Newer
Older
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
# XMPP server
#
# Try to minimize the number of daemon restarts, since that causes
# PEP to break within client apps.
# The two directories for prosody modules seem necessary.
# Trying to remove /usr/lib/prosody/modules causes problems, and that's
# part of the package install.
#
# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
IN_DEFAULT_INSTALL=0
# Whether to strictly enforce end-to-end security for one-to-one chat
XMPP_E2EE=no
# Directory where XMPP settings are stored
XMPP_DIRECTORY="/var/lib/prosody"
XMPP_PASSWORD=
XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"'
XMPP_ECC_CURVE='"secp384r1"'
prosody_latest_version='0.11'
prosody_nightly=11
prosody_nightly_directory=build11
prosody_nightly_hash='2f863d89939a4a5e4e486c05948eea879326d1e9418bfbbfb0b7cbc38f171097'
prosody_filename=prosody-${prosody_latest_version}-1nightly${prosody_nightly}
prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/${prosody_nightly_directory}/${prosody_filename}.tar.gz"
# From https://hg.prosody.im/prosody-modules
prosody_modules_filename='prosody-modules-20181122.tar.gz'
prosody_modules_hash='0066204f9cb2ef5140e11403c2a09dbfe39bc79ab588afd1d00db2e2f98e03a1'
xmpp_encryption_warning=$"For security reasons, OMEMO or PGP encryption is required for conversations on this server."
XMPP_SHORT_DESCRIPTION=$'Chat system'
XMPP_DESCRIPTION=$'Chat system'
XMPP_MOBILE_APP_URL='https://f-droid.org/packages/eu.siacs.conversations'
# commandline utility for notifications
XMPPSEND_REPO="https://code.freedombone.net/bashrc/xmppsend"
XMPPSEND_COMMIT='9401665f40723df779f828d01cc1fa6df28b14c9'
xmpp_variables=(ONION_ONLY
INSTALLED_WITHIN_DOCKER
XMPP_CIPHERS
XMPP_ECC_CURVE
XMPP_ECC_CURVE
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
function prosody_remove_module_from_config {
remove_prosody_module_name="$1"
prosody_config_file="$2"
if [ ! "${remove_prosody_module_name}" ]; then
return
fi
if [ ! -f "${prosody_config_file}" ]; then
echo "Config file ${prosody_config_file} not found when removing module $remove_prosody_module_name"
return
fi
if grep -q "\"${remove_prosody_module_name}\"" "${prosody_config_file}"; then
sed -i "/\"${remove_prosody_module_name}\"/d" "${prosody_config_file}"
xmpp_restart=1
fi
}
function prosody_remove_module {
remove_prosody_module_name="$1"
prosody_remove_module_from_config "${remove_prosody_module_name}" /etc/prosody/prosody.cfg.lua
prosody_remove_module_from_config "${remove_prosody_module_name}" /etc/prosody/conf.avail/xmpp.cfg.lua
}
function prosody_add_module_to_config {
new_prosody_module_name="$1"
prosody_config_file="$2"
add_to_muc="$3"
if [ ! "${new_prosody_module_name}" ]; then
return
fi
if [ ! -f "${prosody_config_file}" ]; then
echo "Config file ${prosody_config_file} not found when adding module $new_prosody_module_name"
return
fi
if ! grep -q "\"${new_prosody_module_name}\"" "$prosody_config_file"; then
sed -i "/\"pep\"/a \"${new_prosody_module_name}\";" "$prosody_config_file"
if [ "$add_to_muc" ]; then
if grep -q "\"muc_limits\"" "$prosody_config_file"; then
sed -i "/\"muc_limits\"/a \"${new_prosody_module_name}\";" "$prosody_config_file"
