New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/prosody: make module defaults comply with XEP-0423 #86067
Conversation
@GrahamcOfBorg test prosody |
I have a remaining question: I'd like to provide the user with an example let's encrypt setup. Something along the lines of
Where should I put this? I first thought about adding an example setup in the nixos manual, but I'm not sure people will end up reading it. Do you have any idea about were to put that? Side note: I just realized @mmilata has been bumping prosody to 0.11.5 in the meantime (I missed that commit, I actually started this PR about a month ago, took me quite some time to fix the nixos test)! Will remove this duplicate bump from the PR in a sec. |
e743b21
to
44f3205
Compare
Thanks a lot for doing this! I really like how this also makes the prosody module much more composable. It's now also very easy to define mucs, which can be reused by things like #82920.
|
Setting up a XMPP chat server is a pretty deep rabbit whole to jump in when you're not familiar with this whole universe. Your experience with this environment will greatly depends on whether or not your server implements the right set of XEPs. To tackle this problem, the XMPP community came with the idea of creating a meta-XEP in charge of listing the desirable XEPs to comply with. This meta-XMP is issued every year under an new XEP number. The 2020 one being XEP-0423[1]. This prosody nixos module refactoring makes complying with XEP-0423 easier. All the necessary extensions are enabled by default. For some extensions (MUC and HTTP_UPLOAD), we need some input from the user and cannot provide a sensible default nixpkgs-wide. For those, we guide the user using a couple of assertions explaining the remaining manual steps to perform. We took advantage of this substential refactoring to refresh the associated nixos test. Changelog: - Update the prosody package to provide the necessary community modules in order to comply with XEP-0423. This is a tradeoff, as depending on their configuration, the user might end up not using them and wasting some disk space. That being said, adding those will allow the XEP-0423 users, which I expect to be the majority of users, to leverage a bit more the binary cache. - Add a muc submodule populated with the prosody muc defaults. - Add a http_upload submodule in charge of setting up a basic http server handling the user uploads. This submodule is in is spinning up an HTTP(s) server in charge of receiving and serving the user's attachments. - Advertise both the MUCs and the http_upload endpoints using mod disco. - Use the slixmpp library in place of the now defunct sleekxmpp for the prosody NixOS test. - Update the nixos test to setup and test the MUC and http upload features. - Add a couple of assertions triggered if the setup is not xep-0423 compliant. [1] https://xmpp.org/extensions/xep-0423.html
We are leveraging the systemd sandboxing features to prevent the service accessing locations it shouldn't do. Most notably, we are here preventing the prosody service from accessing /home and providing it with a private /dev and /tmp. Please consult man systemd.exec for further informations.
9822880
to
353a8b5
Compare
We add a Prosody entry to the NixOS manual showing how to setup a basic XEP-0423 compliant Prosody service. This example also showcase how to generate the associated ACME certificates. Note: The <programlisting> body might look poorly indented, but trust me, it's necessary. If we try to increase their indentation level, the HTML output will end up containing a lot of unecesseray heading spaces breaking the formatting...
df52c29
to
f5b1e6b
Compare
Thanks a lot for all the nice work in here! 👍 |
Motivation for this change
The overall idea behind all these changes is to provide some sane defaults to make the module "just work" by default. We are trying to stay as close as possible from the meta XEP-0423.
It is now possible to be fully complient with this meta-XEP with a minimal setup.
As an illustration, I use the following configuration on my personal prosody instance to get fully compliant to the conversations test (https://compliance.conversations.m/server/chat.alternativebit.fr/):
After seeing a few prosody nixos config in the wild, I'm confident this PR will make setting up prosody much easier for a lot of people.
The NixOS test has been updated to test this compliance through a VM test.
See the commit messages for more details.
Inlined commit messages:
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)CC: @fpletz @globin @andir @florianjacob @flokli