tiararodney/bugzilla
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

init

Browse source
This commit is contained in:
Tiara Rodney 2026-03-14 05:38:45 +01:00
commit 883f31932e
No known key found for this signature in database
GPG key ID: 5CD8EC1D46106723
169 changed files with 5676 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ansible/roles/conversejs/defaults/main.yml Normal file
View file

@ -0,0 +1,5 @@
---
install_dir: /var/www/chat.tiararodney.com
ssl_cert: /etc/letsencrypt/live/tiararodney.com/fullchain.pem
ssl_key: /etc/letsencrypt/live/tiararodney.com/privkey.pem
prosody_port: 5280

4
ansible/roles/conversejs/meta/main.yml Normal file
View file

@ -0,0 +1,4 @@
---
dependencies:
-
role: apache

49
ansible/roles/conversejs/tasks/deploy-conversejs.yml Normal file
View file

@ -0,0 +1,49 @@
---
-
name: Ensure converse.js document root exists
file:
path: "{{ install_dir }}"
state: directory
owner: www-data
group: www-data
mode: "0755"
-
name: Download converse.js release
unarchive:
src: "https://github.com/conversejs/converse.js/releases/download/v{{ version }}/converse.js-{{ version }}.tgz"
dest: "{{ install_dir }}"
remote_src: yes
extra_opts: ["--strip-components=1"]
owner: www-data
group: www-data
-
name: Download libsignal-protocol for OMEMO
get_url:
url: "https://cdn.conversejs.org/3rdparty/libsignal-protocol.min.js"
dest: "{{ install_dir }}/dist/libsignal-protocol.min.js"
owner: www-data
group: www-data
-
name: Deploy converse.js index page
template:
src: index.html.j2
dest: "{{ install_dir }}/index.html"
owner: www-data
group: www-data
-
name: Deploy chat vhost
template:
src: vhost.conf.j2
dest: "{{ apache_sites_available }}/chat.conf"
notify: reload apache
-
name: Enable chat site
command: "{{ apache_enable_site_cmd }} chat"
args:
creates: "{{ apache_sites_enabled }}/chat.conf"
notify: reload apache

4
ansible/roles/conversejs/tasks/main.yml Normal file
View file

@ -0,0 +1,4 @@
---
-
name: Deploy conversejs
ansible.builtin.include_tasks: deploy-conversejs.yml

