Move defaults from entrypoint script to cfg.lua files (#71)

* Move multiple defaults from entrypoint script to cfg.lua files.

* Move remaining defaults from entrypoint script to cfg.lua files.

* Update postgres version in tests

* Register users with prosodyctl in tests

* Replace 'docker-compose' with 'docker compose'

conf.d/02-storage.cfg.lua

@@ -1,8 +1,8 @@
 default_storage = "sql"
 
 sql = {
-  driver = os.getenv("DB_DRIVER");
+  driver = os.getenv("DB_DRIVER") or "SQLite3";
-  database = os.getenv("DB_DATABASE");
+  database = os.getenv("DB_DATABASE") or "prosody.sqlite";
   host = os.getenv("DB_HOST");
   port = os.getenv("DB_PORT");
   username = os.getenv("DB_USERNAME");

conf.d/03-e2e-policy.cfg.lua

@@ -1,8 +1,11 @@
 local stringy = require "stringy" 
 
-e2e_policy_chat = os.getenv("E2E_POLICY_CHAT")
+e2e_policy_chat = os.getenv("E2E_POLICY_CHAT") or "required"
-e2e_policy_muc = os.getenv("E2E_POLICY_MUC")
+e2e_policy_muc = os.getenv("E2E_POLICY_MUC") or "required"
-e2e_policy_whitelist = stringy.split(os.getenv("E2E_POLICY_WHITELIST"), ", ")
+
+local whitelist = os.getenv("E2E_POLICY_WHITELIST") or ""
+e2e_policy_whitelist = stringy.split(whitelist, ", ")
+
 e2e_policy_message_optional_chat = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server."
 e2e_policy_message_required_chat = "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server."
 e2e_policy_message_optional_muc = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server."

conf.d/04-server_contact_info.cfg.lua

@@ -1,10 +1,18 @@
 local stringy = require "stringy" 
 
+local domain = os.getenv("DOMAIN")
+local abuse = os.getenv("SERVER_CONTACT_INFO_ABUSE") or "xmpp:abuse@" .. domain
+local admin = os.getenv("SERVER_CONTACT_INFO_ADMIN") or "xmpp:admin@" .. domain
+local feedback = os.getenv("SERVER_CONTACT_INFO_FEEDBACK") or "xmpp:feedback@" .. domain
+local sales = os.getenv("SERVER_CONTACT_INFO_SALES") or "xmpp:sales@" .. domain
+local security = os.getenv("SERVER_CONTACT_INFO_SECURITY") or "xmpp:security@" .. domain
+local support = os.getenv("SERVER_CONTACT_INFO_SUPPORT") or "xmpp:support@" .. domain
+
 contact_info = {
-  abuse = stringy.split(os.getenv("SERVER_CONTACT_INFO_ABUSE"), ", ");
+  abuse = stringy.split(abuse, ", ");
-  admin = stringy.split(os.getenv("SERVER_CONTACT_INFO_ADMIN"), ", ");
+  admin = stringy.split(admin, ", ");
-  feedback = stringy.split(os.getenv("SERVER_CONTACT_INFO_FEEDBACK"), ", ");
+  feedback = stringy.split(feedback, ", ");
-  sales = stringy.split(os.getenv("SERVER_CONTACT_INFO_SALES"), ", ");
+  sales = stringy.split(sales, ", ");
-  security = stringy.split(os.getenv("SERVER_CONTACT_INFO_SECURITY"), ", ");
+  security = stringy.split(security, ", ");
-  support = stringy.split(os.getenv("SERVER_CONTACT_INFO_SUPPORT"), ", ");
+  support = stringy.split(support, ", ");
 }

conf.d/05-vhost.cfg.lua

@@ -1,8 +1,8 @@
 local domain = os.getenv("DOMAIN")
-local domain_http_upload = os.getenv("DOMAIN_HTTP_UPLOAD")
+local domain_http_upload = os.getenv("DOMAIN_HTTP_UPLOAD") or "upload." .. domain
-local domain_muc = os.getenv("DOMAIN_MUC")
+local domain_muc = os.getenv("DOMAIN_MUC") or "conference." .. domain
-local domain_proxy = os.getenv("DOMAIN_PROXY")
+local domain_proxy = os.getenv("DOMAIN_PROXY") or "proxy." .. domain
-local domain_pubsub = os.getenv("DOMAIN_PUBSUB")
+local domain_pubsub = os.getenv("DOMAIN_PUBSUB") or "pubsub." .. domain
 
