free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
freedombone/src/freedombone-app-xmpp

1036 lines
42 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# XMPP functions
#
# License
# =======
#
# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim chat'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
# Directory where XMPP settings are stored
XMPP_DIRECTORY="/var/lib/prosody"
XMPP_PASSWORD=
XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"'
XMPP_ECC_CURVE='"secp384r1"'
prosody_latest_version='0.10'
prosody_nightly=382
prosody_nightly_hash='770f1a0466f2361184eebffac9f50c102ad842cd855190db6c7f42f2f09884f5'
prosody_filename=prosody-${prosody_latest_version}-1nightly${prosody_nightly}
prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/latest/${prosody_filename}.tar.gz"
# From https://hg.prosody.im/prosody-modules
prosody_modules_filename='prosody-modules-20170514.tar.gz'
prosody_modules_hash='ef404c203317cc0de6da7aaec4f21765a57f630adfbf082cf2dd92b881c15f86'
LIBMESODE_REPO="https://github.com/boothj5/libmesode"
LIBMESODE_COMMIT='e3db0e9bfba61b2d82193874343a94a88f910800'
PROFANITY_REPO="https://github.com/boothj5/profanity"
PROFANITY_COMMIT='2fafaec8a7dc9bc01ee894d83214590598b32914'
PROFANITY_OMEMO_PLUGIN_REPO="https://github.com/ReneVolution/profanity-omemo-plugin"
PROFANITY_OMEMO_PLUGIN_COMMIT='3ec8ec173656bed9761b740b086123e07c749548'
xmpp_variables=(ONION_ONLY
INSTALLED_WITHIN_DOCKER
XMPP_CIPHERS
XMPP_ECC_CURVE
XMPP_ECC_CURVE
MY_USERNAME
DEFAULT_DOMAIN_NAME
XMPP_DOMAIN_CODE)
function xmpp_add_onion_address {
domain_name="$1"
onion_address="$2"
if [ ${#domain_name} -eq 0 ]; then
return
fi
if [ ${#onion_address} -eq 0 ]; then
return
fi
if grep -q "[\"${domain_name}\"]" /etc/prosody/prosody.cfg.lua; then
sed -i "s|[\"${domain_name}\"].*|[\"${domain_name}\"] = \"${onion_address}\";|g" /etc/prosody/prosody.cfg.lua
else
sed -i "/onions_map = {/a [\"${domain_name}\"] = \"${onion_address}\";" /etc/prosody/prosody.cfg.lua
fi
systemctl restart prosody
}
function xmpp_add_onion_address_interactive {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Add an ICANN to Onion domain mapping" \
--form $"Sepecify an ICANN domain name and its equivalent onion address\n" 9 50 2 \
$"Domain:" 1 1 "" 1 18 26 25 \
$"Onion address:" 2 1 "" 2 18 26 25 \
2> $data
sel=$?
case $sel in
1) return;;
255) return;;
esac
domain_name=$(cat $data | sed -n 1p)
onion_address=$(cat $data | sed -n 2p)
if [[ "$onion_address" != *".onion" ]]; then
return
fi
if [[ "$domain_name" != *"."* ]]; then
return
fi
xmpp_add_onion_address "$domain_name" "$onion_address"
dialog --title $"Add an ICANN to Onion domain mapping" \
--msgbox $"${domain_name} -> ${onion_address} added" 6 70
}
function xmpp_remove_onion_address {
domain_name="$1"
if [ ${#domain_name} -eq 0 ]; then
return
fi
if grep -q "[\"${domain_name}\"]" /etc/prosody/prosody.cfg.lua; then
sed -i "/[\"${domain_name}\"]/d" /etc/prosody/prosody.cfg.lua
fi
if grep -q "= \"${domain_name}\";" /etc/prosody/prosody.cfg.lua; then
sed -i "/= \"${domain_name}\";/d" /etc/prosody/prosody.cfg.lua
fi
systemctl restart prosody
}
function xmpp_remove_onion_address_interactive {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --title $"Remove ICANN to Onion domain mapping" \
--backtitle $"Freedombone Control Panel" \
--inputbox $'Enter the domain name or onion address to be removed' 8 60 2>$data
sel=$?
