From 3bbfb8a253b0af050e13a598c7c7c192b749d35d Mon Sep 17 00:00:00 2001 From: Christian Elberfeld <elberfeld@web.de> Date: Mon, 7 Feb 2022 17:05:01 +0100 Subject: [PATCH] Remove Jabber --- host_vars/webserver | 3 - site.yml | 9 +- webserver/docker_jabber/tasks/main.yaml | 46 ---- .../templates/docker-compose.yml | 60 ------ .../prosody-modules/.hg_archival.txt | 6 - .../templates/prosody-modules/.hgtags | 2 - .../templates/prosody-modules/.luacheckrc | 81 ------- .../templates/prosody-modules/README | 31 --- .../mod_roster_allinall/README.markdown | 21 -- .../mod_roster_allinall.lua | 42 ---- .../docker_jabber/templates/prosody.cfg.lua | 204 ------------------ 11 files changed, 4 insertions(+), 501 deletions(-) delete mode 100644 webserver/docker_jabber/tasks/main.yaml delete mode 100644 webserver/docker_jabber/templates/docker-compose.yml delete mode 100644 webserver/docker_jabber/templates/prosody-modules/.hg_archival.txt delete mode 100644 webserver/docker_jabber/templates/prosody-modules/.hgtags delete mode 100644 webserver/docker_jabber/templates/prosody-modules/.luacheckrc delete mode 100644 webserver/docker_jabber/templates/prosody-modules/README delete mode 100644 webserver/docker_jabber/templates/prosody-modules/mod_roster_allinall/README.markdown delete mode 100644 webserver/docker_jabber/templates/prosody-modules/mod_roster_allinall/mod_roster_allinall.lua delete mode 100644 webserver/docker_jabber/templates/prosody.cfg.lua diff --git a/host_vars/webserver b/host_vars/webserver index d2fbb87f..6e324a7c 100644 --- a/host_vars/webserver +++ b/host_vars/webserver @@ -35,11 +35,8 @@ webserver_domains: - "autodiscover.warpzone.ms" - "autoconfig.warpzone.ms" - "gitlab.warpzone.ms" - - "jabber.warpzone.ms" - "matrix.warpzone.ms" - "mailserver.warpzone.ms" - - "muc.jabber.warpzone.ms" - - "proxy.jabber.warpzone.ms" - "ldap.warpzone.ms" - "keycloak.warpzone.ms" - "md.warpzone.ms" diff --git a/site.yml b/site.yml index c80602b6..2865354b 100644 --- a/site.yml +++ b/site.yml @@ -60,6 +60,10 @@ servicename: ldap } - { role: common/nginx, tags: nginx } + - { + role: warpsrvint/samba, + tags: samba + } - { role: warpsrvint/docker_esphome, tags: esphome, @@ -163,11 +167,6 @@ servicename: "hackmd", domain: "md.warpzone.ms" } - - { - role: webserver/docker_jabber, tags: jabber, - servicename: "jabber", - domain: "jabber.warpzone.ms" - } - { role: webserver/docker_keycloak, tags: keycloak, servicename: "keycloak", diff --git a/webserver/docker_jabber/tasks/main.yaml b/webserver/docker_jabber/tasks/main.yaml deleted file mode 100644 index 5dbd12c3..00000000 --- a/webserver/docker_jabber/tasks/main.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Create folders -- name: create folder struct for jabber - file: - path: "{{ item }}" - state: "directory" - with_items: - - "/srv/jabber/" - -- name: create folder struct for jabber with correct rights for prosody - file: - path: "{{ item }}" - state: "directory" - owner: 102 - group: 106 - recurse: yes - with_items: - - "/srv/jabber/logs" - - "/srv/jabber/data" - - "/srv/jabber/etc" - - "/srv/jabber/certs" - -# create files -- name: Docker Konfig-Datei erstellen - template: - src: "docker-compose.yml" - dest: "/srv/jabber/docker-compose.yml" - -- name: Prosody Config anlegen - template: - src: "prosody.cfg.lua" - dest: "/srv/jabber/etc/prosody.cfg.lua" - - # copy community modules -- name: copy prosody community modules - synchronize: - src: templates/prosody-modules - dest: /srv/jabber/data/ - -# start docker -- name: start jabber-test docker - docker_compose: - project_src: /srv/jabber/ - state: present - - diff --git a/webserver/docker_jabber/templates/docker-compose.yml b/webserver/docker_jabber/templates/docker-compose.yml deleted file mode 100644 index 05274f74..00000000 --- a/webserver/docker_jabber/templates/docker-compose.yml +++ /dev/null @@ -1,60 +0,0 @@ - -version: "2.4" - -services: - - app: - - image: prosody/prosody:0.11.7 - restart: always - ports: - - "5222:5222" - - "5269:5269" - volumes: - - /srv/jabber/etc:/etc/prosody - - /srv/jabber/logs:/var/log/prosody - - /srv/jabber/data:/var/lib/prosody - # mount the certificates created by lets encrypt - # Der Certdumper erzeugt ein Zertifikat mit san-Einträgen - # In Jabber müssen diese jedoch als einzelne dateien vorliegen - - /srv/jabber/certs/key.pem:/etc/prosody/certs/jabber.warpzone.ms.key - - /srv/jabber/certs/cert.pem:/etc/prosody/certs/jabber.warpzone.ms.crt - - /srv/jabber/certs/key.pem:/etc/prosody/certs/muc.jabber.warpzone.ms.key - - /srv/jabber/certs/cert.pem:/etc/prosody/certs/muc.jabber.warpzone.ms.crt - - /srv/jabber/certs/key.pem:/etc/prosody/certs/proxy.jabber.warpzone.ms.key - - /srv/jabber/certs/cert.pem:/etc/prosody/certs/proxy.jabber.warpzone.ms.crt - networks: - - default - - traefik-certdumper: - image: humenius/traefik-certs-dumper - command: --restart-containers jabber_app-1 - volumes: - # mount the folder which contains Traefik's `acme.json' file - - /srv/traefik/acme.json:/traefik/acme.json:ro - # mount SSL folder - - /srv/jabber/certs:/output:rw - # Docker API for Container restart - - /var/run/docker.sock:/var/run/docker.sock:ro - environment: - - DOMAIN=jabber.warpzone.ms - labels: - - traefik.enable=true - - traefik.http.routers.{{ servicename }}.rule=(Host(`{{ domain }}`) || Host(`muc.{{ domain }}`) || Host(`proxy.{{ domain }}`)) - - traefik.http.routers.{{ servicename }}.entrypoints=websecure - - traefik.http.services.{{ servicename }}.loadbalancer.server.port=0 - networks: - - default - - web - -networks: - web: - external: true - default: - driver: bridge - enable_ipv6: true - ipam: - driver: default - config: - # must be a ULA range - - subnet: fd00:dead:beef:5222::/64 diff --git a/webserver/docker_jabber/templates/prosody-modules/.hg_archival.txt b/webserver/docker_jabber/templates/prosody-modules/.hg_archival.txt deleted file mode 100644 index e35bfa43..00000000 --- a/webserver/docker_jabber/templates/prosody-modules/.hg_archival.txt +++ /dev/null @@ -1,6 +0,0 @@ -repo: 010452cfaf5370b32e09f46a51e226ddb1f56817 -node: 97b30fec709cf2851f78636b7650acd9a6f63378 -branch: default -latesttag: last-google-code-commit -latesttagdistance: 1189 -changessincelatesttag: 1213 diff --git a/webserver/docker_jabber/templates/prosody-modules/.hgtags b/webserver/docker_jabber/templates/prosody-modules/.hgtags deleted file mode 100644 index 17153119..00000000 --- a/webserver/docker_jabber/templates/prosody-modules/.hgtags +++ /dev/null @@ -1,2 +0,0 @@ -2c07bcf56a36d6e74dc0f5422e89bd61f4d31239 0.8-diverge -1656d4fd71d07aa3a52da89d4daf7723a555e7dd last-google-code-commit diff --git a/webserver/docker_jabber/templates/prosody-modules/.luacheckrc b/webserver/docker_jabber/templates/prosody-modules/.luacheckrc deleted file mode 100644 index c49bf951..00000000 --- a/webserver/docker_jabber/templates/prosody-modules/.luacheckrc +++ /dev/null @@ -1,81 +0,0 @@ -cache = true -allow_defined_top = true -unused_secondaries = false -codes = true -ignore = { "411/err", "421/err", "411/ok", "421/ok", "211/_ENV" }; -read_globals = { - "prosody", - "hosts", - "import", - - -- Module instance - "module.name", - "module.host", - "module._log", - "module.log", - "module.event_handlers", - "module.reloading", - "module.saved_state", - "module.global", - "module.path", - - -- Module API - "module.add_extension", - "module.add_feature", - "module.add_identity", - "module.add_item", - "module.add_timer", - "module.broadcast", - "module.context", - "module.depends", - "module.fire_event", - "module.get_directory", - "module.get_host", - "module.get_host_items", - "module.get_host_type", - "module.get_name", - "module.get_option", - "module.get_option_array", - "module.get_option_boolean", - "module.get_option_inherited_set", - "module.get_option_number", - "module.get_option_path", - "module.get_option_set", - "module.get_option_string", - "module.handle_items", - "module.hook", - "module.hook_global", - "module.hook_object_event", - "module.hook_tag", - "module.load_resource", - "module.measure", - "module.measure_event", - "module.measure_global_event", - "module.measure_object_event", - "module.open_store", - "module.provides", - "module.remove_item", - "module.require", - "module.send", - "module.set_global", - "module.shared", - "module.unhook", - "module.unhook_object_event", - "module.wrap_event", - "module.wrap_global", - "module.wrap_object_event", - - -- mod_http API - "module.http_url", -} -globals = { - -- Methods that can be set on module API - "module.unload", - "module.add_host", - "module.load", - "module.add_host", - "module.save", - "module.restore", - "module.command", - "module.environment", -} diff --git a/webserver/docker_jabber/templates/prosody-modules/README b/webserver/docker_jabber/templates/prosody-modules/README