_config" do
+  command "/opt/ejabberd-#{ejabberd_version}/bin/ejabberdctl reload_config"
+  action :nothing
+end
+
+file "/etc/init.d/ejabberd" do
+  action :delete
+end
+
+# Copy the systemd service file
+file "/lib/systemd/system/ejabberd.service" do
+  content lazy { IO.read("/opt/ejabberd-#{ejabberd_version}/bin/ejabberd.service") }
+  action :nothing
+  notifies :run, "execute[systemctl daemon-reload]", :immediately
+end
+
+execute "systemctl daemon-reload" do
+  command "systemctl daemon-reload"
+  action :nothing
+end
+
+service "ejabberd" do
+  action [:enable, :start]
+end

site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb

@@ -0,0 +1,277 @@
+loglevel: 4
+
+log_rotate_size: 10485760
+log_rotate_date: ""
+log_rotate_count: 1
+
+log_rate_limit: 100
+
+hosts:
+  - "kosmos.org"
+
+<% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") -%>
+certfiles:
+  - "/opt/ejabberd/conf/kosmos.org.pem"
+<% end -%>
+
+ca_file: "/opt/ejabberd/conf/cacert.pem"
+
+define_macro:
+  'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
+  'TLS_OPTIONS':
+    - "no_sslv3"
+    - "cipher_server_preference"
+    - "no_compression"
+  'DH_FILE': "/opt/ejabberd/conf/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
+
+c2s_dhfile: 'DH_FILE'
+s2s_dhfile: 'DH_FILE'
+c2s_ciphers: 'TLS_CIPHERS'
+s2s_ciphers: 'TLS_CIPHERS'
+c2s_protocol_options: 'TLS_OPTIONS'
+s2s_protocol_options: 'TLS_OPTIONS'
+
+listen:
+  -
+    port: 5222
+    ip: "::"
+    module: ejabberd_c2s
+    starttls: true
+    max_stanza_size: 65536
+    shaper: c2s_shaper
+    access: c2s
+  -
+    port: 5223
+    ip: "::"
+    module: ejabberd_c2s
+    tls: true
+    max_stanza_size: 65536
+    shaper: c2s_shaper
+    access: c2s
+  -
+    port: 5269
+    ip: "::"
+    module: ejabberd_s2s_in
+    max_stanza_size: 131072
+    shaper: s2s_shaper
+  -
+    port: 5280
+    ip: "::"
+    module: ejabberd_http
+    request_handlers:
+      "/ws": ejabberd_http_ws
+      "/bosh": mod_bosh
+      "/api": mod_http_api
+    tls: true
+    ##  "/pub/archive": mod_http_fileserver
+    web_admin: true
+    ## register: true
+    captcha: false
+  -
+    port: 5443
+    module: ejabberd_http
+    request_handlers:
+      "upload": mod_http_upload
+    <% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") -%>
+    tls: true
+    certfiles:
+      - "/opt/ejabberd/conf/kosmos.org.pem"
+    <% end -%>
+    custom_headers:
+      "Access-Control-Allow-Origin": "*"
+      "Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT"
+      "Access-Control-Allow-Headers": "Authorization"
+      "Access-Control-Allow-Credentials": "true"
+
+s2s_use_starttls: optional
+
+auth_password_format: scram
+auth_method: sql
+
+default_db: sql
+
+sql_type: pgsql
+sql_server: "localhost"
+sql_database: "ejabberd"
+sql_username: "ejabberd"
+sql_password: "<%= @pgsql_password %>"
+new_sql_schema: true
+
+shaper:
+  normal: 1000
+  fast: 50000
+
+max_fsm_queue: 10000
+
+acl:
+  admin:
+    user:
+      - "greg@5apps.com"
+      - "sebastian@5apps.com"
+      - "garret@5apps.com"
+      - "raucao@kosmos.org"
+      - "greg@kosmos.org"
+      - "galfert@kosmos.org"
+
+  local:
+    user_regexp: ""
+
+  loopback:
+    ip:
+      - "127.0.0.0/8"
+      - "::1/128"
+      - "::FFFF:127.0.0.1/128"
+
+shaper_rules:
+  max_user_sessions: 10
+  max_user_offline_messages:
+    - 5000: admin
+    - 100
+  c2s_shaper:
+    - none: admin
+    - normal
+  s2s_shaper: fast
+
+access_rules:
+  local:
+    - allow: local
+  c2s:
+    - deny: blocked
+    - allow
+  announce:
+    - allow: admin
+  configure:
