Commit Graph

121 Commits

Author SHA1 Message Date
raucao de7cc69505 Allow more users per room 2025-05-17 10:42:41 +04:00
raucao 160134bd86 Allow more ejabberd API calls from akkounts 2025-05-16 15:17:43 +04:00
raucao 5777a45f0a Fix/improve ejabberd cert renewals 2025-04-22 17:28:44 +04:00
raucao f246f63594 Update Gandi API token
For certbot renewals. Also set resource to sensitive in ejabberd recipe.

Co-authored-by: Greg Karékinian <greg@karekinian.com>
2025-03-19 18:01:50 +04:00
raucao b1bb5d0625 Use default value for STUN credentials lifetime 2025-01-14 15:30:42 -05:00
raucao e4112a3626 Fix TLS cert updates for kosmos.chat
Some recipes weren't updated for the proxy validation yet. Needed to
split the ejabberd cert in two, so it can do normal validation on
`.org` and proxy validation on `.chat`.
2024-12-09 18:17:10 +04:00
raucao 3853f94ae0 Use new proxy domain for ejabberd cert 2024-10-16 12:40:10 +02:00
raucao 0726e58f7c Update ejabberd LDAP filter for new akkounts release 2024-10-16 12:36:30 +02:00
raucao fe581c348a Fix bookmarks disappearing for XMPP users
The limit for PEP nodes was ridiculously low. No idea why, but it means
users were only able to save 10 items (e.g. channel bookmarks) at once.
2024-10-16 12:34:31 +02:00
raucao 989185f951 Support proxy domain validation for Garage web domains
Also rename the data bag item
2024-04-30 12:23:36 +02:00
raucao 4cbda69a6b Add support for proxy domain validation to tls_cert resource 2024-04-26 12:24:17 +02:00
raucao 12b4fb37fa Only allow ejabberd logins when XMPP service is enabled 2024-03-27 20:12:33 +04:00
raucao 4a8ab3abe3 Support letsencrypt proxy validation via CNAMEs
Allows to point other domains' `_acme-challenge.example.com` entries at
`example.com.letsencrypt.kosmos.chat` so we can validate from our side
without access to the other domain's DNS records.

Used for 5apps.com XMPP for now. Can be used for others later.

Co-authored-by: Greg Karékinian <greg@karekinian.com>
2024-03-11 16:21:28 +01:00
raucao 210a83a686 Increase max user offline messages for ejabberd 2024-02-04 15:47:55 +02:00
raucao e1007f7886 ejabberd disco config additions 2023-12-18 13:23:21 +01:00
raucao 292366a77f Domain vs realm vs IP 2023-12-18 13:23:05 +01:00
raucao ed998fc1d3 Use TCP for TLS connections 2023-12-18 13:22:34 +01:00
raucao 8a97ebf4f8 Use domain instead of IP, add TLS endpoints 2023-12-17 17:57:49 +01:00
raucao ca3f06f831 Increase size of port range for TURN 2023-12-17 17:05:06 +01:00
raucao 1576a8e731 Set up coturn, switch from ejabberd in production
https://github.com/coturn/coturn
2023-12-17 15:20:11 +01:00
Râu Cao cc6cebb8a2 Increase TURN throughput allowance 2023-12-05 18:20:27 +01:00
Râu Cao 4dbc960eed Switch ejabberd node handling TURN
Should use the same outgoing IP as for incoming
2023-12-05 18:19:48 +01:00
Râu Cao abc168ebf1 Upgrade ejabberd to 23.10, enable anonymous occupant IDs 2023-11-01 12:29:23 +01:00
Râu Cao 65d71d6a73 Migrate ejabberd uploads to mod_s3_upload and Garage
In addition to installing and configuring the new module, this also
enables public access to the S3 API via `bucket-name.s3.kosmos.org` as
well as Web access on `bucket-name.web.s3.kosmos.org` (when enabled).

Also includes some drive-by improvements to Chef attribute naming and
usage.