case $sel in
0) domain_name=$(<$data)
if [[ "$domain_name" != *"."* ]]; then
return
fi
xmpp_remove_onion_address "$domain_name"
dialog --title $"Remove an ICANN to Onion domain mapping" \
--msgbox $"${domain_name} removed" 6 70
;;
esac
}
function configure_interactive_xmpp {
while true
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"XMPP" \
--radiolist $"Choose an operation:" 12 70 3 \
1 $"Add an ICANN to onion domain mapping" off \
2 $"Remove an ICANN to onion domain mapping" off \
3 $"Return to administrator control panel" on 2> $data
sel=$?
case $sel in
1) return;;
255) return;;
esac
case $(cat $data) in
1) xmpp_add_onion_address_interactive;;
2) xmpp_remove_onion_address_interactive;;
3) break;;
esac
done
}
function remove_user_xmpp {
remove_username="$1"
${PROJECT_NAME}-pass -u $remove_username --rmapp xmpp
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
if [[ $ONION_ONLY != "no" ]]; then
${PROJECT_NAME}-rmxmpp -e "${remove_username}@${XMPP_ONION_HOSTNAME}"
else
${PROJECT_NAME}-rmxmpp -e "${remove_username}@${HOSTNAME}"
fi
}
function add_user_xmpp_client {
new_username="$1"
new_user_password="$2"
if [ -f /usr/local/bin/profanity ]; then
XMPP_CLIENT_DIR=/home/$new_username/.local/share/profanity
XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
if [ ! -d $XMPP_CLIENT_DIR ]; then
mkdir -p $XMPP_CLIENT_DIR
fi
if [ ! -d /home/$new_username/.config/profanity ]; then
mkdir -p /home/$new_username/.config/profanity
fi
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$new_username" "$new_username@$HOSTNAME")
echo "[${new_username}@${HOSTNAME}]" > $XMPP_CLIENT_ACCOUNTS
echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
echo "jid=${new_username}@${HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS
echo "pgp.keyid=$GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS
echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
echo "muc.service=conference.${HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
echo "muc.nick=${new_username}" >> $XMPP_CLIENT_ACCOUNTS
echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
echo '[connection]' > /home/$new_username/.config/profanity/profrc
if [[ $ONION_ONLY != "no" ]]; then
echo "account=${new_username}@${XMPP_ONION_HOSTNAME}" >> /home/$new_username/.config/profanity/profrc
else
echo "account=${new_username}@${HOSTNAME}" >> /home/$new_username/.config/profanity/profrc
fi
echo '' >> /home/$new_username/.config/profanity/profrc
echo '[plugins]' >> /home/$new_username/.config/profanity/profrc
echo 'load=prof_omemo_plugin.py;' >> /home/$new_username/.config/profanity/profrc
echo '' >> /home/$new_username/.config/profanity/profrc
echo '[otr]' >> /home/$new_username/.config/profanity/profrc
echo 'policy=opportunistic' >> /home/$new_username/.config/profanity/profrc
echo 'log=off' >> /home/$new_username/.config/profanity/profrc
echo '' >> /home/$new_username/.config/profanity/profrc
echo '[pgp]' >> /home/$new_username/.config/profanity/profrc
echo 'log=off' >> /home/$new_username/.config/profanity/profrc
echo '' >> /home/$new_username/.config/profanity/profrc
echo '[ui]' >> /home/$new_username/.config/profanity/profrc
echo 'enc.warn=true' >> /home/$new_username/.config/profanity/profrc
chown -R $new_username:$new_username /home/$new_username/.local
chown -R $new_username:$new_username /home/$new_username/.config
fi
}
function add_user_xmpp {
new_username="$1"
new_user_password="$2"
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
${PROJECT_NAME}-pass -u $new_username -a xmpp -p "$new_user_password"
if [[ $ONION_ONLY != "no" ]]; then
${PROJECT_NAME}-addxmpp -e "$new_username@$XMPP_ONION_HOSTNAME" -p "$new_user_password"
else
${PROJECT_NAME}-addxmpp -e "$new_username@$HOSTNAME" -p "$new_user_password"
fi
if [ ! "$?" = "0" ]; then
echo '1'
return
fi
add_user_xmpp_client "$new_username" "$new_user_password"
echo '0'
}
function install_interactive_xmpp {
echo -n ''
APP_INSTALLED=1
}
function change_password_xmpp {
