kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Initial kosmos-ejabberd cookbook

Browse Source 
No Let's Encrypt cert generation recipe for now

Hardcoded PostgreSQL password too
This commit is contained in:
Greg Karékinian 2019-01-09 18:17:50 +01:00
parent f5dc267030
commit c861c73025
13 changed files with 1741 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
site-cookbooks/kosmos-ejabberd/.delivery/project.toml Normal file
View File

@ -0,0 +1 @@
remote_file = "https://raw.githubusercontent.com/chef-cookbooks/community_cookbook_tools/master/delivery/project.toml"

22
site-cookbooks/kosmos-ejabberd/.gitignore vendored Normal file
View File

@ -0,0 +1,22 @@
.vagrant
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Bundler
Gemfile.lock
gems.locked
bin/*
.bundle/*
# test kitchen
.kitchen/
.kitchen.local.yml
# Chef
Berksfile.lock
.zero-knife.rb
Policyfile.lock.json

23
site-cookbooks/kosmos-ejabberd/.kitchen.yml Normal file
View File

@ -0,0 +1,23 @@
---
driver:
name: vagrant
provisioner:
name: chef_zero
# You may wish to disable always updating cookbooks in CI or other testing environments.
# For example:
# always_update_cookbooks: <%= !ENV['CI'] %>
always_update_cookbooks: true
verifier:
name: inspec
platforms:
- name: ubuntu-16.04
- name: ubuntu-18.04
suites:
- name: default
run_list:
- recipe[kosmos-ejabberd::default]
attributes:

6
site-cookbooks/kosmos-ejabberd/Berksfile Normal file
View File

@ -0,0 +1,6 @@
# frozen_string_literal: true
source 'https://supermarket.chef.io'
source chef_repo: ".."
cookbook "kosmos-postgresql", path: "../kosmos-postgresql"
metadata

11
site-cookbooks/kosmos-ejabberd/CHANGELOG.md Normal file
View File

@ -0,0 +1,11 @@
# kosmos-ejabberd CHANGELOG
This file is used to list changes made in each version of the kosmos-ejabberd cookbook.
# 0.1.0
Initial release.
- change 0
- change 1

3
site-cookbooks/kosmos-ejabberd/LICENSE Normal file
View File

@ -0,0 +1,3 @@
Copyright 2019 Kosmos
All rights reserved, do not redistribute.

4
site-cookbooks/kosmos-ejabberd/README.md Normal file
View File

@ -0,0 +1,4 @@
# kosmos-ejabberd
Sets up ejabberd with vhosts for kosmos.org (public server) and 5apps.com
(private server).

104
site-cookbooks/kosmos-ejabberd/chefignore Normal file
View File

@ -0,0 +1,104 @@
# Put files/directories that should be ignored in this file when uploading
# to a chef-server or supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
Icon?
nohup.out
ehthumbs.db
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
\#*
.#*
*~
*.sw[a-z]
*.bak
REVISION
TAGS*
tmtags
*_flymake.*
*_flymake
*.tmproj
.project
.settings
mkmf.log
## COMPILED ##
##############
a.out
*.o
*.pyc
*.so
*.com
*.class
*.dll
*.exe
*/rdoc/
# Testing #
###########
.watchr
.rspec
spec/*
spec/fixtures/*
test/*
features/*
examples/*
Guardfile
Procfile
.kitchen*
kitchen.yml*
.rubocop.yml
spec/*
Rakefile
.travis.yml
.foodcritic
.codeclimate.yml
# SCM #
#######
.git
*/.git
.gitignore
.gitmodules
.gitconfig
.gitattributes
.svn
*/.bzr/*
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Cookbooks #
#############
CONTRIBUTING*
CHANGELOG*
TESTING*
# Vagrant #
###########
.vagrant
Vagrantfile

