kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 26 Pull Requests 2 Projects 2 Activity
1,452 Commits 6 Branches 0 Tags
Commit Graph

84 Commits

Author SHA1 Message Date
Sebastian Kippe
a85415ef48
Fix MUC service/domains not being announced 
Only subdomains of `hosts` are automatically announced, but other
domains have to be added manually via the `extra_domains` disco module
config.

fixes #413
 2022-06-03 18:07:50 +02:00
Sebastian Kippe
48cdd62973
Upgrade ejabberd to 22.05 
Tested/running on all cluster nodes. Due to changes in the upstream
package we were able to remove some complexity from the recipe. Deleting
code FTW!

closes #334
 2022-05-31 16:27:07 +02:00
Sebastian Kippe
a1e2c21bcb
Fix abuse address info in XMPP service discovery 
It wasn't replacing the @HOST@ placeholder with the actual vhost domain.
 2022-05-31 11:32:55 +02:00
Sebastian Kippe
48c3fef1a1
Remove TLS config for ejabberd LDAP 2022-05-11 16:27:21 +02:00
Sebastian Kippe
decd937d43
Remove superfluous license header 2022-05-11 16:27:21 +02:00
Sebastian Kippe
e89e0b3122
Fix letsencrypt bootstrap for ejabberd 2022-05-11 16:27:21 +02:00
Sebastian Kippe
b3f1a74cc2
Remove obsolete ejabberd backups 2022-05-11 16:27:21 +02:00
Sebastian Kippe
c158f845f0
Configure STUN/TURN for ejabberd and nginx proxy 2022-05-11 15:27:49 +02:00
Greg Karékinian
c56870008e Use the new LDAP services application accounts 2022-05-11 14:49:28 +02:00
Greg Karékinian
e53e55cb2d Disable TLS for LDAP since we're using Zerotier networking 2022-05-11 14:49:00 +02:00
Greg Karékinian
ff7cb1ce4a Generate a hosts entry for the LDAP server 2022-05-11 14:48:30 +02:00
Sebastian Kippe
622fabe151
Use private IP for ejabberd TURN 2022-01-19 14:38:53 -06:00
Sebastian Kippe
62c95175cc
Only allow ZeroTier connections for ejabberd cluster 2022-01-18 12:50:13 -06:00
Sebastian Kippe
74dd59ad07
Write hostname-related configs for new ejabberd cluster 2022-01-18 12:50:10 -06:00
Sebastian Kippe
5b351036ba
Remove superfluous license header 2022-01-18 11:19:20 -06:00
Sebastian Kippe
024b4bf164
Fix typo 2022-01-18 11:19:19 -06:00
Sebastian Kippe
a184f27c96
Update kosmos postgres cookbook name in other cookbooks 2021-11-30 08:47:15 -06:00
raucao
ad271e55d4 Merge pull request 'Move PostgreSQL to VMs and access via Zerotier' (#282) from feature/postgres_vms into master 
Reviewed-on: #282
 2021-01-25 10:56:42 +00:00
Greg Karékinian
90ce664f2e Update ejabberd to 20.12 
It fixes a bug that prevented the config to be reloaded for LDAP options
(https://github.com/processone/ejabberd/issues/3181) and more:
https://www.process-one.net/blog/ejabberd-20-12/
 2021-01-24 10:14:29 +01:00
Greg Karékinian
bb0e73d1b9 Switch ejabberd, mastodon and gitea to a hostname for Postgres 2021-01-23 17:11:45 +01:00
Sebastian Kippe
fd4844a012 Fix ejabberd API permission for akkounts VMs 
It should have been using a /32, not a /8 subnet, in order to only allow
the akkounts VM(s) to use the API endpoints without further
authorization.
 2021-01-22 18:41:45 +01:00
Sebastian Kippe
74cf26846e
Fix ejabberd API permission for akkounts VMs 
It should have been using a /32, not a /8 subnet, in order to only allow
the akkounts VM(s) to use the API endpoints without further
authorization.
 2021-01-12 18:06:16 +01:00
greg
f1c8faff85 Merge branch 'master' into feature/api_permissions 2020-12-10 13:26:48 +00:00
Sebastian Kippe
239b6aed51
Add API permissions for akkounts VMs 
Using the zerotier IP, which is the same as the knife-zero host.
 2020-12-08 20:00:31 +01:00
Sebastian Kippe
56d9144ad6
Disable ACME 
Throws a warning when reloading the config, because it is enabled by
default, but not configured entirely. Disabling it explicitly removes
the warning.
 2020-12-08 14:30:29 +01:00
Greg Karékinian
e6b7794e20 Extract firewall definitions to their own recipe 
This allows us to use them for KVM hosts as well. Until now we had set
up ufw rules manually on the two KVM hosts (draco and centaurus)

