Files
@ ea69b2719d8e
Branch filter:
Location: majic-ansible-roles/roles/xmpp_server/templates/prosody.cfg.lua.j2 - annotation
ea69b2719d8e
3.1 KiB
text/plain
MAR-22: Implemented tests for the common role:
- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid
parameters.
- Use static-hashed passwords for reproducibility during testing in test
playbook.
- Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one
of the testing instances in order to test related tasks.
- Fixed parameter for connection limitting in test playbook.
- Added explicit parameters to test playbook for pipreqcheck_gid and
pipreqcheck_uid.
- Fixed deployment of ferm configuration file ot include setting user/group and
mode.
- Added tests covering common deployment, deployment when only mandatory
parameters are provided, and deployment when optional parameters are set as
well.
- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid
parameters.
- Use static-hashed passwords for reproducibility during testing in test
playbook.
- Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one
of the testing instances in order to test related tasks.
- Fixed parameter for connection limitting in test playbook.
- Added explicit parameters to test playbook for pipreqcheck_gid and
pipreqcheck_uid.
- Fixed deployment of ferm configuration file ot include setting user/group and
mode.
- Added tests covering common deployment, deployment when only mandatory
parameters are provided, and deployment when optional parameters are set as
well.
2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 1b76d272e529 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c df7ad64eec5c 8b0cbc64f6e9 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 18cd76ec050d 18cd76ec050d 2e1ff733350e 2e1ff733350e 8b0cbc64f6e9 8b0cbc64f6e9 8b0cbc64f6e9 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 1b76d272e529 011f651f90ce 1b76d272e529 011f651f90ce 011f651f90ce e1f36d36827b 011f651f90ce 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e 2e1ff733350e c8875611c9ef df7ad64eec5c df7ad64eec5c 2e1ff733350e 2e1ff733350e c8875611c9ef c8875611c9ef 1b76d272e529 2e1ff733350e c8875611c9ef c8875611c9ef c8875611c9ef c8875611c9ef 2e1ff733350e | -- Additional paths to search for modules.
plugin_paths = { "/usr/local/lib/prosody/modules/" }
-- List of server administrators.
admins = { {% for admin in xmpp_administrators %}"{{ admin }}", {% endfor %} }
-- List of modules to load on startup.
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
"register"; -- Allow users to register on this server using a client and change passwords
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
-- Other specific functionality
"announce"; -- Send announcement to all online users
"legacyauth"; -- Allow legacy authentication and SSL
};
-- Disable account creation by default, for security
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false;
-- These are the SSL/TLS-related settings. If you don't want
-- to use SSL/TLS, you may comment or remove this
ssl = {
key = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key";
certificate = "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem";
}
-- Ports on which to have direct TLS/SSL.
legacy_ssl_ports = { 5223 }
-- Force clients to use encrypted connection.
c2s_require_encryption = true
-- Disable certificate validation for server-to-server connections.
s2s_secure_auth = false
-- Path to Prosody's PID file.
pidfile = "/var/run/prosody/prosody.pid"
-- Authentication backend.
authentication = "ldap"
ldap_server = "{{ xmpp_ldap_server }}"
ldap_rootdn = "cn=prosody,ou=services,{{ xmpp_ldap_base_dn }}"
ldap_password = "{{ xmpp_ldap_password }}"
ldap_filter = "(&(mail=$user@$host)(memberOf=cn=xmpp,ou=groups,{{xmpp_ldap_base_dn}}))"
ldap_scope = "onelevel"
ldap_tls = true
ldap_base = "ou=people,{{ xmpp_ldap_base_dn }}"
-- Storage backend.
storage = "internal"
-- Logging configuration.
log = {
info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
error = "/var/log/prosody/prosody.err";
"*syslog";
}
-- Domains which should be handled by Prosody, with dedicated MUC and file
-- proxying components.
{% for domain in xmpp_domains -%}
VirtualHost "{{ domain }}"
Component "conference.{{ domain }}" "muc"
restrict_room_creation = "local"
Component "proxy.{{ domain }}" "proxy65"
proxy65_acl = { "{{ domain }}" }
{% endfor -%}
|