aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.psqlrc12
-rw-r--r--.zshrc6
-rwxr-xr-xdocker/docker_builders.sh25
-rwxr-xr-xdocker/mariadb.sh3
-rwxr-xr-xservices/docker/run4
-rw-r--r--stylus/geeks_for_geeks.css12
-rw-r--r--stylus/scribe_rip.css9
-rw-r--r--terminaldweller.com/doh/docker-compose.yaml39
-rw-r--r--terminaldweller.com/doh/nginx.conf37
-rw-r--r--terminaldweller.com/doh/unbound/doh.conf43
-rw-r--r--terminaldweller.com/doh/unbound/root-auto-trust-anchor-file.conf4
-rw-r--r--terminaldweller.com/haproxy/haproxy.cfg13
-rw-r--r--terminaldweller.com/irc-slack/Dockerfile17
-rw-r--r--terminaldweller.com/irc-slack/docker-compose.yaml18
-rw-r--r--terminaldweller.com/prosody/config/prosody.cfg.lua208
-rw-r--r--terminaldweller.com/prosody/docker-compose.yaml40
16 files changed, 225 insertions, 265 deletions
diff --git a/.psqlrc b/.psqlrc
index 415a184..d457d2a 100644
--- a/.psqlrc
+++ b/.psqlrc
@@ -1,9 +1,12 @@
\set QUIET 1
/* prompts */
-\set PROMPT1 '\x1b[38;5;34m%n\x1b[0m@\x1b[38;5;39m%M\x1b[0m:\x1b[38;5;37m%> \x1b[38;5;69m%`date +%H:%M:%S` \x1b[38;5;4m[%/] \x1b[38;5;31m%x\x1b[38;5;104m%#\x1b[38;5;34m%R\n\x1b[38;5;28m>>>\x1b[0m'
+/* \set PROMPT1 '\x1b[38;5;34m%n@\x1b[38;5;39m%M:\x1b[38;5;37m%> \x1b[38;5;69m%`date +%H:%M:%S` \x1b[38;5;4m[%/] \x1b[38;5;31m%x\x1b[38;5;104m%#\x1b[38;5;34m%R\n\x1b[38;5;28m>>>\x1b[38;5;255m' */
+/* \set PROMPT2 '... ' */
+/* \set PROMPT3 '\x1b[38;5;38m>>>\x1b[38;5;255m' */
+\set PROMPT1 '%n@%M:%> %`date +%H:%M:%S` [%/] %x%#%R\n>>>'
\set PROMPT2 '... '
-\set PROMPT3 '\x1b[38;5;38m>>>\x1b[0m'
+\set PROMPT3 '>>>'
\pset null '[null]'
\set COMP_KEYWORD_CASE upper
@@ -16,6 +19,7 @@
\set HISTFILE ~/.psql_history- :DBNAME
\set HISTCONTROL ignoredups
+
\set ON_ERROR_STOP on
\set ON_ERROR_ROLLBACK interactive
@@ -25,7 +29,7 @@
\pset unicode_column_linestyle single
\pset unicode_header_linestyle double
+\unset QUIET
+
\set version 'SELECT version();'
\set extensions 'select * from pg_available_extensions;'
-
-\unset QUIET
diff --git a/.zshrc b/.zshrc
index dfbc93e..6f59a09 100644
--- a/.zshrc
+++ b/.zshrc
@@ -108,6 +108,7 @@ alias vpn3="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh root@185.112.1
alias vpn6="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -p 3333 ubuntu@185.130.45.46"
alias vpn7="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -p 3333 ubuntu@185.130.47.81"
alias vpn8="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -p 3333 ubuntu@185.130.47.208"
+alias vpn9="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -tt -i ~/.ssh/id_rsa -p 3333 ubuntu@185.130.47.81 ssh -tt -i /home/ubuntu/.ssh/id_rsa_lv2 2a07:e01:3:1c4::1 -p 3333 -l ubuntu"
alias vms="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh 185.126.202.69 -l ubuntu -p 1022"
alias cloud_one="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh 130.185.121.80 -l ubuntu -p 1022"
alias pytags="ctags --fields=+l --languages=python --python-kinds=-iv -R ."
