b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

prosody: 0.9.12 -> 0.10.0

Browse source 
updating config options, removing luazlib as mod_compression was removed
for security reasons.
This commit is contained in:
Florian Jacob 2017-12-22 01:17:48 +01:00
parent 0c74665bad
commit 226965da67
4 changed files with 221 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
nixos/doc/manual/release-notes/rl-1803.xml
View file

@ -322,6 +322,33 @@ following incompatible changes:</para>
<link xlink:href="https://github.com/rvl/pump.io-nixos">external module</link>. <link xlink:href="https://github.com/rvl/pump.io-nixos">external module</link>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The Prosody XMPP server has received a major update. The following modules were renamed:
<itemizedlist>
<listitem>
<para>
<option>services.prosody.modules.httpserver</option> is now <option>services.prosody.modules.http_files</option>
</para>
</listitem>
<listitem>
<para>
<option>services.prosody.modules.console</option> is now <option>services.prosody.modules.admin_telnet</option>
</para>
</listitem>
</itemizedlist>
</para>
<para>
Many new modules are now core modules, most notably <option>services.prosody.modules.carbons</option>
and <option>services.prosody.modules.mam</option>.
</para>
<para>
The better-performing <literal>libevent</literal> backend is now enabled by default.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>

212
nixos/modules/services/networking/prosody.nix
View file

@ -15,6 +15,7 @@ let
description = "Path to the key file."; description = "Path to the key file.";
}; };
# TODO: rename to certificate to match the prosody config
cert = mkOption { cert = mkOption {
type = types.path; type = types.path;
description = "Path to the certificate file."; description = "Path to the certificate file.";
@ -30,7 +31,7 @@ let
}; };
moduleOpts = { moduleOpts = {
# Generally required
roster = mkOption { roster = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -61,12 +62,38 @@ let
description = "Service discovery"; description = "Service discovery";
}; };
legacyauth = mkOption { # Not essential, but recommended
carbons = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = "Legacy authentication. Only used by some old clients and bots"; description = "Keep multiple clients in sync";
}; };
pep = mkOption {
type = types.bool;
default = true;
description = "Enables users to publish their mood, activity, playing music and more";
};
private = mkOption {
type = types.bool;
default = true;
description = "Private XML storage (for room bookmarks, etc.)";
};
blocklist = mkOption {
type = types.bool;
default = true;
description = "Allow users to block communications with other users";
};
vcard = mkOption {
type = types.bool;
default = true;
description = "Allow users to set vCards";
};
# Nice to have
version = mkOption { version = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -91,36 +118,112 @@ let
description = "Replies to XMPP pings with pongs"; description = "Replies to XMPP pings with pongs";
}; };
console = mkOption { register = mkOption {
type = types.bool; type = types.bool;
default = false; default = true;
description = "telnet to port 5582"; description = "Allow users to register on this server using a client and change passwords";
}; };
mam = mkOption {
type = types.bool;
default = false;
description = "Store messages in an archive and allow users to access it";
};
# Admin interfaces
admin_adhoc = mkOption {
type = types.bool;
default = true;
description = "Allows administration via an XMPP client that supports ad-hoc commands";
};
admin_telnet = mkOption {
type = types.bool;
default = false;
description = "Opens telnet console interface on localhost port 5582";
};
# HTTP modules
bosh = mkOption { bosh = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Enable BOSH clients, aka 'Jabber over HTTP'"; description = "Enable BOSH clients, aka 'Jabber over HTTP'";
}; };
httpserver = mkOption {
type = types.bool;
default = false;
description = "Serve static files from a directory over HTTP";
};
websocket = mkOption { websocket = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Enable WebSocket support"; description = "Enable WebSocket support";
}; };
http_files = mkOption {
type = types.bool;
default = false;
description = "Serve static files from a directory over HTTP";
};
# Other specific functionality
limits = mkOption {
type = types.bool;
default = false;
description = "Enable bandwidth limiting for XMPP connections";
};
groups = mkOption {
type = types.bool;
default = false;
description = "Shared roster support";
