feat: Create server/local/ and server/pod/

prose-im · May 30, 2024 · 1e6fe40 · 1e6fe40
1 parent 2f54c25
commit 1e6fe40
Show file tree

Hide file tree

Showing 15 changed files with 211 additions and 6 deletions.
diff --git a/compose.yaml b/compose.yaml
@@ -8,7 +8,7 @@ services:
       - ./database.db:/database.db
       - "${PROSE_CONFIG_FILE:-./Prose.toml}:/Prose.toml"
       - ./Rocket.toml:/Rocket.toml
-      - ./server/etc/prosody/:/etc/prosody/
+      - ./server/pod/etc/prosody/:/etc/prosody/
     networks:
       prose-network:
         aliases:
@@ -24,8 +24,8 @@ services:
       - "5280:5280"
       - "5582:5582"
     volumes:
-      - ./server/etc/prosody/:/etc/prosody/
-      - ./server/var/lib/prosody/:/var/lib/prosody/
+      - ./server/pod/etc/prosody/:/etc/prosody/
+      - ./server/pod/var/lib/prosody/:/var/lib/prosody/
     networks:
       prose-network:
         aliases:

diff --git a/server/etc/prosody/certs/prose.org.local.crt → ...cal/etc/prosody/certs/prose.org.local.crt b/server/etc/prosody/certs/prose.org.local.crt → ...cal/etc/prosody/certs/prose.org.local.crt
diff --git a/server/etc/prosody/certs/prose.org.local.key → ...cal/etc/prosody/certs/prose.org.local.key b/server/etc/prosody/certs/prose.org.local.key → ...cal/etc/prosody/certs/prose.org.local.key
diff --git a/server/local/etc/prosody/prosody.cfg.lua b/server/local/etc/prosody/prosody.cfg.lua
@@ -0,0 +1,149 @@
+-- Prose Pod Server
+-- XMPP Server Configuration
+-- /!\ This file has been automatically generated by Prose Pod API.
+-- /!\ Do NOT edit this file manually or your changes will be overriden during the next reload.
+
+-- Base server configuration
+pidfile = "/var/run/prosody/prosody.pid"
+
+authentication = "internal_hashed"
+storage = "internal"
+
+log = {
+  info = "*console";
+  warn = "*console";
+  error = "*console";
+}
+
+-- Network interfaces/ports
+interfaces = { "*" }
+c2s_ports = { 5222 }
+s2s_ports = { 5269 }
+http_ports = { 5280 }
+http_interfaces = { "*" }
+https_ports = {}
+https_interfaces = {}
+
+-- Modules
+modules_enabled = {
+  "auto_activate_hosts";
+  "roster";
+  "groups";
+  "saslauth";
+  "tls";
+  "dialback";
+  "disco";
+  "posix";
+  "smacks";
+  "private";
+  "vcard_legacy";
+  "vcard4";
+  "version";
+  "uptime";
+  "time";
+  "ping";
+  "lastactivity";
+  "pep";
+  "blocklist";
+  "limits";
+  "carbons";
+  "csi";
+  "server_contact_info";
+  "websocket";
+  "s2s_bidi";
+  "mam";
+}
+
+-- Path to SSL key and certificate for all server domains
+ssl = {
+  certificate = "/etc/prosody/certs/prose.org.local.crt";
+  key = "/etc/prosody/certs/prose.org.local.key";
+}
+
+-- Disable in-band registrations (done through the Prose Pod Dashboard/API)
+allow_registration = false
+
+-- Mandate highest security levels
+c2s_require_encryption = true
+s2s_require_encryption = true
+s2s_secure_auth = false
+
+-- Enforce safety C2S/S2S limits
+c2s_stanza_size_limit = 256 * 1024
+s2s_stanza_size_limit = 512 * 1024
+
+limits = {
+  c2s = {
+    rate = "50kb/s";
+    burst = "2s";
+  };
+  s2sin = {
+    rate = "250kb/s";
+    burst = "4s";
+  };
+}
+
+-- Allow reverse-proxying to WebSocket service over insecure local HTTP
+consider_websocket_secure = true
+
+-- Specify server administrator
