|
|
@@ -316,6 +316,86 @@ function xmpp_email_headers {
|
|
316
|
316
|
done
|
|
317
|
317
|
}
|
|
318
|
318
|
|
|
|
319
|
+function xmpp_modules {
|
|
|
320
|
+ filename=$1
|
|
|
321
|
+ echo 'modules_enabled = {' >> $filename
|
|
|
322
|
+ echo ' "dialback"; -- s2s dialback support' >> $filename
|
|
|
323
|
+ echo ' "disco"; -- Service discovery' >> $filename
|
|
|
324
|
+ echo ' "private"; -- Private XML storage (for room bookmarks, etc.)' >> $filename
|
|
|
325
|
+ echo ' "vcard"; -- Allow users to set vCards' >> $filename
|
|
|
326
|
+ echo ' "version"; -- Replies to server version requests' >> $filename
|
|
|
327
|
+ echo ' "uptime"; -- Report how long server has been running' >> $filename
|
|
|
328
|
+ echo ' "time"; -- Let others know the time here on this server' >> $filename
|
|
|
329
|
+ echo ' "ping"; -- Replies to XMPP pings with pongs' >> $filename
|
|
|
330
|
+ echo ' "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands' >> $filename
|
|
|
331
|
+ echo ' "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.' >> $filename
|
|
|
332
|
+ echo ' "bosh"; -- Enable mod_bosh' >> $filename
|
|
|
333
|
+ echo ' "tls"; -- Enable mod_tls' >> $filename
|
|
|
334
|
+ echo ' "saslauth"; -- Enable mod_saslauth' >> $filename
|
|
|
335
|
+ echo ' "onions"; -- Enable chat via onion service' >> $filename
|
|
|
336
|
+ echo ' "mam"; -- Message archive management' >> $filename
|
|
|
337
|
+ echo ' "csi"; -- Client state indication' >> $filename
|
|
|
338
|
+ echo ' "carbons"; -- Message carbons' >> $filename
|
|
|
339
|
+ echo ' "smacks"; -- Stream management' >> $filename
|
|
|
340
|
+ echo ' "smacks_offline"; -- Stream management' >> $filename
|
|
|
341
|
+ echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
|
|
|
342
|
+ echo ' "privacy"; -- Privacy lists' >> $filename
|
|
|
343
|
+ echo ' "privacy_lists"; -- Privacy lists' >> $filename
|
|
|
344
|
+ echo ' "blocking"; -- Blocking command' >> $filename
|
|
|
345
|
+ echo ' "roster"; -- Roster versioning' >> $filename
|
|
|
346
|
+ echo ' "offline_email"; -- If offline send to email' >> $filename
|
|
|
347
|
+ echo ' "offline"; -- Store offline messages' >> $filename
|
|
|
348
|
+ echo '};' >> $filename
|
|
|
349
|
+}
|
|
|
350
|
+
|
|
|
351
|
+function xmpp_create_config {
|
|
|
352
|
+ echo "admins = { \"$MY_USERNAME@$DEFAULT_DOMAIN_NAME\" }" > /etc/prosody/prosody.cfg.lua
|
|
|
353
|
+ echo '' >> /etc/prosody/prosody.cfg.lua
|
|
|
354
|
+ xmpp_modules /etc/prosody/prosody.cfg.lua
|
|
|
355
|
+ echo '' >> /etc/prosody/prosody.cfg.lua
|
|
|
356
|
+ echo 'allow_registration = false;' >> /etc/prosody/prosody.cfg.lua
|
|
|
357
|
+ echo '' >> /etc/prosody/prosody.cfg.lua
|
|
|
358
|
+ echo 'daemonize = true;' >> /etc/prosody/prosody.cfg.lua
|
|
|
359
|
+ echo '' >> /etc/prosody/prosody.cfg.lua
|
|
|
360
|
+ echo 'pidfile = "/var/run/prosody/prosody.pid";' >> /etc/prosody/prosody.cfg.lua
|
|
|
361
|
+ echo '' >> /etc/prosody/prosody.cfg.lua
|
|
|
362
|
+ echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
|
|
|
363
|
+ echo " key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
364
|
+ echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
365
|
+ echo " curve = \"$XMPP_ECC_CURVE\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
366
|
+ echo ' depth = "1";' >> /etc/prosody/prosody.cfg.lua
|
|
|
367
|
+ echo " ciphers = \"$XMPP_CIPHERS\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
368
|
+ echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
|
|
|
369
|
+ echo " dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
370
|
+ echo '}' >> /etc/prosody/prosody.cfg.lua
|
|
|
371
|
+ echo '' >> /etc/prosody/prosody.cfg.lua
|
|
|
372
|
+ echo 'c2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
|
|
|
373
|
+ echo 's2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
|
|
|
374
|
+ echo '' >> /etc/prosody/prosody.cfg.lua
|
|
|
375
|
+ echo 's2s_secure_auth = false' >> /etc/prosody/prosody.cfg.lua
|
|
|
376
|
+ echo '' >> /etc/prosody/prosody.cfg.lua
|
|
|
377
|
+ echo 'authentication = "internal_hashed"' >> /etc/prosody/prosody.cfg.lua
|
|
|
378
|
+ echo '' >> /etc/prosody/prosody.cfg.lua
|
|
|
379
|
+ echo 'log = {' >> /etc/prosody/prosody.cfg.lua
|
|
|
380
|
+ echo ' info = "/dev/null";' >> /etc/prosody/prosody.cfg.lua
|
|
|
381
|
+ echo ' error = "/dev/null";' >> /etc/prosody/prosody.cfg.lua
|
|
|
382
|
+ echo ' { levels = { "error" }; to = "/dev/null"; };' >> /etc/prosody/prosody.cfg.lua
|
|
|
383
|
+ echo '}' >> /etc/prosody/prosody.cfg.lua
|
|
|
384
|
+ echo '' >> /etc/prosody/prosody.cfg.lua
|
|
|
385
|