@@ -314,6 +315,7 @@ alias sensors_pp="sensors -A -j 2> /dev/null | json_pp -json_opt pretty,canonica
alias vdiff="vimdiff"
alias virt-top="/nix/store/gn20hprla1p86fkvml4c6im3839vmlzn-virt-top-1.1.1/bin/virt-top"
alias fox_in_a_box='ssh -X -i /home/devi/devi/vagrantboxes.git/main/dispffox/.vagrant/machines/default/libvirt/private_key vagrant@virt-dispffox.vagrant-libvirt "XAUTHORITY=/home/vagrant/.Xauthority firefox"'
+alias run_doh_client="sudo doh-client -d doh.terminaldweller.com -r 185.130.47.81:443 -p getnsrecord --proxy-host 127.0.0.1:9995 --proxy-scheme socks5h --timeout 10"
# change the 4th terminal color to #0000ff
# echo -e '\e]P40000ff'
@@ -357,6 +359,10 @@ docc() {
# cp ~/scripts/c/debug.dbg ./
}
+pfd() {
+ ps aux | grep -v grep | grep "$@"
+}
+
dockernuke() {
docker stop `docker ps -qa`
docker rm `docker ps -qa`
diff --git a/docker/docker_builders.sh b/docker/docker_builders.sh
index f791e6a..c524ec4 100755
--- a/docker/docker_builders.sh
+++ b/docker/docker_builders.sh
@@ -1,22 +1,25 @@
#!/bin/sh
+ALL_PROXY="socks5://127.0.0.1:9995"
SOCKS_4_PROXY="socks5://127.0.0.1:9995"
SOCKS_6_PROXY="socks5://[::1]:9993"
-NO_PROXY="localhost,127.0.0.0/8,192.168.0.0/16,::1"
+NO_PROXY="127.0.0.0/8,192.168.0.0/16,10.0.0.0/8,172.16.0.0/12"
# create the builders
-# --driver-opt env.no_proxy=${NO_PROXY} \
-docker buildx create \
- --driver-opt env.http_proxy=${SOCKS_6_PROXY} \
- --driver-opt env.https_proxy=${SOCKS_6_PROXY} \
- --name proxy_builder_6
-# --driver-opt env.no_proxy=${NO_PROXY} \
+# docker buildx create \
+# --driver-opt env.http_proxy=${SOCKS_4_PROXY} \
+# --driver-opt env.https_proxy=${SOCKS_4_PROXY} \
+# --driver-opt env.no_proxy=${NO_PROXY} \
+# --name proxy_builder
+
+# --driver-opt env.http_proxy="${SOCKS_4_PROXY}" \
+# --driver-opt env.https_proxy="${SOCKS_4_PROXY}" \
+# --driver-opt env.no_proxy="${NO_PROXY}" \
docker buildx create \
- --driver-opt env.http_proxy=${SOCKS_4_PROXY} \
- --driver-opt env.https_proxy=${SOCKS_4_PROXY} \
+ --driver-opt env.ALL_PROXY="${ALL_PROXY}" \
--name proxy_builder_4
-docker buildx create --name armbuilder
+# docker buildx create --name armbuilder_proxy
# choose one as default
-docker buildx use proxy_builder_6
+docker buildx use proxy_builder_4
diff --git a/docker/mariadb.sh b/docker/mariadb.sh
new file mode 100755
index 0000000..314cf0e
--- /dev/null
+++ b/docker/mariadb.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+docker run --detach -p 3306:3306 --env MARIADB_USER=devi --env MARIADB_PASSWORD=password --env MARIADB_ROOT_PASSWORD=password mariadb:10.9.4-jammy
diff --git a/services/docker/run b/services/docker/run
index 9f41200..05473df 100755
--- a/services/docker/run
+++ b/services/docker/run
@@ -5,5 +5,5 @@ mountpoint -q /sys/fs/cgroup/systemd || {
mkdir -p /sys/fs/cgroup/systemd;
mount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd;
}
-#exec env HTTP_PROXY="http://127.0.0.1:9999" chpst -o 1048576 -p 1048576 dockerd $OPTS 2>&1
-exec env NO_PROXY="localhost,127.0.0.1,192.168.1/24" HTTPS_PROXY="socks5://127.0.0.1:9995" HTTP_PROXY="socks5://127.0.0.1:9995" chpst -o 1048576 -p 1048576 dockerd $OPTS 2>&1
+#exec chpst -o 1048576 -p 1048576 dockerd $OPTS 2>&1