573
site-cookbooks/kosmos-ejabberd/files/pg.new.sql Normal file
View File

@ -0,0 +1,573 @@
--
-- ejabberd, Copyright (C) 2002-2019 ProcessOne
--
-- This program is free software; you can redistribute it and/or
-- modify it under the terms of the GNU General Public License as
-- published by the Free Software Foundation; either version 2 of the
-- License, or (at your option) any later version.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-- General Public License for more details.
--
-- You should have received a copy of the GNU General Public License along
-- with this program; if not, write to the Free Software Foundation, Inc.,
-- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
--
-- To update from the old schema, replace <HOST> with the host's domain:
-- ALTER TABLE users ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE users DROP CONSTRAINT users_pkey;
-- ALTER TABLE users ADD PRIMARY KEY (server_host, username);
-- ALTER TABLE users ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE last ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE last DROP CONSTRAINT last_pkey;
-- ALTER TABLE last ADD PRIMARY KEY (server_host, username);
-- ALTER TABLE last ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE rosterusers ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX i_rosteru_user_jid;
-- DROP INDEX i_rosteru_username;
-- DROP INDEX i_rosteru_jid;
-- CREATE UNIQUE INDEX i_rosteru_sh_user_jid ON rosterusers USING btree (server_host, username, jid);
-- CREATE INDEX i_rosteru_sh_username ON rosterusers USING btree (server_host, username);
-- CREATE INDEX i_rosteru_sh_jid ON rosterusers USING btree (server_host, jid);
-- ALTER TABLE rosterusers ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE rostergroups ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX pk_rosterg_user_jid;
-- CREATE INDEX i_rosterg_sh_user_jid ON rostergroups USING btree (server_host, username, jid);
-- ALTER TABLE rostergroups ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE sr_group ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE sr_group ADD PRIMARY KEY (server_host, name);
-- ALTER TABLE sr_group ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE sr_user ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX i_sr_user_jid_grp;
-- DROP INDEX i_sr_user_jid;
-- DROP INDEX i_sr_user_grp;
-- ALTER TABLE sr_user ADD PRIMARY KEY (server_host, jid, grp);
-- CREATE INDEX i_sr_user_sh_jid ON sr_user USING btree (server_host, jid);
-- CREATE INDEX i_sr_user_sh_grp ON sr_user USING btree (server_host, grp);
-- ALTER TABLE sr_user ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE spool ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX i_despool;
-- CREATE INDEX i_spool_sh_username ON spool USING btree (server_host, username);
-- ALTER TABLE spool ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE archive ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX i_username_timestamp;
-- DROP INDEX i_username_peer;
-- DROP INDEX i_username_bare_peer;
-- DROP INDEX i_timestamp;
-- CREATE INDEX i_archive_sh_username_timestamp ON archive USING btree (server_host, username, timestamp);
-- CREATE INDEX i_archive_sh_username_peer ON archive USING btree (server_host, username, peer);
-- CREATE INDEX i_archive_sh_username_bare_peer ON archive USING btree (server_host, username, bare_peer);
-- CREATE INDEX i_archive_sh_timestamp ON archive USING btree (server_host, timestamp);
-- ALTER TABLE archive ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE archive_prefs ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE archive_prefs DROP CONSTRAINT archive_prefs_pkey;
-- ALTER TABLE archive_prefs ADD PRIMARY KEY (server_host, username);
-- ALTER TABLE archive_prefs ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE vcard ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE vcard DROP CONSTRAINT vcard_pkey;
-- ALTER TABLE vcard ADD PRIMARY KEY (server_host, username);
-- ALTER TABLE vcard ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE vcard_search ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE vcard_search DROP CONSTRAINT vcard_search_pkey;
-- DROP INDEX i_vcard_search_lfn;
-- DROP INDEX i_vcard_search_lfamily;
-- DROP INDEX i_vcard_search_lgiven;
-- DROP INDEX i_vcard_search_lmiddle;
-- DROP INDEX i_vcard_search_lnickname;
-- DROP INDEX i_vcard_search_lbday;
-- DROP INDEX i_vcard_search_lctry;
-- DROP INDEX i_vcard_search_llocality;
-- DROP INDEX i_vcard_search_lemail;
-- DROP INDEX i_vcard_search_lorgname;
-- DROP INDEX i_vcard_search_lorgunit;
-- ALTER TABLE vcard_search ADD PRIMARY KEY (server_host, username);
-- CREATE INDEX i_vcard_search_sh_lfn ON vcard_search(server_host, lfn);
-- CREATE INDEX i_vcard_search_sh_lfamily ON vcard_search(server_host, lfamily);
-- CREATE INDEX i_vcard_search_sh_lgiven ON vcard_search(server_host, lgiven);
-- CREATE INDEX i_vcard_search_sh_lmiddle ON vcard_search(server_host, lmiddle);
-- CREATE INDEX i_vcard_search_sh_lnickname ON vcard_search(server_host, lnickname);
-- CREATE INDEX i_vcard_search_sh_lbday ON vcard_search(server_host, lbday);
-- CREATE INDEX i_vcard_search_sh_lctry ON vcard_search(server_host, lctry);
-- CREATE INDEX i_vcard_search_sh_llocality ON vcard_search(server_host, llocality);
-- CREATE INDEX i_vcard_search_sh_lemail ON vcard_search(server_host, lemail);
-- CREATE INDEX i_vcard_search_sh_lorgname ON vcard_search(server_host, lorgname);
-- CREATE INDEX i_vcard_search_sh_lorgunit ON vcard_search(server_host, lorgunit);
-- ALTER TABLE vcard_search ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE privacy_default_list ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE privacy_default_list DROP CONSTRAINT privacy_default_list_pkey;
-- ALTER TABLE privacy_default_list ADD PRIMARY KEY (server_host, username);
-- ALTER TABLE privacy_default_list ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE privacy_list ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX i_privacy_list_username;
-- DROP INDEX i_privacy_list_username_name;
-- CREATE INDEX i_privacy_list_sh_username ON privacy_list USING btree (server_host, username);
-- CREATE UNIQUE INDEX i_privacy_list_sh_username_name ON privacy_list USING btree (server_host, username, name);
-- ALTER TABLE privacy_list ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE private_storage ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX i_private_storage_username;
-- DROP INDEX i_private_storage_username_namespace;
-- ALTER TABLE private_storage ADD PRIMARY KEY (server_host, username, namespace);
-- CREATE INDEX i_private_storage_sh_username ON private_storage USING btree (server_host, username);
