-- {{ ansible_managed }} admins = { "deelkar@jabber.ccchb.de", "freak@jabber.ccchb.de", "jali@jabber.ccchb.de" } use_libevent = true; modules_enabled = { -- Generally required "roster"; "saslauth"; "tls"; "dialback"; "disco"; "posix"; "private"; -- Nice to have "version"; "uptime"; "time"; "ping"; "pep"; "register"; -- Admin interfaces "admin_adhoc"; "admin_shell"; -- HTTP modules "bosh"; "http_files"; "http_file_share"; -- Other specific functionality "groups"; "watchregistrations"; "turn_external"; "carbons"; "blocklist"; "mam"; "csi_simple"; "vcard_legacy"; "proxy65"; }; allow_registration = {% if prosody_allow_registration then "True" else "False" %}; c2s_require_encryption = true s2s_secure_auth = false -- PID file, necessary for prosodyctl pidfile = "/var/run/prosody/prosody.pid" authentication = "internal_hashed" log = { error = "/var/log/prosody/prosody.err"; } -- TODO: Fix escaping http_external_url = "{{ prosody_http_url }}" trusted_proxies = { "127.0.0.1", "::1", "192.168.1.1", } -- TURN Server turn_external_host = "{{ prosody_turn_server }}" turn_external_secret = "{{ prosody_turn_secret }}" VirtualHost "localhost" VirtualHost "jabber.ccchb.de" enabled = true -- Remove this line to enable this host -- Assign this host a certificate for TLS, otherwise it would use the one -- set in the global section (if any). -- Note that old-style SSL on port 5223 only supports one certificate, and will always -- use the global one. ssl = { protocol = "tlsv1_2+"; key = "{{ prosody_ssl_key }}"; certificate = "{{ prosody_ssl_cert }}"; dhparam = "/etc/prosody/certs/dh-2048.pem"; -- TODO: Evaluate allowed ciphers ciphers = "ECDH:DH:HIGH+kEDH:HIGH+kEECDH:HIGH:!CAMELLIA128:!3DES:!MD5:!RC4:!aNULL:!NULL:!EXPORT:!LOW:!MEDIUM"; } Component "muc.jabber.ccchb.de" "muc" modules_enabled = { "vcard_muc", "muc_mam" } Component "upload.jabber.ccchb.de" "http_file_share"