aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--files/usr/local/etc/mollysocket.conf.xmpp_server5
-rw-r--r--files/usr/local/etc/nginx/vhosts.conf.xmpp_server23
-rw-r--r--files/usr/local/etc/rc.d/mollysocket.xmpp_server50
-rw-r--r--scripts/hostclass/xmpp_server/10-prosody (renamed from scripts/hostclass/xmpp_server)5
-rw-r--r--scripts/hostclass/xmpp_server/20-mollysocket61
-rw-r--r--vars/hostclass/xmpp_server3
6 files changed, 145 insertions, 2 deletions
diff --git a/files/usr/local/etc/mollysocket.conf.xmpp_server b/files/usr/local/etc/mollysocket.conf.xmpp_server
new file mode 100644
index 0000000..9fd83c9
--- /dev/null
+++ b/files/usr/local/etc/mollysocket.conf.xmpp_server
@@ -0,0 +1,5 @@
+host = "127.0.0.1"
+port = ${mollysocket_local_port}
+webserver = true
+allowed_endpoints = ["https://${prosody_public_fqdn}/"]
+vapid_privkey = "${mollysocket_vapid_key}"
diff --git a/files/usr/local/etc/nginx/vhosts.conf.xmpp_server b/files/usr/local/etc/nginx/vhosts.conf.xmpp_server
index fad92ad..7cbe5a2 100644
--- a/files/usr/local/etc/nginx/vhosts.conf.xmpp_server
+++ b/files/usr/local/etc/nginx/vhosts.conf.xmpp_server
@@ -21,3 +21,26 @@ server {
proxy_pass http://127.0.0.1:${prosody_http_port};
}
}
+
+server {
+ listen ${mollysocket_port} ssl default_server;
+ listen [::]:${mollysocket_port} ssl default_server;
+
+ http2 on;
+
+ ssl_certificate ${prosody_https_cert};
+ ssl_certificate_key ${prosody_https_key};
+ ssl_trusted_certificate ${prosody_https_cacert};
+
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ location / {
+ proxy_http_version 1.1;
+ proxy_set_header Host \$host:\$server_port;
+ proxy_set_header X-Real-IP \$remote_addr;
+ proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto \$scheme;
+ proxy_set_header X-Original-URL \$uri;
+ proxy_pass http://127.0.0.1:${mollysocket_local_port};
+ }
+}
diff --git a/files/usr/local/etc/rc.d/mollysocket.xmpp_server b/files/usr/local/etc/rc.d/mollysocket.xmpp_server
new file mode 100644
index 0000000..1a03931
--- /dev/null
+++ b/files/usr/local/etc/rc.d/mollysocket.xmpp_server
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# PROVIDE: mollysocket
+# REQUIRE: NETWORKING
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name=mollysocket
+rcvar=mollysocket_enable
+
+load_rc_config "$name"
+
+: ${mollysocket_enable:='NO'}
+: ${mollysocket_dir:='/usr/local/mollysocket/mollysocket.git'}
+: ${mollysocket_user='mollysocket'}
+: ${mollysocket_log_level:='info'}
+: ${mollysocket_syslog_facility:='daemon'}
+: ${mollysocket_conf_file:='/usr/local/etc/mollysocket.conf'}
+
+mollysocket_syslog_tag=mollysocket
+mollysocket_run_dir=/var/run/mollysocket
+mollysocket_db_dir=/var/db/mollysocket
+mollysocket_env="MOLLY_CONF=${mollysocket_conf_file} MOLLY_DB=${mollysocket_db_dir}/db.sqlite RUST_LOG=${mollysocket_log_level}"
+
+required_files="${mollysocket_conf_file}"
+sig_stop=SIGINT
+
+mollysocket_chdir=$mollysocket_dir
+pidfile=${mollysocket_run_dir}/mollysocket.pid
+command=/usr/sbin/daemon
+
+command_args="-f \
+-s ${mollysocket_log_level} \
+-l ${mollysocket_syslog_facility} \
+-T ${mollysocket_syslog_tag} \
+-p ${pidfile} \
+-t ${name} \
+${mollysocket_dir}/target/release/mollysocket server"
+
+procname="${mollysocket_dir}/target/release/mollysocket"
+start_precmd=mollysocket_prestart
+
+mollysocket_prestart(){
+ install -d -m 0755 -o ${mollysocket_user} ${mollysocket_run_dir}
+ install -d -m 0750 -o ${mollysocket_user} ${mollysocket_db_dir}
+}
+
+run_rc_command "$1"
+
diff --git a/scripts/hostclass/xmpp_server b/scripts/hostclass/xmpp_server/10-prosody
index 621f688..3383282 100644
--- a/scripts/hostclass/xmpp_server
+++ b/scripts/hostclass/xmpp_server/10-prosody
@@ -35,13 +35,16 @@ prosody_https_cacert="${acme_cert_dir}/nginx.ca.crt"
prosody_https_cert="${acme_cert_dir}/nginx.crt"
prosody_https_key="${acme_cert_dir}/nginx.key"