-- ALTER TABLE private_storage ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE roster_version ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE roster_version DROP CONSTRAINT roster_version_pkey;
-- ALTER TABLE roster_version ADD PRIMARY KEY (server_host, username);
-- ALTER TABLE roster_version ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE muc_room ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE muc_room ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE muc_registered ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE muc_registered ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE muc_online_room ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE muc_online_room ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE muc_online_users ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE muc_online_users ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE motd ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- ALTER TABLE motd DROP CONSTRAINT motd_pkey;
-- ALTER TABLE motd ADD PRIMARY KEY (server_host, username);
-- ALTER TABLE motd ALTER COLUMN server_host DROP DEFAULT;
-- ALTER TABLE sm ADD COLUMN server_host text NOT NULL DEFAULT '<HOST>';
-- DROP INDEX i_sm_sid;
-- DROP INDEX i_sm_username;
-- ALTER TABLE sm ADD PRIMARY KEY (usec, pid);
-- CREATE INDEX i_sm_sh_username ON sm USING btree (server_host, username);
-- ALTER TABLE sm ALTER COLUMN server_host DROP DEFAULT;
CREATE TABLE users (
username text NOT NULL,
server_host text NOT NULL,
"password" text NOT NULL,
serverkey text NOT NULL DEFAULT '',
salt text NOT NULL DEFAULT '',
iterationcount integer NOT NULL DEFAULT 0,
created_at TIMESTAMP NOT NULL DEFAULT now(),
PRIMARY KEY (server_host, username)
);
-- Add support for SCRAM auth to a database created before ejabberd 16.03:
-- ALTER TABLE users ADD COLUMN serverkey text NOT NULL DEFAULT '';
-- ALTER TABLE users ADD COLUMN salt text NOT NULL DEFAULT '';
-- ALTER TABLE users ADD COLUMN iterationcount integer NOT NULL DEFAULT 0;
CREATE TABLE last (
username text NOT NULL,
server_host text NOT NULL,
seconds text NOT NULL,
state text NOT NULL,
PRIMARY KEY (server_host, username)
);
CREATE TABLE rosterusers (
username text NOT NULL,
server_host text NOT NULL,
jid text NOT NULL,
nick text NOT NULL,
subscription character(1) NOT NULL,
ask character(1) NOT NULL,
askmessage text NOT NULL,
server character(1) NOT NULL,
subscribe text NOT NULL,
"type" text,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE UNIQUE INDEX i_rosteru_sh_user_jid ON rosterusers USING btree (server_host, username, jid);
CREATE INDEX i_rosteru_sh_username ON rosterusers USING btree (server_host, username);
CREATE INDEX i_rosteru_sh_jid ON rosterusers USING btree (server_host, jid);
CREATE TABLE rostergroups (
username text NOT NULL,
server_host text NOT NULL,
jid text NOT NULL,
grp text NOT NULL
);
CREATE INDEX i_rosterg_sh_user_jid ON rostergroups USING btree (server_host, username, jid);
CREATE TABLE sr_group (
name text NOT NULL,
server_host text NOT NULL,
opts text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now(),
PRIMARY KEY (server_host, name)
);
CREATE TABLE sr_user (
jid text NOT NULL,
server_host text NOT NULL,
grp text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now(),
PRIMARY KEY (server_host, jid, grp)
);
CREATE INDEX i_sr_user_sh_jid ON sr_user USING btree (server_host, jid);
CREATE INDEX i_sr_user_sh_grp ON sr_user USING btree (server_host, grp);
CREATE TABLE spool (
username text NOT NULL,
server_host text NOT NULL,
xml text NOT NULL,
seq SERIAL,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE INDEX i_spool_sh_username ON spool USING btree (server_host, username);
CREATE TABLE archive (
username text NOT NULL,
server_host text NOT NULL,
timestamp BIGINT NOT NULL,
peer text NOT NULL,
bare_peer text NOT NULL,
xml text NOT NULL,
txt text,
id SERIAL,
kind text,
nick text,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE INDEX i_archive_sh_username_timestamp ON archive USING btree (server_host, username, timestamp);
CREATE INDEX i_archive_sh_username_peer ON archive USING btree (server_host, username, peer);
CREATE INDEX i_archive_sh_username_bare_peer ON archive USING btree (server_host, username, bare_peer);
CREATE INDEX i_archive_sh_timestamp ON archive USING btree (server_host, timestamp);
CREATE TABLE archive_prefs (
username text NOT NULL,
server_host text NOT NULL,
def text NOT NULL,
always text NOT NULL,
never text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now(),
PRIMARY KEY (server_host, username)
);
CREATE TABLE vcard (
username text NOT NULL,
server_host text NOT NULL,
vcard text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now(),
PRIMARY KEY (server_host, username)
);
CREATE TABLE vcard_search (
username text NOT NULL,
lusername text NOT NULL,
server_host text NOT NULL,
fn text NOT NULL,
lfn text NOT NULL,
family text NOT NULL,
lfamily text NOT NULL,
given text NOT NULL,
lgiven text NOT NULL,
middle text NOT NULL,
lmiddle text NOT NULL,
nickname text NOT NULL,
lnickname text NOT NULL,
bday text NOT NULL,
lbday text NOT NULL,
ctry text NOT NULL,
lctry text NOT NULL,
locality text NOT NULL,
llocality text NOT NULL,
email text NOT NULL,
lemail text NOT NULL,
orgname text NOT NULL,
lorgname text NOT NULL,
orgunit text NOT NULL,
lorgunit text NOT NULL,
PRIMARY KEY (server_host, username)
);
CREATE INDEX i_vcard_search_sh_lfn ON vcard_search(server_host, lfn);
CREATE INDEX i_vcard_search_sh_lfamily ON vcard_search(server_host, lfamily);
CREATE INDEX i_vcard_search_sh_lgiven ON vcard_search(server_host, lgiven);
CREATE INDEX i_vcard_search_sh_lmiddle ON vcard_search(server_host, lmiddle);
CREATE INDEX i_vcard_search_sh_lnickname ON vcard_search(server_host, lnickname);
CREATE INDEX i_vcard_search_sh_lbday ON vcard_search(server_host, lbday);
CREATE INDEX i_vcard_search_sh_lctry ON vcard_search(server_host, lctry);
CREATE INDEX i_vcard_search_sh_llocality ON vcard_search(server_host, llocality);
CREATE INDEX i_vcard_search_sh_lemail ON vcard_search(server_host, lemail);
CREATE INDEX i_vcard_search_sh_lorgname ON vcard_search(server_host, lorgname);
CREATE INDEX i_vcard_search_sh_lorgunit ON vcard_search(server_host, lorgunit);
CREATE TABLE privacy_default_list (
username text NOT NULL,
server_host text NOT NULL,
name text NOT NULL,
PRIMARY KEY (server_host, username)
);
CREATE TABLE privacy_list (
username text NOT NULL,
server_host text NOT NULL,
name text NOT NULL,
id SERIAL UNIQUE,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE INDEX i_privacy_list_sh_username ON privacy_list USING btree (server_host, username);
