services: prosody: Adapt to Prosody 0.10.0.

* doc/guix.texi (Messaging Services): Add "mam" as a module example. Document 'prosodyctl check'. Replace 'prosodyctl cert request' with 'prosodyctl cert import'. Regenerate it. * gnu/services/messaging.scm (serialize-module-list): Remove "posix" from the default modules list because it is now automatically loaded. (ssl-configuration)[key, certificate]: Remove them because they are now automatically located. Fix their docstrings. (%default-modules-enabled): Add "carbons" and "blocklist". (prosody-configuration)[certificates]: Set default directory from which certificates/keys will be automatically located.
2017-10-06 02:01:07 +02:00 · 2017-10-06 02:01:07 +02:00 · 5cc6dcd734
parent 3ba501083d
commit 5cc6dcd734
2 changed files with 33 additions and 14 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -13899,7 +13899,7 @@ record as in this example:
@example
 (service prosody-service-type
         (prosody-configuration
-          (modules-enabled (cons "groups" %default-modules-enabled))
+          (modules-enabled (cons "groups" "mam" %default-modules-enabled))
          (int-components
           (list
            (int-component-configuration
@ -13920,10 +13920,15 @@ By default, Prosody does not need much configuration.  Only one
@code{virtualhosts} field is needed: it specifies the domain you wish
 Prosody to serve.

-Prosodyctl will help you generate X.509 certificates and keys:
+You can perform various sanity checks on the generated configuration
+with the @code{prosodyctl check} command.
+
+Prosodyctl will also help you to import certificates from the
+@code{letsencrypt} directory so that the @code{prosody} user can access
+them.  See @url{https://prosody.im/doc/letsencrypt}.

@example
-prosodyctl cert request example.net
+prosodyctl --root cert import /etc/letsencrypt/live
@end example

 The available configuration parameters follow.  Each parameter
@ -13962,6 +13967,13 @@ paths in order.  See @url{http://prosody.im/doc/plugins_directory}.
 Defaults to @samp{()}.
@end deftypevr

+@deftypevr {@code{prosody-configuration} parameter} file-name certificates
+Every virtual host and component needs a certificate so that clients and
+servers can securely verify its identity.  Prosody will automatically load
+certificates/keys from the directory specified here.
+Defaults to @samp{"/etc/prosody/certs"}.
+@end deftypevr
+
@deftypevr {@code{prosody-configuration} parameter} string-list admins
 This is a list of accounts that are admins for the server.  Note that you
 must create the accounts separately.  See @url{http://prosody.im/doc/admins} and
@ -14014,14 +14026,12 @@ Available @code{ssl-configuration} fields are:
 This determines what handshake to use.
@end deftypevr

-@deftypevr {@code{ssl-configuration} parameter} file-name key
-Path to your private key file, relative to @code{/etc/prosody}.
-Defaults to @samp{"/etc/prosody/certs/key.pem"}.
+@deftypevr {@code{ssl-configuration} parameter} maybe-file-name key
+Path to your private key file.
@end deftypevr

-@deftypevr {@code{ssl-configuration} parameter} file-name certificate
-Path to your certificate file, relative to @code{/etc/prosody}.
-Defaults to @samp{"/etc/prosody/certs/cert.pem"}.
+@deftypevr {@code{ssl-configuration} parameter} maybe-file-name certificate
+Path to your certificate file.
@end deftypevr

@deftypevr {@code{ssl-configuration} parameter} file-name capath
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@ -160,7 +160,7 @@
 (define (module-list? val)
  (string-list? val))
 (define (serialize-module-list field-name val)
-  (serialize-string-list field-name (cons "posix" val)))
+  (serialize-string-list field-name val))
 (define-maybe module-list)

 (define (file-name? val)
@ -203,12 +203,12 @@ just joined the room."))
   "This determines what handshake to use.")

  (key
-   (file-name "/etc/prosody/certs/key.pem")
-   "Path to your private key file, relative to @code{/etc/prosody}.")
+   (maybe-file-name 'disabled)
+   "Path to your private key file.")

  (certificate
-   (file-name "/etc/prosody/certs/cert.pem")
-   "Path to your certificate file, relative to @code{/etc/prosody}.")
+   (maybe-file-name 'disabled)
+   "Path to your certificate file.")

  (capath
   (file-name "/etc/ssl/certs")
@ -271,7 +271,9 @@ can create such a file with:
    "tls"
    "dialback"
    "disco"
+    "carbons"
    "private"
+    "blocklist"
    "vcard"
    "version"
    "uptime"
@ -321,6 +323,13 @@ can create such a file with:
 paths in order.  See @url{http://prosody.im/doc/plugins_directory}."
     global)

+    (certificates
+     (file-name "/etc/prosody/certs")
+     "Every virtual host and component needs a certificate so that clients and
+servers can securely verify its identity.  Prosody will automatically load
+certificates/keys from the directory specified here."
+     global)
+
    (admins
     (string-list '())
     "This is a list of accounts that are admins for the server.  Note that you