1067 lines
43 KiB
Bash
Executable File
1067 lines
43 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# .---. . .
|
|
# | | |
|
|
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
|
|
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
|
|
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
|
|
#
|
|
# Freedom in the Cloud
|
|
#
|
|
# XMPP functions
|
|
#
|
|
# License
|
|
# =======
|
|
#
|
|
# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
VARIANTS='full full-vim chat'
|
|
|
|
IN_DEFAULT_INSTALL=0
|
|
SHOW_ON_ABOUT=1
|
|
|
|
# Directory where XMPP settings are stored
|
|
XMPP_DIRECTORY="/var/lib/prosody"
|
|
XMPP_PASSWORD=
|
|
|
|
XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"'
|
|
XMPP_ECC_CURVE='"secp384r1"'
|
|
|
|
prosody_latest_version='0.10'
|
|
prosody_nightly=410
|
|
prosody_nightly_hash='9cf3db6a09895a744d72eb90b4a635758a710afe1a16b78506c7139c4e7211eb'
|
|
prosody_filename=prosody-${prosody_latest_version}-1nightly${prosody_nightly}
|
|
prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/latest/${prosody_filename}.tar.gz"
|
|
|
|
# From https://hg.prosody.im/prosody-modules
|
|
prosody_modules_filename='prosody-modules-20170514.tar.gz'
|
|
prosody_modules_hash='ef404c203317cc0de6da7aaec4f21765a57f630adfbf082cf2dd92b881c15f86'
|
|
|
|
xmpp_variables=(ONION_ONLY
|
|
INSTALLED_WITHIN_DOCKER
|
|
XMPP_CIPHERS
|
|
XMPP_ECC_CURVE
|
|
XMPP_ECC_CURVE
|
|
MY_USERNAME
|
|
DEFAULT_DOMAIN_NAME
|
|
XMPP_DOMAIN_CODE)
|
|
|
|
function logging_on_xmpp {
|
|
if [ -d /etc/prosody ]; then
|
|
if [ ! -d /var/log/prosody ]; then
|
|
mkdir /var/log/prosody
|
|
chown root:adm /var/log/prosody
|
|
fi
|
|
if ! grep -q "/var/log/prosody/prosody.log" /etc/prosody/prosody.cfg.lua; then
|
|
sed -i 's|info = "/dev/null";|info = "/var/log/prosody/prosody.log";|g' /etc/prosody/prosody.cfg.lua
|
|
sed -i 's|error = "/dev/null";|error = "/var/log/prosody/prosody.err";|g' /etc/prosody/prosody.cfg.lua
|
|
sed -i 's|levels = { "error" }; to = "/dev/null";|levels = { "error" }; to = "syslog";|g' /etc/prosody/prosody.cfg.lua
|
|
fi
|
|
fi
|
|
}
|
|
|
|
function logging_off_xmpp {
|
|
if [ -d /etc/prosody ]; then
|
|
if grep -q "/var/log/prosody/prosody.log" /etc/prosody/prosody.cfg.lua; then
|
|
sed -i 's|info = "/var/log/prosody/prosody.log";|info = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
|
|
sed -i 's|error = "/var/log/prosody/prosody.err";|error = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
|
|
sed -i 's|levels = { "error" }; to = "syslog";|levels = { "error" }; to = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
|
|
$REMOVE_FILES_COMMAND /var/log/prosody/*
|
|
rm -rf /var/log/prosody
|
|
fi
|
|
fi
|
|
}
|
|
|
|
function xmpp_add_onion_address {
|
|
domain_name="$1"
|
|
onion_address="$2"
|
|
if [ ${#domain_name} -eq 0 ]; then
|
|
return
|
|
fi
|
|
if [ ${#onion_address} -eq 0 ]; then
|
|
return
|
|
fi
|
|
if ! grep "${onion_address}" /etc/prosody/prosody.cfg.lua; then
|
|
if grep -q "[\"${domain_name}\"]" /etc/prosody/prosody.cfg.lua; then
|
|
sed -i "s|[\"${domain_name}\"].*|[\"${domain_name}\"] = \"${onion_address}\";|g" /etc/prosody/prosody.cfg.lua
|
|
else
|
|
sed -i "/onions_map = {/a [\"${domain_name}\"] = \"${onion_address}\";" /etc/prosody/prosody.cfg.lua
|
|
fi
|
|
systemctl restart prosody
|
|
fi
|
|
}
|
|
|
|
function xmpp_add_onion_address_interactive {
|
|
data=$(tempfile 2>/dev/null)
|
|
trap "rm -f $data" 0 1 2 5 15
|
|
dialog --backtitle $"Freedombone Control Panel" \
|
|
--title $"Add an ICANN to Onion domain mapping" \
|
|
--form $"Sepecify an ICANN domain name and its equivalent onion address\n" 9 50 2 \
|
|
$"Domain:" 1 1 "" 1 18 26 25 \
|
|
$"Onion address:" 2 1 "" 2 18 26 25 \
|
|
2> $data
|
|
sel=$?
