This commit is contained in:
aitzol 2024-03-01 17:09:43 +01:00
parent d8d9fd9e67
commit e7fa66e938
7 changed files with 18 additions and 61 deletions

View File

@ -1,5 +1,9 @@
# Changelog
## v1.3.2
* Added Firewall module with optional custom blacklist
## v1.3.1
* Added optional Firewall module for testing

View File

@ -111,7 +111,6 @@ RUN download-prosody-modules.bash \
smacks `# stream management (XEP-0198)` \
throttle_presence `# presence throttling in CSI` \
vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \
&& docker-prosody-module-pre-install.bash \
firewall `# anti-spam firewall` \
&& rm -rf "/usr/src/prosody-modules"
RUN echo "TLS_REQCERT allow" >> /etc/ldap/ldap.conf

View File

@ -1,7 +1,8 @@
plugin_paths = { "/usr/local/lib/prosody/custom-modules/" };
-- table of enabled modules
local mods_enabled = {
-- local mods_enabled = {
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
@ -48,19 +49,7 @@ local mods_enabled = {
"server_contact_info"; -- This module lets you advertise various contact addresses for your XMPP service via XEP-0157.
};
local enabled = os.getenv("ENABLE_FIREWALL") or "false"
local spam_blocklist = os.getenv("SPAM_BLOCKLIST") and "/usr/local/etc/prosody/firewall/" .. os.getenv("SPAM_BLOCKLIST") or "module:scripts/spam-blocklists.pfw"
if(enabled == "true")
then
table.insert(mods_enabled, "firewall");
firewall_scripts = {
spam_blocklist;
}
end
modules_enabled = mods_enabled;
-- modules_enabled = mods_enabled;
-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
@ -69,4 +58,3 @@ modules_disabled = {
-- "c2s"; -- Handle client connections
-- "s2s"; -- Handle server-to-server connections
};

View File

@ -43,7 +43,13 @@ for ext in $exts; do
# Skip this if the modules should not be added to modules_enabled.
if [ "$ext" != "http_upload" ] && [ "$ext" != "vcard_muc" ] ; then
echo " - enabling within ${config}"
new_config=$(cat "${config}" | module="${ext}" perl -0pe 's/(mods_enabled[ ]*=[ ]*{[^}]*)};/$1\n\t"$ENV{module}";\n};/')
new_config=$(cat "${config}" | module="${ext}" perl -0pe 's/(modules_enabled[ ]*=[ ]*{[^}]*)};/$1\n\t"$ENV{module}";\n};/')
echo "${new_config}" > "${config}"
fi
# firewall module configuration
if [ "$ext" == "firewall" ] ; then
echo " - setting up mod_${ext}"
new_config=$(cat "${config}" | echo -e "\nlocal spam_blocklist = os.getenv(\"SPAM_BLOCKLIST\") and \"/usr/local/etc/prosody/firewall/\" .. os.getenv(\"SPAM_BLOCKLIST\") or \"module:scripts/spam-blocklists.pfw\"\n\nfirewall_scripts = {\n\tspam_blocklist;\n};")
echo "${new_config}" >> "${config}"
fi
done

View File

@ -1,42 +0,0 @@
#!/bin/bash
set -e
source="/usr/src/prosody-modules"
target="/usr/local/lib/prosody/custom-modules"
cd ${source}
usage() {
echo "usage: $0 ext-name [ext-name ...]"
echo " ie: $0 carbons e2e_policy proxy65"
echo
echo 'Possible values for ext-name:'
find . -mindepth 1 -maxdepth 1 -type d | sort | sed s/\.\\/mod_//g | xargs
}
exts=
for ext; do
if [ -z "mod_$ext" ]; then
continue
fi
if [ ! -d "mod_$ext" ]; then
echo >&2 "error: $PWD/mod_$ext does not exist"
echo >&2
usage >&2
exit 1
fi
exts="$exts $ext"
done
if [ -z "$exts" ]; then
usage >&2
exit 1
fi
for ext in $exts; do
echo "Installing mod_${ext}"
echo " - copying to ${target}"
cp -r "${source}/mod_${ext}" "${target}/"
done

View File

@ -2,13 +2,16 @@ bashtel.ru
creep.im
darkengine.biz
default.rs
exploit.im
hiddenlizard.org
jabber.bitactive.com
jabber.cd
jabber.cz
jabber.freenet.de
jabber.ipredator.se
jabber.npw.net
jabber.sampo.ru
jabbim.pl
labas.biz
otr.chat
paranoid.scarab.name

View File

@ -246,7 +246,6 @@ sudo chown 999:999 ./data
| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" |
| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" |
| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" |
| **ENABLE_FIREWALL** | Enable Firewall module | *optional* | false |
| **SPAM_BLOCKLIST** | Blacklist to use with Firewall module. Eg. "custom-blocklist.pfw" | *optional* | |
#### DNS