diff --git a/roles/xmpp_server/templates/prosody.cfg.lua.j2 b/roles/xmpp_server/templates/prosody.cfg.lua.j2 new file mode 100644 index 0000000000000000000000000000000000000000..75789744a6ea5e4983d51c5f2960a9c91ce22a53 --- /dev/null +++ b/roles/xmpp_server/templates/prosody.cfg.lua.j2 @@ -0,0 +1,89 @@ +-- Additional paths to search for modules. +plugin_paths = { "/usr/local/lib/prosody/modules/" } + +-- List of server administrators. +admins = { {% for admin in xmpp_administrators %}"{{ admin }}", {% endfor %} } + +-- List of modules to load on startup. +modules_enabled = { + + -- Generally required + "roster"; -- Allow users to have a roster. Recommended ;) + "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + "dialback"; -- s2s dialback support + "disco"; -- Service discovery + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + + -- Not essential, but recommended + "private"; -- Private XML storage (for room bookmarks, etc.) + "vcard"; -- Allow users to set vCards + + -- Nice to have + "version"; -- Replies to server version requests + "uptime"; -- Report how long server has been running + "time"; -- Let others know the time here on this server + "ping"; -- Replies to XMPP pings with pongs + "pep"; -- Enables users to publish their mood, activity, playing music and more + "register"; -- Allow users to register on this server using a client and change passwords + + -- Admin interfaces + "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands + + -- Other specific functionality + "announce"; -- Send announcement to all online users + "legacyauth"; -- Allow legacy authentication and SSL +}; + +-- Disable account creation by default, for security +-- For more information see http://prosody.im/doc/creating_accounts +allow_registration = false; + +-- These are the SSL/TLS-related settings. If you don't want +-- to use SSL/TLS, you may comment or remove this +ssl = { + key = "/etc/ssl/private/{{ xmpp_tls_key | basename }}"; + certificate = "/etc/ssl/certs/{{ xmpp_tls_certificate | basename }}"; +} + +-- Ports on which to have direct TLS/SSL. +legacy_ssl_ports = { 5223 } + +-- Force clients to use encrypted connection. +c2s_require_encryption = true + +-- Disable certificate validation for server-to-server connections. +s2s_secure_auth = false + +-- Path to Prosody's PID file. +pidfile = "/var/run/prosody/prosody.pid" + +-- Authentication backend. +authentication = "ldap" +ldap_server = "{{ xmpp_ldap_server }}" +ldap_rootdn = "{{ xmpp_ldap_bind_dn }}" +ldap_password = "{{ xmpp_ldap_password }}" +ldap_filter = "{{ xmpp_ldap_filter }}" +ldap_scope = "{{ xmpp_ldap_scope }}" +ldap_tls = {{ xmpp_ldap_tls }} +ldap_base = "{{ xmpp_ldap_base }}" + +-- Storage backend. +storage = "internal" + +-- Logging configuration. +log = { + info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging + error = "/var/log/prosody/prosody.err"; + "*syslog"; +} + +-- Domains which should be handled by Prosody, with dedicated MUC and file +-- proxying components. +{% for domain in xmpp_domains -%} +VirtualHost "{{ domain }}" +Component "conference.{{ domain }}" "muc" + restrict_room_creation = "local" +Component "proxy.{{ domain }}" "proxy65" + proxy65_acl = { "{{ domain }}" } +{% endfor -%}