curr_username="$1"
new_user_password="$2"
read_config_param DEFAULT_DOMAIN_NAME
${PROJECT_NAME}-pass -u $curr_username -a xmpp -p "$new_user_password"
# TODO: this is currently interactive. Really there needs to be a
# non-interactive password change option for prosodyctl
clear
echo ''
echo $'Currently Prosody requires password changes to be done interactively'
prosodyctl passwd ${curr_username}@${DEFAULT_DOMAIN_NAME}
if [ -f /usr/local/bin/profanity ]; then
XMPP_CLIENT_DIR=/home/$curr_username/.local/share/profanity
XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
if [ -f $XMPP_CLIENT_ACCOUNTS ]; then
sed -i "s|password=.*|password=$new_user_password|g" $XMPP_CLIENT_ACCOUNTS
fi
fi
}
function reconfigure_xmpp {
echo -n ''
}
function update_prosody_modules {
if [ ! $1 ]; then
if [ ! -d /var/lib/prosody/prosody-modules ]; then
return
fi
fi
if [ ! -d /usr/lib/prosody ]; then
return
fi
if [ ! -f $INSTALL_DIR/$prosody_modules_filename ]; then
# Obtain the modules
if [ -f ~/freedombone/image_build/$prosody_modules_filename ]; then
cp ~/freedombone/image_build/$prosody_modules_filename $INSTALL_DIR
else
if [ -f /home/$MY_USERNAME/freedombone/image_build/$prosody_modules_filename ]; then
cp /home/$MY_USERNAME/freedombone/image_build/$prosody_modules_filename $INSTALL_DIR
fi
fi
if [ -f $INSTALL_DIR/$prosody_modules_filename ]; then
cd $INSTALL_DIR
# Check the hash
curr_hash=$(sha256sum $INSTALL_DIR/$prosody_modules_filename | awk -F ' ' '{print $1}')
if [[ "$curr_hash" != "$prosody_modules_hash" ]]; then
echo $'Prosody modules hash does not match'
exit 83562
else
# Extract the modules
if [ -d $INSTALL_DIR/prosody-modules ]; then
rm -rf $INSTALL_DIR/prosody-modules
fi
tar -xzvf $prosody_modules_filename
if [ -d $INSTALL_DIR/prosody-modules ]; then
systemctl stop prosody
if [ ! -d /var/lib/prosody/prosody-modules ]; then
mkdir -p /var/lib/prosody/prosody-modules
fi
cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
chown -R prosody:prosody /var/lib/prosody/prosody-modules
systemctl start prosody
else
echo $'Prosody modules not extracted'
exit 72524
fi
fi
fi
fi
# change to using pep rather than profile modules
if grep '"pep"' /etc/prosody/prosody.cfg.lua; then
# This strange dance seems to fix occasional breakage of PEP
# Is there a better solution?
sed -i 's|"pep"|"profile"|g' /etc/prosody/prosody.cfg.lua
systemctl restart prosody
sleep 4
sed -i 's|"profile"|"pep"|g' /etc/prosody/prosody.cfg.lua
systemctl restart prosody
fi
if ! grep '"vcard"' /etc/prosody/prosody.cfg.lua; then
systemctl stop prosody
sed -i '/"pep"/a "vcard";' /etc/prosody/prosody.cfg.lua
systemctl start prosody
fi
}
function upgrade_xmpp {
if [ -d /etc/letsencrypt ]; then
usermod -a -G ssl-cert prosody
fi
function_check update_prosody_modules
update_prosody_modules
curr_prosody_filename=$(cat $COMPLETION_FILE | grep "prosody_filename" | awk -F ':' '{print $2}')
if [[ "$curr_prosody_filename" != "$prosody_filename" ]]; then
if [ -d ${INSTALL_DIR}/${prosody_filename} ]; then
# ensure that the binaries have not been overwritten
# by an operating system upgrade
cd ${INSTALL_DIR}/${prosody_filename}
make prefix=/usr install
else
cd $INSTALL_DIR
# Try to get the source from the project repo
if [ -f /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
cp /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
else
if [ -f /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
cp /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
else
wget $prosody_nightly_url
fi
fi
if [ ! -f ${INSTALL_DIR}/${prosody_filename}.tar.gz ]; then
echo $"Failed to download prosody nightly $prosody_nightly_url"
return
fi
hash_value=$(sha256sum ${INSTALL_DIR}/${prosody_filename}.tar.gz | awk -F ' ' '{print $1}')
if [[ "$hash_value" != "$prosody_nightly_hash" ]]; then
rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
echo $'Unexpected hash value for prosody nightly download'
return
fi
tar -xzvf ${INSTALL_DIR}/${prosody_filename}.tar.gz
