diff options
author | nico wellpott <nico@magicbroccoli.de> | 2021-04-16 21:55:01 +0200 |
---|---|---|
committer | nico wellpott <nico@magicbroccoli.de> | 2021-04-16 21:56:19 +0200 |
commit | c227b55828d2ecf75f8294b4b72d50000954a0d4 (patch) | |
tree | 3008db0b88e394b5bfe2a56b78ba31876f507465 | |
parent | 68300f2b99e9c3ef6e55eff0df73719d8d12da46 (diff) |
readme: various smaller changes
+ add automatic ejabberd config reload option to the example
-rw-r--r-- | README.md | 35 |
1 files changed, 17 insertions, 18 deletions
@@ -1,11 +1,11 @@ ## bl-imp - the JabberSpam bl(acklist) imp(orter) ### precursor -Please be warned that at this point the JabberSpam blacklist is the only list that will be utilized. It is planed to -open up the tool to also import other lists in the future. +Please be warned that at this point the JabberSpam blacklist is the only list that will be used. It is planed to open up +the tool to also import other lists in the future. ### install -The tool can be installed easily via that Python package installer (pip). After that the local wrapper `/usr/bin/bl-imp` +The tool can be installed easily via that Python package Index (pip). After that the local wrapper `/usr/bin/bl-imp` can be called to use the module. ```bash pip install bl-imp @@ -34,7 +34,7 @@ no outfile assigned Running `bl-imp` with `-dr` or `--dry-run` as argument will cause the tool to only output the aggregated yaml file to stdout. Except the local etag and cache file no file is written to disk. -```bash +```bashinstaller $ /usr/bin/bl-imp --dry-run outfile selected: None acl: @@ -45,24 +45,24 @@ acl: ``` #### --outfile /path/out.yml -Adding the `outfile` argument while omitting the dry run argument runs the tools silently while doing its thing. +Adding the `outfile` argument while omitting the dry run argument runs the tools silently while doing its thing. ### ejabberd configuration To fully utilize the tool some configuration changes are required. -It is required that the tool is the only one editing the defined yml file. It is required because any local change not -present in the remote list will be overwritten automatically. -Furthermore it is necessary for the file to be separate from the "main" ejabberd configuration file e.g `ejabberd.yml`. -To further protect the integrity of your config the `allow_only` sections defines only `acl` rules. +Firstly it is necessary that `bl-imp` is the only one editing the defined yml file, because any local change not +present in the remote list will be overwritten automatically. Furthermore it is necessary for the file to be separate +from the "main" ejabberd configuration e.g `ejabberd.yml`. To further protect the integrity of your config the +`allow_only` argument restricts the external file to only allow for `acl` rules. #### ejabberd acl config ```yaml -## ACL section +## acl include_config_file: - "/etc/ejabberd/blacklist.yml": <-- the path is completely user configurable - allow_only: <-- these two lines are optional but recommended + "/etc/ejabberd/blacklist.yml": ⟵ the path is completely user configurable + allow_only: ⟵ these two lines are optional but recommended - acl └─ to prevent potentially malicious acls to not incluse anthing but ACL rules -## Access Rules +## access rules access_rules: s2s_access: - deny: spamblacklist @@ -70,15 +70,14 @@ access_rules: ``` ### automation -The tools is meant to be deployed in an automatic fashion. It is build to operate silently without interrupting the -ejabberd server. +The tool is meant to be used in an automatic fashion. It is build to operate silently without any user interaction. -For example the script could be run every day at 00:01 to automatically add and remove affected servers from the local -blacklist. +For example the script could be run every day at 00:01 to automatically add/ remove affected servers from the local +blacklist and reload the configuration if the first task finished successfully. ```cron # jabber blacklist update # the outfile here is configured with the shortflag -o instead of the long form -1 0 * * * /usr/bin/bl-imp -o /etc/ejabberd/config/blacklist.yml +1 0 * * * /usr/bin/bl-imp -o /etc/ejabberd/config/blacklist.yml && /usr/bin/ejabberdctl reload_config ``` |