|
|
case $sel in
|
|
1) return;;
|
|
255) return;;
|
|
esac
|
|
domain_name=$(cat $data | sed -n 1p)
|
|
onion_address=$(cat $data | sed -n 2p)
|
|
if [[ "$onion_address" != *".onion" ]]; then
|
|
return
|
|
fi
|
|
if [[ "$domain_name" != *"."* ]]; then
|
|
return
|
|
fi
|
|
|
|
xmpp_add_onion_address "$domain_name" "$onion_address"
|
|
|
|
dialog --title $"Add an ICANN to Onion domain mapping" \
|
|
--msgbox $"${domain_name} -> ${onion_address} added" 6 70
|
|
}
|
|
|
|
function xmpp_remove_onion_address {
|
|
domain_name="$1"
|
|
if [ ${#domain_name} -eq 0 ]; then
|
|
return
|
|
fi
|
|
xmpp_changed=
|
|
if grep -q "[\"${domain_name}\"]" /etc/prosody/prosody.cfg.lua; then
|
|
sed -i "/[\"${domain_name}\"]/d" /etc/prosody/prosody.cfg.lua
|
|
xmpp_changed=1
|
|
fi
|
|
|
|
if grep -q "= \"${domain_name}\";" /etc/prosody/prosody.cfg.lua; then
|
|
sed -i "/= \"${domain_name}\";/d" /etc/prosody/prosody.cfg.lua
|
|
xmpp_changed=1
|
|
fi
|
|
if [ $xmpp_changed ]; then
|
|
systemctl restart prosody
|
|
fi
|
|
}
|
|
|
|
function xmpp_remove_onion_address_interactive {
|
|
data=$(tempfile 2>/dev/null)
|
|
trap "rm -f $data" 0 1 2 5 15
|
|
dialog --title $"Remove ICANN to Onion domain mapping" \
|
|
--backtitle $"Freedombone Control Panel" \
|
|
--inputbox $'Enter the domain name or onion address to be removed' 8 60 2>$data
|
|
sel=$?
|
|
case $sel in
|
|
0) domain_name=$(<$data)
|
|
if [[ "$domain_name" != *"."* ]]; then
|
|
return
|
|
fi
|
|
xmpp_remove_onion_address "$domain_name"
|
|
dialog --title $"Remove an ICANN to Onion domain mapping" \
|
|
--msgbox $"${domain_name} removed" 6 70
|
|
;;
|
|
esac
|
|
}
|
|
|
|
function configure_interactive_xmpp {
|
|
while true
|
|
do
|
|
data=$(tempfile 2>/dev/null)
|
|
trap "rm -f $data" 0 1 2 5 15
|
|
dialog --backtitle $"Freedombone Control Panel" \
|
|
--title $"XMPP" \
|
|
--radiolist $"Choose an operation:" 12 70 3 \
|
|
1 $"Add an ICANN to onion domain mapping" off \
|
|
2 $"Remove an ICANN to onion domain mapping" off \
|
|
3 $"Return to administrator control panel" on 2> $data
|
|
sel=$?
|
|
case $sel in
|
|
1) return;;
|
|
255) return;;
|
|
esac
|
|
case $(cat $data) in
|
|
1) xmpp_add_onion_address_interactive;;
|
|
2) xmpp_remove_onion_address_interactive;;
|
|
3) break;;
|
|
esac
|
|
done
|
|
}
|
|
|
|
function remove_user_xmpp {
|
|
remove_username="$1"
|
|
${PROJECT_NAME}-pass -u $remove_username --rmapp xmpp
|
|
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
|
|
if [[ $ONION_ONLY != "no" ]]; then
|
|
${PROJECT_NAME}-rmxmpp -e "${remove_username}@${XMPP_ONION_HOSTNAME}"
|
|
else
|
|
${PROJECT_NAME}-rmxmpp -e "${remove_username}@${HOSTNAME}"
|
|
fi
|
|
}
|
|
|
|
function add_user_xmpp_client {
|
|
new_username="$1"
|
|
new_user_password="$2"
|
|
|
|
if [ -f /usr/local/bin/profanity ]; then
|
|
XMPP_CLIENT_DIR=/home/$new_username/.local/share/profanity
|
|
XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
|
|
if [ ! -d $XMPP_CLIENT_DIR ]; then
|
|
mkdir -p $XMPP_CLIENT_DIR
|
|
fi
|
|
if [ ! -d /home/$new_username/.config/profanity ]; then
|
|
mkdir -p /home/$new_username/.config/profanity
|
|
fi
|
|
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$new_username" "$new_username@$HOSTNAME")
|
|
echo "[${new_username}@${HOSTNAME}]" > $XMPP_CLIENT_ACCOUNTS
|
|
echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
|
|
echo "jid=${new_username}@${HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
|
|
echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS
|
|
echo "pgp.keyid=$GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS
|
|
echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
|
|
echo "muc.service=conference.${HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
|
|
echo "muc.nick=${new_username}" >> $XMPP_CLIENT_ACCOUNTS
|
|
echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
|
|
echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
|
|
echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
|
|
echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
|
|
echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
|
|
echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
|
|
echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
|
|
|
|
echo '[connection]' > /home/$new_username/.config/profanity/profrc
|
|
if [[ $ONION_ONLY != "no" ]]; then
|
|
echo "account=${new_username}@${XMPP_ONION_HOSTNAME}" >> /home/$new_username/.config/profanity/profrc
|
|
else
|
|
echo "account=${new_username}@${HOSTNAME}" >> /home/$new_username/.config/profanity/profrc
|
|
fi
|
|
echo '' >> /home/$new_username/.config/profanity/profrc
|
|
echo '[plugins]' >> /home/$new_username/.config/profanity/profrc
|
|
echo 'load=prof_omemo_plugin.py;' >> /home/$new_username/.config/profanity/profrc
|
|
echo '' >> /home/$new_username/.config/profanity/profrc
|
|
echo '[otr]' >> /home/$new_username/.config/profanity/profrc
|
|
echo 'policy=opportunistic' >> /home/$new_username/.config/profanity/profrc
|
|
echo 'log=off' >> /home/$new_username/.config/profanity/profrc