cd ${INSTALL_DIR}/${prosody_filename}
./configure --ostype=debian --prefix=/usr
make prefix=/usr
make prefix=/usr install
if [ -f /usr/local/bin/prosody ]; then
echo $'Failed to build prosody nightly to /usr/bin'
rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
rm -rf ${INSTALL_DIR}/${prosody_filename}
return
fi
rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
fi
# add onion addresses for known servers
if ! grep -q "onions_map =" /etc/prosody/prosody.cfg.lua; then
echo '' >> /etc/prosody/prosody.cfg.lua
xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
fi
set_completion_param "prosody_filename" "${prosody_filename}"
fi
systemctl restart prosody
}
function backup_local_xmpp {
source_directory=/var/lib/prosody
if [ -d $source_directory ]; then
dest_directory=xmpp
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
fi
}
function restore_local_xmpp {
if [ -d /var/lib/prosody ]; then
echo $"Restoring xmpp settings"
temp_restore_dir=/root/tempxmpp
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir xmpp
cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
if [ ! "$?" = "0" ]; then
function_check set_user_permissions
set_user_permissions
function_check backup_unmount_drive
backup_unmount_drive
exit 725
fi
rm -rf $temp_restore_dir
systemctl restart prosody
chown -R prosody:prosody /var/lib/prosody/*
echo $"Restore of xmpp settings complete"
fi
}
function backup_remote_xmpp {
if [ -d /var/lib/prosody ]; then
echo $"Backing up the xmpp settings"
backup_directory_to_friend /var/lib/prosody xmpp
echo $"Backup of xmpp settings complete"
fi
}
function restore_remote_xmpp {
if [ -d /var/lib/prosody ]; then
echo $"Restoring xmpp settings"
temp_restore_dir=/root/tempxmpp
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir xmpp
cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
if [ ! "$?" = "0" ]; then
exit 725
fi
rm -rf $temp_restore_dir
systemctl restart prosody
chown -R prosody:prosody /var/lib/prosody/*
echo $"Restore of xmpp settings complete"
fi
}
function configure_firewall_for_xmpp {
if [ ! -d /etc/prosody ]; then
return
fi
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
firewall_add XMPP 5222 tcp
firewall_add XMPP 5223 tcp
firewall_add XMPP 5269 tcp
firewall_add XMPP 5280 tcp
firewall_add XMPP 5281 tcp
mark_completed $FUNCNAME
}
function remove_xmpp {
remove_profanity
remove_movim
firewall_remove 5222 tcp
firewall_remove 5223 tcp
firewall_remove 5269 tcp
firewall_remove 5280 tcp
firewall_remove 5281 tcp
function_check remove_onion_service
remove_onion_service xmpp 5222 5223 5269
apt-get -yq remove --purge prosody
if [ -f $INSTALL_DIR/$prosody_modules_filename ]; then
rm $INSTALL_DIR/$prosody_modules_filename
fi
if [ -d $INSTALL_DIR/prosody-modules ]; then
rm -rf $INSTALL_DIR/prosody-modules
fi
if [ -d /etc/prosody ]; then
rm -rf /etc/prosody
fi
if [ -d /var/lib/prosody ]; then
rm -rf /var/lib/prosody
fi
if [ -d /usr/lib/prosody ]; then
rm -rf /usr/lib/prosody
fi
if [ -f /usr/local/bin/prosody ]; then
rm /usr/local/bin/prosody
fi
if [ -f /usr/local/bin/prosodyctl ]; then
rm /usr/local/bin/prosodyctl
fi
groupdel prosody
remove_completion_param install_xmpp
sed -i '/xmpp/d' $COMPLETION_FILE
sed -i '/prosody/d' $COMPLETION_FILE
}
function xmpp_email_headers {
for d in /home/*/ ; do
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
if [ -f /home/$USERNAME/.muttrc ]; then
if ! grep -q "Jabber-ID" /home/$USERNAME/.muttrc; then
echo "my_hdr Jabber-ID: ${USERNAME}@${HOSTNAME}" >> /home/$USERNAME/.muttrc
fi
fi
fi
done
}
function xmpp_modules {
filename=$1
echo 'modules_enabled = {' >> $filename
echo ' "pubsub";' >> $filename
echo ' "pubsub_hub";' >> $filename
echo ' "dialback"; -- s2s dialback support' >> $filename
echo ' "disco"; -- Service discovery' >> $filename
echo ' "private"; -- Private XML storage (for room bookmarks, etc.)' >> $filename
echo ' "version"; -- Replies to server version requests' >> $filename