Refs #244
 2020-12-04 16:27:42 +01:00
Sebastian Kippe
8c60279fe1
Add cluster configs to ejabberd recipe 2020-11-25 21:02:46 +01:00
Greg Karékinian
613b316588 Add comment about needing to run Chef a second time... 
... after the TLS certs are generated
 2020-11-25 16:36:07 +01:00
Greg Karékinian
3a8af26b5f Remove firewall rule for an unused port 2020-11-25 16:36:07 +01:00
Greg Karékinian
ddb706b61c Add a missing dependency on kosmos-dirsrv 2020-11-25 16:36:07 +01:00
Greg Karékinian
085bd8abd5 Move TURN port to a different range 
It landed on a port used by PostgreSQL. Also switch STUN/TURN to TCP
because HAProxy does not support UDP.

Closes #240
 2020-11-25 16:36:07 +01:00
Greg Karékinian
7636f6ed19 Move the Gandi DNS certbot hook to kosmos-ejabberd 2020-11-25 16:36:07 +01:00
Greg Karékinian
8b1f90c568 Use the same Erlang cookie to enable clustering 
Refs #243
 2020-11-25 16:35:37 +01:00
Sebastian Kippe
f39f953b8a
Configure ejabberd nodes for HTTP upload service 2020-11-24 15:44:59 +01:00
Sebastian Kippe
0e29c930ed
Configure subdirectory level for upload.pm 
This allows to post to per-domain subdirectories from XMPP clients.
 2020-11-24 15:33:34 +01:00
Sebastian Kippe
0aef830aa3
Fix upload folder permissions 
Uploads are failing with the current mode.
 2020-11-23 20:50:01 +01:00
Sebastian Kippe
9efb9cd78c
Configure/deploy HTTP upload service on uploads.kosmos.chat 
https://xmpp.org/extensions/xep-0363.html

(Does not contain the config for ejabberd itself yet.)
 2020-11-23 17:37:14 +01:00
Greg Karékinian
2119c11243 Do not include kosmos-postgresql in kosmos-ejabberd default recipe 
It will install PostgreSQL, and we do not want that on the ejabberd
server
 2020-09-25 16:29:01 +02:00
Greg Karékinian
6f696d7634 Define access rules in the PostgreSQL primary recipe 
Access is done for the IP of a server for all users and all databases
for ejabberd and gitea
 2020-06-11 18:20:04 +02:00
Greg Karékinian
26097a7584 Use the correct database name for the access rights 2020-06-11 09:00:50 +02:00
Greg Karékinian
2c21d6255b Add PostgreSQL primary support to the kosmos-ejabberd cookbook 
* Move the PostgreSQL user and database creation to a pg_db recipe
* Generate access rights for the ejabberd servers in the pg_db recipe
* Connect to the PostgreSQL primary instead of localhost

Refs #180
 2020-06-10 18:38:40 +02:00
Greg Karékinian
091a46e972 Do not pass the pgsql_password variable to ejabberd.yml 
The password is only used in the config files for the vhosts
 2020-06-10 18:37:36 +02:00
Sebastian Kippe
4448ec2173
Configure TURN properly 
Was missing a couple of necessary properties, and is now using an
explicit port range for TURN, and opening those ports in UFW.
 2020-05-02 14:07:14 +02:00
Sebastian Kippe
ef2fa2da72
Configure STUN/TURN 
Configures built-in STUN/TURN support, and adds the new service discovery
module for it.
 2020-05-01 16:25:38 +02:00
Sebastian Kippe
35a56aa221
Update version to 20.04 2020-05-01 14:55:13 +02:00
Greg Karékinian
db8bb44c8b Update ejabberd to 20.03 
The download URL has changed, they removed a prefix

Closes #153
 2020-04-20 14:53:08 +02:00
Greg Karékinian
f5dd2c7de9 Fix the command importing the schema on db creation 
It had an extra }, but this only fails when creating the databases
 2020-04-20 14:52:11 +02:00
greg
7fa11089b1 Merge branch 'bugfix/ejabberd_restart_config_vhost_change' of kosmos/chef into master 2020-03-04 13:45:10 +00:00
Greg Karékinian
a68ae78689 Update ejabberd to 20.02 
It includes a fix to the reload_config command that prevented us from
running a version newer than 19.05

Closes #136
 2020-03-04 13:28:13 +01:00
Greg Karékinian
6cd0fa039e Restart ejabberd service when changing a vhost config 
I have ran into an issue, changes to the LDAP config for a host are
currently only loaded on startup, not on reload

https://github.com/processone/ejabberd/issues/3181

This should be fixed once
b39a1e2d74
is part of the next release
 2020-03-04 13:23:54 +01:00