diff --git a/debian/control b/debian/control index dca1d5a..cb68312 100644 --- a/debian/control +++ b/debian/control @@ -107,7 +107,7 @@ Description: free web-based platform for social networks (apache frontend) Package: noosfero-chat Architecture: all -Depends: noosfero (>= 1.2), ejabberd, odbc-postgresql, pidgin-data +Depends: noosfero (>= 1.5.1), ejabberd (>= 16.06), odbc-postgresql, pidgin-data Description: free web-based platform for social networks (ejabberd based chat) Noosfero is a web platform for social and solidarity economy networks with blog, e-Porfolios, CMS, RSS, thematic discussion, events agenda and collective diff --git a/debian/noosfero-chat.config b/debian/noosfero-chat.config new file mode 100644 index 0000000..43ef48c --- /dev/null +++ b/debian/noosfero-chat.config @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule +if [ -f /usr/share/dbconfig-common/dpkg/config ]; then + # comma-separated, e.g. "mysql, pgsql, sqlite3" + dbc_dbtypes="pgsql" + + . /usr/share/dbconfig-common/dpkg/config +fi + +db_input high noosfero-chat/environment || true +db_go + +db_input high noosfero-chat/admin || true +db_go + diff --git a/debian/noosfero-chat.install b/debian/noosfero-chat.install index 2f04fcd..535eff1 100644 --- a/debian/noosfero-chat.install +++ b/debian/noosfero-chat.install @@ -1,5 +1,5 @@ debian/default/noosfero-chat etc/default -util/chat/ejabberd.cfg etc/ejabberd +util/chat/ejabberd.yml etc/ejabberd debian/update-noosfero-odbc usr/sbin etc/security/limits.d/noosfero-chat.conf etc/security/limits.d etc/pam.d/noosfero-chat etc/pam.d diff --git a/debian/noosfero-chat.postinst b/debian/noosfero-chat.postinst index 114105a..5ae31ae 100644 --- a/debian/noosfero-chat.postinst +++ b/debian/noosfero-chat.postinst @@ -4,18 +4,32 @@ set -e . /usr/share/debconf/confmodule -echo -n "Fetching noosfero domain ..." -domain=$(noosfero-runner 'puts Environment.default.default_hostname(true)') +db_get noosfero-chat/environment +if [ ! -z "$RET" ]; then + environment="${RET}_production" +else + environment="production" +fi + +domain=$(noosfero-runner 'puts Environment.default.default_hostname(true)' $environment) echo " [domain = $domain]" -ejabberd_config='/etc/ejabberd/ejabberd.cfg' +db_get noosfero-chat/admin +if [ ! -z "$RET" ]; then + admin="$RET@$domain" +else + admin="admin@$domain" +fi +echo " [admin = $admin]" + +ejabberd_config='/etc/ejabberd/ejabberd.yml' if test -f $ejabberd_config; then - sed -i "s/acl, *\([^,]*\), *{user, *\([^,]*\), *[^}]*/acl, \1, {user, \2, \"$domain\"/" /etc/ejabberd/ejabberd.cfg - sed -i "s/hosts, *\[[^]]*/hosts, [\"$domain\"/" /etc/ejabberd/ejabberd.cfg + sed -i "s/HOST_DOMAIN/$domain/" /etc/ejabberd/ejabberd.yml + sed -i "s/ACL_ADMIN_ACCOUNT/$admin/" /etc/ejabberd/ejabberd.yml fi echo -n 'Fetching noosfero database name ...' -noosfero_database=$(noosfero-runner 'puts Environment.connection_config[:database]') +noosfero_database=$(noosfero-runner 'puts Environment.connection_config[:database]' $environment) echo " [database = $noosfero_database]" echo 'Creating ejabberd schema ...' @@ -29,7 +43,7 @@ else echo " => GRANT CREATE ON DATABASE $noosfero_database TO $noosfero_user;" fi -su - $noosfero_user -c 'rails dbconsole production < /usr/share/noosfero/util/chat/postgresql/ejabberd.sql > /dev/null' +su - $noosfero_user -c "rails dbconsole $environment < /usr/share/noosfero/util/chat/postgresql/ejabberd.sql > /dev/null" if which update-noosfero-odbc &> /dev/null ; then update-noosfero-odbc @@ -37,6 +51,7 @@ fi ejabberd_default='/etc/default/ejabberd' noosfero_chat_default='/etc/default/noosfero-chat' + if test -f $ejabberd_default; then if ! cat $ejabberd_default | grep "^\. $noosfero_chat_default" > /dev/null ; then echo 'Extending ejabberd defaults with noosfero-chat