forked from tilde-fr/infra
Compare commits
1 Commits
master
...
jabberserv
Author | SHA1 | Date |
---|---|---|
southerntofu | 064f36f368 |
|
@ -0,0 +1,231 @@
|
|||
daemonize = true
|
||||
pidfile = "/run/prosody/prosody.pid"
|
||||
|
||||
-- TODO server name
|
||||
name = "JabberFR"
|
||||
min_seconds_between_registrations = 86400
|
||||
welcome_message = "Bienvenue $username sur le chat $host ! Pour toutes vos questions sur Jabber, nous vous recommandons https://{{ hostname }}/\nMerci de NE PAS repondre a ce message automatique."
|
||||
|
||||
limits = {
|
||||
c2s = {
|
||||
rate = "3kb/s";
|
||||
burst = "2s";
|
||||
};
|
||||
s2sin = {
|
||||
rate = "10kb/s";
|
||||
burst = "5s";
|
||||
};
|
||||
}
|
||||
|
||||
-- For mod_http_list_domains
|
||||
main_domains = {
|
||||
"{{ hostname }}";
|
||||
}
|
||||
|
||||
-- For mod_block_registrations
|
||||
block_registrations_users = {
|
||||
"admin", "owner", "operator", "webmaster", "postmaster"
|
||||
}
|
||||
|
||||
-- For mod_s2s_blacklist
|
||||
s2s_blacklist = {
|
||||
-- From https://github.com/JabberSPAM/blacklist/blob/master/blacklist.txt
|
||||
"bashtel.ru",
|
||||
"darkengine.biz",
|
||||
"hiddenlizard.org",
|
||||
"jabber.cd",
|
||||
"jabber.ipredator.se",
|
||||
"jabber.npw.net",
|
||||
"jabber.sampo.ru",
|
||||
"otr.chat",
|
||||
"paranoid.scarab.name",
|
||||
"rassnet.org",
|
||||
"safetyjabber.com",
|
||||
"sj.ms",
|
||||
"xmpp.bytesund.biz",
|
||||
}
|
||||
|
||||
-- Prevents clients from hogging all of the fds with unauthed c2s.
|
||||
c2s_timeout = 120
|
||||
|
||||
-- For MAM.
|
||||
storage = {
|
||||
archive = "xmlarchive";
|
||||
muc_log = "xmlarchive";
|
||||
}
|
||||
|
||||
-- For ChatSecure to actually receive push notifications.
|
||||
-- TODO: translate new message
|
||||
push_notification_important_body = "Nouveau message."
|
||||
|
||||
-- So that every domain get our services.
|
||||
disco_items = {
|
||||
{ "chat.{{ hostname }}", "Salons de discussion" };
|
||||
--{ "irc.{{ hostname }}", "Passerelle IRC" };
|
||||
{ "proxy.{{ hostname }}", "Partager plus facilement des fichiers" };
|
||||
{ "upload.{{ hostname }}", "Héberger de petits fichiers" };
|
||||
}
|
||||
|
||||
-- TODO: default MUC for support/feedback
|
||||
contact_info = {
|
||||
abuse = { "mailto:root@{{ hostname }}", "xmpp:root@{{ hostname }}" },
|
||||
admin = { "mailto:root@{{ hostname }}", "xmpp:root@{{ hostname }}" },
|
||||
--feedback = { "xmpp:jabberfr@chat.{{ hostname }}?join" },
|
||||
security = { "mailto:root@{{ hostname }}", "xmpp:root@{{ hostname }}" },
|
||||
--support = { "xmpp:jabberfr@chat.{{ hostname }}?join" },
|
||||
}
|
||||
|
||||
-- Needed for bosh to work at all on the web.
|
||||
cross_domain_bosh = true
|
||||
cross_domain_websocket = true
|
||||
consider_bosh_secure = true
|
||||
consider_websocket_secure = true
|
||||
http_interfaces = { "::1" }
|
||||
https_interfaces = {}
|
||||
|
||||
-- Which clients don’t need TLS to connect.
|
||||
secure_interfaces = { "::1", "127.0.0.1" }
|
||||
|
||||
-- Ugh, spam…
|
||||
--firewall_scripts = { "/etc/prosody/spammer.pfw" }
|
||||
|
||||
-- TODO: admins
|
||||
admins = { "root@{{ hostname }}" }
|
||||
|
||||
-- For more information see: https://prosody.im/doc/libevent
|
||||
--use_libevent = true
|
||||
network_backend = "epoll"
|
||||
|
||||
-- TODO: maybe we have to change this?
