XF/GIA
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Lightweight containerized prosody tooling + moved auth scripts + xmpp reconnect/auth stabilization

Browse Source
This commit is contained in:
Mark Veidemanis
2026-03-05 02:18:12 +00:00
parent 0718a06c19
commit 2140c5facf
69 changed files with 3767 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
utilities/prosody/renew_prosody_cert.sh Executable file
View File

@@ -0,0 +1,43 @@
#!/usr/bin/env bash
set -euo pipefail
# Run as root from host. This script pipes certificate material through the
# `code` user into the Prosody container via podman exec.
DOMAIN="${DOMAIN:-zm.is}"
STACK_ID="${GIA_STACK_ID:-${STACK_ID:-}}"
STACK_ID="$(echo "$STACK_ID" | tr -cs 'a-zA-Z0-9._-' '-' | sed 's/^-*//; s/-*$//')"
if [[ -n "$STACK_ID" ]]; then
PROSODY_CONTAINER_DEFAULT="prosody_gia_${STACK_ID}"
else
PROSODY_CONTAINER_DEFAULT="prosody_gia"
fi
PROSODY_CONTAINER="${PROSODY_CONTAINER:-$PROSODY_CONTAINER_DEFAULT}"
FULLCHAIN_PATH="${FULLCHAIN_PATH:-/root/.acme.sh/${DOMAIN}/fullchain.cer}"
KEY_PATH="${KEY_PATH:-/root/.acme.sh/${DOMAIN}/${DOMAIN}.key}"
CERT_PATH_IN_CONTAINER="${CERT_PATH_IN_CONTAINER:-/etc/prosody/certs/cert.pem}"
if [[ "$(id -u)" -ne 0 ]]; then
echo "This script must run as root." >&2
exit 1
fi
if [[ ! -r "$FULLCHAIN_PATH" ]]; then
echo "Missing or unreadable fullchain: $FULLCHAIN_PATH" >&2
exit 1
fi
if [[ ! -r "$KEY_PATH" ]]; then
echo "Missing or unreadable key: $KEY_PATH" >&2
exit 1
fi
cat "$FULLCHAIN_PATH" "$KEY_PATH" \
| sed '/^$/d' \
| su -s /bin/sh code -c "podman exec -i $PROSODY_CONTAINER sh -lc 'cat > $CERT_PATH_IN_CONTAINER'"
su -s /bin/sh code -c "podman exec $PROSODY_CONTAINER sh -lc 'chown prosody:prosody $CERT_PATH_IN_CONTAINER && chmod 0600 $CERT_PATH_IN_CONTAINER && prosodyctl reload'"
echo "Prosody certificate updated and reloaded in container: $PROSODY_CONTAINER"