126 lines
4.7 KiB
Django/Jinja
126 lines
4.7 KiB
Django/Jinja
admins = { "lumin@xmpp.comfycamp.space" }
|
|
|
|
ssl = { key = "/etc/prosody/privkey.pem", certificate = "/etc/prosody/fullchain.pem" }
|
|
|
|
external_addresses = { "62.16.41.235" }
|
|
|
|
modules_enabled = {
|
|
-- Generally required
|
|
"disco"; -- Service discovery
|
|
"roster"; -- Allow users to have a roster. Recommended ;)
|
|
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
|
|
"tls"; -- Add support for secure TLS on c2s/s2s connections
|
|
|
|
-- Not essential, but recommended
|
|
"blocklist"; -- Allow users to block communications with other users
|
|
"bookmarks"; -- Synchronise the list of open rooms between clients
|
|
"carbons"; -- Keep multiple online clients in sync
|
|
"dialback"; -- Support for verifying remote servers using DNS
|
|
"limits"; -- Enable bandwidth limiting for XMPP connections
|
|
"pep"; -- Allow users to store public and private data in their account
|
|
"private"; -- Legacy account storage mechanism (XEP-0049)
|
|
"smacks"; -- Stream management and resumption (XEP-0198)
|
|
"vcard4"; -- User profiles (stored in PEP)
|
|
"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
|
|
|
|
-- Nice to have
|
|
"csi_simple"; -- Simple but effective traffic optimizations for mobile devices
|
|
"invites"; -- Create and manage invites
|
|
"invites_adhoc"; -- Allow admins/users to create invitations via their client
|
|
"invites_register"; -- Allows invited users to create accounts
|
|
"ping"; -- Replies to XMPP pings with pongs
|
|
"register"; -- Allow users to register on this server using a client and change passwords
|
|
"time"; -- Let others know the time here on this server
|
|
"uptime"; -- Report how long server has been running
|
|
"version"; -- Replies to server version requests
|
|
"mam"; -- Store recent messages to allow multi-device synchronization
|
|
"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls
|
|
|
|
-- Admin interfaces
|
|
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
|
|
"admin_shell"; -- Allow secure administration via 'prosodyctl shell'
|
|
|
|
-- HTTP modules
|
|
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
|
|
"websocket"; -- XMPP over WebSockets
|
|
--"http_openmetrics"; -- for exposing metrics to stats collectors
|
|
|
|
-- Other specific functionality
|
|
"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288)
|
|
"watchregistrations"; -- Alert admins of registrations
|
|
"server_contact_info"; -- Publish contact information for this service
|
|
--"announce"; -- Send announcement to all online users
|
|
--"groups"; -- Shared roster support
|
|
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
|
|
--"mimicking"; -- Prevent address spoofing
|
|
--"motd"; -- Send a message to users when they log in
|
|
--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
|
|
--"tombstones"; -- Prevent registration of deleted accounts
|
|
--"welcome"; -- Welcome users who register accounts
|
|
|
|
-- Custom modules
|
|
"auth_ldap";
|
|
"cloud_notify"; -- XEP-0357; requires mod_smacks, mod_mam and mod_carbons
|
|
}
|
|
|
|
modules_disabled = {}
|
|
|
|
allow_registration = false
|
|
|
|
c2s_require_encryption = true
|
|
s2s_require_encryption = true
|
|
s2s_secure_auth = false
|
|
|
|
storage = "sql"
|
|
sql = {
|
|
driver = "PostgreSQL";
|
|
database = "{{ postgresql_database }}";
|
|
host = "{{ postgresql_host }}";
|
|
port = {{ postgresql_port }};
|
|
username = "{{ postgresql_username }}";
|
|
password = "{{ postgresql_password }}";
|
|
}
|
|
|
|
http_external_url = "https://xmpp.comfycamp.space/"
|
|
|
|
http_ports = { 5280 }
|
|
http_interfaces = { "*" }
|
|
|
|
https_ports = { 5281 }
|
|
https_interfaces = { "*" }
|
|
|
|
legacy_ssl_ports = { 5223 }
|
|
|
|
trusted_proxies = { "172.24.0.0/16" }
|
|
|
|
turn_external_host = "{{ turn_external_host }}"
|
|
turn_external_secret = "{{ turn_external_secret }}"
|
|
|
|
contact_info = {
|
|
admin = { "mailto:admin@comfycamp.space", "xmpp:lumin@xmpp.comfycamp.space" };
|
|
feedback = { "https://git.comfycamp.space/lumin/homelab" };
|
|
}
|
|
|
|
VirtualHost "{{ virtual_host }}"
|
|
disco_items = {
|
|
{ "{{ muc_domain }}", "Multi-user chats" };
|
|
{ "{{ http_file_share_domain }}", "File sharing service" };
|
|
}
|
|
|
|
authentication = "ldap"
|
|
ldap_server = "comfycamp.space:389"
|
|
ldap_base = "DC=ldap,DC=goauthentik,DC=io"
|
|
ldap_tls = false
|
|
ldap_rootdn = "cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io"
|
|
ldap_password = "{{ ldap_password }}"
|
|
ldap_filter = "(&(objectclass=user)(cn=$user))"
|
|
|
|
Component "{{ muc_domain }}" "muc"
|
|
restrict_room_creation = "local"
|
|
modules_enabled = {
|
|
"vcard_muc"; -- XEP-0153
|
|
"muc_mam"; -- XEP-0313
|
|
}
|
|
|
|
Component "{{ http_file_share_domain }}" "http_file_share"
|
|
http_external_url = "https://{{ http_file_share_domain }}/"
|