switched vagrant to debian11; fixed http related variables; fixed http-file-share

2022-09-05 23:23:43 +02:00 · 2022-09-05 23:23:43 +02:00 · bae19cf270
parent 034ebc4ebb
commit bae19cf270
11 changed files with 52 additions and 23 deletions
--- a/2
+++ b/2
@ -8,7 +8,7 @@
 Vagrant.configure("2") do |config|
  #config.ssh.insert_key = false
  config.vm.define "prosody" do |prosody|
-    prosody.vm.box = "generic/debian10"
+    prosody.vm.box = "generic/debian11"
    prosody.vm.provider :libvirt do |libvirt|
      libvirt.memory = 256
    end
--- a/defaults/bosh.yml
+++ b/defaults/bosh.yml
@ -1,6 +1,5 @@
 ## BOSH
 prosody_bosh_enabled: 'true' # used in configure.yml
-prosody_http_ports: '5281, 5280 '
 prosody_bosh_max_inactivity: '60'
 prosody_bosh_secure: 'true'
 prosody_ssl_key: '/path/to/key'
--- a/defaults/http_file_share.yml
+++ b/defaults/http_file_share.yml
@ -2,10 +2,25 @@
 prosody_http_file_share_enabled: 'true'

 prosody_http_file_share_component: 'upload.example.org'
-prosody_http_file_share_size_limit: "10*1024*1024"
-prosody_http_file_share_daily_quota: "100*1024*1024 -- 100 MiB per day per user"
-prosody_http_file_share_global_quota: "1024*1024*1024 -- 1 GiB total"
-prosody_http_file_share_expires_after: "7 * 86400 -- 1 week"
-prosody_http_file_share_allowed_file_types: "{} -- Access control"
-prosody_http_file_share_safe_file_types: '{"image/*","video/*","audio/*","text/plain"} -- Safe to show in-line in e.g. browsers'
-prosody_http_file_share_access: "{} -- Access control"
+prosody_http_file_share_options:
+  - name: 'http_file_share_size_limit'
+    value: '10*1024*1024'
+    description: '10MB file upload limit'
+  - name: 'http_file_share_daily_quota'
+    value: '100*1024*1024'
+    description: '100 MiB per day per user'
+  - name: 'http_file_share_global_quota'
+    value: '1024*1024*1024'
+    description: '1 GiB total'
+  - name: 'http_file_share_expires_after'
+    value: '7 * 86400'
+    description: '1 week'
+  - name: 'http_file_share_allowed_file_types'
+    value: '{}'
+    description: 'Access control'
+  - name: 'http_file_share_safe_file_types'
+    value: '{"image/*","video/*","audio/*","text/plain"}'
+    description: 'Safe to show in-line in e.g. browsers'
+  - name: 'http_file_share_access'
+    value: '{}'
+    description: 'Access control'
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -41,6 +41,15 @@ prosody_storage: 'internal'
 prosody_network_backend: "epoll"
 prosody_http_host: "example.org"
 prosody_http_external_url: "https://example.org"
+prosody_http_interfaces: '*'
+prosody_http_ports: '5281, 5280 '
+prosody_http_paths:
+  - name: 'files'
+    path: '/files/'
+  - name: 'bosh'
+    path: '/http-bind'
+  - name: 'file_share'
+    path: '/upload'
 prosody_archive_expires_after: '1w'

 #If using sql storage
--- a/defaults/mod.yml
+++ b/defaults/mod.yml
@ -110,6 +110,10 @@ prosody_modules:
  - name: 'admin_adhoc'
    description: 'Allows administration via an XMPP client that supports ad-hoc commands'
    module_enabled: 'true'
+  
+  - name: 'admin_shell'
+    description: 'Allows administration via command shell'
+    module_enabled: 'true'

  - name: 'bosh'
    description: 'Enable BOSH clients'
@ -238,7 +242,7 @@ prosody_modules:
    description: 'Can efficiently block, bounce, drop, forward, copy, redirect stanzas and more.'
    module_enabled: '{{ firewall_module_enabled }}'
    extra_options:
-      - 'firewall_scripts = { "{{ prosody_community_modules_path }}/mod_firewall/scripts/spam-blocking.pfw", "{{ prosody_custom_script_path }}/servers_blocklist.pfw", "{{ prosody_custom_script_path }}/users_blocklist.pfw", "{{ prosody_custom_script_path }}/invite_from_muc.pfw" }'
+      - 'firewall_scripts = { "{{ prosody_community_modules_path }}/mod_firewall/scripts/spam-blocking.pfw", "{{ prosody_installer_plugin_path }}/servers_blocklist.pfw", "{{ prosody_installer_plugin_path }}/users_blocklist.pfw", "{{ prosody_installer_plugin_path }}/invite_from_muc.pfw" }'
 # spam-blocking.pfw is the default Prosody one, needed by the two following