+exec env NO_PROXY="localhost,127.0.0.0/8,192.168.0.0/24,10.0.0.0/8,172.16.0.0/12" HTTPS_PROXY="socks5://127.0.0.1:9995" HTTP_PROXY="socks5://127.0.0.1:9995" chpst -o 1048576 -p 1048576 dockerd $OPTS 2>&1
diff --git a/stylus/geeks_for_geeks.css b/stylus/geeks_for_geeks.css
new file mode 100644
index 0000000..a099d40
--- /dev/null
+++ b/stylus/geeks_for_geeks.css
@@ -0,0 +1,12 @@
+@-moz-document domain("www.geeksforgeeks.org") {
+ #whatsNewCardContainer {
+ display: none;
+ max-width: 0%;
+ width: 0%;
+ }
+
+ .article--viewer {
+ max-width: 130%;
+ width: 130%;
+ }
+}
diff --git a/stylus/scribe_rip.css b/stylus/scribe_rip.css
new file mode 100644
index 0000000..d2b6c73
--- /dev/null
+++ b/stylus/scribe_rip.css
@@ -0,0 +1,9 @@
+@-moz-document domain("scribe.rip") {
+ img {
+ filter: sepia(1) brightness(0.5) contrast(1) saturate(0.6);
+ }
+
+ img:hover {
+ filter: none;
+ }
+}
diff --git a/terminaldweller.com/doh/docker-compose.yaml b/terminaldweller.com/doh/docker-compose.yaml
new file mode 100644
index 0000000..1b4f81c
--- /dev/null
+++ b/terminaldweller.com/doh/docker-compose.yaml
@@ -0,0 +1,39 @@
+version: "3"
+services:
+ doh-server:
+ image: satishweb/doh-server
+ networks:
+ - dohnet
+ ports:
+ - "127.0.0.1:8053:8053"
+ restart: unless-stopped
+ environment:
+ - DEBUG="0"
+ - UPSTREAM_DNS_SERVER=udp:208.67.222.222:53
+ - DOH_HTTP_PREFIX=/getnsrecord
+ - DOH_SERVER_LISTEN=:8053
+ - DOH_SERVER_TIMEOUT=10
+ - DOH_SERVER_TRIES=3
+ - DOH_SERVER_VERBOSE=true
+ depends_on:
+ - nginx
+ nginx:
+ image: nginx:stable
+ ports:
+ - "443:443"
+ networks:
+ - dohnet
+ restart: unless-stopped
+ cap_drop:
+ - ALL
+ cap_add:
+ - CHOWN
+ - DAC_OVERRIDE
+ - SETGID
+ - SETUID
+ - NET_BIND_SERVICE
+ volumes:
+ - ./nginx.conf:/etc/nginx/nginx.conf:ro
+ - /etc/letsencrypt/archive/doh.terminaldweller.com/:/certs/:ro
+networks:
+ dohnet:
diff --git a/terminaldweller.com/doh/nginx.conf b/terminaldweller.com/doh/nginx.conf
new file mode 100644
index 0000000..c398730
--- /dev/null
+++ b/terminaldweller.com/doh/nginx.conf
@@ -0,0 +1,37 @@
+events {
+ worker_connections 1024;
+}
+http {
+ include /etc/nginx/mime.types;
+ server_tokens off;
+ limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;
+ server {
+ listen 443 ssl http2;
+ keepalive_timeout 60;
+ charset utf-8;
+ ssl_certificate /certs/fullchain1.pem;
+ ssl_certificate_key /certs/privkey1.pem;
+ ssl_ciphers HIGH:!aNULL:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ ssl_protocols TLSv1.3;
+ ssl_session_cache shared:SSL:50m;
+ ssl_session_timeout 1d;
+ ssl_session_tickets off;
+ ssl_prefer_server_ciphers on;
+ tcp_nopush on;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+ add_header Content-Security-Policy "default-src 'self';";
+ add_header X-Frame-Options SAMEORIGIN always;
+ add_header X-XSS-Protection "1; mode=block" always;
+ add_header Referrer-Policy "no-referrer";
+ fastcgi_hide_header X-Powered-By;
+ ssl_stapling on;
+ ssl_stapling_verify on;
+ ssl_trusted_certificate /certs/cert1.pem;
+
+ error_page 401 403 404 /404.html;
+ location / {
+ proxy_pass http://doh-server:8053;
+ }
+ }
+}
diff --git a/terminaldweller.com/doh/unbound/doh.conf b/terminaldweller.com/doh/unbound/doh.conf
