v1.3.2

2024-03-01 17:09:43 +01:00 · 2024-03-01 17:09:43 +01:00 · e7fa66e938
commit e7fa66e938
parent d8d9fd9e67
7 changed files with 18 additions and 61 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,9 @@
 # Changelog

+## v1.3.2
+
+* Added Firewall module with optional custom blacklist
+
 ## v1.3.1

 * Added optional Firewall module for testing
--- a/3
+++ b/3
@ -111,8 +111,7 @@ RUN download-prosody-modules.bash \
        smacks `# stream management (XEP-0198)` \
        throttle_presence `# presence throttling in CSI` \
        vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \
- && docker-prosody-module-pre-install.bash \
-	firewall `# anti-spam firewall` \
+	    firewall `# anti-spam firewall` \
 && rm -rf "/usr/src/prosody-modules"
 RUN echo "TLS_REQCERT allow" >> /etc/ldap/ldap.conf

--- a/conf.d/01-modules.cfg.lua
+++ b/conf.d/01-modules.cfg.lua
@ -1,7 +1,8 @@
 plugin_paths = { "/usr/local/lib/prosody/custom-modules/" };

 -- table of enabled modules
-local mods_enabled = {
+-- local mods_enabled = {
+modules_enabled = {
    -- Generally required
    "roster"; -- Allow users to have a roster. Recommended ;)
    "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
@ -48,19 +49,7 @@ local mods_enabled = {
    "server_contact_info"; -- This module lets you advertise various contact addresses for your XMPP service via XEP-0157.
 };

-local enabled = os.getenv("ENABLE_FIREWALL") or "false"
-local spam_blocklist = os.getenv("SPAM_BLOCKLIST") and "/usr/local/etc/prosody/firewall/" .. os.getenv("SPAM_BLOCKLIST") or "module:scripts/spam-blocklists.pfw"
-
-if(enabled == "true")
-then
-   table.insert(mods_enabled, "firewall");
-   
-   firewall_scripts = {
-   	spam_blocklist;
-   }
-end
-
-modules_enabled = mods_enabled;
+-- modules_enabled = mods_enabled;

 -- These modules are auto-loaded, but should you want
 -- to disable them then uncomment them here:
@ -69,4 +58,3 @@ modules_disabled = {
    -- "c2s"; -- Handle client connections
    -- "s2s"; -- Handle server-to-server connections
 };
-
--- a/docker-prosody-module-install.bash
+++ b/docker-prosody-module-install.bash
@ -43,7 +43,13 @@ for ext in $exts; do
 	# Skip this if the modules should not be added to modules_enabled.
 	if [ "$ext" != "http_upload" ] && [ "$ext" != "vcard_muc" ] ; then
 		echo " - enabling within ${config}"
-		new_config=$(cat "${config}" | module="${ext}" perl -0pe 's/(mods_enabled[ ]*=[ ]*{[^}]*)};/$1\n\t"$ENV{module}";\n};/')
+		new_config=$(cat "${config}" | module="${ext}" perl -0pe 's/(modules_enabled[ ]*=[ ]*{[^}]*)};/$1\n\t"$ENV{module}";\n};/')
 		echo "${new_config}" > "${config}"
 	fi
+	# firewall module configuration
+    	if [ "$ext" == "firewall" ] ; then
+        	echo " - setting up mod_${ext}"
+        	new_config=$(cat "${config}" | echo -e "\nlocal spam_blocklist = os.getenv(\"SPAM_BLOCKLIST\") and \"/usr/local/etc/prosody/firewall/\" .. os.getenv(\"SPAM_BLOCKLIST\") or \"module:scripts/spam-blocklists.pfw\"\n\nfirewall_scripts = {\n\tspam_blocklist;\n};")
+        	echo "${new_config}" >> "${config}"
+    	fi
 done
--- a/docker-prosody-module-pre-install.bash
+++ b/docker-prosody-module-pre-install.bash
@ -1,42 +0,0 @@
-#!/bin/bash
-set -e
-
-source="/usr/src/prosody-modules"
-target="/usr/local/lib/prosody/custom-modules"
-
-cd ${source}
-
-usage() {
-	echo "usage: $0 ext-name [ext-name ...]"
-	echo "   ie: $0 carbons e2e_policy proxy65"
-	echo
-	echo 'Possible values for ext-name:'
-	find . -mindepth 1 -maxdepth 1 -type d | sort | sed s/\.\\/mod_//g | xargs
-}
-
-exts=
-for ext; do
-	if [ -z "mod_$ext" ]; then
-		continue
-	fi
-	if [ ! -d "mod_$ext" ]; then
-		echo >&2 "error: $PWD/mod_$ext does not exist"
-		echo >&2
-		usage >&2
-		exit 1
-	fi
-	exts="$exts $ext"
-done
-
-if [ -z "$exts" ]; then
-	usage >&2
-	exit 1
-fi
-
-for ext in $exts; do
-	echo "Installing mod_${ext}"
-
-	echo " - copying to ${target}"
-	cp -r "${source}/mod_${ext}" "${target}/"
-
-done
--- a/extras/firewall/blacklist.txt
+++ b/extras/firewall/blacklist.txt
@ -2,13 +2,16 @@ bashtel.ru
 creep.im
 darkengine.biz
 default.rs
+exploit.im
 hiddenlizard.org
 jabber.bitactive.com
 jabber.cd
+jabber.cz
 jabber.freenet.de
 jabber.ipredator.se
 jabber.npw.net
 jabber.sampo.ru
+jabbim.pl
 labas.biz
 otr.chat
 paranoid.scarab.name
--- a/readme.md
+++ b/readme.md
@ -246,7 +246,6 @@ sudo chown 999:999 ./data
 | **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional*                                   | "xmpp:security@**DOMAIN**" |
 | **SERVER_CONTACT_INFO_SUPPORT**  | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional*                                   | "xmpp:support@**DOMAIN**"  |
 | **PROSODY_ADMINS**               | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net"                         | *optional*                                   | ""                         |
-| **ENABLE_FIREWALL**              | Enable Firewall module                                                                                               | *optional*                                   | false                      |
 | **SPAM_BLOCKLIST**               | Blacklist to use with Firewall module. Eg. "custom-blocklist.pfw"                                                    | *optional*                                   |                       |

 #### DNS