From 9f174dea7865c9b2aa9228fc26f8dc9c4895ac74 Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Wed, 21 Dec 2022 17:13:25 +0330 Subject: update --- .psqlrc | 12 +- .zshrc | 6 + docker/docker_builders.sh | 25 +-- docker/mariadb.sh | 3 + services/docker/run | 4 +- stylus/geeks_for_geeks.css | 12 ++ stylus/scribe_rip.css | 9 + terminaldweller.com/doh/docker-compose.yaml | 39 ++++ terminaldweller.com/doh/nginx.conf | 37 ++++ terminaldweller.com/doh/unbound/doh.conf | 43 +++++ .../doh/unbound/root-auto-trust-anchor-file.conf | 4 + terminaldweller.com/haproxy/haproxy.cfg | 13 ++ terminaldweller.com/irc-slack/Dockerfile | 17 ++ terminaldweller.com/irc-slack/docker-compose.yaml | 18 ++ terminaldweller.com/prosody/config/prosody.cfg.lua | 208 --------------------- terminaldweller.com/prosody/docker-compose.yaml | 40 ---- 16 files changed, 225 insertions(+), 265 deletions(-) create mode 100755 docker/mariadb.sh create mode 100644 stylus/geeks_for_geeks.css create mode 100644 stylus/scribe_rip.css create mode 100644 terminaldweller.com/doh/docker-compose.yaml create mode 100644 terminaldweller.com/doh/nginx.conf create mode 100644 terminaldweller.com/doh/unbound/doh.conf create mode 100644 terminaldweller.com/doh/unbound/root-auto-trust-anchor-file.conf create mode 100644 terminaldweller.com/irc-slack/Dockerfile create mode 100644 terminaldweller.com/irc-slack/docker-compose.yaml delete mode 100644 terminaldweller.com/prosody/config/prosody.cfg.lua delete mode 100644 terminaldweller.com/prosody/docker-compose.yaml diff --git a/.psqlrc b/.psqlrc index 415a184..d457d2a 100644 --- a/.psqlrc +++ b/.psqlrc @@ -1,9 +1,12 @@ \set QUIET 1 /* prompts */ -\set PROMPT1 '\x1b[38;5;34m%n\x1b[0m@\x1b[38;5;39m%M\x1b[0m:\x1b[38;5;37m%> \x1b[38;5;69m%`date +%H:%M:%S` \x1b[38;5;4m[%/] \x1b[38;5;31m%x\x1b[38;5;104m%#\x1b[38;5;34m%R\n\x1b[38;5;28m>>>\x1b[0m' +/* \set PROMPT1 '\x1b[38;5;34m%n@\x1b[38;5;39m%M:\x1b[38;5;37m%> \x1b[38;5;69m%`date +%H:%M:%S` \x1b[38;5;4m[%/] \x1b[38;5;31m%x\x1b[38;5;104m%#\x1b[38;5;34m%R\n\x1b[38;5;28m>>>\x1b[38;5;255m' */ +/* \set PROMPT2 '... ' */ +/* \set PROMPT3 '\x1b[38;5;38m>>>\x1b[38;5;255m' */ +\set PROMPT1 '%n@%M:%> %`date +%H:%M:%S` [%/] %x%#%R\n>>>' \set PROMPT2 '... ' -\set PROMPT3 '\x1b[38;5;38m>>>\x1b[0m' +\set PROMPT3 '>>>' \pset null '[null]' \set COMP_KEYWORD_CASE upper @@ -16,6 +19,7 @@ \set HISTFILE ~/.psql_history- :DBNAME \set HISTCONTROL ignoredups + \set ON_ERROR_STOP on \set ON_ERROR_ROLLBACK interactive @@ -25,7 +29,7 @@ \pset unicode_column_linestyle single \pset unicode_header_linestyle double +\unset QUIET + \set version 'SELECT version();' \set extensions 'select * from pg_available_extensions;' - -\unset QUIET diff --git a/.zshrc b/.zshrc index dfbc93e..6f59a09 100644 --- a/.zshrc +++ b/.zshrc @@ -108,6 +108,7 @@ alias vpn3="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh root@185.112.1 alias vpn6="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -p 3333 ubuntu@185.130.45.46" alias vpn7="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -p 3333 ubuntu@185.130.47.81" alias vpn8="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -p 3333 ubuntu@185.130.47.208" +alias vpn9="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh -tt -i ~/.ssh/id_rsa -p 3333 ubuntu@185.130.47.81 ssh -tt -i /home/ubuntu/.ssh/id_rsa_lv2 2a07:e01:3:1c4::1 -p 3333 -l ubuntu" alias vms="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh 185.126.202.69 -l ubuntu -p 1022" alias cloud_one="proxychains4 -q -f ~/proxies/ice/proxychains.conf ssh 130.185.121.80 -l ubuntu -p 1022" alias pytags="ctags --fields=+l --languages=python --python-kinds=-iv -R ." @@ -314,6 +315,7 @@ alias sensors_pp="sensors -A -j 2> /dev/null | json_pp -json_opt pretty,canonica alias vdiff="vimdiff" alias virt-top="/nix/store/gn20hprla1p86fkvml4c6im3839vmlzn-virt-top-1.1.1/bin/virt-top" alias fox_in_a_box='ssh -X -i /home/devi/devi/vagrantboxes.git/main/dispffox/.vagrant/machines/default/libvirt/private_key vagrant@virt-dispffox.vagrant-libvirt "XAUTHORITY=/home/vagrant/.Xauthority firefox"' +alias run_doh_client="sudo doh-client -d doh.terminaldweller.com -r 185.130.47.81:443 -p getnsrecord --proxy-host 127.0.0.1:9995 --proxy-scheme socks5h --timeout 10" # change the 4th terminal color to #0000ff # echo -e '\e]P40000ff' @@ -357,6 +359,10 @@ docc() { # cp ~/scripts/c/debug.dbg ./ } +pfd() { + ps aux | grep -v grep | grep "$@" +} + dockernuke() { docker stop `docker ps -qa` docker rm `docker ps -qa` diff --git a/docker/docker_builders.sh b/docker/docker_builders.sh index f791e6a..c524ec4 100755 --- a/docker/docker_builders.sh +++ b/docker/docker_builders.sh @@ -1,22 +1,25 @@ #!/bin/sh +ALL_PROXY="socks5://127.0.0.1:9995" SOCKS_4_PROXY="socks5://127.0.0.1:9995" SOCKS_6_PROXY="socks5://[::1]:9993" -NO_PROXY="localhost,127.0.0.0/8,192.168.0.0/16,::1" +NO_PROXY="127.0.0.0/8,192.168.0.0/16,10.0.0.0/8,172.16.0.0/12" # create the builders -# --driver-opt env.no_proxy=${NO_PROXY} \ -docker buildx create \ - --driver-opt env.http_proxy=${SOCKS_6_PROXY} \ - --driver-opt env.https_proxy=${SOCKS_6_PROXY} \ - --name proxy_builder_6 -# --driver-opt env.no_proxy=${NO_PROXY} \ +# docker buildx create \ +# --driver-opt env.http_proxy=${SOCKS_4_PROXY} \ +# --driver-opt env.https_proxy=${SOCKS_4_PROXY} \ +# --driver-opt env.no_proxy=${NO_PROXY} \ +# --name proxy_builder + +# --driver-opt env.http_proxy="${SOCKS_4_PROXY}" \ +# --driver-opt env.https_proxy="${SOCKS_4_PROXY}" \ +# --driver-opt env.no_proxy="${NO_PROXY}" \ docker buildx create \ - --driver-opt env.http_proxy=${SOCKS_4_PROXY} \ - --driver-opt env.https_proxy=${SOCKS_4_PROXY} \ + --driver-opt env.ALL_PROXY="${ALL_PROXY}" \ --name proxy_builder_4 -docker buildx create --name armbuilder +# docker buildx create --name armbuilder_proxy # choose one as default -docker buildx use proxy_builder_6 +docker buildx use proxy_builder_4 diff --git a/docker/mariadb.sh b/docker/mariadb.sh new file mode 100755 index 0000000..314cf0e --- /dev/null +++ b/docker/mariadb.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env sh + +docker run --detach -p 3306:3306 --env MARIADB_USER=devi --env MARIADB_PASSWORD=password --env MARIADB_ROOT_PASSWORD=password mariadb:10.9.4-jammy diff --git a/services/docker/run b/services/docker/run index 9f41200..05473df 100755 --- a/services/docker/run +++ b/services/docker/run @@ -5,5 +5,5 @@ mountpoint -q /sys/fs/cgroup/systemd || { mkdir -p /sys/fs/cgroup/systemd; mount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd; } -#exec env HTTP_PROXY="http://127.0.0.1:9999" chpst -o 1048576 -p 1048576 dockerd $OPTS 2>&1 -exec env NO_PROXY="localhost,127.0.0.1,192.168.1/24" HTTPS_PROXY="socks5://127.0.0.1:9995" HTTP_PROXY="socks5://127.0.0.1:9995" chpst -o 1048576 -p 1048576 dockerd $OPTS 2>&1 +#exec chpst -o 1048576 -p 1048576 dockerd $OPTS 2>&1 +exec env NO_PROXY="localhost,127.0.0.0/8,192.168.0.0/24,10.0.0.0/8,172.16.0.0/12" HTTPS_PROXY="socks5://127.0.0.1:9995" HTTP_PROXY="socks5://127.0.0.1:9995" chpst -o 1048576 -p 1048576 dockerd $OPTS 2>&1 diff --git a/stylus/geeks_for_geeks.css b/stylus/geeks_for_geeks.css new file mode 100644 index 0000000..a099d40 --- /dev/null +++ b/stylus/geeks_for_geeks.css @@ -0,0 +1,12 @@ +@-moz-document domain("www.geeksforgeeks.org") { + #whatsNewCardContainer { + display: none; + max-width: 0%; + width: 0%; + } + + .article--viewer { + max-width: 