CREATE UNIQUE INDEX i_privacy_list_sh_username_name ON privacy_list USING btree (server_host, username, name);
CREATE TABLE privacy_list_data (
id bigint REFERENCES privacy_list(id) ON DELETE CASCADE,
t character(1) NOT NULL,
value text NOT NULL,
action character(1) NOT NULL,
ord NUMERIC NOT NULL,
match_all boolean NOT NULL,
match_iq boolean NOT NULL,
match_message boolean NOT NULL,
match_presence_in boolean NOT NULL,
match_presence_out boolean NOT NULL
);
CREATE INDEX i_privacy_list_data_id ON privacy_list_data USING btree (id);
CREATE TABLE private_storage (
username text NOT NULL,
server_host text NOT NULL,
namespace text NOT NULL,
data text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now(),
PRIMARY KEY (server_host, username, namespace)
);
CREATE INDEX i_private_storage_sh_username ON private_storage USING btree (server_host, username);
CREATE TABLE roster_version (
username text NOT NULL,
server_host text NOT NULL,
version text NOT NULL,
PRIMARY KEY (server_host, username)
);
-- To update from 0.9.8:
-- CREATE SEQUENCE spool_seq_seq;
-- ALTER TABLE spool ADD COLUMN seq integer;
-- ALTER TABLE spool ALTER COLUMN seq SET DEFAULT nextval('spool_seq_seq');
-- UPDATE spool SET seq = DEFAULT;
-- ALTER TABLE spool ALTER COLUMN seq SET NOT NULL;
-- To update from 1.x:
-- ALTER TABLE rosterusers ADD COLUMN askmessage text;
-- UPDATE rosterusers SET askmessage = '';
-- ALTER TABLE rosterusers ALTER COLUMN askmessage SET NOT NULL;
CREATE TABLE pubsub_node (
host text NOT NULL,
node text NOT NULL,
parent text NOT NULL DEFAULT '',
plugin text NOT NULL,
nodeid SERIAL UNIQUE
);
CREATE INDEX i_pubsub_node_parent ON pubsub_node USING btree (parent);
CREATE UNIQUE INDEX i_pubsub_node_tuple ON pubsub_node USING btree (host, node);
CREATE TABLE pubsub_node_option (
nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
name text NOT NULL,
val text NOT NULL
);
CREATE INDEX i_pubsub_node_option_nodeid ON pubsub_node_option USING btree (nodeid);
CREATE TABLE pubsub_node_owner (
nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
owner text NOT NULL
);
CREATE INDEX i_pubsub_node_owner_nodeid ON pubsub_node_owner USING btree (nodeid);
CREATE TABLE pubsub_state (
nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
jid text NOT NULL,
affiliation character(1),
subscriptions text NOT NULL DEFAULT '',
stateid SERIAL UNIQUE
);
CREATE INDEX i_pubsub_state_jid ON pubsub_state USING btree (jid);
CREATE UNIQUE INDEX i_pubsub_state_tuple ON pubsub_state USING btree (nodeid, jid);
CREATE TABLE pubsub_item (
nodeid bigint REFERENCES pubsub_node(nodeid) ON DELETE CASCADE,
itemid text NOT NULL,
publisher text NOT NULL,
creation varchar(32) NOT NULL,
modification varchar(32) NOT NULL,
payload text NOT NULL DEFAULT ''
);
CREATE INDEX i_pubsub_item_itemid ON pubsub_item USING btree (itemid);
CREATE UNIQUE INDEX i_pubsub_item_tuple ON pubsub_item USING btree (nodeid, itemid);
CREATE TABLE pubsub_subscription_opt (
subid text NOT NULL,
opt_name varchar(32),
opt_value text NOT NULL
);
CREATE UNIQUE INDEX i_pubsub_subscription_opt ON pubsub_subscription_opt USING btree (subid, opt_name);
CREATE TABLE muc_room (
name text NOT NULL,
host text NOT NULL,
server_host text NOT NULL,
opts text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE UNIQUE INDEX i_muc_room_name_host ON muc_room USING btree (name, host);
CREATE TABLE muc_registered (
jid text NOT NULL,
host text NOT NULL,
server_host text NOT NULL,
nick text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE INDEX i_muc_registered_nick ON muc_registered USING btree (nick);
CREATE UNIQUE INDEX i_muc_registered_jid_host ON muc_registered USING btree (jid, host);
CREATE TABLE muc_online_room (
name text NOT NULL,
host text NOT NULL,
server_host text NOT NULL,
node text NOT NULL,
pid text NOT NULL
);
CREATE UNIQUE INDEX i_muc_online_room_name_host ON muc_online_room USING btree (name, host);
CREATE TABLE muc_online_users (
username text NOT NULL,
server text NOT NULL,
resource text NOT NULL,
name text NOT NULL,
host text NOT NULL,
server_host text NOT NULL,
node text NOT NULL
);
CREATE UNIQUE INDEX i_muc_online_users ON muc_online_users USING btree (username, server, resource, name, host);
CREATE INDEX i_muc_online_users_us ON muc_online_users USING btree (username, server);
CREATE TABLE muc_room_subscribers (
room text NOT NULL,
host text NOT NULL,
jid text NOT NULL,
nick text NOT NULL,
nodes text NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE INDEX i_muc_room_subscribers_host_jid ON muc_room_subscribers USING btree (host, jid);
CREATE UNIQUE INDEX i_muc_room_subscribers_host_room_jid ON muc_room_subscribers USING btree (host, room, jid);
CREATE TABLE motd (
username text NOT NULL,
server_host text NOT NULL,
xml text,
created_at TIMESTAMP NOT NULL DEFAULT now(),
PRIMARY KEY (server_host, username)
);
CREATE TABLE caps_features (
node text NOT NULL,
subnode text NOT NULL,
feature text,
created_at TIMESTAMP NOT NULL DEFAULT now()
);
CREATE INDEX i_caps_features_node_subnode ON caps_features USING btree (node, subnode);
CREATE TABLE sm (
usec bigint NOT NULL,
pid text NOT NULL,
node text NOT NULL,
username text NOT NULL,
server_host text NOT NULL,
resource text NOT NULL,
priority text NOT NULL,
info text NOT NULL,
PRIMARY KEY (usec, pid)
);
CREATE INDEX i_sm_node ON sm USING btree (node);
CREATE INDEX i_sm_sh_username ON sm USING btree (server_host, username);
CREATE TABLE oauth_token (
token text NOT NULL,
jid text NOT NULL,
scope text NOT NULL,
expire bigint NOT NULL
);
CREATE UNIQUE INDEX i_oauth_token_token ON oauth_token USING btree (token);
CREATE TABLE route (
domain text NOT NULL,
server_host text NOT NULL,
node text NOT NULL,
pid text NOT NULL,
local_hint text NOT NULL
);
CREATE UNIQUE INDEX i_route ON route USING btree (domain, server_host, node, pid);
CREATE INDEX i_route_domain ON route USING btree (domain);
CREATE TABLE bosh (
sid text NOT NULL,
node text NOT NULL,
pid text NOT NULL
);
CREATE UNIQUE INDEX i_bosh_sid ON bosh USING btree (sid);
CREATE TABLE proxy65 (
sid text NOT NULL,
pid_t text NOT NULL,
pid_i text NOT NULL,
node_t text NOT NULL,
node_i text NOT NULL,
jid_i text NOT NULL
);
CREATE UNIQUE INDEX i_proxy65_sid ON proxy65 USING btree (sid);
CREATE INDEX i_proxy65_jid ON proxy65 USING btree (jid_i);
CREATE TABLE push_session (
username text NOT NULL,
server_host text NOT NULL,
timestamp bigint NOT NULL,
service text NOT NULL,
node text NOT NULL,
xml text NOT NULL,
PRIMARY KEY (server_host, username, timestamp)
);
CREATE UNIQUE INDEX i_push_session_susn ON push_session USING btree (server_host, username, service, node);

