v1.3.2

2024-03-01 17:09:43 +01:00 · 2024-03-01 17:09:43 +01:00 · e7fa66e938
commit e7fa66e938
parent d8d9fd9e67
7 changed files with 18 additions and 61 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,9 @@
 # Changelog
 ## v1.3.2
 * Added Firewall module with optional custom blacklist
 ## v1.3.1
 * Added optional Firewall module for testing
--- a/3
+++ b/3
@ -111,8 +111,7 @@ RUN download-prosody-modules.bash \
        smacks `# stream management (XEP-0198)` \
        throttle_presence `# presence throttling in CSI` \
        vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \
- && docker-prosody-module-pre-install.bash \
+	    firewall `# anti-spam firewall` \
 	firewall `# anti-spam firewall` \
 && rm -rf "/usr/src/prosody-modules"
 RUN echo "TLS_REQCERT allow" >> /etc/ldap/ldap.conf
--- a/conf.d/01-modules.cfg.lua
+++ b/conf.d/01-modules.cfg.lua
@ -1,7 +1,8 @@
 plugin_paths = { "/usr/local/lib/prosody/custom-modules/" };
 -- table of enabled modules
-local mods_enabled = {
+-- local mods_enabled = {
 modules_enabled = {
    -- Generally required
    "roster"; -- Allow users to have a roster. Recommended ;)
    "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
@ -48,19 +49,7 @@ local mods_enabled = {
    "server_contact_info"; -- This module lets you advertise various contact addresses for your XMPP service via XEP-0157.
 };
-local enabled = os.getenv("ENABLE_FIREWALL") or "false"
+-- modules_enabled = mods_enabled;
 local spam_blocklist = os.getenv("SPAM_BLOCKLIST") and "/usr/local/etc/prosody/firewall/" .. os.getenv("SPAM_BLOCKLIST") or "module:scripts/spam-blocklists.pfw"
 if(enabled == "true")
 then
   table.insert(mods_enabled, "firewall");
   firewall_scripts = {
   	spam_blocklist;
   }
 end
 modules_enabled = mods_enabled;
 -- These modules are auto-loaded, but should you want
 -- to disable them then uncomment them here:
@ -69,4 +58,3 @@ modules_disabled = {
    -- "c2s"; -- Handle client connections
    -- "s2s"; -- Handle server-to-server connections
 };
--- a/docker-prosody-module-install.bash
+++ b/docker-prosody-module-install.bash
@ -43,7 +43,13 @@ for ext in $exts; do
 	# Skip this if the modules should not be added to modules_enabled.
 	if [ "$ext" != "http_upload" ] && [ "$ext" != "vcard_muc" ] ; then
 		echo " - enabling within ${config}"
-		new_config=$(cat "${config}" | module="${ext}" perl -0pe 's/(mods_enabled[ ]*=[ ]*{[^}]*)};/$1\n\t"$ENV{module}";\n};/')
+		new_config=$(cat "${config}" | module="${ext}" perl -0pe 's/(modules_enabled[ ]*=[ ]*{[^}]*)};/$1\n\t"$ENV{module}";\n};/')
 		echo "${new_config}" > "${config}"
 	fi
 	# firewall module configuration
    	if [ "$ext" == "firewall" ] ; then
        	echo " - setting up mod_${ext}"
        	new_config=$(cat "${config}" | echo -e "\nlocal spam_blocklist = os.getenv(\"SPAM_BLOCKLIST\") and \"/usr/local/etc/prosody/firewall/\" .. os.getenv(\"SPAM_BLOCKLIST\") or \"module:scripts/spam-blocklists.pfw\"\n\nfirewall_scripts = {\n\tspam_blocklist;\n};")
        	echo "${new_config}" >> "${config}"
    	fi
 done
--- a/docker-prosody-module-pre-install.bash
+++ b/docker-prosody-module-pre-install.bash
@ -1,42 +0,0 @@
 #!/bin/bash
 set -e
 source="/usr/src/prosody-modules"
 target="/usr/local/lib/prosody/custom-modules"
 cd ${source}
 usage() {
 	echo "usage: $0 ext-name [ext-name ...]"
 	echo "   ie: $0 carbons e2e_policy proxy65"
 	echo
 	echo 'Possible values for ext-name:'
 	find . -mindepth 1 -maxdepth 1 -type d | sort | sed s/\.\\/mod_//g | xargs
 }
 exts=
 for ext; do
 	if [ -z "mod_$ext" ]; then
 		continue
 	fi
 	if [ ! -d "mod_$ext" ]; then
 		echo >&2 "error: $PWD/mod_$ext does not exist"
 		echo >&2
 		usage >&2
 		exit 1
 	fi
 	exts="$exts $ext"
 done
 if [ -z "$exts" ]; then
 	usage >&2
 	exit 1
 fi
 for ext in $exts; do
 	echo "Installing mod_${ext}"
 	echo " - copying to ${target}"
 	cp -r "${source}/mod_${ext}" "${target}/"
 done
--- a/extras/firewall/blacklist.txt
+++ b/extras/firewall/blacklist.txt
@ -2,13 +2,16 @@ bashtel.ru
 creep.im
 darkengine.biz
 default.rs
 exploit.im
 hiddenlizard.org
 jabber.bitactive.com
 jabber.cd
 jabber.cz
 jabber.freenet.de
 jabber.ipredator.se
 jabber.npw.net
 jabber.sampo.ru
 jabbim.pl
 labas.biz
 otr.chat
 paranoid.scarab.name
--- a/readme.md
+++ b/readme.md
@ -246,7 +246,6 @@ sudo chown 999:999 ./data
 | **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional*                                   | "xmpp:security@**DOMAIN**" |
 | **SERVER_CONTACT_INFO_SUPPORT**  | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional*                                   | "xmpp:support@**DOMAIN**"  |
 | **PROSODY_ADMINS**               | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net"                         | *optional*                                   | ""                         |
 | **ENABLE_FIREWALL**              | Enable Firewall module                                                                                               | *optional*                                   | false                      |
 | **SPAM_BLOCKLIST**               | Blacklist to use with Firewall module. Eg. "custom-blocklist.pfw"                                                    | *optional*                                   |                       |
 #### DNS