echo ' "uptime"; -- Report how long server has been running' >> $filename
echo ' "time"; -- Let others know the time here on this server' >> $filename
echo ' "ping"; -- Replies to XMPP pings with pongs' >> $filename
echo ' "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands' >> $filename
echo ' "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.' >> $filename
echo ' "bosh"; -- Enable mod_bosh' >> $filename
echo ' "tls"; -- Enable mod_tls' >> $filename
echo ' "saslauth"; -- Enable mod_saslauth' >> $filename
echo ' "onions"; -- Enable chat via onion service' >> $filename
echo ' "mam"; -- Message archive management' >> $filename
echo ' "csi"; -- Client state indication' >> $filename
echo ' "carbons"; -- Message carbons' >> $filename
echo ' "carbons_adhoc"; -- Message carbons' >> $filename
echo ' "carbons_copies"; -- Message carbons' >> $filename
echo ' "smacks"; -- Stream management' >> $filename
echo ' "smacks_offline"; -- Stream management' >> $filename
echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
echo ' "vcard"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
echo ' "e2e_policy"; -- To support OMEMO' >> $filename
echo ' "pep_vcard_avatar"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
echo ' "blocklist"; -- Privacy lists' >> $filename
echo ' "privacy_lists"; -- Privacy lists' >> $filename
echo ' "blocking"; -- Blocking command' >> $filename
echo ' "roster"; -- Roster versioning' >> $filename
echo ' "offline_email"; -- If offline send to email' >> $filename
echo ' "offline"; -- Store offline messages' >> $filename
echo ' "http";' >> $filename
echo ' "http_upload";' >> $filename
echo ' "websocket";' >> $filename
echo ' "throttle_presence"; -- Reduce battery and bandwidth usage' >> $filename
echo ' "filter_chatstates"; -- Reduce battery and bandwidth usage' >> $filename
echo '};' >> $filename
}
function xmpp_onion_addresses {
filename=$1
echo 'onions_map = {' >> $filename
echo ' ["anonymitaet-im-inter.net"] = "rwf5skuv5vqzcdit.onion";' >> $filename
echo ' ["autistici.org"] = "wi7qkxyrdpu5cmvr.onion";' >> $filename
echo ' ["jabber.calyxinstitute.org"] = "ijeeynrc6x2uy5ob.onion";' >> $filename
echo ' ["jabber.ccc.de"] = "okj7xc6j2szr2y75.onion";' >> $filename
echo ' ["cloak.dk"] = "m2dsl4banuimpm6c.onion";' >> $filename
echo ' ["jabber.cryptoparty.is"] = "cryjabkbdljzohnp.onion";' >> $filename
echo ' ["daemons.cf"] = "daemon4jidu2oig6.onion";' >> $filename
echo ' ["dukgo.com"] = "wlcpmruglhxp6quz.onion";' >> $filename
echo ' ["evil.im"] = "evilxro6nvjuvxqo.onion";' >> $filename
echo ' ["xmpp.evil.im"] = "evilxro6nvjuvxqo.onion";' >> $filename
echo ' ["inventati.org"] = "wi7qkxyrdpu5cmvr.onion";' >> $filename
echo ' ["jabber.ipredator.se"] = "3iffdebkzzkpgipa.onion";' >> $filename
echo ' ["jabber-germany.de"] = "dbbrphko5tqcpar3.onion";' >> $filename
echo ' ["kode.im"] = "ihkw7qy3tok45dun.onion";' >> $filename
echo ' ["im.koderoot.net"] = "ihkw7qy3tok45dun.onion";' >> $filename
echo ' ["adb-centralen.se"] = "37x6i3wgr2jyublb.onion";' >> $filename
echo ' ["joelpurra.se"] = "37x6i3wgr2jyublb.onion";' >> $filename
echo ' ["nordberg.se"] = "37x6i3wgr2jyublb.onion";' >> $filename
echo ' ["jabber.lqdn.fr"] = "jabber63t4r2qi57.onion";' >> $filename
echo ' ["jabber.otr.im"] = "5rgdtlawqkcplz75.onion";' >> $filename
echo ' ["otromundo.cf"] = "arauemwe2utqqzye.onion";' >> $filename
echo ' ["patchcord.be"] = "xsydhi3dnbjuatpz.onion";' >> $filename
echo ' ["riseup.net"] = "4cjw6cwpeaeppfqz.onion";' >> $filename
echo ' ["xmpp.riseup.net"] = "4cjw6cwpeaeppfqz.onion";' >> $filename
echo ' ["rows.io"] = "yz6yiv2hxyagvwy6.onion";' >> $filename
echo ' ["xmpp.rows.io"] = "yz6yiv2hxyagvwy6.onion";' >> $filename
echo ' ["securejabber.me"] = "giyvshdnojeivkom.onion";' >> $filename
echo ' ["so36.net"] = "s4fgy24e2b5weqdb.onion";' >> $filename
echo ' ["jabber.so36.net"] = "s4fgy24e2b5weqdb.onion";' >> $filename
echo ' ["jabber.systemli.org"] = "x5tno6mwkncu5m3h.onion";' >> $filename
