free
/
freedombonee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improve xmpp config

This commit is contained in:
Bob Mottram 2016-12-03 11:18:19 +00:00
parent a2ba737286
commit 42de0ace18
1 changed files with 101 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
src/freedombone-app-xmpp
View File

@ -316,6 +316,86 @@ function xmpp_email_headers {
done
}
function xmpp_modules {
filename=$1
echo 'modules_enabled = {' >> $filename
echo ' "dialback"; -- s2s dialback support' >> $filename
echo ' "disco"; -- Service discovery' >> $filename
echo ' "private"; -- Private XML storage (for room bookmarks, etc.)' >> $filename
echo ' "vcard"; -- Allow users to set vCards' >> $filename
echo ' "version"; -- Replies to server version requests' >> $filename
echo ' "uptime"; -- Report how long server has been running' >> $filename
echo ' "time"; -- Let others know the time here on this server' >> $filename
echo ' "ping"; -- Replies to XMPP pings with pongs' >> $filename
echo ' "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands' >> $filename
echo ' "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.' >> $filename
echo ' "bosh"; -- Enable mod_bosh' >> $filename
echo ' "tls"; -- Enable mod_tls' >> $filename
echo ' "saslauth"; -- Enable mod_saslauth' >> $filename
echo ' "onions"; -- Enable chat via onion service' >> $filename
echo ' "mam"; -- Message archive management' >> $filename
echo ' "csi"; -- Client state indication' >> $filename
echo ' "carbons"; -- Message carbons' >> $filename
echo ' "smacks"; -- Stream management' >> $filename
echo ' "smacks_offline"; -- Stream management' >> $filename
echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
echo ' "privacy"; -- Privacy lists' >> $filename
echo ' "privacy_lists"; -- Privacy lists' >> $filename
echo ' "blocking"; -- Blocking command' >> $filename
echo ' "roster"; -- Roster versioning' >> $filename
echo ' "offline_email"; -- If offline send to email' >> $filename
echo ' "offline"; -- Store offline messages' >> $filename
echo '};' >> $filename
}
function xmpp_create_config {
echo "admins = { \"$MY_USERNAME@$DEFAULT_DOMAIN_NAME\" }" > /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
xmpp_modules /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'allow_registration = false;' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'daemonize = true;' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'pidfile = "/var/run/prosody/prosody.pid";' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
echo " key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
echo " curve = \"$XMPP_ECC_CURVE\";" >> /etc/prosody/prosody.cfg.lua
echo ' depth = "1";' >> /etc/prosody/prosody.cfg.lua
echo " ciphers = \"$XMPP_CIPHERS\";" >> /etc/prosody/prosody.cfg.lua
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
echo " dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
echo '}' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'c2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
echo 's2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 's2s_secure_auth = false' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'authentication = "internal_hashed"' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'log = {' >> /etc/prosody/prosody.cfg.lua
echo ' info = "/dev/null";' >> /etc/prosody/prosody.cfg.lua
echo ' error = "/dev/null";' >> /etc/prosody/prosody.cfg.lua
echo ' { levels = { "error" }; to = "/dev/null"; };' >> /etc/prosody/prosody.cfg.lua
echo '}' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'VirtualHost "${DEFAULT_DOMAIN_NAME}"' >> /etc/prosody/prosody.cfg.lua
echo ' ssl = {' >> /etc/prosody/prosody.cfg.lua
echo " key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
echo " curve = \"$XMPP_ECC_CURVE\";" >> /etc/prosody/prosody.cfg.lua
echo ' depth = "1";' >> /etc/prosody/prosody.cfg.lua
echo " ciphers = \"$XMPP_CIPHERS\";" >> /etc/prosody/prosody.cfg.lua
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
echo " dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
echo ' }' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'Include "conf.d/*.cfg.lua"' >> /etc/prosody/prosody.cfg.lua
}
function install_xmpp_main {
update_prosody_modules
@ -411,27 +491,23 @@ function install_xmpp_main {
if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "mam"; -- Message archive management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "csi"; -- Client state indication' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "carbons"; -- Message carbons' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "smacks"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "smacks_offline"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "privacy"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "privacy_lists"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "blocking"; -- Blocking command' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "roster"; -- Roster versioning' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo ' "offline_email"; -- If offline send to email' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
xmpp_modules /etc/prosody/conf.avail/xmpp.cfg.lua
fi
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
if ! grep -q "c2s_require_encryption" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
else
sed -i 's|c2s_require_encryption.*|c2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q "s2s_require_encryption" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
else
sed -i 's|s2s_require_encryption.*|s2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/conf.avail/xmpp.cfg.lua; then
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
else
sed -i 's|allow_unencrypted_plain_auth.*|allow_unencrypted_plain_auth = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
@ -527,6 +603,13 @@ function install_xmpp_main {
chown -R prosody:default /etc/prosody
update_default_domain
xmpp_create_config
if [ ! -d /etc/prosody/conf.d ]; then
mkdir /etc/prosody/conf.d
fi
chmod -R 700 /etc/prosody/conf.d
chown -R prosody /etc/prosody/conf.d
systemctl restart prosody
install_completed xmpp_main