130%; + width: 130%; + } +} diff --git a/stylus/scribe_rip.css b/stylus/scribe_rip.css new file mode 100644 index 0000000..d2b6c73 --- /dev/null +++ b/stylus/scribe_rip.css @@ -0,0 +1,9 @@ +@-moz-document domain("scribe.rip") { + img { + filter: sepia(1) brightness(0.5) contrast(1) saturate(0.6); + } + + img:hover { + filter: none; + } +} diff --git a/terminaldweller.com/doh/docker-compose.yaml b/terminaldweller.com/doh/docker-compose.yaml new file mode 100644 index 0000000..1b4f81c --- /dev/null +++ b/terminaldweller.com/doh/docker-compose.yaml @@ -0,0 +1,39 @@ +version: "3" +services: + doh-server: + image: satishweb/doh-server + networks: + - dohnet + ports: + - "127.0.0.1:8053:8053" + restart: unless-stopped + environment: + - DEBUG="0" + - UPSTREAM_DNS_SERVER=udp:208.67.222.222:53 + - DOH_HTTP_PREFIX=/getnsrecord + - DOH_SERVER_LISTEN=:8053 + - DOH_SERVER_TIMEOUT=10 + - DOH_SERVER_TRIES=3 + - DOH_SERVER_VERBOSE=true + depends_on: + - nginx + nginx: + image: nginx:stable + ports: + - "443:443" + networks: + - dohnet + restart: unless-stopped + cap_drop: + - ALL + cap_add: + - CHOWN + - DAC_OVERRIDE + - SETGID + - SETUID + - NET_BIND_SERVICE + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf:ro + - /etc/letsencrypt/archive/doh.terminaldweller.com/:/certs/:ro +networks: + dohnet: diff --git a/terminaldweller.com/doh/nginx.conf b/terminaldweller.com/doh/nginx.conf new file mode 100644 index 0000000..c398730 --- /dev/null +++ b/terminaldweller.com/doh/nginx.conf @@ -0,0 +1,37 @@ +events { + worker_connections 1024; +} +http { + include /etc/nginx/mime.types; + server_tokens off; + limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m; + server { + listen 443 ssl http2; + keepalive_timeout 60; + charset utf-8; + ssl_certificate /certs/fullchain1.pem; + ssl_certificate_key /certs/privkey1.pem; + ssl_ciphers HIGH:!aNULL:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_protocols TLSv1.3; + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 1d; + ssl_session_tickets off; + ssl_prefer_server_ciphers on; + tcp_nopush on; + add_header X-Content-Type-Options "nosniff" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header Content-Security-Policy "default-src 'self';"; + add_header X-Frame-Options SAMEORIGIN always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "no-referrer"; + fastcgi_hide_header X-Powered-By; + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /certs/cert1.pem; + + error_page 401 403 404 /404.html; + location / { + proxy_pass http://doh-server:8053; + } + } +} diff --git a/terminaldweller.com/doh/unbound/doh.conf b/terminaldweller.com/doh/unbound/doh.conf new file mode 100644 index 0000000..4e6e291 --- /dev/null +++ b/terminaldweller.com/doh/unbound/doh.conf @@ -0,0 +1,43 @@ +server: + interface: 0.0.0.0@443 + tls-service-key: /etc/letsencrypt/archive/doh.terminaldweller.com/privkey1.pem + tls-service-pem: /etc/letsencrypt/archive/doh.terminaldweller.com/fullchain1.pem + tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt + https-port: 443 + tls-port: 443 + do-ip4: yes + do-ip6: yes + do-udp: yes + do-tcp: yes + prefer-ip6: no +# auto-trust-anchor-file: "/var/lib/unbound/root.key" + qname-minimisation: yes + harden-glue: yes + harden-dnssec-stripped: yes + use-caps-for-id: no + edns-buffer-size: 1232 + prefetch: yes + so-rcvbuf: 1m + + private-address: 127.0.0.0/8 + private-address: 192.168.0.0/16 + private-address: 169.254.0.0/16 + private-address: 172.16.0.0/12 + private-address: 10.0.0.0/8 + private-address: fd00::/8 + private-address: fe80::/10 + + access-control: 0.0.0.0/0 allow_snoop + +forward-zone: + name: "." + forward-tls-upstream: yes + forward-addr: 