fi
fi
sed -i "s|\"${new_prosody_module_name}\"| \"${new_prosody_module_name}\"|g" "$prosody_config_file"
xmpp_restart=1
fi
}
function prosody_add_module {
new_prosody_module_name="$1"
add_to_muc="$2"
prosody_add_module_to_config "${new_prosody_module_name}" /etc/prosody/prosody.cfg.lua "$add_to_muc"
prosody_add_module_to_config "${new_prosody_module_name}" /etc/prosody/conf.avail/xmpp.cfg.lua "$add_to_muc"
}
function xmpp_fix_exists {
if ! grep -q "CREATE INDEX IF NOT EXISTS" plugins/mod_storage_sql1.lua; then
sed -i 's|CREATE INDEX|CREATE INDEX IF NOT EXISTS|g' plugins/mod_storage_sql1.lua
fi
if ! grep -q "CREATE INDEX IF NOT EXISTS" util/sql.lua; then
sed -i 's|CREATE INDEX|CREATE INDEX IF NOT EXISTS|g' util/sql.lua
fi
if ! grep -q "CREATE TABLE IF NOT EXISTS" plugins/mod_storage_sql1.lua; then
sed -i 's|CREATE TABLE|CREATE TABLE IF NOT EXISTS|g' plugins/mod_storage_sql1.lua
fi
if ! grep -q "CREATE TABLE IF NOT EXISTS" util/sql.lua; then
sed -i 's|CREATE TABLE|CREATE TABLE IF NOT EXISTS|g' util/sql.lua
fi
}
function xmpp_update_e2e_policy {
filename="$1"
read_config_param DEFAULT_DOMAIN_NAME
read_config_param ONION_ONLY
if ! grep -q "e2e_policy_muc" "$filename"; then
echo "e2e_policy_muc = \"none\"" >> "$filename"
if ! grep -q 'e2e_policy_muc = "none"' "$filename"; then
sed -i 's|e2e_policy_muc.*|e2e_policy_muc = "none"|g' "$filename"
fi
if ! grep -q "e2e_policy_chat" "$filename"; then
if [[ "$XMPP_E2EE" == 'y'* || "$XMPP_E2EE" == 't'* ]]; then
echo "e2e_policy_chat = \"required\"" >> "$filename"
else
echo "e2e_policy_chat = \"optional\"" >> "$filename"
if [[ "$XMPP_E2EE" == 'y'* || "$XMPP_E2EE" == 't'* ]]; then
if ! grep -q 'e2e_policy_chat = "required"' "$filename"; then
sed -i 's|e2e_policy_chat.*|e2e_policy_chat = "required"|g' "$filename"
if ! grep -q 'e2e_policy_chat = "optional"' "$filename"; then
sed -i 's|e2e_policy_chat.*|e2e_policy_chat = "optional"|g' "$filename"
fi
if ! grep -q "e2e_policy_message_required_chat" "$filename"; then
echo "e2e_policy_message_required_chat = \"$xmpp_encryption_warning\"" >> "$filename"
if ! grep -q "e2e_policy_message_required_chat = \"$xmpp_encryption_warning\"" "$filename"; then
sed -i "s|e2e_policy_message_required_chat.*|e2e_policy_message_required_chat = \"$xmpp_encryption_warning\"|g" "$filename"
if ! grep -q "e2e_policy_whitelist" "$filename"; then
echo "e2e_policy_whitelist = { \"notification@$HOSTNAME\" };" >> "$filename"
if ! grep -q "e2e_policy_whitelist = { \"notification@$HOSTNAME\" };" "$filename"; then
sed -i "s|e2e_policy_whitelist.*|e2e_policy_whitelist = { \"notification@$HOSTNAME\" };|g" "$filename"
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_email/hostname)
sed -i "s|VirtualHost \".*.onion.*|VirtualHost \"${XMPP_ONION_HOSTNAME}\"|g" "$filename"
# TLS is not strictly needed for onion transport security
if ! grep -q 'c2s_require_encryption = false' "$filename"; then
sed -i 's|c2s_require_encryption =.*|c2s_require_encryption = false|g' "$filename"
fi
if ! grep -q 's2s_require_encryption = false' "$filename"; then
sed -i 's|s2s_require_encryption =.*|s2s_require_encryption = false|g' "$filename"
function logging_on_xmpp {
if [ ! -d /etc/prosody ]; then
