From 0c74665bad3699cb3b2f4c0121101b94aa6fed49 Mon Sep 17 00:00:00 2001 From: Florian Jacob Date: Fri, 22 Dec 2017 01:14:47 +0100 Subject: luaevent: 0.4.3 -> 0.4.4 --- pkgs/top-level/lua-packages.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'pkgs') diff --git a/pkgs/top-level/lua-packages.nix b/pkgs/top-level/lua-packages.nix index 75f2ab9e582..6731c02568f 100644 --- a/pkgs/top-level/lua-packages.nix +++ b/pkgs/top-level/lua-packages.nix @@ -167,15 +167,14 @@ let }; luaevent = buildLuaPackage rec { - version = "0.4.3"; + version = "0.4.4"; name = "luaevent-${version}"; - disabled = isLua52; src = fetchFromGitHub { owner = "harningt"; repo = "luaevent"; rev = "v${version}"; - sha256 = "1c1n2zqx5rwfwkqaq1jj8gvx1vswvbihj2sy445w28icz1xfhpik"; + sha256 = "1krzxr0jkv3gmhpckp02byhdd9s5dd0hpyqc8irc8i79dd8x0p53"; }; preBuild = '' -- cgit 1.4.1 From 226965da67c25bbad0c6c0cc6d21b64a647beed8 Mon Sep 17 00:00:00 2001 From: Florian Jacob Date: Fri, 22 Dec 2017 01:17:48 +0100 Subject: prosody: 0.9.12 -> 0.10.0 updating config options, removing luazlib as mod_compression was removed for security reasons. --- nixos/doc/manual/release-notes/rl-1803.xml | 27 ++++ nixos/modules/services/networking/prosody.nix | 202 +++++++++++++++++++++++--- pkgs/servers/xmpp/prosody/default.nix | 9 +- pkgs/top-level/all-packages.nix | 5 +- 4 files changed, 216 insertions(+), 27 deletions(-) (limited to 'pkgs') diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index b755245a69f..20f23261b60 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -322,6 +322,33 @@ following incompatible changes: external module. + + + The Prosody XMPP server has received a major update. The following modules were renamed: + + + + is now + + + + + is now + + + + + + + Many new modules are now core modules, most notably + and . + + + + The better-performing libevent backend is now enabled by default. + + + diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 9d7e6d6018a..a7b43fb78a9 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -15,6 +15,7 @@ let description = "Path to the key file."; }; + # TODO: rename to certificate to match the prosody config cert = mkOption { type = types.path; description = "Path to the certificate file."; @@ -30,7 +31,7 @@ let }; moduleOpts = { - + # Generally required roster = mkOption { type = types.bool; default = true; @@ -61,12 +62,38 @@ let description = "Service discovery"; }; - legacyauth = mkOption { + # Not essential, but recommended + carbons = mkOption { type = types.bool; default = true; - description = "Legacy authentication. Only used by some old clients and bots"; + description = "Keep multiple clients in sync"; + }; + + pep = mkOption { + type = types.bool; + default = true; + description = "Enables users to publish their mood, activity, playing music and more"; }; + private = mkOption { + type = types.bool; + default = true; + description = "Private XML storage (for room bookmarks, etc.)"; + }; + + blocklist = mkOption { + type = types.bool; + default = true; + description = "Allow users to block communications with other users"; + }; + + vcard = mkOption { + type = types.bool; + default = true; + description = "Allow users to set vCards"; + }; + + # Nice to have version = mkOption { type = types.bool; default = true; @@ -91,36 +118,112 @@ let description = "Replies to XMPP pings with pongs"; }; - console = mkOption { + register = mkOption { + type = types.bool; + default = true; + description = "Allow users to register on this server using a client and change passwords"; + }; + + mam = mkOption { + type = types.bool; + default = false; + description = "Store messages in an archive and allow users to access it"; + }; + + # Admin interfaces + admin_adhoc = mkOption { + type = types.bool; + default = true; + description = "Allows administration via an XMPP client that supports ad-hoc commands"; + }; + + admin_telnet = mkOption { type = types.bool; default = false; - description = "telnet to port 5582"; + description = "Opens telnet console interface on localhost port 5582"; }; + # HTTP modules bosh = mkOption { type = types.bool; default = false; description = "Enable BOSH clients, aka 'Jabber over HTTP'"; }; - httpserver = mkOption { + websocket = mkOption { + type = types.bool; + default = false; + description = "Enable WebSocket support"; + }; + + http_files = mkOption { type = types.bool; default = false; description = "Serve static files from a directory over HTTP"; }; - websocket = mkOption { + # Other specific functionality + limits = mkOption { type = types.bool; default = false; - description = "Enable WebSocket support"; + description = "Enable bandwidth limiting for XMPP connections"; + }; + + groups = mkOption { + type = types.bool; + default = false; + description = "Shared roster support"; + }; + + server_contact_info = mkOption { + type = types.bool; + default = false; + description = "Publish contact information for this service"; + }; + + announce = mkOption { + type = types.bool; + default = false; + description = "Send announcement to all online users"; + }; + + welcome = mkOption { + type = types.bool; + default = false; + description = "Welcome users who register accounts"; + }; + + watchregistrations = mkOption { + type = types.bool; + default = false; + description = "Alert admins of registrations"; + }; + + motd = mkOption { + type = types.bool; + default = false; + description = "Send a message to users when they log in"; + }; + + legacyauth = mkOption { + type = types.bool; + default = false; + description = "Legacy authentication. Only used by some old clients and bots"; + }; + + proxy65 = mkOption { + type = types.bool; + default = false; + description = "Enables a file transfer proxy service which clients behind NAT can use"; }; }; toLua = x: if builtins.isString x then ''"${x}"'' - else if builtins.isBool x then toString x + else if builtins.isBool x then (if x == true then "true" else "false") else if builtins.isInt x then toString x + else if builtins.isList x then ''{ ${lib.concatStringsSep ", " (map (n: toLua n) x) } }'' else throw "Invalid Lua value"; createSSLOptsStr = o: '' @@ -198,6 +301,59 @@ in description = "Allow account creation"; }; + c2sRequireEncryption = mkOption { + type = types.bool; + default = true; + description = '' + Force clients to use encrypted connections? This option will + prevent clients from authenticating unless they are using encryption. + ''; + }; + + s2sRequireEncryption = mkOption { + type = types.bool; + default = true; + description = '' + Force servers to use encrypted connections? This option will + prevent servers from authenticating unless they are using encryption. + Note that this is different from authentication. + ''; + }; + + s2sSecureAuth = mkOption { + type = types.bool; + default = false; + description = '' + Force certificate authentication for server-to-server connections? + This provides ideal security, but requires servers you communicate + with to support encryption AND present valid, trusted certificates. + For more information see https://prosody.im/doc/s2s#security + ''; + }; + + s2sInsecureDomains = mkOption { + type = types.listOf types.str; + default = []; + example = [ "insecure.example.com" ]; + description = '' + Some servers have invalid or self-signed certificates. You can list + remote domains here that will not be required to authenticate using + certificates. They will be authenticated using DNS instead, even + when s2s_secure_auth is enabled. + ''; + }; + + s2sSecureDomains = mkOption { + type = types.listOf types.str; + default = []; + example = [ "jabber.org" ]; + description = '' + Even if you leave s2s_secure_auth disabled, you can still require valid + certificates for some domains by specifying a list here. + ''; + }; + + modules = moduleOpts; extraModules = mkOption { @@ -266,26 +422,34 @@ in data_path = "/var/lib/prosody" - allow_registration = ${boolToString cfg.allowRegistration}; - - ${ optionalString cfg.modules.console "console_enabled = true;" } - ${ optionalString (cfg.ssl != null) (createSSLOptsStr cfg.ssl) } - admins = { ${lib.concatStringsSep ", " (map (n: "\"${n}\"") cfg.admins) } }; + admins = ${toLua cfg.admins} + + -- we already build with libevent, so we can just enable it for a more performant server + use_libevent = true modules_enabled = { ${ lib.concatStringsSep "\n\ \ " (lib.mapAttrsToList - (name: val: optionalString val ''"${name}";'') + (name: val: optionalString val "${toLua name};") cfg.modules) } - ${ optionalString cfg.allowRegistration "\"register\"\;" } + ${ lib.concatStringsSep "\n" (map (x: "${toLua x};") cfg.extraModules)} + }; - ${ lib.concatStringsSep "\n" (map (x: "\"${x}\";") cfg.extraModules)} + allow_registration = ${toLua cfg.allowRegistration} + + c2s_require_encryption = ${toLua cfg.c2sRequireEncryption} + + s2s_require_encryption = ${toLua cfg.s2sRequireEncryption} + + s2s_secure_auth = ${toLua cfg.s2sSecureAuth} + + s2s_insecure_domains = ${toLua cfg.s2sInsecureDomains} + + s2s_secure_domains = ${toLua cfg.s2sSecureDomains} - "posix"; - }; ${ cfg.extraConfig } diff --git a/pkgs/servers/xmpp/prosody/default.nix b/pkgs/servers/xmpp/prosody/default.nix index b0e3492c0da..eb3e858ac4d 100644 --- a/pkgs/servers/xmpp/prosody/default.nix +++ b/pkgs/servers/xmpp/prosody/default.nix @@ -1,14 +1,12 @@ { stdenv, fetchurl, libidn, openssl, makeWrapper, fetchhg , lua5, luasocket, luasec, luaexpat, luafilesystem, luabitop , withLibevent ? true, luaevent ? null -, withZlib ? true, luazlib ? null , withDBI ? true, luadbi ? null # use withExtraLibs to add additional dependencies of community modules , withExtraLibs ? [ ] , withCommunityModules ? [ ] }: assert withLibevent -> luaevent != null; -assert withZlib -> luazlib != null; assert withDBI -> luadbi != null; with stdenv.lib; @@ -16,7 +14,6 @@ with stdenv.lib; let libs = [ luasocket luasec luaexpat luafilesystem luabitop ] ++ optional withLibevent luaevent - ++ optional withZlib luazlib ++ optional withDBI luadbi ++ withExtraLibs; getPath = lib : type : "${lib}/lib/lua/${lua5.luaversion}/?.${type};${lib}/share/lua/${lua5.luaversion}/?.${type}"; @@ -27,12 +24,12 @@ let in stdenv.mkDerivation rec { - version = "0.9.12"; + version = "0.10.0"; name = "prosody-${version}"; src = fetchurl { url = "http://prosody.im/downloads/source/${name}.tar.gz"; - sha256 = "139yxqpinajl32ryrybvilh54ddb1q6s0ajjhlcs4a0rnwia6n8s"; + sha256 = "1644jy5dk46vahmh6nna36s79k8k668sbi3qamjb4q3c4m3y853l"; }; communityModules = fetchhg { @@ -65,7 +62,7 @@ stdenv.mkDerivation rec { meta = { description = "Open-source XMPP application server written in Lua"; license = licenses.mit; - homepage = http://www.prosody.im; + homepage = https://prosody.im; platforms = platforms.linux; maintainers = [ ]; }; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e267a460d0d..924058cc091 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -12225,8 +12225,9 @@ with pkgs; hyp = callPackage ../servers/http/hyp/default.nix { }; prosody = callPackage ../servers/xmpp/prosody { - lua5 = lua5_1; - inherit (lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib luadbi; + # _compat can probably be removed on next minor version after 0.10.0 + lua5 = lua5_2_compat; + inherit (lua52Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luadbi; }; biboumi = callPackage ../servers/xmpp/biboumi { }; -- cgit 1.4.1 From 2c0b230330b3292e31f1de2392a293db6bede69e Mon Sep 17 00:00:00 2001 From: Florian Jacob Date: Fri, 22 Dec 2017 01:20:01 +0100 Subject: prosody: update community modules --- pkgs/servers/xmpp/prosody/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs') diff --git a/pkgs/servers/xmpp/prosody/default.nix b/pkgs/servers/xmpp/prosody/default.nix index eb3e858ac4d..1567a4a6b30 100644 --- a/pkgs/servers/xmpp/prosody/default.nix +++ b/pkgs/servers/xmpp/prosody/default.nix @@ -34,8 +34,8 @@ stdenv.mkDerivation rec { communityModules = fetchhg { url = "https://hg.prosody.im/prosody-modules"; - rev = "9a3e51f348fe"; - sha256 = "09g4vi52rv0r3jzcm0bsgp4ngqq6iapfbxfh0l7qj36qnajp4vm6"; + rev = "150a7bd59043"; + sha256 = "0nfx3lngcy88nd81gb7v4kh3nz1bzsm67bxgpd2lprk54diqcrz1"; }; buildInputs = [ lua5 makeWrapper libidn openssl ]; -- cgit 1.4.1 From 0a80f2c0f4284428235b0f54e228f6e76f1673a7 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 22 Mar 2018 03:40:46 +0100 Subject: prosody: improve module handling --- nixos/doc/manual/release-notes/rl-1803.xml | 5 +++++ nixos/modules/services/networking/prosody.nix | 14 +++++++++++--- pkgs/servers/xmpp/prosody/default.nix | 10 +++++++--- 3 files changed, 23 insertions(+), 6 deletions(-) (limited to 'pkgs') diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index 20f23261b60..e67f1448466 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -347,6 +347,11 @@ following incompatible changes: The better-performing libevent backend is now enabled by default. + + + withCommunityModules now passes through the modules to . + Use withOnlyInstalledCommunityModules for modules that should not be enabled directly, e.g lib_ldap. + diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index a7b43fb78a9..d57ebb61f63 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -362,6 +362,12 @@ in description = "Enable custom modules"; }; + extraPluginPaths = mkOption { + type = types.listOf types.path; + default = []; + description = "Addtional path in which to look find plugins/modules"; + }; + virtualHosts = mkOption { description = "Define the virtual hosts"; @@ -411,16 +417,18 @@ in config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.prosody ]; + environment.systemPackages = [ cfg.package ]; environment.etc."prosody/prosody.cfg.lua".text = '' pidfile = "/var/lib/prosody/prosody.pid" - log = "*syslog" data_path = "/var/lib/prosody" + plugin_paths = { + ${lib.concatStringsSep ", " (map (n: "\"${n}\"") cfg.extraPluginPaths) } + } ${ optionalString (cfg.ssl != null) (createSSLOptsStr cfg.ssl) } @@ -434,7 +442,7 @@ in ${ lib.concatStringsSep "\n\ \ " (lib.mapAttrsToList (name: val: optionalString val "${toLua name};") cfg.modules) } - + ${ lib.concatStringsSep "\n" (map (x: "${toLua x};") cfg.package.communityModules)} ${ lib.concatStringsSep "\n" (map (x: "${toLua x};") cfg.extraModules)} }; diff --git a/pkgs/servers/xmpp/prosody/default.nix b/pkgs/servers/xmpp/prosody/default.nix index 1567a4a6b30..2d0e1a529da 100644 --- a/pkgs/servers/xmpp/prosody/default.nix +++ b/pkgs/servers/xmpp/prosody/default.nix @@ -4,6 +4,7 @@ , withDBI ? true, luadbi ? null # use withExtraLibs to add additional dependencies of community modules , withExtraLibs ? [ ] +, withOnlyInstalledCommunityModules ? [ ] , withCommunityModules ? [ ] }: assert withLibevent -> luaevent != null; @@ -38,7 +39,8 @@ stdenv.mkDerivation rec { sha256 = "0nfx3lngcy88nd81gb7v4kh3nz1bzsm67bxgpd2lprk54diqcrz1"; }; - buildInputs = [ lua5 makeWrapper libidn openssl ]; + buildInputs = [ lua5 makeWrapper libidn openssl ] + ++ optional withDBI luadbi; configureFlags = [ "--ostype=linux" @@ -49,7 +51,7 @@ stdenv.mkDerivation rec { postInstall = '' ${concatMapStringsSep "\n" (module: '' cp -r $communityModules/mod_${module} $out/lib/prosody/modules/ - '') withCommunityModules} + '') (withCommunityModules ++ withOnlyInstalledCommunityModules)} wrapProgram $out/bin/prosody \ --set LUA_PATH '${luaPath};' \ --set LUA_CPATH '${luaCPath};' @@ -59,11 +61,13 @@ stdenv.mkDerivation rec { --set LUA_CPATH '${luaCPath};' ''; + passthru.communityModules = withCommunityModules; + meta = { description = "Open-source XMPP application server written in Lua"; license = licenses.mit; homepage = https://prosody.im; platforms = platforms.linux; - maintainers = [ ]; + maintainers = with maintainers; [ fpletz globin ]; }; } -- cgit 1.4.1