Merge branch 'stretch' of https://github.com/bashrc/freedombone

src/freedombone-app-gnusocial

@@ -724,6 +724,8 @@ function install_gnusocial_main {
           echo '';
           echo '  # PHP';
           echo '  location ~ \.php {';
+          echo '    client_max_body_size 50m;';
+          echo '    client_body_buffer_size 50m;';
           echo '    include snippets/fastcgi-php.conf;';
           echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
           echo '    fastcgi_read_timeout 30;';
@@ -738,6 +740,8 @@ function install_gnusocial_main {
           echo '';
           echo '  # Fancy URLs';
           echo '  location @gnusocial {';
+          echo '    client_max_body_size 50m;';
+          echo '    client_body_buffer_size 50m;';
           echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
           echo '  }';
           echo '';
@@ -771,6 +775,8 @@ function install_gnusocial_main {
       echo '';
       echo '  # PHP';
       echo '  location ~ \.php {';
+      echo '    client_max_body_size 50m;';
+      echo '    client_body_buffer_size 50m;';
       echo '    include snippets/fastcgi-php.conf;';
       echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
       echo '    fastcgi_read_timeout 30;';
@@ -785,6 +791,8 @@ function install_gnusocial_main {
       echo '';
       echo '  # Fancy URLs';
       echo '  location @gnusocial {';
+      echo '    client_max_body_size 50m;';
+      echo '    client_body_buffer_size 50m;';
       echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
       echo '  }';
       echo '';
@@ -794,6 +802,9 @@ function install_gnusocial_main {
       echo '  }';
       echo '}'; } >> "$gnusocial_nginx_site"
 
+    function_check gnusocial_set_limits
+    gnusocial_set_limits "$gnusocial_nginx_site"
+
     function_check configure_php
     configure_php
 

src/freedombone-app-postactiv

@@ -738,6 +738,8 @@ function install_postactiv_main {
           echo '';
           echo '  # PHP';
           echo '  location ~ \.php {';
+          echo '    client_max_body_size 50m;';
+          echo '    client_body_buffer_size 50m;';
           echo '    include snippets/fastcgi-php.conf;';
           echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
           echo '    fastcgi_read_timeout 30;';
@@ -752,6 +754,8 @@ function install_postactiv_main {
           echo '';
           echo '  # Fancy URLs';
           echo '  location @postactiv {';
+          echo '    client_max_body_size 50m;';
+          echo '    client_body_buffer_size 50m;';
           echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
           echo '  }';
           echo '';
@@ -785,6 +789,8 @@ function install_postactiv_main {
       echo '';
       echo '  # PHP';
       echo '  location ~ \.php {';
+      echo '    client_max_body_size 50m;';
+      echo '    client_body_buffer_size 50m;';
       echo '    include snippets/fastcgi-php.conf;';
       echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
       echo '    fastcgi_read_timeout 30;';
@@ -799,6 +805,8 @@ function install_postactiv_main {
       echo '';
       echo '  # Fancy URLs';
       echo '  location @postactiv {';
+      echo '    client_max_body_size 50m;';
+      echo '    client_body_buffer_size 50m;';
       echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
       echo '  }';
       echo '';
@@ -808,6 +816,9 @@ function install_postactiv_main {
       echo '  }';
       echo '}'; } >> "$postactiv_nginx_site"
 
+    function_check gnusocial_set_limits
+    gnusocial_set_limits "$postactiv_nginx_site"
+
     function_check configure_php
     configure_php
 

src/freedombone-app-xmpp

@@ -60,6 +60,7 @@ xmpp_variables=(ONION_ONLY
                 XMPP_ECC_CURVE
                 XMPP_ECC_CURVE
                 MY_USERNAME
+                MY_EMAIL_ADDRESS
                 DEFAULT_DOMAIN_NAME
                 XMPP_DOMAIN_CODE)
 
