From 8cdb244d88103fb8c67ab8488c656d547f2a80af Mon Sep 17 00:00:00 2001 From: muppeth Date: Wed, 8 May 2024 01:34:54 +0200 Subject: [PATCH 1/8] changed certificate path variable handling --- defaults/main.yml | 2 +- templates/etc/prosody/conf.d/custom_component.cfg.lua.j2 | 4 ++-- templates/etc/prosody/conf.d/muc.cfg.lua.j2 | 4 ++-- templates/etc/prosody/conf.d/proxy65.cfg.lua.j2 | 4 ++-- templates/etc/prosody/conf.d/pubsub.cfg.lua.j2 | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 90566a1..cba3350 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -29,7 +29,7 @@ firewall_users_blocked: #PROSODY CONFIG prosody_allow_registration: 'false' -prosody_certificates: 'certs' +prosody_certificate_path: '/etc/letsencrypt/live' server_name: 'example.org' prosody_c2s_encryption: 'true' prosody_s2s_auth: 'false' diff --git a/templates/etc/prosody/conf.d/custom_component.cfg.lua.j2 b/templates/etc/prosody/conf.d/custom_component.cfg.lua.j2 index 7d78079..fc03e5b 100644 --- a/templates/etc/prosody/conf.d/custom_component.cfg.lua.j2 +++ b/templates/etc/prosody/conf.d/custom_component.cfg.lua.j2 @@ -11,7 +11,7 @@ Component "{{ item.name }}" {% if item.ssl %} -- SSL Settings ssl = { - key = "/etc/prosody/{{ prosody_certificates }}/{{ item.name }}/privkey.pem"; - certificate = "/etc/prosody/{{ prosody_certificates }}/{{ item.name }}/fullchain.pem"; + key = "{{ prosody_certificate_path }}/{{ item.name }}/privkey.pem"; + certificate = "{{ prosody_certificate_path }}/{{ item.name }}/fullchain.pem"; } {% endif %} diff --git a/templates/etc/prosody/conf.d/muc.cfg.lua.j2 b/templates/etc/prosody/conf.d/muc.cfg.lua.j2 index 73692ab..3df8681 100644 --- a/templates/etc/prosody/conf.d/muc.cfg.lua.j2 +++ b/templates/etc/prosody/conf.d/muc.cfg.lua.j2 @@ -29,8 +29,8 @@ modules_enabled = { -- SSL Settings ssl = { - key = "/etc/prosody/{{ prosody_certificates }}/{{ item.url }}/privkey.pem"; - certificate = "/etc/prosody/{{ prosody_certificates }}/{{ item.url }}/fullchain.pem"; + key = "{{ prosody_certificate_path }}/{{ item.url }}/privkey.pem"; + certificate = "{{ prosody_certificate_path }}/{{ item.url }}/fullchain.pem"; } {% endfor %} {% endif %} diff --git a/templates/etc/prosody/conf.d/proxy65.cfg.lua.j2 b/templates/etc/prosody/conf.d/proxy65.cfg.lua.j2 index 23a9109..4052ee2 100644 --- a/templates/etc/prosody/conf.d/proxy65.cfg.lua.j2 +++ b/templates/etc/prosody/conf.d/proxy65.cfg.lua.j2 @@ -7,6 +7,6 @@ Component "{{ prosody_proxy65_url }}" "proxy65" -- SSL Settings ssl = { - key = "/etc/prosody/{{ prosody_certificates }}/{{ prosody_proxy65_url }}/privkey.pem"; - certificate = "/etc/prosody/{{ prosody_certificates }}/{{ prosody_proxy65_url }}/fullchain.pem"; + key = "{{ prosody_certificate_path }}/{{ prosody_proxy65_url }}/privkey.pem"; + certificate = "{{ prosody_certificate_path }}/{{ prosody_proxy65_url }}/fullchain.pem"; } diff --git a/templates/etc/prosody/conf.d/pubsub.cfg.lua.j2 b/templates/etc/prosody/conf.d/pubsub.cfg.lua.j2 index fecf7d2..6fff5e8 100644 --- a/templates/etc/prosody/conf.d/pubsub.cfg.lua.j2 +++ b/templates/etc/prosody/conf.d/pubsub.cfg.lua.j2 @@ -33,6 +33,6 @@ feed = { -- SSL Settings ssl = { - key = "/etc/prosody/{{ prosody_certificates }}/{{ prosody_pubsub_url }}/privkey.pem"; - certificate = "/etc/prosody/{{ prosody_certificates }}/{{ prosody_pubsub_url }}/fullchain.pem"; + key = "{{ prosody_certificate_path }}/{{ prosody_pubsub_url }}/privkey.pem"; + certificate = "{{ prosody_certificate_path }}/{{ prosody_pubsub_url }}/fullchain.pem"; } From 62c957b8f31cdcf39e97707160997654e65b27d3 Mon Sep 17 00:00:00 2001 From: meaz Date: Sat, 13 Jul 2024 12:40:33 +0200 Subject: [PATCH 2/8] Fix how contact info vars are set --- README.MD | 2 +- defaults/mod.yml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.MD b/README.MD