From 6a176f021ed8b5e07880ea42300560215c070282 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Tue, 22 Nov 2016 11:02:50 +0000
Subject: [PATCH] Permissions and certs for prosody

---
 src/freedombone-app-xmpp  | 12 ++++++++++--
 src/freedombone-utils-web |  8 +++++++-
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index b4798bce..da1df539 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -371,6 +371,9 @@ function install_xmpp_main {
     chown root:default /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*
 
     cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
+    if [ ! -d /etc/prosody/certs ]; then
+        mkdir /etc/prosody/certs
+    fi
 
     if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
         sed -i "s|/etc/prosody/certs/example.com.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
@@ -474,8 +477,6 @@ function install_xmpp_main {
     fi
     sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
 
-    update_default_domain
-
     if [ ! -d /var/lib/tor ]; then
         echo $'No Tor installation found. xmpp onion site cannot be configured.'
         exit 877367
@@ -517,6 +518,13 @@ function install_xmpp_main {
     configure_firewall_for_xmpp
     xmpp_email_headers
 
+    cp /etc/ssl/certs/xmpp.* /etc/prosody/certs
+    cp /etc/ssl/private/xmpp.* /etc/prosody/certs
+    chown -R prosody:default /etc/prosody
+    update_default_domain
+
+    systemctl restart prosody
+
     install_completed xmpp_main
 }
 
diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index 80cd316f..f81116bf 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -714,6 +714,11 @@ function update_default_domain {
             cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
             cp /etc/ssl/certs/xmpp* /etc/prosody/certs
             cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
+            if [ ! -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
+                if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
+                    cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam
+                fi
+            fi
             if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
                 if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
                     mv /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem
@@ -725,8 +730,9 @@ function update_default_domain {
                 sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
                 sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
             fi
-            chown -R prosody:prosody /etc/prosody
+            chown -R prosody:default /etc/prosody
             chmod -R 700 /etc/prosody/certs/*
+            chmod 600 /etc/prosody/prosody.cfg.lua
             systemctl reload prosody
         fi