 -- XEP-0368: SRV records for XMPP over TLS
 -- https://compliance.conversations.im/test/xep0368/

docker-entrypoint.bash

@@ -1,28 +1,6 @@
 #!/bin/bash
 set -e
 
-export ALLOW_REGISTRATION=${ALLOW_REGISTRATION:-true}
-export DOMAIN_HTTP_UPLOAD=${DOMAIN_HTTP_UPLOAD:-"upload.$DOMAIN"}
-export DOMAIN_MUC=${DOMAIN_MUC:-"conference.$DOMAIN"}
-export DOMAIN_PROXY=${DOMAIN_PROXY:-"proxy.$DOMAIN"}
-export DOMAIN_PUBSUB=${DOMAIN_PUBSUB:-"pubsub.$DOMAIN"}
-export DB_DRIVER=${DB_DRIVER:-"SQLite3"}
-export DB_DATABASE=${DB_DATABASE:-"prosody.sqlite"}
-export E2E_POLICY_CHAT=${E2E_POLICY_CHAT:-"required"}
-export E2E_POLICY_MUC=${E2E_POLICY_MUC:-"required"}
-export E2E_POLICY_WHITELIST=${E2E_POLICY_WHITELIST:-""}
-export LOG_LEVEL=${LOG_LEVEL:-"info"}
-export C2S_REQUIRE_ENCRYPTION=${C2S_REQUIRE_ENCRYPTION:-true}
-export S2S_REQUIRE_ENCRYPTION=${S2S_REQUIRE_ENCRYPTION:-true}
-export S2S_SECURE_AUTH=${S2S_SECURE_AUTH:-true}
-export SERVER_CONTACT_INFO_ABUSE=${SERVER_CONTACT_INFO_ABUSE:-"xmpp:abuse@$DOMAIN"}
-export SERVER_CONTACT_INFO_ADMIN=${SERVER_CONTACT_INFO_ADMIN:-"xmpp:admin@$DOMAIN"}
-export SERVER_CONTACT_INFO_FEEDBACK=${SERVER_CONTACT_INFO_FEEDBACK:-"xmpp:feedback@$DOMAIN"}
-export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"}
-export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"}
-export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"}
-export PROSODY_ADMINS=${PROSODY_ADMINS:-""}
-
 if [[ "$1" != "prosody" ]]; then
     exec prosodyctl $*
     exit 0;

prosody.cfg.lua

@@ -3,15 +3,16 @@
 
 local stringy = require "stringy" 
 
-admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", ");
+local prosody_admins = os.getenv("PROSODY_ADMINS") or "";
+admins = stringy.split(prosody_admins, ", ");
 
 pidfile = "/var/run/prosody/prosody.pid"
 
-allow_registration = os.getenv("ALLOW_REGISTRATION");
+allow_registration = os.getenv("ALLOW_REGISTRATION") or "true";
 
-c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION");
+c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION") or "true";
-s2s_require_encryption = os.getenv("S2S_REQUIRE_ENCRYPTION");
+s2s_require_encryption = os.getenv("S2S_REQUIRE_ENCRYPTION") or "true";
-s2s_secure_auth = os.getenv("S2S_SECURE_AUTH");
+s2s_secure_auth = os.getenv("S2S_SECURE_AUTH") or "true";
 
 authentication = os.getenv("AUTHENTICATION") or "internal_hashed";
 
@@ -26,7 +27,7 @@ ldap_mode = os.getenv("LDAP_MODE") or "bind";
 ldap_admin_filter = os.getenv("LDAP_ADMIN_FILTER") or "";
 
 log = {
-    {levels = {min = os.getenv("LOG_LEVEL")}, to = "console"};
+    {levels = {min = os.getenv("LOG_LEVEL") or "info"}, to = "console"};
 };
 