index 9cad0ba..365b07f 100644 --- a/README.MD +++ b/README.MD @@ -6,7 +6,7 @@ You can deploy a test instance using `Vagrantfile` attached to the role. This ro # Run in production To run this role in production, do not forget to set your DNS as explained [here](./DNS_configuration.md) and to change all vars from files in `default/` to what you need. -The role's defaults should be already dpeloying fully funcitonal and modern XMPP Server. It allows to add/remove any additional module (whether core or community). +The role's defaults should be already dpeloying fully functional and modern XMPP Server. It allows to add/remove any additional module (whether core or community). # Run test in Vagrant To have it work using vagrant: diff --git a/defaults/mod.yml b/defaults/mod.yml index 869e02d..6c3f1c8 100644 --- a/defaults/mod.yml +++ b/defaults/mod.yml @@ -224,11 +224,11 @@ prosody_modules: description: 'Provides contact addresses.' module_enabled: 'true' extra_options: - - 'contact_info = {' - - 'admin = { "mailto:{{ prosody_admins }}", "xmpp:{{ prosody_admins }}" };' - - 'abuse = { "mailto:{{ prosody_abuse_info }}", "xmpp:{{ prosody_abuse_info }}" };' - - 'support = { "mailto:{{ prosody_contact_info }}", "xmpp:{{ prosody_contact_info }}" };' - - '};' + - 'contact_info = {' + - 'admin = { {% for email in prosody_admins.split(",") %}"mailto:{{ email.strip() }}", "xmpp:{{ email.strip() }}"{% if not loop.last %}, {% endif %}{% endfor %} };' + - 'abuse = { {% for email in prosody_abuse_info.split(",") %}"mailto:{{ email.strip() }}", "xmpp:{{ email.strip() }}"{% if not loop.last %}, {% endif %}{% endfor %} };' + - 'support = { "mailto:{{ prosody_contact_info }}", "xmpp:{{ prosody_contact_info }}" };' + - '};' - name: 'turn_external' description: 'Audio/video call relay (STUN/TURN)' From 44c966b3cd29bfc77acecf692ef8c4e968a32289 Mon Sep 17 00:00:00 2001 From: meaz Date: Sat, 13 Jul 2024 12:41:45 +0200 Subject: [PATCH 3/8] remove apostrophes in contact addresses --- defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 90566a1..f3379e9 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,9 +3,9 @@ container_distribution: 'stretch' backports_uri: http://ftp.nl.debian.org/debian/ backports_components: "{{ container_distribution }}-backports main contrib non-free" -prosody_admins: "'admin@example.org'" -prosody_contact_info: "'support@example.org'" -prosody_abuse_info: "'abuse@example.org'" +prosody_admins: "admin@example.org" +prosody_contact_info: "support@example.org" +prosody_abuse_info: "abuse@example.org" prosody_core_modules_path: "/usr/lib/prosody/modules/" prosody_community_modules_path: "/usr/lib/prosody-modules" prosody_installer_plugin_path: '/etc/prosody/custom_scripts' From 7715a12145ba3e765d79180ee880a85ddbfffd7f Mon Sep 17 00:00:00 2001 From: meaz Date: Mon, 15 Jul 2024 22:56:19 +0200 Subject: [PATCH 4/8] fix typos --- README.MD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.MD b/README.MD index 365b07f..af8efb3 100644 --- a/README.MD +++ b/README.MD @@ -6,7 +6,7 @@ You can deploy a test instance using `Vagrantfile` attached to the role. This ro # Run in production To run this role in production, do not forget to set your DNS as explained [here](./DNS_configuration.md) and to change all vars from files in `default/` to what you need. -The role's defaults should be already dpeloying fully functional and modern XMPP Server. It allows to add/remove any additional module (whether core or community). +The role's defaults should be already deploying fully functional and modern XMPP Server. It allows to add/remove any additional module (whether core or community). # Run test in Vagrant To have it work using vagrant: @@ -15,7 +15,7 @@ To have it work using vagrant: - and `ansible-playbook -b Playbooks/prosody.yml` to