kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
1,983 Commits 7 Branches 0 Tags
Commit Graph

121 Commits

Author SHA1 Message Date
Râu Cao
de7cc69505
Allow more users per room 2025-05-17 10:42:41 +04:00
Râu Cao
160134bd86
Allow more ejabberd API calls from akkounts 2025-05-16 15:17:43 +04:00
Râu Cao
5777a45f0a
Fix/improve ejabberd cert renewals 2025-04-22 17:28:44 +04:00
Râu Cao
f246f63594
Update Gandi API token 
For certbot renewals. Also set resource to sensitive in ejabberd recipe.

Co-authored-by: Greg Karékinian <greg@karekinian.com>
 2025-03-19 18:01:50 +04:00
Râu Cao
b1bb5d0625
Use default value for STUN credentials lifetime 2025-01-14 15:30:42 -05:00
Râu Cao
e4112a3626
Fix TLS cert updates for kosmos.chat 
Some recipes weren't updated for the proxy validation yet. Needed to
split the ejabberd cert in two, so it can do normal validation on
`.org` and proxy validation on `.chat`.
 2024-12-09 18:17:10 +04:00
Râu Cao
3853f94ae0
Use new proxy domain for ejabberd cert 2024-10-16 12:40:10 +02:00
Râu Cao
0726e58f7c
Update ejabberd LDAP filter for new akkounts release 2024-10-16 12:36:30 +02:00
Râu Cao
fe581c348a
Fix bookmarks disappearing for XMPP users 
The limit for PEP nodes was ridiculously low. No idea why, but it means
users were only able to save 10 items (e.g. channel bookmarks) at once.
 2024-10-16 12:34:31 +02:00
Râu Cao
989185f951
Support proxy domain validation for Garage web domains 
Also rename the data bag item
 2024-04-30 12:23:36 +02:00
Râu Cao
4cbda69a6b
Add support for proxy domain validation to tls_cert resource 2024-04-26 12:24:17 +02:00
Râu Cao
12b4fb37fa
Only allow ejabberd logins when XMPP service is enabled 2024-03-27 20:12:33 +04:00
Râu Cao
4a8ab3abe3
Support letsencrypt proxy validation via CNAMEs 
Allows to point other domains' `_acme-challenge.example.com` entries at
`example.com.letsencrypt.kosmos.chat` so we can validate from our side
without access to the other domain's DNS records.

Used for 5apps.com XMPP for now. Can be used for others later.

Co-authored-by: Greg Karékinian <greg@karekinian.com>
 2024-03-11 16:21:28 +01:00
Râu Cao
210a83a686
Increase max user offline messages for ejabberd 2024-02-04 15:47:55 +02:00
Râu Cao
e1007f7886
ejabberd disco config additions 2023-12-18 13:23:21 +01:00
Râu Cao
292366a77f
Domain vs realm vs IP 2023-12-18 13:23:05 +01:00
Râu Cao
ed998fc1d3
Use TCP for TLS connections 2023-12-18 13:22:34 +01:00
Râu Cao
8a97ebf4f8
Use domain instead of IP, add TLS endpoints 2023-12-17 17:57:49 +01:00
Râu Cao
ca3f06f831
Increase size of port range for TURN 2023-12-17 17:05:06 +01:00
Râu Cao
1576a8e731
Set up coturn, switch from ejabberd in production 
https://github.com/coturn/coturn
 2023-12-17 15:20:11 +01:00
Râu Cao
cc6cebb8a2
Increase TURN throughput allowance 2023-12-05 18:20:27 +01:00
Râu Cao
4dbc960eed
Switch ejabberd node handling TURN 
Should use the same outgoing IP as for incoming
 2023-12-05 18:19:48 +01:00
Râu Cao
abc168ebf1
Upgrade ejabberd to 23.10, enable anonymous occupant IDs 2023-11-01 12:29:23 +01:00
Râu Cao
65d71d6a73
Migrate ejabberd uploads to mod_s3_upload and Garage 
In addition to installing and configuring the new module, this also
enables public access to the S3 API via `bucket-name.s3.kosmos.org` as
well as Web access on `bucket-name.web.s3.kosmos.org` (when enabled).

Also includes some drive-by improvements to Chef attribute naming and
usage.