9.9.9.9@853#dns.quad9.net + forward-addr: 149.112.112.112@853#dns.quad9.net + forward-addr: 1.1.1.1@853#cloudflare-dns.com + forward-addr: 1.0.0.1@853#cloudflare-dns.com + + forward-addr: 2620:fe::fe@853#dns.quad9.net + forward-addr: 2620:fe::9@853#dns.quad9.net + forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com + forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com diff --git a/terminaldweller.com/doh/unbound/root-auto-trust-anchor-file.conf b/terminaldweller.com/doh/unbound/root-auto-trust-anchor-file.conf new file mode 100644 index 0000000..433eff9 --- /dev/null +++ b/terminaldweller.com/doh/unbound/root-auto-trust-anchor-file.conf @@ -0,0 +1,4 @@ +server: + # The following line will configure unbound to perform cryptographic + # DNSSEC validation using the root trust anchor. + auto-trust-anchor-file: "/var/lib/unbound/root.key" diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg index 26265ae..feee75c 100644 --- a/terminaldweller.com/haproxy/haproxy.cfg +++ b/terminaldweller.com/haproxy/haproxy.cfg @@ -47,6 +47,7 @@ frontend http acl cargo-host hdr_sub(host) -i cargo.terminaldweller.com acl browsh-host hdr_sub(host) -i browsh.terminaldweller.com acl main-host hdr_sub(host) -i terminaldweller.com + acl doh2-host hdr_sub(shost) -i doh2.terminaldweller.com acl mila-api-acl url_beg /mila acl crypto-api-acl url_beg /crypto acl http ssl_fc,not @@ -67,6 +68,7 @@ frontend http #http-request redirect scheme https code 301 if http jabber-host !letsencrypt-acl http-request redirect scheme https code 301 if http rssgen-host !letsencrypt-acl http-request redirect scheme https code 301 if http main-host !letsencrypt-acl + http-request redirect scheme https code 301 if http doh2-host !letsencrypt-acl #Conditions use_backend blog-backend-cert if letsencrypt-acl blog-host @@ -82,6 +84,7 @@ frontend http use_backend searx-backend-cert if letsencrypt-acl cargo-host use_backend vpn6-cert-backend if letsencrypt-acl browsh-host use_backend searx-backend-cert if letsencrypt-acl main-host + use_backend doh2-backend-cert if letsencrypt-acl doh2-host # use_backend editor-backend-cert if letsencrypt-acl editor-host use_backend certbot-backend if letsencrypt-acl !jabber-host !blog-host !api-host use_backend blog-backend if blog-host @@ -117,6 +120,7 @@ frontend https acl rssgen-host-s req.ssl_sni -i rssgen.terminaldweller.com acl browsh-host-s req.ssl_sni -i browsh.terminaldweller.com acl main-host-s req.ssl_sni -i terminaldweller.com + acl doh2-host-s req.ssl_sni -i doh2.terminaldweller.com #Conditions use_backend mail-backend-s if mail-host-s #use_backend chat-backend-s if chat-host-s @@ -133,6 +137,7 @@ frontend https use_backend rssgen-backend-s if rssgen-host-s use_backend browsh-backend-s if browsh-host-s use_backend main-backend-s if main-host-s + use_backend doh2-backend-s if doh2-host-s #frontend jabber5222 # bind *:5222 @@ -403,3 +408,11 @@ backend main-backend-s mode tcp option tcp-check server main-host-s 185.130.47.208:7773 + +backend doh2-backend-cert + mode http + server doh2-backend-host 185.130.47.81:80 +backend doh2-backend-s + mode tcp + option tcp-check + server doh2-backend-s 185.130.47.81:443 diff --git a/terminaldweller.com/irc-slack/Dockerfile b/terminaldweller.com/irc-slack/Dockerfile new file mode 100644 index 0000000..8222d8b --- /dev/null +++ b/terminaldweller.com/irc-slack/Dockerfile @@ -0,0 +1,17 @@ +FROM alpine:3.15 as builder +RUN apk update && apk upgrade +RUN apk add go git make +ENV GOPROXY=https://goproxy.io +RUN git clone https://github.com/insomniacslk/irc-slack +WORKDIR irc-slack +RUN go mod download +RUN cd /irc-slack/cmd/irc-slack && make + +FROM alpine:3.15 as certbuilder +RUN apk add