deploy Prosody on the Virtual Environment. # Setup turnserver for viop -If you want to use viop, you need to set `turncredentials` to `true` in `default/mod.yml`. This feature depends on a third party service that needs to be installed seperatelly: coturn. To see how to set it, check [Prosody's documentation](https://prosody.im/doc/coturn) +If you want to use viop, you need to set `turncredentials` to `true` in `default/mod.yml`. This feature depends on a third party service that needs to be installed separately: coturn. To see how to set it, check [Prosody's documentation](https://prosody.im/doc/coturn) # Add LDAP authentication and vhosts To add LDAP authentication, edit `defaults/vhost.yml`, change `auth_method` from `internal_hashed` to `ldap` and change the LDAP vars in `prosody_ldap_config`. From d9132eafc9bdb2342a468544ec6f086118657c51 Mon Sep 17 00:00:00 2001 From: meaz Date: Tue, 16 Jul 2024 21:25:31 +0200 Subject: [PATCH 5/8] remove that part that is useless coz already defined at the end of the file --- templates/etc/prosody/prosody.cfg.lua.j2 | 8 -------- 1 file changed, 8 deletions(-) diff --git a/templates/etc/prosody/prosody.cfg.lua.j2 b/templates/etc/prosody/prosody.cfg.lua.j2 index 4488562..4220122 100644 --- a/templates/etc/prosody/prosody.cfg.lua.j2 +++ b/templates/etc/prosody/prosody.cfg.lua.j2 @@ -25,14 +25,6 @@ -- Example: admins = { "user1@example.com", "user2@example.net" } admins = { {{ prosody_admins }} } -{% for item in prosody_modules %} -{% if item.name == 'server_contact_info' %} -{% if item.module_enabled == 'false' %} -contact_info = { {{ prosody_contact_info }} } -{% endif %} -{% endif %} -{% endfor %} - interfaces ="{{ prosody_interfaces }}" -- Set interfaces prosody should listen on http_host = "{{ prosody_http_host }}" http_external_url = "{{ prosody_http_external_url }}" From ee45d46f10e6bb2365ce361deba11ec692d72a90 Mon Sep 17 00:00:00 2001 From: meaz Date: Tue, 16 Jul 2024 21:26:51 +0200 Subject: [PATCH 6/8] set contact, abuse and admins contact from main and set those in mod vars. --- defaults/main.yml | 3 +-- defaults/mod.yml | 10 +++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index f3379e9..5019fc3 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,8 +4,7 @@ backports_uri: http://ftp.nl.debian.org/debian/ backports_components: "{{ container_distribution }}-backports main contrib non-free" prosody_admins: "admin@example.org" -prosody_contact_info: "support@example.org" -prosody_abuse_info: "abuse@example.org" + prosody_core_modules_path: "/usr/lib/prosody/modules/" prosody_community_modules_path: "/usr/lib/prosody-modules" prosody_installer_plugin_path: '/etc/prosody/custom_scripts' diff --git a/defaults/mod.yml b/defaults/mod.yml index 6c3f1c8..079f4f8 100644 --- a/defaults/mod.yml +++ b/defaults/mod.yml @@ -224,11 +224,11 @@ prosody_modules: description: 'Provides contact addresses.' module_enabled: 'true' extra_options: - - 'contact_info = {' - - 'admin = { {% for email in prosody_admins.split(",") %}"mailto:{{ email.strip() }}", "xmpp:{{ email.strip() }}"{% if not loop.last %}, {% endif %}{% endfor %} };' - - 'abuse = { {% for email in prosody_abuse_info.split(",") %}"mailto:{{ email.strip() }}", "xmpp:{{ email.strip() }}"{% if not loop.last %}, {% endif %}{% endfor %} };' - - 'support = { "mailto:{{ prosody_contact_info }}", "xmpp:{{ prosody_contact_info }}" };' - - '};' + - 'contact_info = {' + - 'admin = { "xmpp:admin@example.org", "mailto:admin@example.org" };' + - 'abuse = { "xmpp:abuse@example.org", "mailto:abuse@example.org" };' + - 'support = { "xmpp:abuse@example.org", "mailto:abuse@example.org" };' + - '};' - name: 'turn_external' description: 'Audio/video call relay (STUN/TURN)' From 28065f6664470c91cf8760c4f10b06b7a43dc15f Mon Sep 17 00:00:00 