Bob Mottram преди 8 години
родител
ревизия
42de0ace18
променени са 1 файла, в които са добавени 101 реда и са изтрити 18 реда
  1. 101
    18
      src/freedombone-app-xmpp

+ 101
- 18
src/freedombone-app-xmpp Целия файл

@@ -316,6 +316,86 @@ function xmpp_email_headers {
316 316
     done
317 317
 }
318 318
 
319
+function xmpp_modules {
320
+    filename=$1
321
+    echo 'modules_enabled = {' >> $filename
322
+    echo '  "dialback"; -- s2s dialback support' >> $filename
323
+    echo '  "disco"; -- Service discovery' >> $filename
324
+    echo '  "private"; -- Private XML storage (for room bookmarks, etc.)' >> $filename
325
+    echo '  "vcard"; -- Allow users to set vCards' >> $filename
326
+    echo '  "version"; -- Replies to server version requests' >> $filename
327
+    echo '  "uptime"; -- Report how long server has been running' >> $filename
328
+    echo '  "time"; -- Let others know the time here on this server' >> $filename
329
+    echo '  "ping"; -- Replies to XMPP pings with pongs' >> $filename
330
+    echo '  "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands' >> $filename
331
+    echo '  "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.' >> $filename
332
+    echo '  "bosh"; -- Enable mod_bosh' >> $filename
333
+    echo '  "tls"; -- Enable mod_tls' >> $filename
334
+    echo '  "saslauth"; -- Enable mod_saslauth' >> $filename
335
+    echo '  "onions"; -- Enable chat via onion service' >> $filename
336
+    echo '  "mam"; -- Message archive management' >> $filename
337
+    echo '  "csi"; -- Client state indication' >> $filename
338
+    echo '  "carbons"; -- Message carbons' >> $filename
339
+    echo '  "smacks"; -- Stream management' >> $filename
340
+    echo '  "smacks_offline"; -- Stream management' >> $filename
341
+    echo '  "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
342
+    echo '  "privacy"; -- Privacy lists' >> $filename
343
+    echo '  "privacy_lists"; -- Privacy lists' >> $filename
344
+    echo '  "blocking"; -- Blocking command' >> $filename
345
+    echo '  "roster"; -- Roster versioning' >> $filename
346
+    echo '  "offline_email"; -- If offline send to email' >> $filename
347
+    echo '  "offline"; -- Store offline messages' >> $filename
348
+    echo '};' >> $filename
349
+}
350
+
351
+function xmpp_create_config {
352
+    echo "admins = { \"$MY_USERNAME@$DEFAULT_DOMAIN_NAME\" }" > /etc/prosody/prosody.cfg.lua
353
+    echo '' >> /etc/prosody/prosody.cfg.lua
354
+    xmpp_modules /etc/prosody/prosody.cfg.lua
355
+    echo '' >> /etc/prosody/prosody.cfg.lua
356
+    echo 'allow_registration = false;' >> /etc/prosody/prosody.cfg.lua
357
+    echo '' >> /etc/prosody/prosody.cfg.lua
358
+    echo 'daemonize = true;' >> /etc/prosody/prosody.cfg.lua
359
+    echo '' >> /etc/prosody/prosody.cfg.lua
360
+    echo 'pidfile = "/var/run/prosody/prosody.pid";' >> /etc/prosody/prosody.cfg.lua
361
+    echo '' >> /etc/prosody/prosody.cfg.lua
362
+    echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
363
+    echo "    key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
364
+    echo "    certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
365
+    echo "    curve = \"$XMPP_ECC_CURVE\";" >> /etc/prosody/prosody.cfg.lua
366
+    echo '    depth = "1";' >> /etc/prosody/prosody.cfg.lua
367
+    echo "    ciphers = \"$XMPP_CIPHERS\";" >> /etc/prosody/prosody.cfg.lua
368
+    echo '    options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
369
+    echo "    dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
370
+    echo '}' >> /etc/prosody/prosody.cfg.lua
371
+    echo '' >> /etc/prosody/prosody.cfg.lua
372
+    echo 'c2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
373
+    echo 's2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
374
+    echo '' >> /etc/prosody/prosody.cfg.lua
375
+    echo 's2s_secure_auth = false' >> /etc/prosody/prosody.cfg.lua
376
+    echo '' >> /etc/prosody/prosody.cfg.lua
377
+    echo 'authentication = "internal_hashed"' >> /etc/prosody/prosody.cfg.lua
378
+    echo '' >> /etc/prosody/prosody.cfg.lua
379
+    echo 'log = {' >> /etc/prosody/prosody.cfg.lua
380
+    echo '    info = "/dev/null";' >> /etc/prosody/prosody.cfg.lua
381
+    echo '    error = "/dev/null";' >> /etc/prosody/prosody.cfg.lua
382
+    echo '    { levels = { "error" }; to = "/dev/null";  };' >> /etc/prosody/prosody.cfg.lua
383
+    echo '}' >> /etc/prosody/prosody.cfg.lua
384
+    echo '' >> /etc/prosody/prosody.cfg.lua
385
+    echo 'VirtualHost "${DEFAULT_DOMAIN_NAME}"' >> /etc/prosody/prosody.cfg.lua
386
+    echo '    ssl = {' >> /etc/prosody/prosody.cfg.lua
387
+    echo "        key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
388
+    echo "        certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
389
+    echo "    curve = \"$XMPP_ECC_CURVE\";" >> /etc/prosody/prosody.cfg.lua
390
+    echo '    depth = "1";' >> /etc/prosody/prosody.cfg.lua
391
+    echo "    ciphers = \"$XMPP_CIPHERS\";" >> /etc/prosody/prosody.cfg.lua
392
+    echo '    options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
393
+    echo "    dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
394
+    echo '    }' >> /etc/prosody/prosody.cfg.lua
395
+    echo '' >> /etc/prosody/prosody.cfg.lua
396
+    echo 'Include "conf.d/*.cfg.lua"' >> /etc/prosody/prosody.cfg.lua
397
+}
398
+
319 399
 function install_xmpp_main {
320 400
     update_prosody_modules
321 401
 