return
fi
if ! grep -q 'info = "/var/log/prosody/prosody.log";' /etc/prosody/prosody.cfg.lua; then
if [ -d /etc/prosody ]; then
if [ ! -d /var/log/prosody ]; then
mkdir /var/log/prosody
chown root:adm /var/log/prosody
fi
if ! grep -q "/var/log/prosody/prosody.log" /etc/prosody/prosody.cfg.lua; then
sed -i 's|info = "/dev/null";|info = "/var/log/prosody/prosody.log";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|error = "/dev/null";|error = "/var/log/prosody/prosody.err";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|levels = { "error" }; to = "/dev/null";|levels = { "info" }; to = "syslog";|g' /etc/prosody/prosody.cfg.lua
touch /var/log/prosody/prosody.log
chown prosody:prosody /var/log/prosody/prosody.log
touch /var/log/prosody/prosody.err
chown prosody:prosody /var/log/prosody/prosody.err
fi
systemctl restart prosody
}
function logging_off_xmpp {
if [ ! -d /etc/prosody ]; then
return
fi
# remove any chat log
read_config_param DEFAULT_DOMAIN_NAME
prosody_chat_domain="chat.${DEFAULT_DOMAIN_NAME}"
# shellcheck disable=SC2001
prosody_chat_domain_str=$(echo "$prosody_chat_domain" | sed 's|\.|%2e|g')
if [ -d "/var/lib/prosody/${prosody_chat_domain_str}/muc_log" ]; then
# shellcheck disable=SC2086
rm -rf /var/lib/prosody/${prosody_chat_domain_str}/muc_log*
if ! grep -q 'muc_log_by_default = false;' /etc/prosody/prosody.cfg.lua; then
sed -i 's|muc_log_by_default.*|muc_log_by_default = false;|g' /etc/prosody/prosody.cfg.lua
logging_restart_prosody=1
fi
if ! grep -q 'muc_log_all_rooms = false;' /etc/prosody/prosody.cfg.lua; then
sed -i 's|muc_log_all_rooms.*|muc_log_all_rooms = false;|g' /etc/prosody/prosody.cfg.lua
logging_restart_prosody=1
fi
if ! grep -q '/dev/null' /etc/prosody/prosody.cfg.lua; then
if [ -d /etc/prosody ]; then
if grep -q "/var/log/prosody/prosody.log" /etc/prosody/prosody.cfg.lua; then
sed -i 's|info = "/var/log/prosody/prosody.log";|info = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|error = "/var/log/prosody/prosody.err";|error = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|levels = { "info" }; to = "syslog";|levels = { "error" }; to = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
$REMOVE_FILES_COMMAND /var/log/prosody/*
rm -rf /var/log/prosody
fi
logging_restart_prosody=1
fi
if [ $logging_restart_prosody ]; then
systemctl restart prosody
function xmpp_add_onion_address {
domain_name="$1"
onion_address="$2"
if [ ${#domain_name} -eq 0 ]; then
return
fi
if [ ${#onion_address} -eq 0 ]; then
return
fi
if ! grep "${onion_address}" /etc/prosody/prosody.cfg.lua; then
if grep -q "[\"${domain_name}\"]" /etc/prosody/prosody.cfg.lua; then
sed -i "s|[\"${domain_name}\"].*|[\"${domain_name}\"] = \"${onion_address}\";|g" /etc/prosody/prosody.cfg.lua
else
sed -i "/onions_map = {/a [\"${domain_name}\"] = \"${onion_address}\";" /etc/prosody/prosody.cfg.lua
fi
systemctl restart prosody
fi
}
function xmpp_add_onion_address_interactive {
dialog --backtitle $"Freedombone Control Panel" \
--title $"Add a clearnet to Onion domain mapping" \
--form $"Sepecify a clearnet domain name and its equivalent onion address\\n" 9 50 2 \
$"Domain:" 1 1 "" 1 18 26 25 \
$"Onion address:" 2 1 "" 2 18 26 25 \