2001 From: meaz Date: Fri, 19 Jul 2024 07:37:22 +0200 Subject: [PATCH 7/8] fix typo --- defaults/mod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/mod.yml b/defaults/mod.yml index 079f4f8..d9c0d5f 100644 --- a/defaults/mod.yml +++ b/defaults/mod.yml @@ -165,7 +165,7 @@ prosody_modules: description: 'Registration Redirect.' module_enabled: 'true' extra_options: - - 'registrarion_url = "https://registration.example.com"' + - 'registration_url = "https://registration.example.com"' - 'registration_text = "Your custom instructions banner here"' - name: 'mam' From c6fc936ede054a1f8cc87034a84a8ce2daa744f0 Mon Sep 17 00:00:00 2001 From: muppeth Date: Tue, 30 Jul 2024 21:51:18 +0200 Subject: [PATCH 8/8] small addition to readme (we need much better one btw); removed changelog; added requested change in PR #31 --- CHANGELOG.md | 6 ------ README.MD | 23 ++++++++++++++++++++++- Vagrantfile | 5 +---- defaults/main.yml | 2 +- 4 files changed, 24 insertions(+), 12 deletions(-) delete mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index 7566c62..0000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,6 +0,0 @@ -# Prosody role - Changelog - -- 22.01.2022 - Change from mod_http_upload to mod_http_file_share -- 05.05.2021 - Add mod muc_ban_ip -- 04.05.2021 - Add mods for better compatibility with siskin -- 14.02.2021 - Public release of this role diff --git a/README.MD b/README.MD index af8efb3..8ec8aa7 100644 --- a/README.MD +++ b/README.MD @@ -20,6 +20,27 @@ If you want to use viop, you need to set `turncredentials` to `true` in `default # Add LDAP authentication and vhosts To add LDAP authentication, edit `defaults/vhost.yml`, change `auth_method` from `internal_hashed` to `ldap` and change the LDAP vars in `prosody_ldap_config`. -This role supports multiple vhosts. +# Virtual hosts +This role supports multiple vhosts. In order to define them specify vhosts in `prosody_vhost` array. You can set number or settings. Make sure to provide certificates for each domain `prosody_certificate_path` eg: +``` + prosody_vhost: + - name: 'example.org' + enabled: 'true' + carbon_defaults: 'true' + auth_method: 'internal_hashed' + - name: 'example.com' + enabled: 'true' + carbon_defaults: 'true' + auth_method: 'ldap' + prosody_ldap_config: + - ldap_server: "{{ prosody_ldap_server }}" + ldap_rootdn: "{{ prosody_ldap_rootdn }}" + ldap_password: "{{ prosody_ldap_password }}" + ldap_basedn: "{{ prosody_ldap_basedn }}" + ldap_tls: "{{ prosody_ldap_tls }}" + ldap_mode: "{{ prosody_ldap_mode }}" +``` + +# Modules diff --git a/Vagrantfile b/Vagrantfile index 8fc530f..faf3c94 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -8,13 +8,10 @@ Vagrant.configure("2") do |config| #config.ssh.insert_key = false config.vm.define "prosody" do |prosody| - prosody.vm.box = "generic/debian11" + prosody.vm.box = "generic/debian12" prosody.vm.provider :libvirt do |libvirt| libvirt.memory = 256 end - prosody.vm.network "forwarded_port", guest: 80, host: 8884, host_ip: "192.168.33.5" - prosody.vm.network "forwarded_port", guest: 443, host: 4444, host_ip: "192.168.33.5" - prosody.vm.network "forwarded_port", guest: 8080, host: 8081, host_ip: "192.168.33.5" prosody.vm.network "private_network", ip: "192.168.33.5" config.vm.provision "shell", inline: "apt install acl" end diff --git a/defaults/main.yml b/defaults/main.yml index 36417ae..e7aa652 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,7 +3,7 @@ container_distribution: 'stretch' backports_uri: http://ftp.nl.debian.org/debian/ backports_components: "{{ container_distribution }}-backports main contrib non-free" -prosody_admins: "admin@example.org" +prosody_admins: "'admin@example.org'" prosody_core_modules_path: "/usr/lib/prosody/modules/" prosody_community_modules_path: "/usr/lib/prosody-modules"