/
hologram-bethselamin-prosody.pkg.toml
78 lines (67 loc) · 2.34 KB
/
hologram-bethselamin-prosody.pkg.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
[package]
name = "hologram-bethselamin-prosody"
version = "1.0.1"
description = "hologram: Prosody on Bethselamin"
requires = [
"prosody",
"lua51-sec", # TLS encryption support
"lua51-zlib", # compression support
]
# make sure that ca-certificates-cacert is installed, for remote servers that are CAcert-signed
provides = [ "a-decision-regarding-cacert" ]
conflicts = [ "hologram-disable-cacert" ]
[[file]]
path = "/usr/share/holo/files/50-bethselamin/etc/prosody/prosody.cfg.lua"
content = '''
daemonize = true;
pidfile = "/run/prosody/prosody.pid";
log = { "*syslog"; };
c2s_require_encryption = true;
s2s_require_encryption = true;
s2s_secure_auth = false; -- TODO: not all remotes are correctly signed
authentication = "internal_hashed";
admins = { "stefan@bethselamin.de" };
modules_disabled = {};
modules_enabled = {
-- POSIX functionality (needs to be first to get the rest of the startup in syslog)
"posix";
-- user-facing features
"roster"; "private"; "vcard";
-- all the crypto
"saslauth"; "tls";
-- s2s dialback support
"dialback";
-- service discovery
"disco";
-- registration is disabled, but this allows users to change their password
"register";
-- this is apparently needed for Conversations to work
"ping";
};
allow_registration = false;
VirtualHost "bethselamin.de"
ssl = {
key = "/etc/prosody/certs/bethselamin.de.key";
certificate = "/etc/prosody/certs/bethselamin.de.crt";
};
'''
[[symlink]]
path = "/etc/systemd/system/multi-user.target.wants/prosody.service"
target = "/usr/lib/systemd/system/prosody.service"
[[file]]
path = "/etc/letsencrypt-allofthem/prosody.sh"
mode = "0755"
content = '''
#!/bin/sh
grep -o '/etc/letsencrypt/live/[^/]\+' /etc/letsencrypt-allofthem/then/prosody.sh | cut -d/ -f5 | sort -u
'''
[[file]]
path = "/etc/letsencrypt-allofthem/then/prosody.sh"
mode = "0755"
content = '''
#!/bin/sh
cp /etc/letsencrypt/live/bethselamin.de/privkey.pem /etc/prosody/certs/bethselamin.de.key
cp /etc/letsencrypt/live/bethselamin.de/fullchain.pem /etc/prosody/certs/bethselamin.de.crt
chown prosody:prosody /etc/prosody/certs/*
chmod 0400 /etc/prosody/certs/*
'''