nixos/prosody: make module defaults comply with XEP-0423 #86067
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@GrahamcOfBorg test prosody |
|
I have a remaining question: I'd like to provide the user with an example let's encrypt setup. Something along the lines of Where should I put this? I first thought about adding an example setup in the nixos manual, but I'm not sure people will end up reading it. Do you have any idea about were to put that? Side note: I just realized @mmilata has been bumping prosody to 0.11.5 in the meantime (I missed that commit, I actually started this PR about a month ago, took me quite some time to fix the nixos test)! Will remove this duplicate bump from the PR in a sec. |
picnoir
force-pushed
the
nin-sane-prosody-defaults
branch
2 times, most recently
from
e743b21
to
44f3205
Compare
|
Thanks a lot for doing this! I really like how this also makes the prosody module much more composable. It's now also very easy to define mucs, which can be reused by things like #82920.
|
flokli
reviewed
Apr 27, 2020
Setting up a XMPP chat server is a pretty deep rabbit whole to jump in when you're not familiar with this whole universe. Your experience with this environment will greatly depends on whether or not your server implements the right set of XEPs. To tackle this problem, the XMPP community came with the idea of creating a meta-XEP in charge of listing the desirable XEPs to comply with. This meta-XMP is issued every year under an new XEP number. The 2020 one being XEP-0423[1]. This prosody nixos module refactoring makes complying with XEP-0423 easier. All the necessary extensions are enabled by default. For some extensions (MUC and HTTP_UPLOAD), we need some input from the user and cannot provide a sensible default nixpkgs-wide. For those, we guide the user using a couple of assertions explaining the remaining manual steps to perform. We took advantage of this substential refactoring to refresh the associated nixos test. Changelog: - Update the prosody package to provide the necessary community modules in order to comply with XEP-0423. This is a tradeoff, as depending on their configuration, the user might end up not using them and wasting some disk space. That being said, adding those will allow the XEP-0423 users, which I expect to be the majority of users, to leverage a bit more the binary cache. - Add a muc submodule populated with the prosody muc defaults. - Add a http_upload submodule in charge of setting up a basic http server handling the user uploads. This submodule is in is spinning up an HTTP(s) server in charge of receiving and serving the user's attachments. - Advertise both the MUCs and the http_upload endpoints using mod disco. - Use the slixmpp library in place of the now defunct sleekxmpp for the prosody NixOS test. - Update the nixos test to setup and test the MUC and http upload features. - Add a couple of assertions triggered if the setup is not xep-0423 compliant. [1] https://xmpp.org/extensions/xep-0423.html
We are leveraging the systemd sandboxing features to prevent the service accessing locations it shouldn't do. Most notably, we are here preventing the prosody service from accessing /home and providing it with a private /dev and /tmp. Please consult man systemd.exec for further informations.
picnoir
force-pushed
the
nin-sane-prosody-defaults
branch
from
9822880
to
353a8b5
Compare
flokli
reviewed
May 1, 2020
We add a Prosody entry to the NixOS manual showing how to setup a basic XEP-0423 compliant Prosody service. This example also showcase how to generate the associated ACME certificates. Note: The <programlisting> body might look poorly indented, but trust me, it's necessary. If we try to increase their indentation level, the HTML output will end up containing a lot of unecesseray heading spaces breaking the formatting...
picnoir
force-pushed
the
nin-sane-prosody-defaults
branch
from
df52c29
to
f5b1e6b
Compare
flokli
approved these changes
May 1, 2020
|
Thanks a lot for all the nice work in here! 👍 |
10 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
The overall idea behind all these changes is to provide some sane defaults to make the module "just work" by default. We are trying to stay as close as possible from the meta XEP-0423.
It is now possible to be fully complient with this meta-XEP with a minimal setup.
As an illustration, I use the following configuration on my personal prosody instance to get fully compliant to the conversations test (https://compliance.conversations.m/server/chat.alternativebit.fr/):
After seeing a few prosody nixos config in the wild, I'm confident this PR will make setting up prosody much easier for a lot of people.
The NixOS test has been updated to test this compliance through a VM test.
See the commit messages for more details.
Inlined commit messages:
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)CC: @fpletz @globin @andir @florianjacob @flokli