23
site-cookbooks/kosmos-ejabberd/metadata.rb Normal file
View File

@ -0,0 +1,23 @@
name 'kosmos-ejabberd'
maintainer 'Kosmos'
maintainer_email 'ops@5apps.com'
license 'All Rights Reserved'
description 'Installs/Configures kosmos-ejabberd'
long_description 'Installs/Configures kosmos-ejabberd'
version '0.1.0'
chef_version '>= 12.14' if respond_to?(:chef_version)
# The `issues_url` points to the location where issues for this cookbook are
# tracked. A `View Issues` link will be displayed on this cookbook's page when
# uploaded to a Supermarket.
#
# issues_url 'https://github.com/<insert_org_here>/kosmos-ejabberd/issues'
# The `source_url` points to the development repository for this cookbook. A
# `View Source` link will be displayed on this cookbook's page when uploaded to
# a Supermarket.
#
# source_url 'https://github.com/<insert_org_here>/kosmos-ejabberd'
depends "kosmos-postgresql"
depends "database"

82
site-cookbooks/kosmos-ejabberd/recipes/default.rb Normal file
View File

@ -0,0 +1,82 @@
#
# Cookbook:: kosmos-ejabberd
# Recipe:: default
#
# Copyright:: 2019, Kosmos, All Rights Reserved.
#
include_recipe "kosmos-postgresql"
cookbook_file "#{Chef::Config[:file_cache_path]}/pg.new.sql" do
source "pg.new.sql"
mode "0664"
end
ejabberd_version = "18.12.1"
package_path = "#{Chef::Config['file_cache_path']}/ejabberd_#{ejabberd_version}-0_amd64.deb"
remote_file package_path do
source "https://www.process-one.net/downloads/downloads-action.php?file=/ejabberd/#{ejabberd_version}/ejabberd_#{ejabberd_version}-0_amd64.deb"
checksum "8352d85f98353c8f57b4f386c6ab17c342292ab60708d13f078e91475daedf05"
notifies :install, "dpkg_package[ejabberd]", :immediately
end
dpkg_package "ejabberd" do
source package_path
action :nothing
notifies :create, "file[/lib/systemd/system/ejabberd.service]", :immediately
end
postgresql_connection_info = {
host: '127.0.0.1',
port: 5432,
username: 'postgres',
password: node['postgresql']['password']['postgres']
}
postgresql_database 'ejabberd' do
connection postgresql_connection_info
action :create
notifies :run, "execute[create db schema]", :delayed
end
postgresql_database_user 'ejabberd' do
connection postgresql_connection_info
password 'super_secret'
database_name 'ejabberd'
privileges [:all]
action [:create, :grant]
end
execute "create db schema" do
user "ejabberd"
command "psql ejabberd < #{Chef::Config[:file_cache_path]}/pg.new.sql"
action :nothing
end
template "/opt/ejabberd/conf/ejabberd.yml" do
source "ejabberd.yml.erb"
mode 0640
sensitive true
variables pgsql_password: "super_secret"
end
file "/etc/init.d/ejabberd" do
action :delete
end
# Copy the systemd service file
file "/lib/systemd/system/ejabberd.service" do
content lazy { IO.read("/opt/ejabberd-#{ejabberd_version}/bin/ejabberd.service") }
action :nothing
notifies :run, "execute[systemctl daemon-reload]", :immediately
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
service "ejabberd" do
action [:enable, :start]
end

866
site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb Normal file
View File