@@ -411,27 +491,23 @@ function install_xmpp_main {
411 491
 
412 492
     if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
413 493
         echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
414
-        echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
415
-        echo '  "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
416
-        echo '  "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
417
-        echo '  "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
418
-        echo '  "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua
419
-        echo '  "mam"; -- Message archive management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
420
-        echo '  "csi"; -- Client state indication' >> /etc/prosody/conf.avail/xmpp.cfg.lua
421
-        echo '  "carbons"; -- Message carbons' >> /etc/prosody/conf.avail/xmpp.cfg.lua
422
-        echo '  "smacks"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
423
-        echo '  "smacks_offline"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
424
-        echo '  "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> /etc/prosody/conf.avail/xmpp.cfg.lua
425
-        echo '  "privacy"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
426
-        echo '  "privacy_lists"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
427
-        echo '  "blocking"; -- Blocking command' >> /etc/prosody/conf.avail/xmpp.cfg.lua
428
-        echo '  "roster"; -- Roster versioning' >> /etc/prosody/conf.avail/xmpp.cfg.lua
429
-        echo '  "offline_email"; -- If offline send to email' >> /etc/prosody/conf.avail/xmpp.cfg.lua
430
-        echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
431
-        echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
494
+        xmpp_modules /etc/prosody/conf.avail/xmpp.cfg.lua
495
+    fi
496
+    echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
497
+    if ! grep -q "c2s_require_encryption" /etc/prosody/conf.avail/xmpp.cfg.lua; then
432 498
         echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
499
+    else
500
+        sed -i 's|c2s_require_encryption.*|c2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
501
+    fi
502
+    if ! grep -q "s2s_require_encryption" /etc/prosody/conf.avail/xmpp.cfg.lua; then
433 503
         echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
504
+    else
505
+        sed -i 's|s2s_require_encryption.*|s2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
506
+    fi
507
+    if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/conf.avail/xmpp.cfg.lua; then
434 508
         echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
509
+    else
510
+        sed -i 's|allow_unencrypted_plain_auth.*|allow_unencrypted_plain_auth = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
435 511
     fi
436 512
     ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
437 513
 
@@ -527,6 +603,13 @@ function install_xmpp_main {
527 603
     chown -R prosody:default /etc/prosody
528 604
     update_default_domain
529 605
 
606
+    xmpp_create_config
607
+    if [ ! -d /etc/prosody/conf.d ]; then
608
+        mkdir /etc/prosody/conf.d
609
+    fi
610
+    chmod -R 700 /etc/prosody/conf.d
611
+    chown -R prosody /etc/prosody/conf.d
612
+
530 613
     systemctl restart prosody
531 614
 
532 615
     install_completed xmpp_main