domain_name=$(sed -n 1p < "$data")
onion_address=$(sed -n 2p < "$data")
rm -f "$data"
if [[ "$onion_address" != *".onion" ]]; then
return
fi
if [[ "$domain_name" != *"."* ]]; then
return
fi
xmpp_add_onion_address "$domain_name" "$onion_address"
dialog --title $"Add a clearnet to Onion domain mapping" \
--msgbox $"${domain_name} -> ${onion_address} added" 6 70
}
function xmpp_remove_onion_address {
domain_name="$1"
if [ ${#domain_name} -eq 0 ]; then
return
fi
if grep -q "[\"${domain_name}\"]" /etc/prosody/prosody.cfg.lua; then
sed -i "/[\"${domain_name}\"]/d" /etc/prosody/prosody.cfg.lua
fi
if grep -q "= \"${domain_name}\";" /etc/prosody/prosody.cfg.lua; then
sed -i "/= \"${domain_name}\";/d" /etc/prosody/prosody.cfg.lua
xmpp_changed=1
fi
if [ $xmpp_changed ]; then
systemctl restart prosody
fi
}
function xmpp_remove_onion_address_interactive {
dialog --title $"Remove clearnet to Onion domain mapping" \
--backtitle $"Freedombone Control Panel" \
--inputbox $'Enter the domain name or onion address to be removed' 8 60 2>"$data"
if [[ "$domain_name" != *"."* ]]; then
return
fi
xmpp_remove_onion_address "$domain_name"
dialog --title $"Remove a clearnet to Onion domain mapping" \
--msgbox $"${domain_name} removed" 6 70
;;
esac
}
function configure_interactive_xmpp {
e2ee_policy=$'optional'
if [[ "$XMPP_E2EE" == 'y'* || "$XMPP_E2EE" == 't'* ]]; then
e2ee_policy=$'required'
fi
W=(1 $"End-to-end security policy: $e2ee_policy"
2 $"Add a clearnet to onion domain mapping"
3 $"Remove a clearnet to onion domain mapping")
selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"XMPP" --menu $"Choose an operation, or ESC to exit:" 11 60 3 "${W[@]}" 3>&2 2>&1 1>&3)
if [ ! "$selection" ]; then
break
fi
case $selection in
1) if [[ "$XMPP_E2EE" == 'y'* || "$XMPP_E2EE" == 't'* ]]; then
XMPP_E2EE='no'
else
XMPP_E2EE='yes'
fi
write_config_param 'XMPP_E2EE' "$XMPP_E2EE"
xmpp_update_e2e_policy /etc/prosody/conf.avail/xmpp.cfg.lua
xmpp_update_e2e_policy /etc/prosody/prosody.cfg.lua
systemctl restart prosody
e2ee_policy=$'optional'
if [[ "$XMPP_E2EE" == 'y'* || "$XMPP_E2EE" == 't'* ]]; then
e2ee_policy=$'required'
fi
dialog --title $"xmpp end-to-end security policy" \
--msgbox $"The security policy has been changed to $e2ee_policy" 6 70
;;
2) xmpp_add_onion_address_interactive;;
3) xmpp_remove_onion_address_interactive;;
function remove_user_xmpp {
remove_username="$1"
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp xmpp
if [[ "$ONION_ONLY" != "no" ]]; then
DOMAIN=$(cat /var/lib/tor/hidden_service_email/hostname)
prosodyctl deluser "${remove_username}@${DOMAIN}"
function add_user_xmpp_client {
new_username="$1"
new_user_password="$2"
if [ -f /usr/local/bin/profanity ]; then
XMPP_CLIENT_DIR=/home/$new_username/.local/share/profanity
XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
if [ ! -d "$XMPP_CLIENT_DIR" ]; then
mkdir -p "$XMPP_CLIENT_DIR"
if [ ! -d "/home/$new_username/.config/profanity" ]; then
mkdir -p "/home/$new_username/.config/profanity"
fi
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$new_username" "$new_username@$HOSTNAME")
{ echo "[${new_username}@${HOSTNAME}]";
echo 'enabled=true';
echo "jid=${new_username}@${HOSTNAME}";
