Initial commit

docker-compose.yml

@@ -0,0 +1,54 @@
+volumes:
+  im-conf:
+  im-data:
+  im-uploads:
+  swu-data:
+  reverse_certs:
+    external: true
+
+networks:
+  reverse_proxy-tier:
+    external: true
+  prosody:
+    external: false
+
+services:
+  prosody:
+    build: ./images/prosody
+    restart: always
+    volumes:
+      - reverse_certs:/etc/letsencrypt/live
+      - im-conf:/etc/prosody
+      - im-data:/var/lib/prosody
+      - im-uploads:/var/www
+    ports:
+      - 5000:5000
+      - 5222:5222
+      - 5269:5269
+      - 5281:5281
+      - 5347:5347
+    environment:
+      - ADMIN_EMAIL=admin@uwu.email
+      - DOMAIN_NAME=palta.cyou
+
+      - VIRTUAL_HOST=u.palta.cyou
+      - LETSENCRYPT_HOST=u.palta.cyou
+    env_file:
+      - slidge.env
+
+  whatsapp:
+    image: codeberg.org/slidge/slidge-whatsapp:latest-amd64
+    restart: always
+    environment:
+      - SLIDGE_JID=whatsapp
+      - SLIDGE_SERVER=prosody
+      - SLIDGE_USER_JID_VALIDATOR=.*@palta.cyou
+
+      - SLIDGE_NO_UPLOAD_PATH=/var/lib/slidge/attachments
+      - SLIDGE_NO_UPLOAD_URL_PREFIX=https://palta.cyou:5281/files/
+      - SLIDGE_NO_UPLOAD_FILE_READ_OTHERS=true
+    env_file:
+      - slidge.env
+    volumes:
+      - swu-data:/var/lib/slidge/:rw
+      - im-uploads:/var/lib/slidge/attachments:rw

docker-update.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/bash
+
+docker compose up --force-recreate --build -d --pull always
+docker image prune -f

images/prosody/Dockerfile

@@ -0,0 +1,31 @@
+FROM debian:bookworm-slim
+ENV LANG=C.UTF-8
+
+RUN useradd -u 10000 prosody -d /var/lib/prosody -M 
+
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        lua5.4 liblua5.4-dev prosody prosody-modules anacron idn2 lua-unbound luarocks ca-certificates \
+    && prosodyctl install --server=https://modules.prosody.im/rocks/ mod_privilege \
+    && rm -f /etc/cron.daily/apt-compat /etc/cron.daily/dpkg /etc/cron.daily/passwd \
+    && apt-get autoremove -y \
+    && rm -rf /var/lib/apt/lists/* \
+    && rm -rf /var/cache/*
+
+# See https://prosody.im/doc/ports
+# File Transfer Proxy (mod_proxy65) !NotConfigured
+#EXPOSE 5000/tcp
+# Client connections
+EXPOSE 5222/tcp
+# s2s Connections
+EXPOSE 5269/tcp
+# HTTPS (http_files for no-upload support)
+EXPOSE 5281/tcp
+# External components !DoNotPublish
+EXPOSE 5347/tcp
+
+COPY --chmod=555 refresh-certs.cron /etc/cron.daily/refresh-certs
+COPY --chmod=555 entrypoint.sh /entrypoint.sh
+COPY --chmod=555 config/ /config/
+
+ENTRYPOINT "/entrypoint.sh"

images/prosody/config/conf.d/default.cfg.lua

@@ -0,0 +1,21 @@
+if(ENV_DOMAIN_NAME)
+then
+  VirtualHost (ENV_DOMAIN_NAME)
+    privileged_entities = {
+      ["whatsapp"] = {
+        roster = "both";
+        message = "outgoing";
+        iq = {
+          ["http://jabber.org/protocol/pubsub"] = "both";
+          ["http://jabber.org/protocol/pubsub#owner"] = "both";
+        };
+      }
+    }
+    disco_items = {
+      { "whatsapp", "Whatsapp gateway" };
+    }
+    Component ("u."..ENV_DOMAIN_NAME, "http_file_share")
+    Component "whatsapp"
+      component_secret = ENV_SLIDGE_SECRET or ""
+      modules_enabled = {"privilege"}
+end