|
|
echo '' >> /home/$new_username/.config/profanity/profrc
|
|
echo '[pgp]' >> /home/$new_username/.config/profanity/profrc
|
|
echo 'log=off' >> /home/$new_username/.config/profanity/profrc
|
|
echo '' >> /home/$new_username/.config/profanity/profrc
|
|
echo '[ui]' >> /home/$new_username/.config/profanity/profrc
|
|
echo 'enc.warn=true' >> /home/$new_username/.config/profanity/profrc
|
|
|
|
chown -R $new_username:$new_username /home/$new_username/.local
|
|
chown -R $new_username:$new_username /home/$new_username/.config
|
|
fi
|
|
}
|
|
|
|
function add_user_xmpp {
|
|
new_username="$1"
|
|
new_user_password="$2"
|
|
|
|
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
|
|
${PROJECT_NAME}-pass -u $new_username -a xmpp -p "$new_user_password"
|
|
|
|
if [[ $ONION_ONLY != "no" ]]; then
|
|
${PROJECT_NAME}-addxmpp -e "$new_username@$XMPP_ONION_HOSTNAME" -p "$new_user_password"
|
|
else
|
|
${PROJECT_NAME}-addxmpp -e "$new_username@$HOSTNAME" -p "$new_user_password"
|
|
fi
|
|
if [ ! "$?" = "0" ]; then
|
|
echo '1'
|
|
return
|
|
fi
|
|
|
|
add_user_xmpp_client "$new_username" "$new_user_password"
|
|
echo '0'
|
|
}
|
|
|
|
function install_interactive_xmpp {
|
|
echo -n ''
|
|
APP_INSTALLED=1
|
|
}
|
|
|
|
function change_password_xmpp {
|
|
curr_username="$1"
|
|
new_user_password="$2"
|
|
|
|
read_config_param DEFAULT_DOMAIN_NAME
|
|
|
|
${PROJECT_NAME}-pass -u $curr_username -a xmpp -p "$new_user_password"
|
|
|
|
# TODO: this is currently interactive. Really there needs to be a
|
|
# non-interactive password change option for prosodyctl
|
|
clear
|
|
echo ''
|
|
echo $'Currently Prosody requires password changes to be done interactively'
|
|
prosodyctl passwd ${curr_username}@${DEFAULT_DOMAIN_NAME}
|
|
|
|
if [ -f /usr/local/bin/profanity ]; then
|
|
XMPP_CLIENT_DIR=/home/$curr_username/.local/share/profanity
|
|
XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
|
|
if [ -f $XMPP_CLIENT_ACCOUNTS ]; then
|
|
sed -i "s|password=.*|password=$new_user_password|g" $XMPP_CLIENT_ACCOUNTS
|
|
fi
|
|
fi
|
|
}
|
|
|
|
function reconfigure_xmpp {
|
|
echo -n ''
|
|
}
|
|
|
|
function update_prosody_modules {
|
|
if [ ! $1 ]; then
|
|
if [ ! -d /var/lib/prosody/prosody-modules ]; then
|
|
return
|
|
fi
|
|
fi
|
|
if [ ! -d /usr/lib/prosody ]; then
|
|
return
|
|
fi
|
|
|
|
if [ ! -f $INSTALL_DIR/$prosody_modules_filename ]; then
|
|
# Obtain the modules
|
|
if [ -f ~/freedombone/image_build/$prosody_modules_filename ]; then
|
|
cp ~/freedombone/image_build/$prosody_modules_filename $INSTALL_DIR
|
|
else
|
|
if [ -f /home/$MY_USERNAME/freedombone/image_build/$prosody_modules_filename ]; then
|
|
cp /home/$MY_USERNAME/freedombone/image_build/$prosody_modules_filename $INSTALL_DIR
|
|
fi
|
|
fi
|
|
|
|
if [ -f $INSTALL_DIR/$prosody_modules_filename ]; then
|
|
cd $INSTALL_DIR
|
|
|
|
# Check the hash
|
|
curr_hash=$(sha256sum $INSTALL_DIR/$prosody_modules_filename | awk -F ' ' '{print $1}')
|
|
if [[ "$curr_hash" != "$prosody_modules_hash" ]]; then
|
|
echo $'Prosody modules hash does not match'
|
|
exit 83562
|
|
else
|
|
# Extract the modules
|
|
if [ -d $INSTALL_DIR/prosody-modules ]; then
|
|
rm -rf $INSTALL_DIR/prosody-modules
|
|
fi
|
|
tar -xzvf $prosody_modules_filename
|
|
if [ -d $INSTALL_DIR/prosody-modules ]; then
|
|
systemctl stop prosody
|
|
if [ ! -d /var/lib/prosody/prosody-modules ]; then
|
|
mkdir -p /var/lib/prosody/prosody-modules
|
|
fi
|
|
cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
|
|
cp -r $INSTALL_DIR/prosody-modules/* /usr/lib/prosody/modules/
|
|
chown -R prosody:prosody /var/lib/prosody/prosody-modules
|
|
chown -R prosody:prosody /usr/lib/prosody/modules
|
|
systemctl start prosody
|
|
else
|
|
echo $'Prosody modules not extracted'
|
|
exit 72524
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
if ! grep -q '"vcard"' /etc/prosody/prosody.cfg.lua; then
|
|
systemctl stop prosody
|
|
sed -i '/"pep"/a "vcard";' /etc/prosody/prosody.cfg.lua
|
|
systemctl start prosody
|
|
fi
|
|
}
|
|
|
|
function upgrade_xmpp {
|
|
if [ -d /etc/letsencrypt ]; then
|
|
prosody_groups=$(groups prosody)
|
|
if [[ "$prosody_groups" != *'ssl-cert'* ]]; then
|
|
usermod -a -G ssl-cert prosody
|
|
fi
|
|
fi
|
|
function_check update_prosody_modules
|
|
update_prosody_modules
|
|
|
|
curr_prosody_filename=$(cat $COMPLETION_FILE | grep "prosody_filename" | awk -F ':' '{print $2}')
|
|
if [[ "$curr_prosody_filename" != "$prosody_filename" ]]; then
|
|
if [ -d ${INSTALL_DIR}/${prosody_filename} ]; then
|
|
# ensure that the binaries have not been overwritten
|
|
# by an operating system upgrade
|
|
cd ${INSTALL_DIR}/${prosody_filename}
|
|
make prefix=/usr install
|
|
else
|
|
cd $INSTALL_DIR
|
|
# Try to get the source from the project repo
|
|
if [ -f /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
|
|
cp /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
|
|
else
|
|
if [ -f /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
|
|
cp /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
|
|
else
