From bae19cf2707347a6c2728afae87bde84a49a6b4d Mon Sep 17 00:00:00 2001
From: muppeth <muppeth@disroot.org>
Date: Mon, 5 Sep 2022 23:23:43 +0200
Subject: [PATCH] switched vagrant to debian11; fixed http related variables;
 fixed http-file-share

---
 Vagrantfile                                   |  2 +-
 defaults/bosh.yml                             |  1 -
 defaults/http_file_share.yml                  | 29 ++++++++++++++-----
 defaults/main.yml                             |  9 ++++++
 defaults/mod.yml                              |  6 +++-
 tasks/firewall.yml                            |  6 ++--
 templates/etc/prosody/conf.d/bosh.cfg.lua.j2  |  1 -
 .../prosody/conf.d/http_file_share.cfg.lua.j2 | 10 ++-----
 .../custom_scripts/servers_blocklist.pfw.j2   |  2 +-
 .../custom_scripts/users_blocklist.pfw.j2     |  2 +-
 templates/etc/prosody/prosody.cfg.lua.j2      |  7 +++++
 11 files changed, 52 insertions(+), 23 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index 1c44734..15689ae 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -8,7 +8,7 @@
 Vagrant.configure("2") do |config|
   #config.ssh.insert_key = false
   config.vm.define "prosody" do |prosody|
-    prosody.vm.box = "generic/debian10"
+    prosody.vm.box = "generic/debian11"
     prosody.vm.provider :libvirt do |libvirt|
       libvirt.memory = 256
     end
diff --git a/defaults/bosh.yml b/defaults/bosh.yml
index 20418b7..ebf5225 100644
--- a/defaults/bosh.yml
+++ b/defaults/bosh.yml
@@ -1,6 +1,5 @@
 ## BOSH
 prosody_bosh_enabled: 'true' # used in configure.yml
-prosody_http_ports: '5281, 5280 '
 prosody_bosh_max_inactivity: '60'
 prosody_bosh_secure: 'true'
 prosody_ssl_key: '/path/to/key'
diff --git a/defaults/http_file_share.yml b/defaults/http_file_share.yml
index c370794..fbc090d 100644
--- a/defaults/http_file_share.yml
+++ b/defaults/http_file_share.yml
@@ -2,10 +2,25 @@
 prosody_http_file_share_enabled: 'true'
 
 prosody_http_file_share_component: 'upload.example.org'
-prosody_http_file_share_size_limit: "10*1024*1024"
-prosody_http_file_share_daily_quota: "100*1024*1024 -- 100 MiB per day per user"
-prosody_http_file_share_global_quota: "1024*1024*1024 -- 1 GiB total"
-prosody_http_file_share_expires_after: "7 * 86400 -- 1 week"
-prosody_http_file_share_allowed_file_types: "{} -- Access control"
-prosody_http_file_share_safe_file_types: '{"image/*","video/*","audio/*","text/plain"} -- Safe to show in-line in e.g. browsers'
-prosody_http_file_share_access: "{} -- Access control"
+prosody_http_file_share_options:
+  - name: 'http_file_share_size_limit'
+    value: '10*1024*1024'
+    description: '10MB file upload limit'
+  - name: 'http_file_share_daily_quota'
+    value: '100*1024*1024'
+    description: '100 MiB per day per user'
+  - name: 'http_file_share_global_quota'
+    value: '1024*1024*1024'
+    description: '1 GiB total'
+  - name: 'http_file_share_expires_after'
+    value: '7 * 86400'
+    description: '1 week'
+  - name: 'http_file_share_allowed_file_types'
+    value: '{}'
+    description: 'Access control'
+  - name: 'http_file_share_safe_file_types'
+    value: '{"image/*","video/*","audio/*","text/plain"}'
+    description: 'Safe to show in-line in e.g. browsers'
+  - name: 'http_file_share_access'
+    value: '{}'
+    description: 'Access control'
diff --git a/defaults/main.yml b/defaults/main.yml
index bb744c4..dc8a1da 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -41,6 +41,15 @@ prosody_storage: 'internal'
 prosody_network_backend: "epoll"
 prosody_http_host: "example.org"
 prosody_http_external_url: "https://example.org"
+prosody_http_interfaces: '*'
+prosody_http_ports: '5281, 5280 '
+prosody_http_paths:
+  - name: 'files'
+    path: '/files/'
+  - name: 'bosh'
+    path: '/http-bind'
+  - name: 'file_share'
+    path: '/upload'
 prosody_archive_expires_after: '1w'
 
