kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
1,888 Commits 7 Branches 0 Tags
Commit Graph

112 Commits

Author SHA1 Message Date
Râu Cao
989185f951
Support proxy domain validation for Garage web domains 
Also rename the data bag item
 2024-04-30 12:23:36 +02:00
Râu Cao
4cbda69a6b
Add support for proxy domain validation to tls_cert resource 2024-04-26 12:24:17 +02:00
Râu Cao
12b4fb37fa
Only allow ejabberd logins when XMPP service is enabled 2024-03-27 20:12:33 +04:00
Râu Cao
4a8ab3abe3
Support letsencrypt proxy validation via CNAMEs 
Allows to point other domains' `_acme-challenge.example.com` entries at
`example.com.letsencrypt.kosmos.chat` so we can validate from our side
without access to the other domain's DNS records.

Used for 5apps.com XMPP for now. Can be used for others later.

Co-authored-by: Greg Karékinian <greg@karekinian.com>
 2024-03-11 16:21:28 +01:00
Râu Cao
210a83a686
Increase max user offline messages for ejabberd 2024-02-04 15:47:55 +02:00
Râu Cao
e1007f7886
ejabberd disco config additions 2023-12-18 13:23:21 +01:00
Râu Cao
292366a77f
Domain vs realm vs IP 2023-12-18 13:23:05 +01:00
Râu Cao
ed998fc1d3
Use TCP for TLS connections 2023-12-18 13:22:34 +01:00
Râu Cao
8a97ebf4f8
Use domain instead of IP, add TLS endpoints 2023-12-17 17:57:49 +01:00
Râu Cao
ca3f06f831
Increase size of port range for TURN 2023-12-17 17:05:06 +01:00
Râu Cao
1576a8e731
Set up coturn, switch from ejabberd in production 
https://github.com/coturn/coturn
 2023-12-17 15:20:11 +01:00
Râu Cao
cc6cebb8a2
Increase TURN throughput allowance 2023-12-05 18:20:27 +01:00
Râu Cao
4dbc960eed
Switch ejabberd node handling TURN 
Should use the same outgoing IP as for incoming
 2023-12-05 18:19:48 +01:00
Râu Cao
abc168ebf1
Upgrade ejabberd to 23.10, enable anonymous occupant IDs 2023-11-01 12:29:23 +01:00
Râu Cao
65d71d6a73
Migrate ejabberd uploads to mod_s3_upload and Garage 
In addition to installing and configuring the new module, this also
enables public access to the S3 API via `bucket-name.s3.kosmos.org` as
well as Web access on `bucket-name.web.s3.kosmos.org` (when enabled).

Also includes some drive-by improvements to Chef attribute naming and
usage.

Co-authored-by: Greg Karékinian <greg@karekinian.com>
 2023-10-10 17:55:55 +02:00
Râu Cao
0f12a54eab
Refactor tor usage entirely 
Use a custom resource and separate recipe for service configs with
pre-set keys and hostnames
 2023-07-30 12:39:41 +02:00
Râu Cao
68b56789c5
Migrate ejabberd UDP streams to openresty 
And remove the other streams in the process, in favor of running haproxy
on all LBs.
 2023-07-30 12:39:36 +02:00
Râu Cao
efb07ad3c1
Allow akkounts to set private XML storage data 
Enables kosmos/akkounts#116
 2023-04-19 17:32:30 +02:00
Râu Cao
14e04d77a9
Activate real-time MUC blocklist module 2023-04-19 17:32:15 +02:00
Râu Cao
f8f3fc7c3a
Upgrade ejabberd to 23.04 
Also add a package version attribute, since the value changed in the
past.
 2023-04-19 17:30:55 +02:00
Râu Cao
03a02a19c4
Use proxy protocol for ejabberd nginx streams 2023-04-04 15:14:41 +02:00
Râu Cao
7a1be33b7a
Make all nginx vhosts listen on IPv6 2023-04-04 15:10:23 +02:00
Râu Cao
797dd241e0
Improve ejabberd HTTP API configs and access 
Move the listener to a separate endpoint on port 80, which is only
accessible from the private network. Change accounts.kosmos.org to use
the new endpoint via a `.local` domain instead of faking external
access.
 2023-04-03 15:38:40 +02:00
Râu Cao
6e31c7a79b
Use proxy protocol 2023-03-24 16:35:23 +07:00
Râu Cao
a2fc3ba25c
Remove obsolete folder permissions 2023-03-24 16:35:07 +07:00
Râu Cao
13fc2e6e24
Improve MUC config 2023-03-24 16:34:40 +07:00
Râu Cao
89865bcd2a
Allow send_message endpoint from akkounts 2023-01-12 15:37:08 +08:00
Râu Cao
991458208d
Use a role for configuring LDAP hostname on clients 
This way it's also easy to converge all LDAP clients at once.
 2022-11-26 16:45:45 +01:00
Sebastian Kippe
a85415ef48
Fix MUC service/domains not being announced 
Only subdomains of `hosts` are automatically announced, but other
domains have to be added manually via the `extra_domains` disco module
config.

