From 74cf26846eab6b5ebc0a0f89f76dd1dbf93a7dcd Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Tue, 12 Jan 2021 18:06:16 +0100
Subject: [PATCH] Fix ejabberd API permission for akkounts VMs

It should have been using a /32, not a /8 subnet, in order to only allow
the akkounts VM(s) to use the API endpoints without further
authorization.
---
 site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
index e1dca82..a46759d 100644
--- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
@@ -177,7 +177,7 @@ api_permissions:
   "akkounts":
     who:
 <% @akkounts_ip_addresses.each do |ip| -%>
-      - ip: "<%= ip %>/8"
+      - ip: "<%= ip %>/32"
 <% end -%>
     what:
       - "add_rosteritem"
-- 
2.25.1