echo ' ["taolo.ga"] = "l3ybpw4vs6ie5rv2.onion";' >> $filename
echo ' ["tchncs.de"] = "duvfmyqmdlyvc3mi.onion";' >> $filename
echo ' ["wtfismyip.com"] = "ofkztxcohimx34la.onion";' >> $filename
echo ' ["prosody.xmpp.is"] = "y2qmqomqpszzryei.onion";' >> $filename
echo ' ["xndr.de"] = "trcubpttd6zkc3tf.onion";' >> $filename
echo ' ["trashserver.net"] = "m4c722bvc2r7brnn.onion";' >> $filename
echo '};' >> $filename
}
function xmpp_create_config {
echo "admins = { \"$MY_USERNAME@$DEFAULT_DOMAIN_NAME\" }" > /etc/prosody/prosody.cfg.lua
echo 'plugin_paths = { "/var/lib/prosody/prosody-modules" }' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
xmpp_modules /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'allow_registration = false;' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'daemonize = true;' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'pidfile = "/var/run/prosody/prosody.pid";' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'https_ports = { 5281 }' >> /etc/prosody/prosody.cfg.lua
echo 'https_interfaces = { "*" }' >> /etc/prosody/prosody.cfg.lua
echo 'https_ssl = {' >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
else
echo " certificate = \"/etc/ssl/certs/xmpp.crt\";" >> /etc/prosody/prosody.cfg.lua
echo " key = \"/etc/ssl/private/xmpp.key\";" >> /etc/prosody/prosody.cfg.lua
fi
echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
echo " dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
else
echo " dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
fi
echo "}" >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
else
echo " certificate = \"/etc/ssl/certs/xmpp.crt\";" >> /etc/prosody/prosody.cfg.lua
echo " key = \"/etc/ssl/private/xmpp.key\";" >> /etc/prosody/prosody.cfg.lua
fi
echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
echo ' depth = "2";' >> /etc/prosody/prosody.cfg.lua
echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
echo " dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
else
echo " dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
fi
echo '}' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'c2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
echo 's2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 's2s_secure_auth = false' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'authentication = "internal_hashed"' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'storage = "sql"' >> /etc/prosody/prosody.cfg.lua
echo 'sql = { driver = "SQLite3", database = "prosody.sqlite" }' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'log = {' >> /etc/prosody/prosody.cfg.lua
echo ' info = "/dev/null";' >> /etc/prosody/prosody.cfg.lua
echo ' error = "/dev/null";' >> /etc/prosody/prosody.cfg.lua
echo ' { levels = { "error" }; to = "/dev/null"; };' >> /etc/prosody/prosody.cfg.lua
echo '}' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
if [[ $ONION_ONLY != 'no' ]]; then
echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/prosody.cfg.lua
else
echo "VirtualHost \"${DEFAULT_DOMAIN_NAME}\"" >> /etc/prosody/prosody.cfg.lua
fi
echo ' ssl = {' >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
else
echo " certificate = \"/etc/ssl/certs/xmpp.crt\";" >> /etc/prosody/prosody.cfg.lua
echo " key = \"/etc/ssl/private/xmpp.key\";" >> /etc/prosody/prosody.cfg.lua
fi
echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
echo ' depth = "2";' >> /etc/prosody/prosody.cfg.lua
echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
echo " dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
else
echo " dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
fi
echo ' }' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'Include "conf.d/*.cfg.lua"' >> /etc/prosody/prosody.cfg.lua
echo 'http_upload_path = "/var/lib/prosody/http_uploads"' >> /etc/prosody/prosody.cfg.lua
echo 'http_upload_file_size_limit = 307200' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo "Component \"chat.${DEFAULT_DOMAIN_NAME}\" \"muc\"" >> /etc/prosody/prosody.cfg.lua
