GNU bug report logs - #68894
Prosody guix service required fixes.

Previous Next

Full log

Message #8 received at 68894 <at> debbugs.gnu.org (full text, mbox):

From: Clément Lassieur <clement <at> lassieur.org>
To: email <at> msavoritias.me
Cc: 68894 <at> debbugs.gnu.org
Subject: Re: bug#68894: Prosody guix service required fixes.
Date: Fri, 02 Feb 2024 17:59:40 +0100

On Fri, Feb 02 2024, email <at> msavoritias.me wrote:

> Tried to write a system declaration that includes a prosody server.
>
> This bug aims to collect some bugs that were found and some features that were needed during writing.
>
> 1. The opaque-prosody-configuration as used in this example
> https://guix.gnu.org/en/manual/devel/en/guix.html#index-prosody_002ecfg_002elua
>
> is broken. A workaround for now is adding raw-content as a field inside prosody-configuration.

Indeed it seems like it's never worked.  The issue is: how do we know
the pid-file if the user is using the raw config.  Sounds like we need a
service, in that case, that works without pid-file.

> 2. Prosody Includes a plugin installer now https://prosody.im/doc/installing_modules#using-the-installer
>
> so the plugin-directory here https://guix.gnu.org/en/manual/devel/en/guix.html#index-plugin_002dpaths needs to be changed to wrap the
> module installer instead. since its easier to do that than manually copying modules.
>
> This is for modules that are not part of guix yet. Ideally imo an xmpp package file would be ideal to host any module that are packaged plus all
> related software.
>
> 3. The modules enabled by default is outdated https://guix.gnu.org/en/manual/devel/en/guix.html#index-modules_002denabled
>
> A simple example vcard is deprecated now. also not sure if register should be default now since we have invites.
>
> 4. Security should be the default at this point 
>
> https://guix.gnu.org/en/manual/devel/en/guix.html#index-c2s_002drequire_002dencryption_003f
>
> https://guix.gnu.org/en/manual/devel/en/guix.html#index-s2s_002drequire_002dencryption_003f
>
> https://guix.gnu.org/en/manual/devel/en/guix.html#index-s2s_002dsecure_002dauth_003f
>
> should be turned to true by default. all are already true by default upstream https://prosody.im/doc/s2s#security
>
> 5. The internal authentication here https://guix.gnu.org/en/manual/devel/en/guix.html#index-authentication
>
> should be internal_hashed as per default. https://prosody.im/doc/authentication it should never be plain.
>
> 6. Also a field for http_file_share is mandatory nowadays. see https://prosody.im/doc/modules/mod_http_file_share
>
> 7. room creation should be local for safety reasons
> https://guix.gnu.org/en/manual/devel/en/guix.html#index-restrict_002droom_002dcreation
>
> nobody allows non local anymore.
>
> I plan to get to do this btw after i am done with the joinjabber
> server at some point. :)

Cool, I'd be happy to review.  Thanks for this email.  It's a long time
I haven't been using Prosody and unfortunately this Guile wrapper is a
maintenance burden.  Even more so now that XMPP is less and less used.

I wonder if it would be better to just support a minimal raw config.

Clément

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.