Merge pull request 'Merging recent changes in staging into main' (#34) from staging into main

Reviewed-on: #34
Reviewed-by: meaz <meaz@no-reply@disroot.org>

CHANGELOG.md

@@ -1,6 +0,0 @@
-# Prosody role - Changelog
-
-- 22.01.2022 - Change from mod_http_upload to mod_http_file_share
-- 05.05.2021 - Add mod muc_ban_ip
-- 04.05.2021 - Add mods for better compatibility with siskin
-- 14.02.2021 - Public release of this role

README.MD

@@ -6,7 +6,7 @@ You can deploy a test instance using `Vagrantfile` attached to the role. This ro
 # Run in production
 To run this role in production, do not forget to set your DNS as explained [here](./DNS_configuration.md) and to change all vars from files in `default/` to what you need.
 
-The role's defaults should be already dpeloying fully funcitonal and modern XMPP Server. It allows to add/remove any additional module (whether core or community). 
+The role's defaults should be already deploying fully functional and modern XMPP Server. It allows to add/remove any additional module (whether core or community). 
 
 # Run test in Vagrant
 To have it work using vagrant:
@@ -15,11 +15,32 @@ To have it work using vagrant:
   - and `ansible-playbook -b Playbooks/prosody.yml` to deploy Prosody on the Virtual Environment.
 
 # Setup turnserver for viop
-If you want to use viop, you need to set `turncredentials` to `true` in `default/mod.yml`. This feature depends on a third party service that needs to be installed seperatelly: coturn. To see how to set it, check [Prosody's documentation](https://prosody.im/doc/coturn)
+If you want to use viop, you need to set `turncredentials` to `true` in `default/mod.yml`. This feature depends on a third party service that needs to be installed separately: coturn. To see how to set it, check [Prosody's documentation](https://prosody.im/doc/coturn)
 
 # Add LDAP authentication and vhosts
 To add LDAP authentication, edit `defaults/vhost.yml`, change `auth_method` from `internal_hashed` to `ldap` and change the LDAP vars in `prosody_ldap_config`.
 
-This role supports multiple vhosts. 
+# Virtual hosts
+This role supports multiple vhosts.  In order to define them specify vhosts in `prosody_vhost` array. You can set number or settings. Make sure to provide certificates for each domain `prosody_certificate_path` eg:
+```
 
+ prosody_vhost:
+   - name: 'example.org'
+     enabled: 'true'
+     carbon_defaults: 'true'
+     auth_method: 'internal_hashed'
+   - name: 'example.com'
+     enabled: 'true'
+     carbon_defaults: 'true'
+     auth_method: 'ldap'
+     prosody_ldap_config:
+       - ldap_server: "{{ prosody_ldap_server }}"
+         ldap_rootdn: "{{ prosody_ldap_rootdn }}"
+         ldap_password: "{{ prosody_ldap_password }}"
+         ldap_basedn: "{{ prosody_ldap_basedn }}"
+         ldap_tls: "{{ prosody_ldap_tls }}"
+         ldap_mode: "{{ prosody_ldap_mode }}"
+```
+
+# Modules 
 

Vagrantfile

@@ -8,13 +8,10 @@
 Vagrant.configure("2") do |config|
   #config.ssh.insert_key = false
   config.vm.define "prosody" do |prosody|
-    prosody.vm.box = "generic/debian11"
+    prosody.vm.box = "generic/debian12"
     prosody.vm.provider :libvirt do |libvirt|
       libvirt.memory = 256
     end
-    prosody.vm.network "forwarded_port", guest: 80, host: 8884, host_ip: "192.168.33.5"
-    prosody.vm.network "forwarded_port", guest: 443, host: 4444, host_ip: "192.168.33.5"
-    prosody.vm.network "forwarded_port", guest: 8080, host: 8081, host_ip: "192.168.33.5"
     prosody.vm.network "private_network", ip: "192.168.33.5"
     config.vm.provision "shell", inline: "apt install acl"
 end

defaults/main.yml

@@ -4,15 +4,15 @@ backports_uri: http://ftp.nl.debian.org/debian/
 backports_components: "{{ container_distribution }}-backports main contrib non-free"
 
 prosody_admins: "'admin@example.org'"
-prosody_contact_info: "'support@example.org'"
-prosody_abuse_info: "'abuse@example.org'"
+
 prosody_core_modules_path: "/usr/lib/prosody/modules/"
 prosody_community_modules_path: "/usr/lib/prosody-modules"
 prosody_installer_plugin_path: '/etc/prosody/custom_scripts'
 prosody_statistics: ''
 prosody_direct_tls_ports: 5223
 prosody_c2s_direct_tls_ports: 5223
-prosody_s2s_direct_tls_ports: 5269
+prosody_s2s_direct_tls_ports: 5270
+prosody_interfaces: '*'
 
 firewall_module_enabled: 'true'
 
@@ -28,7 +28,7 @@ firewall_users_blocked:
 
 #PROSODY CONFIG
 prosody_allow_registration: 'false'
-prosody_certificates: 'certs'
+prosody_certificate_path: '/etc/letsencrypt/live'
 server_name: 'example.org'
 prosody_c2s_encryption: 'true'
 prosody_s2s_auth: 'false'

defaults/mod.yml

@@ -165,7 +165,7 @@ prosody_modules:
     description: 'Registration Redirect.'
     module_enabled: 'true'
     extra_options:
-      - 'registrarion_url = "https://registration.example.com"'
+      - 'registration_url = "https://registration.example.com"'
       - 'registration_text = "Your custom instructions banner here"'
 