+    - allow: admin
+  muc_create:
+    - allow: admin
+    - allow: local
+  pubsub_createnode:
+    - allow: local
+  register:
+    - allow
+  trusted_network:
+    - allow: loopback
+
+api_permissions:
+  "console commands":
+    from:
+      - ejabberd_ctl
+    who: all
+    what: "*"
+  "admin access":
+    who:
+      - access:
+          - allow:
+            - acl: loopback
+            - acl: admin
+      - oauth:
+        - scope: "ejabberd:admin"
+        - access:
+          - allow:
+            - acl: loopback
+            - acl: admin
+    what:
+      - "*"
+      - "!stop"
+      - "!start"
+  "public commands":
+    who:
+      - ip: "127.0.0.1/8"
+    what:
+      - "status"
+      - "connected_users_number"
+
+language: "en"
+
+modules:
+  mod_adhoc: {}
+  mod_admin_extra: {}
+  mod_announce: # recommends mod_adhoc
+    access: announce
+  mod_blocking: {} # requires mod_privacy
+  mod_caps: {}
+  mod_carboncopy: {}
+  mod_client_state: {}
+  mod_configure: {} # requires mod_adhoc
+  mod_disco:
+    server_info:
+      -
+        modules: all
+        name: "abuse-addresses"
+        urls: ["mailto:abuse@kosmos.org"]
+  mod_bosh: {}
+  mod_http_upload:
+    docroot: "/var/www/xmpp.@HOST@/uploads/"
+    put_url: "https://xmpp.@HOST@:5443/upload"
+    thumbnail: false # otherwise needs the identify command from ImageMagick installed
+  mod_last: {}
+  mod_mam:
+    default: always
+    request_activates_archiving: true
+  mod_muc:
+    access:
+      - allow
+    access_admin:
+      - allow: admin
+    access_create: muc_create
+    access_persistent: muc_create
+    default_room_options:
+      mam: true
+  mod_muc_admin: {}
+  mod_offline:
+    access_max_user_messages: max_user_offline_messages
+  mod_ping: {}
+  mod_privacy: {}
+  mod_private: {}
+  mod_proxy65: {}
+  mod_pubsub:
+    access_createnode: pubsub_createnode
+    ignore_pep_from_offline: false
+    last_item_cache: false
+    max_items_node: 10
+    plugins:
+      - "flat"
+      - "pep" # pep requires mod_caps
+  mod_push: {}
+  mod_push_keepalive: {}
+  mod_register:
+    welcome_message:
+      subject: "Welcome!"
+      body: |-
+        Hi.
+        Welcome to this XMPP server.
+    ip_access: trusted_network
+    access: register
+  mod_roster:
+    versioning: true
+    store_current_id: true
+  mod_shared_roster: {}
+  mod_vcard:
+    search: false
+  mod_vcard_xupdate: {}
+  mod_avatar: {}
+  mod_version: {}
+  mod_stream_mgmt: {}
+  mod_s2s_dialback: {}
+  mod_http_api: {}
+
+append_host_config:
+  "kosmos.org":
+    modules:
+      mod_muc:
+        host: "chat.kosmos.org"
+        access:
+          - allow
+        access_admin:
+          - allow: admin
+        access_create: muc_create
+        access_persistent: muc_create
+        default_room_options:
+          mam: true
+
+allow_contrib_modules: true
+
+### Local Variables:
+### mode: yaml
+### End:
+### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:

site-cookbooks/kosmos-ejabberd/test/integration/default/serverspec/default_spec.rb

@@ -0,0 +1,23 @@
+require 'serverspec'
+
+# Required by serverspec
+set :backend, :exec
+
+describe 'ejabberd' do
+  describe package('ejabberd') do
+    it { should be_installed }
+  end
+
+  it 'is listening on port 5222 (client-to-server)' do
+    expect(port(5222)).to be_listening
+  end
+
+  it 'is listening on port 5269 (server-to-server)' do
+    expect(port(5269)).to be_listening
+  end
+
+  it 'runs the ejabberd service' do
+    expect(service('ejabberd')).to be_running
+    expect(service('ejabberd')).to be_enabled
+  end
+end