diff options
Diffstat (limited to 'source')
-rw-r--r-- | source/desktop/command_line_printing/index.rst | 64 | ||||
-rw-r--r-- | source/desktop/index.rst | 9 | ||||
-rw-r--r-- | source/index.rst | 1 | ||||
-rw-r--r-- | source/self_hosting/modern_xmpp_server/index.rst | 111 |
4 files changed, 152 insertions, 33 deletions
diff --git a/source/desktop/command_line_printing/index.rst b/source/desktop/command_line_printing/index.rst new file mode 100644 index 0000000..c53280a --- /dev/null +++ b/source/desktop/command_line_printing/index.rst @@ -0,0 +1,64 @@ +*********************** + Command Line Printing +*********************** + +A list of useful commands and options to print documents from the +command line. + +This assumes a CUPS server, as commonly configured on most Linux +distributions. + +.. only:: html + + .. contents:: + +Printing +======== + +Get a list of available printers +-------------------------------- + +To get a list of all printers, with details:: + + $ lpstat -p + +just the list of all available destinations on the local network:: + + $ lpstat -e + +the current default one:: + + $ lpstat -d + +Printing in greyscale +--------------------- + +To get the list of options available for your printer use:: + + $ lpoptions [-p <printer_name>] -l + +there will be a line like (note that different printers may have a more +specific option that you need to enable):: + + ColorModel/Print Color Mode: Gray *RGB + +and then you'll have to add ``-o ColorModel=Gray`` to the ``lpr`` +command line, e.g.:: + + $ lpr -o ColorModel=Gray <filename> + +File Preparation +================ + +Converting spreadsheet files to PDF +----------------------------------- + +Using the command ``ssconvert`` from Gnumeric:: + + ssconvert <source_filename> <destination>.pdf + +works with any format supported by Gnumeric, including of course ``xls`` +and ``ods``. + +.. + vim: set filetype=rst: diff --git a/source/desktop/index.rst b/source/desktop/index.rst new file mode 100644 index 0000000..ed85ece --- /dev/null +++ b/source/desktop/index.rst @@ -0,0 +1,9 @@ +######### + Desktop +######### + +.. toctree:: + :maxdepth: 2 + :caption: Contents: + + command_line_printing/index diff --git a/source/index.rst b/source/index.rst index e93df5d..e012c6d 100644 --- a/source/index.rst +++ b/source/index.rst @@ -65,6 +65,7 @@ Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. :maxdepth: 2 :caption: Contents: + desktop/index microcontrollers/index self_hosting/index bibliography/index diff --git a/source/self_hosting/modern_xmpp_server/index.rst b/source/self_hosting/modern_xmpp_server/index.rst index 3f752e9..01c80ca 100644 --- a/source/self_hosting/modern_xmpp_server/index.rst +++ b/source/self_hosting/modern_xmpp_server/index.rst @@ -7,8 +7,9 @@ supported in Debian <https://www.debian.org/security/>`_ and 100% compliant with the `tests for XEP-0459: XMPP Compliance Suites 2022 on conversations' website <https://compliance.conversations.im>`_. -This guide was written for prosody 0.9 under Debian jessie, but is being -kept up to date as I upgrade my server to new Debian releases. +This guide was originally written for prosody 0.9 under Debian jessie, +but is being kept up to date as I upgrade my server to new Debian +releases. .. only:: html @@ -26,7 +27,7 @@ reached with ejabberd_ and other servers. .. _ejabberd: https://www.ejabberd.im/ I'm also targetting Debian_ stable (+ backports_); currently that's -bullseye and prosody 0.11 (upgrade to bookworm is planned soon). +bookworm and prosody 0.12. .. _Debian: https://www.debian.org .. _backports: https://backports.debian.org/ @@ -35,9 +36,8 @@ bullseye and prosody 0.11 (upgrade to bookworm is planned soon). Installation and prerequisites ------------------------------ -You will need to install the packages ``prosody`` and -``prosody-modules``; on jessie the versions in backports were needed, -but currently not on buster. +You will need to install the packages ``prosody``, ``prosody-modules``, +and ``coturn``. You also need to setup some TLS certificates (I used `Let's Encrypt`_); and make them readable by the ``prosody`` user; you can see `Chapter 12 @@ -45,28 +45,38 @@ of the RTC QuickStart Guide <http://rtcquickstart.org/guide/multi/xmpp-server-prosody.html>`_ for more details. -With prosody 0.10+ you will also need to configure the location of the -certificate for https with a configuration stanza such as:: +.. _`Let's Encrypt`: https://letsencrypt.org/ + +Then see the `prosody documentation on certificates +<https://prosody.im/doc/certificates>`_ to see where to put certificates +so that prosody is able to autodetect them. + +If the autodetection fails, you can use a configuration