|
|
wget $prosody_nightly_url
|
|
fi
|
|
fi
|
|
if [ ! -f ${INSTALL_DIR}/${prosody_filename}.tar.gz ]; then
|
|
echo $"Failed to download prosody nightly $prosody_nightly_url"
|
|
return
|
|
fi
|
|
|
|
hash_value=$(sha256sum ${INSTALL_DIR}/${prosody_filename}.tar.gz | awk -F ' ' '{print $1}')
|
|
if [[ "$hash_value" != "$prosody_nightly_hash" ]]; then
|
|
rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
|
|
echo $'Unexpected hash value for prosody nightly download'
|
|
return
|
|
fi
|
|
|
|
tar -xzvf ${INSTALL_DIR}/${prosody_filename}.tar.gz
|
|
cd ${INSTALL_DIR}/${prosody_filename}
|
|
./configure --ostype=debian --prefix=/usr
|
|
make prefix=/usr
|
|
make prefix=/usr install
|
|
if [ -f /usr/local/bin/prosody ]; then
|
|
echo $'Failed to build prosody nightly to /usr/bin'
|
|
rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
|
|
rm -rf ${INSTALL_DIR}/${prosody_filename}
|
|
return
|
|
fi
|
|
rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
|
|
fi
|
|
|
|
# add onion addresses for known servers
|
|
if ! grep -q "onions_map =" /etc/prosody/prosody.cfg.lua; then
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
|
|
fi
|
|
|
|
set_completion_param "prosody_filename" "${prosody_filename}"
|
|
fi
|
|
|
|
cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
|
|
chown -R prosody:prosody /var/lib/prosody/prosody-modules
|
|
|
|
systemctl restart prosody
|
|
}
|
|
|
|
function backup_local_xmpp {
|
|
source_directory=/var/lib/prosody
|
|
if [ -d $source_directory ]; then
|
|
dest_directory=xmpp
|
|
function_check backup_directory_to_usb
|
|
backup_directory_to_usb $source_directory $dest_directory
|
|
fi
|
|
}
|
|
|
|
function restore_local_xmpp {
|
|
if [ -d /var/lib/prosody ]; then
|
|
echo $"Restoring xmpp settings"
|
|
temp_restore_dir=/root/tempxmpp
|
|
function_check restore_directory_from_usb
|
|
restore_directory_from_usb $temp_restore_dir xmpp
|
|
if [ -d $temp_restore_dir/var/lib/prosody ]; then
|
|
cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
|
|
else
|
|
cp -r $temp_restore_dir/* /var/lib/prosody/
|
|
fi
|
|
if [ ! "$?" = "0" ]; then
|
|
function_check set_user_permissions
|
|
set_user_permissions
|
|
function_check backup_unmount_drive
|
|
backup_unmount_drive
|
|
exit 725
|
|
fi
|
|
rm -rf $temp_restore_dir
|
|
systemctl restart prosody
|
|
chown -R prosody:prosody /var/lib/prosody/*
|
|
echo $"Restore of xmpp settings complete"
|
|
fi
|
|
}
|
|
|
|
function backup_remote_xmpp {
|
|
if [ -d /var/lib/prosody ]; then
|
|
echo $"Backing up the xmpp settings"
|
|
backup_directory_to_friend /var/lib/prosody xmpp
|
|
echo $"Backup of xmpp settings complete"
|
|
fi
|
|
}
|
|
|
|
function restore_remote_xmpp {
|
|
if [ -d /var/lib/prosody ]; then
|
|
echo $"Restoring xmpp settings"
|
|
temp_restore_dir=/root/tempxmpp
|
|
function_check restore_directory_from_friend
|
|
restore_directory_from_friend $temp_restore_dir xmpp
|
|
if [ -d $temp_restore_dir/var/lib/prosody ]; then
|
|
cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
|
|
else
|
|
cp -r $temp_restore_dir/* /var/lib/prosody/
|
|
fi
|
|
if [ ! "$?" = "0" ]; then
|
|
exit 725
|
|
fi
|
|
rm -rf $temp_restore_dir
|
|
systemctl restart prosody
|
|
chown -R prosody:prosody /var/lib/prosody/*
|
|
echo $"Restore of xmpp settings complete"
|
|
fi
|
|
}
|
|
|
|
function configure_firewall_for_xmpp {
|
|
if [ ! -d /etc/prosody ]; then
|
|
return
|
|
fi
|
|
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
|
|
return
|
|
fi
|
|
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
|
# docker does its own firewalling
|
|
return
|
|
fi
|
|
if [[ $ONION_ONLY != "no" ]]; then
|
|
return
|
|
fi
|
|
firewall_add XMPP 5222 tcp
|
|
firewall_add XMPP 5223 tcp
|
|
firewall_add XMPP 5269 tcp
|
|
firewall_add XMPP 5280 tcp
|
|
firewall_add XMPP 5281 tcp
|
|
mark_completed $FUNCNAME
|
|
}
|
|
|
|
function remove_xmpp {
|
|
remove_profanity
|
|
remove_movim
|
|
firewall_remove 5222 tcp
|
|
firewall_remove 5223 tcp
|
|
firewall_remove 5269 tcp
|
|
firewall_remove 5280 tcp
|
|
firewall_remove 5281 tcp
|
|
|
|
function_check remove_onion_service
|
|
remove_onion_service xmpp 5222 5223 5269
|
|
|
|
apt-get -yq remove --purge prosody
|
|
if [ -f $INSTALL_DIR/$prosody_modules_filename ]; then
|
|
rm $INSTALL_DIR/$prosody_modules_filename
|
|
fi
|
|
if [ -d $INSTALL_DIR/prosody-modules ]; then
|
|
rm -rf $INSTALL_DIR/prosody-modules
|
|
fi
|
|
if [ -d /etc/prosody ]; then
|
|
rm -rf /etc/prosody
|
|
fi
|
|
if [ -d /var/lib/prosody ]; then
|
|
rm -rf /var/lib/prosody
|
|
fi
|
|
if [ -d /usr/lib/prosody ]; then
|
|
rm -rf /usr/lib/prosody
|
|
fi
|
|
if [ -f /usr/local/bin/prosody ]; then
|
|
rm /usr/local/bin/prosody
|
|
fi
|
|
if [ -f /usr/local/bin/prosodyctl ]; then
|
|
rm /usr/local/bin/prosodyctl
|
|
fi
|
|
groupdel prosody
|
|
|
|
remove_completion_param install_xmpp
|
|
sed -i '/xmpp/d' $COMPLETION_FILE
|
|
sed -i '/prosody/d' $COMPLETION_FILE
|
|
}
|
|
|
|
function xmpp_email_headers {
|
|
for d in /home/*/ ; do
|
|
USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