echo "server=$XMPP_ONION_HOSTNAME";
echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID";
echo 'resource=profanity';
echo "muc.service=conference.${HOSTNAME}";
echo "muc.nick=${new_username}";
echo 'presence.last=online';
echo 'presence.login=online';
echo 'priority.online=0';
echo 'priority.chat=0';
echo 'priority.away=0';
echo 'priority.xa=0';
echo 'priority.dnd=0'; } > "$XMPP_CLIENT_ACCOUNTS"
echo '[connection]' > "/home/$new_username/.config/profanity/profrc"
if [[ $ONION_ONLY != "no" ]]; then
echo "account=${new_username}@${XMPP_ONION_HOSTNAME}" >> "/home/$new_username/.config/profanity/profrc"
echo "account=${new_username}@${HOSTNAME}" >> "/home/$new_username/.config/profanity/profrc"
{ echo '';
echo '[plugins]';
echo 'load=prof_omemo_plugin.py;';
echo '';
echo '[otr]';
echo 'policy=opportunistic';
echo 'log=off';
echo '';
echo '[pgp]';
echo 'log=off';
echo '';
echo '[ui]';
echo 'enc.warn=true'; } >> "/home/$new_username/.config/profanity/profrc"
chown -R "$new_username":"$new_username" "/home/$new_username/.local"
chown -R "$new_username":"$new_username" "/home/$new_username/.config"
XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_email/hostname)
"${PROJECT_NAME}-pass" -u "$new_username" -a xmpp -p "$new_user_password"
DOMAIN_NAME=$XMPP_ONION_HOSTNAME
EMAIL_ADDRESS="$new_username@$DOMAIN_NAME"
if [ ${#new_user_password} -eq 0 ]; then
if ! prosodyctl register "$new_username" "$DOMAIN_NAME" "$new_user_password"; then
exit 653456375
fi
fi
add_user_xmpp_client "$new_username" "$new_user_password"
function install_interactive_xmpp {
echo -n ''
curr_username="$1"
new_user_password="$2"
read_config_param DEFAULT_DOMAIN_NAME
"${PROJECT_NAME}-pass" -u "$curr_username" -a xmpp -p "$new_user_password"
# TODO: this is currently interactive. Really there needs to be a
# non-interactive password change option for prosodyctl
clear
echo ''
echo $'Currently Prosody requires password changes to be done interactively'
if [ -f /usr/local/bin/profanity ]; then
XMPP_CLIENT_DIR=/home/$curr_username/.local/share/profanity
XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
if [ -f "$XMPP_CLIENT_ACCOUNTS" ]; then
sed -i "s|password=.*|password=$new_user_password|g" "$XMPP_CLIENT_ACCOUNTS"
if [ ! -d /var/lib/prosody/prosody-modules ]; then
return
fi
fi
if [ ! -d /usr/lib/prosody ]; then
return
fi
if [ -f "$HOME/${PROJECT_NAME}/image_build/$prosody_modules_filename" ]; then
cp "$HOME/${PROJECT_NAME}/image_build/$prosody_modules_filename" "$INSTALL_DIR"
if [ -f "/home/$MY_USERNAME/${PROJECT_NAME}/image_build/$prosody_modules_filename" ]; then
cp "/home/$MY_USERNAME/${PROJECT_NAME}/image_build/$prosody_modules_filename" "$INSTALL_DIR"
if [ -f "$INSTALL_DIR/$prosody_modules_filename" ]; then
cd "$INSTALL_DIR" || exit 246824684
curr_hash=$(sha256sum "$INSTALL_DIR/$prosody_modules_filename" | awk -F ' ' '{print $1}')
if [[ "$curr_hash" != "$prosody_modules_hash" ]]; then
echo $'Prosody modules hash does not match'
if [ -d "$INSTALL_DIR/prosody-modules" ]; then
rm -rf "$INSTALL_DIR/prosody-modules"
fi
tar -xzvf $prosody_modules_filename
systemctl stop prosody
if [ ! -d /var/lib/prosody/prosody-modules ]; then