Co-authored-by: Greg Karékinian <greg@karekinian.com>
2023-10-10 17:55:55 +02:00
Râu Cao 0f12a54eab Refactor tor usage entirely
Use a custom resource and separate recipe for service configs with
pre-set keys and hostnames
2023-07-30 12:39:41 +02:00
Râu Cao 68b56789c5 Migrate ejabberd UDP streams to openresty
And remove the other streams in the process, in favor of running haproxy
on all LBs.
2023-07-30 12:39:36 +02:00
Râu Cao efb07ad3c1 Allow akkounts to set private XML storage data
Enables kosmos/akkounts#116
2023-04-19 17:32:30 +02:00
Râu Cao 14e04d77a9 Activate real-time MUC blocklist module 2023-04-19 17:32:15 +02:00
Râu Cao f8f3fc7c3a Upgrade ejabberd to 23.04
Also add a package version attribute, since the value changed in the
past.
2023-04-19 17:30:55 +02:00
Râu Cao 03a02a19c4 Use proxy protocol for ejabberd nginx streams 2023-04-04 15:14:41 +02:00
Râu Cao 7a1be33b7a Make all nginx vhosts listen on IPv6 2023-04-04 15:10:23 +02:00
Râu Cao 797dd241e0 Improve ejabberd HTTP API configs and access
Move the listener to a separate endpoint on port 80, which is only
accessible from the private network. Change accounts.kosmos.org to use
the new endpoint via a `.local` domain instead of faking external
access.
2023-04-03 15:38:40 +02:00
Râu Cao 6e31c7a79b Use proxy protocol 2023-03-24 16:35:23 +07:00
Râu Cao a2fc3ba25c Remove obsolete folder permissions 2023-03-24 16:35:07 +07:00
Râu Cao 13fc2e6e24 Improve MUC config 2023-03-24 16:34:40 +07:00
Râu Cao 89865bcd2a Allow send_message endpoint from akkounts 2023-01-12 15:37:08 +08:00
Râu Cao 991458208d Use a role for configuring LDAP hostname on clients
This way it's also easy to converge all LDAP clients at once.
2022-11-26 16:45:45 +01:00
basti a85415ef48 Fix MUC service/domains not being announced
Only subdomains of `hosts` are automatically announced, but other
domains have to be added manually via the `extra_domains` disco module
config.

fixes #413
2022-06-03 18:07:50 +02:00
basti 48cdd62973 Upgrade ejabberd to 22.05
Tested/running on all cluster nodes. Due to changes in the upstream
package we were able to remove some complexity from the recipe. Deleting
code FTW!

closes #334
2022-05-31 16:27:07 +02:00
basti a1e2c21bcb Fix abuse address info in XMPP service discovery
It wasn't replacing the @HOST@ placeholder with the actual vhost domain.
2022-05-31 11:32:55 +02:00
basti 48c3fef1a1 Remove TLS config for ejabberd LDAP 2022-05-11 16:27:21 +02:00
basti decd937d43 Remove superfluous license header 2022-05-11 16:27:21 +02:00
basti e89e0b3122 Fix letsencrypt bootstrap for ejabberd 2022-05-11 16:27:21 +02:00
basti b3f1a74cc2 Remove obsolete ejabberd backups 2022-05-11 16:27:21 +02:00
basti c158f845f0 Configure STUN/TURN for ejabberd and nginx proxy 2022-05-11 15:27:49 +02:00
Greg Karékinian c56870008e Use the new LDAP services application accounts 2022-05-11 14:49:28 +02:00
Greg Karékinian e53e55cb2d Disable TLS for LDAP since we're using Zerotier networking 2022-05-11 14:49:00 +02:00
Greg Karékinian ff7cb1ce4a Generate a hosts entry for the LDAP server 2022-05-11 14:48:30 +02:00
basti 622fabe151 Use private IP for ejabberd TURN 2022-01-19 14:38:53 -06:00
basti 62c95175cc Only allow ZeroTier connections for ejabberd cluster 2022-01-18 12:50:13 -06:00