|
|
if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
|
|
if [ -f /home/$USERNAME/.muttrc ]; then
|
|
if ! grep -q "Jabber-ID" /home/$USERNAME/.muttrc; then
|
|
echo "my_hdr Jabber-ID: ${USERNAME}@${HOSTNAME}" >> /home/$USERNAME/.muttrc
|
|
fi
|
|
fi
|
|
fi
|
|
done
|
|
}
|
|
|
|
function xmpp_modules {
|
|
filename=$1
|
|
echo 'modules_enabled = {' >> $filename
|
|
echo ' "pubsub";' >> $filename
|
|
echo ' "pubsub_hub";' >> $filename
|
|
echo ' "dialback"; -- s2s dialback support' >> $filename
|
|
echo ' "disco"; -- Service discovery' >> $filename
|
|
echo ' "private"; -- Private XML storage (for room bookmarks, etc.)' >> $filename
|
|
echo ' "version"; -- Replies to server version requests' >> $filename
|
|
echo ' "uptime"; -- Report how long server has been running' >> $filename
|
|
echo ' "time"; -- Let others know the time here on this server' >> $filename
|
|
echo ' "ping"; -- Replies to XMPP pings with pongs' >> $filename
|
|
echo ' "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands' >> $filename
|
|
echo ' "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.' >> $filename
|
|
echo ' "bosh"; -- Enable mod_bosh' >> $filename
|
|
echo ' "tls"; -- Enable mod_tls' >> $filename
|
|
echo ' "saslauth"; -- Enable mod_saslauth' >> $filename
|
|
echo ' "onions"; -- Enable chat via onion service' >> $filename
|
|
echo ' "mam"; -- Message archive management' >> $filename
|
|
echo ' "csi"; -- Client state indication' >> $filename
|
|
echo ' "carbons"; -- Message carbons' >> $filename
|
|
echo ' "carbons_adhoc"; -- Message carbons' >> $filename
|
|
echo ' "carbons_copies"; -- Message carbons' >> $filename
|
|
echo ' "smacks"; -- Stream management' >> $filename
|
|
echo ' "smacks_offline"; -- Stream management' >> $filename
|
|
echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
|
|
echo ' "vcard"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
|
|
echo ' "e2e_policy"; -- To support OMEMO' >> $filename
|
|
echo ' "pep_vcard_avatar"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
|
|
echo ' "blocklist"; -- Privacy lists' >> $filename
|
|
echo ' "privacy_lists"; -- Privacy lists' >> $filename
|
|
echo ' "blocking"; -- Blocking command' >> $filename
|
|
echo ' "roster"; -- Roster versioning' >> $filename
|
|
echo ' "offline_email"; -- If offline send to email' >> $filename
|
|
echo ' "offline"; -- Store offline messages' >> $filename
|
|
echo ' "http";' >> $filename
|
|
echo ' "http_upload";' >> $filename
|
|
echo ' "websocket";' >> $filename
|
|
echo ' "throttle_presence"; -- Reduce battery and bandwidth usage' >> $filename
|
|
echo ' "filter_chatstates"; -- Reduce battery and bandwidth usage' >> $filename
|
|
echo '};' >> $filename
|
|
}
|
|
|
|
function xmpp_onion_addresses {
|
|
filename=$1
|
|
echo 'onions_map = {' >> $filename
|
|
echo ' ["anonymitaet-im-inter.net"] = "rwf5skuv5vqzcdit.onion";' >> $filename
|
|
echo ' ["autistici.org"] = "wi7qkxyrdpu5cmvr.onion";' >> $filename
|
|
echo ' ["jabber.calyxinstitute.org"] = "ijeeynrc6x2uy5ob.onion";' >> $filename
|
|
echo ' ["jabber.ccc.de"] = "okj7xc6j2szr2y75.onion";' >> $filename
|
|
echo ' ["cloak.dk"] = "m2dsl4banuimpm6c.onion";' >> $filename
|
|
echo ' ["jabber.cryptoparty.is"] = "cryjabkbdljzohnp.onion";' >> $filename
|
|
echo ' ["daemons.cf"] = "daemon4jidu2oig6.onion";' >> $filename
|
|
echo ' ["dukgo.com"] = "wlcpmruglhxp6quz.onion";' >> $filename
|
|
echo ' ["evil.im"] = "evilxro6nvjuvxqo.onion";' >> $filename
|
|
echo ' ["xmpp.evil.im"] = "evilxro6nvjuvxqo.onion";' >> $filename
|
|
echo ' ["inventati.org"] = "wi7qkxyrdpu5cmvr.onion";' >> $filename
|
|
echo ' ["jabber.ipredator.se"] = "3iffdebkzzkpgipa.onion";' >> $filename
|
|
echo ' ["jabber-germany.de"] = "dbbrphko5tqcpar3.onion";' >> $filename
|
|
echo ' ["kode.im"] = "ihkw7qy3tok45dun.onion";' >> $filename
|
|
echo ' ["im.koderoot.net"] = "ihkw7qy3tok45dun.onion";' >> $filename
|
|
echo ' ["adb-centralen.se"] = "37x6i3wgr2jyublb.onion";' >> $filename
|
|
echo ' ["joelpurra.se"] = "37x6i3wgr2jyublb.onion";' >> $filename
|
|
echo ' ["nordberg.se"] = "37x6i3wgr2jyublb.onion";' >> $filename
|
|
echo ' ["jabber.lqdn.fr"] = "jabber63t4r2qi57.onion";' >> $filename
|
|
echo ' ["jabber.otr.im"] = "5rgdtlawqkcplz75.onion";' >> $filename
|
|
echo ' ["otromundo.cf"] = "arauemwe2utqqzye.onion";' >> $filename
|
|
echo ' ["patchcord.be"] = "xsydhi3dnbjuatpz.onion";' >> $filename
|
|
echo ' ["riseup.net"] = "4cjw6cwpeaeppfqz.onion";' >> $filename
|
|
echo ' ["xmpp.riseup.net"] = "4cjw6cwpeaeppfqz.onion";' >> $filename
|
|
echo ' ["rows.io"] = "yz6yiv2hxyagvwy6.onion";' >> $filename
|
|
echo ' ["xmpp.rows.io"] = "yz6yiv2hxyagvwy6.onion";' >> $filename
|
|
echo ' ["securejabber.me"] = "giyvshdnojeivkom.onion";' >> $filename
|
|
echo ' ["so36.net"] = "s4fgy24e2b5weqdb.onion";' >> $filename
|
|
echo ' ["jabber.so36.net"] = "s4fgy24e2b5weqdb.onion";' >> $filename
|
|
echo ' ["jabber.systemli.org"] = "x5tno6mwkncu5m3h.onion";' >> $filename
|
|
echo ' ["taolo.ga"] = "l3ybpw4vs6ie5rv2.onion";' >> $filename
