SJMAnyone have any feedback on the following:
MPLK - Movim, prosody, LDAP and Keycloak https://github.com/OpusVL/prosody-bundle
MELK - Movim, ejabberd, LDAP and Keycloak https://github.com/OpusVL/ejabberd-bundle
ZashWhat is it?
SJMdocker package to deploy XMPP node
SJMone for ejabberd, the other for Prosidy
SJMnot sure whcih way we will go yet
SJMand others might be interested in this. It can connect up with exsiitng auth systems such as Active Dir / SAML etc
ZashLooks like it's 7 hours old, so never seen before
SJMor use the buit-in LDAP
SJMyes - hot off the press
ZashI'll try to take a look at the prosody stuff later
jonas’SJM, general feedback on the dockerfiles (at least https://github.com/OpusVL/prosody-bundle/blob/main/build/prosody/Dockerfile): You’re keeping a lot of unnecessary stuff in the images (build-essential etc.), removing that may be worthwhile for reducing image size and attack surface
jonas’SJM, https://github.com/OpusVL/prosody-bundle/blob/main/prosody/etc/prosody.cfg.template.lua you are using a jinja2 template here. Note that you can execute arbitrary lua code in the prosody config. Stuff like reading environment variables is best done using that (you can access environment variables by prefixing them with `ENV_`) to avoid issues with quoting.
jonas’SJM, Is there a specific reason why you chose postgres?
jonas’SJM, Is there a specific reason why you chose postgres/SQL instead of the internal storage modules?
SJMReplication - I have asked Paul to join this channel - he is closer to this (I had not expected instant engagement - is appreciated!)
SJMHe will join when finished a call
jonas’what do you need replication for?
jonas’prosody does not support replicated setups, even if the storage is replicated
SJMok - Paul will have a better answer when he joins
jonas’(also general remark: using the prosody logo in such size on the top of a readme of a project which is not directly associated with prosody is risky from a trademark law point of view, as far as I know. IANAL)
jonas’what’s the difference between https://github.com/OpusVL/prosody-bundle/blob/main/prosody/etc/xmpp-ldap-roster.py and https://github.com/OpusVL/prosody-bundle/blob/main/prosody/etc/ldap-roster.template.py?
jonas’are both needed?
jonas’for the roster update you’re restarting prosody, which disrupts all connections (non-resumable, so clients will have to start from scratch). Every hour. That sounds suboptimal.
jonas’you might want to run shellcheck (https://github.com/koalaman/shellcheck) on all your shell scripts
SJMok - so he can't seem to join as Gajim crashed when he presed the join link....
jonas’SJM, this would be a workaround: https://firstname.lastname@example.org
Paul Bhas joined
jonas’hi Paul B :)
Paul Binteresting about the lua env_. I used the tools I understand, lua != one of them.
Zash`ENV_` isn't a Lua thing, it's a Prosody config file thing
Paul Bwe tend to go with postgres as a base for all data backends where we can. fits in with our backup processes, but isn't essential.
Paul Bthe main focus of the project(s) was to provide an authentication platform that could be registered against, offer wide support and be expanded upon. Hence LDAP for the auth db and keycloak for the registration.
Paul BThanks zash that's good to know. Will look at moving away from jinja for that
jonas’Paul B, here’s an example which makes rather extensive use of `ENV_`: https://github.com/snikket-im/snikket-server/blob/master/ansible/files/prosody.cfg.lua
Paul BThanks, also thumbs up for shellcheck. Much better linter than I was using.
jonas’Paul B, you’re welcome :)
Paul B_has joined
Paul Bhas left
Paul B_as for the build-essential dockerfile bloat, you are right. I do need to get it to a staged build and tear out the unecessary stuff.