ejabberd posix

self_hosting/services/ejabberd/README.md

@@ -2,12 +2,12 @@
 
 These are the ports needed for ejabberd to work.
 Ports 80 and 443 are needed for deploying and SSL certificate with certbot.
-Read more about ports in [ejabberd's docs](https://docs.ejabberd.im/admin/guide/security)
+Read more about ports in [ejabberd's docs](https://docs.ejabberd.im/admin/guide/security),
+to see which ports are needed for whatever modules you need.
 
 ```shell
-declare -a ports=("80" "443" "5222" "5223" "5269" "5280" "5443" "1883" "8883" "3478" "5349" "7777")
+set -- 80 443 5222 5223 5269 5280 5443 1883 8883 3478 5349 7777
-
+for port in "$@"; do ufw allow "$port" ; done
-for port in "${ports[@]}"; do ufw allow "$port" ; done
 ufw reload
 ```
 
@@ -23,20 +23,20 @@ systemctl enable --now ejabberd
 
 # Generate certs
 
-This is from [Nerd on the Street](https://github.com/nerdonthestreet).
+This is a slightly modified snippet from [Nerd on the Street](https://github.com/nerdonthestreet).
-Change the DOMAIN variable to your preference.
+Change the example.org to your preference.
 
 ```shell
-DOMAIN="example.org"
+#!/bin/sh
 
-# Set the domain names you want here, stun & turn are required for calls
+set -- example.org conference.example.org proxy.example.org pubsub.example.org upload.example.org stun.example.org turn.example.org
-declare -a subdomains=("" "conference." "proxy." "pubsub." "upload." "stun." "turn.")
+CERTBOT_OPTS="certonly --standalone --register-unsafely-without-email --agree-tos"
 
-for i in "${subdomains[@]}"; do
+for i in "$@"; do
-    certbot -d $i$DOMAIN certonly --standalone --register-unsafely-without-email --agree-tos
+    certbot -d $i "$CERTBOT_OPTS"
-    mkdir -p /etc/ejabberd/certs/$i$DOMAIN
+    mkdir -p /etc/ejabberd/certs/$i
-    cp /etc/letsencrypt/live/$i$DOMAIN/fullchain.pem /etc/ejabberd/certs/$i$DOMAIN
+    cp /etc/letsencrypt/live/$i/fullchain.pem /etc/ejabberd/certs/$i
-    cp /etc/letsencrypt/live/$i$DOMAIN/privkey.pem /etc/ejabberd/certs/$i$DOMAIN
+    cp /etc/letsencrypt/live/$i/privkey.pem /etc/ejabberd/certs/$i
 done
 ```
 

self_hosting/services/ejabberd/certbot-cron-ejabberd.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -- example.org conference.example.org proxy.example.org pubsub.example.org upload.example.org stun.example.org turn.example.org
+CERTBOT_OPTS="certonly --standalone --register-unsafely-without-email --agree-tos"
+
+for i in "$@"; do
+    certbot -d $i "$CERTBOT_OPTS"
+    mkdir -p /etc/ejabberd/certs/$i
+    cp /etc/letsencrypt/live/$i/fullchain.pem /etc/ejabberd/certs/$i
+    cp /etc/letsencrypt/live/$i/privkey.pem /etc/ejabberd/certs/$i
+done

system_administration/certbot-cron/README.md

@@ -0,0 +1,29 @@
+# Script for automating certbot on the background
+
+```shell
+#!/bin/sh
+
+# Add the domains for which you need an ssl cert
+set -- example.org sub.example.org mail.example.org
+# Specify argunments for certbot
+CERTBOT_OPTS="certonly --standalone --register-unsafely-without-email --agree-tos"
+
+for i in "$@"; do
+    certbot -d $i "$CERTBOT_OPTS"
+    # The following commands move certs to a preconfigured ejabberd
+    # directory, ignore if not using ejabberd.
+    #mkdir -p /etc/ejabberd/certs/$i
+    #cp /etc/letsencrypt/live/$i/fullchain.pem /etc/ejabberd/certs/$i
+    #cp /etc/letsencrypt/live/$i/privkey.pem /etc/ejabberd/certs/$i
+done
+```
+
+# Or run as one command
+
+``` shell
+set -- example.org sub.example.org mail.example.org
+```
+
+``` shell
+for i in "$@"; do certbot -d $i certonly --standalone --register-unsafely-without-email --agree-tos; done
+```

system_administration/certbot-cron/certbot-cron.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# Add the domains for which you need an ssl cert
+set -- example.org sub.example.org mail.example.org
+# Specify argunments for certbot
+CERTBOT_OPTS="certonly --standalone --register-unsafely-without-email --agree-tos"
+
+for i in "$@"; do
+    certbot -d $i "$CERTBOT_OPTS"
+    # The following commands move certs to a preconfigured ejabberd
+    # directory, ignore if not using ejabberd.
+    #mkdir -p /etc/ejabberd/certs/$i
+    #cp /etc/letsencrypt/live/$i/fullchain.pem /etc/ejabberd/certs/$i
+    #cp /etc/letsencrypt/live/$i/privkey.pem /etc/ejabberd/certs/$i
+done