fixes #413
 2022-06-03 18:07:50 +02:00
Sebastian Kippe
48cdd62973
Upgrade ejabberd to 22.05 
Tested/running on all cluster nodes. Due to changes in the upstream
package we were able to remove some complexity from the recipe. Deleting
code FTW!

closes #334
 2022-05-31 16:27:07 +02:00
Sebastian Kippe
a1e2c21bcb
Fix abuse address info in XMPP service discovery 
It wasn't replacing the @HOST@ placeholder with the actual vhost domain.
 2022-05-31 11:32:55 +02:00
Sebastian Kippe
48c3fef1a1
Remove TLS config for ejabberd LDAP 2022-05-11 16:27:21 +02:00
Sebastian Kippe
decd937d43
Remove superfluous license header 2022-05-11 16:27:21 +02:00
Sebastian Kippe
e89e0b3122
Fix letsencrypt bootstrap for ejabberd 2022-05-11 16:27:21 +02:00
Sebastian Kippe
b3f1a74cc2
Remove obsolete ejabberd backups 2022-05-11 16:27:21 +02:00
Sebastian Kippe
c158f845f0
Configure STUN/TURN for ejabberd and nginx proxy 2022-05-11 15:27:49 +02:00
Greg Karékinian
c56870008e Use the new LDAP services application accounts 2022-05-11 14:49:28 +02:00
Greg Karékinian
e53e55cb2d Disable TLS for LDAP since we're using Zerotier networking 2022-05-11 14:49:00 +02:00
Greg Karékinian
ff7cb1ce4a Generate a hosts entry for the LDAP server 2022-05-11 14:48:30 +02:00
Sebastian Kippe
622fabe151
Use private IP for ejabberd TURN 2022-01-19 14:38:53 -06:00
Sebastian Kippe
62c95175cc
Only allow ZeroTier connections for ejabberd cluster 2022-01-18 12:50:13 -06:00
Sebastian Kippe
74dd59ad07
Write hostname-related configs for new ejabberd cluster 2022-01-18 12:50:10 -06:00
Sebastian Kippe
5b351036ba
Remove superfluous license header 2022-01-18 11:19:20 -06:00
Sebastian Kippe
024b4bf164
Fix typo 2022-01-18 11:19:19 -06:00
Sebastian Kippe
a184f27c96
Update kosmos postgres cookbook name in other cookbooks 2021-11-30 08:47:15 -06:00
raucao
ad271e55d4 Merge pull request 'Move PostgreSQL to VMs and access via Zerotier' (#282) from feature/postgres_vms into master 
Reviewed-on: #282
 2021-01-25 10:56:42 +00:00
Greg Karékinian
90ce664f2e Update ejabberd to 20.12 
It fixes a bug that prevented the config to be reloaded for LDAP options
(https://github.com/processone/ejabberd/issues/3181) and more:
https://www.process-one.net/blog/ejabberd-20-12/
 2021-01-24 10:14:29 +01:00
Greg Karékinian
bb0e73d1b9 Switch ejabberd, mastodon and gitea to a hostname for Postgres 2021-01-23 17:11:45 +01:00
Sebastian Kippe
fd4844a012 Fix ejabberd API permission for akkounts VMs 
It should have been using a /32, not a /8 subnet, in order to only allow
the akkounts VM(s) to use the API endpoints without further
authorization.
 2021-01-22 18:41:45 +01:00
Sebastian Kippe
74cf26846e
Fix ejabberd API permission for akkounts VMs 
It should have been using a /32, not a /8 subnet, in order to only allow
the akkounts VM(s) to use the API endpoints without further
authorization.
 2021-01-12 18:06:16 +01:00