 Include "conf.d/*.cfg.lua";

readme.md

@@ -167,9 +167,9 @@ services:
       - ./data:/usr/local/var/lib/prosody
 ```
 
-Boot it via: ```docker-compose up -d```.
+Boot it via: ```docker compose up -d```.
 
-Inspect logs: ```docker-compose logs -f```.
+Inspect logs: ```docker compose logs -f```.
 
 ### Volumes permissions
 
@@ -265,7 +265,7 @@ If you need additional configuration just overwrite the respective _cfg.lua_ fil
 When migrating from prosody 0.10, you need to update the database once:
 
 ```bash
-docker-compose exec server bash
+docker compose exec server bash
 prosodyctl mod_storage_sql upgrade
 ```
 

tests/docker-compose.yml

@@ -43,7 +43,7 @@ services:
       - postgres
 
   postgres:
-    image: postgres:15-alpine
+    image: postgres:16-alpine
     restart: unless-stopped
     environment:
       POSTGRES_DB: prosody

tests/test.bash

@@ -19,7 +19,7 @@ registerTestUser() {
     local userName="$1"
     local containerName="$2"
     echo "Registering TestUser '$userName' in container '$containerName'"
-    sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName example.com 12345678"
+    sudo docker compose exec "$containerName" /bin/bash -c "prosodyctl register $userName example.com 12345678"
 }
 
 registerTestUsers() {
@@ -42,7 +42,7 @@ runTests() {
     && pytest \
     && deactivate \
     && sleep 5 \
-    && sudo docker-compose logs "$containerName" \
+    && sudo docker compose logs "$containerName" \
     && export batsContainerName="$containerName" \
     && ./bats/bats-core/bin/bats tests.bats \
     && ./bats/bats-core/bin/bats tests-"$containerName".bats
@@ -56,22 +56,22 @@ generateCert "upload.example.com"
 
 # Run tests for first container with postgres
 # Start postgres first and wait for 10 seconds before starting prosody.
-sudo docker-compose down
+sudo docker compose down
-sudo docker-compose up -d postgres
+sudo docker compose up -d postgres
 sleep 10
-sudo docker-compose up -d prosody_postgres
+sudo docker compose up -d prosody_postgres
 
 registerTestUsers prosody_postgres
 runTests prosody_postgres
-sudo docker-compose down
+sudo docker compose down
 
 # Run tests for second container with SQLite
-sudo docker-compose up -d prosody
+sudo docker compose up -d prosody
 registerTestUsers prosody
 runTests prosody
-sudo docker-compose down
+sudo docker compose down
 
 # Run tests for prosody with ldap
-sudo docker-compose up -d prosody_ldap
+sudo docker compose up -d prosody_ldap
 runTests prosody_ldap
-sudo docker-compose down
+sudo docker compose down

tests/tests-prosody.bats

@@ -4,7 +4,7 @@ load 'bats/bats-support/load'
 load 'bats/bats-assert/load'
 
 @test "Should use sqlite" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
+  run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
   assert_success
   assert_output
 }

tests/tests-prosody_ldap.bats

@@ -4,13 +4,13 @@ load 'bats/bats-support/load'
 load 'bats/bats-assert/load'
 
 @test "Should use sqlite" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
+  run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\""
   assert_success
   assert_output
 }
 
 @test "Should use ldap" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Host 'example.com' now set to use user provider 'ldap'\""
+  run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Host 'example.com' now set to use user provider 'ldap'\""
   assert_success
   assert_output
 }

tests/tests-prosody_postgres.bats

@@ -4,7 +4,7 @@ load 'bats/bats-support/load'
 load 'bats/bats-assert/load'
 
 @test "Should use postgres" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\""
+  run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\""
   assert_success
   assert_output
 }

tests/tests.bats

@@ -4,95 +4,95 @@ load 'bats/bats-support/load'
 load 'bats/bats-assert/load'
 
 @test "Should send 5 messages" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Received\[c2s\]: <message\" | wc -l"
+  run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Received\[c2s\]: <message\" | wc -l"
   assert_success
   assert_output "5"
 }
 
 @test "Should select certificate for example.com" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \" example.com:tls\" | wc -l"
+  run bash -c "sudo docker compose logs $batsContainerName | grep \"Certificates loaded\" | grep \" example.com:tls\" | wc -l"
   assert_success
   assert_output "1"
 }
 