new file mode 100644
index 0000000..4e6e291
--- /dev/null
+++ b/terminaldweller.com/doh/unbound/doh.conf
@@ -0,0 +1,43 @@
+server:
+ interface: 0.0.0.0@443
+ tls-service-key: /etc/letsencrypt/archive/doh.terminaldweller.com/privkey1.pem
+ tls-service-pem: /etc/letsencrypt/archive/doh.terminaldweller.com/fullchain1.pem
+ tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+ https-port: 443
+ tls-port: 443
+ do-ip4: yes
+ do-ip6: yes
+ do-udp: yes
+ do-tcp: yes
+ prefer-ip6: no
+# auto-trust-anchor-file: "/var/lib/unbound/root.key"
+ qname-minimisation: yes
+ harden-glue: yes
+ harden-dnssec-stripped: yes
+ use-caps-for-id: no
+ edns-buffer-size: 1232
+ prefetch: yes
+ so-rcvbuf: 1m
+
+ private-address: 127.0.0.0/8
+ private-address: 192.168.0.0/16
+ private-address: 169.254.0.0/16
+ private-address: 172.16.0.0/12
+ private-address: 10.0.0.0/8
+ private-address: fd00::/8
+ private-address: fe80::/10
+
+ access-control: 0.0.0.0/0 allow_snoop
+
+forward-zone:
+ name: "."
+ forward-tls-upstream: yes
+ forward-addr: 9.9.9.9@853#dns.quad9.net
+ forward-addr: 149.112.112.112@853#dns.quad9.net
+ forward-addr: 1.1.1.1@853#cloudflare-dns.com
+ forward-addr: 1.0.0.1@853#cloudflare-dns.com
+
+ forward-addr: 2620:fe::fe@853#dns.quad9.net
+ forward-addr: 2620:fe::9@853#dns.quad9.net
+ forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
+ forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
diff --git a/terminaldweller.com/doh/unbound/root-auto-trust-anchor-file.conf b/terminaldweller.com/doh/unbound/root-auto-trust-anchor-file.conf
new file mode 100644
index 0000000..433eff9
--- /dev/null
+++ b/terminaldweller.com/doh/unbound/root-auto-trust-anchor-file.conf
@@ -0,0 +1,4 @@
+server:
+ # The following line will configure unbound to perform cryptographic
+ # DNSSEC validation using the root trust anchor.
+ auto-trust-anchor-file: "/var/lib/unbound/root.key"
diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg
index 26265ae..feee75c 100644
--- a/terminaldweller.com/haproxy/haproxy.cfg
+++ b/terminaldweller.com/haproxy/haproxy.cfg
@@ -47,6 +47,7 @@ frontend http
acl cargo-host hdr_sub(host) -i cargo.terminaldweller.com
acl browsh-host hdr_sub(host) -i browsh.terminaldweller.com
acl main-host hdr_sub(host) -i terminaldweller.com
+ acl doh2-host hdr_sub(shost) -i doh2.terminaldweller.com
acl mila-api-acl url_beg /mila
acl crypto-api-acl url_beg /crypto
acl http ssl_fc,not
@@ -67,6 +68,7 @@ frontend http
#http-request redirect scheme https code 301 if http jabber-host !letsencrypt-acl
http-request redirect scheme https code 301 if http rssgen-host !letsencrypt-acl
http-request redirect scheme https code 301 if http main-host !letsencrypt-acl
+ http-request redirect scheme https code 301 if http doh2-host !letsencrypt-acl
#Conditions
use_backend blog-backend-cert if letsencrypt-acl blog-host
@@ -82,6 +84,7 @@ frontend http
use_backend searx-backend-cert if letsencrypt-acl cargo-host
use_backend vpn6-cert-backend if letsencrypt-acl browsh-host
use_backend searx-backend-cert if letsencrypt-acl main-host
+ use_backend doh2-backend-cert if letsencrypt-acl doh2-host