openssl +WORKDIR /certs +RUN openssl req -nodes -new -x509 -subj="/C=US/ST=Denial/L=springfield/O=Dis/CN=ircslack.terminaldweller.com" -keyout server.key -out server.cert + +FROM alpine:3.13 +COPY --from=certbuilder /certs /certs +COPY --from=builder /irc-slack/cmd/irc-slack/irc-slack /irc-slack/ diff --git a/terminaldweller.com/irc-slack/docker-compose.yaml b/terminaldweller.com/irc-slack/docker-compose.yaml new file mode 100644 index 0000000..f3ec3f0 --- /dev/null +++ b/terminaldweller.com/irc-slack/docker-compose.yaml @@ -0,0 +1,18 @@ +version: "3" +services: + ircslack: + image: ircslack + build: + context: . + networks: + - ircslacknet + restart: unless-stopped + ports: + - "6667:6667" + entrypoint: ["/irc-slack/irc-slack"] + command: ["--port", "6667", "--host", "0.0.0.0", "--cert", "/certs/server.cert", "--key", "/certs/server.key"] + cap_drop: + - ALL +networks: + ircslacknet: + driver: bridge diff --git a/terminaldweller.com/prosody/config/prosody.cfg.lua b/terminaldweller.com/prosody/config/prosody.cfg.lua deleted file mode 100644 index ba67de7..0000000 --- a/terminaldweller.com/prosody/config/prosody.cfg.lua +++ /dev/null @@ -1,208 +0,0 @@ -daemonize = false; --- Prosody XMPP Server Configuration --- --- Information on configuring Prosody can be found on our --- website at https://prosody.im/doc/configure --- --- Tip: You can check that the syntax of this file is correct --- when you have finished by running this command: --- prosodyctl check config --- If there are any errors, it will let you know what and where --- they are, otherwise it will keep quiet. --- --- Good luck, and happy Jabbering! - ----------- Server-wide settings ---------- --- Settings in this section apply to the whole server and are the default settings --- for any virtual hosts - --- This is a (by default, empty) list of accounts that are admins --- for the server. Note that you must create the accounts separately --- (see https://prosody.im/doc/creating_accounts for info) --- Example: admins = { "user1@example.com", "user2@example.net" } -admins = {"devi@chat.terminaldweller.com"} - --- Enable use of libevent for better performance under high load --- For more information see: https://prosody.im/doc/libevent --- use_libevent = true - --- Prosody will always look in its source directory for modules, but --- this option allows you to specify additional locations where Prosody --- will look for modules first. For community modules, see https://modules.prosody.im/ --- plugin_paths = {} - --- This is the list of modules Prosody will load on startup. --- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. --- Documentation for bundled modules can be found at: https://prosody.im/doc/modules -modules_enabled = { - - -- Generally required - "roster", -- Allow users to have a roster. Recommended ;) - "saslauth", -- Authentication for clients and servers. Recommended if you want to log in. - "tls", -- Add support for secure TLS on c2s/s2s connections - "dialback", -- s2s dialback support - "disco", -- Service discovery - -- Not essential, but recommended - "carbons", -- Keep multiple clients in sync - "pep", -- Enables users to publish their avatar, mood, activity, playing music and more - "private", -- Private XML storage (for room bookmarks, etc.) - "blocklist", -- Allow users to block communications with other users - "vcard4", -- User profiles (stored in PEP) - "vcard_legacy", -- Conversion between legacy vCard and PEP Avatar, vcard - "limits", -- Enable bandwidth limiting for XMPP connections - -- Nice to have - "version", -- Replies to server version requests - "uptime", -- Report how long server has been running - "time", -- Let others