kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
1,724 Commits 7 Branches 0 Tags
Commit Graph

8 Commits

Author SHA1 Message Date
Râu Cao
65d71d6a73
Migrate ejabberd uploads to mod_s3_upload and Garage 
In addition to installing and configuring the new module, this also
enables public access to the S3 API via `bucket-name.s3.kosmos.org` as
well as Web access on `bucket-name.web.s3.kosmos.org` (when enabled).

Also includes some drive-by improvements to Chef attribute naming and
usage.

Co-authored-by: Greg Karékinian <greg@karekinian.com>
 2023-10-10 17:55:55 +02:00
Sebastian Kippe
48c3fef1a1
Remove TLS config for ejabberd LDAP 2022-05-11 16:27:21 +02:00
Sebastian Kippe
e89e0b3122
Fix letsencrypt bootstrap for ejabberd 2022-05-11 16:27:21 +02:00
Greg Karékinian
613b316588 Add comment about needing to run Chef a second time... 
... after the TLS certs are generated
 2020-11-25 16:36:07 +01:00
Greg Karékinian
2c21d6255b Add PostgreSQL primary support to the kosmos-ejabberd cookbook 
* Move the PostgreSQL user and database creation to a pg_db recipe
* Generate access rights for the ejabberd servers in the pg_db recipe
* Connect to the PostgreSQL primary instead of localhost

Refs #180
 2020-06-10 18:38:40 +02:00
Greg Karékinian
6fa89b3c25 Switch the ejabberd LDAP setup to a new application account 
Needs the new directory structure:

```
dn: cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalRole
cn: users

dn: ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
ou: kosmos.org

dn: ou=5apps.com,cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
description: 5apps
ou: 5apps.com

dn: uid=wiki,ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: wiki
userPassword: [snip]

dn: uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: xmpp
userPassword: [snip]

dn: uid=xmpp,ou=5apps.com,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: xmpp
userPassword: [snip]

```

And the new ACIs:

```
dn: ou=5apps.com,cn=users,dc=kosmos,dc=org
changetype: modify
replace: aci
aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole") (version 3.0; acl "xmpp-5apps-read-search"; allow (read,search) userdn="ldap:///cn=xmpp,ou=5apps.com,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-5apps-change-password"; allow (write) userdn="ldap:///cn=xmpp,ou=5apps.com,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "xmpp-5apps-read-search"; allow (read,search) userdn="ldap:///uid=xmpp,ou=5apps.com,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-5apps-change-password"; allow (write) userdn="ldap:///uid=xmpp,ou=5apps.com,cn=applications,dc=kosmos,dc=org";)

dn: ou=kosmos.org,cn=users,dc=kosmos,dc=org
changetype: modify
replace: aci
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///cn=xmpp,ou=kosmos.org,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///cn=wiki,ou=kosmos.org,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-kosmos-change-password"; allow (write) userdn="ldap:///cn=xmpp,ou=kosmos.org,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || objectClass") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=wiki,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-kosmos-change-password"; allow (write) userdn="ldap:///uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
```

Refs #140
 2020-02-21 18:03:58 +01:00
Greg Karékinian
c2b2b6f08b Fix the vhost template 
hosts must be defined in the main config file
 2020-02-17 15:04:08 +01:00
Greg Karékinian
38f39af2a4 Move each vhost to its own config file 2020-02-17 13:20:54 +01:00