Information

Prosody ¹⁾
Realm of Espionage
chat.realmofespionage.xyz ²⁾

Prerequisites

Notes

Dependencies

sudo apt install 'prosody'

Firewall

5222/tcp is XMPP c2s ³⁾ and needs forwarded from the router
5269/tcp is XMPP s2s ⁴⁾ and needs forwarded from the router

sudo -e '/etc/ufw/applications.d/custom' && sudo ufw allow 'prosody-custom'

[prosody-custom]
title=prosody-custom
description=Prosody XMPP C2S and S2S
ports=5222,5269/tcp

Settings

General

Should be set out-the-box

sudo -e '/etc/prosody/prosody.cfg.lua'

Include "conf.d/*.cfg.lua"

RoE | Chat

sudo -e '/etc/prosody/conf.avail/roe-chat.cfg.lua'

admins = { "espionage724@chat.realmofespionage.xyz" }

ssl = {
        key = "/etc/prosody/certs/privkey.pem";
        certificate = "/etc/prosody/certs/fullchain.pem";
        protocol = "tlsv1_2";
        ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
}

c2s_require_encryption = true

s2s_secure_auth = true

authentication = "internal_hashed"

VirtualHost "chat.realmofespionage.xyz"

Enable Host

sudo rm -f '/etc/prosody/conf.d/roe-chat.cfg.lua' && sudo ln -s '/etc/prosody/conf.avail/roe-chat.cfg.lua' '/etc/prosody/conf.d/roe-chat.cfg.lua'

Let's Encrypt SSL Cert

Initial

sudo cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && sudo chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && sync

Certbot Automation

Prosody

sudo -e '/etc/letsencrypt/cli-custom.ini'

post-hook = cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'

nginx + Prosody

Requires nginx

sudo -e '/etc/letsencrypt/cli-custom.ini'

post-hook = systemctl start 'nginx' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'

nginx + murmur + Prosody

Requires nginx and Murmur

sudo -e '/etc/letsencrypt/cli-custom.ini'

post-hook = systemctl start 'nginx' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/murmur/certs' && chgrp 'mumble-server' '/etc/murmur/certs/fullchain.pem' '/etc/murmur/certs/privkey.pem' && systemctl restart 'murmur' && cp '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem' '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem' '/etc/prosody/certs' && chgrp 'prosody' '/etc/prosody/certs/fullchain.pem' '/etc/prosody/certs/privkey.pem' && systemctl restart 'prosody'

Create User

sudo -H -u 'prosody' prosodyctl adduser 'espionage724@chat.realmofespionage.xyz'

Services

Initial

sudo systemctl enable 'prosody' --now

Backup

Service

mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/chat-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/chat-fb.service'

[Service]
Type=oneshot
WorkingDirectory=/var/lib
ExecStart='/bin/bash' -c '"/bin/tar" -cvzf "/home/CHANGEME/backups/prosody-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "prosody"'
ExecStartPost='/bin/sync'

Timer

This happens weekly ⁵⁾

sudo -e '/etc/systemd/system/chat-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'chat-fb.timer' --now && sudo systemctl start 'chat-fb' && sudo systemctl status 'chat-fb' -l

[Unit]
Description=Prosody Files Backup

[Timer]
OnCalendar=weekly
Persistent=true

[Install]
WantedBy=timers.target

Backup

Create backup archive on server and transfer to client computer

Server

Archive Files

cd '/var/lib' && sudo tar -cvzf ~/'prosody-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'prosody' && cd ~ && sync

Client

Transfer Archive to Client

scp espionage724@192.168.1.153:~/'prosody-files-'*'.tar.gz' ~/'Downloads' && sync

Restore

Client

Transfer Archive to Server

scp ~/'Downloads/prosody-files-'*'.tar.gz' espionage724@192.168.1.153:~

Remove Archive

rm ~/'Downloads/prosody-files-'*'.tar.gz' && sync

Server

Stop Prosody

sudo systemctl stop 'prosody'

Remove Previous Folder

sudo rm -Rf '/var/lib/prosody'

Restore Files

cd '/var/lib' && sudo tar -xvzf ~/'prosody-files-'*'.tar.gz' 'prosody' && sudo chown -R 'prosody':'prosody' '/var/lib/prosody' && cd ~ && sync

Start Prosody

sudo systemctl start 'prosody'

Remove Archive

Verify that Prosody works before running

rm -R ~/'prosody-files-'*'.tar.gz' && sync

¹⁾

https://prosody.im

²⁾

XMPP

³⁾

client to server communications

⁴⁾

server to server communications

⁵⁾

I assume the files aren't mission-critical enough to be backed-up daily

RoE | Wiki

Table of Contents

Information

Prerequisites

Notes

Dependencies

Firewall

Settings

General

RoE | Chat

Enable Host

Let's Encrypt SSL Cert

Initial

Certbot Automation

Prosody

nginx + Prosody

nginx + murmur + Prosody

Create User

Services

Initial

Backup

Service

Timer

Backup

Server

Archive Files

Client

Transfer Archive to Client

Restore

Client

Transfer Archive to Server

Remove Archive

Server

Stop Prosody

Remove Previous Folder

Restore Files

Start Prosody

Remove Archive