diff --git a/README.md b/README.md index 88ad209..4fc2730 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Installs [Prosody](http://prosody.im/) (XMPP/Jabber server written in Lua) via p Include `recipe[prosody::default]` in your `run_list` and do further configuration via node attributes. -If you want a more recent version of Prosody (Debian Squeeze has 0.7.0 and Wheezy has 0.8.2 but 0.9.0 is available from [here](http://prosody.im/download/package_repository) for both) you might use `recipe[prosody::use_community_repos]` to enable APT repositories maintained by the Prosody community (needs the apt cookbook). +If you want a more recent version of Prosody (Debian Squeeze has 0.7.0 and Wheezy has 0.8.2 but 0.9.2 is available from [here](http://prosody.im/download/package_repository) for both) you might use `recipe[prosody::use_community_repos]` to enable APT repositories maintained by the Prosody community (needs the apt cookbook). ## Limitations @@ -27,11 +27,51 @@ It should work on all OSes that provide a (recent, versions around 0.7.0 or bett ### default -Installs Prosody package, downloads specified additional modules and auxillary files by URL (`node["prosody"]["plugins"]`), creates all necessary VirtualHost definitions in `/etc/prosody/conf.avail`, links the enabled ones into `/etc/prosody/conf.d` (directory automatically included in core config) and generates the core configuration. Finally restarts the service. +Installs Prosody package, downloads specified additional modules and auxillary files by URL (`node["prosody"]["plugins"]`), creates all necessary VirtualHost definitions in `/etc/prosody/conf.avail`, links the enabled ones into `/etc/prosody/conf.d` (directory automatically included in main config) and generates the main configuration dynamically from `node["prosody"]["main"]`. Finally restarts the service. A working Prosody (with one VirtualHost for localhost) is configured by the default attributes. -Your minimal modifications to customize your Prosody should include specifying an admin account JID (`node["prosody"]["admins"]`, it's a list), a VirtualHost for your domain (in `node["prosody"]["hosts"]`) and to enable this VirtualHost (via `node["prosody"]["conf_enabled"]`). +Your minimal modifications to customize your Prosody should include specifying an admin account JID (`node["prosody"]["main"]["admins"]`, it's a list), a VirtualHost for your domain (in `node["prosody"]["hosts"]`) and to enable this VirtualHost (via `node["prosody"]["conf_enabled"]`) like so: + +```json +"prosody": { + "main": { + "admins": ["admin@example.org"] + }, + "conf_enabled": ["example.org"], + "hosts": { + "example.org": {} + } +} +``` + +A more elaborated one would be: + +```json +"prosody": { + "main": { + "admins": ["admin@example.org"], + "use_ipv6": true, + "c2s_require_encryption": true + }, + "conf_enabled": ["example.org"], + "hosts": { + "example.org": { + "proxy65": { + "hostname": "proxy.example.org", + "acl": ["example.org"] + } + } + }, + "plugins": { + "s2s_auth_fingerprint": { + "modules/mod_s2s_auth_fingerprint.lua": "https://prosody-modules.googlecode.com/hg/mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua" + } + } +} +``` + +In general all Prosody options and all options supported and used by any plugin are possible. ### use_community_repos diff --git a/attributes/default.rb b/attributes/default.rb index d7aefff..269f646 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -1,7 +1,7 @@ -default['prosody']['admins'] = ["admin@localhost"] -default['prosody']['use_libevent'] = false -default['prosody']['use_ipv6'] = false -default['prosody']['modules_enabled'] = [ +default['prosody']['main']['admins'] = ["admin@localhost"] +default['prosody']['main']['use_libevent'] = false +default['prosody']['main']['use_ipv6'] = false +default['prosody']['main']['modules_enabled'] = [ # -- Generally required -- "roster", # Allow users to have a roster. Recommended ;) "saslauth", # Authentication for clients and servers. Recommended if you want to log in. @@ -42,23 +42,23 @@ # Debian: do not remove this module, or you lose syslog support "posix" ] -default['prosody']['modules_disabled'] = [ +default['prosody']['main']['modules_disabled'] = [ #"presence", #"message", #"iq" ] -default['prosody']['allow_registration'] = false -default['prosody']['daemonize'] = true -default['prosody']['pidfile'] = "/var/run/prosody/prosody.pid" -default['prosody']['ssl']['key'] = "/etc/prosody/certs/localhost.key" -default['prosody']['ssl']['certificate'] = "/etc/prosody/certs/localhost.crt" -default['prosody']['c2s_require_encryption'] = false -default['prosody']['s2s_require_encryption'] = false -default['prosody']['allow_anonymous_s2s'] = false -default['prosody']['s2s_secure_auth'] = false -default['prosody']['s2s_insecure_domains'] = [] -default['prosody']['s2s_secure_domains'] = [] -default['prosody']['log'] = [ +default['prosody']['main']['allow_registration'] = false +default['prosody']['main']['daemonize'] = true +default['prosody']['main']['pidfile'] = "/var/run/prosody/prosody.pid" +default['prosody']['main']['ssl']['key'] = "/etc/prosody/certs/localhost.key" +default['prosody']['main']['ssl']['certificate'] = "/etc/prosody/certs/localhost.crt" +default['prosody']['main']['c2s_require_encryption'] = false +default['prosody']['main']['s2s_require_encryption'] = false +#default['prosody']['main']['allow_anonymous_s2s'] = false +#default['prosody']['main']['s2s_secure_auth'] = false +#default['prosody']['main']['s2s_insecure_domains'] = [] +#default['prosody']['main']['s2s_secure_domains'] = [] +default['prosody']['main']['log'] = [ { 'levels' => ["error"], 'to' => "syslog" }, { 'levels' => ["error"], 'to' => "file", 'filename' => "/var/log/prosody/prosody.err" }, { 'levels' => { 'min' => "info" }, 'to' => "file", 'filename' => "/var/log/prosody/prosody.log" } diff --git a/libraries/prosody.rb b/libraries/prosody.rb index 0c4d187..0772c66 100644 --- a/libraries/prosody.rb +++ b/libraries/prosody.rb @@ -1,4 +1,58 @@ class Chef::Node + def generate_prosody_cfg + return nil if self['prosody']['main'].nil? + lines = [] + + lines << %Q{-- Prosody Configuration File generated by Chef +-- +-- Information on configuring Prosody can be found on our +-- website at http://prosody.im/doc/configure +-- +-- Tip: You can check that the syntax of this file is correct +-- when you have finished by running: luac -p prosody.cfg.lua +-- If there are any errors, it will let you know what and where +-- they are, otherwise it will keep quiet. +-- +-- The only thing left to do is rename this file to remove the .dist ending, and fill in the +-- blanks. Good luck, and happy Jabbering! + +---------- Server-wide settings ---------- +-- Settings in this section apply to the whole server and are the default settings +-- for any virtual hosts +} + + self['prosody']['main'].each do |key,value| + next if value.nil? # skip nil values -> support deleting a presetted value + lines << "#{key} = #{lua_type(value)};" + end + + lines << %Q{ +-- Loads all configuration files in /etc/prosody/conf.d/ -- +Include "conf.d/*.cfg.lua" +} + + lines << '' + lines.join "\n" + end + + def generate_virtualhost_cfg(host) + return nil if self['prosody']['hosts'][host].nil? + lines = [] + lines << '' + lines << "VirtualHost \"#{host}\"" + + self['prosody']['hosts'][host].each do |component_type,component| + lines << '' + lines << "Component \"#{component['hostname']}\" \"#{component_type}\"" + component.each do |key,value| + next if key == "hostname" + lines << "\t#{key} = #{lua_type(value)};" + end + end + + lines << '' + lines.join "\n" + end def lua_type(v) return lua_string(v) if v.kind_of?(String) diff --git a/recipes/default.rb b/recipes/default.rb index 513a380..2e2df48 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -32,9 +32,8 @@ # place conf for every VirtualHost in conf.avail node['prosody']['hosts'].each do |host_name,host| - template "/etc/prosody/conf.avail/#{host_name}.cfg.lua" do - source "virtualhost.cfg.lua.erb" - variables :node => node, :host_name => host_name, :host => host + file "/etc/prosody/conf.avail/#{host_name}.cfg.lua" do + content node.generate_virtualhost_cfg(host_name) owner "root" group "prosody" mode 00640 @@ -51,9 +50,8 @@ end end -template "/etc/prosody/prosody.cfg.lua" do - source "prosody.cfg.lua.erb" - variables :node => node, :config => node['prosody'] +file "/etc/prosody/prosody.cfg.lua" do + content node.generate_prosody_cfg owner "root" group "prosody" mode 00640 diff --git a/spec/default_spec.rb b/spec/default_spec.rb index e4c076d..d73b80d 100644 --- a/spec/default_spec.rb +++ b/spec/default_spec.rb @@ -46,7 +46,19 @@ end it 'configures prosody' do - expect(chef_run).to create_file "/etc/prosody/prosody.cfg.lua" + expect(chef_run).to create_file_with_content "/etc/prosody/prosody.cfg.lua", "-- Prosody Configuration File generated by Chef" + end + + it 'configures VirtualHosts' do + chef_runner.node.set['prosody']['hosts'] = { + "example.org" => { + "proxy65" => { + "hostname" => "proxy.example.org" + } + } + } + chef_run = chef_runner.converge 'prosody::default' + expect(chef_run).to create_file_with_content "/etc/prosody/conf.avail/example.org.cfg.lua", "Component \"proxy.example.org\" \"proxy65\"" end it 'enables and starts prosody' do diff --git a/templates/default/prosody.cfg.lua.erb b/templates/default/prosody.cfg.lua.erb deleted file mode 100644 index