};
server_contact_info = mkOption {
type = types.bool;
default = false;
description = "Publish contact information for this service";
};
announce = mkOption {
type = types.bool;
default = false;
description = "Send announcement to all online users";
};
welcome = mkOption {
type = types.bool;
default = false;
description = "Welcome users who register accounts";
};
watchregistrations = mkOption {
type = types.bool;
default = false;
description = "Alert admins of registrations";
};
motd = mkOption {
type = types.bool;
default = false;
description = "Send a message to users when they log in";
};
legacyauth = mkOption {
type = types.bool;
default = false;
description = "Legacy authentication. Only used by some old clients and bots";
};
proxy65 = mkOption {
type = types.bool;
default = false;
description = "Enables a file transfer proxy service which clients behind NAT can use";
};
}; };
toLua = x: toLua = x:
if builtins.isString x then ''"${x}"'' if builtins.isString x then ''"${x}"''
else if builtins.isBool x then toString x else if builtins.isBool x then (if x == true then "true" else "false")
else if builtins.isInt x then toString x else if builtins.isInt x then toString x
else if builtins.isList x then ''{ ${lib.concatStringsSep ", " (map (n: toLua n) x) } }''
else throw "Invalid Lua value"; else throw "Invalid Lua value";
createSSLOptsStr = o: '' createSSLOptsStr = o: ''
@ -198,6 +301,59 @@ in
description = "Allow account creation"; description = "Allow account creation";
}; };
c2sRequireEncryption = mkOption {
type = types.bool;
default = true;
description = ''
Force clients to use encrypted connections? This option will
prevent clients from authenticating unless they are using encryption.
'';
};
s2sRequireEncryption = mkOption {
type = types.bool;
default = true;
description = ''
Force servers to use encrypted connections? This option will
prevent servers from authenticating unless they are using encryption.
Note that this is different from authentication.
'';
};
s2sSecureAuth = mkOption {
type = types.bool;
default = false;
description = ''
Force certificate authentication for server-to-server connections?
This provides ideal security, but requires servers you communicate
with to support encryption AND present valid, trusted certificates.
For more information see https://prosody.im/doc/s2s#security
'';
};
s2sInsecureDomains = mkOption {
type = types.listOf types.str;
default = [];
example = [ "insecure.example.com" ];
description = ''
Some servers have invalid or self-signed certificates. You can list
remote domains here that will not be required to authenticate using
certificates. They will be authenticated using DNS instead, even
when s2s_secure_auth is enabled.
'';
};
s2sSecureDomains = mkOption {
type = types.listOf types.str;
default = [];
example = [ "jabber.org" ];
description = ''
Even if you leave s2s_secure_auth disabled, you can still require valid
certificates for some domains by specifying a list here.
'';
};
modules = moduleOpts; modules = moduleOpts;
extraModules = mkOption { extraModules = mkOption {
@ -266,27 +422,35 @@ in
data_path = "/var/lib/prosody" data_path = "/var/lib/prosody"
allow_registration = ${boolToString cfg.allowRegistration};
${ optionalString cfg.modules.console "console_enabled = true;" }
${ optionalString (cfg.ssl != null) (createSSLOptsStr cfg.ssl) } ${ optionalString (cfg.ssl != null) (createSSLOptsStr cfg.ssl) }
admins = { ${lib.concatStringsSep ", " (map (n: "\"${n}\"") cfg.admins) } }; admins = ${toLua cfg.admins}
-- we already build with libevent, so we can just enable it for a more performant server
use_libevent = true
modules_enabled = { modules_enabled = {
${ lib.concatStringsSep "\n\ \ " (lib.mapAttrsToList ${ lib.concatStringsSep "\n\ \ " (lib.mapAttrsToList
(name: val: optionalString val ''"${name}";'') (name: val: optionalString val "${toLua name};")
cfg.modules) } cfg.modules) }
${ optionalString cfg.allowRegistration "\"register\"\;" } ${ lib.concatStringsSep "\n" (map (x: "${toLua x};") cfg.extraModules)}
${ lib.concatStringsSep "\n" (map (x: "\"${x}\";") cfg.extraModules)}
"posix";
}; };
allow_registration = ${toLua cfg.allowRegistration}
c2s_require_encryption = ${toLua cfg.c2sRequireEncryption}
s2s_require_encryption = ${toLua cfg.s2sRequireEncryption}
s2s_secure_auth = ${toLua cfg.s2sSecureAuth}
s2s_insecure_domains = ${toLua cfg.s2sInsecureDomains}
s2s_secure_domains = ${toLua cfg.s2sSecureDomains}
${ cfg.extraConfig } ${ cfg.extraConfig }
${ lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: '' ${ lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: ''