deleted file mode 100644 index 9cc46b90..00000000 --- a/webserver/docker_jabber/templates/prosody-modules/README +++ /dev/null @@ -1,31 +0,0 @@ -prosody-modules -=============== - -*Add-on modules for Prosody IM Server* - --------------------------------------------------------------------------- - -Community repository for non-core, unofficial and/or experimental plugins -for [Prosody][]. - -If you are a developer and would like to host your Prosody module in this -repository, or want to contribute to existing modules, simply introduce -yourself and request commit access on our [mailing list][]. - -Notes for users ----------------- - -There are lots of fun and exciting modules to be found here, we know -you'll like it. However please note that each module is in a different -state of development. Some are proof-of-concept, others are quite stable -and ready for production use. Be sure to read the wiki page of any -module before installing it on your server. - -We are working on methods to easily download and install modules from -this repository. In the meantime most modules are either a single file -and easy to install, or contain installation instructions on their wiki -page. You can browse the files stored in this repository at -<https://hg.prosody.im/prosody-modules>. - -[Prosody]: https://prosody.im/ -[mailing list]: https://prosody.im/discuss diff --git a/webserver/docker_jabber/templates/prosody-modules/mod_roster_allinall/README.markdown b/webserver/docker_jabber/templates/prosody-modules/mod_roster_allinall/README.markdown deleted file mode 100644 index 9890b0c4..00000000 --- a/webserver/docker_jabber/templates/prosody-modules/mod_roster_allinall/README.markdown +++ /dev/null @@ -1,21 +0,0 @@ ---- -labels: -... - -Introduction -============ - -This module is similar in purpouse to mod\_groups, for when you want all -users on the server to be in each others roster. - -Details -======= - -Upon login, this module will add all currently logged in users to the -logging in users roster. - -Configuration -============= - -Just add it to the modules\_enabled, after that there is no further -configuration. diff --git a/webserver/docker_jabber/templates/prosody-modules/mod_roster_allinall/mod_roster_allinall.lua b/webserver/docker_jabber/templates/prosody-modules/mod_roster_allinall/mod_roster_allinall.lua deleted file mode 100644 index 71b39522..00000000 --- a/webserver/docker_jabber/templates/prosody-modules/mod_roster_allinall/mod_roster_allinall.lua +++ /dev/null @@ -1,42 +0,0 @@ -local rostermanager = require"core.rostermanager"; -local jid_join = require"util.jid".join; -local host = module.host; -local sessions = prosody.hosts[host].sessions; - --- Make a *one-way* subscription. User will see when contact is online, --- contact will not see when user is online. -local function subscribe(user, contact) - local user_jid, contact_jid = jid_join(user, host), jid_join(contact, host); - - -- Update user's roster to say subscription request is pending... - rostermanager.set_contact_pending_out(user, host, contact_jid); - -- Update contact's roster to say subscription request is pending... - rostermanager.set_contact_pending_in(contact, host, user_jid); - -- Update contact's roster to say subscription request approved... - rostermanager.subscribed(contact, host, user_jid); - -- Update user's roster to say subscription request approved... - rostermanager.process_inbound_subscription_approval(user, host, contact_jid); - - -- Push updates to both rosters - rostermanager.roster_push(user, host, contact_jid); - rostermanager.roster_push(contact, host, user_jid); -end - - -module:hook("resource-bind", function(event) - local session = event.session; - local user = session.username; - local user_jid = jid_join(user, host); - for contact in pairs(sessions) do - if contact ~= user then - local contact_jid = jid_join(contact, host); - if not rostermanager.is_contact_subscribed(user, host, contact_jid) then - subscribe(contact, user); - end - if not rostermanager.is_contact_subscribed(contact, host, user_jid) then - subscribe(user, contact); - end - end - end -end); - diff --git a/webserver/docker_jabber/templates/prosody.cfg.lua b/webserver/docker_jabber/templates/prosody.cfg.lua deleted file mode 100644 index 81ea01e4..00000000 --- a/webserver/docker_jabber/templates/prosody.cfg.lua +++ /dev/null @@ -1,204 +0,0 @@ ----------- Server-wide settings ---------- --- Settings in this section apply to the whole server and are the default settings --- for any virtual hosts - --- This is a (by default, empty) list of accounts that are admins --- for the server. Note that you must create the accounts separately --- (see https://prosody.im/doc/creating_accounts for info) --- Example: admins = { "user1@example.com", "user2@example.net" } -admins = { "sandzwerg@jabber.warpzone.ms", "void@jabber.warpzone.ms" } - --- Enable use of libevent for better performance under high load --- For more information see: https://prosody.im/doc/libevent --- use_libevent = true - --- Prosody will always look in its source directory for modules, but --- this option allows you to specify additional locations where Prosody --- will look for modules first. For community modules, see https://modules.prosody.im/ -plugin_paths = { "/var/lib/prosody/prosody-modules" } - --- This is the list of modules Prosody will load on startup. --- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. --- Documentation for bundled modules can be found at: https://prosody.im/doc/modules -modules_enabled = { - - -- Generally required - "roster"; -- Allow users to have a roster. Recommended ;) - "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. - "tls"; -- Add support for secure TLS on c2s/s2s connections - "dialback"; -- s2s dialback support - "disco"; -- Service discovery - - -- Not essential, but recommended - "carbons"; -- Keep multiple clients in sync - "pep"; -- Enables users to publish their mood, activity, playing music and more - "private"; -- Private XML storage (for room bookmarks, etc.) - "blocklist"; -- Allow users to block communications with other users - "vcard"; -- Allow users to set vCards - - -- Nice to have - "version"; -- Replies to server version requests - "uptime"; -- Report how long server has been running - "time"; -- Let others know the time here on this server - "ping"; -- Replies to XMPP pings with pongs - "register"; -- Allow users to register on this server using a client and change passwords - --"mam"; -- Store messages in an archive and allow users to access it - - -- Admin interfaces - "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands - --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 - - -- HTTP modules - --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" - --"websocket"; -- XMPP over WebSockets - --"http_files"; -- Serve static files from a directory over HTTP - - -- Other specific functionality - --"limits"; -- Enable bandwidth limiting for XMPP connections - --"groups"; -- Shared roster support - --"server_contact_info"; -- Publish contact information for this service - "announce"; -- Send announcement to all online users - --"welcome"; -- Welcome users who register accounts - --"watchregistrations"; -- Alert admins of registrations - --"motd"; -- Send a message to users when they log in - --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. - "proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use - "roster_allinall" -- add all users of the server to a users group, it's from the community modules -} - --- These modules are auto-loaded, but should you want --- to disable them then uncomment them here: -modules_disabled = { - -- "offline"; -- Store offline messages - -- "c2s"; -- Handle client connections - -- "s2s"; -- Handle server-to-server connections --- needs to be disabled so that prosody works inside docker - "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. -} - --- Disable account creation by default, for security --- For more information see https://prosody.im/doc/creating_accounts -allow_registration = false - --- Force clients to use encrypted connections? This option will --- prevent clients from authenticating unless they are using encryption. - -c2s_require_encryption = true - --- Force servers to use encrypted connections? This option will --- prevent servers from authenticating unless they are using encryption. --- Note that this is different from authentication - -s2s_require_encryption = true - - --- Force certificate authentication for server-to-server connections? --- This provides ideal security, but requires servers you communicate --- with to support encryption AND present valid, trusted certificates. --- NOTE: Your version of LuaSec must support certificate