From c5532bd4fb8fafe74a98e13d7ae89a22ae18ee24 Mon Sep 17 00:00:00 2001 From: NorbiPeti Date: Sat, 25 May 2024 01:35:07 +0200 Subject: [PATCH] Set up the service, fixes --- conf/prosody.cfg.lua | 244 ------------------------------------------- conf/systemd.service | 14 +-- manifest.toml | 14 ++- scripts/install | 13 ++- 4 files changed, 30 insertions(+), 255 deletions(-) delete mode 100644 conf/prosody.cfg.lua diff --git a/conf/prosody.cfg.lua b/conf/prosody.cfg.lua deleted file mode 100644 index b7bd5ab..0000000 --- a/conf/prosody.cfg.lua +++ /dev/null @@ -1,244 +0,0 @@ --- Prosody Example Configuration File --- --- Information on configuring Prosody can be found on our --- website at https://prosody.im/doc/configure --- --- Tip: You can check that the syntax of this file is correct --- when you have finished by running this command: --- prosodyctl check config --- If there are any errors, it will let you know what and where --- they are, otherwise it will keep quiet. --- --- The only thing left to do is rename this file to remove the .dist ending, and fill in the --- blanks. Good luck, and happy Jabbering! - - ----------- Server-wide settings ---------- --- Settings in this section apply to the whole server and are the default settings --- for any virtual hosts - --- This is a (by default, empty) list of accounts that are admins --- for the server. Note that you must create the accounts separately --- (see https://prosody.im/doc/creating_accounts for info) --- Example: admins = { "user1@example.com", "user2@example.net" } -admins = { } - --- Enable use of libevent for better performance under high load --- For more information see: https://prosody.im/doc/libevent ---use_libevent = true - --- Prosody will always look in its source directory for modules, but --- this option allows you to specify additional locations where Prosody --- will look for modules first. For community modules, see https://modules.prosody.im/ --- For a local administrator it's common to place local modifications --- under /usr/local/ hierarchy: -plugin_paths = { "/usr/lib/__APP__/modules" } - --- This is the list of modules Prosody will load on startup. --- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. --- Documentation for bundled modules can be found at: https://prosody.im/doc/modules -modules_enabled = { - - -- Generally required - "roster"; -- Allow users to have a roster. Recommended ;) - "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. - "tls"; -- Add support for secure TLS on c2s/s2s connections - "dialback"; -- s2s dialback support - "disco"; -- Service discovery - - -- Not essential, but recommended - "carbons"; -- Keep multiple clients in sync - "pep"; -- Enables users to publish their avatar, mood, activity, playing music and more - "private"; -- Private XML storage (for room bookmarks, etc.) - "blocklist"; -- Allow users to block communications with other users - "vcard4"; -- User profiles (stored in PEP) - "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard - "limits"; -- Enable bandwidth limiting for XMPP connections - - -- Nice to have - "version"; -- Replies to server version requests - "uptime"; -- Report how long server has been running - "time"; -- Let others know the time here on this server - "ping"; -- Replies to XMPP pings with pongs - "register"; -- Allow users to register on this server using a client and change passwords - --"mam"; -- Store messages in an archive and allow users to access it - --"csi_simple"; -- Simple Mobile optimizations - - -- Admin interfaces - "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands - --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 - - -- HTTP modules - --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" - --"websocket"; -- XMPP over WebSockets - --"http_files"; -- Serve static files from a directory over HTTP - - -- Other specific functionality - "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. - --"groups"; -- Shared roster support - --"server_contact_info"; -- Publish contact information for this service - --"announce"; -- Send announcement to all online users - --"welcome"; -- Welcome users who register accounts - --"watchregistrations"; -- Alert admins of registrations - --"motd"; -- Send a message to users when they log in - --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. - --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use -} - --- These modules are auto-loaded, but should you want --- to disable them then uncomment them here: -modules_disabled = { - -- "offline"; -- Store offline messages - -- "c2s"; -- Handle client connections - -- "s2s"; -- Handle server-to-server connections -} - --- Disable account creation by default, for security --- For more information see https://prosody.im/doc/creating_accounts -allow_registration = false - --- Debian: --- Do not send the server to background, either systemd or start-stop-daemon take care of that. --- -daemonize = false; - --- Debian: --- Please, don't change this option since /run/prosody/ --- is one of the few directories Prosody is allowed to write to --- -pidfile = "/run/__APP__/__APP__.pid"; - --- Force clients to use encrypted connections? This option will --- prevent clients from authenticating unless they are using encryption. - -c2s_require_encryption = true - --- Force servers to use encrypted connections? This option will --- prevent servers from authenticating unless they are using encryption. - -s2s_require_encryption = true - --- Force certificate authentication for server-to-server connections? - -s2s_secure_auth = false - --- Some servers have invalid or self-signed certificates. You can list --- remote domains here that will not be required to authenticate using --- certificates. They will be authenticated using DNS instead, even --- when s2s_secure_auth is enabled. - ---s2s_insecure_domains = { "insecure.example" } - --- Even if you disable s2s_secure_auth, you can still require valid --- certificates for some domains by specifying a list here. - ---s2s_secure_domains = { "jabber.org" } - --- Enable rate limits for incoming client and server connections - -limits = { - c2s = { - rate = "10kb/s"; - }; - s2sin = { - rate = "30kb/s"; - }; -} - --- Select the authentication backend to use. The 'internal' providers --- use Prosody's configured data storage to store the authentication data. - -authentication = "internal_hashed" - --- Select the storage backend to use. By default Prosody uses flat files --- in its configured data directory, but it also supports more backends --- through modules. An "sql" backend is included by default, but requires --- additional dependencies. See https://prosody.im/doc/storage for more info. - ---storage = "sql" -- Default is "internal" (Debian: "sql" requires one of the --- lua-dbi-sqlite3, lua-dbi-mysql or lua-dbi-postgresql packages to work) - --- For the "sql" backend, you can uncomment *one* of the below to configure: ---sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. ---sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } ---sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } - - --- Archiving configuration --- If mod_mam is enabled, Prosody will store a copy of every message. This --- is used to synchronize conversations between multiple clients, even if --- they are offline. This setting controls how long Prosody will keep --- messages in the archive before removing them. - -archive_expires_after = "1w" -- Remove archived messages after 1 week - --- You can also configure messages to be stored in-memory only. For more --- archiving options, see https://prosody.im/doc/modules/mod_mam - --- Logging configuration --- For advanced logging see https://prosody.im/doc/logging --- --- Debian: --- Logs info and higher to /var/log --- Logs errors to syslog also -log = { - -- Log files (change 'info' to 'debug' for debug logs): - info = "/var/log/__APP__/__APP__.log"; - error = "/var/log/__APP__/__APP__.err"; - -- Syslog: - { levels = { "error" }; to = "syslog"; }; -} - --- Uncomment to enable statistics --- For more info see https://prosody.im/doc/statistics --- statistics = "internal" - --- Certificates --- Every virtual host and component needs a certificate so that clients and --- servers can securely verify its identity. Prosody will automatically load --- certificates/keys from the directory specified here. --- For more information, including how to use 'prosodyctl' to auto-import certificates --- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates - --- Location of directory to find certificates in (relative to main config file): -certificates = "certs" - --- HTTPS currently only supports