2023-12-20 21:26:48 +01:00
|
|
|
-- {{ ansible_managed }}
|
|
|
|
|
2021-02-03 01:04:38 +01:00
|
|
|
admins = { "deelkar@jabber.ccchb.de", "freak@jabber.ccchb.de", "jali@jabber.ccchb.de" }
|
|
|
|
|
2022-12-29 19:13:28 +01:00
|
|
|
use_libevent = true;
|
2021-02-03 01:04:38 +01:00
|
|
|
modules_enabled = {
|
2022-12-29 19:13:28 +01:00
|
|
|
-- Generally required
|
2023-12-20 21:26:48 +01:00
|
|
|
"roster";
|
|
|
|
"saslauth";
|
|
|
|
"tls";
|
|
|
|
"dialback";
|
|
|
|
"disco";
|
|
|
|
"posix";
|
|
|
|
"private";
|
2022-12-29 19:13:28 +01:00
|
|
|
|
|
|
|
-- Nice to have
|
2023-12-20 21:26:48 +01:00
|
|
|
"version";
|
|
|
|
"uptime";
|
|
|
|
"time";
|
|
|
|
"ping";
|
|
|
|
"pep";
|
|
|
|
"register";
|
2022-12-29 19:13:28 +01:00
|
|
|
|
|
|
|
-- Admin interfaces
|
2023-12-20 21:26:48 +01:00
|
|
|
"admin_adhoc";
|
|
|
|
"admin_shell";
|
2022-12-29 19:13:28 +01:00
|
|
|
|
|
|
|
-- HTTP modules
|
2023-12-20 21:26:48 +01:00
|
|
|
"bosh";
|
|
|
|
"http_files";
|
|
|
|
"http_file_share";
|
2022-12-29 19:13:28 +01:00
|
|
|
|
|
|
|
-- Other specific functionality
|
2023-12-20 21:26:48 +01:00
|
|
|
"groups";
|
|
|
|
"watchregistrations";
|
|
|
|
"turn_external";
|
|
|
|
"carbons";
|
|
|
|
"blocklist";
|
|
|
|
"mam";
|
|
|
|
"csi_simple";
|
|
|
|
"vcard_legacy";
|
|
|
|
"proxy65";
|
2021-02-03 01:04:38 +01:00
|
|
|
};
|
|
|
|
|
2023-12-20 21:26:48 +01:00
|
|
|
allow_registration = {% if prosody_allow_registration then "True" else "False" %};
|
2022-12-29 19:13:28 +01:00
|
|
|
|
|
|
|
c2s_require_encryption = true
|
|
|
|
s2s_secure_auth = false
|
|
|
|
|
2023-12-20 21:26:48 +01:00
|
|
|
-- PID file, necessary for prosodyctl
|
2022-12-29 19:13:28 +01:00
|
|
|
pidfile = "/var/run/prosody/prosody.pid"
|
2021-02-03 01:04:38 +01:00
|
|
|
|
|
|
|
authentication = "internal_hashed"
|
|
|
|
|
|
|
|
log = {
|
|
|
|
error = "/var/log/prosody/prosody.err";
|
|
|
|
}
|
|
|
|
|
2023-12-20 21:26:48 +01:00
|
|
|
-- TODO: Fix escaping
|
|
|
|
http_external_url = "{{ prosody_http_url }}"
|
2022-12-29 19:13:28 +01:00
|
|
|
trusted_proxies = { "127.0.0.1", "::1", "192.168.1.1", }
|
2021-02-03 01:04:38 +01:00
|
|
|
|
2023-12-20 21:26:48 +01:00
|
|
|
-- TURN Server
|
|
|
|
turn_external_host = "{{ prosody_turn_server }}"
|
|
|
|
turn_external_secret = "{{ prosody_turn_secret }}"
|
|
|
|
|
2021-02-03 01:04:38 +01:00
|
|
|
|
|
|
|
VirtualHost "localhost"
|
|
|
|
|
2023-12-20 21:26:48 +01:00
|
|
|
VirtualHost "jabber.ccchb.de"
|
2021-02-03 01:04:38 +01:00
|
|
|
enabled = true -- Remove this line to enable this host
|
|
|
|
|
|
|
|
-- Assign this host a certificate for TLS, otherwise it would use the one
|
|
|
|
-- set in the global section (if any).
|
|
|
|
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
|
|
|
|
-- use the global one.
|
|
|
|
ssl = {
|
2023-12-20 21:26:48 +01:00
|
|
|
protocol = "tlsv1_2+";
|
2021-02-03 01:04:38 +01:00
|
|
|
key = "{{ prosody_ssl_key }}";
|
|
|
|
certificate = "{{ prosody_ssl_cert }}";
|
2022-12-29 19:13:28 +01:00
|
|
|
dhparam = "/etc/prosody/certs/dh-2048.pem";
|
2023-12-20 21:26:48 +01:00
|
|
|
-- TODO: Evaluate allowed ciphers
|
2022-12-29 19:13:28 +01:00
|
|
|
ciphers = "ECDH:DH:HIGH+kEDH:HIGH+kEECDH:HIGH:!CAMELLIA128:!3DES:!MD5:!RC4:!aNULL:!NULL:!EXPORT:!LOW:!MEDIUM";
|
2021-02-03 01:04:38 +01:00
|
|
|
}
|
|
|
|
|
2023-12-20 21:26:48 +01:00
|
|
|
Component "muc.jabber.ccchb.de" "muc"
|
2022-12-29 19:13:28 +01:00
|
|
|
modules_enabled = {
|
|
|
|
"vcard_muc",
|
|
|
|
"muc_mam"
|
|
|
|
}
|
|
|
|
|
2023-12-20 21:26:48 +01:00
|
|
|
Component "upload.jabber.ccchb.de" "http_file_share"
|