 #If using sql storage
diff --git a/defaults/mod.yml b/defaults/mod.yml
index 9779ef7..afa901b 100644
--- a/defaults/mod.yml
+++ b/defaults/mod.yml
@@ -110,6 +110,10 @@ prosody_modules:
   - name: 'admin_adhoc'
     description: 'Allows administration via an XMPP client that supports ad-hoc commands'
     module_enabled: 'true'
+  
+  - name: 'admin_shell'
+    description: 'Allows administration via command shell'
+    module_enabled: 'true'
 
   - name: 'bosh'
     description: 'Enable BOSH clients'
@@ -238,7 +242,7 @@ prosody_modules:
     description: 'Can efficiently block, bounce, drop, forward, copy, redirect stanzas and more.'
     module_enabled: '{{ firewall_module_enabled }}'
     extra_options:
-      - 'firewall_scripts = { "{{ prosody_community_modules_path }}/mod_firewall/scripts/spam-blocking.pfw", "{{ prosody_custom_script_path }}/servers_blocklist.pfw", "{{ prosody_custom_script_path }}/users_blocklist.pfw", "{{ prosody_custom_script_path }}/invite_from_muc.pfw" }'
+      - 'firewall_scripts = { "{{ prosody_community_modules_path }}/mod_firewall/scripts/spam-blocking.pfw", "{{ prosody_installer_plugin_path }}/servers_blocklist.pfw", "{{ prosody_installer_plugin_path }}/users_blocklist.pfw", "{{ prosody_installer_plugin_path }}/invite_from_muc.pfw" }'
 # spam-blocking.pfw is the default Prosody one, needed by the two following
 
   - name: 'http_altconnect'
diff --git a/tasks/firewall.yml b/tasks/firewall.yml
index fea7f6e..7862a0c 100644
--- a/tasks/firewall.yml
+++ b/tasks/firewall.yml
@@ -2,7 +2,7 @@
 
 - name: '[Firewall] - Make sure that script directory exists'
   file:
-    path: "{{ prosody_custom_script_path }}"
+    path: "{{ prosody_installer_plugin_path }}"
     state: directory
     owner: root
     group: prosody
@@ -11,7 +11,7 @@
 - name: '[Firewall] - Deploy Firewall scripts'
   template:
     src: "etc/prosody/custom_scripts/{{ item }}.j2"
-    dest: "{{ prosody_custom_script_path }}/{{ item }}"
+    dest: "{{ prosody_installer_plugin_path }}/{{ item }}"
     owner: root
     group: prosody
     mode: 0644
@@ -24,7 +24,7 @@
 - name: '[Firewall] - Deploy Firewall lists'
   template:
     src: "etc/prosody/custom_scripts/{{ item }}.j2"
-    dest: "{{ prosody_custom_script_path }}/{{ item }}"
+    dest: "{{ prosody_installer_plugin_path }}/{{ item }}"
     owner: root
     group: prosody
     mode: 0644
diff --git a/templates/etc/prosody/conf.d/bosh.cfg.lua.j2 b/templates/etc/prosody/conf.d/bosh.cfg.lua.j2
index ea89d9f..28c7a41 100644
--- a/templates/etc/prosody/conf.d/bosh.cfg.lua.j2
+++ b/templates/etc/prosody/conf.d/bosh.cfg.lua.j2
@@ -1,7 +1,6 @@
 -- {{ ansible_managed }}
 