defaults ...' diff --git a/debian/noosfero-chat.templates b/debian/noosfero-chat.templates new file mode 100644 index 0000000..9dc2fb8 --- /dev/null +++ b/debian/noosfero-chat.templates @@ -0,0 +1,19 @@ +Template: noosfero-chat/environment +Type: string +Description: Choose the environment in which the chat will be installed + Noosfero Chat currently does not support multitenancy environments. If your + system is using a multitenancy setup with multiple environments, you will need + to fill below the environment in which you want the chat installed + uses. For example, if your environment is 'social_production', you should + enter below 'social'. + . + If you are not using a multitenancy setup, you may leave this option blank, in + which case the used environment will be 'production'. + +Template: noosfero-chat/admin +Type: string +Description: Choose the admin of the chat + Enter the user identifier to define the user that will have administrator + privileges on the chat. + . + If you leave this option blank the user defined will be 'admin'. diff --git a/util/chat/ejabberd.cfg b/util/chat/ejabberd.cfg deleted file mode 100644 index 7d9ecce..0000000 --- a/util/chat/ejabberd.cfg +++ /dev/null @@ -1,74 +0,0 @@ -%%% -%%% Noosfero ejabberd configuration file -%%% This config must be in UTF-8 encoding -%%% - -{acl, admin, {user, "admin", "mydomain.example.com"}}. -{hosts, ["mydomain.example.com"]}. - -{loglevel, 4}. -{listen, - [ - {5222, ejabberd_c2s, [ - {access, c2s}, - {shaper, c2s_shaper}, - {max_stanza_size, 65536}, - starttls, {certfile, "/etc/ejabberd/ejabberd.pem"} - ]}, - {5280, ejabberd_http, [ - http_bind, - http_poll - ]} - ]}. -{max_fsm_queue, 1000}. -{auth_method, odbc}. -{odbc_server, "DSN=PostgreSQLEjabberdNoosfero"}. -{shaper, normal, {maxrate, 10000000}}. -{shaper, fast, {maxrate, 50000}}. -{acl, local, {user_regexp, ""}}. -{access, max_user_sessions, [{10, all}]}. -{access, local, [{allow, local}]}. -{access, c2s, [{deny, blocked}, - {allow, all}]}. -{access, c2s_shaper, [{none, admin}, - {normal, all}]}. -{access, announce, [{allow, admin}]}. -{access, configure, [{allow, admin}]}. -{access, muc_admin, [{allow, admin}]}. -{access, muc, [{allow, all}]}. -{access, pubsub_createnode, [{allow, all}]}. -{language, "pt"}. -{modules, - [ - {mod_adhoc, []}, - {mod_announce, [{access, announce}]}, % requires mod_adhoc - {mod_caps, []}, - {mod_configure,[]}, % requires mod_adhoc - {mod_disco, []}, - {mod_last, []}, - {mod_muc, [ - {access, muc}, - {access_create, muc}, - {access_persistent, muc}, - {access_admin, muc_admin}, - {max_users, 500}, - {default_room_options, [{anonymous, false}]} - ]}, - {mod_privacy_odbc, []}, - {mod_private_odbc, []}, - {mod_proxy65, [ - {access, local}, - {shaper, c2s_shaper} - ]}, - {mod_roster_odbc, []}, - {mod_stats, []}, - {mod_time, []}, - {mod_vcard, []}, - {mod_http_bind, []}, - {mod_version, []} - ]}. - -%%% Local Variables: -%%% mode: erlang -%%% End: -%%% vim: set filetype=erlang tabstop=8: diff --git a/util/chat/ejabberd.yml b/util/chat/ejabberd.yml new file mode 100644 index 0000000..eff9720 --- /dev/null +++ b/util/chat/ejabberd.yml @@ -0,0 +1,694 @@ +### +###' ejabberd configuration file +### +### + +### The parameters used in this configuration file are explained in more detail +### in the ejabberd Installation and Operation Guide. +### Please consult the Guide in case of doubts, it is included with +### your copy of ejabberd, and is also available online at +### http://www.process-one.net/en/ejabberd/docs/ + +### The configuration file is written in YAML. +### Refer to http://en.wikipedia.org/wiki/YAML for the brief description. +### However, ejabberd treats different literals as different types: +### +### - unquoted or single-quoted strings. They are called "atoms". +### Example: dog, 'Jupiter', '3.14159', YELLOW +### +### - numeric literals. Example: 3, -45.0, .0 +### +### - quoted or folded strings. +### Examples of quoted string: "Lizzard", "orange". +### Example of folded string: +### > Art thou not Romeo, +### and a Montague? + +###. ======= +###' LOGGING + +## +## loglevel: Verbosity of log files generated by ejabberd. +## 0: No ejabberd log at all (not recommended) +## 1: Critical +## 2: Error +## 3: Warning +## 4: Info +## 5: Debug +## +loglevel: 4 + +## +## rotation: Disable ejabberd's internal log rotation, as the Debian package +## uses logrotate(8). +log_rotate_size: 0 +log_rotate_date: "" + +## +## overload protection: If you want to limit the number of messages per second +## allowed from error_logger, which is a good idea if you want to avoid a flood +## of messages when system is overloaded, you can set a limit. +## 100 is ejabberd's default. +log_rate_limit: 100 + +## +## watchdog_admins: Only useful for developers: if an ejabberd process +## consumes a lot of memory, send live notifications to these XMPP +## accounts. +## +## watchdog_admins: +## - "bob@example.com" + +###. =============== +###' NODE PARAMETERS + +## +## net_ticktime: Specifies net_kernel tick time in seconds. This options must have +## identical value on all nodes, and in most cases shouldn't be changed at all from +## default value. +## +## net_ticktime: 60 + +###. ================ +###' SERVED HOSTNAMES + +## +## hosts: Domains served by ejabberd. +## You can define one or several, for example: +## hosts: +## - "example.net" +## - "example.com" +## - "example.org" +## +hosts: + - "HOST_DOMAIN" + +## +## route_subdomains: Delegate subdomains to other XMPP servers. +## For example, if this ejabberd serves example.org and you want +## to allow communication with an XMPP server called im.example.org. +## +## route_subdomains: s2s + +###. =============== +###' LISTENING PORTS + +## +## listen: The ports ejabberd will listen on, which service each is handled +## by and what options to start it with. +## +listen: + - + port: 5222 + ip: "::" + module: ejabberd_c2s + ## + ## If TLS is compiled in and you installed a SSL + ## certificate, specify the full path to the + ## file and uncomment these lines: + ## + certfile: "/etc/ejabberd/ejabberd.pem" + starttls: true + ## + ## To enforce TLS encryption for client connections, + ## use this instead of the "starttls" option: + ## + ## starttls_required: true + ## + ## Custom OpenSSL options + ## + protocol_options: + - "no_sslv3" + ## - "no_tlsv1" + max_stanza_size: 65536 + shaper: c2s_shaper + access: c2s + zlib: true + resend_on_timeout: if_offline + - + port: 5269 + ip: "::" + module: ejabberd_s2s_in + ## + ## ejabberd_service: Interact with external components (transports, ...) + ## + ## - + ## port: 8888 + ## module: ejabberd_service + ## access: all + ## shaper_rule: fast + ## ip: "127.0.0.1" + ## hosts: + ## "icq.example.org": + ## password: "secret" + ## "sms.example.org": + ## password: "secret" + + ## + ## ejabberd_stun: Handles STUN Binding requests + ## + ## - + ## port: 3478 + ## transport: udp + ## module: ejabberd_stun + + ## + ## To handle XML-RPC requests that provide admin credentials: + ## + ## - + ## port: 4560 + ## module: ejabberd_xmlrpc + ## access_commands: {} + - + port: 5280 + ip: "::" + module: ejabberd_http + request_handlers: + "/websocket": ejabberd_http_ws + ## "/pub/archive": mod_http_fileserver + web_admin: true + http_bind: true + http_poll: true + ## register: true + ## captcha: true + ## tls: true + ## certfile: "/etc/ejabberd/ejabberd.pem" + +## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text +## password storage (see auth_password_format option). +disable_sasl_mechanisms: "digest-md5" + +###. ================== +###' S2S