9
pkgs/servers/xmpp/prosody/default.nix
View file

@ -1,14 +1,12 @@
{ stdenv, fetchurl, libidn, openssl, makeWrapper, fetchhg { stdenv, fetchurl, libidn, openssl, makeWrapper, fetchhg
, lua5, luasocket, luasec, luaexpat, luafilesystem, luabitop , lua5, luasocket, luasec, luaexpat, luafilesystem, luabitop
, withLibevent ? true, luaevent ? null , withLibevent ? true, luaevent ? null
, withZlib ? true, luazlib ? null
, withDBI ? true, luadbi ? null , withDBI ? true, luadbi ? null
# use withExtraLibs to add additional dependencies of community modules # use withExtraLibs to add additional dependencies of community modules
, withExtraLibs ? [ ] , withExtraLibs ? [ ]
, withCommunityModules ? [ ] }: , withCommunityModules ? [ ] }:
assert withLibevent -> luaevent != null; assert withLibevent -> luaevent != null;
assert withZlib -> luazlib != null;
assert withDBI -> luadbi != null; assert withDBI -> luadbi != null;
with stdenv.lib; with stdenv.lib;
@ -16,7 +14,6 @@ with stdenv.lib;
let let
libs = [ luasocket luasec luaexpat luafilesystem luabitop ] libs = [ luasocket luasec luaexpat luafilesystem luabitop ]
++ optional withLibevent luaevent ++ optional withLibevent luaevent
++ optional withZlib luazlib
++ optional withDBI luadbi ++ optional withDBI luadbi
++ withExtraLibs; ++ withExtraLibs;
getPath = lib : type : "${lib}/lib/lua/${lua5.luaversion}/?.${type};${lib}/share/lua/${lua5.luaversion}/?.${type}"; getPath = lib : type : "${lib}/lib/lua/${lua5.luaversion}/?.${type};${lib}/share/lua/${lua5.luaversion}/?.${type}";
@ -27,12 +24,12 @@ let
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "0.9.12"; version = "0.10.0";
name = "prosody-${version}"; name = "prosody-${version}";
src = fetchurl { src = fetchurl {
url = "http://prosody.im/downloads/source/${name}.tar.gz"; url = "http://prosody.im/downloads/source/${name}.tar.gz";
sha256 = "139yxqpinajl32ryrybvilh54ddb1q6s0ajjhlcs4a0rnwia6n8s"; sha256 = "1644jy5dk46vahmh6nna36s79k8k668sbi3qamjb4q3c4m3y853l";
}; };
communityModules = fetchhg { communityModules = fetchhg {
@ -65,7 +62,7 @@ stdenv.mkDerivation rec {
meta = { meta = {
description = "Open-source XMPP application server written in Lua"; description = "Open-source XMPP application server written in Lua";
license = licenses.mit; license = licenses.mit;
homepage = http://www.prosody.im; homepage = https://prosody.im;
platforms = platforms.linux; platforms = platforms.linux;
maintainers = [ ]; maintainers = [ ];
}; };

5
pkgs/top-level/all-packages.nix
View file

@ -12225,8 +12225,9 @@ with pkgs;
hyp = callPackage ../servers/http/hyp/default.nix { }; hyp = callPackage ../servers/http/hyp/default.nix { };
prosody = callPackage ../servers/xmpp/prosody { prosody = callPackage ../servers/xmpp/prosody {
lua5 = lua5_1; # _compat can probably be removed on next minor version after 0.10.0
inherit (lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib luadbi; lua5 = lua5_2_compat;
inherit (lua52Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luadbi;
}; };
biboumi = callPackage ../servers/xmpp/biboumi { }; biboumi = callPackage ../servers/xmpp/biboumi { };