 @test "Should select certificate for conference.example.com" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"conference.example.com:tls\" | wc -l"
+  run bash -c "sudo docker compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"conference.example.com:tls\" | wc -l"
   assert_success
   assert_output "1"
 }
 
 @test "Should select certificate for proxy.example.com" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"proxy.example.com:tls\" | wc -l"
+  run bash -c "sudo docker compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"proxy.example.com:tls\" | wc -l"
   assert_success
   assert_output "1"
 }
 
 @test "Should select certificate for pubsub.example.com" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"pubsub.example.com:tls\" | wc -l"
+  run bash -c "sudo docker compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"pubsub.example.com:tls\" | wc -l"
   assert_success
   assert_output "1"
 }
 
 @test "Should select certificate for upload.example.com" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"upload.example.com:tls\" | wc -l"
+  run bash -c "sudo docker compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"upload.example.com:tls\" | wc -l"
   assert_success
   assert_output "1"
 }
 
 @test "Should log error for user with wrong password" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Session closed by remote with error: undefined-condition (user intervention: authentication failed: authentication aborted by user)\""
+  run bash -c "sudo docker compose logs $batsContainerName | grep \"Session closed by remote with error: undefined-condition (user intervention: authentication failed: authentication aborted by user)\""
   assert_success
   assert_output
 }
 
 @test "Should activate s2s" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 's2s' on (\[::\]:5269|\[\*\]:5269), (\[::\]:5269|\[\*\]:5269)\""
+  run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Activated service 's2s' on (\[::\]:5269|\[\*\]:5269), (\[::\]:5269|\[\*\]:5269)\""
   assert_success
   assert_output
 }
 
 @test "Should activate c2s" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'c2s' on (\[::\]:5222|\[\*\]:5222), (\[::\]:5222|\[\*\]:5222)\""
+  run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Activated service 'c2s' on (\[::\]:5222|\[\*\]:5222), (\[::\]:5222|\[\*\]:5222)\""
   assert_success
   assert_output
 }
 
 @test "Should activate c2s_direct_tls" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'c2s_direct_tls' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
+  run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Activated service 'c2s_direct_tls' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\""
   assert_success
   assert_output
 }
 
 @test "Should activate proxy65" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'proxy65' on (\[::\]:5000|\[\*\]:5000), (\[::\]:5000|\[\*\]:5000)\""
+  run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Activated service 'proxy65' on (\[::\]:5000|\[\*\]:5000), (\[::\]:5000|\[\*\]:5000)\""
   assert_success
   assert_output
 }
 
 @test "Should activate https" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'https' on (\[::\]:5281|\[\*\]:5281), (\[::\]:5281|\[\*\]:5281)\""
+  run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Activated service 'https' on (\[::\]:5281|\[\*\]:5281), (\[::\]:5281|\[\*\]:5281)\""
   assert_success
   assert_output
 }
 
 @test "Should load module cloud_notify" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"example.com:cloud_notify.*info.*Module loaded\""
+  run bash -c "sudo docker compose logs $batsContainerName | grep \"example.com:cloud_notify.*info.*Module loaded\""
   assert_success
   assert_output
 }
 
 @test "Should show upload URL" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep \"Serving 'file_share' at https:\/\/upload.example.com:5281\/file_share\""
+  run bash -c "sudo docker compose logs $batsContainerName | grep \"Serving 'file_share' at https:\/\/upload.example.com:5281\/file_share\""
   assert_success
   assert_output
 }
 
 @test "Should not use deprecated config" {
-  run bash -c "sudo docker-compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3"
+  run bash -c "sudo docker compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3"
   assert_failure
 }
 
 @test "Should not have warnings in log" {
-  run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"warn\""
+  run bash -c "sudo docker compose logs $batsContainerName | grep -E \"warn\""
   assert_failure
 }