feat(prosody): import

This commit is contained in:
chris 2023-01-09 17:15:47 +01:00
parent b80f0665e2
commit 5174a4a581
Signed by: chris
GPG key ID: 75EFC7666CF51AD6
3 changed files with 161 additions and 0 deletions

48
prosody/Containerfile Normal file
View file

@ -0,0 +1,48 @@
FROM reg.zknt.org/zknt/alpine:3.17 as builder
ARG VERSION
ENV VERSION=0.12.2
ENV LUA_VERSION=5.3
RUN set -eo pipefail; \
apk add --no-cache curl gnupg lua${LUA_VERSION} lua${LUA_VERSION}-dev make alpine-sdk lua-bitop lua${LUA_VERSION}-dbi-mysql lua${LUA_VERSION}-dbi-postgresql lua${LUA_VERSION}-dbi-sqlite3 lua-expat lua-filesystem lua-sec lua-socket lua${LUA_VERSION}-lzlib libidn-dev libressl-dev linux-headers icu-dev icu-data-full
RUN set -xeo pipefail; \
curl -LO https://prosody.im/downloads/source/prosody-${VERSION}.tar.gz &&\
curl -LO https://prosody.im/downloads/source/prosody-${VERSION}.tar.gz.asc &&\
#gpg --keyserver keys.openpgp.org --receive 32A9EDDE3609931EB98CEAC315907E8E7BDD6BFE &&\
#gpg --verify prosody-${VERSION}.tar.gz.asc prosody-${VERSION}.tar.gz &&\
tar xvzf prosody-${VERSION}.tar.gz
WORKDIR prosody-${VERSION}
RUN set -xeo pipefail; \
./configure &&\
make &&\
make install &&\
# now fetch community modules
cd &&\
apk add --no-cache mercurial &&\
hg clone 'https://hg.prosody.im/prosody-modules/' prosody-modules
FROM reg.zknt.org/zknt/alpine:3.17
ENV LUA_VERSION=5.3
ARG VERSION
ARG DATE
COPY --from=builder /usr/local /usr/local
COPY --from=builder /root/prosody-modules/mod_vcard_muc /community_modules/mod_vcard_muc
COPY --from=builder /root/prosody-modules/mod_smacks /community_modules/mod_smacks
COPY --from=builder /root/prosody-modules/mod_cloud_notify /community_modules/mod_cloud_notify
COPY --from=builder /root/prosody-modules/mod_bookmarks /community_modules/mod_bookmarks
COPY --from=builder /root/prosody-modules/mod_http_upload /community_modules/mod_http_upload
COPY --from=builder /root/prosody-modules/mod_http_upload_external /community_modules/mod_http_upload_external
COPY --from=builder /root/prosody-modules/mod_turncredentials /community_modules/mod_turncredentials
RUN set -eo pipefail;\
apk add --no-cache gettext ca-certificates libidn lua${LUA_VERSION} lua-bitop lua-sec libressl lua-filesystem lua-expat lua-socket icu icu-data-full &&\
addgroup -g 9999 prosody &&\
adduser -D -G prosody -u 9999 prosody &&\
chown -R prosody:prosody /usr/local/etc/prosody /usr/local/var/lib/prosody
COPY prosody.cfg.template /prosody.cfg.template
COPY entrypoint.sh /entrypoint.sh
USER prosody
VOLUME /usr/local/var/lib/prosody /usr/local/etc/prosody/certs
EXPOSE 5269 5222 5223
ENTRYPOINT /entrypoint.sh
LABEL version.prosody=$VERSION build.date=$DATE

4
prosody/entrypoint.sh Executable file
View file

@ -0,0 +1,4 @@
#!/bin/sh
envsubst < /prosody.cfg.template > /usr/local/etc/prosody/prosody.cfg.lua
prosody

View file

@ -0,0 +1,109 @@
admins = { "$SERVER_ADMIN" }
plugin_paths = { "/community_modules" }
contact_info = {
abuse = { "xmpp:$SERVER_ADMIN" };
admin = { "xmpp:$SERVER_ADMIN" };
security = { "xmpp:$SERVER_ADMIN" };
}
modules_enabled = {
"roster";
"saslauth";
"tls";
"dialback";
"disco";
-- recommended
"carbons";
"pep";
"private";
"blocklist";
"vcard4";
"vcard_legacy";
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
--"register"; -- Allow users to register on this server using a client and change passwords
"mam";
"csi_simple";
-- Admin interfaces
"admin_adhoc";
-- HTTP modules
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"websocket"; -- XMPP over WebSockets
--"http_files"; -- Serve static files from a directory over HTTP
-- Other specific functionality
--"limits"; -- Enable bandwidth limiting for XMPP connections
--"groups"; -- Shared roster support
"server_contact_info";
--"announce"; -- Send announcement to all online users
--"welcome"; -- Welcome users who register accounts
--"watchregistrations"; -- Alert admins of registrations
--"motd"; -- Send a message to users when they log in
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
"proxy65";
"bookmarks";
"turncredentials";
"smacks";
"cloud_notify";
}
allow_registration = false
c2s_require_encryption = true
s2s_require_encryption = true
s2s_secure_auth = true
legacy_ssl_ports = { 5223 }
--s2s_insecure_domains = { $INSECURE_DOMAINS }
authentication = "internal_hashed"
storage = "internal"
archive_expires_after = "2w"
log = {
"*console";
}
daemonize = false
-- Certificates
-- Every virtual host and component needs a certificate so that clients and
-- servers can securely verify its identity. Prosody will automatically load
-- certificates/keys from the directory specified here.
-- For more information, including how to use 'prosodyctl' to auto-import certificates
-- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates
-- Location of directory to find certificates in (relative to main config file):
certificates = "certs"
-- HTTPS currently only supports a single certificate, specify it here:
https_certificate = "/usr/local/etc/prosody/certs/$VIRTUAL_HOST.pem"
----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
-- Settings under each VirtualHost entry apply *only* to that host.
VirtualHost "$VIRTUAL_HOST"
--VirtualHost "example.com"
-- certificate = "/path/to/example.crt"
------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-- For more information on components, see https://prosody.im/doc/components
Component "conference.$VIRTUAL_HOST" "muc"
modules_enabled = { "muc_mam", "vcard_muc" }
Component "upload.$VIRTUAL_HOST" "http_upload"
http_upload_expire_after = 60 * 60 * 24 * 7 -- a week in second