GLOBAL OPTIONS + +## +## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections. +## Allowed values are: false optional required required_trusted +## You must specify a certificate file. +## +s2s_use_starttls: optional + +## +## s2s_certfile: Specify a certificate file. +## +s2s_certfile: "/etc/ejabberd/ejabberd.pem" + +## Custom OpenSSL options +## +s2s_protocol_options: + - "no_sslv3" +## - "no_tlsv1" + +## +## domain_certfile: Specify a different certificate for each served hostname. +## +## host_config: +## "example.org": +## domain_certfile: "/path/to/example_org.pem" +## "example.com": +## domain_certfile: "/path/to/example_com.pem" + +## +## S2S whitelist or blacklist +## +## Default s2s policy for undefined hosts. +## +## s2s_access: s2s + +## +## Outgoing S2S options +## +## Preferred address families (which to try first) and connect timeout +## in milliseconds. +## +## outgoing_s2s_families: +## - ipv4 +## - ipv6 +## outgoing_s2s_timeout: 10000 + +###. ============== +###' AUTHENTICATION + +## +## auth_method: Method used to authenticate the users. +## The default method is the internal. +## If you want to use a different method, +## comment this line and enable the correct ones. +## +#auth_method: internal + +## +## Store the plain passwords or hashed for SCRAM: +## auth_password_format: plain +## auth_password_format: scram +## +## Define the FQDN if ejabberd doesn't detect it: +## fqdn: "server3.example.com" + +## +## Authentication using external script +## Make sure the script is executable by ejabberd. +## +## auth_method: external +## extauth_program: "/path/to/authentication/script" + +## +## Authentication using SQL +## Remember to setup a database in the next section. +## +auth_method: sql + +## +## Authentication using PAM +## +## auth_method: pam +## pam_service: "pamservicename" + +## +## Authentication using LDAP +## +## auth_method: ldap +## +## List of LDAP servers: +## ldap_servers: +## - "localhost" +## +## Encryption of connection to LDAP servers: +## ldap_encrypt: none +## ldap_encrypt: tls +## +## Port to connect to on LDAP servers: +## ldap_port: 389 +## ldap_port: 636 +## +## LDAP manager: +## ldap_rootdn: "dc=example,dc=com" +## +## Password of LDAP manager: +## ldap_password: "******" +## +## Search base of LDAP directory: +## ldap_base: "dc=example,dc=com" +## +## LDAP attribute that holds user ID: +## ldap_uids: +## - "mail": "%u@mail.example.org" +## +## LDAP filter: +## ldap_filter: "(objectClass=shadowAccount)" + +## +## Anonymous login support: +## auth_method: anonymous +## anonymous_protocol: sasl_anon | login_anon | both +## allow_multiple_connections: true | false +## +## host_config: +## "public.example.org": +## auth_method: anonymous +## allow_multiple_connections: false +## anonymous_protocol: sasl_anon +## +## To use both anonymous and internal authentication: +## +## host_config: +## "public.example.org": +## auth_method: +## - internal +## - anonymous + +###. ============== +###' DATABASE SETUP + +## ejabberd by default uses the internal Mnesia database, +## so you do not necessarily need this section. +## This section provides configuration examples in case +## you want to use other database backends. +## Please consult the ejabberd Guide for details on database creation. + +## +## MySQL server: +## +## sql_type: mysql +## sql_server: "server" +## sql_database: "database" +## sql_username: "username" +## sql_password: "password" +## +## If you want to specify the port: +## sql_port: 1234 + +## +## PostgreSQL server: +## +## sql_type: pgsql +## sql_server: "server" +## sql_database: "database" +## sql_username: "username" +## sql_password: "password" +## +## If you want to specify the port: +## sql_port: 1234 +## +## If you use PostgreSQL, have