kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Compare commits

base: kosmos:49d01991fd1e1e6ddd8803ed5f15db5488755626
Branches Tags
kosmos:master kosmos:feature/237-gitea_ssh_signing kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish
...
compare: kosmos:55eb95ae73820acd7ca57aa15e4fa629f5e1e993
Branches Tags
kosmos:feature/237-gitea_ssh_signing kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish

2 Commits
49d01991fd ... 55eb95ae73

Author SHA1 Message Date
Greg Karékinian
55eb95ae73 Verify the TLS server's certificate 
Do not proceed if a certificate is invalid
 2020-02-14 13:56:52 +01:00
Greg Karékinian
dc1226073c Move the admin users to the ejabberd encrypted data bag 2020-02-14 13:56:17 +01:00
3 changed files with 12 additions and 11 deletions
Expand all files Collapse all files

13
data_bags/credentials/ejabberd.json
View File

@@ -1,9 +1,16 @@
{
"id": "ejabberd",
"5apps_ldap_password": {
"encrypted_data": "NjlYL0mMpXmLP2pk1ZSo5mWt+qosx7eh7+duoPc57avQGwPJ6Vxb\n",
"iv": "q/py5XYCEXARUEA9\n",
"auth_tag": "4xoSjTjLYNzuLvoksf3Thw==\n",
"encrypted_data": "LRafA47WMyuQe5KA4oOc6i/pTflwpG8Gq8v7cvsTr51XwJD62i9L\n",
"iv": "CSvV2mbofDQP4T42\n",
"auth_tag": "PERdYnrFKGs+HaPBD6Um+A==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"admins": {
"encrypted_data": "D1fEa5S7ADU4tornw/FdcDifE6CzqM6TrLliWYxQ1AxwAuewdh0G2OfgjKOt\nvvibgIEMkr83FkX4La2wOjW8X6/DpBiyeys9RznVD4s0jmSaCG7qGHask3+R\nFLRl0gcYFCPkQopIAYihjnwvm9t1MwPXPF9c7B7rN5W2VvctQ9OEN3MgboHl\n",
"iv": "IgodYNr3muNTfkhX\n",
"auth_tag": "OJ42GSFtEp/KCxSIGhdbVg==\n",
"version": 3,
"cipher": "aes-256-gcm"
}

9
site-cookbooks/kosmos-ejabberd/recipes/default.rb
View File

@@ -122,14 +122,7 @@ ldap_domain = node['kosmos-dirsrv']['master_hostname']
ldap_encryption_type = node.chef_environment == "development" ? "none" : "tls"
ldap_base = "cn=users,dc=kosmos,dc=org"
admin_users = [
"greg@5apps.com",
"sebastian@5apps.com",
"garret@5apps.com",
"raucao@kosmos.org",
"greg@kosmos.org",
"galfert@kosmos.org"
]
admin_users = ejabberd_credentials['admins']
template "/opt/ejabberd/conf/ejabberd.yml" do
source "ejabberd.yml.erb"

1
site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
View File

@@ -25,6 +25,7 @@ host_config:
ldap_rootdn: "cn=xmpp,ou=<%= host[:name] %>,<%= @ldap_base %>"
ldap_password: "<%= host[:ldap_password] %>"
ldap_encrypt: <%= @ldap_encryption_type %>
ldap_tls_verify: hard # when TLS is enabled, don't proceed if a cert is invalid
ldap_base: "ou=<%= host[:name] %>,<%= @ldap_base %>"
ldap_filter: "(nsRole=cn=xmpp_role,ou=<%= host[:name] %>,<%= @ldap_base %>)"
<% end -%>