  - name: 'http_altconnect'
--- a/tasks/firewall.yml
+++ b/tasks/firewall.yml
@ -2,7 +2,7 @@

 - name: '[Firewall] - Make sure that script directory exists'
  file:
-    path: "{{ prosody_custom_script_path }}"
+    path: "{{ prosody_installer_plugin_path }}"
    state: directory
    owner: root
    group: prosody
@ -11,7 +11,7 @@
 - name: '[Firewall] - Deploy Firewall scripts'
  template:
    src: "etc/prosody/custom_scripts/{{ item }}.j2"
-    dest: "{{ prosody_custom_script_path }}/{{ item }}"
+    dest: "{{ prosody_installer_plugin_path }}/{{ item }}"
    owner: root
    group: prosody
    mode: 0644
@ -24,7 +24,7 @@
 - name: '[Firewall] - Deploy Firewall lists'
  template:
    src: "etc/prosody/custom_scripts/{{ item }}.j2"
-    dest: "{{ prosody_custom_script_path }}/{{ item }}"
+    dest: "{{ prosody_installer_plugin_path }}/{{ item }}"
    owner: root
    group: prosody
    mode: 0644
--- a/templates/etc/prosody/conf.d/bosh.cfg.lua.j2
+++ b/templates/etc/prosody/conf.d/bosh.cfg.lua.j2
@ -1,7 +1,6 @@
 -- {{ ansible_managed }}

 --BOSH setting
-http_ports = { {{ prosody_http_ports }} }
 bosh_max_inactivity = {{ prosody_bosh_max_inactivity }}
 consider_bosh_secure = {{ prosody_bosh_secure }} -- Use if proxying HTTPS->HTTP on the server side

--- a/templates/etc/prosody/conf.d/http_file_share.cfg.lua.j2
+++ b/templates/etc/prosody/conf.d/http_file_share.cfg.lua.j2
@ -3,10 +3,6 @@
 -- Component config for http_file_share
 Component "{{ prosody_http_file_share_component }}" "http_file_share"

-http_file_share_size_limit = {{ prosody_http_file_share_size_limit }}
-http_file_share_daily_quota = {{ prosody_http_file_share_daily_quota }}
-http_file_share_global_quota = {{ prosody_http_file_share_global_quota }}
-http_file_share_expires_after = {{ prosody_http_file_share_expires_after }}
-http_file_share_allowed_file_types = {{ prosody_http_file_share_allowed_file_types }}
-http_file_share_safe_file_types = {{ prosody_http_file_share_safe_file_types }}
-http_file_share_access = {{ prosody_http_file_share_access }}
+{% for item in prosody_http_file_share_options %}
+{{ item.name }} = {{ item.value }} -- {{ item.description }}
+{% endfor %}
--- a/templates/etc/prosody/custom_scripts/servers_blocklist.pfw.j2
+++ b/templates/etc/prosody/custom_scripts/servers_blocklist.pfw.j2
@ -3,7 +3,7 @@
 # rules will be checked against the blocklist.txt file
 # Check mod_firewall/scripts/spam-blocking.pfw

-%LIST blocklist: file:{{ prosody_custom_script_path }}/servers_blocklist.txt
+%LIST blocklist: file:{{ prosody_installer_plugin_path }}/servers_blocklist.txt

 ::user/spam_handle_unknown_custom

--- a/templates/etc/prosody/custom_scripts/users_blocklist.pfw.j2
+++ b/templates/etc/prosody/custom_scripts/users_blocklist.pfw.j2
@ -3,7 +3,7 @@
 # rules will be checked against the blocklist.txt file
 # Check mod_firewall/scripts/spam-blocking.pfw

-%LIST blocklist: file:{{ prosody_custom_script_path }}/users_blocklist.txt
+%LIST blocklist: file:{{ prosody_installer_plugin_path }}/users_blocklist.txt

 ::user/spam_handle_unknown_custom

--- a/templates/etc/prosody/prosody.cfg.lua.j2
+++ b/templates/etc/prosody/prosody.cfg.lua.j2
@ -35,6 +35,13 @@ contact_info = { {{ prosody_contact_info }} }

 http_host = "{{ prosody_http_host }}"
 http_external_url = "{{ prosody_http_external_url }}"
+http_ports = "{{ prosody_http_ports }}"
+http_interfaces = { "{{ prosody_http_interfaces }}" }
+http_paths = {
+{% for item in prosody_http_paths %}
+  {{ item.name }} = "{{ item.path }}";
+{% endfor %}
+  }

 -- See https://prosody.im/doc/configure
 c2s_direct_tls_ports = { {{ prosody_c2s_direct_tls_ports }} }