4 files changed, 152 insertions, 33 deletions
diff --git a/source/desktop/command_line_printing/index.rst b/source/desktop/command_line_printing/index.rst
new file mode 100644
index 0000000..c53280a
--- /dev/null
+++ b/source/desktop/command_line_printing/index.rst
@@ -0,0 +1,64 @@
+***********************
+ Command Line Printing
+***********************
+
+A list of useful commands and options to print documents from the
+command line.
+
+This assumes a CUPS server, as commonly configured on most Linux
+distributions.
+
+.. only:: html
+
+   .. contents::
+
+Printing
+========
+
+Get a list of available printers
+--------------------------------
+
+To get a list of all printers, with details::
+
+   $ lpstat -p
+
+just the list of all available destinations on the local network::
+
+   $ lpstat -e
+
+the current default one::
+
+   $ lpstat -d
+
+Printing in greyscale
+---------------------
+
+To get the list of options available for your printer use::
+
+   $ lpoptions [-p <printer_name>] -l
+
+there will be a line like (note that different printers may have a more
+specific option that you need to enable)::
+
+   ColorModel/Print Color Mode: Gray *RGB
+
+and then you'll have to add ``-o ColorModel=Gray`` to the ``lpr``
+command line, e.g.::
+
+   $ lpr -o ColorModel=Gray <filename>
+
+File Preparation
+================
+
+Converting spreadsheet files to PDF
+-----------------------------------
+
+Using the command ``ssconvert`` from Gnumeric::
+
+   ssconvert <source_filename> <destination>.pdf
+
+works with any format supported by Gnumeric, including of course ``xls``
+and ``ods``.
+
+..
+   vim: set filetype=rst: 
diff --git a/source/desktop/index.rst b/source/desktop/index.rst
new file mode 100644
index 0000000..ed85ece
--- /dev/null
+++ b/source/desktop/index.rst
@@ -0,0 +1,9 @@
+#########
+ Desktop
+#########
+
+.. toctree::
+   :maxdepth: 2
+   :caption: Contents:
+
+   command_line_printing/index
diff --git a/source/index.rst b/source/index.rst
index e93df5d..e012c6d 100644
--- a/source/index.rst
+++ b/source/index.rst
@@ -65,6 +65,7 @@ Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.
    :maxdepth: 2
    :caption: Contents:
 
+   desktop/index
    microcontrollers/index
    self_hosting/index
    bibliography/index
diff --git a/source/self_hosting/modern_xmpp_server/index.rst b/source/self_hosting/modern_xmpp_server/index.rst
index 3f752e9..01c80ca 100644
--- a/source/self_hosting/modern_xmpp_server/index.rst
+++ b/source/self_hosting/modern_xmpp_server/index.rst
@@ -7,8 +7,9 @@ supported in Debian <https://www.debian.org/security/>`_ and 100%
 compliant with the `tests for XEP-0459: XMPP Compliance Suites 2022 on
 conversations' website <https://compliance.conversations.im>`_.
 
-This guide was written for prosody 0.9 under Debian jessie, but is being
-kept up to date as I upgrade my server to new Debian releases.
+This guide was originally written for prosody 0.9 under Debian jessie,
+but is being kept up to date as I upgrade my server to new Debian
+releases.
 
 .. only:: html
 
@@ -26,7 +27,7 @@ reached with ejabberd_ and other servers.
 .. _ejabberd: https://www.ejabberd.im/
 
 I'm also targetting Debian_ stable (+ backports_); currently that's
-bullseye and prosody 0.11 (upgrade to bookworm is planned soon).
+bookworm and prosody 0.12.
 
 .. _Debian: https://www.debian.org
 .. _backports: https://backports.debian.org/
@@ -35,9 +36,8 @@ bullseye and prosody 0.11 (upgrade to bookworm is planned soon).
 Installation and prerequisites
 ------------------------------
 
-You will need to install the packages ``prosody`` and
-``prosody-modules``; on jessie the versions in backports were needed,
-but currently not on buster.
+You will need to install the packages ``prosody``, ``prosody-modules``,
+and ``coturn``.
 
 You also need to setup some TLS certificates (I used `Let's Encrypt`_); 
 and make them readable by the ``prosody`` user; you can see `Chapter 12 
@@ -45,28 +45,38 @@ of the RTC QuickStart Guide
 <http://rtcquickstart.org/guide/multi/xmpp-server-prosody.html>`_ for
 more details.
 
