ansible/roles/prosody/templates/prosody.cfg.lua.j2

93 lines
1.9 KiB
Plaintext
Raw Normal View History

2023-12-20 21:26:48 +01:00
-- {{ ansible_managed }}
2021-02-03 01:04:38 +01:00
admins = { "deelkar@jabber.ccchb.de", "freak@jabber.ccchb.de", "jali@jabber.ccchb.de" }
2022-12-29 19:13:28 +01:00
use_libevent = true;
2021-02-03 01:04:38 +01:00
modules_enabled = {
2022-12-29 19:13:28 +01:00
-- Generally required
2023-12-20 21:26:48 +01:00
"roster";
"saslauth";
"tls";
"dialback";
"disco";
"posix";
"private";
2022-12-29 19:13:28 +01:00
-- Nice to have
2023-12-20 21:26:48 +01:00
"version";
"uptime";
"time";
"ping";
"pep";
"register";
2022-12-29 19:13:28 +01:00
-- Admin interfaces
2023-12-20 21:26:48 +01:00
"admin_adhoc";
"admin_shell";
2022-12-29 19:13:28 +01:00
-- HTTP modules
2023-12-20 21:26:48 +01:00
"bosh";
"http_files";
"http_file_share";
2022-12-29 19:13:28 +01:00
-- Other specific functionality
2023-12-20 21:26:48 +01:00
"groups";
"watchregistrations";
"turn_external";
"carbons";
"blocklist";
"mam";
"csi_simple";
"vcard_legacy";
"proxy65";
2021-02-03 01:04:38 +01:00
};
2023-12-20 21:26:48 +01:00
allow_registration = {% if prosody_allow_registration then "True" else "False" %};
2022-12-29 19:13:28 +01:00
c2s_require_encryption = true
s2s_secure_auth = false
2023-12-20 21:26:48 +01:00
-- PID file, necessary for prosodyctl
2022-12-29 19:13:28 +01:00
pidfile = "/var/run/prosody/prosody.pid"
2021-02-03 01:04:38 +01:00
authentication = "internal_hashed"
log = {
error = "/var/log/prosody/prosody.err";
}
2023-12-20 21:26:48 +01:00
-- TODO: Fix escaping
http_external_url = "{{ prosody_http_url }}"
2022-12-29 19:13:28 +01:00
trusted_proxies = { "127.0.0.1", "::1", "192.168.1.1", }
2021-02-03 01:04:38 +01:00
2023-12-20 21:26:48 +01:00
-- TURN Server
turn_external_host = "{{ prosody_turn_server }}"
turn_external_secret = "{{ prosody_turn_secret }}"
2021-02-03 01:04:38 +01:00
VirtualHost "localhost"
2023-12-20 21:26:48 +01:00
VirtualHost "jabber.ccchb.de"
2021-02-03 01:04:38 +01:00
enabled = true -- Remove this line to enable this host
-- Assign this host a certificate for TLS, otherwise it would use the one
-- set in the global section (if any).
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
-- use the global one.
ssl = {
2023-12-20 21:26:48 +01:00
protocol = "tlsv1_2+";
2021-02-03 01:04:38 +01:00
key = "{{ prosody_ssl_key }}";
certificate = "{{ prosody_ssl_cert }}";
2022-12-29 19:13:28 +01:00
dhparam = "/etc/prosody/certs/dh-2048.pem";
2023-12-20 21:26:48 +01:00
-- TODO: Evaluate allowed ciphers
2022-12-29 19:13:28 +01:00
ciphers = "ECDH:DH:HIGH+kEDH:HIGH+kEECDH:HIGH:!CAMELLIA128:!3DES:!MD5:!RC4:!aNULL:!NULL:!EXPORT:!LOW:!MEDIUM";
2021-02-03 01:04:38 +01:00
}
2023-12-20 21:26:48 +01:00
Component "muc.jabber.ccchb.de" "muc"
2022-12-29 19:13:28 +01:00
modules_enabled = {
"vcard_muc",
"muc_mam"
}
2023-12-20 21:26:48 +01:00
Component "upload.jabber.ccchb.de" "http_file_share"