-- Additional paths to search for modules. plugin_paths = { "/usr/local/lib/prosody/modules/" } -- List of server administrators. admins = { {% for admin in xmpp_administrators %}"{{ admin }}", {% endfor %} } -- List of modules to load on startup. modules_enabled = { -- Generally required "roster"; -- Allow users to have a roster. Recommended ;) "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. "tls"; -- Add support for secure TLS on c2s/s2s connections "dialback"; -- s2s dialback support "disco"; -- Service discovery "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. -- Not essential, but recommended "private"; -- Private XML storage (for room bookmarks, etc.) "blocklist"; -- Allow users to block communications with other users "vcard"; -- Allow users to set vCards -- Nice to have "version"; -- Replies to server version requests "uptime"; -- Report how long server has been running "time"; -- Let others know the time here on this server "ping"; -- Replies to XMPP pings with pongs "pep"; -- Enables users to publish their mood, activity, playing music and more "register"; -- Allow users to register on this server using a client and change passwords -- Admin interfaces "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands -- Other specific functionality "announce"; -- Send announcement to all online users "legacyauth"; -- Allow legacy authentication and SSL }; -- Disable account creation by default, for security -- For more information see http://prosody.im/doc/creating_accounts allow_registration = false; -- Set global settings for SSL/TLS. ssl = { key = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key"; certificate = "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem"; dhparam = "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.dh.pem"; } -- Configure TLS protocol and ciphers for client-to-server -- connections (STARTTLS). c2s_ssl = { protocol = "{{ xmpp_server_tls_protocol }}"; ciphers = "{{ xmpp_server_tls_ciphers }}"; } -- Configure TLS protocol and ciphers for client-to-server -- connections (direct TLS). legacy_ssl_ssl = { protocol = "{{ xmpp_server_tls_protocol }}"; ciphers = "{{ xmpp_server_tls_ciphers }}"; } -- Ports on which to have direct TLS/SSL. legacy_ssl_ports = { 5223 } -- Force clients to use encrypted connection. c2s_require_encryption = true -- Disable certificate validation for server-to-server connections. s2s_secure_auth = false -- Path to Prosody's PID file. pidfile = "/run/prosody/prosody.pid" -- Authentication backend. authentication = "ldap" ldap_server = "{{ xmpp_ldap_server }}" ldap_rootdn = "cn=prosody,ou=services,{{ xmpp_ldap_base_dn }}" ldap_password = "{{ xmpp_ldap_password }}" ldap_filter = "(&(mail=$user@$host)(memberOf=cn=xmpp,ou=groups,{{xmpp_ldap_base_dn}}))" ldap_scope = "onelevel" ldap_tls = true ldap_base = "ou=people,{{ xmpp_ldap_base_dn }}" -- Storage backend. storage = "internal" -- Logging configuration. log = { info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging error = "/var/log/prosody/prosody.err"; "*syslog"; } -- Domains which should be handled by Prosody, with dedicated MUC and file -- proxying components. {% for domain in xmpp_domains -%} VirtualHost "{{ domain }}" Component "conference.{{ domain }}" "muc" restrict_room_creation = "local" Component "proxy.{{ domain }}" "proxy65" proxy65_acl = { "{{ domain }}" } {% endfor -%}