know the time here on this server - "ping", -- Replies to XMPP pings with pongs - -- "register"; -- Allow users to register on this server using a client and change passwords - -- "mam"; -- Store messages in an archive and allow users to access it - -- "csi_simple"; -- Simple Mobile optimizations - -- Admin interfaces - "admin_adhoc", -- Allows administration via an XMPP client that supports ad-hoc commands - -- "admin_telnet"; -- Opens telnet console interface on localhost port 5582 - - -- HTTP modules - "bosh" -- Enable BOSH clients, aka "Jabber over HTTP" - -- "websocket"; -- XMPP over WebSockets - -- "http_files"; -- Serve static files from a directory over HTTP - - -- Other specific functionality - -- "groups"; -- Shared roster support - -- "server_contact_info"; -- Publish contact information for this service - -- "announce"; -- Send announcement to all online users - -- "welcome"; -- Welcome users who register accounts - -- "watchregistrations"; -- Alert admins of registrations - -- "motd"; -- Send a message to users when they log in - -- "legacyauth"; -- Legacy authentication. Only used by some old clients and bots. - -- "proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use -} - --- These modules are auto-loaded, but should you want --- to disable them then uncomment them here: -modules_disabled = { - -- "offline"; -- Store offline messages - "c2s" -- Handle client connections - -- "s2s"; -- Handle server-to-server connections - -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. -} - --- Disable account creation by default, for security --- For more information see https://prosody.im/doc/creating_accounts -allow_registration = false - --- Force clients to use encrypted connections? This option will --- prevent clients from authenticating unless they are using encryption. - -c2s_require_encryption = true - --- Force servers to use encrypted connections? This option will --- prevent servers from authenticating unless they are using encryption. - -s2s_require_encryption = true - --- Force certificate authentication for server-to-server connections? - -s2s_secure_auth = false - --- Some servers have invalid or self-signed certificates. You can list --- remote domains here that will not be required to authenticate using --- certificates. They will be authenticated using DNS instead, even --- when s2s_secure_auth is enabled. - --- s2s_insecure_domains = { "insecure.example" } - --- Even if you disable s2s_secure_auth, you can still require valid --- certificates for some domains by specifying a list here. - --- s2s_secure_domains = { "jabber.org" } - --- Enable rate limits for incoming client and server connections - -limits = {c2s = {rate = "10kb/s"}, s2sin = {rate = "30kb/s"}} - --- Required for init scripts and prosodyctl -pidfile = "/var/run/prosody/prosody.pid" - --- Select the authentication backend to use. The 'internal' providers --- use Prosody's configured data storage to store the authentication data. - -authentication = "internal_hashed" - --- Select the storage backend to use. By default Prosody uses flat files --- in its configured data directory, but it also supports more backends --- through modules. An "sql" backend is included by default, but requires --- additional dependencies. See https://prosody.im/doc/storage for more info. - --- storage = "sql" -- Default is "internal" - --- For the "sql" backend, you can uncomment *one* of the below to configure: --- sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. --- sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } --- sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } - --- Archiving configuration --- If mod_mam is