Next: Telephony Services, Previous: Mail Services, Up: Services [Contents][Index]
The (gnu services messaging)
module provides Guix service
definitions for messaging services. Currently it provides the following
services:
This is the type for the Prosody XMPP
communication server. Its value must be a prosody-configuration
record as in this example:
(service prosody-service-type (prosody-configuration (modules-enabled (cons* "groups" "mam" %default-modules-enabled)) (int-components (list (int-component-configuration (hostname "conference.example.net") (plugin "muc") (mod-muc (mod-muc-configuration))))) (virtualhosts (list (virtualhost-configuration (domain "example.net"))))))
See below for details about prosody-configuration
.
By default, Prosody does not need much configuration. Only one
virtualhosts
field is needed: it specifies the domain you wish
Prosody to serve.
You can perform various sanity checks on the generated configuration
with the prosodyctl check
command.
Prosodyctl will also help you to import certificates from the
letsencrypt
directory so that the prosody
user can access
them. See https://prosody.im/doc/letsencrypt.
prosodyctl --root cert import /etc/letsencrypt/live
The available configuration parameters follow. Each parameter
definition is preceded by its type; for example, ‘string-list foo’
indicates that the foo
parameter should be specified as a list of
strings. Types starting with maybe-
denote parameters that won’t
show up in prosody.cfg.lua
when their value is 'disabled
.
There is also a way to specify the configuration as a string, if you
have an old prosody.cfg.lua
file that you want to port over from
some other system; see the end for more details.
The file-object
type designates either a file-like object
(see file-like objects) or a file name.
Available prosody-configuration
fields are:
prosody-configuration
parameter: package prosodyThe Prosody package.
prosody-configuration
parameter: file-name data-pathLocation of the Prosody data storage directory. See https://prosody.im/doc/configure. Defaults to ‘"/var/lib/prosody"’.
prosody-configuration
parameter: file-object-list plugin-pathsAdditional plugin directories. They are searched in all the specified paths in order. See https://prosody.im/doc/plugins_directory. Defaults to ‘()’.
prosody-configuration
parameter: file-name certificatesEvery virtual host and component needs a certificate so that clients and servers can securely verify its identity. Prosody will automatically load certificates/keys from the directory specified here. Defaults to ‘"/etc/prosody/certs"’.
prosody-configuration
parameter: string-list adminsThis is a list of accounts that are admins for the server. Note that you
must create the accounts separately. See https://prosody.im/doc/admins and
https://prosody.im/doc/creating_accounts.
Example: (admins '("user1@example.com" "user2@example.net"))
Defaults to ‘()’.
prosody-configuration
parameter: boolean use-libevent?Enable use of libevent for better performance under high load. See https://prosody.im/doc/libevent. Defaults to ‘#f’.
prosody-configuration
parameter: module-list modules-enabledThis is the list of modules Prosody will load on startup. It looks for
mod_modulename.lua
in the plugins folder, so make sure that exists too.
Documentation on modules can be found at:
https://prosody.im/doc/modules.
Defaults to ‘("roster" "saslauth" "tls" "dialback" "disco" "carbons" "private" "blocklist" "vcard" "version" "uptime" "time" "ping" "pep" "register" "admin_adhoc")’.
prosody-configuration
parameter: string-list modules-disabled‘"offline"’, ‘"c2s"’ and ‘"s2s"’ are auto-loaded, but should you want to disable them then add them to this list. Defaults to ‘()’.
prosody-configuration
parameter: file-object groups-filePath to a text file where the shared groups are defined. If this path is empty then ‘mod_groups’ does nothing. See https://prosody.im/doc/modules/mod_groups. Defaults to ‘"/var/lib/prosody/sharedgroups.txt"’.
prosody-configuration
parameter: boolean allow-registration?Disable account creation by default, for security. See https://prosody.im/doc/creating_accounts. Defaults to ‘#f’.
prosody-configuration
parameter: maybe-ssl-configuration sslThese are the SSL/TLS-related settings. Most of them are disabled so to use Prosody’s defaults. If you do not completely understand these options, do not add them to your config, it is easy to lower the security of your server using them. See https://prosody.im/doc/advanced_ssl_config.
Available ssl-configuration
fields are:
ssl-configuration
parameter: maybe-string protocolThis determines what handshake to use.
ssl-configuration
parameter: maybe-file-name keyPath to your private key file.
ssl-configuration
parameter: maybe-file-name certificatePath to your certificate file.
ssl-configuration
parameter: file-object capathPath to directory containing root certificates that you wish Prosody to trust when verifying the certificates of remote servers. Defaults to ‘"/etc/ssl/certs"’.
ssl-configuration
parameter: maybe-file-object cafilePath to a file containing root certificates that you wish Prosody to trust.