a single certificate, specify it here: ---https_certificate = "/etc/prosody/certs/localhost.crt" - ------------ Virtual hosts ----------- --- You need to add a VirtualHost entry for each domain you wish Prosody to serve. --- Settings under each VirtualHost entry apply *only* to that host. --- It's customary to maintain VirtualHost entries in separate config files --- under /etc/prosody/conf.d/ directory. Examples of such config files can --- be found in /etc/prosody/conf.avail/ directory. - ------- Additional config files ------ --- For organizational purposes you may prefer to add VirtualHost and --- Component definitions in their own config files. This line includes --- all config files in /etc/prosody/conf.d/ - -VirtualHost "localhost" - ---VirtualHost "example.com" --- certificate = "/path/to/example.crt" - ------- Components ------ --- You can specify components to add hosts that provide special services, --- like multi-user conferences, and transports. --- For more information on components, see https://prosody.im/doc/components - ----Set up a MUC (multi-user chat) room server on conference.example.com: ---Component "conference.example.com" "muc" ---- Store MUC messages in an archive and allow users to access it ---modules_enabled = { "muc_mam" } - ----Set up an external component (default component port is 5347) --- --- External components allow adding various services, such as gateways/ --- transports to other networks like ICQ, MSN and Yahoo. For more info --- see: https://prosody.im/doc/components#adding_an_external_component --- ---Component "gateway.example.com" --- component_secret = "password" -Include "conf.d/*.cfg.lua" diff --git a/conf/systemd.service b/conf/systemd.service index 61d35a4..13bd012 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,8 +1,8 @@ [Unit] ### see man systemd.unit -Description=Prosody XMPP Server -After=network.target remote-fs.target postgresql.service mariadb.service mysql.service -Documentation=https://prosody.im/doc +Description=Snikket XMPP Server +After=network.target remote-fs.target +Documentation=https://snikket.org/service/help/ [Service] ### See man systemd.service ### @@ -11,11 +11,13 @@ Documentation=https://prosody.im/doc Type=simple # Not sure if this is needed for 'simple' -RuntimeDirectory=prosody -PIDFile=/run/__APP__/__APP__.pid +RuntimeDirectory=snikket + +# Load environment file used by Snikket +EnvironmentFile=/etc/snikket/environment # Start by executing the main executable -ExecStart=/usr/bin/__APP__ +ExecStart=/usr/local/bin/prosody ExecReload=/bin/kill -HUP $MAINPID diff --git a/manifest.toml b/manifest.toml index 646ab5e..a43d2ee 100644 --- a/manifest.toml +++ b/manifest.toml @@ -2,7 +2,7 @@ packaging_format = 2 id = "snikket" name = "Snikket" -description.en = "XMPP-based chat that is simple, secure, and private" +description.en = "Chat that is simple, secure, and private" version = "2024.02.21~ynh1" @@ -11,8 +11,9 @@ maintainers = ["NorbiPeti"] [upstream] license = "Apache" website = "https://snikket.org/" -admindoc = "https://snikket.org/service/quickstart/" +admindoc = "https://snikket.org/service/help/" code = "https://github.com/snikket-im/snikket-server/" +fund = "https://snikket.org/donate/" [integration] yunohost = ">= 11.2" @@ -28,6 +29,11 @@ ram.build = "50M" ram.runtime = "50M" [install] + [install.domain] + # this is a generic question - ask strings are automatically handled by YunoHost's core + type = "domain" + [install.admin] + type = "user" [resources] [resources.sources.main] @@ -46,11 +52,11 @@ ram.runtime = "50M" [resources.data_dir] - [resources.ports] + [resources.ports] # TODO file.default=5000 client.default=5222 server.default=5269 - http.default=5280 + xmpp.default=5280 https.default=5281 component.default=5347 telnet.default=5582 diff --git a/scripts/install b/scripts/install index 15018d4..5f98cf4 100755 --- a/scripts/install +++ b/scripts/install @@ -97,6 +97,17 @@ do cp -r "$snikketdir/snikket-modules/$module" "/etc/$app/modules/$module" done < "../sources/snikket-modules.txt" +#================================================= +# SETUP SNIKKET CONFIG +#================================================= +ynh_script_progression --message="Updating Snikket configuration..." + +# TODO: The admin email won't work for subdomains +cat >/etc/snikket/environment <