echo ' name = "Chatrooms"' >> /etc/prosody/prosody.cfg.lua
echo ' modules_enabled = {' >> /etc/prosody/prosody.cfg.lua
echo ' "muc_limits";' >> /etc/prosody/prosody.cfg.lua
echo ' "muc_log";' >> /etc/prosody/prosody.cfg.lua
echo ' "mam_muc";' >> /etc/prosody/prosody.cfg.lua
echo ' "muc_log_http";' >> /etc/prosody/prosody.cfg.lua
echo ' }' >> /etc/prosody/prosody.cfg.lua
echo 'storage = { muc_log = "sql"; }' >> /etc/prosody/prosody.cfg.lua
echo 'sql = { driver = "SQLite3", database = "prosody.sqlite" }' >> /etc/prosody/prosody.cfg.lua
echo 'muc_event_rate = 0.5;' >> /etc/prosody/prosody.cfg.lua
echo 'muc_burst_factor = 10;' >> /etc/prosody/prosody.cfg.lua
echo 'muc_log_by_default = false;' >> /etc/prosody/prosody.cfg.lua
echo 'muc_log_all_rooms = false;' >> /etc/prosody/prosody.cfg.lua
echo 'max_archive_query_results = 10;' >> /etc/prosody/prosody.cfg.lua
echo 'max_history_messages = 10;' >> /etc/prosody/prosody.cfg.lua
}
function install_xmpp_nightly {
if [ ! -d $INSTALL_DIR ]; then
mkdir -p $INSTALL_DIR
fi
cd $INSTALL_DIR
# Try to get the source from the project repo
if [ -f /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
cp /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
else
if [ -f /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
cp /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
else
wget $prosody_nightly_url
fi
fi
if [ ! -f ${INSTALL_DIR}/${prosody_filename}.tar.gz ]; then
echo $"Failed to download prosody nightly $prosody_nightly_url"
exit 78352
fi
hash_value=$(sha256sum ${INSTALL_DIR}/${prosody_filename}.tar.gz | awk -F ' ' '{print $1}')
if [[ "$hash_value" != "$prosody_nightly_hash" ]]; then
rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
echo $'Unexpected hash value for prosody nightly download'
exit 68224283
fi
tar -xzvf ${INSTALL_DIR}/${prosody_filename}.tar.gz
cd ${INSTALL_DIR}/${prosody_filename}
./configure --ostype=debian --prefix=/usr
make prefix=/usr
make prefix=/usr install
if [ -f /usr/local/bin/prosody ]; then
echo $'Failed to build prosody nightly to /usr/bin'
rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
rm -rf ${INSTALL_DIR}/${prosody_filename}
exit 628732
fi
rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
set_completion_param "prosody_filename" "${prosody_filename}"
}
function install_xmpp {
if [ ! -d $INSTALL_DIR ]; then
mkdir -p $INSTALL_DIR
fi
# remove any existing install attempt
if [ -f $INSTALL_DIR/$prosody_modules_filename ]; then
rm $INSTALL_DIR/$prosody_modules_filename
fi
if [ -d $INSTALL_DIR/prosody-modules ]; then
rm -rf $INSTALL_DIR/prosody-modules
fi
update_prosody_modules
# obtain a cert for the default domain
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
if [[ $ONION_ONLY == 'no' ]]; then
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
echo $'LetsEncrypt cert could not be obtained for xmpp'
exit 72342
fi
fi
fi
apt-get -yq install lua-sec lua-bitop lua5.1 liblua5.1-dev
apt-get -yq install libidn11-dev libssl-dev lua-dbi-sqlite3
apt-get -yq install mercurial
apt-get -yq install prosody
if [ ! -f /usr/bin/hg ]; then
echo $"Couldn't install mercurial"
exit 52825
fi
if [ ! -d /etc/prosody ]; then
echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
exit 52367
fi
groupadd prosody
if [ ! -d /var/lib/prosody/http_uploads ]; then
mkdir -p /var/lib/prosody/http_uploads
fi
if [ ! -d /etc/prosody/conf.d ]; then
mkdir -p /etc/prosody/conf.d
fi
chmod -R 700 /etc/prosody/conf.d
chown -R prosody /var/lib/prosody
chown -R prosody /etc/prosody/conf.d
# install modules
update_prosody_modules initial
if [ ! -d /var/lib/prosody/prosody-modules ]; then
echo $'No prosody modules available'
exit 82634
fi
# create a certificate
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
if [ ! -f /etc/ssl/certs/xmpp.crt ]; then
${PROJECT_NAME}-addcert -h xmpp --dhkey ${DH_KEYLENGTH}
check_certificates xmpp
if [ ! -f /etc/ssl/certs/xmpp.crt ]; then
