ansible/roles/prosody/templates/prosody.cfg.lua.j2

93 lines
1.9 KiB
Django/Jinja

-- {{ ansible_managed }}
admins = { "deelkar@jabber.ccchb.de", "freak@jabber.ccchb.de", "jali@jabber.ccchb.de" }
use_libevent = true;
modules_enabled = {
-- Generally required
"roster";
"saslauth";
"tls";
"dialback";
"disco";
"posix";
"private";
-- Nice to have
"version";
"uptime";
"time";
"ping";
"pep";
"register";
-- Admin interfaces
"admin_adhoc";
"admin_shell";
-- HTTP modules
"bosh";
"http_files";
"http_file_share";
-- Other specific functionality
"groups";
"watchregistrations";
"turn_external";
"carbons";
"blocklist";
"mam";
"csi_simple";
"vcard_legacy";
"proxy65";
};
allow_registration = {% if prosody_allow_registration then "True" else "False" %};
c2s_require_encryption = true
s2s_secure_auth = false
-- PID file, necessary for prosodyctl
pidfile = "/var/run/prosody/prosody.pid"
authentication = "internal_hashed"
log = {
error = "/var/log/prosody/prosody.err";
}
-- TODO: Fix escaping
http_external_url = "{{ prosody_http_url }}"
trusted_proxies = { "127.0.0.1", "::1", "192.168.1.1", }
-- TURN Server
turn_external_host = "{{ prosody_turn_server }}"
turn_external_secret = "{{ prosody_turn_secret }}"
VirtualHost "localhost"
VirtualHost "jabber.ccchb.de"
enabled = true -- Remove this line to enable this host
-- Assign this host a certificate for TLS, otherwise it would use the one
-- set in the global section (if any).
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
-- use the global one.
ssl = {
protocol = "tlsv1_2+";
key = "{{ prosody_ssl_key }}";
certificate = "{{ prosody_ssl_cert }}";
dhparam = "/etc/prosody/certs/dh-2048.pem";
-- TODO: Evaluate allowed ciphers
ciphers = "ECDH:DH:HIGH+kEDH:HIGH+kEECDH:HIGH:!CAMELLIA128:!3DES:!MD5:!RC4:!aNULL:!NULL:!EXPORT:!LOW:!MEDIUM";
}
Component "muc.jabber.ccchb.de" "muc"
modules_enabled = {
"vcard_muc",
"muc_mam"
}
Component "upload.jabber.ccchb.de" "http_file_share"