b8e832e..0000000 --- a/templates/default/prosody.cfg.lua.erb +++ /dev/null @@ -1,81 +0,0 @@ --- Prosody Configuration File generated by Chef --- --- Information on configuring Prosody can be found on our --- website at http://prosody.im/doc/configure --- --- Tip: You can check that the syntax of this file is correct --- when you have finished by running: luac -p prosody.cfg.lua --- If there are any errors, it will let you know what and where --- they are, otherwise it will keep quiet. --- --- The only thing left to do is rename this file to remove the .dist ending, and fill in the --- blanks. Good luck, and happy Jabbering! - ----------- Server-wide settings ---------- --- Settings in this section apply to the whole server and are the default settings --- for any virtual hosts - --- This is a (by default, empty) list of accounts that are admins --- for the server. Note that you must create the accounts separately --- (see http://prosody.im/doc/creating_accounts for info) --- Example: admins = { "user1@example.com", "user2@example.net" } -admins = <%= @node.lua_type(@config[:admins]) %>; - --- Enable use of libevent for better performance under high load --- For more information see: http://prosody.im/doc/libevent -use_libevent = <%= @node.lua_type(@config[:use_libevent]) %>; - -use_ipv6 = <%= @node.lua_type(@config[:use_ipv6]) %>; - --- This is the list of modules Prosody will load on startup. --- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. --- Documentation on modules can be found at: http://prosody.im/doc/modules -modules_enabled = <%= @node.lua_type(@config[:modules_enabled]) %>; - --- These modules are auto-loaded, should you --- for (for some mad reason) want to disable --- them then uncomment them below -modules_disabled = <%= @node.lua_type(@config[:modules_disabled]) %>; - --- Disable account creation by default, for security --- For more information see http://prosody.im/doc/creating_accounts -allow_registration = <%= @node.lua_type(@config[:allow_registration]) %>; - --- Debian: --- send the server to background. --- -daemonize = <%= @node.lua_type(@config[:daemonize]) %>; - --- Debian: --- Please, don't change this option since /var/run/prosody/ --- is one of the few directories Prosody is allowed to write to --- -pidfile = <%= @node.lua_type(@config[:pidfile]) %>; - --- These are the SSL/TLS-related settings. If you don't want --- to use SSL/TLS, you may comment or remove this -ssl = <%= @node.lua_type(@config[:ssl]) %>; - --- Require encryption on client/server connections? -c2s_require_encryption = <%= @node.lua_type(@config[:c2s_require_encryption]) %>; -s2s_require_encryption = <%= @node.lua_type(@config[:s2s_require_encryption]) %>; - -allow_anonymous_s2s = <%= @node.lua_type(@config[:allow_anonymous_s2s]) %>; - --- Set the default security policy for s2s connections: -s2s_secure_auth = <%= @node.lua_type(@config[:s2s_secure_auth]) %>; - --- These hosts are allowed to authenticate via weaker mechanisms, such as dialback: -s2s_insecure_domains = <%= @node.lua_type(@config[:s2s_insecure_domains]) %>; - --- Whatever the value of s2s_secure_auth, these domains must always present valid certificates: -s2s_secure_domains = <%= @node.lua_type(@config[:s2s_secure_domains]) %>; - --- Debian: --- all to var/log --- errors to syslog also --- -log = <%= @node.lua_type(@config[:log]) %>; - --- Loads all configuration files in /etc/prosody/conf.d/ -- -Include "conf.d/*.cfg.lua" diff --git a/templates/default/virtualhost.cfg.lua.erb b/templates/default/virtualhost.cfg.lua.erb deleted file mode 100644 index 6f9ec50..0000000 --- a/templates/default/virtualhost.cfg.lua.erb +++ /dev/null @@ -1,21 +0,0 @@ - -VirtualHost "<%= @host_name %>" - -<% if @host[:muc] %> -Component "<%= @host[:muc][:hostname] %>" "muc" - <%= "name = #{@node.lua_type(@host[:muc][:name])};" if @host[:muc][:name] %> - <%= "restrict_room_creation = #{@node.lua_type(@host[:muc][:restrict_room_creation])};" if @host[:muc][:restrict_room_creation] %> - <%= "max_history_messages = #{@node.lua_type(@host[:muc][:max_history_messages])};" if @host[:muc][:max_history_messages] %> -<% end %> - -<% if @host[:proxy65] %> -Component "<%= @host[:proxy65][:hostname] %>" "proxy65" - <%= "proxy65_interface = #{@node.lua_type(@host[:proxy65][:interface])};" if @host[:proxy65][:interface] %> - <%= "proxy65_address = #{@node.lua_type(@host[:proxy65][:address])};" if @host[:proxy65][:address] %> - <%= "proxy65_port = #{@node.lua_type(@host[:proxy65][:port])};" if @host[:proxy65][:port] %> - <%= "proxy65_acl = #{@node.lua_type(@host[:proxy65][:acl])};" if @host[:proxy65][:acl] %> -<% end %> - -<% if @host[:pubsub] %> -Component "<%= @host[:pubsub][:hostname] %>" "pubsub" -<% end %>