Files
@ acd104ed9b5e
Branch filter:
Location: majic-ansible-roles/roles/xmpp_server/templates/prosody.cfg.lua.j2 - annotation
acd104ed9b5e
3.7 KiB
text/plain
MAR-151: Switch to using PyMySQL module for database and database_server role:
- Explicitly specify the path to MariaDB unix socket to enforce unix
socket authentication.
- Explicitly specify the path to MariaDB unix socket to enforce unix
socket authentication.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 | 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 1b76d272e529 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c d8198174bcb6 df7ad64eec5c c95f61f32b67 df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c c95f61f32b67 df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c 8b0cbc64f6e9 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 91e4754320e6 91e4754320e6 18cd76ec050d 18cd76ec050d c92d79571cf9 2e1ff733350e 2e1ff733350e 91e4754320e6 91e4754320e6 52c4a4001c46 52c4a4001c46 52c4a4001c46 52c4a4001c46 52c4a4001c46 91e4754320e6 91e4754320e6 52c4a4001c46 52c4a4001c46 52c4a4001c46 52c4a4001c46 52c4a4001c46 8b0cbc64f6e9 8b0cbc64f6e9 8b0cbc64f6e9 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 16ec0de22bf3 2e1ff733350e 2e1ff733350e 2e1ff733350e 1b76d272e529 011f651f90ce 1b76d272e529 011f651f90ce 011f651f90ce e1f36d36827b 011f651f90ce 2e1ff733350e c95f61f32b67 c95f61f32b67 c95f61f32b67 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e c8875611c9ef df7ad64eec5c df7ad64eec5c 2e1ff733350e 2e1ff733350e c8875611c9ef c8875611c9ef 1b76d272e529 2e1ff733350e c8875611c9ef c8875611c9ef c8875611c9ef c8875611c9ef 2e1ff733350e | -- Additional paths to search for modules.
plugin_paths = { "/usr/local/lib/prosody/modules/" }
-- List of server administrators.
admins = { {% for admin in xmpp_administrators %}"{{ admin }}", {% endfor %} }
-- List of modules to load on startup.
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"blocklist"; -- Allow users to block communications with other users
"vcard"; -- Allow users to set vCards
"carbons"; -- Keep multiple clients in sync
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
"register"; -- Allow users to register on this server using a client and change passwords
"mam"; -- Store messages in an archive and allow users to access it
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
-- Other specific functionality
"announce"; -- Send announcement to all online users
"legacyauth"; -- Allow legacy authentication and SSL
};
-- Disable account creation by default, for security
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false;
-- Set global settings for SSL/TLS.
ssl = {
key = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key";
certificate = "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem";
dhparam = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.dh.pem";
}
-- Configure TLS protocol and ciphers for client-to-server
-- connections (STARTTLS).
c2s_ssl = {
protocol = "{{ xmpp_server_tls_protocol }}";
ciphers = "{{ xmpp_server_tls_ciphers }}";
}
-- Configure TLS protocol and ciphers for client-to-server
-- connections (direct TLS).
legacy_ssl_ssl = {
protocol = "{{ xmpp_server_tls_protocol }}";
ciphers = "{{ xmpp_server_tls_ciphers }}";
}
-- Ports on which to have direct TLS/SSL.
legacy_ssl_ports = { 5223 }
-- Force clients to use encrypted connection.
c2s_require_encryption = true
-- Disable certificate validation for server-to-server connections.
s2s_secure_auth = false
-- Path to Prosody's PID file.
pidfile = "/run/prosody/prosody.pid"
-- Authentication backend.
authentication = "ldap"
ldap_server = "{{ xmpp_ldap_server }}"
ldap_rootdn = "cn=prosody,ou=services,{{ xmpp_ldap_base_dn }}"
ldap_password = "{{ xmpp_ldap_password }}"
ldap_filter = "(&(mail=$user@$host)(memberOf=cn=xmpp,ou=groups,{{xmpp_ldap_base_dn}}))"
ldap_scope = "onelevel"
ldap_tls = true
ldap_base = "ou=people,{{ xmpp_ldap_base_dn }}"
-- Message Archives (mod_mam) configuration.
archive_expires_after = "{{ xmpp_server_archive_expiration }}"
-- Storage backend.
storage = "internal"
-- Logging configuration.
log = {
info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
error = "/var/log/prosody/prosody.err";
"*syslog";
}
-- Domains which should be handled by Prosody, with dedicated MUC and file
-- proxying components.
{% for domain in xmpp_domains -%}
VirtualHost "{{ domain }}"
Component "conference.{{ domain }}" "muc"
restrict_room_creation = "local"
Component "proxy.{{ domain }}" "proxy65"
proxy65_acl = { "{{ domain }}" }
{% endfor -%}
|