kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 26 Pull Requests 2 Projects 2 Activity
1,620 Commits 6 Branches 0 Tags
Commit Graph

95 Commits

Author SHA1 Message Date
Râu Cao
efb07ad3c1
Allow akkounts to set private XML storage data 
Enables kosmos/akkounts#116
 2023-04-19 17:32:30 +02:00
Râu Cao
14e04d77a9
Activate real-time MUC blocklist module 2023-04-19 17:32:15 +02:00
Râu Cao
f8f3fc7c3a
Upgrade ejabberd to 23.04 
Also add a package version attribute, since the value changed in the
past.
 2023-04-19 17:30:55 +02:00
Râu Cao
03a02a19c4
Use proxy protocol for ejabberd nginx streams 2023-04-04 15:14:41 +02:00
Râu Cao
7a1be33b7a
Make all nginx vhosts listen on IPv6 2023-04-04 15:10:23 +02:00
Râu Cao
797dd241e0
Improve ejabberd HTTP API configs and access 
Move the listener to a separate endpoint on port 80, which is only
accessible from the private network. Change accounts.kosmos.org to use
the new endpoint via a `.local` domain instead of faking external
access.
 2023-04-03 15:38:40 +02:00
Râu Cao
6e31c7a79b
Use proxy protocol 2023-03-24 16:35:23 +07:00
Râu Cao
a2fc3ba25c
Remove obsolete folder permissions 2023-03-24 16:35:07 +07:00
Râu Cao
13fc2e6e24
Improve MUC config 2023-03-24 16:34:40 +07:00
Râu Cao
89865bcd2a
Allow send_message endpoint from akkounts 2023-01-12 15:37:08 +08:00
Râu Cao
991458208d
Use a role for configuring LDAP hostname on clients 
This way it's also easy to converge all LDAP clients at once.
 2022-11-26 16:45:45 +01:00
Sebastian Kippe
a85415ef48
Fix MUC service/domains not being announced 
Only subdomains of `hosts` are automatically announced, but other
domains have to be added manually via the `extra_domains` disco module
config.

fixes #413
 2022-06-03 18:07:50 +02:00
Sebastian Kippe
48cdd62973
Upgrade ejabberd to 22.05 
Tested/running on all cluster nodes. Due to changes in the upstream
package we were able to remove some complexity from the recipe. Deleting
code FTW!

closes #334
 2022-05-31 16:27:07 +02:00
Sebastian Kippe
a1e2c21bcb
Fix abuse address info in XMPP service discovery 
It wasn't replacing the @HOST@ placeholder with the actual vhost domain.
 2022-05-31 11:32:55 +02:00
Sebastian Kippe
48c3fef1a1
Remove TLS config for ejabberd LDAP 2022-05-11 16:27:21 +02:00
Sebastian Kippe
decd937d43
Remove superfluous license header 2022-05-11 16:27:21 +02:00
Sebastian Kippe
e89e0b3122
Fix letsencrypt bootstrap for ejabberd 2022-05-11 16:27:21 +02:00
Sebastian Kippe
b3f1a74cc2
Remove obsolete ejabberd backups 2022-05-11 16:27:21 +02:00
Sebastian Kippe
c158f845f0
Configure STUN/TURN for ejabberd and nginx proxy 2022-05-11 15:27:49 +02:00
Greg Karékinian
c56870008e Use the new LDAP services application accounts 2022-05-11 14:49:28 +02:00
Greg Karékinian
e53e55cb2d Disable TLS for LDAP since we're using Zerotier networking 2022-05-11 14:49:00 +02:00
Greg Karékinian
ff7cb1ce4a Generate a hosts entry for the LDAP server 2022-05-11 14:48:30 +02:00
Sebastian Kippe
622fabe151
Use private IP for ejabberd TURN 2022-01-19 14:38:53 -06:00
Sebastian Kippe
62c95175cc
Only allow ZeroTier connections for ejabberd cluster 2022-01-18 12:50:13 -06:00
Sebastian Kippe
74dd59ad07
Write hostname-related configs for new ejabberd cluster 2022-01-18 12:50:10 -06:00
Sebastian Kippe
5b351036ba
Remove superfluous license header 2022-01-18 11:19:20 -06:00
Sebastian Kippe
024b4bf164
Fix typo 2022-01-18 11:19:19 -06:00
Sebastian Kippe
a184f27c96
Update kosmos postgres cookbook name in other cookbooks 2021-11-30 08:47:15 -06:00
raucao
ad271e55d4 Merge pull request 'Move PostgreSQL to VMs and access via Zerotier' (#282) from feature/postgres_vms into master 
Reviewed-on: #282
 2021-01-25 10:56:42 +00:00
Greg Karékinian
90ce664f2e Update ejabberd to 20.12 
It fixes a bug that prevented the config to be reloaded for LDAP options
(https://github.com/processone/ejabberd/issues/3181) and more:
https://www.process-one.net/blog/ejabberd-20-12/
 2021-01-24 10:14:29 +01:00
Greg Karékinian
bb0e73d1b9 Switch ejabberd, mastodon and gitea to a hostname for Postgres 2021-01-23 17:11:45 +01:00
Sebastian Kippe
fd4844a012 Fix ejabberd API permission for akkounts VMs 
It should have been using a /32, not a /8 subnet, in order to only allow
the akkounts VM(s) to use the API endpoints without further
authorization.
 2021-01-22 18:41:45 +01:00
Sebastian Kippe
74cf26846e
Fix ejabberd API permission for akkounts VMs 
It should have been using a /32, not a /8 subnet, in order to only allow
the akkounts VM(s) to use the API endpoints without further
authorization.
 2021-01-12 18:06:16 +01:00
greg
f1c8faff85 Merge branch 'master' into feature/api_permissions 2020-12-10 13:26:48 +00:00
Sebastian Kippe
239b6aed51
Add API permissions for akkounts VMs 
Using the zerotier IP, which is the same as the knife-zero host.
 2020-12-08 20:00:31 +01:00
Sebastian Kippe
56d9144ad6
Disable ACME 
Throws a warning when reloading the config, because it is enabled by
default, but not configured entirely. Disabling it explicitly removes
the warning.
 2020-12-08 14:30:29 +01:00
Greg Karékinian
e6b7794e20 Extract firewall definitions to their own recipe 
This allows us to use them for KVM hosts as well. Until now we had set
up ufw rules manually on the two KVM hosts (draco and centaurus)