# use_backend editor-backend-cert if letsencrypt-acl editor-host
use_backend certbot-backend if letsencrypt-acl !jabber-host !blog-host !api-host
use_backend blog-backend if blog-host
@@ -117,6 +120,7 @@ frontend https
acl rssgen-host-s req.ssl_sni -i rssgen.terminaldweller.com
acl browsh-host-s req.ssl_sni -i browsh.terminaldweller.com
acl main-host-s req.ssl_sni -i terminaldweller.com
+ acl doh2-host-s req.ssl_sni -i doh2.terminaldweller.com
#Conditions
use_backend mail-backend-s if mail-host-s
#use_backend chat-backend-s if chat-host-s
@@ -133,6 +137,7 @@ frontend https
use_backend rssgen-backend-s if rssgen-host-s
use_backend browsh-backend-s if browsh-host-s
use_backend main-backend-s if main-host-s
+ use_backend doh2-backend-s if doh2-host-s
#frontend jabber5222
# bind *:5222
@@ -403,3 +408,11 @@ backend main-backend-s
mode tcp
option tcp-check
server main-host-s 185.130.47.208:7773
+
+backend doh2-backend-cert
+ mode http
+ server doh2-backend-host 185.130.47.81:80
+backend doh2-backend-s
+ mode tcp
+ option tcp-check
+ server doh2-backend-s 185.130.47.81:443
diff --git a/terminaldweller.com/irc-slack/Dockerfile b/terminaldweller.com/irc-slack/Dockerfile
new file mode 100644
index 0000000..8222d8b
--- /dev/null
+++ b/terminaldweller.com/irc-slack/Dockerfile
@@ -0,0 +1,17 @@
+FROM alpine:3.15 as builder
+RUN apk update && apk upgrade
+RUN apk add go git make
+ENV GOPROXY=https://goproxy.io
+RUN git clone https://github.com/insomniacslk/irc-slack
+WORKDIR irc-slack
+RUN go mod download
+RUN cd /irc-slack/cmd/irc-slack && make
+
+FROM alpine:3.15 as certbuilder
+RUN apk add openssl
+WORKDIR /certs
+RUN openssl req -nodes -new -x509 -subj="/C=US/ST=Denial/L=springfield/O=Dis/CN=ircslack.terminaldweller.com" -keyout server.key -out server.cert
+
+FROM alpine:3.13
+COPY --from=certbuilder /certs /certs
+COPY --from=builder /irc-slack/cmd/irc-slack/irc-slack /irc-slack/
diff --git a/terminaldweller.com/irc-slack/docker-compose.yaml b/terminaldweller.com/irc-slack/docker-compose.yaml
new file mode 100644
index 0000000..f3ec3f0
--- /dev/null
+++ b/terminaldweller.com/irc-slack/docker-compose.yaml
@@ -0,0 +1,18 @@
+version: "3"
+services:
+ ircslack:
+ image: ircslack
+ build:
+ context: .
+ networks:
+ - ircslacknet
+ restart: unless-stopped
+ ports:
+ - "6667:6667"
+ entrypoint: ["/irc-slack/irc-slack"]
+ command: ["--port", "6667", "--host", "0.0.0.0", "--cert", "/certs/server.cert", "--key", "/certs/server.key"]
+ cap_drop:
+ - ALL
+networks:
+ ircslacknet:
+ driver: bridge
diff --git a/terminaldweller.com/prosody/config/prosody.cfg.lua b/terminaldweller.com/prosody/config/prosody.cfg.lua
deleted file mode 100644
index ba67de7..0000000
--- a/terminaldweller.com/prosody/config/prosody.cfg.lua
+++ /dev/null
@@ -1,208 +0,0 @@
-daemonize = false;
--- Prosody XMPP Server Configuration
---
--- Information on configuring Prosody can be found on our
--- website at https://prosody.im/doc/configure
---
--- Tip: You can check that the syntax of this file is correct
--- when you have finished by running this command:
--- prosodyctl check config
--- If there are any errors, it will let you know what and where
--- they are, otherwise it will keep quiet.
---
--- Good luck, and happy Jabbering!