a large database, and need a +## faster but inexact replacement for "select count(*) from users" +## +## pgsql_users_number_estimate: true + +## +## SQLite: +## +## sql_type: sqlite +## sql_database: "/path/to/database.db" + +## +## ODBC compatible or MSSQL server: +## +sql_type: odbc +sql_server: "DSN=PostgreSQLEjabberdNoosfero" + +## +## Number of connections to open to the database for each virtual host +## +## sql_pool_size: 10 + +## +## Interval to make a dummy SQL request to keep the connections to the +## database alive. Specify in seconds: for example 28800 means 8 hours +## +## sql_keepalive_interval: undefined + +###. =============== +###' TRAFFIC SHAPERS + +shaper: + ## + ## The "normal" shaper limits traffic speed to 1000 B/s + ## + normal: 1000 + + ## + ## The "fast" shaper limits traffic speed to 50000 B/s + ## + fast: 50000 + +## +## This option specifies the maximum number of elements in the queue +## of the FSM. Refer to the documentation for details. +## +max_fsm_queue: 1000 + +###. ==================== +###' ACCESS CONTROL LISTS +acl: + ## + ## The 'admin' ACL grants administrative privileges to XMPP accounts. + ## You can put here as many accounts as you want. + ## + admin: + user: + - "ACL_ADMIN_ACCOUNT" + + ## + ## Blocked users + ## + ## blocked: + ## user: + ## - "baduser@example.org" + ## - "test" + + ## Local users: don't modify this. + ## + local: + user_regexp: "" + + ## + ## More examples of ACLs + ## + ## jabberorg: + ## server: + ## - "jabber.org" + ## aleksey: + ## user: + ## - "aleksey@jabber.ru" + ## test: + ## user_regexp: "^test" + ## user_glob: "test*" + + ## + ## Loopback network + ## + loopback: + ip: + - "127.0.0.0/8" + + ## + ## Bad XMPP servers + ## + ## bad_servers: + ## server: + ## - "xmpp.zombie.org" + ## - "xmpp.spam.com" + +## +## Define specific ACLs in a virtual host. +## +## host_config: +## "localhost": +## acl: +## admin: +## user: +## - "bob-local@localhost" + +###. ============ +###' SHAPER RULES + +shaper_rules: + ## Maximum number of simultaneous sessions allowed for a single user: + max_user_sessions: 10 + ## Maximum number of offline messages that users can have: + max_user_offline_messages: + - 5000: admin + - 100 + ## For C2S connections, all users except admins use the "normal" shaper + c2s_shaper: + - none: admin + - normal + ## All S2S connections use the "fast" shaper + s2s_shaper: fast + +###. ============ +###' ACCESS RULES +access_rules: + ## This rule allows access only for local users: + local: + - allow: local + ## Only non-blocked users can use c2s connections: + c2s: + - deny: blocked + - allow + ## Only admins can send announcement messages: + announce: + - allow: admin + ## Only admins can use the configuration interface: + configure: + - allow: admin + muc_admin: + - allow: admin + ## Only accounts of the local ejabberd server can create rooms: + muc_create: + - allow: local + muc: + - allow + ## Only accounts on the local ejabberd server can create Pubsub nodes: + pubsub_createnode: + - allow: local + ## In-band registration allows registration of any possible username. + ## To disable in-band registration, replace 'allow' with 'deny'. + register: + - allow + ## Only allow to register from localhost + trusted_network: + - allow: loopback + ## Do not establish S2S connections with bad servers + ## s2s: + ## - deny: + ## - ip: "XXX.XXX.XXX.XXX/32" + ## - deny: + ## - ip: "XXX.XXX.XXX.XXX/32" + ## - allow + +## By default the frequency of account registrations from the same IP +## is limited to 1 account every 10 minutes. To disable, specify: infinity +## registration_timeout: 600 + +## +## Define specific Access Rules in a virtual host. +## +## host_config: +## "localhost": +## access: +## c2s: +## - allow: admin +## - deny +## register: +## - deny + +###. ================ +###' DEFAULT LANGUAGE + +## +## language: Default language used for server messages. +## +language: "pt" + +## +## Set a different default language in a virtual host. +## +## host_config: +## "localhost": +## language: "ru" + +###. ======= +###' CAPTCHA + +## +## Full path to a script that generates the image. +## +## captcha_cmd: "/usr/share/ejabberd/captcha.sh" + +## +## Host for the URL and port where ejabberd listens for CAPTCHA requests. +## +## captcha_host: "example.org:5280" + +## +## Limit CAPTCHA calls per minute for JID/IP to avoid DoS. +## +## captcha_limit: 5 + +###. ======= +###' MODULES + +## +## Modules enabled in all ejabberd virtual hosts. +## +modules: + mod_adhoc: {} + mod_admin_extra: {} + mod_announce: # recommends mod_adhoc + access: announce + mod_blocking: {} # requires mod_privacy + mod_caps: {} + mod_carboncopy: {} + mod_client_state: {} + mod_configure: {} # requires mod_adhoc + mod_disco: {} + mod_echo: {} + mod_irc: {} + mod_http_bind: {} + ## mod_http_fileserver: + ## docroot: "/var/www" + ## accesslog: "/var/log/ejabberd/access.log" + mod_last: {} + mod_muc: + ## host: "conference.@HOST@" + access: + - allow + access_create: muc_create + access_persistent: muc_create + access_admin: muc_admin + default_room_options: + anonymous: false + ## mod_muc_log: {} + mod_muc_admin: {} + ## mod_multicast: {} + mod_offline: + access_max_user_messages: max_user_offline_messages + mod_ping: {} + ## mod_pres_counter: + ## count: 5 + ## interval: 60 + mod_privacy: + db_type: sql + mod_private: + db_type: sql + mod_proxy65: + access: local + shaper: c2s_shaper + mod_pubsub: + access_createnode: pubsub_createnode + ## reduces resource comsumption, but XEP incompliant + ignore_pep_from_offline: true + ## XEP compliant, but increases resource comsumption + ## ignore_pep_from_offline: false + last_item_cache: false + plugins: + - "flat" + - "hometree" + - "pep" # pep requires mod_caps + ## mod_register: + ## + ## Protect In-Band account registrations with CAPTCHA. + ## + ## captcha_protected: true + ## + ## Set the minimum informational entropy for passwords. + ## + ## password_strength: 32 + ## + ## After successful registration, the user receives + ## a message with this subject and body. + ## + ## welcome_message: + ## subject: "Welcome!" + ## body: |- + ## Hi. + ## Welcome to this XMPP server. + ## + ## When a user registers, send a notification to + ## these XMPP accounts. + ## + ## registration_watchers: + ## - "admin1@example.org" + ## + ## Only clients in the server machine can register accounts + ## + ## ip_access: trusted_network + ## + ## Local c2s or remote s2s users cannot register accounts + ## + ## access_from: deny + ## access: register + mod_roster: + db_type: odbc + mod_shared_roster: {} + mod_stats: {} + mod_time: {} + mod_vcard: + search: false + mod_version: {} + +## +## Enable modules with custom options in a specific virtual host +## +## host_config: +## "localhost": +## modules: +## mod_echo: +## host: "mirror.localhost" + +## +## Enable modules management via ejabberdctl for installation and +## uninstallation of public/private contributed modules +## (enabled by default) +## + +allow_contrib_modules: true + +###. +###' +### Local Variables: +### mode: yaml +### End: +### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker: diff --git a/util/chat/odbcinst.ini b/util/chat/odbcinst.ini index 03c2d2e..73b4358 100644 --- a/util/chat/odbcinst.ini +++ b/util/chat/odbcinst.ini @@ -1,7 +1,7 @@ [PostgreSQL Unicode] Description = PostgreSQL ODBC driver (Unicode version) -Driver = /usr/lib/odbc/psqlodbcw.so -Setup = /usr/lib/odbc/libodbcpsqlS.so +Driver = psqlodbcw.so +Setup = libodbcpsqlS.so Debug = 0 CommLog = 1 UsageCount = 3 -- libgit2 0.21.2