From 5174a4a58121f493b045535f12234b6e5376f9a2 Mon Sep 17 00:00:00 2001
From: chris <cg@zknt.org>
Date: Mon, 9 Jan 2023 17:15:47 +0100
Subject: [PATCH] feat(prosody): import

---
 prosody/Containerfile        |  48 +++++++++++++++
 prosody/entrypoint.sh        |   4 ++
 prosody/prosody.cfg.template | 109 +++++++++++++++++++++++++++++++++++
 3 files changed, 161 insertions(+)
 create mode 100644 prosody/Containerfile
 create mode 100755 prosody/entrypoint.sh
 create mode 100644 prosody/prosody.cfg.template

diff --git a/prosody/Containerfile b/prosody/Containerfile
new file mode 100644
index 0000000..72b5fb1
--- /dev/null
+++ b/prosody/Containerfile
@@ -0,0 +1,48 @@
+FROM reg.zknt.org/zknt/alpine:3.17 as builder
+
+ARG VERSION
+ENV VERSION=0.12.2
+ENV LUA_VERSION=5.3
+
+RUN set -eo pipefail; \
+  apk add --no-cache curl gnupg lua${LUA_VERSION} lua${LUA_VERSION}-dev make alpine-sdk lua-bitop lua${LUA_VERSION}-dbi-mysql lua${LUA_VERSION}-dbi-postgresql lua${LUA_VERSION}-dbi-sqlite3 lua-expat lua-filesystem lua-sec lua-socket lua${LUA_VERSION}-lzlib libidn-dev libressl-dev linux-headers icu-dev icu-data-full
+RUN set -xeo pipefail; \
+  curl -LO https://prosody.im/downloads/source/prosody-${VERSION}.tar.gz &&\
+  curl -LO https://prosody.im/downloads/source/prosody-${VERSION}.tar.gz.asc &&\
+  #gpg --keyserver keys.openpgp.org --receive 32A9EDDE3609931EB98CEAC315907E8E7BDD6BFE &&\
+  #gpg --verify prosody-${VERSION}.tar.gz.asc prosody-${VERSION}.tar.gz &&\
+  tar xvzf prosody-${VERSION}.tar.gz
+WORKDIR prosody-${VERSION}
+RUN set -xeo pipefail; \
+  ./configure &&\
+  make &&\
+  make install &&\
+  # now fetch community modules
+  cd &&\
+  apk add --no-cache mercurial &&\
+  hg clone 'https://hg.prosody.im/prosody-modules/' prosody-modules
+
+FROM reg.zknt.org/zknt/alpine:3.17
+ENV LUA_VERSION=5.3
+ARG VERSION
+ARG DATE
+COPY --from=builder /usr/local /usr/local
+COPY --from=builder /root/prosody-modules/mod_vcard_muc /community_modules/mod_vcard_muc
+COPY --from=builder /root/prosody-modules/mod_smacks /community_modules/mod_smacks
+COPY --from=builder /root/prosody-modules/mod_cloud_notify /community_modules/mod_cloud_notify
+COPY --from=builder /root/prosody-modules/mod_bookmarks /community_modules/mod_bookmarks
+COPY --from=builder /root/prosody-modules/mod_http_upload /community_modules/mod_http_upload
+COPY --from=builder /root/prosody-modules/mod_http_upload_external /community_modules/mod_http_upload_external
+COPY --from=builder /root/prosody-modules/mod_turncredentials /community_modules/mod_turncredentials
+RUN set -eo pipefail;\
+  apk add --no-cache gettext ca-certificates libidn lua${LUA_VERSION} lua-bitop lua-sec libressl lua-filesystem lua-expat lua-socket icu icu-data-full &&\
+  addgroup -g 9999 prosody &&\
+  adduser -D -G prosody -u 9999 prosody &&\
+  chown -R prosody:prosody /usr/local/etc/prosody /usr/local/var/lib/prosody
+COPY prosody.cfg.template /prosody.cfg.template
+COPY entrypoint.sh /entrypoint.sh
+USER prosody
+VOLUME /usr/local/var/lib/prosody /usr/local/etc/prosody/certs
+EXPOSE 5269 5222 5223
+ENTRYPOINT /entrypoint.sh
+LABEL version.prosody=$VERSION build.date=$DATE
diff --git a/prosody/entrypoint.sh b/prosody/entrypoint.sh
new file mode 100755
index 0000000..18bd3e5
--- /dev/null
+++ b/prosody/entrypoint.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+envsubst < /prosody.cfg.template > /usr/local/etc/prosody/prosody.cfg.lua