|
|
echo ' ["tchncs.de"] = "duvfmyqmdlyvc3mi.onion";' >> $filename
|
|
echo ' ["wtfismyip.com"] = "ofkztxcohimx34la.onion";' >> $filename
|
|
echo ' ["prosody.xmpp.is"] = "y2qmqomqpszzryei.onion";' >> $filename
|
|
echo ' ["xndr.de"] = "trcubpttd6zkc3tf.onion";' >> $filename
|
|
echo ' ["trashserver.net"] = "m4c722bvc2r7brnn.onion";' >> $filename
|
|
echo '};' >> $filename
|
|
}
|
|
|
|
function xmpp_create_config {
|
|
echo "admins = { \"$MY_USERNAME@$DEFAULT_DOMAIN_NAME\" }" > /etc/prosody/prosody.cfg.lua
|
|
echo 'plugin_paths = { "/var/lib/prosody/prosody-modules" }' >> /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
xmpp_modules /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'allow_registration = false;' >> /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'daemonize = true;' >> /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'pidfile = "/var/run/prosody/prosody.pid";' >> /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'https_ports = { 5281 }' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'https_interfaces = { "*" }' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'https_ssl = {' >> /etc/prosody/prosody.cfg.lua
|
|
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
|
|
echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
|
|
else
|
|
echo " certificate = \"/etc/ssl/certs/xmpp.crt\";" >> /etc/prosody/prosody.cfg.lua
|
|
echo " key = \"/etc/ssl/private/xmpp.key\";" >> /etc/prosody/prosody.cfg.lua
|
|
fi
|
|
echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
|
|
echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
|
|
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
|
|
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
echo " dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
|
|
else
|
|
echo " dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
|
|
fi
|
|
echo "}" >> /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
|
|
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
|
|
echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
|
|
else
|
|
echo " certificate = \"/etc/ssl/certs/xmpp.crt\";" >> /etc/prosody/prosody.cfg.lua
|
|
echo " key = \"/etc/ssl/private/xmpp.key\";" >> /etc/prosody/prosody.cfg.lua
|
|
fi
|
|
echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
|
|
echo ' depth = "2";' >> /etc/prosody/prosody.cfg.lua
|
|
echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
|
|
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
|
|
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
echo " dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
|
|
else
|
|
echo " dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
|
|
fi
|
|
echo '}' >> /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'c2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
|
|
echo 's2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
echo 's2s_secure_auth = false' >> /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'authentication = "internal_hashed"' >> /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'storage = "sql"' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'sql = { driver = "SQLite3", database = "prosody.sqlite" }' >> /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'log = {' >> /etc/prosody/prosody.cfg.lua
|
|
echo ' info = "/dev/null";' >> /etc/prosody/prosody.cfg.lua
|
|
echo ' error = "/dev/null";' >> /etc/prosody/prosody.cfg.lua
|
|
echo ' { levels = { "error" }; to = "/dev/null"; };' >> /etc/prosody/prosody.cfg.lua
|
|
echo '}' >> /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
if [[ $ONION_ONLY != 'no' ]]; then
|
|
echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/prosody.cfg.lua
|
|
else
|
|
echo "VirtualHost \"${DEFAULT_DOMAIN_NAME}\"" >> /etc/prosody/prosody.cfg.lua
|
|
fi
|
|
echo ' ssl = {' >> /etc/prosody/prosody.cfg.lua
|
|
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
|
|
echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
|
|
else
|
|
echo " certificate = \"/etc/ssl/certs/xmpp.crt\";" >> /etc/prosody/prosody.cfg.lua
|
|
echo " key = \"/etc/ssl/private/xmpp.key\";" >> /etc/prosody/prosody.cfg.lua
|
|
fi
|
|
echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
|
|
echo ' depth = "2";' >> /etc/prosody/prosody.cfg.lua
|
|
echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
|
|
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
|
|
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
echo " dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
|
|
else
|
|
echo " dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
|
|
fi
|
|
echo ' }' >> /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'Include "conf.d/*.cfg.lua"' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'http_upload_path = "/var/lib/prosody/http_uploads"' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'http_upload_file_size_limit = 307200' >> /etc/prosody/prosody.cfg.lua
|
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
echo "Component \"chat.${DEFAULT_DOMAIN_NAME}\" \"muc\"" >> /etc/prosody/prosody.cfg.lua