+ echo 'VirtualHost "${DEFAULT_DOMAIN_NAME}"' >> /etc/prosody/prosody.cfg.lua
|
|
|
386
|
+ echo ' ssl = {' >> /etc/prosody/prosody.cfg.lua
|
|
|
387
|
+ echo " key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
388
|
+ echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
389
|
+ echo " curve = \"$XMPP_ECC_CURVE\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
390
|
+ echo ' depth = "1";' >> /etc/prosody/prosody.cfg.lua
|
|
|
391
|
+ echo " ciphers = \"$XMPP_CIPHERS\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
392
|
+ echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
|
|
|
393
|
+ echo " dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
394
|
+ echo ' }' >> /etc/prosody/prosody.cfg.lua
|
|
|
395
|
+ echo '' >> /etc/prosody/prosody.cfg.lua
|
|
|
396
|
+ echo 'Include "conf.d/*.cfg.lua"' >> /etc/prosody/prosody.cfg.lua
|
|
|
397
|
+}
|
|
|
398
|
+
|
|
319
|
399
|
function install_xmpp_main {
|
|
320
|
400
|
update_prosody_modules
|
|
321
|
401
|
|
|
|
@@ -411,27 +491,23 @@ function install_xmpp_main {
|
|
411
|
491
|
|
|
412
|
492
|
if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
413
|
493
|
echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
414
|
|
- echo 'modules_enabled = {' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
415
|
|
- echo ' "bosh"; -- Enable mod_bosh' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
416
|
|
- echo ' "tls"; -- Enable mod_tls' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
417
|
|
- echo ' "saslauth"; -- Enable mod_saslauth' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
418
|
|
- echo ' "onions"; -- Enable chat via onion service' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
419
|
|
- echo ' "mam"; -- Message archive management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
420
|
|
- echo ' "csi"; -- Client state indication' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
421
|
|
- echo ' "carbons"; -- Message carbons' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
422
|
|
- echo ' "smacks"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
423
|
|
- echo ' "smacks_offline"; -- Stream management' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
424
|
|
- echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
425
|
|
- echo ' "privacy"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
426
|
|
- echo ' "privacy_lists"; -- Privacy lists' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
427
|
|
- echo ' "blocking"; -- Blocking command' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
428
|
|
- echo ' "roster"; -- Roster versioning' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
429
|
|
- echo ' "offline_email"; -- If offline send to email' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
430
|
|
- echo '}' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
431
|
|
- echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
494
|
+ xmpp_modules /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
495
|
+ fi
|
|
|
496
|
+ echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
497
|
+ if ! grep -q "c2s_require_encryption" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
432
|
498
|
echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
499
|
+ else
|
|
|
500
|
+ sed -i 's|c2s_require_encryption.*|c2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
501
|
+ fi
|
|
|
502
|
+ if ! grep -q "s2s_require_encryption" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
433
|
503
|
echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
504
|
+ else
|
|
|
505
|
+ sed -i 's|s2s_require_encryption.*|s2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
506
|
+ fi
|
|
|
507
|
+ if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
434
|
508
|
echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
509
|
+ else
|
|
|
510
|
+ sed -i 's|allow_unencrypted_plain_auth.*|allow_unencrypted_plain_auth = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
435
|
511
|
fi
|
|
436
|
512
|
ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
|
|
437
|
513
|
|
|
|
@@ -527,6 +603,13 @@ function install_xmpp_main {
|
|
527
|
603
|
chown -R prosody:default /etc/prosody
|
|
528
|
604
|
update_default_domain
|
|
529
|
605
|
|
|
|
606
|
+ xmpp_create_config
|
|
|
607
|
+ if [ ! -d /etc/prosody/conf.d ]; then
|
|
|
608
|
+ mkdir /etc/prosody/conf.d
|
|
|
609
|
+ fi
|
|
|
610
|
+ chmod -R 700 /etc/prosody/conf.d
|
|
|
611
|
+ chown -R prosody /etc/prosody/conf.d
|
|
|
612
|
+
|
|
530
|
613
|
systemctl restart prosody
|
|
531
|
614
|
|
|
532
|
615
|
install_completed xmpp_main
|
Bob Mottram
преди 8 години