echo $'Failed to create xmpp certificate'
exit 72352
fi
if [ ! -f /etc/ssl/private/xmpp.key ]; then
echo $'Failed to create xmpp private certificate'
exit 36829
fi
chmod g=rX /etc/ssl/private/xmpp.key
chmod g=rX /etc/ssl/certs/xmpp.*
fi
fi
groupadd default
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
usermod -g default prosody
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
chown root:default /etc/ssl/private/xmpp.*
chown root:default /etc/ssl/certs/xmpp.*
chown root:default /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.*
chown root:default /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
sed -i "s|key =.*|key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i "s|certificate =.*|certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
else
sed -i "s|key =.*|key = \"/etc/ssl/private/xmpp.key\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i "s|certificate =.*|certificate = \"/etc/ssl/certs/xmpp.crt\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "1" ]]; then
sed -i "/certificate =/a\ dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
else
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
fi
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'depth = "2";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i '/certificate =/a\ depth = "2";' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
fi
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
xmpp_modules /etc/prosody/conf.avail/xmpp.cfg.lua
fi
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
if ! grep -q "c2s_require_encryption" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
else
sed -i 's|c2s_require_encryption.*|c2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q "s2s_require_encryption" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
else
sed -i 's|s2s_require_encryption.*|s2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
else
sed -i 's|allow_unencrypted_plain_auth.*|allow_unencrypted_plain_auth = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
if [ ! -d /var/lib/tor ]; then
echo $'No Tor installation found. xmpp onion site cannot be configured.'
exit 877367
fi
if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc
echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc
echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc
echo $'Added onion site for xmpp chat'
fi
onion_update
wait_for_onion_service 'xmpp'
if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
echo $'xmpp onion site hostname not found'
exit 65349
fi
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
fi
set_completion_param "xmpp onion domain" "${XMPP_ONION_HOSTNAME}"
if [ -f $IMAGE_PASSWORD_FILE ]; then
XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
if [ ${#XMPP_PASSWORD} -lt 8 ]; then
XMPP_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
fi
fi
function_check configure_firewall_for_xmpp
configure_firewall_for_xmpp
xmpp_email_headers
update_default_domain
xmpp_create_config
# TODO comment this out after debian supports prosody 0.10 or later
install_xmpp_nightly
chown -R prosody /etc/prosody
chown -R prosody /var/lib/prosody
chown -R prosody /usr/lib/prosody
chmod -R 700 /etc/prosody/conf.d
usermod -a -G www-data prosody
if [ -d /etc/letsencrypt ]; then
usermod -a -G ssl-cert prosody
fi
systemctl restart prosody
if [[ $ONION_ONLY != 'no' ]]; then
prosodyctl register $MY_USERNAME $XMPP_ONION_HOSTNAME "$XMPP_PASSWORD"
else
prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME "$XMPP_PASSWORD"
fi
if [ ! "$?" = "0" ]; then
echo ''
echo ''
systemctl status prosody -l
echo ''
echo ''
which prosody
which prosodyctl
echo ''
echo ''
cat /etc/prosody/prosody.cfg.lua
echo ''
echo ''
cat /etc/prosody/conf.avail/xmpp.cfg.lua
echo ''
echo ''
#remove_xmpp
echo $'Unable to register prosody user'
exit 347682
fi
${PROJECT_NAME}-pass -u $MY_USERNAME -a xmpp -p "$XMPP_PASSWORD"
APP_INSTALLED=1
}
# NOTE: deliberately no exit 0
Reference in New Issue View Git Blame Copy Permalink