From 5cc6dcd734fbf40371aaa6b2ebb825fb35397209 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Lassieur?= Date: Fri, 6 Oct 2017 02:01:07 +0200 Subject: services: prosody: Adapt to Prosody 0.10.0. * doc/guix.texi (Messaging Services): Add "mam" as a module example. Document 'prosodyctl check'. Replace 'prosodyctl cert request' with 'prosodyctl cert import'. Regenerate it. * gnu/services/messaging.scm (serialize-module-list): Remove "posix" from the default modules list because it is now automatically loaded. (ssl-configuration)[key, certificate]: Remove them because they are now automatically located. Fix their docstrings. (%default-modules-enabled): Add "carbons" and "blocklist". (prosody-configuration)[certificates]: Set default directory from which certificates/keys will be automatically located. --- doc/guix.texi | 28 +++++++++++++++++++--------- gnu/services/messaging.scm | 19 ++++++++++++++----- 2 files changed, 33 insertions(+), 14 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index f8188fbb16..a2f7d9e1d0 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13899,7 +13899,7 @@ record as in this example: @example (service prosody-service-type (prosody-configuration - (modules-enabled (cons "groups" %default-modules-enabled)) + (modules-enabled (cons "groups" "mam" %default-modules-enabled)) (int-components (list (int-component-configuration @@ -13920,10 +13920,15 @@ By default, Prosody does not need much configuration. Only one @code{virtualhosts} field is needed: it specifies the domain you wish Prosody to serve. -Prosodyctl will help you generate X.509 certificates and keys: +You can perform various sanity checks on the generated configuration +with the @code{prosodyctl check} command. + +Prosodyctl will also help you to import certificates from the +@code{letsencrypt} directory so that the @code{prosody} user can access +them. See @url{https://prosody.im/doc/letsencrypt}. @example -prosodyctl cert request example.net +prosodyctl --root cert import /etc/letsencrypt/live @end example The available configuration parameters follow. Each parameter @@ -13962,6 +13967,13 @@ paths in order. See @url{http://prosody.im/doc/plugins_directory}. Defaults to @samp{()}. @end deftypevr +@deftypevr {@code{prosody-configuration} parameter} file-name certificates +Every virtual host and component needs a certificate so that clients and +servers can securely verify its identity. Prosody will automatically load +certificates/keys from the directory specified here. +Defaults to @samp{"/etc/prosody/certs"}. +@end deftypevr + @deftypevr {@code{prosody-configuration} parameter} string-list admins This is a list of accounts that are admins for the server. Note that you must create the accounts separately. See @url{http://prosody.im/doc/admins} and @@ -14014,14 +14026,12 @@ Available @code{ssl-configuration} fields are: This determines what handshake to use. @end deftypevr -@deftypevr {@code{ssl-configuration} parameter} file-name key -Path to your private key file, relative to @code{/etc/prosody}. -Defaults to @samp{"/etc/prosody/certs/key.pem"}. +@deftypevr {@code{ssl-configuration} parameter} maybe-file-name key +Path to your private key file. @end deftypevr -@deftypevr {@code{ssl-configuration} parameter} file-name certificate -Path to your certificate file, relative to @code{/etc/prosody}. -Defaults to @samp{"/etc/prosody/certs/cert.pem"}. +@deftypevr {@code{ssl-configuration} parameter} maybe-file-name certificate +Path to your certificate file. @end deftypevr @deftypevr {@code{ssl-configuration} parameter} file-name capath diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm index 715d6181f5..526ad5a410 100644 --- a/gnu/services/messaging.scm +++ b/gnu/services/messaging.scm @@ -160,7 +160,7 @@ (define (module-list? val) (string-list? val)) (define (serialize-module-list field-name val) - (serialize-string-list field-name (cons "posix" val))) + (serialize-string-list field-name val)) (define-maybe module-list) (define (file-name? val) @@ -203,12 +203,12 @@ just joined the room.")) "This determines what handshake to use.") (key - (file-name "/etc/prosody/certs/key.pem") - "Path to your private key file, relative to @code{/etc/prosody}.") + (maybe-file-name 'disabled) + "Path to your private key file.") (certificate - (file-name "/etc/prosody/certs/cert.pem") - "Path to your certificate file, relative to @code{/etc/prosody}.") + (maybe-file-name 'disabled) + "Path to your certificate file.") (capath (file-name "/etc/ssl/certs") @@ -271,7 +271,9 @@ can create such a file with: "tls" "dialback" "disco" + "carbons" "private" + "blocklist" "vcard" "version" "uptime" @@ -321,6 +323,13 @@ can create such a file with: paths in order. See @url{http://prosody.im/doc/plugins_directory}." global) + (certificates + (file-name "/etc/prosody/certs") + "Every virtual host and component needs a certificate so that clients and +servers can securely verify its identity. Prosody will automatically load +certificates/keys from the directory specified here." + global) + (admins (string-list '()) "This is a list of accounts that are admins for the server. Note that you -- cgit v1.2.3