Mercurial > sat_docs
diff docker/prosody/Dockerfile @ 21:0e78c8a4626e
Added Dockerfiles to create Docker images for easy installation + scripts to manages them. see README for details.
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sun, 19 Oct 2014 15:14:40 +0200 |
| parents | |
| children | 686a8c982c3f |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docker/prosody/Dockerfile Sun Oct 19 15:14:40 2014 +0200 @@ -0,0 +1,139 @@ +############################################################### +# # +# Salut à Toi/Prosody # +# This Dockerfile build a Prosody version prepared for SàT # +# Salut à Toi is a multi-frontends multi-purposes XMPP client # +# # +############################################################### + +FROM salutatoi/base:latest + +MAINTAINER Goffi <goffi@goffi.org> + +######## +# BASE # +######## + +RUN apt-get install -y apg prosody +RUN apt-get clean + +###################### +# REMOTE ROSTER HACK # +###################### + +# This dirty hack is used temporarily in SàT to have nice features like fine permissions tuning +# see http://www.goffi.org/post/2012/06/24/Fine-access-tuning-for-PubSub +# A proper way is being working on, with new XEPs + +WORKDIR /usr/lib/prosody/modules +# wget/curl are not installed, so we use python +RUN python -c 'import urllib2;f=open("mod_remote_roster.lua","w");f.write(urllib2.urlopen("http://paste.debian.net/download/121248").read())' +WORKDIR /etc/prosody +# the hacked module must be activated +RUN sed -i 's/modules_enabled = {/\0\n\t-- SàT specific\n\t\t"remote_roster";/' prosody.cfg.lua + +###################### +# MISC CONFIGURATION # +###################### + +# we want to run foreground +RUN sed -i 's/daemonize = true;/daemonize = false;/' prosody.cfg.lua + +# we listen the world for components (but we do *NOT* expose the port ! It's just for linked containers) +RUN sed -i 's/^----------- Virtual hosts -----------/component_interface="0.0.0.0"\n\n\0/' prosody.cfg.lua + +# we don't want to allow self registering, this is managed by a SàT plugin +RUN sed -i 's/"register"/--\0/' prosody.cfg.lua + +# announce is usefull on a Libervia instance +RUN sed -i 's/--"announce"/"announce"/' prosody.cfg.lua + +# we use environment variable to get the domain +RUN sed -i 's/^admins =.*$/\nlocal domain = os.getenv("DOMAIN") or "libervia.int"\n\0/' prosody.cfg.lua + +# default admin is admin@DOMAIN +RUN sed -i 's/admins = { }/admins = { "admin@"..(domain) }/' prosody.cfg.lua + +# we can now set our virtualhost +RUN sed -i 's/^------ Components ------/VirtualHost (domain)\n\n\0/' prosody.cfg.lua + +# we want default, unsplitted logs +RUN python -c 'import re;f=open("prosody.cfg.lua","r+");buf=re.sub(r"^log =.*^}","",f.read(),1,re.DOTALL | re.MULTILINE);f.seek(0);f.write(buf);f.truncate()' + +############### +# CERTIFICATE # +############### + +# We want to use the certificat in /usr/share/sat +RUN sed -i 's%key = "/etc/prosody/certs/localhost.key";%key = "/usr/share/sat/libervia.key";%; s%certificate = "/etc/prosody/certs/localhost.crt";%certificate = "/usr/share/sat/libervia.crt";%' prosody.cfg.lua + +# but we do a link to be sure that there is a certificate +RUN ln -s /etc/prosody/certs/localhost.key /usr/share/sat/libervia.key; ln -s /etc/prosody/certs/localhost.cert /usr/share/sat/libervia.crt + +############## +# COMPONENTS # +############## + +# we activate the MUC component on chat.DOMAIN +RUN sed -i 's/--Component "conference.example.com" "muc"/Component ("chat."..domain) "muc"/' prosody.cfg.lua + +# and the SOCKS5 bytestream proxy on proxy.DOMAIN +RUN sed -i 's/--Component "proxy.example.com" "proxy65"/Component ("proxy."..domain) "proxy65"/' prosody.cfg.lua + +# SàT PubSub +RUN sed -i 's/^------ Additional/Component ("sat-pubsub."..domain)\n\tcomponent_secret = os.getenv("SAT_PUBSUB_SECRET")\n\n\0/' prosody.cfg.lua + +# Salut, SàT's directory component +RUN sed -i 's/^------ Additional/Component ("salut."..domain)\n\tcomponent_secret = os.getenv("SAT_SALUT_SECRET")\n\n\0/' prosody.cfg.lua + +############################ +# AUTOMATIC CONFIGURATION # +############################ + +# this script allow to call prosodyctl and get configuration variables from linked containers +RUN echo '#!/usr/bin/env python2\n\ +import subprocess, SimpleXMLRPCServer, os\n\ +def prosodyctl(command, profile, pwd):\n\ + process = subprocess.Popen(["prosodyctl", command, profile], stdin=subprocess.PIPE)\n\ + if pwd:\n\ + process.communicate("%s\\n%s"%(pwd,pwd))\n\ + return process.wait()\n\ +def getenv(variable):\n\ + assert variable in ("SAT_PUBSUB_SECRET","SAT_SALUT_SECRET","DOMAIN")\n\ + return os.getenv(variable)\n\ +server = SimpleXMLRPCServer.SimpleXMLRPCServer(("0.0.0.0", 9999))\n\ +server.register_function(prosodyctl, "prosodyctl")\n\ +server.register_function(getenv, "getenv")\n\ +server.serve_forever()' > /usr/local/bin/container_server && chmod 0555 /usr/local/bin/container_server + +# the following script is used to automatically generate passwords for components +RUN echo '#!/bin/sh\n\ +export SAT_PUBSUB_SECRET=$(apg -n 1)\n\ +export SAT_SALUT_SECRET=$(apg -n 1)\n\ +if [ -z $DOMAIN ]; then\n\ + export DOMAIN="libervia.int"\n\ +fi\n\ +container_server&\n\ +echo "domain used: $DOMAIN\n"\n\ +/usr/bin/prosody $@' > /usr/local/bin/prosody && chmod +x /usr/local/bin/prosody + +######### +# PORTS # +######### + +# client to server (C2S) +EXPOSE 5222 + +# server to server (S2S) +EXPOSE 5269 + +########## +# LAUNCH # +########## + +# prosody need to access /var/run to write it's pid +RUN mkdir -p /var/run/prosody; chown prosody:adm /var/run/prosody + +USER prosody + +ENTRYPOINT ["prosody"]