majic-ansible-roles Files · roles/xmpp_server/templates/prosody.cfg.lua.j2

Files @ 770551dc8c6f

Branch filter:

Location: majic-ansible-roles/roles/xmpp_server/templates/prosody.cfg.lua.j2

770551dc8c6f 3.1 KiB text/plain Show Annotation Show as Raw Download as Raw

branko

MAR-148: Improve the SSH connectivity tests in backup_server role to be more reliable:

- Introduce a session-level fixture for setting permissions for client
SSH private keys (fixes errors related to SSH requesting tighter
permissions).
- Add assertions for the tests that verify the backup clients cannot
connect to the regular SSH server in case the SSH private keys do
not have correct permissions (just in case).

-- Additional paths to search for modules.
plugin_paths = { "/usr/local/lib/prosody/modules/" }

-- List of server administrators.
admins = { {% for admin in xmpp_administrators %}"{{ admin }}", {% endfor %} }

-- List of modules to load on startup.
modules_enabled = {

  -- Generally required
    "roster"; -- Allow users to have a roster. Recommended ;)
    "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
    "tls"; -- Add support for secure TLS on c2s/s2s connections
    "dialback"; -- s2s dialback support
    "disco"; -- Service discovery
    "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.

  -- Not essential, but recommended
    "private"; -- Private XML storage (for room bookmarks, etc.)
    "vcard"; -- Allow users to set vCards

  -- Nice to have
    "version"; -- Replies to server version requests
    "uptime"; -- Report how long server has been running
    "time"; -- Let others know the time here on this server
    "ping"; -- Replies to XMPP pings with pongs
    "pep"; -- Enables users to publish their mood, activity, playing music and more
    "register"; -- Allow users to register on this server using a client and change passwords

  -- Admin interfaces
    "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands

  -- Other specific functionality
    "announce"; -- Send announcement to all online users
    "legacyauth"; -- Allow legacy authentication and SSL
};

-- Disable account creation by default, for security
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false;

-- These are the SSL/TLS-related settings. If you don't want
-- to use SSL/TLS, you may comment or remove this
ssl = {
  key = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key";
  certificate = "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem";
}

-- Ports on which to have direct TLS/SSL.
legacy_ssl_ports = { 5223 }

-- Force clients to use encrypted connection.
c2s_require_encryption = true

-- Disable certificate validation for server-to-server connections.
s2s_secure_auth = false

-- Path to Prosody's PID file.
pidfile = "/var/run/prosody/prosody.pid"

-- Authentication backend.
authentication = "ldap"
ldap_server = "{{ xmpp_ldap_server }}"
ldap_rootdn = "cn=prosody,ou=services,{{ xmpp_ldap_base_dn }}"
ldap_password = "{{ xmpp_ldap_password }}"
ldap_filter = "(&(mail=$user@$host)(memberOf=cn=xmpp,ou=groups,{{xmpp_ldap_base_dn}}))"
ldap_scope = "onelevel"
ldap_tls = true
ldap_base = "ou=people,{{ xmpp_ldap_base_dn }}"

-- Storage backend.
storage = "internal"

-- Logging configuration.
log = {
  info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
  error = "/var/log/prosody/prosody.err";
  "*syslog";
}

-- Domains which should be handled by Prosody, with dedicated MUC and file
-- proxying components.
{% for domain in xmpp_domains -%}
VirtualHost "{{ domain }}"
Component "conference.{{ domain }}" "muc"
  restrict_room_creation = "local"
Component "proxy.{{ domain }}" "proxy65"
  proxy65_acl = { "{{ domain }}" }
{% endfor -%}