Fix xmpp on onion

src/freedombone-app-xmpp

@@ -319,18 +319,19 @@ function update_prosody_modules {
             curr_hash=$(sha256sum $INSTALL_DIR/$prosody_modules_filename | awk -F ' ' '{print $1}')
             if [[ "$curr_hash" != "$prosody_modules_hash" ]]; then
                 echo $'Prosody modules hash does not match'
+                exit 83562
             else
                 # Extract the modules
-                if [ -d prosody-modules ]; then
-                    rm -rf prosody-modules
+                if [ -d $INSTALL_DIR/prosody-modules ]; then
+                    rm -rf $INSTALL_DIR/prosody-modules
                 fi
                 tar -xzvf $prosody_modules_filename
-                if [ -d prosody-modules ]; then
+                if [ -d $INSTALL_DIR/prosody-modules ]; then
                     systemctl stop prosody
                     if [ ! -d /var/lib/prosody/prosody-modules ]; then
-                        mkdir /var/lib/prosody/prosody-modules
+                        mkdir -p /var/lib/prosody/prosody-modules
                     fi
-                    cp -r prosody-modules/* /var/lib/prosody/prosody-modules
+                    cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
                     chown -R prosody:prosody /var/lib/prosody/prosody-modules
                     systemctl start prosody
                 fi
@@ -648,7 +649,11 @@ function xmpp_create_config {
     echo "    curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
     echo "    ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
     echo '    options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
-    echo "    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+        echo "    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+    else
+        echo "    dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+    fi
     echo "}" >> /etc/prosody/prosody.cfg.lua
     echo '' >> /etc/prosody/prosody.cfg.lua
     echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
@@ -663,7 +668,11 @@ function xmpp_create_config {
     echo '    depth = "2";' >> /etc/prosody/prosody.cfg.lua
     echo "    ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
     echo '    options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
-    echo "    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+        echo "    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+    else
+        echo "    dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+    fi
     echo '}' >> /etc/prosody/prosody.cfg.lua
     echo '' >> /etc/prosody/prosody.cfg.lua
     echo 'c2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
@@ -688,17 +697,22 @@ function xmpp_create_config {
         echo "VirtualHost \"${DEFAULT_DOMAIN_NAME}\"" >> /etc/prosody/prosody.cfg.lua
     fi
     echo '    ssl = {' >> /etc/prosody/prosody.cfg.lua
-    echo "        key = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
     if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
         echo "        certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
+        echo "        key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
     else
         echo "        certificate = \"/etc/ssl/certs/xmpp.crt\";" >> /etc/prosody/prosody.cfg.lua
+        echo "        key = \"/etc/ssl/private/xmpp.key\";" >> /etc/prosody/prosody.cfg.lua
     fi
     echo "        curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
     echo '        depth = "2";' >> /etc/prosody/prosody.cfg.lua
     echo "        ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
     echo '        options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
-    echo "        dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+        echo "        dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+    else
+        echo "        dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+    fi
     echo '    }' >> /etc/prosody/prosody.cfg.lua
     echo '' >> /etc/prosody/prosody.cfg.lua
     echo 'Include "conf.d/*.cfg.lua"' >> /etc/prosody/prosody.cfg.lua
@@ -828,6 +842,8 @@ function install_xmpp {
                 echo $'Failed to create xmpp private certificate'
                 exit 36829
             fi
+            chmod g=rX /etc/ssl/private/xmpp.key
+            chmod g=rX /etc/ssl/certs/xmpp.*
         fi
     fi
 
@@ -849,7 +865,7 @@ function install_xmpp {
         sed -i "s|key =.*|key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
         sed -i "s|certificate =.*|certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
     else
-        sed -i "s|key =.*|key = \"/etc/ssl/privates/xmpp.key\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+        sed -i "s|key =.*|key = \"/etc/ssl/private/xmpp.key\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
         sed -i "s|certificate =.*|certificate = \"/etc/ssl/certs/xmpp.crt\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
     fi
     if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
@@ -946,6 +962,7 @@ function install_xmpp {
     chown -R prosody /var/lib/prosody
     chown -R prosody /usr/lib/prosody
     chmod -R 700 /etc/prosody/conf.d
+    usermod -a -G www-data prosody
 
     if [ -d /etc/letsencrypt ]; then
         usermod -a -G ssl-cert prosody