kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
1,962 Commits 7 Branches 0 Tags
Commit Graph

36 Commits

Author SHA1 Message Date
Râu Cao
d000d89409
Map LDAP jpegPhoto to vcard-temp PHOTO 2025-05-15 12:04:59 +04:00
Râu Cao
b1bb5d0625
Use default value for STUN credentials lifetime 2025-01-14 15:30:42 -05:00
Râu Cao
fe581c348a
Fix bookmarks disappearing for XMPP users 
The limit for PEP nodes was ridiculously low. No idea why, but it means
users were only able to save 10 items (e.g. channel bookmarks) at once.
 2024-10-16 12:34:31 +02:00
Râu Cao
210a83a686
Increase max user offline messages for ejabberd 2024-02-04 15:47:55 +02:00
Râu Cao
e1007f7886
ejabberd disco config additions 2023-12-18 13:23:21 +01:00
Râu Cao
ed998fc1d3
Use TCP for TLS connections 2023-12-18 13:22:34 +01:00
Râu Cao
8a97ebf4f8
Use domain instead of IP, add TLS endpoints 2023-12-17 17:57:49 +01:00
Râu Cao
1576a8e731
Set up coturn, switch from ejabberd in production 
https://github.com/coturn/coturn
 2023-12-17 15:20:11 +01:00
Râu Cao
cc6cebb8a2
Increase TURN throughput allowance 2023-12-05 18:20:27 +01:00
Râu Cao
abc168ebf1
Upgrade ejabberd to 23.10, enable anonymous occupant IDs 2023-11-01 12:29:23 +01:00
Râu Cao
65d71d6a73
Migrate ejabberd uploads to mod_s3_upload and Garage 
In addition to installing and configuring the new module, this also
enables public access to the S3 API via `bucket-name.s3.kosmos.org` as
well as Web access on `bucket-name.web.s3.kosmos.org` (when enabled).

Also includes some drive-by improvements to Chef attribute naming and
usage.

Co-authored-by: Greg Karékinian <greg@karekinian.com>
 2023-10-10 17:55:55 +02:00
Râu Cao
efb07ad3c1
Allow akkounts to set private XML storage data 
Enables kosmos/akkounts#116
 2023-04-19 17:32:30 +02:00
Râu Cao
797dd241e0
Improve ejabberd HTTP API configs and access 
Move the listener to a separate endpoint on port 80, which is only
accessible from the private network. Change accounts.kosmos.org to use
the new endpoint via a `.local` domain instead of faking external
access.
 2023-04-03 15:38:40 +02:00
Râu Cao
6e31c7a79b
Use proxy protocol 2023-03-24 16:35:23 +07:00
Râu Cao
89865bcd2a
Allow send_message endpoint from akkounts 2023-01-12 15:37:08 +08:00
Sebastian Kippe
a85415ef48
Fix MUC service/domains not being announced 
Only subdomains of `hosts` are automatically announced, but other
domains have to be added manually via the `extra_domains` disco module
config.

fixes #413
 2022-06-03 18:07:50 +02:00
Sebastian Kippe
a1e2c21bcb
Fix abuse address info in XMPP service discovery 
It wasn't replacing the @HOST@ placeholder with the actual vhost domain.
 2022-05-31 11:32:55 +02:00
Sebastian Kippe
c158f845f0
Configure STUN/TURN for ejabberd and nginx proxy 2022-05-11 15:27:49 +02:00
Sebastian Kippe
74cf26846e
Fix ejabberd API permission for akkounts VMs 
It should have been using a /32, not a /8 subnet, in order to only allow
the akkounts VM(s) to use the API endpoints without further
authorization.
 2021-01-12 18:06:16 +01:00
Sebastian Kippe
239b6aed51
Add API permissions for akkounts VMs 
Using the zerotier IP, which is the same as the knife-zero host.
 2020-12-08 20:00:31 +01:00
Sebastian Kippe
56d9144ad6
Disable ACME 
Throws a warning when reloading the config, because it is enabled by
default, but not configured entirely. Disabling it explicitly removes
the warning.
 2020-12-08 14:30:29 +01:00
Greg Karékinian
085bd8abd5 Move TURN port to a different range 
It landed on a port used by PostgreSQL. Also switch STUN/TURN to TCP
because HAProxy does not support UDP.

Closes #240
 2020-11-25 16:36:07 +01:00
Sebastian Kippe
f39f953b8a
Configure ejabberd nodes for HTTP upload service 2020-11-24 15:44:59 +01:00
Sebastian Kippe
4448ec2173
Configure TURN properly 
Was missing a couple of necessary properties, and is now using an
explicit port range for TURN, and opening those ports in UFW.
 2020-05-02 14:07:14 +02:00
Sebastian Kippe
ef2fa2da72
Configure STUN/TURN 
Configures built-in STUN/TURN support, and adds the new service discovery
module for it.
 2020-05-01 16:25:38 +02:00
Greg Karékinian
56adfa37fb Fix a warning in the config 
Migrate the web admin to a request handler
 2020-02-17 17:26:55 +01:00
Greg Karékinian
c2b2b6f08b Fix the vhost template 
hosts must be defined in the main config file
 2020-02-17 15:04:08 +01:00
Greg Karékinian
38f39af2a4 Move each vhost to its own config file 2020-02-17 13:20:54 +01:00
Greg Karékinian
55eb95ae73 Verify the TLS server's certificate 
Do not proceed if a certificate is invalid
 2020-02-14 13:56:52 +01:00
Greg Karékinian
49d01991fd Enable LDAP on the XMPP 5apps.com vhost 
Refactor the ejabberd config file to remove hardcoded values about the
vhosts

Refs #123
 2020-02-12 17:40:38 +01:00
Greg Karékinian
544f4b78f4 Change the MUC domain for the kosmos.org XMPP server to kosmos.chat 2019-09-19 15:57:54 +02:00
Greg Karékinian
0fa9e6cbb7 Set the uploads dir inside of /opt/ejabberd instead of /var/www 
/var/www is intended for nginx/apache

I have copied over the old directories manually on Andromeda before
running this code

Fixes #80
 2019-07-19 12:47:42 +02:00
Greg Karékinian
0be63e5935 Fix the config file when no TLS certs exist 2019-05-14 11:31:42 +02:00
Greg Karékinian
d9390a4b92 Don't use a concatenated cert for kosmos.org anymore 2019-05-13 18:53:45 +02:00
Greg Karékinian
88204ea91b Update the config to the current one running on andromeda 2019-05-13 17:59:04 +02:00
Greg Karékinian
9346188ca7 Initial kosmos-ejabberd cookbook 2019-04-17 10:11:52 +02:00