-
----------- Server-wide settings ----------
--- Settings in this section apply to the whole server and are the default settings
--- for any virtual hosts
-
--- This is a (by default, empty) list of accounts that are admins
--- for the server. Note that you must create the accounts separately
--- (see https://prosody.im/doc/creating_accounts for info)
--- Example: admins = { "user1@example.com", "user2@example.net" }
-admins = {"devi@chat.terminaldweller.com"}
-
--- Enable use of libevent for better performance under high load
--- For more information see: https://prosody.im/doc/libevent
--- use_libevent = true
-
--- Prosody will always look in its source directory for modules, but
--- this option allows you to specify additional locations where Prosody
--- will look for modules first. For community modules, see https://modules.prosody.im/
--- plugin_paths = {}
-
--- This is the list of modules Prosody will load on startup.
--- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
--- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
-modules_enabled = {
-
- -- Generally required
- "roster", -- Allow users to have a roster. Recommended ;)
- "saslauth", -- Authentication for clients and servers. Recommended if you want to log in.
- "tls", -- Add support for secure TLS on c2s/s2s connections
- "dialback", -- s2s dialback support
- "disco", -- Service discovery
- -- Not essential, but recommended
- "carbons", -- Keep multiple clients in sync
- "pep", -- Enables users to publish their avatar, mood, activity, playing music and more
- "private", -- Private XML storage (for room bookmarks, etc.)
- "blocklist", -- Allow users to block communications with other users
- "vcard4", -- User profiles (stored in PEP)
- "vcard_legacy", -- Conversion between legacy vCard and PEP Avatar, vcard
- "limits", -- Enable bandwidth limiting for XMPP connections
- -- Nice to have
- "version", -- Replies to server version requests
- "uptime", -- Report how long server has been running
- "time", -- Let others know the time here on this server
- "ping", -- Replies to XMPP pings with pongs
- -- "register"; -- Allow users to register on this server using a client and change passwords
- -- "mam"; -- Store messages in an archive and allow users to access it
- -- "csi_simple"; -- Simple Mobile optimizations
- -- Admin interfaces
- "admin_adhoc", -- Allows administration via an XMPP client that supports ad-hoc commands
- -- "admin_telnet"; -- Opens telnet console interface on localhost port 5582
-
- -- HTTP modules
- "bosh" -- Enable BOSH clients, aka "Jabber over HTTP"
- -- "websocket"; -- XMPP over WebSockets
- -- "http_files"; -- Serve static files from a directory over HTTP
-
- -- Other specific functionality
- -- "groups"; -- Shared roster support
- -- "server_contact_info"; -- Publish contact information for this service
- -- "announce"; -- Send announcement to all online users
- -- "welcome"; -- Welcome users who register accounts
- -- "watchregistrations"; -- Alert admins of registrations
- -- "motd"; -- Send a message to users when they log in
- -- "legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
- -- "proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
-}
-
--- These modules are auto-loaded, but should you want
--- to disable them then uncomment them here:
-modules_disabled = {
- -- "offline"; -- Store offline messages
- "c2s" -- Handle client connections
- -- "s2s"; -- Handle server-to-server connections
- -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
-}
-
--- Disable account creation by default, for security
--- For more information see https://prosody.im/doc/creating_accounts
-allow_registration = false
-
--- Force clients to use encrypted connections? This option will
--- prevent clients from authenticating unless they are using encryption.
-
-c2s_require_encryption = true
-
--- Force servers to use encrypted connections? This option will
--- prevent servers from authenticating unless they are using encryption.
-
-s2s_require_encryption = true
-
--- Force certificate authentication for server-to-server connections?
-
-s2s_secure_auth = false
-
--- Some servers have invalid or self-signed certificates. You can list
--- remote domains here that will not be required to authenticate using
--- certificates. They will be authenticated using DNS instead, even
--- when s2s_secure_auth is enabled.
-
--- s2s_insecure_domains = { "insecure.example" }
-
--- Even if you disable s2s_secure_auth, you can still require valid
--- certificates for some domains by specifying a list here.
-
--- s2s_secure_domains = { "jabber.org" }
-
--- Enable rate limits for incoming client and server connections
-
-limits = {c2s = {rate = "10kb/s"}, s2sin = {rate = "30kb/s"}}
-
--- Required for init scripts and prosodyctl
-pidfile = "/var/run/prosody/prosody.pid"
-
--- Select the authentication backend to use. The 'internal' providers
--- use Prosody's configured data storage to store the authentication data.
