-
SJM
Anyone have any feedback on the following: MPLK - Movim, prosody, LDAP and Keycloak https://github.com/OpusVL/prosody-bundle MELK - Movim, ejabberd, LDAP and Keycloak https://github.com/OpusVL/ejabberd-bundle
-
Zash
What is it?
-
SJM
docker package to deploy XMPP node
-
SJM
one for ejabberd, the other for Prosidy
-
SJM
not sure whcih way we will go yet
-
SJM
and others might be interested in this. It can connect up with exsiitng auth systems such as Active Dir / SAML etc
-
Zash
Looks like it's 7 hours old, so never seen before
-
SJM
or use the buit-in LDAP
-
SJM
yes - hot off the press
-
Zash
I'll try to take a look at the prosody stuff later
-
jonas’
SJM, general feedback on the dockerfiles (at least https://github.com/OpusVL/prosody-bundle/blob/main/build/prosody/Dockerfile): You’re keeping a lot of unnecessary stuff in the images (build-essential etc.), removing that may be worthwhile for reducing image size and attack surface
-
SJM
Thanks jonas’
-
jonas’
SJM, https://github.com/OpusVL/prosody-bundle/blob/main/prosody/etc/prosody.cfg.template.lua you are using a jinja2 template here. Note that you can execute arbitrary lua code in the prosody config. Stuff like reading environment variables is best done using that (you can access environment variables by prefixing them with `ENV_`) to avoid issues with quoting.
-
jonas’
SJM, Is there a specific reason why you chose postgres?✎ -
jonas’
SJM, Is there a specific reason why you chose postgres/SQL instead of the internal storage modules? ✏
-
SJM
Replication - I have asked Paul to join this channel - he is closer to this (I had not expected instant engagement - is appreciated!)
-
SJM
He will join when finished a call
-
jonas’
what do you need replication for?
-
jonas’
prosody does not support replicated setups, even if the storage is replicated
-
SJM
ok - Paul will have a better answer when he joins
-
jonas’
(also general remark: using the prosody logo in such size on the top of a readme of a project which is not directly associated with prosody is risky from a trademark law point of view, as far as I know. IANAL)
-
SJM
good point
-
jonas’
what’s the difference between https://github.com/OpusVL/prosody-bundle/blob/main/prosody/etc/xmpp-ldap-roster.py and https://github.com/OpusVL/prosody-bundle/blob/main/prosody/etc/ldap-roster.template.py?
-
jonas’
are both needed?
-
jonas’
for the roster update you’re restarting prosody, which disrupts all connections (non-resumable, so clients will have to start from scratch). Every hour. That sounds suboptimal.
-
jonas’
you might want to run shellcheck (https://github.com/koalaman/shellcheck) on all your shell scripts
-
SJM
ok - so he can't seem to join as Gajim crashed when he presed the join link....
-
jonas’
SJM, this would be a workaround: https://xmpp.org/chat#converse/room?jid=jdev@muc.xmpp.org
-
Paul B
Hello
-
jonas’
hi Paul B :)
-
Paul B
hi
-
Paul B
interesting about the lua env_. I used the tools I understand, lua != one of them.
-
Zash
`ENV_` isn't a Lua thing, it's a Prosody config file thing
-
Paul B
we tend to go with postgres as a base for all data backends where we can. fits in with our backup processes, but isn't essential.
-
Paul B
the main focus of the project(s) was to provide an authentication platform that could be registered against, offer wide support and be expanded upon. Hence LDAP for the auth db and keycloak for the registration.
-
Paul B
Thanks zash that's good to know. Will look at moving away from jinja for that
-
jonas’
Paul B, here’s an example which makes rather extensive use of `ENV_`: https://github.com/snikket-im/snikket-server/blob/master/ansible/files/prosody.cfg.lua
-
Paul B
Thanks, also thumbs up for shellcheck. Much better linter than I was using.
-
jonas’
Paul B, you’re welcome :)
-
Paul B_
as for the build-essential dockerfile bloat, you are right. I do need to get it to a staged build and tear out the unecessary stuff.