Refs #244
 2020-12-04 16:27:42 +01:00
Sebastian Kippe
8c60279fe1
Add cluster configs to ejabberd recipe 2020-11-25 21:02:46 +01:00
Greg Karékinian
613b316588 Add comment about needing to run Chef a second time... 
... after the TLS certs are generated
 2020-11-25 16:36:07 +01:00
Greg Karékinian
3a8af26b5f Remove firewall rule for an unused port 2020-11-25 16:36:07 +01:00
Greg Karékinian
ddb706b61c Add a missing dependency on kosmos-dirsrv 2020-11-25 16:36:07 +01:00
Greg Karékinian
085bd8abd5 Move TURN port to a different range 
It landed on a port used by PostgreSQL. Also switch STUN/TURN to TCP
because HAProxy does not support UDP.

Closes #240
 2020-11-25 16:36:07 +01:00
Greg Karékinian
7636f6ed19 Move the Gandi DNS certbot hook to kosmos-ejabberd 2020-11-25 16:36:07 +01:00
Greg Karékinian
8b1f90c568 Use the same Erlang cookie to enable clustering 
Refs #243
 2020-11-25 16:35:37 +01:00
Sebastian Kippe
f39f953b8a
Configure ejabberd nodes for HTTP upload service 2020-11-24 15:44:59 +01:00
Sebastian Kippe
0e29c930ed
Configure subdirectory level for upload.pm 
This allows to post to per-domain subdirectories from XMPP clients.
 2020-11-24 15:33:34 +01:00
Sebastian Kippe
0aef830aa3
Fix upload folder permissions 
Uploads are failing with the current mode.
 2020-11-23 20:50:01 +01:00
Sebastian Kippe
9efb9cd78c
Configure/deploy HTTP upload service on uploads.kosmos.chat 
https://xmpp.org/extensions/xep-0363.html

(Does not contain the config for ejabberd itself yet.)
 2020-11-23 17:37:14 +01:00
Greg Karékinian
2119c11243 Do not include kosmos-postgresql in kosmos-ejabberd default recipe 
It will install PostgreSQL, and we do not want that on the ejabberd
server
 2020-09-25 16:29:01 +02:00
Greg Karékinian
6f696d7634 Define access rules in the PostgreSQL primary recipe 
Access is done for the IP of a server for all users and all databases
for ejabberd and gitea
 2020-06-11 18:20:04 +02:00