Similar to capath
but with all certificates concatenated together.
ssl-configuration
parameter: maybe-string-list verifyA list of verification options (these mostly map to OpenSSL’s
set_verify()
flags).
ssl-configuration
parameter: maybe-string-list optionsA list of general options relating to SSL/TLS. These map to OpenSSL’s
set_options()
. For a full list of options available in LuaSec, see the
LuaSec source.
ssl-configuration
parameter: maybe-non-negative-integer depthHow long a chain of certificate authorities to check when looking for a trusted root certificate.
ssl-configuration
parameter: maybe-string ciphersAn OpenSSL cipher string. This selects what ciphers Prosody will offer to clients, and in what order.
ssl-configuration
parameter: maybe-file-name dhparamA path to a file containing parameters for Diffie-Hellman key exchange. You
can create such a file with:
openssl dhparam -out /etc/prosody/certs/dh-2048.pem 2048
ssl-configuration
parameter: maybe-string curveCurve for Elliptic curve Diffie-Hellman. Prosody’s default is ‘"secp384r1"’.
ssl-configuration
parameter: maybe-string-list verifyextA list of “extra” verification options.
ssl-configuration
parameter: maybe-string passwordPassword for encrypted private keys.
prosody-configuration
parameter: boolean c2s-require-encryption?Whether to force all client-to-server connections to be encrypted or not. See https://prosody.im/doc/modules/mod_tls. Defaults to ‘#f’.
prosody-configuration
parameter: string-list disable-sasl-mechanismsSet of mechanisms that will never be offered. See https://prosody.im/doc/modules/mod_saslauth. Defaults to ‘("DIGEST-MD5")’.
prosody-configuration
parameter: boolean s2s-require-encryption?Whether to force all server-to-server connections to be encrypted or not. See https://prosody.im/doc/modules/mod_tls. Defaults to ‘#f’.
prosody-configuration
parameter: boolean s2s-secure-auth?Whether to require encryption and certificate authentication. This provides ideal security, but requires servers you communicate with to support encryption AND present valid, trusted certificates. See https://prosody.im/doc/s2s#security. Defaults to ‘#f’.
prosody-configuration
parameter: string-list s2s-insecure-domainsMany servers don’t support encryption or have invalid or self-signed certificates. You can list domains here that will not be required to authenticate using certificates. They will be authenticated using DNS. See https://prosody.im/doc/s2s#security. Defaults to ‘()’.
prosody-configuration
parameter: string-list s2s-secure-domainsEven if you leave s2s-secure-auth?
disabled, you can still require
valid certificates for some domains by specifying a list here. See
https://prosody.im/doc/s2s#security.
Defaults to ‘()’.
prosody-configuration
parameter: string authenticationSelect the authentication backend to use. The default provider stores passwords in plaintext and uses Prosody’s configured data storage to store the authentication data. If you do not trust your server please see https://prosody.im/doc/modules/mod_auth_internal_hashed for information about using the hashed backend. See also https://prosody.im/doc/authentication Defaults to ‘"internal_plain"’.
prosody-configuration
parameter: maybe-string logSet logging options. Advanced logging configuration is not yet supported by the Prosody service. See https://prosody.im/doc/logging. Defaults to ‘"*syslog"’.
prosody-configuration
parameter: file-name pidfileFile to write pid in. See https://prosody.im/doc/modules/mod_posix. Defaults to ‘"/var/run/prosody/prosody.pid"’.
prosody-configuration
parameter: maybe-non-negative-integer http-max-content-sizeMaximum allowed size of the HTTP body (in bytes).
prosody-configuration
parameter: maybe-string http-external-urlSome modules expose their own URL in various ways. This URL is built
from the protocol, host and port used. If Prosody sits behind a proxy, the
public URL will be http-external-url
instead. See
https://prosody.im/doc/http#external_url.
prosody-configuration
parameter: virtualhost-configuration-list virtualhostsA host in Prosody is a domain on which user accounts can be created. For example if you want your users to have addresses like ‘"john.smith@example.com"’ then you need to add a host ‘"example.com"’. All options in this list will apply only to this host.
Note: the name virtual host is used in configuration to avoid confusion with the actual physical host that Prosody is installed on. A single Prosody instance can serve many domains, each one defined as a VirtualHost entry in Prosody’s configuration. Conversely a server that hosts a single domain would have just one VirtualHost entry.
See https://prosody.im/doc/configure#virtual_host_settings.
Available virtualhost-configuration
fields are:
all these prosody-configuration
fields: admins
, use-libevent?
, modules-enabled
, modules-disabled
, groups-file
, allow-registration?
, ssl
, c2s-require-encryption?
, disable-sasl-mechanisms
, s2s-require-encryption?
, s2s-secure-auth?
, s2s-insecure-domains
, s2s-secure-domains
, authentication
, log
, http-max-content-size
, http-external-url
, raw-content
, plus:
virtualhost-configuration
parameter: string domainDomain you wish Prosody to serve.
prosody-configuration
parameter: int-component-configuration-list int-componentsComponents are extra services on a server which are available to clients, usually on a subdomain of the main server (such as ‘"mycomponent.example.com"’). Example components might be chatroom servers, user directories, or gateways to other protocols.
Internal components are implemented with Prosody-specific plugins. To add an internal component, you simply fill the hostname field, and the plugin you wish to use for the component.
See https://prosody.im/doc/components. Defaults to ‘()’.
Available int-component-configuration
fields are:
all these prosody-configuration
fields: admins
, use-libevent?