+contact_info = {
+  admin = { "mailto:[email protected]" };
+}
+
+-- MAM settings
+archive_expires_after = "never"
+default_archive_policy = true
+max_archive_query_results = 100
+
+-- Enable vCard legacy compatibility layer
+upgrade_legacy_vcards = true
+
+-- Define server members groups file
+groups_file = "/etc/prosody/roster_groups.txt"
+
+-- Server hosts and components
+VirtualHost "prose.org.local"
+
+VirtualHost "admin.prose.org.local"
+  admins = { "[email protected]" }
+
+  -- Modules
+  modules_enabled = {
+    "admin_rest";
+    "init_admin";
+  }
+
+  -- HTTP settings
+  http_host = "prose-pod-server"
+  http_external_url = "http://prose-pod-server:5280"
+
+  -- mod_init_admin
+  init_admin_jid = "[email protected]"
+  init_admin_password_env_var_name = "PROSE_API__ADMIN_PASSWORD"
+
+Component "groups.prose.org.local" "muc"
+  name = "Chatrooms"
+
+  -- Modules
+  modules_enabled = { "muc_mam" }
+
+  -- MAM settings
+  max_archive_query_results = 100
+
+  restrict_room_creation = "local"
+
+  -- MUC settings
+  muc_log_all_rooms = true
+  muc_log_by_default = true
+  muc_log_expires_after = "never"
+
+Component "upload.prose.org.local" "http_file_share"
+  name = "HTTP File Upload"
+
+  -- HTTP settings
+  http_file_share_size_limit = 20 * 1024 * 1024
+  http_file_share_daily_quota = 250 * 1024 * 1024
+  http_file_share_expires_after = -1
+  http_host = "localhost"
+  http_external_url = "http://localhost:5280"
diff --git a/server/etc/prosody/roster_groups.txt → server/local/etc/prosody/roster_groups.txt b/server/etc/prosody/roster_groups.txt → server/local/etc/prosody/roster_groups.txt
diff --git a/server/var/lib/prosody/.gitignore → server/local/var/lib/prosody/.gitignore b/server/var/lib/prosody/.gitignore → server/local/var/lib/prosody/.gitignore
diff --git a/server/var/lib/prosody/.gitkeep → server/local/var/lib/prosody/.gitkeep b/server/var/lib/prosody/.gitkeep → server/local/var/lib/prosody/.gitkeep
diff --git a/server/etc/prosody/.gitignore → server/pod/etc/prosody/.gitignore b/server/etc/prosody/.gitignore → server/pod/etc/prosody/.gitignore
diff --git a/server/pod/etc/prosody/certs/prose.org.local.crt b/server/pod/etc/prosody/certs/prose.org.local.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDODCCAiCgAwIBAgIUQkWuYaIDeLcCI+2BH7JZ4drARyQwDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPcHJvc2Uub3JnLmxvY2FsMB4XDTIzMTIxNTE4NDUyNloX
+DTMzMTIxMjE4NDUyNlowGjEYMBYGA1UEAwwPcHJvc2Uub3JnLmxvY2FsMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3IZwR/zrVK7jMwX47dz23GDlA//s
+1KSywpgSanyll2UP1Z6VsSNFwKPD8hR1JChjK3C8x9IzNe4O0/MGQK5rWYHmCaj7
+QvINIAg/G8Op0g5Daa1CcGtxXKWpCTgBienyEbZTyyeflex8ugck/IiZYh+w74eI
+peh5Iu3JN56qZ2047CsG0QN0Cg727ZDgkztXe+IEtRSO0Cwtdh7AxXgfx4tHzn9i
+hM/O3xbHoBm/H8edxsNeXsHcbDML+NMnIhGIgEoUH0SccQtZeaqWn6vAwnXl5Es2
+DlnRy7pEi+7PMrYfBkjkiJtCcsexfL/FhP06HRdDvVQjx0FE7v9igRxwwQIDAQAB
+o3YwdDAdBgNVHQ4EFgQUuRnlG4tpd6Oxp+hHCUqLrm3av3wwHwYDVR0jBBgwFoAU
+uRnlG4tpd6Oxp+hHCUqLrm3av3wwDwYDVR0TAQH/BAUwAwEB/zAhBgNVHREEGjAY
+ghZncm91cHMucHJvc2Uub3JnLmxvY2FsMA0GCSqGSIb3DQEBCwUAA4IBAQBBInNO
+LQS1IIY28ymaTfYoInsU3U3wV/sxZ32DkWE1J/995rTZgJ7y0duf2JN1ju72Z0ze
+dVUeZFzq8aMY+Cc1rrCde/0UWoaFNSPR5ly/aoWbXP/2teo0AUZ9gAbsQJa/oEZT
+J71w/aad+kjNH9Qw+bviNC/JvDyqqujnwLaOgCRV9QNVfMR1XHfpr1gWAo8nuieW
