Change from mod_http_upload to mod_http_file_share (#19)

see here: Disroot/Disroot-Project#203

As soon as we agree on this, I'll work on host_vars

Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: #19
Reviewed-by: antilopa <antilopa@no-reply@disroot.org>
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
Co-authored-by: meaz <meaz@no-reply@disroot.org>
Co-committed-by: meaz <meaz@no-reply@disroot.org>

CHANGELOG.md

@@ -1,5 +1,6 @@
 # Prosody role - Changelog
 
+- 22.01.2022 - Change from mod_http_upload to mod_http_file_share
 - 05.05.2021 - Add mod muc_ban_ip
 - 04.05.2021 - Add mods for better compatibility with siskin
 - 14.02.2021 - Public release of this role

Playbooks/prosody.yml

@@ -13,5 +13,5 @@
     - ../defaults/muc.yml
     - ../defaults/proxy.yml
     - ../defaults/pubsub.yml
-    - ../defaults/http_upload.yml
+    - ../defaults/http_file_share.yml
     - ../defaults/vhost.yml

defaults/http_file_share.yml

@@ -0,0 +1,11 @@
+## http_file_share
+prosody_http_file_share_enabled: 'true'
+
+prosody_http_file_share_component: 'upload.example.org'
+prosody_http_file_share_size_limit: "10*1024*1024"
+prosody_http_file_share_daily_quota: "100*1024*1024 -- 100 MiB per day per user"
+prosody_http_file_share_global_quota: "1024*1024*1024 -- 1 GiB total"
+prosody_http_file_share_expires_after: "7 * 86400 -- 1 week"
+prosody_http_file_share_allowed_file_types: "{} -- Access control"
+prosody_http_file_share_safe_file_types: '{"image/*","video/*","audio/*","text/plain"} -- Safe to show in-line in e.g. browsers'
+prosody_http_file_share_access: "{} -- Access control"

defaults/http_upload.yml

@@ -1,8 +0,0 @@
-## http_upload
-prosody_http_upload_enabled: 'false'
-
-# prosody_http_upload_component: upload.example.org
-# prosody_http_upload_file_size_limit = 10485760 -- 10MB
-# prosody_http_upload_expire_after = 15780000 -- 6 month in seconds
-# prosody_http_upload_path = "/srv/prosody/files"
-# prosody_http_upload_quota = 1234 --bytes, maximum size of all uploaded files per user

defaults/mod.yml

@@ -205,7 +205,7 @@ prosody_modules:
 
   - name: 'nodeinfo2'
     description: 'This module exposes a nodeinfo2 .well-known URL for use e.g. from the-federation.info.'
-    module_enabled: 'true'
+    module_enabled: 'false'
     extra_options:
       - 'nodeinfo2_expose_users = false -- if you don’t want to expose statistics about the amount of users you host'
       - 'nodeinfo2_expose_posts = false -- if you don’t want to expose statistics about the amount of messages being exchanged by your users'
@@ -252,22 +252,13 @@ prosody_modules:
     description: 'Can efficiently block, bounce, drop, forward, copy, redirect stanzas and more.'
     module_enabled: '{{ firewall_module_enabled }}'
     extra_options:
-      - 'firewall_scripts = { "{{ prosody_community_modules_path }}/mod_firewall/scripts/spam-blocking.pfw", "{{ prosody_custom_script_path }}/servers_blocklist.pfw", "{{ prosody_custom_script_path }}/users_blocklist.pfw", "{{ prosody_custom_script_path }}/invite_from_muc.pfw }'
+      - 'firewall_scripts = { "{{ prosody_community_modules_path }}/mod_firewall/scripts/spam-blocking.pfw", "{{ prosody_custom_script_path }}/servers_blocklist.pfw", "{{ prosody_custom_script_path }}/users_blocklist.pfw", "{{ prosody_custom_script_path }}/invite_from_muc.pfw" }'
 # spam-blocking.pfw is the default Prosody one, needed by the two following
 
   - name: 'http_altconnect'
     description: 'This module helps make BOSH and WebSocket connection endpoints discoverable via the HTTP'
     module_enabled: 'true'
 
-  - name: 'http_upload'
-    description: 'Upload files via http'
-    module_enabled: 'true'
-    extra_options:
-      - 'http_upload_file_size_limit = 1024*1024 --bytes'
-      - 'http_upload_expire_after = 60 * 60 * 24 * 7 -- a week in seconds'
-      - 'http_upload_path = "/srv/prosody/files"'
-      - 'http_upload_quota = 1234 -- bytes, maximum size of all uploaded files per user'
-
   - name: 'admin_blocklist'
     description: 'This module uses the blocklists set by admins for blocking s2s connections'
     module_enabled: 'true'

tasks/configure.yml

@@ -55,11 +55,11 @@
   notify:
     restart prosody
 
-- name: '[Configure] - Deploy http_upload'
+- name: '[Configure] - Deploy http_file_share'
   template:
-    src: etc/prosody/conf.d/http_upload.cfg.lua.j2
-    dest: /etc/prosody/conf.d/http_upload.cfg.lua
-  when: prosody_http_upload_enabled == 'true'
+    src: etc/prosody/conf.d/http_file_share.cfg.lua.j2
+    dest: /etc/prosody/conf.d/http_file_share.cfg.lua
+  when: prosody_http_file_share_enabled == 'true'
   notify:
     restart prosody
 

tasks/install.yml

@@ -18,7 +18,7 @@
       - 'lua-cyrussasl'
       - 'lua-dbi-common'
       - 'lua-dbi-mysql'
-      - 'lua-dbi-{{ prosody_sql_driver }}''
+      - 'lua-dbi-{{ prosody_sql_driver }}'
       - 'lua-event'
       - 'lua-ldap'
       - 'lua-sec'

templates/etc/prosody/conf.d/http_file_share.cfg.lua.j2

@@ -0,0 +1,12 @@
+-- {{ ansible_managed }}
+
+-- Component config for http_file_share
+Component "{{ prosody_http_file_share_component }}" "http_file_share"
+
+http_file_share_size_limit = {{ prosody_http_file_share_size_limit }}
+http_file_share_daily_quota = {{ prosody_http_file_share_daily_quota }}
+http_file_share_global_quota = {{ prosody_http_file_share_global_quota }}
+http_file_share_expires_after = {{ prosody_http_file_share_expires_after }}
+http_file_share_allowed_file_types = {{ prosody_http_file_share_allowed_file_types }}
+http_file_share_safe_file_types = {{ prosody_http_file_share_safe_file_types }}
+http_file_share_access = {{ prosody_http_file_share_access }}

templates/etc/prosody/conf.d/http_upload.cfg.lua.j2

@@ -1,10 +0,0 @@
--- {{ ansible_managed }}
-
--- Component config for http_upload
-Component "{{ prosody_http_upload_component }}" "http_upload"
-  http_host = "{{ prosody_http_host }}"
-
-http_upload_file_size_limit = {{ prosody_http_upload_file_size_limit }} -- 10MB
-http_upload_expire_after = {{ prosody_http_upload_expire_after }} -- 6 month in seconds
-http_upload_path = {{ prosody_http_upload_path }}
-http_upload_quota = {{ prosody_http_upload_quota }}