enabled, Prosody will store a copy of every message. This --- is used to synchronize conversations between multiple clients, even if --- they are offline. This setting controls how long Prosody will keep --- messages in the archive before removing them. - -archive_expires_after = "1w" -- Remove archived messages after 1 week - --- You can also configure messages to be stored in-memory only. For more --- archiving options, see https://prosody.im/doc/modules/mod_mam - --- Logging configuration --- For advanced logging see https://prosody.im/doc/logging -log = {{levels = {min = "info"}, to = "console"}} - --- Uncomment to enable statistics --- For more info see https://prosody.im/doc/statistics --- statistics = "internal" - --- Certificates --- Every virtual host and component needs a certificate so that clients and --- servers can securely verify its identity. Prosody will automatically load --- certificates/keys from the directory specified here. --- For more information, including how to use 'prosodyctl' to auto-import certificates --- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates - --- Location of directory to find certificates in (relative to main config file): -certificates = "certs" - --- HTTPS currently only supports a single certificate, specify it here: --- https_certificate = "/etc/prosody/certs/localhost.crt" - ------------ Virtual hosts ----------- --- You need to add a VirtualHost entry for each domain you wish Prosody to serve. --- Settings under each VirtualHost entry apply *only* to that host. - -VirtualHost "chat.terminaldweller.com" -enabled = true -ssl = { - key = "/etc/letsencrypt/live/chat.terminaldweller.com/privkey.pem", - certificate = "/etc/letsencrypt/live/chat.terminaldweller.com/fullchain.pem" -} - --- VirtualHost "example.com" --- certificate = "/path/to/example.crt" - ------- Components ------ --- You can specify components to add hosts that provide special services, --- like multi-user conferences, and transports. --- For more information on components, see https://prosody.im/doc/components - ----Set up a MUC (multi-user chat) room server on conference.example.com: -Component "conference.chat.terminaldweller.com" "muc" -restrict_room_creationi = "admin" ---- Store MUC messages in an archive and allow users to access it --- modules_enabled = { "muc_mam" } - ----Set up an external component (default component port is 5347) --- --- External components allow adding various services, such as gateways/ --- transports to other networks like ICQ, MSN and Yahoo. For more info --- see: https://prosody.im/doc/components#adding_an_external_component --- --- Component "gateway.example.com" --- component_secret = "password" diff --git a/terminaldweller.com/prosody/docker-compose.yaml b/terminaldweller.com/prosody/docker-compose.yaml deleted file mode 100644 index 3641974..0000000 --- a/terminaldweller.com/prosody/docker-compose.yaml +++ /dev/null @@ -1,40 +0,0 @@ -version: "3.4" -services: - postgres: - image: postgres:alpine3.14 - ports: - "127.0.0.1:5432:5432" - volumes: - - postgresdata:/var/lib/postgresql/data/prosody - networks: - - xmppnet - cap_drop: - - ALL - prosody: - image: prosody/prosody:0.11.9 - restart: unless-stopped - ports: - - "5080:80/tcp" - - "5222:5222/tcp" - - "5280:5280/tcp" - - "5281:5281/tcp" - - "5347:5347/tcp" - - "5582:5582/tcp" - volumes: - - ./config/prosody.cfg.lua:/etc/prosody:ro - - ./log:/var/log/prosody - - ./modules:/usr/lib/prosody-modules - environment: - - LOCAL=chat - - DOMAIN=terminaldweller.com - - PASSWORD=letstryxmpp - networks: - - xmppnet - cap_add: - cap_drop: - - ALL -networks: - xmppnet: - driver: bridge -volumes: - postgresdata: -- cgit v1.2.3