Files
@ 734eb461396e
Branch filter:
Location: majic-ansible-roles/roles/xmpp_server/templates/prosody.cfg.lua.j2
734eb461396e
4.0 KiB
text/plain
MAR-218: Document the passlib Python package requirement:
- The library is used for hashing the operating system user passwords
during account creation.
- The library is used for hashing the operating system user passwords
during account creation.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 | -- List of server administrators.
admins = { {% for admin in xmpp_administrators %}"{{ admin }}", {% endfor %} }
-- List of modules to load on startup.
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"blocklist"; -- Allow users to block communications with other users
"vcard"; -- Allow users to set vCards
"carbons"; -- Keep multiple clients in sync
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
"register"; -- Allow users to register on this server using a client and change passwords
"mam"; -- Store messages in an archive and allow users to access it
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
-- Other specific functionality
"announce"; -- Send announcement to all online users
"legacyauth"; -- Allow legacy authentication and SSL
};
-- Disable account creation by default, for security
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false;
-- Set global settings for SSL/TLS.
ssl = {
key = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key";
certificate = "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem";
dhparam = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.dh.pem";
}
-- Configure TLS protocol and ciphers for client-to-server
-- connections (STARTTLS).
c2s_ssl = {
protocol = "{{ xmpp_server_tls_protocol }}";
ciphers = "{{ xmpp_server_tls_ciphers }}";
}
-- Configure TLS protocol and ciphers for client-to-server
-- connections (direct TLS).
c2s_direct_tls_ssl = {
protocol = "{{ xmpp_server_tls_protocol }}";
ciphers = "{{ xmpp_server_tls_ciphers }}";
-- @WORKAROUND: No DHE ciphers because dhparam is getting reset
--
-- There is a bug in Prosody 0.12.3 resulting in dhparam value
-- from from global config getting ignored when domain SNI
-- context is initalised on TCP port 5223. Define the parameter
-- in within this configuration context as well to fix the issue.
dhparam = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.dh.pem";
}
-- Ports on which to have direct TLS/SSL.
c2s_direct_tls_ports = { 5223 }
-- Force clients to use encrypted connection.
c2s_require_encryption = true
-- Disable certificate validation for server-to-server connections.
s2s_secure_auth = false
-- Path to Prosody's PID file.
pidfile = "/run/prosody/prosody.pid"
-- Authentication backend.
authentication = "ldap"
ldap_server = "{{ xmpp_ldap_server }}"
ldap_rootdn = "cn=prosody,ou=services,{{ xmpp_ldap_base_dn }}"
ldap_password = "{{ xmpp_ldap_password }}"
ldap_filter = "(&(mail=$user@$host)(memberOf=cn=xmpp,ou=groups,{{xmpp_ldap_base_dn}}))"
ldap_scope = "onelevel"
ldap_tls = true
ldap_base = "ou=people,{{ xmpp_ldap_base_dn }}"
-- Message Archives (mod_mam) configuration.
archive_expires_after = "{{ xmpp_server_archive_expiration }}"
-- Storage backend.
storage = "internal"
-- Logging configuration.
log = {
info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
error = "/var/log/prosody/prosody.err";
"*syslog";
}
-- Domains which should be handled by Prosody, with dedicated MUC and file
-- proxying components.
{% for domain in xmpp_domains -%}
VirtualHost "{{ domain }}"
Component "conference.{{ domain }}" "muc"
restrict_room_creation = "local"
Component "proxy.{{ domain }}" "proxy65"
proxy65_acl = { "{{ domain }}" }
{% endfor -%}
|