#
# Cookbook:: kosmos-ejabberd
# Recipe:: default
#

ejabberd_credentials = data_bag_item("credentials", "ejabberd")

ejabberd_version = node["ejabberd"]["version"]
package_checksum = node["ejabberd"]["checksum"]
package_path = "#{Chef::Config['file_cache_path']}/ejabberd_#{ejabberd_version}_amd64.deb"

remote_file package_path do
  source "https://github.com/processone/ejabberd/releases/download/#{ejabberd_version}/ejabberd_#{ejabberd_version}-#{node["ejabberd"]["package_version"]}_amd64.deb"
  checksum package_checksum
  notifies :install, "dpkg_package[ejabberd]", :immediately
end

dpkg_package "ejabberd" do
  source package_path
  version ejabberd_version
  options '--force-confdef --force-confold'
  action :nothing
end

execute "update contrib modules" do
  command "ejabberdctl modules_update_specs"
end

%w[mod_s3_upload].each do |emod|
  execute "install #{emod}" do
    command "ejabberdctl module_install #{emod}"
    not_if { ::File.exist?("/opt/ejabberd/.ejabberd-modules/#{emod}/ebin") }
  end

  file "/opt/ejabberd/.ejabberd-modules/#{emod}/conf/#{emod}.yml" do
    action :delete
  end
end

file "/opt/ejabberd/.erlang.cookie" do
  mode "0400"
  owner "ejabberd"
  group "ejabberd"
  content ejabberd_credentials['erlang_cookie']
end

ejabberd_nodes = search(:node, "role:ejabberd")

ejabberd_nodes.each do |n|
  ip_address = n["knife_zero"]["host"]
  IPAddr.new ip_address
  hostsfile_entry ip_address do
    hostname n["hostname"]
    action :create
  end
rescue IPAddr::InvalidAddressError
  next
end

ejabberd_hostnames = ejabberd_nodes.map { |n| n["hostname"] }
file "/opt/ejabberd/.hosts.erlang" do
  mode "0644"
  owner "ejabberd"
  group "ejabberd"
  content ejabberd_hostnames.map{|h| "#{h}."}.join("\n")
end

ruby_block "configure ERLANG_NODE" do
  block do
    file = Chef::Util::FileEdit.new("/opt/ejabberd/conf/ejabberdctl.cfg")
    file.search_file_replace_line(
      %r{#ERLANG_NODE=ejabberd@localhost},
      "ERLANG_NODE=ejabberd@#{node['name']}"
    )
    file.write_file
  end
end

postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')

hosts = [
  {
    name: "kosmos.org",
    sql_database: "ejabberd",
    ldap_enabled: true,
    ldap_password: ejabberd_credentials['kosmos_ldap_password'],
    append_host_config: <<-EOF
    modules:
      mod_disco:
        extra_domains:
          - kosmos.chat
        server_info:
          -
            modules: all
            name: "abuse-addresses"
            urls: ["mailto:abuse@kosmos.org"]
      mod_muc:
        host: kosmos.chat
        access:
          - allow
        access_admin:
          - allow: admin
        access_create: muc_create
        access_persistent: muc_create
        access_register: muc_create
        max_user_conferences: 1000
        default_room_options:
          mam: true
        preload_rooms: true
                EOF
  },
  {
    name: "5apps.com",
    sql_database: "ejabberd_5apps",
    ldap_enabled: true,
    ldap_password: ejabberd_credentials['5apps_ldap_password'],
    append_host_config: <<-EOF
    modules:
      mod_disco:
        extra_domains:
          - muc.5apps.com
        server_info:
          -
            modules: all
            name: "abuse-addresses"
            urls: ["mailto:mail@5apps.com"]
      mod_muc:
        host: "muc.@HOST@"
        access:
          - allow: local
        access_admin:
          - allow: admin
        access_create: muc_create
        access_persistent: muc_create
        access_register: muc_create
        max_user_conferences: 1000
        default_room_options:
          anonymous: false
          public: true
          members_only: true
          public_list: false
          persistent: true
          mam: true
        preload_rooms: true
                EOF
  }
]

ldap_domain = node['kosmos-dirsrv']['master_hostname']
ldap_encryption_type = "none"
ldap_base = "cn=users,dc=kosmos,dc=org"

admin_users = ejabberd_credentials['admins']

hosts.each do |host|
  ldap_rootdn = "uid=service,ou=#{host[:name]},cn=applications,dc=kosmos,dc=org"

  template "/opt/ejabberd/conf/#{host[:name]}.yml" do
    source    "vhost.yml.erb"
    mode      0640
    owner     'ejabberd'
    group     'ejabberd'
    sensitive true
    variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password'],
              sql_server: "pg.kosmos.local",
              host: host,
              ldap_base: ldap_base,
              ldap_server: ldap_domain,
              ldap_rootdn: ldap_rootdn,
              ldap_encryption_type: ldap_encryption_type
    notifies :reload, "service[ejabberd]", :delayed
  end
end

akkounts_ip_addresses = []
search(:node, "role:akkounts").each do |n|
  akkounts_ip_addresses << n["knife_zero"]["host"]
end

template "/opt/ejabberd/conf/ejabberd.yml" do
  source    "ejabberd.yml.erb"
  mode      0640
  sensitive true
  variables hosts: hosts,
            admin_users: admin_users,
            stun_auth_realm: node["ejabberd"]["stun_auth_realm"],
            stun_secret: ejabberd_credentials['stun_secret'],
            turn_ip_address: node["ejabberd"]["turn_ip_address"],
            stun_turn_port: node["ejabberd"]["stun_turn_port"],
            turn_min_port: node["ejabberd"]["turn_min_port"],
            turn_max_port: node["ejabberd"]["turn_max_port"],
            private_ip_address: node["knife_zero"]["host"],
            akkounts_ip_addresses: akkounts_ip_addresses,
            mod_s3_upload: {
              region: "garage",
              bucket_url: "https://#{node["garage"]["xmpp_upload_bucket"]}.#{node["garage"]["s3_api_root_domain"]}",
              download_url: "https://media.kosmos.chat",
              key_id: ejabberd_credentials['s3_key_id'],
              secret_key: ejabberd_credentials['s3_secret_key']
            }
  notifies :reload, "service[ejabberd]", :delayed
end

service "ejabberd" do
  action [:enable, :start]
end

unless node.chef_environment == "development"
  include_recipe "kosmos-ejabberd::firewall"
end

firewall_rule 'ejabberd_http' do
  port     [80]
  source   "10.1.1.0/24"
  protocol :tcp
  command  :allow
end