images/prosody/config/prosody.cfg.lua

@@ -0,0 +1,93 @@
+-- https://prosody.im/doc/configure
+---------- Server-wide settings ----------
+admins = { ENV_ADMIN_EMAIL}
+
+plugin_paths = { "/usr/local/lib/prosody/modules" }
+modules_enabled = {
+	-- Generally required
+		"disco"; -- Service discovery
+		"roster"; -- Allow users to have a roster. Recommended ;)
+		"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
+		"tls"; -- Add support for secure TLS on c2s/s2s connections
+
+	-- Not essential, but recommended
+		"blocklist"; -- Allow users to block communications with other users
+		"bookmarks"; -- Synchronise the list of open rooms between clients
+		"carbons"; -- Keep multiple online clients in sync
+		"dialback"; -- Support for verifying remote servers using DNS
+		"limits"; -- Enable bandwidth limiting for XMPP connections
+		"pep"; -- Allow users to store public and private data in their account
+		"private"; -- Legacy account storage mechanism (XEP-0049)
+		"smacks"; -- Stream management and resumption (XEP-0198)
+		"vcard4"; -- User profiles (stored in PEP)
+		"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
+
+	-- Nice to have
+		"csi_simple"; -- Simple but effective traffic optimizations for mobile devices
+		"invites"; -- Create and manage invites
+		"invites_adhoc"; -- Allow admins/users to create invitations via their client
+		"invites_register"; -- Allows invited users to create accounts
+		"ping"; -- Replies to XMPP pings with pongs
+		"register"; -- Allow users to register on this server using a client and change passwords
+		"time"; -- Let others know the time here on this server
+		"uptime"; -- Report how long server has been running
+		"version"; -- Replies to server version requests
+		--"mam"; -- Store recent messages to allow multi-device synchronization
+		--"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls
+
+	-- Admin interfaces
+		"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
+		"admin_shell"; -- Allow secure administration via 'prosodyctl shell'
+
+	-- HTTP modules
+		--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
+		--"http_openmetrics"; -- for exposing metrics to stats collectors
+		--"websocket"; -- XMPP over WebSockets
+
+	-- Other specific functionality
+		"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+		--"announce"; -- Send announcement to all online users
+		--"groups"; -- Shared roster support
+		--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
+		--"mimicking"; -- Prevent address spoofing
+		--"motd"; -- Send a message to users when they log in
+		--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
+		--"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288)
+		--"server_contact_info"; -- Publish contact information for this service
+		--"tombstones"; -- Prevent registration of deleted accounts
+		--"watchregistrations"; -- Alert admins of registrations
+		--"welcome"; -- Welcome users who register accounts
+		"http_files";
+		"privilege";
+}
+
+-- modules_disabled = {}
+
+-----
+-- Must be the same value as slidge's no-upload-path
+http_files_dir = ENV_HTTP_FILES_DIR or "/var/www"
+-----
+
+pidfile = "/run/prosody/prosody.pid";
+s2s_secure_auth = true
+--s2s_insecure_domains = { "insecure.example" }
+--s2s_secure_domains = { "jabber.org" }
+
+limits = {
+	c2s = {
+		rate = ENV_LIMITS_C2S_RATE or "10kb/s";
+	};
+	s2sin = {
+		rate = ENV_LIMITS_S2SIN_RATE or "30kb/s";
+	};
+}
+
+authentication = ENV_AUTHENTICATION or "internal_hashed"
+storage = ENV_STORAGE or "internal" 
+archive_expires_after = ENV_ARCHIVE_EXPIRES_AFTER or "1w"
+log = { info = "*stdout"  }
+
+component_interfaces = { "*" }
+certificates = "certs"
+
+Include "conf.d/*.cfg.lua"

images/prosody/entrypoint.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+cp -r /config/prosody.cfg.lua /config/conf.d/ /etc/prosody/
+mkdir -p /run/prosody
+mkdir -p /var/www
+chown -fR prosody:prosody /run/prosody /var/www
+chmod 755 -R /etc/prosody
+
+prosodyctl --root cert import /etc/letsencrypt/live
+/usr/sbin/anacron -d &
+
+runuser -u prosody /usr/bin/prosody $@ 2>&1
+

images/prosody/refresh-certs.cron

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+prosodyctl --root cert import /etc/letsencrypt/live

slidge.env

@@ -0,0 +1 @@
+SLIDGE_SECRET=