From 42de0ace18f7ffcf585ad4f62a632cb8a5656c59 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 3 Dec 2016 11:18:19 +0000 Subject: [PATCH] Improve xmpp config --- src/freedombone-app-xmpp | 119 +++++++++++++++++++++++++++++++++------ 1 file changed, 101 insertions(+), 18 deletions(-) diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp index 272d81d7..576a6f2f 100755 --- a/src/freedombone-app-xmpp +++ b/src/freedombone-app-xmpp @@ -316,6 +316,86 @@ function xmpp_email_headers { done } +function xmpp_modules { + filename=$1 + echo 'modules_enabled = {' >> $filename + echo ' "dialback"; -- s2s dialback support' >> $filename + echo ' "disco"; -- Service discovery' >> $filename + echo ' "private"; -- Private XML storage (for room bookmarks, etc.)' >> $filename + echo ' "vcard"; -- Allow users to set vCards' >> $filename + echo ' "version"; -- Replies to server version requests' >> $filename + echo ' "uptime"; -- Report how long server has been running' >> $filename + echo ' "time"; -- Let others know the time here on this server' >> $filename + echo ' "ping"; -- Replies to XMPP pings with pongs' >> $filename + echo ' "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands' >> $filename + echo ' "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.' >> $filename + echo ' "bosh"; -- Enable mod_bosh' >> $filename + echo ' "tls"; -- Enable mod_tls' >> $filename + echo ' "saslauth"; -- Enable mod_saslauth' >> $filename + echo ' "onions"; -- Enable chat via onion service' >> $filename + echo ' "mam"; -- Message archive management' >> $filename + echo ' "csi"; -- Client state indication' >> $filename + echo ' "carbons"; -- Message carbons' >> $filename + echo ' "smacks"; -- Stream management' >> $filename + echo ' "smacks_offline"; -- Stream management' >> $filename + echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename + echo ' "privacy"; -- Privacy lists' >> $filename + echo ' "privacy_lists"; -- Privacy lists' >> $filename + echo ' "blocking"; -- Blocking command' >> $filename + echo ' "roster"; -- Roster versioning' >> $filename + echo ' "offline_email"; -- If offline send to email' >> $filename + echo ' "offline"; -- Store offline messages' >> $filename + echo '};' >> $filename +} + +function xmpp_create_config { + echo "admins = { \"$MY_USERNAME@$DEFAULT_DOMAIN_NAME\" }" > /etc/prosody/prosody.cfg.lua + echo '' >> /etc/prosody/prosody.cfg.lua + xmpp_modules /etc/prosody/prosody.cfg.lua + echo '' >> /etc/prosody/prosody.cfg.lua + echo 'allow_registration = false;' >> /etc/prosody/prosody.cfg.lua + echo '' >> /etc/prosody/prosody.cfg.lua + echo 'daemonize = true;' >> /etc/prosody/prosody.cfg.lua + echo '' >> /etc/prosody/prosody.cfg.lua + echo 'pidfile = "/var/run/prosody/prosody.pid";' >> /etc/prosody/prosody.cfg.lua + echo '' >> /etc/prosody/prosody.cfg.lua + echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua + echo " key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua + echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua + echo " curve = \"$XMPP_ECC_CURVE\";" >> /etc/prosody/prosody.cfg.lua + echo ' depth = "1";' >> /etc/prosody/prosody.cfg.lua + echo " ciphers = \"$XMPP_CIPHERS\";" >> /etc/prosody/prosody.cfg.lua + echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua + echo " dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua + echo '}' >> /etc/prosody/prosody.cfg.lua + echo '' >> /etc/prosody/prosody.cfg.lua + echo 'c2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua + echo 's2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua + echo '' >> /etc/prosody/prosody.cfg.lua + echo 's2s_secure_auth = false' >> /etc/prosody/prosody.cfg.lua + echo '' >> /etc/prosody/prosody.cfg.lua + echo 'authentication = "internal_hashed"' >> /etc/prosody/prosody.cfg.lua + echo '' >> /etc/prosody/prosody.cfg.lua + echo 'log = {' >> /etc/prosody/prosody.cfg.lua + echo ' info = "/dev/null";' >> /etc/prosody/prosody.cfg.lua + echo ' error = "/dev/null";' >> /etc/prosody/prosody.cfg.lua + echo ' { levels = { "error" }; to = "/dev/null"; };' >> /etc/prosody/prosody.cfg.lua + echo '}' >> /etc/prosody/prosody.cfg.lua + echo '' >> /etc/prosody/prosody.cfg.lua + echo 'VirtualHost "${DEFAULT_DOMAIN_NAME}"' >> /etc/prosody/prosody.cfg.lua + echo ' ssl = {' >> /etc/prosody/prosody.cfg.lua + echo " key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua + echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua + echo " curve = \"$XMPP_ECC_CURVE\";" >> /etc/prosody/prosody.cfg.lua + echo ' depth = "1";' >> /etc/prosody/prosody.cfg.lua + echo " ciphers = \"$XMPP_CIPHERS\";" >> /etc/prosody/prosody.cfg.lua + echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua + echo " dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua + echo ' }' >> /etc/prosody/prosody.cfg.lua + echo '' >> /etc/prosody/prosody.cfg.lua + echo 'Include "conf.d/*.cfg.lua"' >> /etc/prosody/prosody.cfg.lua +} + function install_xmpp_main { update_prosody_modules @@ -411,27 +491,23 @@ function install_xmpp_main { if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "mam"; -- Message archive management' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "csi"; -- Client state indication' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "carbons"; -- Message carbons' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "smacks"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "smacks_offline"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "privacy"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "privacy_lists"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "blocking"; -- Blocking command' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "roster"; -- Roster versioning' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo ' "offline_email"; -- If offline send to email' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua - echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua + xmpp_modules /etc/prosody/conf.avail/xmpp.cfg.lua + fi + echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua + if ! grep -q "c2s_require_encryption" /etc/prosody/conf.avail/xmpp.cfg.lua; then echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua + else + sed -i 's|c2s_require_encryption.*|c2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua + fi + if ! grep -q "s2s_require_encryption" /etc/prosody/conf.avail/xmpp.cfg.lua; then echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua + else + sed -i 's|s2s_require_encryption.*|s2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua + fi + if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/conf.avail/xmpp.cfg.lua; then echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua + else + sed -i 's|allow_unencrypted_plain_auth.*|allow_unencrypted_plain_auth = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua fi ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua @@ -527,6 +603,13 @@ function install_xmpp_main { chown -R prosody:default /etc/prosody update_default_domain + xmpp_create_config + if [ ! -d /etc/prosody/conf.d ]; then + mkdir /etc/prosody/conf.d + fi + chmod -R 700 /etc/prosody/conf.d + chown -R prosody /etc/prosody/conf.d + systemctl restart prosody install_completed xmpp_main