# # Cookbook:: kosmos-ejabberd # Recipe:: default # ejabberd_credentials = data_bag_item("credentials", "ejabberd") ejabberd_version = node["kosmos-ejabberd"]["version"] package_checksum = node["kosmos-ejabberd"]["checksum"] package_path = "#{Chef::Config['file_cache_path']}/ejabberd_#{ejabberd_version}_amd64.deb" remote_file package_path do # TODO There is a -2 suffix on the filename now. Need to see why and if it # changes with new releases source "https://github.com/processone/ejabberd/releases/download/#{ejabberd_version}/ejabberd_#{ejabberd_version}-2_amd64.deb" checksum package_checksum notifies :install, "dpkg_package[ejabberd]", :immediately end dpkg_package "ejabberd" do source package_path version ejabberd_version options '--force-confdef --force-confold' action :nothing end file "/opt/ejabberd/.erlang.cookie" do mode "0400" owner "ejabberd" group "ejabberd" content ejabberd_credentials['erlang_cookie'] end ejabberd_nodes = search(:node, "role:ejabberd") ejabberd_nodes.each do |n| ip_address = n["knife_zero"]["host"] IPAddr.new ip_address hostsfile_entry ip_address do hostname n["hostname"] action :create end rescue IPAddr::InvalidAddressError next end ejabberd_hostnames = ejabberd_nodes.map { |n| n["hostname"] } file "/opt/ejabberd/.hosts.erlang" do mode "0644" owner "ejabberd" group "ejabberd" content ejabberd_hostnames.map{|h| "#{h}."}.join("\n") end ruby_block "configure ERLANG_NODE" do block do file = Chef::Util::FileEdit.new("/opt/ejabberd/conf/ejabberdctl.cfg") file.search_file_replace_line( %r{#ERLANG_NODE=ejabberd@localhost}, "ERLANG_NODE=ejabberd@#{node['name']}" ) file.write_file end end postgresql_data_bag_item = data_bag_item('credentials', 'postgresql') hosts = [ { name: "kosmos.org", sql_database: "ejabberd", ldap_enabled: true, ldap_password: ejabberd_credentials['kosmos_ldap_password'], append_host_config: <<-EOF modules: mod_disco: extra_domains: - kosmos.chat server_info: - modules: all name: "abuse-addresses" urls: ["mailto:abuse@kosmos.org"] mod_muc: host: kosmos.chat access: - allow access_admin: - allow: admin access_create: muc_create access_persistent: muc_create max_user_conferences: 1000 default_room_options: mam: true mod_http_upload: put_url: "https://uploads.kosmos.chat/8af2c77" external_secret: "#{ejabberd_credentials["uploads_secret"]}" max_size: 104857600 thumbnail: false # otherwise needs the identify command from ImageMagick installed EOF }, { name: "5apps.com", sql_database: "ejabberd_5apps", ldap_enabled: true, ldap_password: ejabberd_credentials['5apps_ldap_password'], append_host_config: <<-EOF modules: mod_disco: extra_domains: - muc.5apps.com server_info: - modules: all name: "abuse-addresses" urls: ["mailto:mail@5apps.com"] mod_muc: host: "muc.@HOST@" access: - allow: local access_admin: - allow: admin access_create: muc_create access_persistent: muc_create max_user_conferences: 1000 default_room_options: anonymous: false public: true members_only: true public_list: false persistent: true mam: true mod_http_upload: put_url: "https://uploads.kosmos.chat/2802cfe" external_secret: "#{ejabberd_credentials["uploads_secret"]}" max_size: 104857600 thumbnail: false # otherwise needs the identify command from ImageMagick installed EOF } ] ldap_domain = node['kosmos-dirsrv']['master_hostname'] ldap_encryption_type = "none" ldap_base = "cn=users,dc=kosmos,dc=org" admin_users = ejabberd_credentials['admins'] hosts.each do |host| ldap_rootdn = "uid=service,ou=#{host[:name]},cn=applications,dc=kosmos,dc=org" template "/opt/ejabberd/conf/#{host[:name]}.yml" do source "vhost.yml.erb" mode 0640 owner 'ejabberd' group 'ejabberd' sensitive true variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password'], sql_server: "pg.kosmos.local", host: host, ldap_base: ldap_base, ldap_server: ldap_domain, ldap_rootdn: ldap_rootdn, ldap_encryption_type: ldap_encryption_type notifies :reload, "service[ejabberd]", :delayed end end akkounts_ip_addresses = [] search(:node, "role:akkounts").each do |n| akkounts_ip_addresses << n["knife_zero"]["host"] end template "/opt/ejabberd/conf/ejabberd.yml" do source "ejabberd.yml.erb" mode 0640 sensitive true variables hosts: hosts, admin_users: admin_users, stun_auth_realm: "kosmos.org", stun_secret: ejabberd_credentials['stun_secret'], turn_ip_address: node["kosmos-ejabberd"]["turn_ip_address"], stun_turn_port: node["kosmos-ejabberd"]["stun_turn_port"], turn_min_port: node["kosmos-ejabberd"]["turn_min_port"], turn_max_port: node["kosmos-ejabberd"]["turn_max_port"], akkounts_ip_addresses: akkounts_ip_addresses notifies :reload, "service[ejabberd]", :delayed end # Set permissions for the upload folders %w(xmpp.kosmos.org xmpp.5apps.com).each do |domain| directory "/opt/ejabberd/uploads/#{domain}" do owner "ejabberd" group "ejabberd" mode 0750 recursive true end end service "ejabberd" do action [:enable, :start] end unless node.chef_environment == "development" include_recipe "kosmos-ejabberd::firewall" end # # Tor hidden service # # The attributes for the hidden service are set in attributes/default.rb, due # to the way the tor-full cookbook builds the path to the hidden service dir include_recipe "tor-full"