Anyone have any feedback on the following:
MPLK - Movim, prosody, LDAP and Keycloak https://github.com/OpusVL/prosody-bundle
MELK - Movim, ejabberd, LDAP and Keycloak https://github.com/OpusVL/ejabberd-bundle
marmistrzhas left
Zash
What is it?
SJM
docker package to deploy XMPP node
SJM
one for ejabberd, the other for Prosidy
SJM
not sure whcih way we will go yet
asterixhas left
asterixhas joined
SJM
and others might be interested in this. It can connect up with exsiitng auth systems such as Active Dir / SAML etc
Zash
Looks like it's 7 hours old, so never seen before
SJM
or use the buit-in LDAP
SJM
yes - hot off the press
Zash
I'll try to take a look at the prosody stuff later
jonas’
SJM, general feedback on the dockerfiles (at least https://github.com/OpusVL/prosody-bundle/blob/main/build/prosody/Dockerfile): You’re keeping a lot of unnecessary stuff in the images (build-essential etc.), removing that may be worthwhile for reducing image size and attack surface
SJM
Thanks jonas’
jonas’
SJM, https://github.com/OpusVL/prosody-bundle/blob/main/prosody/etc/prosody.cfg.template.lua you are using a jinja2 template here. Note that you can execute arbitrary lua code in the prosody config. Stuff like reading environment variables is best done using that (you can access environment variables by prefixing them with `ENV_`) to avoid issues with quoting.
jonas’
SJM, Is there a specific reason why you chose postgres?✎
jonas’
SJM, Is there a specific reason why you chose postgres/SQL instead of the internal storage modules? ✏
SJM
Replication - I have asked Paul to join this channel - he is closer to this (I had not expected instant engagement - is appreciated!)
SJM
He will join when finished a call
jonas’
what do you need replication for?
jonas’
prosody does not support replicated setups, even if the storage is replicated
SJM
ok - Paul will have a better answer when he joins
jonas’
(also general remark: using the prosody logo in such size on the top of a readme of a project which is not directly associated with prosody is risky from a trademark law point of view, as far as I know. IANAL)
SJM
good point
jonas’
what’s the difference between https://github.com/OpusVL/prosody-bundle/blob/main/prosody/etc/xmpp-ldap-roster.py and https://github.com/OpusVL/prosody-bundle/blob/main/prosody/etc/ldap-roster.template.py?
jonas’
are both needed?
jonas’
for the roster update you’re restarting prosody, which disrupts all connections (non-resumable, so clients will have to start from scratch). Every hour. That sounds suboptimal.
jonas’
you might want to run shellcheck (https://github.com/koalaman/shellcheck) on all your shell scripts
SJM
ok - so he can't seem to join as Gajim crashed when he presed the join link....
jonas’
SJM, this would be a workaround: https://xmpp.org/chat#converse/room?jid=jdev@muc.xmpp.org
Paul Bhas joined
Paul B
Hello
jonas’
hi Paul B :)
Paul B
hi
Paul B
interesting about the lua env_. I used the tools I understand, lua != one of them.
Zash
`ENV_` isn't a Lua thing, it's a Prosody config file thing
Paul B
we tend to go with postgres as a base for all data backends where we can. fits in with our backup processes, but isn't essential.
Paul B
the main focus of the project(s) was to provide an authentication platform that could be registered against, offer wide support and be expanded upon. Hence LDAP for the auth db and keycloak for the registration.
Paul B
Thanks zash that's good to know. Will look at moving away from jinja for that
jonas’
Paul B, here’s an example which makes rather extensive use of `ENV_`: https://github.com/snikket-im/snikket-server/blob/master/ansible/files/prosody.cfg.lua
Paul B
Thanks, also thumbs up for shellcheck. Much better linter than I was using.
jonas’
Paul B, you’re welcome :)
Paul B_has joined
Paul Bhas left
Paul B_
as for the build-essential dockerfile bloat, you are right. I do need to get it to a staged build and tear out the unecessary stuff.