====== Information ====== * Prosody ((https://prosody.im)) * [[Information:Realm of Espionage]] * chat.realmofespionage.xyz ((XMPP)) ===== Prerequisites ===== * [[linux:distros:server:opensuse_tumbleweed_server|openSUSE Tumbleweed (Server)]] * [[servers:linux:nginx:lets_encrypt|Certbot (Let's Encrypt)]] ====== Dependencies ====== **** sudo zypper install 'prosody' ====== Firewall ====== * 5222/tcp is XMPP c2s ((client to server communications)) and needs forwarded from the router * 5269/tcp is XMPP s2s ((server to server communications)) and needs forwarded from the router * [[linux:notes:firewalld|Firewalld Notes]] sudo firewall-cmd --add-service='xmpp-client' --permanent && sudo firewall-cmd --add-service='xmpp-server' --permanent && sudo firewall-cmd --reload ====== Settings ====== * https://prosody.im/doc/configure ===== Modular ===== echo 'Include "conf.d/*.cfg.lua"' | sudo tee --append '/etc/prosody/prosody.cfg.lua' > '/dev/null' sudo -e '/etc/prosody/prosody.cfg.lua' ===== RoE | Chat ===== sudo mkdir -p '/etc/prosody/conf.d' && sudo -e '/etc/prosody/conf.d/roe-chat.cfg.lua' && sudo chown -R 'prosody':'prosody' '/etc/prosody/conf.d' admins = { "espionage724@chat.realmofespionage.xyz" } ssl = { key = "/etc/prosody/certs/privkey.pem"; certificate = "/etc/prosody/certs/fullchain.pem"; protocol = "tlsv1_2"; ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"; } c2s_require_encryption = true s2s_secure_auth = true authentication = "internal_hashed" VirtualHost "chat.realmofespionage.xyz" -- End ====== Let's Encrypt SSL Cert ====== ===== Initial ===== **** sudo cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && sudo chown 'prosody':'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' ===== Certbot Automation ===== ==== Prosody ==== sudo -e '/etc/letsencrypt/cli-custom.ini' post-hook = cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody' ==== nginx + Prosody ==== * Requires [[servers:nginx_php_php-fpm | nginx]] sudo -e '/etc/letsencrypt/cli-custom.ini' post-hook = systemctl start 'nginx' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody' ==== nginx + murmur + Prosody ==== * Requires [[servers:nginx_php_php-fpm | nginx]] and [[servers:murmur | Murmur]] sudo -e '/etc/letsencrypt/cli-custom.ini' post-hook = systemctl start 'nginx' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/murmur/certs' && chgrp 'mumble-server' '/etc/murmur/certs/fullchain.pem' '/etc/murmur/certs/privkey.pem' && systemctl restart 'murmur' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody' ====== Create User ====== sudo su 'prosody' -s '/bin/bash' prosodyctl adduser 'espionage724@chat.realmofespionage.xyz' ====== Services ====== ===== Initial ===== **** sudo systemctl enable 'prosody' --now ===== Backup ===== ==== Service ==== mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/chat-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/chat-fb.service' [Service] Type=oneshot WorkingDirectory=/var/lib ExecStart='/bin/bash' -c '"/bin/tar" -cvzf "/home/CHANGEME/backups/prosody-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "prosody"' ExecStartPost='/bin/sync' ==== Timer ==== * This happens weekly ((I assume the files aren't mission-critical enough to be backed-up daily)) sudo -e '/etc/systemd/system/chat-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'chat-fb.timer' --now && sudo systemctl start 'chat-fb' && sudo systemctl status 'chat-fb' -l [Unit] Description=Prosody Files Backup [Timer] OnCalendar=weekly Persistent=true [Install] WantedBy=timers.target ====== Backup ====== * Create backup archive on server and transfer to client computer ===== Server ===== ==== Archive Files ==== **** cd '/var/lib' && sudo tar -cvzf ~/'prosody-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'prosody' && cd ~ && sync ===== Client ===== ==== Transfer Archive to Client ==== **** scp espionage724@192.168.1.153:~/'prosody-files-'*'.tar.gz' ~/'Downloads' && sync ====== Restore ====== ===== Client ===== ==== Transfer Archive to Server ==== **** scp ~/'Downloads/prosody-files-'*'.tar.gz' espionage724@192.168.1.153:~ ==== Remove Archive ==== **** rm ~/'Downloads/prosody-files-'*'.tar.gz' && sync ===== Server ===== ==== Stop Prosody ==== **** sudo systemctl stop 'prosody' ==== Remove Previous Folder ==== **** sudo rm -Rf '/var/lib/prosody' ==== Restore Files ==== **** cd '/var/lib' && sudo tar -xvzf ~/'prosody-files-'*'.tar.gz' 'prosody' && sudo chown -R 'prosody':'prosody' '/var/lib/prosody' && cd ~ && sync ==== Start Prosody ==== **** sudo systemctl start 'prosody' ==== Remove Archive ==== * Verify that Prosody works before running rm -R ~/'prosody-files-'*'.tar.gz' && sync ====== Resources ====== * https://connect.xmpp.net/ * https://inspect.xmpp.net/ * https://observe.jabber.network/ ====== TODO ====== * https://prosody.im/doc/backups