jdev - 2021-02-10

  1. SJM

    Anyone have any feedback on the following: MPLK - Movim, prosody, LDAP and Keycloak https://github.com/OpusVL/prosody-bundle MELK - Movim, ejabberd, LDAP and Keycloak https://github.com/OpusVL/ejabberd-bundle

  2. Zash

    What is it?

  3. SJM

    docker package to deploy XMPP node

  4. SJM

    one for ejabberd, the other for Prosidy

  5. SJM

    not sure whcih way we will go yet

  6. SJM

    and others might be interested in this. It can connect up with exsiitng auth systems such as Active Dir / SAML etc

  7. Zash

    Looks like it's 7 hours old, so never seen before

  8. SJM

    or use the buit-in LDAP

  9. SJM

    yes - hot off the press

  10. Zash

    I'll try to take a look at the prosody stuff later

  11. jonas’

    SJM, general feedback on the dockerfiles (at least https://github.com/OpusVL/prosody-bundle/blob/main/build/prosody/Dockerfile): You’re keeping a lot of unnecessary stuff in the images (build-essential etc.), removing that may be worthwhile for reducing image size and attack surface

  12. SJM

    Thanks ‎jonas’‎

  13. jonas’

    SJM, https://github.com/OpusVL/prosody-bundle/blob/main/prosody/etc/prosody.cfg.template.lua you are using a jinja2 template here. Note that you can execute arbitrary lua code in the prosody config. Stuff like reading environment variables is best done using that (you can access environment variables by prefixing them with `ENV_`) to avoid issues with quoting.

  14. jonas’

    SJM, Is there a specific reason why you chose postgres?

  15. jonas’

    SJM, Is there a specific reason why you chose postgres/SQL instead of the internal storage modules?

  16. SJM

    Replication - I have asked Paul to join this channel - he is closer to this (I had not expected instant engagement - is appreciated!)

  17. SJM

    He will join when finished a call

  18. jonas’

    what do you need replication for?

  19. jonas’

    prosody does not support replicated setups, even if the storage is replicated

  20. SJM

    ok - Paul will have a better answer when he joins

  21. jonas’

    (also general remark: using the prosody logo in such size on the top of a readme of a project which is not directly associated with prosody is risky from a trademark law point of view, as far as I know. IANAL)

  22. SJM

    good point

  23. jonas’

    what’s the difference between https://github.com/OpusVL/prosody-bundle/blob/main/prosody/etc/xmpp-ldap-roster.py and https://github.com/OpusVL/prosody-bundle/blob/main/prosody/etc/ldap-roster.template.py?

  24. jonas’

    are both needed?

  25. jonas’

    for the roster update you’re restarting prosody, which disrupts all connections (non-resumable, so clients will have to start from scratch). Every hour. That sounds suboptimal.

  26. jonas’

    you might want to run shellcheck (https://github.com/koalaman/shellcheck) on all your shell scripts

  27. SJM

    ok - so he can't seem to join as Gajim crashed when he presed the join link....

  28. jonas’

    SJM, this would be a workaround: https://xmpp.org/chat#converse/room?jid=jdev@muc.xmpp.org

  29. Paul B


  30. jonas’

    hi Paul B :)

  31. Paul B


  32. Paul B

    interesting about the lua env_. I used the tools I understand, lua != one of them.

  33. Zash

    `ENV_` isn't a Lua thing, it's a Prosody config file thing

  34. Paul B

    we tend to go with postgres as a base for all data backends where we can. fits in with our backup processes, but isn't essential.

  35. Paul B

    the main focus of the project(s) was to provide an authentication platform that could be registered against, offer wide support and be expanded upon. Hence LDAP for the auth db and keycloak for the registration.

  36. Paul B

    Thanks zash that's good to know. Will look at moving away from jinja for that

  37. jonas’

    Paul B, here’s an example which makes rather extensive use of `ENV_`: https://github.com/snikket-im/snikket-server/blob/master/ansible/files/prosody.cfg.lua

  38. Paul B

    Thanks, also thumbs up for shellcheck. Much better linter than I was using.

  39. jonas’

    Paul B, you’re welcome :)

  40. Paul B_

    as for the build-essential dockerfile bloat, you are right. I do need to get it to a staged build and tear out the unecessary stuff.