From 5e0a8c4d19ea9e507fb0af4462e310b1b7412671 Mon Sep 17 00:00:00 2001
From: Karel Balej <balejk@matfyz.cz>
Date: Thu, 5 Jun 2025 19:36:36 +0200
Subject: [PATCH] prosody: restrict access to the configuration file

The file can contains secrets, such as the shared secret for a TURN
server or SQL database credentials.
---
 srcpkgs/prosody/INSTALL  | 6 ++++++
 srcpkgs/prosody/template | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/prosody/INSTALL

diff --git a/srcpkgs/prosody/INSTALL b/srcpkgs/prosody/INSTALL
new file mode 100644
index 00000000000..2a13012899b
--- /dev/null
+++ b/srcpkgs/prosody/INSTALL
@@ -0,0 +1,6 @@
+case "${ACTION}" in
+post)
+	chmod 640 etc/prosody/prosody.cfg.lua
+	chown :prosody etc/prosody/prosody.cfg.lua
+	;;
+esac
diff --git a/srcpkgs/prosody/template b/srcpkgs/prosody/template
index fc918a63978..3fd7b0478cc 100644
--- a/srcpkgs/prosody/template
+++ b/srcpkgs/prosody/template
@@ -1,7 +1,7 @@
 # Template file for 'prosody'
 pkgname=prosody
 version=13.0.1
-revision=1
+revision=2
 build_style=configure
 configure_args="
  --ostype=linux