@ -0,0 +1,866 @@
###
###' ejabberd configuration file
###
###
### The parameters used in this configuration file are explained in more detail
### in the ejabberd Installation and Operation Guide.
### Please consult the Guide in case of doubts, it is included with
### your copy of ejabberd, and is also available online at
### http://www.process-one.net/en/ejabberd/docs/
### The configuration file is written in YAML.
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
### However, ejabberd treats different literals as different types:
###
### - unquoted or single-quoted strings. They are called "atoms".
### Example: dog, 'Jupiter', '3.14159', YELLOW
###
### - numeric literals. Example: 3, -45.0, .0
###
### - quoted or folded strings.
### Examples of quoted string: "Lizzard", "orange".
### Example of folded string:
### > Art thou not Romeo,
### and a Montague?
###. =======
###' LOGGING
##
## loglevel: Verbosity of log files generated by ejabberd.
## 0: No ejabberd log at all (not recommended)
## 1: Critical
## 2: Error
## 3: Warning
## 4: Info
## 5: Debug
##
loglevel: 5
##
## rotation: Describe how to rotate logs. Either size and/or date can trigger
## log rotation. Setting count to N keeps N rotated logs. Setting count to 0
## does not disable rotation, it instead rotates the file and keeps no previous
## versions around. Setting size to X rotate log when it reaches X bytes.
## To disable rotation set the size to 0 and the date to ""
## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf.
## Some examples:
## $D0 rotate every night at midnight
## $D23 rotate every day at 23:00 hr
## $W0D23 rotate every week on Sunday at 23:00 hr
## $W5D16 rotate every week on Friday at 16:00 hr
## $M1D0 rotate on the first day of every month at midnight
## $M5D6 rotate on every 5th day of the month at 6:00 hr
##
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
##
## overload protection: If you want to limit the number of messages per second
## allowed from error_logger, which is a good idea if you want to avoid a flood
## of messages when system is overloaded, you can set a limit.
## 100 is ejabberd's default.
log_rate_limit: 100
##
## watchdog_admins: Only useful for developers: if an ejabberd process
## consumes a lot of memory, send live notifications to these XMPP
## accounts.
##
##watchdog_admins:
## - "sebastian@5apps.com"
###. ===============
###' NODE PARAMETERS
##
## net_ticktime: Specifies net_kernel tick time in seconds. This options must have
## identical value on all nodes, and in most cases shouldn't be changed at all from
## default value.
##
## net_ticktime: 60
###. ================
###' SERVED HOSTNAMES
##
## hosts: Domains served by ejabberd.
## You can define one or several, for example:
## hosts:
## - "example.net"
## - "example.com"
## - "example.org"
##
hosts:
- "kosmos.org"
- "5apps.com"
##
## route_subdomains: Delegate subdomains to other XMPP servers.
## For example, if this ejabberd serves example.org and you want
## to allow communication with an XMPP server called im.example.org.
##
## route_subdomains: s2s
###. ============
###' Certificates
## List all available PEM files containing certificates for your domains,
## chains of certificates or certificate keys. Full chains will be built
## automatically by ejabberd.
##
<% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") || File.exist?("/opt/ejabberd/conf/5apps.com.pem") -%>
certfiles:
<% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") -%>
- "/opt/ejabberd/conf/kosmos.org.pem"
<% end -%>
<% if File.exist?("/opt/ejabberd/conf/5apps.com.pem") -%>
- "/opt/ejabberd/conf/5apps.com.pem"
<% end -%>
<% end -%>
ca_file: "/opt/ejabberd/conf/cacert.pem"
###. =================
###' TLS configuration
define_macro:
'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
'TLS_OPTIONS':
- "no_sslv3"
- "cipher_server_preference"
- "no_compression"
'DH_FILE': "/opt/ejabberd/conf/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
c2s_dhfile: 'DH_FILE'
s2s_dhfile: 'DH_FILE'
c2s_ciphers: 'TLS_CIPHERS'
s2s_ciphers: 'TLS_CIPHERS'
c2s_protocol_options: 'TLS_OPTIONS'
s2s_protocol_options: 'TLS_OPTIONS'
###. ===============
###' LISTENING PORTS
##
## listen: The ports ejabberd will listen on, which service each is handled
## by and what options to start it with.
##
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
starttls: true
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 131072
shaper: s2s_shaper
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
"/ws": ejabberd_http_ws
"/bosh": mod_bosh
"/api": mod_http_api
## "/pub/archive": mod_http_fileserver
web_admin: true
## register: true
captcha: false
##
## ejabberd_service: Interact with external components (transports, ...)
##
## -
## port: 8888
## ip: "::"
## module: ejabberd_service
## access: all
## shaper_rule: fast
## ip: "127.0.0.1"
## privilege_access:
## roster: "both"
## message: "outgoing"
## presence: "roster"
## delegations:
## "urn:xmpp:mam:1":
## filtering: ["node"]
## "http://jabber.org/protocol/pubsub":
## filtering: []
## hosts:
## "icq.example.org":
## password: "secret"
## "sms.example.org":
## password: "secret"
##
## ejabberd_stun: Handles STUN Binding requests
##
## -
## port: 3478
## transport: udp
## module: ejabberd_stun
##
## To handle XML-RPC requests that provide admin credentials:
##
## -
## port: 4560
## ip: "::"
## module: ejabberd_xmlrpc
## maxsessions: 10
## timeout: 5000
## access_commands:
## admin:
## commands: all
## options: []
##
## To enable secure http upload
##
-
port: 5443
module: ejabberd_http
request_handlers:
"upload": mod_http_upload
tls: true
##protocol_options: 'TLS_OPTIONS'
##dhfile: 'DH_FILE'
##ciphers: 'TLS_CIPHERS'
## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
## password storage (see auth_password_format option).
## disable_sasl_mechanisms: "digest-md5"
###. ==================
###' S2S GLOBAL OPTIONS
##
## s2s_use_starttls: Enable STARTTLS for S2S connections.
## Allowed values are: false, optional or required
## You must specify 'certfiles' option
##
s2s_use_starttls: optional
##
## S2S whitelist or blacklist
##
## Default s2s policy for undefined hosts.
##
## s2s_access: s2s
##
## Outgoing S2S options
##
## Preferred address families (which to try first) and connect timeout
## in seconds.
##
## outgoing_s2s_families:
## - ipv4
## - ipv6
## outgoing_s2s_timeout: 190
###. ==============
###' AUTHENTICATION
##
## auth_method: Method used to authenticate the users.
## The default method is the internal.
## If you want to use a different method,
## comment this line and enable the correct ones.
##
## auth_method: sql
##
## Store the plain passwords or hashed for SCRAM:
## auth_password_format: plain
auth_password_format: scram