+xOb2oh2cmP6LpkcInxbZktFR0VmUHhnS1eaHLVOjak2Jikgk9bXDB/09aQrwtUCi
+5PIQOotH80tfUNKiKjSeN6Dxj2/IA8INAQvcY4wxlKfvc6r1K0D6ZsATp65qtaP2
+VRBRu5F6Ig4Mp/1v
+-----END CERTIFICATE-----
diff --git a/server/pod/etc/prosody/certs/prose.org.local.key b/server/pod/etc/prosody/certs/prose.org.local.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDchnBH/OtUruMz
+Bfjt3PbcYOUD/+zUpLLCmBJqfKWXZQ/VnpWxI0XAo8PyFHUkKGMrcLzH0jM17g7T
+8wZArmtZgeYJqPtC8g0gCD8bw6nSDkNprUJwa3FcpakJOAGJ6fIRtlPLJ5+V7Hy6
+ByT8iJliH7Dvh4il6Hki7ck3nqpnbTjsKwbRA3QKDvbtkOCTO1d74gS1FI7QLC12
+HsDFeB/Hi0fOf2KEz87fFsegGb8fx53Gw15ewdxsMwv40yciEYiAShQfRJxxC1l5
+qpafq8DCdeXkSzYOWdHLukSL7s8yth8GSOSIm0Jyx7F8v8WE/TodF0O9VCPHQUTu
+/2KBHHDBAgMBAAECggEAFs46Z19zENdjPKAV/bdXujO1C2RYoCcGK5Shduy8DTuQ
+1yUm0uJUcNceyPavpJUeqFvo0ftde2rKksWztFW1WVTTLtWQYnx4ugLQT/U8pzH9
+a7zUvZ6G4y9om0D0+8e7VnSWFtDaspz5yx05CHqx7hFb8XGBQrMXb/LKV9urQLW8
+Qq5oCuHow9akn70WiaFOFk3tXTItooUF6DXYl81lIYynQAHsbWB8f7UXe4M4k7az
+LDhRh8C9DuqcygNuyokQ6YhAfXoO7BVnglfjQLxa+qWwxcF0vArdz/bxcdKjJIad
+MYvCUOuqr5D75QeiNH9jbniv7qOhL7C8WKRFUFuLiQKBgQDxAivTkRhFeHdNw+A7
+m7XgnS4k43DzS9gvvf7WWoOkqqz0ru7yvaCNrzym4OvLKKpzoD4bpNpbEXcmgWVg
+l6f7XoRl3HyKQU76pueKOTwe0VYFxYp6JVALWjU7xdbE0xNTCC7LdhtS2DW6MS21
+rE0cBGafWUmQBnkkIVu0f69I3QKBgQDqPhcLdv38n+4t13PIgIuc688aAIgPJgYz
+zMuY1+2DtT+/EditmXvSwMerSmsfFaRkkWWZJVsJx/uvgSC6XEKhEmSMjz/LGBja
+C5MwCIywp2zDdAO98zbEZChYWXVbjvRgTGe5hWcnSjQpHbICF6tXkmfqbTyJiuJN
+gtioG7iXNQKBgFrunciSaxzzCdh+eiEja+kWhO2IHvq8+BFzVy5bMmYzu1QKmL9f
+iq9KmdDA9lZNvponsKdPeM95dIJDuhNKxSeTjtK78QVdBMaPqLa/R469Hv7IfKn/
+YAcYfxNRXuoeVaEzaix8IG0OhJ7+pSdxnhpfErU2xAmiV5ypNWeR8XnFAoGBANqH
+xI4QnBGTzuv7hew3aIikQhk7B7RCQCURWZwlTlPCw07pQmFqwGc1LNIz4k4krbKZ
+JtTCUfWFGdx5NmRGcG6+rwmnFtfNilnZ1J5KS57/A2wxDtCmV6DO5AjQpLkfXAN/
+JIGi4EJ6asE1D/39wP84+jNtZ73V0RyJBsGG4yZFAoGAIa42BCV5yhKim9JWu2ic
+2xbNbt+vIfR3PgIX9Q2+LPCEQZ/fVT9UfHAslT9bQvJpQSol5IxV/VOpipMW4eVD
+jiHpqLfj8aYCza0XQLliCBWvTUgPRJHOlBOcHd+FAdiOW2/jglRHQK9lHhgoY327
+kMKea6MXLOC6HRVwzmo/l5U=
+-----END PRIVATE KEY-----
diff --git a/server/etc/prosody/prosody.cfg.lua.initial → ...r/pod/etc/prosody/prosody.cfg.lua.initial b/server/etc/prosody/prosody.cfg.lua.initial → ...r/pod/etc/prosody/prosody.cfg.lua.initial
diff --git a/server/pod/etc/prosody/roster_groups.txt b/server/pod/etc/prosody/roster_groups.txt
@@ -0,0 +1,5 @@
+[Team]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
diff --git a/server/pod/var/lib/prosody/.gitignore b/server/pod/var/lib/prosody/.gitignore
@@ -0,0 +1,3 @@
+*
+!.gitignore
+!.gitkeep
diff --git a/server/pod/var/lib/prosody/.gitkeep b/server/pod/var/lib/prosody/.gitkeep
diff --git a/tools/bootstrap.sh b/tools/bootstrap.sh
@@ -16,16 +16,16 @@ fi
 
 rc=0
 
-if [ "$environment" = "local" ]; then
+if [ -d "$ABSPATH/server/$environment" ]; then
   echo "[$environment] 🚀 Bootstrapping Prose server..."
 
   # Bootstrap local Prose server
   docker run --rm \
     -p 5222:5222 \
     -p 5269:5269 \
     -p 5280:5280 \
-    -v "$ABSPATH/server/etc/prosody/:/etc/prosody/" \
-    -v "$ABSPATH/server/var/lib/prosody/:/var/lib/prosody/" \
+    -v "$ABSPATH/server/$environment/etc/prosody/:/etc/prosody/" \
+    -v "$ABSPATH/server/$environment/var/lib/prosody/:/var/lib/prosody/" \
     proseim/prose-pod-server
   rc=$?