cp -r "$INSTALL_DIR/prosody-modules/"* /var/lib/prosody/prosody-modules/
cp -r "$INSTALL_DIR/prosody-modules/"* /usr/lib/prosody/modules/
chown -R prosody:prosody /var/lib/prosody/prosody-modules
chown -R prosody:prosody /usr/lib/prosody/modules
systemctl start prosody
else
echo $'Prosody modules not extracted'
exit 72524
prosody_add_module 's2s_blacklist' muc
prosody_add_module 'firewall'
prosody_add_module 'block_strangers'
if grep -q '"mam_muc";' /etc/prosody/prosody.cfg.lua; then
sed -i '/"mam_muc";/d' /etc/prosody/prosody.cfg.lua
function prosody_daemon_restart_script {
# On rare occasions the daemon appears to get stuck
# i.e. still active, but not accepting connections
# This ensures that it will unstick itself at least once per day
if [ -f /etc/cron.daily/prosody ]; then
rm /etc/cron.daily/prosody
fi
if [ ! -f /etc/cron.hourly/prosody ]; then
{ echo '#!/bin/bash';
echo "is_active=\$(systemctl is-active prosody)";
echo "if [[ \"\$is_active\" != 'active' ]]; then";
echo ' systemctl restart prosody'
echo 'fi'; } > /etc/cron.hourly/prosody
chmod +x /etc/cron.hourly/prosody
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
function configure_xmppsend {
$INSTALL_PACKAGES libstrophe-dev
if [ ! -d "$INSTALL_DIR" ]; then
mkdir -p "$INSTALL_DIR"
fi
cd "$INSTALL_DIR" || return
git clone $XMPPSEND_REPO "$INSTALL_DIR/xmppsend"
cd "$INSTALL_DIR/xmppsend" || return
git checkout "$XMPPSEND_COMMIT" -b "$XMPPSEND_COMMIT"
if ! make; then
echo $'Unable to build xmppsend'
return
fi
make install
set_completion_param "xmppsend commit" "$XMPPSEND_COMMIT"
}
function upgrade_xmppsend {
CURR_XMPPSEND_COMMIT=$(get_completion_param "xmppsend commit")
if [[ "$CURR_XMPPSEND_COMMIT" == "$XMPPSEND_COMMIT" ]]; then
return
fi
if [ ! -d "$INSTALL_DIR/xmppsend" ]; then
configure_xmppsend
else
cd "$INSTALL_DIR/xmppsend" || return
git stash
git checkout master
git pull
git checkout "$XMPPSEND_COMMIT" -b "$XMPPSEND_COMMIT"
make install
set_completion_param "xmppsend commit" "$XMPPSEND_COMMIT"
fi
}
function upgrade_xmpp {
prosody_groups=$(groups prosody)
if [[ "$prosody_groups" != *'ssl-cert'* ]]; then
usermod -a -G ssl-cert prosody
fi
read_config_param XMPP_E2EE
xmpp_update_e2e_policy /etc/prosody/conf.avail/xmpp.cfg.lua
xmpp_update_e2e_policy /etc/prosody/prosody.cfg.lua
function_check update_prosody_modules
update_prosody_modules
xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
xmpp_server_blacklist /etc/prosody/prosody.cfg.lua
if ! grep -q 'filter_words =' /etc/prosody/prosody.cfg.lua; then
echo 'filter_words = {}' >> /etc/prosody/prosody.cfg.lua
xmpp_restart=1
fi
prosody_add_module "csi_compat"
# remove omemo_all_access
# This isn't needed with prosody 0.11+
prosody_remove_module "omemo_all_access"
prosody_remove_module "muc_log"
prosody_remove_module "muc_log_http"
# handling avatars
prosody_remove_module "pep_vcard_avatar"
prosody_remove_module "vcard"
prosody_add_module "profile"
if grep -q "/etc/ssl/certs/xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam
chown prosody:prosody /etc/prosody/xmpp.dhparam
sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/prosody.cfg.lua
sed -i 's|/etc/ssl/certs/xmpp.dhparam|/etc/prosody/xmpp.dhparam|g' /etc/prosody/conf.avail/xmpp.cfg.lua