195
ansible/roles/conversejs/templates/index.html.j2 Normal file
View file

@ -0,0 +1,195 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Chat - {{ domain }}</title>
<link rel="stylesheet" href="dist/converse.min.css">
<script src="dist/libsignal-protocol.min.js"></script>
{% if oauth_client_id is defined %}
<style>
#oauth-login {
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
background: #2e3436;
}
#oauth-login a {
padding: 16px 32px;
background: #3584e4;
color: white;
text-decoration: none;
border-radius: 8px;
font-size: 18px;
font-family: sans-serif;
}
#oauth-login a:hover { background: #1c71d8; }
</style>
{% endif %}
</head>
<body>
{% if oauth_client_id is defined %}
<div id="oauth-login">
<a id="login-btn" href="#">Login with Authentik</a>
</div>
<script>
(function() {
const CLIENT_ID = '{{ oauth_client_id }}';
const AUTHORIZE_URL = '{{ oauth_authorize_url }}';
const TOKEN_URL = '{{ oauth_token_url }}';
const REDIRECT_URI = window.location.origin + window.location.pathname;
const DOMAIN = '{{ domain }}';
function generateCodeVerifier() {
const arr = new Uint8Array(32);
crypto.getRandomValues(arr);
return btoa(String.fromCharCode(...arr))
.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
}
async function generateCodeChallenge(verifier) {
const data = new TextEncoder().encode(verifier);
const hash = await crypto.subtle.digest('SHA-256', data);
return btoa(String.fromCharCode(...new Uint8Array(hash)))
.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
}
async function startOAuth() {
const state = generateCodeVerifier();
const codeVerifier = generateCodeVerifier();
const codeChallenge = await generateCodeChallenge(codeVerifier);
sessionStorage.setItem('oauth_state', state);
sessionStorage.setItem('oauth_code_verifier', codeVerifier);
const params = new URLSearchParams({
response_type: 'code',
client_id: CLIENT_ID,
redirect_uri: REDIRECT_URI,
scope: 'openid profile email',
state: state,
code_challenge: codeChallenge,
code_challenge_method: 'S256'
});
window.location.href = AUTHORIZE_URL + '?' + params.toString();
}
async function exchangeCode(code) {
const codeVerifier = sessionStorage.getItem('oauth_code_verifier');
const resp = await fetch(TOKEN_URL, {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: new URLSearchParams({
grant_type: 'authorization_code',
client_id: CLIENT_ID,
code: code,
redirect_uri: REDIRECT_URI,
code_verifier: codeVerifier
})
});
const data = await resp.json();
sessionStorage.removeItem('oauth_state');
sessionStorage.removeItem('oauth_code_verifier');
return data.access_token;
}
function parseJwt(token) {
const base64 = token.split('.')[1].replace(/-/g, '+').replace(/_/g, '/');
return JSON.parse(atob(base64));
}
function loadConverse() {
return new Promise(function(resolve) {
var s = document.createElement('script');
s.src = 'dist/converse.min.js';
s.onload = resolve;
document.body.appendChild(s);
});
}
function isTokenExpired(token) {
try {
const claims = parseJwt(token);
return claims.exp && (claims.exp * 1000) < Date.now();
} catch (e) {
return true;
}
}
function initConverse(token) {
if (isTokenExpired(token)) {
sessionStorage.removeItem('oauth_token');
startOAuth();
return;
}
document.getElementById('oauth-login').style.display = 'none';
const claims = parseJwt(token);
const jid = claims.preferred_username + '@' + DOMAIN;
loadConverse().then(function() {
converse.initialize({
bosh_service_url: 'https://' + DOMAIN + '/http-bind',
websocket_url: 'wss://' + DOMAIN + '/xmpp-websocket',
view_mode: 'fullscreen',
authentication: 'login',
locked_domain: DOMAIN,
muc_domain: 'conference.' + DOMAIN,
locked_muc_domain: 'hidden',
muc_instant_rooms: true,
muc_show_logs_before_join: true,
visible_toolbar_buttons: { toggle_occupants: true },
jid: jid,
password: token,
auto_login: true,
keepalive: true,
omemo_default: true
});
converse.listen.on('logout', function() {
sessionStorage.removeItem('oauth_token');
window.location.reload();
});
});
}
const params = new URLSearchParams(window.location.search);
const code = params.get('code');
const state = params.get('state');
if (code && state === sessionStorage.getItem('oauth_state')) {
history.replaceState(null, '', window.location.pathname);
exchangeCode(code).then(function(token) {
if (token) {
sessionStorage.setItem('oauth_token', token);
initConverse(token);
}
});
} else if (sessionStorage.getItem('oauth_token')) {
initConverse(sessionStorage.getItem('oauth_token'));
} else {
document.getElementById('login-btn').addEventListener('click', function(e) {
e.preventDefault();
startOAuth();
});
}
})();
</script>
{% else %}
<script src="dist/converse.min.js"></script>
<script>
converse.initialize({
bosh_service_url: 'https://{{ domain }}/http-bind',
websocket_url: 'wss://{{ domain }}/xmpp-websocket',
view_mode: 'fullscreen',
authentication: 'login',
locked_domain: '{{ domain }}',
muc_domain: 'conference.{{ domain }}',
locked_muc_domain: 'hidden',
muc_instant_rooms: false,
muc_show_logs_before_join: true,
visible_toolbar_buttons: {
toggle_occupants: true
},
omemo_default: true
});
</script>
{% endif %}
</body>
</html>

31
ansible/roles/conversejs/templates/vhost.conf.j2 Normal file
View file

@ -0,0 +1,31 @@
<VirtualHost *:80>
ServerName {{ domain }}
Redirect permanent / https://{{ domain }}/
</VirtualHost>
<VirtualHost *:443>
ServerName {{ domain }}
SSLEngine on
SSLCertificateFile {{ ssl_cert }}
SSLCertificateKeyFile {{ ssl_key }}
DocumentRoot {{ install_dir }}
<Directory {{ install_dir }}>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# Proxy BOSH requests to Prosody
ProxyPreserveHost on
ProxyPass /http-bind http://127.0.0.1:{{ prosody_port }}/http-bind
ProxyPassReverse /http-bind http://127.0.0.1:{{ prosody_port }}/http-bind
# Proxy WebSocket requests to Prosody
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/xmpp-websocket(.*) ws://127.0.0.1:{{ prosody_port }}/xmpp-websocket$1 [P,L]
ProxyPass /xmpp-websocket http://127.0.0.1:{{ prosody_port }}/xmpp-websocket
ProxyPassReverse /xmpp-websocket http://127.0.0.1:{{ prosody_port }}/xmpp-websocket
</VirtualHost>