Co-authored-by: Greg Karékinian <greg@karekinian.com>
 2023-10-10 17:55:55 +02:00
Râu Cao
0f12a54eab
Refactor tor usage entirely 
Use a custom resource and separate recipe for service configs with
pre-set keys and hostnames
 2023-07-30 12:39:41 +02:00
Râu Cao
68b56789c5
Migrate ejabberd UDP streams to openresty 
And remove the other streams in the process, in favor of running haproxy
on all LBs.
 2023-07-30 12:39:36 +02:00
Râu Cao
efb07ad3c1
Allow akkounts to set private XML storage data 
Enables kosmos/akkounts#116
 2023-04-19 17:32:30 +02:00
Râu Cao
14e04d77a9
Activate real-time MUC blocklist module 2023-04-19 17:32:15 +02:00
Râu Cao
f8f3fc7c3a
Upgrade ejabberd to 23.04 
Also add a package version attribute, since the value changed in the
past.
 2023-04-19 17:30:55 +02:00
Râu Cao
03a02a19c4
Use proxy protocol for ejabberd nginx streams 2023-04-04 15:14:41 +02:00
Râu Cao
7a1be33b7a
Make all nginx vhosts listen on IPv6 2023-04-04 15:10:23 +02:00
Râu Cao
797dd241e0
Improve ejabberd HTTP API configs and access 
Move the listener to a separate endpoint on port 80, which is only
accessible from the private network. Change accounts.kosmos.org to use
the new endpoint via a `.local` domain instead of faking external
access.
 2023-04-03 15:38:40 +02:00
Râu Cao
6e31c7a79b
Use proxy protocol 2023-03-24 16:35:23 +07:00
Râu Cao
a2fc3ba25c
Remove obsolete folder permissions 2023-03-24 16:35:07 +07:00
Râu Cao
13fc2e6e24
Improve MUC config 2023-03-24 16:34:40 +07:00
Râu Cao
89865bcd2a
Allow send_message endpoint from akkounts 2023-01-12 15:37:08 +08:00
Râu Cao
991458208d
Use a role for configuring LDAP hostname on clients 
This way it's also easy to converge all LDAP clients at once.
 2022-11-26 16:45:45 +01:00
Sebastian Kippe
a85415ef48
Fix MUC service/domains not being announced 
Only subdomains of `hosts` are automatically announced, but other
domains have to be added manually via the `extra_domains` disco module
config.

fixes #413
 2022-06-03 18:07:50 +02:00
Sebastian Kippe
48cdd62973
Upgrade ejabberd to 22.05 
Tested/running on all cluster nodes. Due to changes in the upstream
package we were able to remove some complexity from the recipe. Deleting
code FTW!

closes #334
 2022-05-31 16:27:07 +02:00
Sebastian Kippe
a1e2c21bcb
Fix abuse address info in XMPP service discovery 
It wasn't replacing the @HOST@ placeholder with the actual vhost domain.
 2022-05-31 11:32:55 +02:00
Sebastian Kippe
48c3fef1a1
Remove TLS config for ejabberd LDAP 2022-05-11 16:27:21 +02:00
Sebastian Kippe
decd937d43
Remove superfluous license header 2022-05-11 16:27:21 +02:00
Sebastian Kippe
e89e0b3122
Fix letsencrypt bootstrap for ejabberd 2022-05-11 16:27:21 +02:00
Sebastian Kippe
b3f1a74cc2
Remove obsolete ejabberd backups 2022-05-11 16:27:21 +02:00
Sebastian Kippe
c158f845f0
Configure STUN/TURN for ejabberd and nginx proxy 2022-05-11 15:27:49 +02:00
Greg Karékinian
c56870008e Use the new LDAP services application accounts 2022-05-11 14:49:28 +02:00
Greg Karékinian
e53e55cb2d Disable TLS for LDAP since we're using Zerotier networking 2022-05-11 14:49:00 +02:00
Greg Karékinian
ff7cb1ce4a Generate a hosts entry for the LDAP server 2022-05-11 14:48:30 +02:00
Sebastian Kippe
622fabe151
Use private IP for ejabberd TURN 2022-01-19 14:38:53 -06:00
Sebastian Kippe
62c95175cc
Only allow ZeroTier connections for ejabberd cluster 2022-01-18 12:50:13 -06:00