kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 26 Pull Requests 2 Projects 2 Activity
chef/site-cookbooks/kosmos-ejabberd/recipes/default.rb
Râu Cao 14e04d77a9
Activate real-time MUC blocklist module
2023-04-19 17:32:15 +02:00

215 lines
6.0 KiB
Ruby
Raw Blame History

#
# Cookbook:: kosmos-ejabberd
# Recipe:: default
#
ejabberd_credentials = data_bag_item("credentials", "ejabberd")
ejabberd_version = node["kosmos-ejabberd"]["version"]
package_checksum = node["kosmos-ejabberd"]["checksum"]
package_path = "#{Chef::Config['file_cache_path']}/ejabberd_#{ejabberd_version}_amd64.deb"
remote_file package_path do
source "https://github.com/processone/ejabberd/releases/download/#{ejabberd_version}/ejabberd_#{ejabberd_version}-#{node["kosmos-ejabberd"]["package_version"]}_amd64.deb"
checksum package_checksum
notifies :install, "dpkg_package[ejabberd]", :immediately
end
dpkg_package "ejabberd" do
source package_path
version ejabberd_version
options '--force-confdef --force-confold'
action :nothing
end
file "/opt/ejabberd/.erlang.cookie" do
mode "0400"
owner "ejabberd"
group "ejabberd"
content ejabberd_credentials['erlang_cookie']
end
ejabberd_nodes = search(:node, "role:ejabberd")
ejabberd_nodes.each do |n|
ip_address = n["knife_zero"]["host"]
IPAddr.new ip_address
hostsfile_entry ip_address do
hostname n["hostname"]
action :create
end
rescue IPAddr::InvalidAddressError
next
end
ejabberd_hostnames = ejabberd_nodes.map { |n| n["hostname"] }
file "/opt/ejabberd/.hosts.erlang" do
mode "0644"
owner "ejabberd"
group "ejabberd"
content ejabberd_hostnames.map{|h| "#{h}."}.join("\n")
end
ruby_block "configure ERLANG_NODE" do
block do
file = Chef::Util::FileEdit.new("/opt/ejabberd/conf/ejabberdctl.cfg")
file.search_file_replace_line(
%r{#ERLANG_NODE=ejabberd@localhost},
"ERLANG_NODE=ejabberd@#{node['name']}"
)
file.write_file
end
end
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
hosts = [
{
name: "kosmos.org",
sql_database: "ejabberd",
ldap_enabled: true,
ldap_password: ejabberd_credentials['kosmos_ldap_password'],
append_host_config: <<-EOF
modules:
mod_disco:
extra_domains:
- kosmos.chat
server_info:
-
modules: all
name: "abuse-addresses"
urls: ["mailto:abuse@kosmos.org"]
mod_muc:
host: kosmos.chat
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_register: muc_create
max_user_conferences: 1000
default_room_options:
mam: true
preload_rooms: true
mod_muc_rtbl: {}
mod_http_upload:
put_url: "https://uploads.kosmos.chat/8af2c77"
external_secret: "#{ejabberd_credentials["uploads_secret"]}"
max_size: 104857600
thumbnail: false # otherwise needs the identify command from ImageMagick installed
EOF
},
{
name: "5apps.com",
sql_database: "ejabberd_5apps",
ldap_enabled: true,
ldap_password: ejabberd_credentials['5apps_ldap_password'],
append_host_config: <<-EOF
modules:
mod_disco:
extra_domains:
- muc.5apps.com
server_info:
-
modules: all
name: "abuse-addresses"
urls: ["mailto:mail@5apps.com"]
mod_muc:
host: "muc.@HOST@"
access:
- allow: local
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_register: muc_create
max_user_conferences: 1000
default_room_options:
anonymous: false
public: true
members_only: true
public_list: false
persistent: true
mam: true
preload_rooms: true
mod_muc_rtbl: {}
mod_http_upload:
put_url: "https://uploads.kosmos.chat/2802cfe"
external_secret: "#{ejabberd_credentials["uploads_secret"]}"
max_size: 104857600
thumbnail: false # otherwise needs the identify command from ImageMagick installed
EOF
}
]
ldap_domain = node['kosmos-dirsrv']['master_hostname']
ldap_encryption_type = "none"
ldap_base = "cn=users,dc=kosmos,dc=org"
admin_users = ejabberd_credentials['admins']
hosts.each do |host|
ldap_rootdn = "uid=service,ou=#{host[:name]},cn=applications,dc=kosmos,dc=org"
template "/opt/ejabberd/conf/#{host[:name]}.yml" do
source "vhost.yml.erb"
mode 0640
owner 'ejabberd'
group 'ejabberd'
sensitive true
variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password'],
sql_server: "pg.kosmos.local",
host: host,
ldap_base: ldap_base,
ldap_server: ldap_domain,
ldap_rootdn: ldap_rootdn,
ldap_encryption_type: ldap_encryption_type
notifies :reload, "service[ejabberd]", :delayed
end
end
akkounts_ip_addresses = []
search(:node, "role:akkounts").each do |n|
akkounts_ip_addresses << n["knife_zero"]["host"]
end
template "/opt/ejabberd/conf/ejabberd.yml" do
source "ejabberd.yml.erb"
mode 0640
sensitive true
variables hosts: hosts,
admin_users: admin_users,
stun_auth_realm: "kosmos.org",
stun_secret: ejabberd_credentials['stun_secret'],
turn_ip_address: node["kosmos-ejabberd"]["turn_ip_address"],
stun_turn_port: node["kosmos-ejabberd"]["stun_turn_port"],
turn_min_port: node["kosmos-ejabberd"]["turn_min_port"],
turn_max_port: node["kosmos-ejabberd"]["turn_max_port"],
private_ip_address: node["knife_zero"]["host"],
akkounts_ip_addresses: akkounts_ip_addresses
notifies :reload, "service[ejabberd]", :delayed
end
service "ejabberd" do
action [:enable, :start]
end
unless node.chef_environment == "development"
include_recipe "kosmos-ejabberd::firewall"
end
firewall_rule 'ejabberd_http' do
port [80]
source "10.1.1.0/24"
protocol :tcp
command :allow
end
#
# Tor hidden service
#
# The attributes for the hidden service are set in attributes/default.rb, due
# to the way the tor-full cookbook builds the path to the hidden service dir
include_recipe "tor-full"
Reference in New Issue View Git Blame Copy Permalink