 --BOSH setting
-http_ports = { {{ prosody_http_ports }} }
 bosh_max_inactivity = {{ prosody_bosh_max_inactivity }}
 consider_bosh_secure = {{ prosody_bosh_secure }} -- Use if proxying HTTPS->HTTP on the server side
 
diff --git a/templates/etc/prosody/conf.d/http_file_share.cfg.lua.j2 b/templates/etc/prosody/conf.d/http_file_share.cfg.lua.j2
index d160d17..aa59607 100644
--- a/templates/etc/prosody/conf.d/http_file_share.cfg.lua.j2
+++ b/templates/etc/prosody/conf.d/http_file_share.cfg.lua.j2
@@ -3,10 +3,6 @@
 -- Component config for http_file_share
 Component "{{ prosody_http_file_share_component }}" "http_file_share"
 
-http_file_share_size_limit = {{ prosody_http_file_share_size_limit }}
-http_file_share_daily_quota = {{ prosody_http_file_share_daily_quota }}
-http_file_share_global_quota = {{ prosody_http_file_share_global_quota }}
-http_file_share_expires_after = {{ prosody_http_file_share_expires_after }}
-http_file_share_allowed_file_types = {{ prosody_http_file_share_allowed_file_types }}
-http_file_share_safe_file_types = {{ prosody_http_file_share_safe_file_types }}
-http_file_share_access = {{ prosody_http_file_share_access }}
+{% for item in prosody_http_file_share_options %}
+{{ item.name }} = {{ item.value }} -- {{ item.description }}
+{% endfor %}
diff --git a/templates/etc/prosody/custom_scripts/servers_blocklist.pfw.j2 b/templates/etc/prosody/custom_scripts/servers_blocklist.pfw.j2
index a752363..4418f94 100644
--- a/templates/etc/prosody/custom_scripts/servers_blocklist.pfw.j2
+++ b/templates/etc/prosody/custom_scripts/servers_blocklist.pfw.j2
@@ -3,7 +3,7 @@
 # rules will be checked against the blocklist.txt file
 # Check mod_firewall/scripts/spam-blocking.pfw
 
-%LIST blocklist: file:{{ prosody_custom_script_path }}/servers_blocklist.txt
+%LIST blocklist: file:{{ prosody_installer_plugin_path }}/servers_blocklist.txt
 
 ::user/spam_handle_unknown_custom
 
diff --git a/templates/etc/prosody/custom_scripts/users_blocklist.pfw.j2 b/templates/etc/prosody/custom_scripts/users_blocklist.pfw.j2
index 49f5219..babffda 100644
--- a/templates/etc/prosody/custom_scripts/users_blocklist.pfw.j2
+++ b/templates/etc/prosody/custom_scripts/users_blocklist.pfw.j2
@@ -3,7 +3,7 @@
 # rules will be checked against the blocklist.txt file
 # Check mod_firewall/scripts/spam-blocking.pfw
 
-%LIST blocklist: file:{{ prosody_custom_script_path }}/users_blocklist.txt
+%LIST blocklist: file:{{ prosody_installer_plugin_path }}/users_blocklist.txt
 
 ::user/spam_handle_unknown_custom
 
diff --git a/templates/etc/prosody/prosody.cfg.lua.j2 b/templates/etc/prosody/prosody.cfg.lua.j2
index 51e02ae..dd187b1 100644
--- a/templates/etc/prosody/prosody.cfg.lua.j2
+++ b/templates/etc/prosody/prosody.cfg.lua.j2
@@ -35,6 +35,13 @@ contact_info = { {{ prosody_contact_info }} }
 
 http_host = "{{ prosody_http_host }}"
 http_external_url = "{{ prosody_http_external_url }}"
+http_ports = "{{ prosody_http_ports }}"
+http_interfaces = { "{{ prosody_http_interfaces }}" }
+http_paths = {
+{% for item in prosody_http_paths %}
+  {{ item.name }} = "{{ item.path }}";
+{% endfor %}
+  }
 
 -- See https://prosody.im/doc/configure
 c2s_direct_tls_ports = { {{ prosody_c2s_direct_tls_ports }} }