-With prosody 0.10+ you will also need to configure the location of the
-certificate for https with a configuration stanza such as::
+.. _`Let's Encrypt`: https://letsencrypt.org/
+
+Then see the `prosody documentation on certificates
+<https://prosody.im/doc/certificates>`_ to see where to put certificates
+so that prosody is able to autodetect them.
+
+If the autodetection fails, you can use a configuration stanza such as
+the following to explicitely set a certificate location::
 
    https_ssl = {
        certificate = "/etc/ssl/public/example.org.pem";
        key = "/etc/ssl/private/example.org-key.pem";
    }
-
-or see the `prosody documentation on certificates
-<https://prosody.im/doc/certificates>`_ to see where to put certificates
-so that prosody is able to autodetect them.
-
-.. _`Let's Encrypt`: https://letsencrypt.org/
+   legacy_ssl_ssl = {
+       certificate = "/etc/ssl/public/example.org.pem";
+       key = "/etc/ssl/private/example.org-key.pem";
+   }
 
 On your firewall, you'll need to open the following TCP ports:
 
 * 5222 (client2server)
+* 5223 (client2server, https)
 * 5269 (server2server)
 * 5280 (default http port for prosody)
 * 5281 (default https port for prosody)
+* 3478 (coturn)
+
+As well as the following port for UDP
 
-The latter two are needed to enable some services provided via http(s),
+* 3478 (coturn)
+
+The http ports are needed to enable some services provided via http(s),
 including rich media transfers.
 
 With just a handful of users, I didn't bother to configure LDAP or
@@ -74,11 +84,6 @@ anything else, but just created users manually via::
 
    prosodyctl adduser alice@example.org
 
-In-band registration is disabled by default (and I've left it that way,
-to prevent my server from being used to send spim_).
-
-.. _spim: https://en.wikipedia.org/wiki/Messaging_spam
-
 prosody configuration
 ---------------------
 
@@ -86,18 +91,55 @@ You can then start configuring prosody by editing
 ``/etc/prosody/prosody.cfg.lua`` and changing a few values from the
 distribution defaults.
 
-First of all, enforce the use of encryption and certificate checking
-both for client2server and server2server communications with::
+First of all, enforce the use of certificate checking for server2server
+communications with::
 
-   c2s_require_encryption = true
    s2s_secure_auth = true
 
 and then, if you need to, add to the whitelist any server that you want
 to talk to and doesn't support secure s2s communication (but note that
-gmail.com is no longer needed, as it doesn't support xmpp any longer)::
+gmail.com is no longer needed nor useful, as it doesn't support xmpp any
+longer)::
 
    s2s_insecure_domains = { "gmail.com" }
 
+Also add at least an user (that you have already created with ``prosodyctl
+adduser`` as described above) as an admin::
+
+   admins = { "alice@example.org" }
+
+disabling in-band registration
+-------------------------------
+
+``mod_register`` is now enabled by default to provide password changing
+services, but unless you have the resources to moderate new users you
+probably want to disable registration to prevent the server from being
+used to send spim_; to do so add the line::
+
+   allow_registration = false
+
+.. _spim: https://en.wikipedia.org/wiki/Messaging_spam
+
+TURN/STUN
+---------
+
+Support for video calls requires an external STUN / TURN server such as
+coturn_, which can be installed on the same machine; its configuration
+require setting a realm and a secret for auth in
+``/etc/turnserver.conf``::
+
+   realm=turn.chat.example.org
+   use-auth-secret
+   static-auth-secret=<a long random string>
+
+And then you will have to set the same values in
+``/etc/prosody/prosody.cfg.lua``::
+
+  turncredentials_host = 'turn.chat.example.org'
+  turncredentials_secret = '<the same long string as above>'
+
+.. _coturn: https://github.com/coturn/coturn/
+
 virtualhosts
 ------------
 
@@ -159,15 +201,8 @@ modules inside ``/etc/prosody/prosody.cfg.lua`` (under
    "something";
 
 Most of these come from the ``prosody-modules`` package (and thus from
-https://modules.prosody.im/ ) and some may require changing when prosody
-0.10 will be available; when this is the case it is mentioned below.
-
-``mod_blocklist`` (XEP-0191)
-   To allow user-controlled blocking of users, including as an anti-spim
-   measure.
-``mod_smacks`` (XEP-0198)
-   Allow clients to resume a disconnected session before a customizable
-   timeout and prevent message loss.
+https://modules.prosody.im/ ).
+
 ``mod_mam`` (XEP-0313)
    Archive messages on the server for a limited period of time (default
    1 week) and allow clients to retrieve them; this is required to
@@ -186,6 +221,16 @@ https://modules.prosody.im/ ) and some may require changing when prosody
    Allow clients to register an “app server” that is notified about new
    messages
 
+Proxied file transfers
+----------------------
+
+To enable proxied file transfers for clients behind NAT or firewalls,
+you need to add ``"proxy65";`` to the list of additional modules, and
+then enable it in at least one virtual host with the lines::
+
+   Component "proxy.chat.trueelena.org" "proxy65"
+           proxy65_address = "proxy.chat.trueelena.org"
+
 See also
 ========