stanza such as +the following to explicitely set a certificate location:: https_ssl = { certificate = "/etc/ssl/public/example.org.pem"; key = "/etc/ssl/private/example.org-key.pem"; } - -or see the `prosody documentation on certificates -<https://prosody.im/doc/certificates>`_ to see where to put certificates -so that prosody is able to autodetect them. - -.. _`Let's Encrypt`: https://letsencrypt.org/ + legacy_ssl_ssl = { + certificate = "/etc/ssl/public/example.org.pem"; + key = "/etc/ssl/private/example.org-key.pem"; + } On your firewall, you'll need to open the following TCP ports: * 5222 (client2server) +* 5223 (client2server, https) * 5269 (server2server) * 5280 (default http port for prosody) * 5281 (default https port for prosody) +* 3478 (coturn) + +As well as the following port for UDP -The latter two are needed to enable some services provided via http(s), +* 3478 (coturn) + +The http ports are needed to enable some services provided via http(s), including rich media transfers. With just a handful of users, I didn't bother to configure LDAP or @@ -74,11 +84,6 @@ anything else, but just created users manually via:: prosodyctl adduser alice@example.org -In-band registration is disabled by default (and I've left it that way, -to prevent my server from being used to send spim_). - -.. _spim: https://en.wikipedia.org/wiki/Messaging_spam - prosody configuration --------------------- @@ -86,18 +91,55 @@ You can then start configuring prosody by editing ``/etc/prosody/prosody.cfg.lua`` and changing a few values from the distribution defaults. -First of all, enforce the use of encryption and certificate checking -both for client2server and server2server communications with:: +First of all, enforce the use of certificate checking for server2server +communications with:: - c2s_require_encryption = true s2s_secure_auth = true and then, if you need to, add to the whitelist any server that you want to talk to and doesn't support secure s2s communication (but note that -gmail.com is no longer needed, as it doesn't support xmpp any longer):: +gmail.com is no longer needed nor useful, as it doesn't support xmpp any +longer):: s2s_insecure_domains = { "gmail.com" } +Also add at least an user (that you have already created with ``prosodyctl +adduser`` as described above) as an admin:: + + admins = { "alice@example.org" } + +disabling in-band registration +------------------------------- + +``mod_register`` is now enabled by default to provide password changing +services, but unless you have the resources to moderate new users you +probably want to disable registration to prevent the server from being +used to send spim_; to do so add the line:: + + allow_registration = false + +.. _spim: https://en.wikipedia.org/wiki/Messaging_spam + +TURN/STUN +--------- + +Support for video calls requires an external STUN / TURN server such as +coturn_, which can be installed on the same machine; its configuration +require setting a realm and a secret for auth in +``/etc/turnserver.conf``:: + + realm=turn.chat.example.org + use-auth-secret + static-auth-secret=<a long random string> + +And then you will have to set the same values in +``/etc/prosody/prosody.cfg.lua``:: + + turncredentials_host = 'turn.chat.example.org' + turncredentials_secret = '<the same long string as above>' + +.. _coturn: https://github.com/coturn/coturn/ + virtualhosts ------------ @@ -159,15 +201,8 @@ modules inside ``/etc/prosody/prosody.cfg.lua`` (under "something"; Most of these come from the ``prosody-modules`` package (and thus from -https://modules.prosody.im/ ) and some may require changing when prosody -0.10 will be available; when this is the case it is mentioned below. - -``mod_blocklist`` (XEP-0191) - To allow user-controlled blocking of users, including as an anti-spim - measure. -``mod_smacks`` (XEP-0198) - Allow clients to resume a disconnected session before a customizable - timeout and prevent message loss. +https://modules.prosody.im/ ). + ``mod_mam`` (XEP-0313) Archive messages on the server for a limited period of time (default 1 week) and allow clients to retrieve them; this is required to @@ -186,6 +221,16 @@ https://modules.prosody.im/ ) and some may require changing when prosody Allow clients to register an “app server” that is notified about new messages +Proxied file transfers +---------------------- + +To enable proxied file transfers for clients behind NAT or firewalls, +you need to add ``"proxy65";`` to the list of additional modules, and +then enable it in at least one virtual host with the lines:: + + Component "proxy.chat.trueelena.org" "proxy65" + proxy65_address = "proxy.chat.trueelena.org" + See also ======== |