Mercurial > sat_docs

diff docker/prosody/Dockerfile @ 80:686a8c982c3f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
docker: updated Dockerfiles: - use HTTPS URLs instead of HTTP - prosody image know use prosody Debian repository instead of Debian Jessie version, prosody 0.10 is used - prosody configuration is now in prosody directory next to Dockerfile, instead of using difficult to maintain sed calls - community modules are downloaded from mercurial, and only needed ones are kept - no more remote-roster hack \o/ - pubsub component is not at pubsub.[domain] (was sat-pubsub before) - SàT media are gotten from hg instead of ftp, so they are up-to-date with SàT version - libervia image now use pip for txJSON-RPC - fixed now needed jinja2 installation - fixed libervia/admin accounts auto-creation script - fixed uid/gid for prosody in data image - removed not needed anymore nox option in base image - added python-pip in base image - docker images now work with current dev version (0.6.0D)
author Goffi <goffi@goffi.org>
date Fri, 12 Feb 2016 20:24:24 +0100
parents 0e78c8a4626e
children bcba1966e6db
line wrap: on
line diff
--- a/docker/prosody/Dockerfile	Wed Feb 10 18:22:56 2016 +0100
+++ b/docker/prosody/Dockerfile	Fri Feb 12 20:24:24 2016 +0100
@@ -14,77 +14,41 @@
 # BASE #
 ########
 
-RUN apt-get install -y apg prosody
+RUN apt-get install -y --no-install-recommends lsb-release
+# we add prosody repository and key
+RUN echo deb http://packages.prosody.im/debian $(lsb_release -sc) main > /etc/apt/sources.list.d/prosody.list
+RUN python -c 'import urllib2;import subprocess as s;s.Popen(["apt-key","add","-"], stdin=s.PIPE).communicate(urllib2.urlopen("https://prosody.im/files/prosody-debian-packages.key").read())'
+RUN apt-get update
+# and install prosody and apg (to generate passwords)
+RUN apt-get install -y apg prosody-0.10
 RUN apt-get clean
 
-######################
-# REMOTE ROSTER HACK #
-######################
-
-# This dirty hack is used temporarily in SàT to have nice features like fine permissions tuning
-# see http://www.goffi.org/post/2012/06/24/Fine-access-tuning-for-PubSub
-# A proper way is being working on, with new XEPs
-
-WORKDIR /usr/lib/prosody/modules
-# wget/curl are not installed, so we use python
-RUN python -c 'import urllib2;f=open("mod_remote_roster.lua","w");f.write(urllib2.urlopen("http://paste.debian.net/download/121248").read())'
-WORKDIR /etc/prosody
-# the hacked module must be activated
-RUN sed -i 's/modules_enabled = {/\0\n\t-- SàT specific\n\t\t"remote_roster";/' prosody.cfg.lua
-
-######################
-# MISC CONFIGURATION #
-######################
+###################
+# PROSODY MODULES #
+###################
 
-# we want to run foreground
-RUN sed -i 's/daemonize = true;/daemonize = false;/' prosody.cfg.lua
-
-# we listen the world for components (but we do *NOT* expose the port ! It's just for linked containers)
-RUN sed -i 's/^----------- Virtual hosts -----------/component_interface="0.0.0.0"\n\n\0/' prosody.cfg.lua
-
-# we don't want to allow self registering, this is managed by a SàT plugin
-RUN sed -i 's/"register"/--\0/' prosody.cfg.lua
-
-# announce is usefull on a Libervia instance
-RUN sed -i 's/--"announce"/"announce"/' prosody.cfg.lua
+WORKDIR /tmp
+RUN hg clone https://hg.prosody.im/prosody-modules/ prosody-modules
+WORKDIR prosody-modules
+RUN for mod in privilege delegation ipcheck http_upload;do cp mod_$mod/mod_$mod.lua /usr/lib/prosody/modules;done
+WORKDIR /tmp
+RUN rm -rf prosody-modules
 
-# we use environment variable to get the domain
-RUN sed -i 's/^admins =.*$/\nlocal domain = os.getenv("DOMAIN") or "libervia.int"\n\0/' prosody.cfg.lua
-
-# default admin is admin@DOMAIN
-RUN sed -i 's/admins = { }/admins = { "admin@"..(domain) }/' prosody.cfg.lua
+#################
+# CONFIGURATION #
+#################
 
-# we can now set our virtualhost
-RUN sed -i 's/^------ Components ------/VirtualHost (domain)\n\n\0/' prosody.cfg.lua
-
-# we want default, unsplitted logs
-RUN python -c 'import re;f=open("prosody.cfg.lua","r+");buf=re.sub(r"^log =.*^}","",f.read(),1,re.DOTALL | re.MULTILINE);f.seek(0);f.write(buf);f.truncate()'
+WORKDIR /etc/prosody
+# we keep up-to-date configuration for this image on the repository
+RUN python -c 'import urllib2;f=open("prosody.cfg.lua","w");f.write(urllib2.urlopen("https://repos.goffi.org/sat_docs/raw-file/tip/docker/prosody/prosody.cfg.lua").read())'
 
 ###############
 # CERTIFICATE #
 ###############
 
 # We want to use the certificat in /usr/share/sat
-RUN sed -i 's%key = "/etc/prosody/certs/localhost.key";%key = "/usr/share/sat/libervia.key";%; s%certificate = "/etc/prosody/certs/localhost.crt";%certificate = "/usr/share/sat/libervia.crt";%' prosody.cfg.lua
-
 # but we do a link to be sure that there is a certificate
-RUN ln -s /etc/prosody/certs/localhost.key /usr/share/sat/libervia.key; ln -s /etc/prosody/certs/localhost.cert /usr/share/sat/libervia.crt
-
-##############
-# COMPONENTS #
-##############
-
-# we activate the MUC component on chat.DOMAIN
-RUN sed -i 's/--Component "conference.example.com" "muc"/Component ("chat."..domain) "muc"/' prosody.cfg.lua
-
-# and the SOCKS5 bytestream proxy on proxy.DOMAIN
-RUN sed -i 's/--Component "proxy.example.com" "proxy65"/Component ("proxy."..domain) "proxy65"/' prosody.cfg.lua
-
-# SàT PubSub
-RUN sed -i 's/^------ Additional/Component ("sat-pubsub."..domain)\n\tcomponent_secret = os.getenv("SAT_PUBSUB_SECRET")\n\n\0/' prosody.cfg.lua
-
-# Salut, SàT's directory component
-RUN sed -i 's/^------ Additional/Component ("salut."..domain)\n\tcomponent_secret = os.getenv("SAT_SALUT_SECRET")\n\n\0/' prosody.cfg.lua
+RUN ln -s /etc/prosody/certs/localhost.key /usr/share/sat/libervia.key; ln -s /etc/prosody/certs/localhost.crt /usr/share/sat/libervia.crt
 
 ############################
 # AUTOMATIC CONFIGURATION  #