@@ -431,6 +432,7 @@ function upgrade_xmpp {
     function_check update_prosody_modules
     update_prosody_modules
     xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
+    xmpp_contact_info /etc/prosody/prosody.cfg.lua
 
     if grep -q "/etc/ssl/certs/xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
         cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam
@@ -658,10 +660,27 @@ function xmpp_email_headers {
     done
 }
 
+function xmpp_contact_info {
+    filename="$1"
+
+    if grep -q "contact_info =" "$filename"; then
+        return
+    fi
+
+    { 'contact_info = {';
+      "abuse = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${USERNAME}@${HOSTNAME}\" };";
+      "admin = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${USERNAME}@${HOSTNAME}\" };";
+      "feedback = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${USERNAME}@${HOSTNAME}\" };";
+      "security = { \"xmpp:${USERNAME}@${HOSTNAME}\" };";
+      "support = { \"xmpp:${USERNAME}@${HOSTNAME}\" };";
+      '};'; } >> "$filename"
+}
+
 function xmpp_modules {
     filename="$1"
 
     { echo 'modules_enabled = {';
+      echo '  "server_contact_info";';
       echo '  "pubsub";';
       echo '  "pubsub_hub";';
       echo '  "dialback"; -- s2s dialback support';
@@ -706,6 +725,8 @@ function xmpp_modules {
 function xmpp_onion_addresses {
     filename="$1"
 
+    sed -i '/onions_map = {/,/};/d' "$filename"
+
     { echo 'onions_map = {';
       echo '  ["anonymitaet-im-inter.net"] = "rwf5skuv5vqzcdit.onion";';
       echo '  ["autistici.org"] = "wi7qkxyrdpu5cmvr.onion";';
@@ -754,6 +775,7 @@ function xmpp_create_config {
     xmpp_modules /etc/prosody/prosody.cfg.lua
     echo '' >> /etc/prosody/prosody.cfg.lua
     xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
+    xmpp_contact_info /etc/prosody/prosody.cfg.lua
     { echo '';
       echo 'allow_registration = false;';
       echo '';

src/freedombone-utils-gnusocialtools

@@ -43,6 +43,14 @@ SHARINGS_THEME_COMMIT='a46ef375d19e8ef6889653668a7e697b0ba2013c'
 GNUSOCIAL_MARKDOWN_REPO="https://git.gnu.io/chimo/markdown.git"
 GNUSOCIAL_MARKDOWN_COMMIT='03c53942f94b3376f0946e6e1fe566cc21ccf232'
 
+function gnusocial_set_limits {
+    filename="$1"
+
+    sed -i 's|client_body_buffer_size.*|client_body_buffer_size 5m;|g' "$filename"
+    sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 100;|g' "$filename"
+    sed -i 's|req_limit_per_ip.*|req_limit_per_ip burst=100 nodelay;|g' "$filename"
+}
+
 # Stuff to be done after restoring from backup
 function gnusocial_update_after_restore {
     gnusocial_variant="$1"

src/freedombone-utils-web

@@ -415,11 +415,12 @@ function letsencrypt_renewals {
 }
 
 function configure_php {
-    sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php/7.0/fpm/php.ini
+    sed -i "s/memory_limit =.*/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php/7.0/fpm/php.ini
     sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.0/fpm/php.ini
-    sed -i "s/memory_limit = -1/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php/7.0/cli/php.ini
-    sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/g" /etc/php/7.0/fpm/php.ini
-    sed -i "s/post_max_size = 8M/post_max_size = 50M/g" /etc/php/7.0/fpm/php.ini
+    sed -i "s/memory_limit =.*/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php/7.0/cli/php.ini
+    sed -i "s/upload_max_filesize =.*/upload_max_filesize = 50M/g" /etc/php/7.0/fpm/php.ini
+    sed -i "s/upload_max_filesize =.*/upload_max_filesize = 50M/g" /etc/php/7.0/cli/php.ini
+    sed -i "s/post_max_size =.*/post_max_size = 50M/g" /etc/php/7.0/fpm/php.ini
 }
 
 function install_web_server_access_control {