   - name: 'mam'
@@ -225,9 +225,9 @@ prosody_modules:
     module_enabled: 'true'
     extra_options:
       - 'contact_info = {'
-      - 'admin = { "mailto:{{ prosody_admins }}", "xmpp:{{ prosody_admins }}" };'
-      - 'abuse = { "mailto:{{ prosody_abuse_info }}", "xmpp:{{ prosody_abuse_info }}" };'
-      - 'support = { "mailto:{{ prosody_contact_info }}", "xmpp:{{ prosody_contact_info }}" };'
+      - 'admin = { "xmpp:admin@example.org", "mailto:admin@example.org" };'
+      - 'abuse = { "xmpp:abuse@example.org", "mailto:abuse@example.org" };'
+      - 'support = { "xmpp:abuse@example.org", "mailto:abuse@example.org" };'
       - '};'
 
   - name: 'turn_external'

defaults/muc.yml

@@ -56,3 +56,9 @@ prosody_muc_modules:
   - name: 'muc_offline_delivery'
     description: 'implements support for sending messages in a MUC to affiliated users who are not in the room.'
     module_enabled: 'true'
+
+  - name: 'muc_reserve_nick_pattern'
+    description: 'checks the nickname of a joining user against a configurable list of Lua patterns.'
+    module_enabled: 'true'
+    extra_options: 
+      - 'muc_reserve_nick_patterns = { root, admin }'

templates/etc/prosody/conf.d/custom_component.cfg.lua.j2

@@ -11,7 +11,7 @@ Component "{{ item.name }}"
 {% if item.ssl %}
 -- SSL Settings
 ssl = {
-  key = "/etc/prosody/{{ prosody_certificates }}/{{ item.name }}/privkey.pem";
-  certificate = "/etc/prosody/{{ prosody_certificates }}/{{ item.name }}/fullchain.pem";
+  key = "{{ prosody_certificate_path }}/{{ item.name }}/privkey.pem";
+  certificate = "{{ prosody_certificate_path }}/{{ item.name }}/fullchain.pem";
 }
 {% endif %}

templates/etc/prosody/conf.d/muc.cfg.lua.j2

@@ -29,8 +29,8 @@ modules_enabled = {
 
 -- SSL Settings
 ssl = {
-  key = "/etc/prosody/{{ prosody_certificates }}/{{ item.url }}/privkey.pem";
-  certificate = "/etc/prosody/{{ prosody_certificates }}/{{ item.url }}/fullchain.pem";
+  key = "{{ prosody_certificate_path }}/{{ item.url }}/privkey.pem";
+  certificate = "{{ prosody_certificate_path }}/{{ item.url }}/fullchain.pem";
 }
 {% endfor %}
 {% endif %}

templates/etc/prosody/conf.d/proxy65.cfg.lua.j2

@@ -7,6 +7,6 @@ Component "{{ prosody_proxy65_url }}" "proxy65"
 
 -- SSL Settings
 ssl = {
-  key = "/etc/prosody/{{ prosody_certificates }}/{{ prosody_proxy65_url }}/privkey.pem";
-  certificate = "/etc/prosody/{{ prosody_certificates }}/{{ prosody_proxy65_url }}/fullchain.pem";
+  key = "{{ prosody_certificate_path }}/{{ prosody_proxy65_url }}/privkey.pem";
+  certificate = "{{ prosody_certificate_path }}/{{ prosody_proxy65_url }}/fullchain.pem";
 }

templates/etc/prosody/conf.d/pubsub.cfg.lua.j2

@@ -33,6 +33,6 @@ feed = {
 
 -- SSL Settings
 ssl = {
-  key = "/etc/prosody/{{ prosody_certificates }}/{{ prosody_pubsub_url }}/privkey.pem";
-  certificate = "/etc/prosody/{{ prosody_certificates }}/{{ prosody_pubsub_url }}/fullchain.pem";
+  key = "{{ prosody_certificate_path }}/{{ prosody_pubsub_url }}/privkey.pem";
+  certificate = "{{ prosody_certificate_path }}/{{ prosody_pubsub_url }}/fullchain.pem";
 }

templates/etc/prosody/prosody.cfg.lua.j2

@@ -25,14 +25,7 @@
 -- Example: admins = { "user1@example.com", "user2@example.net" }
 admins = { {{ prosody_admins }} }
 
-{% for item in prosody_modules %}
-{% if item.name == 'server_contact_info' %}
-{% if item.module_enabled == 'false' %}
-contact_info = { {{ prosody_contact_info }} }
-{% endif %}
-{% endif %}
-{% endfor %}
-
+interfaces ="{{ prosody_interfaces }}" -- Set interfaces prosody should listen on
 http_host = "{{ prosody_http_host }}"
 http_external_url = "{{ prosody_http_external_url }}"
 http_ports = "{{ prosody_http_ports }}"
@@ -201,7 +194,7 @@ statistics = "{{ prosody_statistics }}"
 -- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates
 
 -- Location of directory to find certificates in (relative to main config file):
-certificates = "{{ prosody_certificates }}"
+certificates = "{{ prosody_certificate_path }}"
 
 {% if prosody_component_interface is defined %}
 {% for item in prosody_component_interface %}