##
## Define the FQDN if ejabberd doesn't detect it:
## fqdn: "server3.example.com"
##
## Authentication using external script
## Make sure the script is executable by ejabberd.
##
## auth_method: external
## extauth_program: "/path/to/authentication/script"
##
## Authentication using SQL
## Remember to setup a database in the next section.
##
auth_method: sql
##
## Authentication using PAM
##
## auth_method: pam
## pam_service: "pamservicename"
##
## Authentication using LDAP
##
## auth_method: ldap
##
## List of LDAP servers:
## ldap_servers:
## - "localhost"
##
## Encryption of connection to LDAP servers:
## ldap_encrypt: none
## ldap_encrypt: tls
##
## Port to connect to on LDAP servers:
## ldap_port: 389
## ldap_port: 636
##
## LDAP manager:
## ldap_rootdn: "dc=example,dc=com"
##
## Password of LDAP manager:
## ldap_password: "******"
##
## Search base of LDAP directory:
## ldap_base: "dc=example,dc=com"
##
## LDAP attribute that holds user ID:
## ldap_uids:
## - "mail": "%u@mail.example.org"
##
## LDAP filter:
## ldap_filter: "(objectClass=shadowAccount)"
##
## Anonymous login support:
## auth_method: anonymous
## anonymous_protocol: sasl_anon | login_anon | both
## allow_multiple_connections: true | false
##
## host_config:
## "public.example.org":
## auth_method: anonymous
## allow_multiple_connections: false
## anonymous_protocol: sasl_anon
##
## To use both anonymous and internal authentication:
##
## host_config:
## "public.example.org":
## auth_method:
## - internal
## - anonymous
###. ==============
###' DATABASE SETUP
## ejabberd by default uses the internal Mnesia database,
## so you do not necessarily need this section.
## This section provides configuration examples in case
## you want to use other database backends.
## Please consult the ejabberd Guide for details on database creation.
##
## MySQL server:
##
## sql_type: mysql
## sql_server: "server"
## sql_database: "database"
## sql_username: "username"
## sql_password: "password"
##
## If you want to specify the port:
## sql_port: 1234
##
## PostgreSQL server:
##
default_db: sql
sql_type: pgsql
sql_server: "localhost"
sql_database: "ejabberd"
sql_username: "ejabberd"
sql_password: "<%= @pgsql_password %>"
new_sql_schema: true
##
## If you want to specify the port:
## sql_port: 1234
##
## If you use PostgreSQL, have a large database, and need a
## faster but inexact replacement for "select count(*) from users"
##
## pgsql_users_number_estimate: true
##
## SQLite:
##
## sql_type: sqlite
## sql_database: "/opt/ejabberd/database/ejabberd.db"
##
## ODBC compatible or MSSQL server:
##
## sql_type: odbc
## sql_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
##
## Number of connections to open to the database for each virtual host
##
## sql_pool_size: 10
##
## Interval to make a dummy SQL request to keep the connections to the
## database alive. Specify in seconds: for example 28800 means 8 hours
##
## sql_keepalive_interval: undefined
###. ===============
###' TRAFFIC SHAPERS
shaper:
##
## The "normal" shaper limits traffic speed to 1000 B/s
##
normal: 1000
##
## The "fast" shaper limits traffic speed to 50000 B/s
##
fast: 50000
##
## This option specifies the maximum number of elements in the queue
## of the FSM. Refer to the documentation for details.
##
max_fsm_queue: 10000
###. ====================
###' ACCESS CONTROL LISTS
acl:
##
## The 'admin' ACL grants administrative privileges to XMPP accounts.
## You can put here as many accounts as you want.
##
admin:
user:
- "greg@5apps.com"
- "sebastian@5apps.com"
- "garret@5apps.com"
- "raucao@kosmos.org"
##
## Blocked users
##
## blocked:
## user:
## - "baduser@example.org"
## - "test"
## Local users: don't modify this.
##
local:
user_regexp: ""
##
## More examples of ACLs
##
## jabberorg:
## server:
## - "jabber.org"
## aleksey:
## user:
## - "aleksey@jabber.ru"
## test:
## user_regexp: "^test"
## user_glob: "test*"
##
## Loopback network
##
loopback:
ip:
- "127.0.0.0/8"
- "::1/128"
- "::FFFF:127.0.0.1/128"
##
## Bad XMPP servers
##
## bad_servers:
## server:
## - "xmpp.zombie.org"
## - "xmpp.spam.com"
##
## Define specific ACLs in a virtual host.
##
## host_config:
## "localhost":
## acl:
## admin:
## user:
## - "bob-local@localhost"
###. ============
###' SHAPER RULES
shaper_rules:
## Maximum number of simultaneous sessions allowed for a single user:
max_user_sessions: 10
## Maximum number of offline messages that users can have:
max_user_offline_messages:
- 5000: admin
- 100
## For C2S connections, all users except admins use the "normal" shaper
c2s_shaper:
- none: admin
- normal
## All S2S connections use the "fast" shaper
s2s_shaper: fast
###. ============
###' ACCESS RULES
access_rules:
## This rule allows access only for local users:
local:
- allow: local
## Only non-blocked users can use c2s connections:
c2s:
- deny: blocked
- allow
## Only admins can send announcement messages:
announce:
- allow: admin
## Only admins can use the configuration interface:
configure:
- allow: admin
## Only accounts of the local ejabberd server can create rooms:
muc_create:
- allow: admin
- allow: local
## Only accounts on the local ejabberd server can create Pubsub nodes:
pubsub_createnode:
- allow: local
## In-band registration allows registration of any possible username.
## To disable in-band registration, replace 'allow' with 'deny'.
register:
- allow
## Only allow to register from localhost
trusted_network:
- allow: loopback
## Do not establish S2S connections with bad servers
## If you enable this you also have to uncomment "s2s_access: s2s"
## s2s:
## - deny:
## - ip: "XXX.XXX.XXX.XXX/32"
## - deny:
## - ip: "XXX.XXX.XXX.XXX/32"
## - allow
## ===============
## API PERMISSIONS
## ===============
##
## This section allows you to define who and using what method
## can execute commands offered by ejabberd.
##
## By default "console commands" section allow executing all commands
## issued using ejabberdctl command, and "admin access" section allows
## users in admin acl that connect from 127.0.0.1 to execute all
## commands except start and stop with any available access method
## (ejabberdctl, http-api, xmlrpc depending what is enabled on server).
##
## If you remove "console commands" there will be one added by
## default allowing executing all commands, but if you just change
## permissions in it, version from config file will be used instead
## of default one.
##
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
- access:
- allow:
- acl: loopback
- acl: admin
- oauth:
- scope: "ejabberd:admin"