fi
if grep -q "/etc/ssl/private/xmpp.key" /etc/prosody/prosody.cfg.lua; then
if [ -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem" ]; then
sed -i "s|/etc/ssl/private/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
fi
fi
if grep -q "/etc/ssl/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then
if [ -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
sed -i "s|/etc/ssl/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
curr_prosody_filename=$(grep "prosody_filename" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
if [[ "$curr_prosody_filename" != "$prosody_filename" ]]; then
# ensure that the binaries have not been overwritten
# by an operating system upgrade
# Try to get the source from the project repo
if [ -f "/root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz" ]; then
cp "/root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz" .
if [ -f "/home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz" ]; then
cp "/home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz" .
else
wget $prosody_nightly_url
fi
fi
echo $"Failed to download prosody nightly $prosody_nightly_url"
return
hash_value=$(sha256sum "${INSTALL_DIR}/${prosody_filename}.tar.gz" | awk -F ' ' '{print $1}')
if [[ "$hash_value" != "$prosody_nightly_hash" ]]; then
echo $'Unexpected hash value for prosody nightly download'
return
fi
tar -xzvf "${INSTALL_DIR}/${prosody_filename}.tar.gz"
cd "${INSTALL_DIR}/${prosody_filename}" || exit 246872468246
./configure --ostype=debian --prefix=/usr
make prefix=/usr
make prefix=/usr install
if [ -f /usr/local/bin/prosody ]; then
echo $'Failed to build prosody nightly to /usr/bin'
rm "${INSTALL_DIR}/${prosody_filename}.tar.gz"
rm -rf "${INSTALL_DIR:?}/${prosody_filename}"
# add onion addresses for known servers
if ! grep -q "onions_map =" /etc/prosody/prosody.cfg.lua; then
echo '' >> /etc/prosody/prosody.cfg.lua
xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
set_completion_param "prosody_filename" "${prosody_filename}"
if [ $xmpp_restart ]; then
cp -r "$INSTALL_DIR/prosody-modules/"* /var/lib/prosody/prosody-modules/
chown -R prosody:prosody /var/lib/prosody/prosody-modules
systemctl restart prosody
fi
if [ -d $source_directory ]; then
dest_directory=xmpp
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
fi
temp_restore_dir=/root/tempxmpp
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir xmpp
if [ -d $temp_restore_dir/var/lib/prosody ]; then
cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
else
cp -r $temp_restore_dir/* /var/lib/prosody/
fi
if [ ! "$?" = "0" ]; then
function_check set_user_permissions
set_user_permissions
function_check backup_unmount_drive
backup_unmount_drive
exit 725
fi
rm -rf $temp_restore_dir
chown -R prosody:prosody /var/lib/prosody/*
function configure_firewall_for_xmpp {
if [ ! -d /etc/prosody ]; then
return
fi
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
firewall_add XMPP 5222 tcp
firewall_add XMPP 5223 tcp
firewall_add XMPP 5269 tcp
firewall_add XMPP 5280 tcp
firewall_add XMPP 5281 tcp
remove_profanity
firewall_remove 5222 tcp
firewall_remove 5223 tcp
firewall_remove 5269 tcp
firewall_remove 5280 tcp