verification! --- For more information see https://prosody.im/doc/s2s#security - -s2s_secure_auth = false - --- Some servers have invalid or self-signed certificates. You can list --- remote domains here that will not be required to authenticate using --- certificates. They will be authenticated using DNS instead, even --- when s2s_secure_auth is enabled. - ---s2s_insecure_domains = { "insecure.example" } - --- Even if you leave s2s_secure_auth disabled, you can still require valid --- certificates for some domains by specifying a list here. - ---s2s_secure_domains = { "jabber.org" } - --- Select the authentication backend to use. The 'internal' providers --- use Prosody's configured data storage to store the authentication data. --- To allow Prosody to offer secure authentication mechanisms to clients, the --- default provider stores passwords in plaintext. If you do not trust your --- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed --- for information about using the hashed backend. - -authentication = "internal_hashed" - - --- Select the storage backend to use. By default Prosody uses flat files --- in its configured data directory, but it also supports more backends --- through modules. An "sql" backend is included by default, but requires --- additional dependencies. See https://prosody.im/doc/storage for more info. - ---storage = "sql" -- Default is "internal" - --- For the "sql" backend, you can uncomment *one* of the below to configure: ---sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. ---sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } ---sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } - - --- Archiving configuration --- If mod_mam is enabled, Prosody will store a copy of every message. This --- is used to synchronize conversations between multiple clients, even if --- they are offline. This setting controls how long Prosody will keep --- messages in the archive before removing them. - -archive_expires_after = "1w" -- Remove archived messages after 1 week - --- You can also configure messages to be stored in-memory only. For more --- archiving options, see https://prosody.im/doc/modules/mod_mam - --- Logging configuration --- For advanced logging see https://prosody.im/doc/logging -log = { - info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging - error = "/var/log/prosody/prosody.err"; - info = "*console"; -- Log to the console - -- "*console"; -- Log to the console, useful for debugging with daemonize=false - -- "*syslog"; -- Uncomment this for logging to syslog -} - --- Uncomment to enable statistics --- For more info see https://prosody.im/doc/statistics --- statistics = "internal" - --- Certificates --- Every virtual host and component needs a certificate so that clients and --- servers can securely verify its identity. Prosody will automatically load --- certificates/keys from the directory specified here. --- For more information, including how to use 'prosodyctl' to auto-import certificates --- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates - --- Location of directory to find certificates in (relative to main config file): -certificates = "certs" - ------------ Virtual hosts ----------- --- You need to add a VirtualHost entry for each domain you wish Prosody to serve. --- Settings under each VirtualHost entry apply *only* to that host. - -VirtualHost "jabber.warpzone.ms" - ---VirtualHost "example.com" --- certificate = "/path/to/example.crt" - ------- Components ------ --- You can specify components to add hosts that provide special services, --- like multi-user conferences, and transports. --- For more information on components, see https://prosody.im/doc/components - ---- Set up a MUC (multi-user chat) room server on conference.example.com: -Component "muc.jabber.warpzone.ms" "muc" - ---- Configure the proxy65 component which allows file transfers - Component "proxy.jabber.warpzone.ms" "proxy65" - ---- Configure where the groups are stated - groups_file = "/etc/prosody/groups.txt" - - ----Set up an external component (default component port is 5347) --- --- External components allow adding various services, such as gateways/ --- transports to other networks like ICQ, MSN and Yahoo. For more info --- see: https://prosody.im/doc/components#adding_an_external_component --- ---Component "gateway.example.com" --- component_secret = "password" -- GitLab