- access:
- allow:
- acl: loopback
- acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
- ip: "127.0.0.1/8"
what:
- "status"
- "connected_users_number"
## By default the frequency of account registrations from the same IP
## is limited to 1 account every 10 minutes. To disable, specify: infinity
## registration_timeout: 600
##
## Define specific Access Rules in a virtual host.
##
## host_config:
## "localhost":
## access:
## c2s:
## - allow: admin
## - deny
## register:
## - deny
###. ================
###' DEFAULT LANGUAGE
##
## language: Default language used for server messages.
##
language: "en"
##
## Set a different default language in a virtual host.
##
## host_config:
## "localhost":
## language: "ru"
###. =======
###' CAPTCHA
##
## Full path to a script that generates the image.
##
## captcha_cmd: "/opt/ejabberd-17.12/lib/ejabberd-17.12/priv/bin/captcha.sh"
##
## Host for the URL and port where ejabberd listens for CAPTCHA requests.
##
## captcha_host: "xmpp:5280"
##
## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
##
## captcha_limit: 5
###. ====
###' ACME
##
## In order to use the acme certificate acquiring through "Let's Encrypt"
## an http listener has to be configured to listen to port 80 so that
## the authorization challenges posed by "Let's Encrypt" can be solved.
##
## A simple way of doing this would be to add the following in the listening
## section and to configure port forwarding from 80 to 5280 either via NAT
## (for ipv4 only) or using frontends such as haproxy/nginx/sslh/etc.
## -
## port: 5280
## ip: "::"
## module: ejabberd_http
##acme:
## A contact mail that the ACME Certificate Authority can contact in case of
## an authorization issue, such as a server-initiated certificate revocation.
## It is not mandatory to provide an email address but it is highly suggested.
##contact: "mailto:ops@5apps.com"
## The ACME Certificate Authority URL.
## This could either be:
## - https://acme-v01.api.letsencrypt.org - (Default) for the production CA
## - https://acme-staging.api.letsencrypt.org - for the staging CA
## - http://localhost:4000 - for a local version of the CA
##ca_url: "https://acme-v01.api.letsencrypt.org"
###. =======
###' MODULES
##
## Modules enabled in all ejabberd virtual hosts.
##
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce: # recommends mod_adhoc
access: announce
mod_blocking: {} # requires mod_privacy
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {} # requires mod_adhoc
## mod_delegation: {} # for xep0356
mod_disco:
server_info:
-
modules: all
name: "abuse-addresses"
urls: ["mailto:abuse@kosmos.org"]
## mod_echo: {}
## mod_irc: {}
mod_bosh: {}
## mod_http_fileserver:
## docroot: "/var/www"
## accesslog: "/opt/ejabberd-17.12/logs/access.log"
mod_http_upload:
docroot: "/var/www/xmpp.@HOST@/uploads/"
put_url: "https://xmpp.@HOST@:5443/upload"
thumbnail: false # otherwise needs the identify command from ImageMagick installed
## mod_http_upload_quota:
## max_days: 30
mod_last: {}
## XEP-0313: Message Archive Management
## You might want to setup a SQL backend for MAM because the mnesia database is
## limited to 2GB which might be exceeded on large servers
mod_mam:
default: always
request_activates_archiving: true
mod_muc: {}
mod_muc_admin: {}
## mod_muc_log: {}
## mod_multicast: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
## mod_pres_counter:
## count: 5
## interval: 60
mod_privacy: {}
mod_private: {}
mod_proxy65: {}
mod_pubsub:
access_createnode: pubsub_createnode
## reduces resource comsumption, but XEP incompliant
ignore_pep_from_offline: true
## XEP compliant, but increases resource comsumption
## ignore_pep_from_offline: false
last_item_cache: false
max_items_node: 10
plugins:
- "flat"
- "pep" # pep requires mod_caps
mod_push: {}
mod_push_keepalive: {}
mod_register:
##
## Protect In-Band account registrations with CAPTCHA.
##
## captcha_protected: true
##
## Set the minimum informational entropy for passwords.
##
## password_strength: 32
##
## After successful registration, the user receives
## a message with this subject and body.
##
welcome_message:
subject: "Welcome!"
body: |-
Hi.
Welcome to this XMPP server.
##
## When a user registers, send a notification to
## these XMPP accounts.
##
## registration_watchers:
## - "admin1@example.org"
##
## Only clients in the server machine can register accounts
##
ip_access: trusted_network
##
## Local c2s or remote s2s users cannot register accounts
##
## access_from: deny
access: register
mod_roster:
versioning: true
store_current_id: true
mod_shared_roster: {}
## mod_stats: {}
## mod_time: {}
mod_vcard:
search: false
mod_vcard_xupdate: {}
## Convert all avatars posted by Android clients from WebP to JPEG
## mod_avatar: # this module needs compile option --enable-graphics
## convert:
## webp: jpeg
mod_version: {}
mod_stream_mgmt: {}
## Non-SASL Authentication (XEP-0078) is now disabled by default
## because it's obsoleted and is used mostly by abandoned
## client software
## mod_legacy_auth: {}
## The module for S2S dialback (XEP-0220). Please note that you cannot
## rely solely on dialback if you want to federate with other servers,
## because a lot of servers have dialback disabled and instead rely on
## PKIX authentication. Make sure you have proper certificates installed
## and check your accessibility at https://check.messaging.one/
mod_s2s_dialback: {}
mod_http_api: {}
##
## Enable modules with custom options in a specific virtual host
##
## host_config:
## "localhost":
## modules:
## mod_echo:
## host: "mirror.localhost"
host_config:
"kosmos.org":
modules:
mod_muc:
host: "chat.kosmos.org"
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
"5apps.com":
modules:
mod_muc:
host: "muc.5apps.com"
access:
- deny
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
##
## Enable modules management via ejabberdctl for installation and
## uninstallation of public/private contributed modules
## (enabled by default)
##
allow_contrib_modules: true
###.
###'
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:

23
site-cookbooks/kosmos-ejabberd/test/integration/default/serverspec/default_spec.rb Normal file
View File

@ -0,0 +1,23 @@
require 'serverspec'
# Required by serverspec
set :backend, :exec
describe 'ejabberd' do
describe package('ejabberd') do
it { should be_installed }
end
it 'is listening on port 5222 (client-to-server)' do
expect(port(5222)).to be_listening
end
it 'is listening on port 5269 (server-to-server)' do
expect(port(5269)).to be_listening
end
it 'runs the ejabberd service' do
expect(service('ejabberd')).to be_running
expect(service('ejabberd')).to be_enabled
end
end