XMPP Service Operators - 2022-07-28

  1. benk

    So what do we talk about here usually, as service operators

  2. jonas’

    benk, https://xmpp.org/community/channels/operators/ see On-Topicness in that document. Generally, we don't have much social chat here, just focused, high signal/noise ratio on-topic chat

  3. benk

    Thanks

  4. edhelas

    Mostly blaming the other operators on how to configure better their own servers/fix their certificates :p

  5. diane

    I'm here lurking to stay up to date on xmpp anti-spam measures

  6. benk

    I don't get any spam, knock on wood. I'm guessing spammers are unaware of my jid's existence

  7. diane

    Eventually russian carders found me.

  8. moparisthebest

    I thought this was the tell-other-operators-their-letsencrypt-certificate-renewal-broke channel ?

  9. diane

    probably also valid

  10. diane

    I still don't think my certbot deploy-hook argument causes everything to reload correctly

  11. moparisthebest

    long ago I had problems making prosody reload my cert with the standard `systemctl reload`, so I changed it to restart, and haven't touched it since :/

  12. moparisthebest

    I think that's supposed to be fixed now but a hard restart every 2 months is also fine so I don't care, I guess

  13. diane

    by default reload doesn't reload the certs on prosody, but they added a module https://modules.prosody.im/mod_reload_modules.html

  14. moparisthebest

    yea, that broke mod_tls in strange ways years ago though

  15. diane

    ah ok

  16. diane

    well i just added it, and will see how things go wrong in a couple months

  17. moparisthebest

    ha yea that's the worst part, the slow testing cycle

  18. Menel

    diane: a simple reload is enough with prososy 0.12 no need for extra modules or whatever

  19. diane

    oh cool

  20. diane

    my server is on debian stable so i still have 0.11, using the version in backports is on the list of things to try when i have some free time

  21. Menel

    The recommended way is the prosodyctl cert importer as hook in the acme client

  22. diane

    oh?

  23. Menel

    diane: costs around 3 min to do it. Included is reading the doc https://prosody.im/download/package_repository

  24. diane

    πŸ™‚

  25. Menel

    Add backports and do: sudo apt install extrepo sudo extrepo enable prosody sudo apt update sudo apt install prosody And done. If the config isn't very strange from the standard everything will just continue to work. But doesn't hurt to read the release notes.. But then 3 min is maybe not enough πŸ˜„

  26. diane

    πŸ™‚ yeah