firewall_remove 5281 tcp
Bob Mottram
committed
rm /etc/cron.daily/prosody
if [ -f "$INSTALL_DIR/$prosody_modules_filename" ]; then
rm "$INSTALL_DIR/$prosody_modules_filename"
if [ -d "$INSTALL_DIR/prosody-modules" ]; then
rm -rf "$INSTALL_DIR/prosody-modules"
if [ -d /etc/prosody ]; then
rm -rf /etc/prosody
fi
if [ -d /var/lib/prosody ]; then
rm -rf /var/lib/prosody
fi
if [ -d /usr/lib/prosody ]; then
rm -rf /usr/lib/prosody
fi
if [ -f /usr/local/bin/prosody ]; then
rm /usr/local/bin/prosody
fi
if [ -f /usr/local/bin/prosodyctl ]; then
rm /usr/local/bin/prosodyctl
fi
sed -i '/xmpp/d' "$COMPLETION_FILE"
sed -i '/prosody/d' "$COMPLETION_FILE"
rm /etc/avahi/services/xmpp.service
rm /etc/avahi/services/xmpp-server.service
systemctl restart avahi-daemon
function xmpp_contact_info {
filename="$1"
if grep -q "contact_info =" "$filename"; then
return
fi
{ echo 'contact_info = {';
echo "abuse = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
echo "admin = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
echo "feedback = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
echo "security = { \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
echo "support = { \"xmpp:${MY_USERNAME}@${HOSTNAME}\" };";
echo '};'; } >> "$filename"
echo ' "pubsub";';
echo ' "pubsub_hub";';
echo ' "dialback"; -- s2s dialback support';
echo ' "disco"; -- Service discovery';
echo ' "private"; -- Private XML storage (for room bookmarks, etc.)';
echo ' "version"; -- Replies to server version requests';
echo ' "uptime"; -- Report how long server has been running';
echo ' "time"; -- Let others know the time here on this server';
echo ' "ping"; -- Replies to XMPP pings with pongs';
echo ' "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands';
echo ' "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.';
echo ' "bosh"; -- Enable mod_bosh';
echo ' "tls"; -- Enable mod_tls';
echo ' "saslauth"; -- Enable mod_saslauth';
echo ' "onions"; -- Enable chat via onion service';
echo ' "mam"; -- Message archive management';
echo ' "csi"; -- Client state indication (CSI)';
echo ' "csi_compat"; -- CSI for older clients';
echo ' "csi_battery_saver"; -- Extra CSI battery saving';
echo ' "carbons"; -- Message carbons';
echo ' "carbons_adhoc"; -- Message carbons';
echo ' "carbons_copies"; -- Message carbons';
echo ' "smacks"; -- Stream management';
echo ' "smacks_offline"; -- Stream management';
echo ' "pep"; -- Personal Eventing Protocol (to support OMEMO)';
echo ' "firewall"; -- Block addresses';
echo ' "e2e_policy"; -- To support OMEMO';
echo ' "blocklist"; -- Privacy lists';
echo ' "s2s_blacklist"; -- Blacklist particular servers';
echo ' "privacy_lists"; -- Privacy lists';
echo ' "blocking"; -- Blocking command';
Bob Mottram
committed
echo ' "block_strangers"; -- Dont allow messages from strangers';
echo ' "roster"; -- Roster versioning';
echo ' "offline_email"; -- If offline send to email';
echo ' "offline"; -- Store offline messages';
echo ' "http";';
echo ' "http_upload";';
echo ' "websocket";';
echo ' "throttle_presence"; -- Reduce battery and bandwidth usage';
echo ' "filter_chatstates"; -- Reduce battery and bandwidth usage';
echo '};'; } >> "$filename"