Compare commits
5 Commits
32f620e95c
...
2d6cbd22e4
| Author | SHA1 | Date | |
|---|---|---|---|
2d6cbd22e4
|
|||
|
48c3fef1a1
|
|||
|
decd937d43
|
|||
|
e89e0b3122
|
|||
|
b3f1a74cc2
|
4
clients/ejabberd-8.json
Normal file
4
clients/ejabberd-8.json
Normal file
@@ -0,0 +1,4 @@
|
||||
{
|
||||
"name": "ejabberd-8",
|
||||
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2r+emfhx7bl7MxEeIDGY\nKnj3xEyFvVgXL7GwOsbKszFVgZ17yuPwa6vuiJsZsbcFC/nXgGNH2WF5FEv7XhOi\nwE8KMeNrR4xQ9BEANRlRgUTfrkhZG1NCy7PpVBb7L2r36STBuFSdQJmruJAfvTHm\na4hhmfaSIJ0Wa+Q24gL1GNwkSRdOhXRYxB4OvNIJzzuC3XqgugQVG5xzZh0kULQs\nkZVvkL5dM0FEZzBn8aK2sohTFDivvYJy7PAogC9Z5M1nPatZBowruUZvCym3Wh1J\nRtBwsS9SsTcsUqaT9FpEa7vYUney1/R8G2FAFufTyztjgBQzh78GhU+dek+ycIf1\nVQIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||
}
|
||||
63
nodes/ejabberd-8.json
Normal file
63
nodes/ejabberd-8.json
Normal file
@@ -0,0 +1,63 @@
|
||||
{
|
||||
"name": "ejabberd-8",
|
||||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "10.1.1.123"
|
||||
}
|
||||
},
|
||||
"automatic": {
|
||||
"fqdn": "ejabberd-8",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1063-kvm",
|
||||
"hostname": "ejabberd-8",
|
||||
"ipaddress": "192.168.122.27",
|
||||
"roles": [
|
||||
"ejabberd",
|
||||
"postgresql_client"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_postgresql::hostsfile",
|
||||
"kosmos-ejabberd::letsencrypt",
|
||||
"kosmos-ejabberd",
|
||||
"kosmos-ejabberd::default",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
"ntp::default",
|
||||
"ntp::apparmor",
|
||||
"kosmos-base::systemd_emails",
|
||||
"apt::unattended-upgrades",
|
||||
"kosmos-base::firewall",
|
||||
"kosmos-postfix::default",
|
||||
"postfix::default",
|
||||
"postfix::_common",
|
||||
"postfix::_attributes",
|
||||
"postfix::sasl_auth",
|
||||
"hostname::default",
|
||||
"kosmos-base::letsencrypt",
|
||||
"kosmos-dirsrv::hostsfile",
|
||||
"kosmos-ejabberd::firewall",
|
||||
"tor-full::default"
|
||||
],
|
||||
"platform": "ubuntu",
|
||||
"platform_version": "20.04",
|
||||
"cloud": null,
|
||||
"chef_packages": {
|
||||
"chef": {
|
||||
"version": "17.10.3",
|
||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.10.3/lib",
|
||||
"chef_effortless": null
|
||||
},
|
||||
"ohai": {
|
||||
"version": "17.9.0",
|
||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai"
|
||||
}
|
||||
}
|
||||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[ejabberd]"
|
||||
]
|
||||
}
|
||||
@@ -7,9 +7,8 @@ default_run_list = %w(
|
||||
|
||||
production_run_list = %w(
|
||||
role[postgresql_client]
|
||||
kosmos-ejabberd::default
|
||||
kosmos-ejabberd::letsencrypt
|
||||
kosmos-ejabberd::backup
|
||||
kosmos-ejabberd::default
|
||||
)
|
||||
env_run_lists(
|
||||
'development' => default_run_list,
|
||||
|
||||
@@ -52,6 +52,7 @@ end
|
||||
end
|
||||
end
|
||||
|
||||
# TODO check if nginx is installed/running on the node
|
||||
file "/etc/letsencrypt/renewal-hooks/deploy/nginx" do
|
||||
content <<-EOF
|
||||
#!/usr/bin/env bash
|
||||
|
||||
@@ -1,45 +0,0 @@
|
||||
#
|
||||
# Cookbook:: kosmos-ejabberd
|
||||
# Recipe:: backup
|
||||
#
|
||||
# The MIT License (MIT)
|
||||
#
|
||||
# Copyright:: 2019, Kosmos Developers
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
|
||||
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
|
||||
|
||||
unless node.chef_environment == "development"
|
||||
# backup the data dir and the config files
|
||||
node.override["backup"]["archives"]["ejabberd"] = ["/opt/ejabberd", "/var/www/xmpp.kosmos.org", "/var/www/xmpp.5apps.com"]
|
||||
unless node["backup"]["postgresql"]["databases"].keys.include? "ejabberd"
|
||||
node.override["backup"]["postgresql"]["databases"]["ejabberd"] = {
|
||||
username: "ejabberd",
|
||||
password: postgresql_data_bag_item['ejabberd_user_password']
|
||||
}
|
||||
end
|
||||
unless node["backup"]["postgresql"]["databases"].keys.include? "ejabberd_5apps"
|
||||
node.override["backup"]["postgresql"]["databases"]["ejabberd_5apps"] = {
|
||||
username: "ejabberd",
|
||||
password: postgresql_data_bag_item['ejabberd_user_password']
|
||||
}
|
||||
end
|
||||
include_recipe "backup"
|
||||
end
|
||||
@@ -2,27 +2,6 @@
|
||||
# Cookbook:: kosmos-ejabberd
|
||||
# Recipe:: letsencrypt
|
||||
#
|
||||
# The MIT License (MIT)
|
||||
#
|
||||
# Copyright:: 2019, Kosmos Developers
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
|
||||
include_recipe "kosmos-base::letsencrypt"
|
||||
|
||||
|
||||
@@ -1,11 +1,7 @@
|
||||
# Generated by Chef for <%= @host[:name] %>
|
||||
# FIXME: The files only exist after the certbot hook created them, meaning
|
||||
# we need to run Chef a second time
|
||||
<% if File.exist?("/opt/ejabberd/conf/#{@host[:name]}.crt") && File.exist?("/opt/ejabberd/conf/#{@host[:name]}.key") -%>
|
||||
certfiles:
|
||||
- "/opt/ejabberd/conf/<%= @host[:name] %>.crt"
|
||||
- "/opt/ejabberd/conf/<%= @host[:name] %>.key"
|
||||
<% end -%>
|
||||
host_config:
|
||||
"<%= @host[:name] %>":
|
||||
sql_type: pgsql
|
||||
@@ -19,7 +15,6 @@ host_config:
|
||||
ldap_rootdn: "<%= @ldap_rootdn %>"
|
||||
ldap_password: "<%= @host[:ldap_password] %>"
|
||||
ldap_encrypt: <%= @ldap_encryption_type %>
|
||||
ldap_tls_verify: hard # when TLS is enabled, don't proceed if a cert is invalid
|
||||
ldap_base: "ou=<%= @host[:name] %>,<%= @ldap_base %>"
|
||||
ldap_filter: "(objectClass=person)"
|
||||
<% end -%>
|
||||
|
||||
Reference in New Issue
Block a user