+prosody
diff --git a/prosody/prosody.cfg.template b/prosody/prosody.cfg.template
new file mode 100644
index 0000000..a645d54
--- /dev/null
+++ b/prosody/prosody.cfg.template
@@ -0,0 +1,109 @@
+admins = { "$SERVER_ADMIN" }
+
+plugin_paths = { "/community_modules" }
+
+contact_info = {
+  abuse = { "xmpp:$SERVER_ADMIN" };
+  admin = { "xmpp:$SERVER_ADMIN" };
+  security = { "xmpp:$SERVER_ADMIN" };
+}
+
+modules_enabled = {
+		"roster";
+		"saslauth";
+		"tls";
+		"dialback";
+		"disco";
+
+	-- recommended
+		"carbons";
+		"pep";
+		"private";
+		"blocklist";
+		"vcard4";
+		"vcard_legacy";
+
+		"version"; -- Replies to server version requests
+		"uptime"; -- Report how long server has been running
+		"time"; -- Let others know the time here on this server
+		"ping"; -- Replies to XMPP pings with pongs
+		--"register"; -- Allow users to register on this server using a client and change passwords
+		"mam";
+		"csi_simple";
+
+	-- Admin interfaces
+		"admin_adhoc";
+
+	-- HTTP modules
+		--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
+		--"websocket"; -- XMPP over WebSockets
+		--"http_files"; -- Serve static files from a directory over HTTP
+
+	-- Other specific functionality
+		--"limits"; -- Enable bandwidth limiting for XMPP connections
+		--"groups"; -- Shared roster support
+		"server_contact_info";
+		--"announce"; -- Send announcement to all online users
+		--"welcome"; -- Welcome users who register accounts
+		--"watchregistrations"; -- Alert admins of registrations
+		--"motd"; -- Send a message to users when they log in
+		--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
+		"proxy65";
+		"bookmarks";
+		"turncredentials";
+
+		"smacks";
+		"cloud_notify";
+}
+
+allow_registration = false
+c2s_require_encryption = true
+s2s_require_encryption = true
+s2s_secure_auth = true
+legacy_ssl_ports = { 5223 }
+
+--s2s_insecure_domains = { $INSECURE_DOMAINS }
+
+authentication = "internal_hashed"
+
+storage = "internal"
+
+archive_expires_after = "2w"
+
+log = {
+	"*console";
+}
+daemonize = false
+
+-- Certificates
+-- Every virtual host and component needs a certificate so that clients and
+-- servers can securely verify its identity. Prosody will automatically load
+-- certificates/keys from the directory specified here.
+-- For more information, including how to use 'prosodyctl' to auto-import certificates
+-- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates
+
+-- Location of directory to find certificates in (relative to main config file):
+certificates = "certs"
+
+-- HTTPS currently only supports a single certificate, specify it here:
+https_certificate = "/usr/local/etc/prosody/certs/$VIRTUAL_HOST.pem"
+
+----------- Virtual hosts -----------
+-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
+-- Settings under each VirtualHost entry apply *only* to that host.
+
+VirtualHost "$VIRTUAL_HOST"
+
+--VirtualHost "example.com"
+--	certificate = "/path/to/example.crt"
+
+------ Components ------
+-- You can specify components to add hosts that provide special services,
+-- like multi-user conferences, and transports.
+-- For more information on components, see https://prosody.im/doc/components
+
+Component "conference.$VIRTUAL_HOST" "muc"
+modules_enabled = { "muc_mam", "vcard_muc" }
+
+Component "upload.$VIRTUAL_HOST" "http_upload"
+http_upload_expire_after = 60 * 60 * 24 * 7 -- a week in second