|
|
echo ' name = "Chatrooms"' >> /etc/prosody/prosody.cfg.lua
|
|
echo ' modules_enabled = {' >> /etc/prosody/prosody.cfg.lua
|
|
echo ' "muc_limits";' >> /etc/prosody/prosody.cfg.lua
|
|
echo ' "muc_log";' >> /etc/prosody/prosody.cfg.lua
|
|
echo ' "mam_muc";' >> /etc/prosody/prosody.cfg.lua
|
|
echo ' "muc_log_http";' >> /etc/prosody/prosody.cfg.lua
|
|
echo ' }' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'storage = { muc_log = "sql"; }' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'sql = { driver = "SQLite3", database = "prosody.sqlite" }' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'muc_event_rate = 0.5;' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'muc_burst_factor = 10;' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'muc_log_by_default = false;' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'muc_log_all_rooms = false;' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'max_archive_query_results = 10;' >> /etc/prosody/prosody.cfg.lua
|
|
echo 'max_history_messages = 10;' >> /etc/prosody/prosody.cfg.lua
|
|
}
|
|
|
|
function install_xmpp_nightly {
|
|
if [ ! -d $INSTALL_DIR ]; then
|
|
mkdir -p $INSTALL_DIR
|
|
fi
|
|
|
|
cd $INSTALL_DIR
|
|
|
|
# Try to get the source from the project repo
|
|
if [ -f /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
|
|
cp /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
|
|
else
|
|
if [ -f /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
|
|
cp /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
|
|
else
|
|
wget $prosody_nightly_url
|
|
fi
|
|
fi
|
|
|
|
if [ ! -f ${INSTALL_DIR}/${prosody_filename}.tar.gz ]; then
|
|
echo $"Failed to download prosody nightly $prosody_nightly_url"
|
|
exit 78352
|
|
fi
|
|
|
|
hash_value=$(sha256sum ${INSTALL_DIR}/${prosody_filename}.tar.gz | awk -F ' ' '{print $1}')
|
|
if [[ "$hash_value" != "$prosody_nightly_hash" ]]; then
|
|
rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
|
|
echo $'Unexpected hash value for prosody nightly download'
|
|
exit 68224283
|
|
fi
|
|
|
|
tar -xzvf ${INSTALL_DIR}/${prosody_filename}.tar.gz
|
|
cd ${INSTALL_DIR}/${prosody_filename}
|
|
./configure --ostype=debian --prefix=/usr
|
|
make prefix=/usr
|
|
make prefix=/usr install
|
|
if [ -f /usr/local/bin/prosody ]; then
|
|
echo $'Failed to build prosody nightly to /usr/bin'
|
|
rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
|
|
rm -rf ${INSTALL_DIR}/${prosody_filename}
|
|
exit 628732
|
|
fi
|
|
rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
|
|
|
|
set_completion_param "prosody_filename" "${prosody_filename}"
|
|
}
|
|
|
|
function install_xmpp {
|
|
if [ ! -d $INSTALL_DIR ]; then
|
|
mkdir -p $INSTALL_DIR
|
|
fi
|
|
|
|
# remove any existing install attempt
|
|
if [ -f $INSTALL_DIR/$prosody_modules_filename ]; then
|
|
rm $INSTALL_DIR/$prosody_modules_filename
|
|
fi
|
|
if [ -d $INSTALL_DIR/prosody-modules ]; then
|
|
rm -rf $INSTALL_DIR/prosody-modules
|
|
fi
|
|
|
|
update_prosody_modules
|
|
|
|
# obtain a cert for the default domain
|
|
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
|
|
create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
|
|
if [[ $ONION_ONLY == 'no' ]]; then
|
|
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
|
|
echo $'LetsEncrypt cert could not be obtained for xmpp'
|
|
exit 72342
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
apt-get -yq install lua-sec lua-bitop lua5.1 liblua5.1-dev
|
|
apt-get -yq install libidn11-dev libssl-dev lua-dbi-sqlite3
|
|
apt-get -yq install mercurial
|
|
apt-get -yq install prosody
|
|
|
|
if [ ! -f /usr/bin/hg ]; then
|
|
echo $"Couldn't install mercurial"
|
|
exit 52825
|
|
fi
|
|
|
|
if [ ! -d /etc/prosody ]; then
|
|
echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
|
|
exit 52367
|
|
fi
|
|
|
|
groupadd prosody
|
|
|
|
if [ ! -d /var/lib/prosody/http_uploads ]; then
|
|
mkdir -p /var/lib/prosody/http_uploads
|
|
fi
|
|
if [ ! -d /etc/prosody/conf.d ]; then
|
|
mkdir -p /etc/prosody/conf.d
|
|
fi
|
|
|
|
chmod -R 700 /etc/prosody/conf.d
|
|
chown -R prosody /var/lib/prosody
|
|
chown -R prosody /etc/prosody/conf.d
|
|
|
|
# install modules
|
|
update_prosody_modules initial
|
|
if [ ! -d /var/lib/prosody/prosody-modules ]; then
|
|
echo $'No prosody modules available'
|
|
exit 82634
|
|
fi
|
|
|
|
# create a certificate
|
|
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
if [ ! -f /etc/ssl/certs/xmpp.crt ]; then
|
|
${PROJECT_NAME}-addcert -h xmpp --dhkey ${DH_KEYLENGTH}
|
|
check_certificates xmpp
|
|
if [ ! -f /etc/ssl/certs/xmpp.crt ]; then
|
|
echo $'Failed to create xmpp certificate'
|
|
exit 72352
|
|
fi
|
|
if [ ! -f /etc/ssl/private/xmpp.key ]; then
|
|
echo $'Failed to create xmpp private certificate'
|
|
exit 36829
|
|
fi
|
|
chmod g=rX /etc/ssl/private/xmpp.key
|
|
chmod g=rX /etc/ssl/certs/xmpp.*
|
|
fi
|
|
fi
|
|
|
|
groupadd default
|
|
chmod 600 /etc/shadow
|
|
chmod 600 /etc/gshadow
|
|
usermod -g default prosody
|
|