+mollysocket_local_port=8081
+
# Install required packages.
pkg install -y \
prosody \
prosody-modules \
lua54-luadbi \
lua54-lualdap \
- nginx
+ nginx \
+ ca_root_nss
# Create ZFS dataset for HTTP upload files.
create_dataset -o "mountpoint=${prosody_db_dir}" "${state_dataset}/prosody"
diff --git a/scripts/hostclass/xmpp_server/20-mollysocket b/scripts/hostclass/xmpp_server/20-mollysocket
new file mode 100644
index 0000000..9bed162
--- /dev/null
+++ b/scripts/hostclass/xmpp_server/20-mollysocket
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+# mollysocket allows sending push notifications to Molly (Signal clone)
+# via UnifiedPush.
+
+: ${mollysocket_repo='https://github.com/mollyim/mollysocket'}
+: ${mollysocket_branch='1.6.0'}
+: ${mollysocket_vapid_key='changeme'}
+
+mollysocket_username=mollysocket
+mollysocket_uid=794
+mollysocket_home=/usr/local/mollysocket
+mollysocket_repo_dir="${mollysocket_home}/mollysocket.git"
+mollysocket_db_dir=/var/db/mollysocket
+mollysocket_conf_file=/usr/local/etc/mollysocket.conf
+
+# Install required packages.
+pkg install -y \
+ git-lite \
+ rust \
+ sqlite3
+
+# Add local mollysocket user.
+add_user \
+ -u "$mollysocket_uid" \
+ -c "Mollysocket User" \
+ -d "$mollysocket_home" \
+ -s /usr/sbin/nologin \
+ "$mollysocket_username"
+
+# Create persistent ZFS dataset for mollysocket's sqlite db.
+create_dataset -o "mountpoint=${mollysocket_db_dir}" "${state_dataset}/mollysocket"
+
+# Set permissions on the mollysocket db directory.
+install_directory -m 0770 -o "$mollysocket_username" -g "$mollysocket_username" "$mollysocket_db_dir"
+
+# Create mollysocket home directory.
+install_directory -o "$mollysocket_username" -g "$mollysocket_username" -m 0775 "$mollysocket_home"
+
+# Clone mollysocket git repo.
+[ -d "${mollysocket_repo_dir}" ] || su -m "$mollysocket_username" -c \
+ "git clone ${mollysocket_repo} ${mollysocket_repo_dir}"
+
+# Update mollysocket git repo.
+su -m "$mollysocket_username" -c "git -C ${mollysocket_repo_dir} fetch"
+su -m "$mollysocket_username" -c "git -C ${mollysocket_repo_dir} switch --detach ${mollysocket_branch}"
+
+# Build mollysocket.
+( cd "$mollysocket_repo_dir"
+ su -m "$mollysocket_username" -c "HOME=${mollysocket_home} RUSTFLAGS=-L/usr/local/lib cargo build --release"
+)
+
+# Copy mollysocket rc.d script.
+install_file -m 0555 /usr/local/etc/rc.d/mollysocket
+
+# Copy mollysocket config file.
+install_template -m 0640 -g "$mollysocket_username" "$mollysocket_conf_file"
+
+# Enable and start mollysocket.
+sysrc -v mollysocket_enable=YES
+service mollysocket restart
diff --git a/vars/hostclass/xmpp_server b/vars/hostclass/xmpp_server
index fb63bbe..0830827 100644
--- a/vars/hostclass/xmpp_server
+++ b/vars/hostclass/xmpp_server
@@ -2,7 +2,8 @@
prosody_c2s_tls_port=5223
prosody_s2s_tls_port=5270
+mollysocket_port=8443
-allowed_tcp_ports="ssh http https xmpp-client xmpp-server ${prosody_c2s_tls_port} ${prosody_s2s_tls_port}"
+allowed_tcp_ports="ssh http https xmpp-client xmpp-server ${prosody_c2s_tls_port} ${prosody_s2s_tls_port} ${mollysocket_port}"
acme=true
nginx_public=true
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-04 17:33:29 -0400