, modules-enabled
, modules-disabled
, groups-file
, allow-registration?
, ssl
, c2s-require-encryption?
, disable-sasl-mechanisms
, s2s-require-encryption?
, s2s-secure-auth?
, s2s-insecure-domains
, s2s-secure-domains
, authentication
, log
, http-max-content-size
, http-external-url
, raw-content
, plus:
int-component-configuration
parameter: string hostnameHostname of the component.
int-component-configuration
parameter: string pluginPlugin you wish to use for the component.
int-component-configuration
parameter: maybe-mod-muc-configuration mod-mucMulti-user chat (MUC) is Prosody’s module for allowing you to create hosted chatrooms/conferences for XMPP users.
General information on setting up and using multi-user chatrooms can be found in the “Chatrooms” documentation (https://prosody.im/doc/chatrooms), which you should read if you are new to XMPP chatrooms.
See also https://prosody.im/doc/modules/mod_muc.
Available mod-muc-configuration
fields are:
mod-muc-configuration
parameter: string nameThe name to return in service discovery responses. Defaults to ‘"Prosody Chatrooms"’.
mod-muc-configuration
parameter: string-or-boolean restrict-room-creationIf ‘#t’, this will only allow admins to create new chatrooms. Otherwise anyone can create a room. The value ‘"local"’ restricts room creation to users on the service’s parent domain. E.g. ‘user@example.com’ can create rooms on ‘rooms.example.com’. The value ‘"admin"’ restricts to service administrators only. Defaults to ‘#f’.
mod-muc-configuration
parameter: non-negative-integer max-history-messagesMaximum number of history messages that will be sent to the member that has just joined the room. Defaults to ‘20’.
prosody-configuration
parameter: ext-component-configuration-list ext-componentsExternal components use XEP-0114, which most standalone components support. To add an external component, you simply fill the hostname field. See https://prosody.im/doc/components. Defaults to ‘()’.
Available ext-component-configuration
fields are:
all these prosody-configuration
fields: admins
, use-libevent?
, modules-enabled
, modules-disabled
, groups-file
, allow-registration?
, ssl
, c2s-require-encryption?
, disable-sasl-mechanisms
, s2s-require-encryption?
, s2s-secure-auth?
, s2s-insecure-domains
, s2s-secure-domains
, authentication
, log
, http-max-content-size
, http-external-url
, raw-content
, plus:
ext-component-configuration
parameter: string component-secretPassword which the component will use to log in.
ext-component-configuration
parameter: string hostnameHostname of the component.
prosody-configuration
parameter: non-negative-integer-list component-portsPort(s) Prosody listens on for component connections. Defaults to ‘(5347)’.
prosody-configuration
parameter: string component-interfaceInterface Prosody listens on for component connections. Defaults to ‘"127.0.0.1"’.
prosody-configuration
parameter: maybe-raw-content raw-contentRaw content that will be added to the configuration file.
It could be that you just want to get a prosody.cfg.lua
up and running. In that case, you can pass an
opaque-prosody-configuration
record as the value of
prosody-service-type
. As its name indicates, an opaque configuration
does not have easy reflective capabilities.
Available opaque-prosody-configuration
fields are:
opaque-prosody-configuration
parameter: package prosodyThe prosody package.
opaque-prosody-configuration
parameter: string prosody.cfg.luaThe contents of the prosody.cfg.lua
to use.
For example, if your prosody.cfg.lua
is just the empty
string, you could instantiate a prosody service like this:
(service prosody-service-type (opaque-prosody-configuration (prosody.cfg.lua "")))
BitlBee is a gateway that provides an IRC interface to a variety of messaging protocols such as XMPP.
This is the service type for the BitlBee IRC
gateway daemon. Its value is a bitlbee-configuration
(see
below).
To have BitlBee listen on port 6667 on localhost, add this line to your services:
(service bitlbee-service-type)
This is the configuration for BitlBee, with the following fields:
interface
(default: "127.0.0.1"
)port
(default: 6667
)Listen on the network interface corresponding to the IP address specified in interface, on port.
When interface is 127.0.0.1
, only local clients can
connect; when it is 0.0.0.0
, connections can come from any
networking interface.
bitlbee
(default: bitlbee
)The BitlBee package to use.
plugins
(default: '()
)List of plugin packages to use—e.g., bitlbee-discord
.
extra-settings
(default: ""
)Configuration snippet added as-is to the BitlBee configuration file.
Quassel is a distributed IRC client, meaning that one or more clients can attach to and detach from the central core.
This is the service type for the Quassel
IRC backend daemon. Its value is a quassel-configuration
(see below).
This is the configuration for Quassel, with the following fields:
quassel
(default: quassel
)The Quassel package to use.
interface
(default: "::,0.0.0.0"
)port
(default: 4242
)Listen on the network interface(s) corresponding to the IPv4 or IPv6 interfaces specified in the comma delimited interface, on port.
loglevel
(default: "Info"
)The level of logging desired. Accepted values are Debug, Info, Warning and Error.
Next: Telephony Services, Previous: Mail Services, Up: Services [Contents][Index]