chmod 0000 /etc/shadow
|
|
chmod 0000 /etc/gshadow
|
|
|
|
chown root:default /etc/ssl/private/xmpp.*
|
|
chown root:default /etc/ssl/certs/xmpp.*
|
|
chown root:default /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.*
|
|
chown root:default /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*
|
|
|
|
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
|
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
|
|
sed -i "s|key =.*|key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
sed -i "s|certificate =.*|certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
else
|
|
sed -i "s|key =.*|key = \"/etc/ssl/private/xmpp.key\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
sed -i "s|certificate =.*|certificate = \"/etc/ssl/certs/xmpp.crt\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
fi
|
|
if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "1" ]]; then
|
|
sed -i "/certificate =/a\ dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
else
|
|
sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
fi
|
|
fi
|
|
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
sed -i '/certificate =/a\ options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
fi
|
|
if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
sed -i "/certificate =/a\ ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
fi
|
|
if ! grep -q 'depth = "2";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
sed -i '/certificate =/a\ depth = "2";' /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
fi
|
|
if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
sed -i "/certificate =/a\ curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
fi
|
|
|
|
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
|
if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
xmpp_modules /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
fi
|
|
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
if ! grep -q "c2s_require_encryption" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
else
|
|
sed -i 's|c2s_require_encryption.*|c2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
fi
|
|
if ! grep -q "s2s_require_encryption" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
else
|
|
sed -i 's|s2s_require_encryption.*|s2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
fi
|
|
if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
else
|
|
sed -i 's|allow_unencrypted_plain_auth.*|allow_unencrypted_plain_auth = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
fi
|
|
ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
|
|
|
|
if [ ! -d /var/lib/tor ]; then
|
|
echo $'No Tor installation found. xmpp onion site cannot be configured.'
|
|
exit 877367
|
|
fi
|
|
if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
|
|
echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc
|
|
echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc
|
|
echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc
|
|
echo $'Added onion site for xmpp chat'
|
|
fi
|
|
|
|
onion_update
|
|
wait_for_onion_service 'xmpp'
|
|
|
|
if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
|
|
echo $'xmpp onion site hostname not found'
|
|
exit 65349
|
|
fi
|
|
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
|
|
if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
echo ' modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
fi
|
|
set_completion_param "xmpp onion domain" "${XMPP_ONION_HOSTNAME}"
|
|
|
|
if [ -f $IMAGE_PASSWORD_FILE ]; then
|
|
XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
|
|
else
|
|
if [ ${#XMPP_PASSWORD} -lt 8 ]; then
|
|
XMPP_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
|
|
fi
|
|
fi
|
|
|
|
function_check configure_firewall_for_xmpp
|
|
configure_firewall_for_xmpp
|
|
xmpp_email_headers
|
|
|
|
update_default_domain
|
|
|
|
xmpp_create_config
|
|
|
|
# TODO comment this out after debian supports prosody 0.10 or later
|
|
install_xmpp_nightly
|
|
|
|
chown -R prosody /etc/prosody
|
|
chown -R prosody /var/lib/prosody
|
|
chown -R prosody /usr/lib/prosody
|
|
chmod -R 700 /etc/prosody/conf.d
|
|
usermod -a -G www-data prosody
|
|
|
|
if [ -d /etc/letsencrypt ]; then
|
|
usermod -a -G ssl-cert prosody
|
|
fi
|
|
apt-mark -q hold prosody
|
|
systemctl restart prosody
|
|
|
|
if [[ $ONION_ONLY != 'no' ]]; then
|
|
prosodyctl register $MY_USERNAME $XMPP_ONION_HOSTNAME "$XMPP_PASSWORD"
|
|
else
|
|
prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME "$XMPP_PASSWORD"
|
|
fi
|
|
if [ ! "$?" = "0" ]; then
|
|
echo ''
|
|
echo ''
|
|
systemctl status prosody -l
|
|
echo ''
|
|
echo ''
|
|
which prosody
|
|
which prosodyctl
|
|
echo ''
|
|
echo ''
|
|
cat /etc/prosody/prosody.cfg.lua
|
|
echo ''
|
|
echo ''
|
|
cat /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
echo ''
|
|
echo ''
|
|
#remove_xmpp
|
|
echo $'Unable to register prosody user'
|
|
exit 347682
|
|
fi
|
|
|
|
${PROJECT_NAME}-pass -u $MY_USERNAME -a xmpp -p "$XMPP_PASSWORD"
|
|
|
|
APP_INSTALLED=1
|
|
}
|
|
|
|
# NOTE: deliberately no exit 0
|