-
-authentication = "internal_hashed"
-
--- Select the storage backend to use. By default Prosody uses flat files
--- in its configured data directory, but it also supports more backends
--- through modules. An "sql" backend is included by default, but requires
--- additional dependencies. See https://prosody.im/doc/storage for more info.
-
--- storage = "sql" -- Default is "internal"
-
--- For the "sql" backend, you can uncomment *one* of the below to configure:
--- sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
--- sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
--- sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
-
--- Archiving configuration
--- If mod_mam is enabled, Prosody will store a copy of every message. This
--- is used to synchronize conversations between multiple clients, even if
--- they are offline. This setting controls how long Prosody will keep
--- messages in the archive before removing them.
-
-archive_expires_after = "1w" -- Remove archived messages after 1 week
-
--- You can also configure messages to be stored in-memory only. For more
--- archiving options, see https://prosody.im/doc/modules/mod_mam
-
--- Logging configuration
--- For advanced logging see https://prosody.im/doc/logging
-log = {{levels = {min = "info"}, to = "console"}}
-
--- Uncomment to enable statistics
--- For more info see https://prosody.im/doc/statistics
--- statistics = "internal"
-
--- Certificates
--- Every virtual host and component needs a certificate so that clients and
--- servers can securely verify its identity. Prosody will automatically load
--- certificates/keys from the directory specified here.
--- For more information, including how to use 'prosodyctl' to auto-import certificates
--- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates
-
--- Location of directory to find certificates in (relative to main config file):
-certificates = "certs"
-
--- HTTPS currently only supports a single certificate, specify it here:
--- https_certificate = "/etc/prosody/certs/localhost.crt"
-
------------ Virtual hosts -----------
--- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
--- Settings under each VirtualHost entry apply *only* to that host.
-
-VirtualHost "chat.terminaldweller.com"
-enabled = true
-ssl = {
- key = "/etc/letsencrypt/live/chat.terminaldweller.com/privkey.pem",
- certificate = "/etc/letsencrypt/live/chat.terminaldweller.com/fullchain.pem"
-}
-
--- VirtualHost "example.com"
--- certificate = "/path/to/example.crt"
-
------- Components ------
--- You can specify components to add hosts that provide special services,
--- like multi-user conferences, and transports.
--- For more information on components, see https://prosody.im/doc/components
-
----Set up a MUC (multi-user chat) room server on conference.example.com:
-Component "conference.chat.terminaldweller.com" "muc"
-restrict_room_creationi = "admin"
---- Store MUC messages in an archive and allow users to access it
--- modules_enabled = { "muc_mam" }
-
----Set up an external component (default component port is 5347)
---
--- External components allow adding various services, such as gateways/
--- transports to other networks like ICQ, MSN and Yahoo. For more info
--- see: https://prosody.im/doc/components#adding_an_external_component
---
--- Component "gateway.example.com"
--- component_secret = "password"
diff --git a/terminaldweller.com/prosody/docker-compose.yaml b/terminaldweller.com/prosody/docker-compose.yaml
deleted file mode 100644
index 3641974..0000000
--- a/terminaldweller.com/prosody/docker-compose.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-version: "3.4"
-services:
- postgres:
- image: postgres:alpine3.14
- ports:
- "127.0.0.1:5432:5432"
- volumes:
- - postgresdata:/var/lib/postgresql/data/prosody
- networks:
- - xmppnet
- cap_drop:
- - ALL
- prosody:
- image: prosody/prosody:0.11.9
- restart: unless-stopped
- ports:
- - "5080:80/tcp"
- - "5222:5222/tcp"
- - "5280:5280/tcp"
- - "5281:5281/tcp"
- - "5347:5347/tcp"
- - "5582:5582/tcp"
- volumes:
- - ./config/prosody.cfg.lua:/etc/prosody:ro
- - ./log:/var/log/prosody
- - ./modules:/usr/lib/prosody-modules
- environment:
- - LOCAL=chat
- - DOMAIN=terminaldweller.com
- - PASSWORD=letstryxmpp
- networks:
- - xmppnet
- cap_add:
- cap_drop:
- - ALL
-networks:
- xmppnet:
- driver: bridge
-volumes:
- postgresdata: