homelab/roles/prosody/templates/prosody.cfg.lua.j2
Ivan Reshetnikov 5ad6bb9aee
Fix issues with prosody
You may need to flush your dns cache and re-login.
2024-10-29 02:11:02 +05:00

120 lines
4.5 KiB
Django/Jinja

admins = { "lumin@xmpp.comfycamp.space" }
ssl = { key = "/etc/prosody/privkey.pem", certificate = "/etc/prosody/fullchain.pem" }
external_addresses = { "62.16.41.235" }
modules_enabled = {
-- Generally required
"disco"; -- Service discovery
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
-- Not essential, but recommended
"blocklist"; -- Allow users to block communications with other users
"bookmarks"; -- Synchronise the list of open rooms between clients
"carbons"; -- Keep multiple online clients in sync
"dialback"; -- Support for verifying remote servers using DNS
"limits"; -- Enable bandwidth limiting for XMPP connections
"pep"; -- Allow users to store public and private data in their account
"private"; -- Legacy account storage mechanism (XEP-0049)
"smacks"; -- Stream management and resumption (XEP-0198)
"vcard4"; -- User profiles (stored in PEP)
"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
-- Nice to have
"csi_simple"; -- Simple but effective traffic optimizations for mobile devices
"invites"; -- Create and manage invites
"invites_adhoc"; -- Allow admins/users to create invitations via their client
"invites_register"; -- Allows invited users to create accounts
"ping"; -- Replies to XMPP pings with pongs
"register"; -- Allow users to register on this server using a client and change passwords
"time"; -- Let others know the time here on this server
"uptime"; -- Report how long server has been running
"version"; -- Replies to server version requests
"mam"; -- Store recent messages to allow multi-device synchronization
"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
"admin_shell"; -- Allow secure administration via 'prosodyctl shell'
-- HTTP modules
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
"websocket"; -- XMPP over WebSockets
--"http_openmetrics"; -- for exposing metrics to stats collectors
-- Other specific functionality
"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288)
"watchregistrations"; -- Alert admins of registrations
"server_contact_info"; -- Publish contact information for this service
--"announce"; -- Send announcement to all online users
--"groups"; -- Shared roster support
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
--"mimicking"; -- Prevent address spoofing
--"motd"; -- Send a message to users when they log in
--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
--"tombstones"; -- Prevent registration of deleted accounts
--"welcome"; -- Welcome users who register accounts
-- Custom modules
"auth_ldap";
"cloud_notify"; -- XEP-0357; requires mod_smacks, mod_mam and mod_carbons
}
modules_disabled = {}
allow_registration = false
c2s_require_encryption = true
s2s_require_encryption = true
s2s_secure_auth = false
storage = "sql"
sql = {
driver = "PostgreSQL";
database = "{{ postgresql_database }}";
host = "{{ postgresql_host }}";
port = {{ postgresql_port }};
username = "{{ postgresql_username }}";
password = "{{ postgresql_password }}";
}
http_external_url = "https://xmpp.comfycamp.space/"
http_ports = { 5280 }
http_interfaces = { "*" }
https_ports = { 5281 }
https_interfaces = { "*" }
legacy_ssl_ports = { 5223 }
trusted_proxies = { "172.24.0.0/16" }
turn_external_host = "{{ turn_external_host }}"
turn_external_secret = "{{ turn_external_secret }}"
contact_info = {
admin = { "mailto:admin@comfycamp.space", "xmpp:lumin@xmpp.comfycamp.space" };
feedback = { "https://git.comfycamp.space/lumin/homelab" };
}
VirtualHost "{{ virtual_host }}"
authentication = "ldap"
ldap_server = "comfycamp.space:389"
ldap_base = "DC=ldap,DC=goauthentik,DC=io"
ldap_tls = false
ldap_rootdn = "cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io"
ldap_password = "{{ ldap_password }}"
ldap_filter = "(&(objectclass=user)(cn=$user))"
Component "{{ muc_domain }}" "muc"
restrict_room_creation = "local"
modules_enabled = {
"vcard_muc"; -- XEP-0153
"muc_mam"; -- XEP-0313
}
Component "{{ http_file_share_domain }}" "http_file_share"