|
||||
plugin_paths = { "/usr/lib/prosody/prosody-modules-private"; "/usr/lib/prosody/prosody-modules" }
|
||||
|
||||
modules_enabled = {
|
||||
|
||||
-- Generally required
|
||||
"roster"; -- Allow users to have a roster. Recommended ;)
|
||||
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
|
||||
"tls"; -- Add support for secure TLS on c2s/s2s connections
|
||||
"dialback"; -- s2s dialback support
|
||||
"disco"; -- Service discovery
|
||||
|
||||
-- Not essential, but recommended
|
||||
"carbons"; -- Keep multiple clients in sync
|
||||
"pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
|
||||
"private"; -- Private XML storage (for room bookmarks, etc.)
|
||||
"blocklist"; -- Allow users to block communications with other users
|
||||
"vcard4"; -- User profiles (stored in PEP)
|
||||
"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
|
||||
|
||||
-- Nice to have
|
||||
"version"; -- Replies to server version requests
|
||||
"uptime"; -- Report how long server has been running
|
||||
"time"; -- Let others know the time here on this server
|
||||
"ping"; -- Replies to XMPP pings with pongs
|
||||
"mam"; -- Store messages in an archive and allow users to access it
|
||||
"csi_simple"; -- Simple Mobile optimizations
|
||||
|
||||
-- Admin interfaces
|
||||
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
|
||||
|
||||
-- HTTP modules
|
||||
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
|
||||
"websocket"; -- XMPP over WebSockets
|
||||
|
||||
-- Other specific functionality
|
||||
"limits"; -- Enable bandwidth limiting for XMPP connections
|
||||
"server_contact_info"; -- Publish contact information for this service
|
||||
"welcome"; -- Welcome users who register accounts
|
||||
"watchregistrations"; -- Alert admins of registrations
|
||||
|
||||
-- prosody-modules
|
||||
"lastlog"; -- Allows to specify traffic bandwidth limits.
|
||||
"smacks"; -- Prevents an unreliable connection from eating the battery.
|
||||
"smacks_offline"; -- Because.
|
||||
"cloud_notify"; -- For iOS, Android 6+ and WP clients to work properly.
|
||||
"csi"; -- Optimisations for mobile.
|
||||
"throttle_unsolicited"; -- Damn spammers!
|
||||
--"firewall"; -- Ugh, spammers…
|
||||
"s2s_blacklist"; -- Thanks, spammers.
|
||||
"secure_interfaces"; -- Insecure local registration.
|
||||
"auto_answer_disco_info"; -- Answers disco#info on the behalf of the local user.
|
||||
"inject_ecaps2"; -- Add support for XEP-0390 for all local users.
|
||||
"ipcheck"; -- Like STUN but over XMPP.
|
||||
"s2s_bidi"; -- To reduce the amount of s2s.
|
||||
"bookmarks2"; -- To synchronise bookmarks between XEP-0402 and Private XML.
|
||||
--"nodeinfo2"; -- For https://the-federation.info
|
||||
}
|
||||
|
||||
certificate = "/etc/prosody/certs/{{ hostname }}.crt"
|
||||
|
||||
c2s_require_encryption = true
|
||||
s2s_require_encryption = true
|
||||
s2s_secure_auth = true
|
||||
|
||||
authentication = "internal_hashed"
|
||||
|
||||
archive_expires_after = "1w" -- Remove archived messages after 2 weeks
|
||||
archive_cleanup_interval = 15
|
||||
|
||||
log = {
|
||||
--debug = "/var/log/prosody/prosody.debug";
|
||||
info = "/var/log/prosody/prosody.log";
|
||||
error = "/var/log/prosody/prosody.err";
|
||||
}
|
||||
|
||||
certificates = "certs"
|
||||
|
||||
https_certificate = "/etc/prosody/certs/{{ hostname }}.crt"
|
||||
|
||||
VirtualHost "jabber.fr"
|
||||
http_external_url = "https://jabber.fr/"
|
||||
|
||||
VirtualHost "anon.{{ hostname }}"
|
||||
authentication = "anonymous"
|
||||
allow_anonymous_s2s = false
|
||||
modules_enabled = {
|
||||
"muc_ban_ip";
|
||||
}
|
||||
modules_disabled = {
|
||||
"mam";
|
||||
}
|
||||
|
||||
-- TODO: subdomain
|
||||
Component "chat.{{ hostname }}" "muc"
|
||||
modules_enabled = {
|
||||
"s2s_bidi"; -- To reduce the amount of s2s.
|
||||
"muc_mam";
|
||||
"muc_badge";
|
||||
"http_muc_log";
|
||||
"http_muc_list";
|
||||
"http_avatar";
|
||||
"vcard_muc";
|
||||
"muc_webchat_url";
|
||||
}
|
||||
admins = { "tofu@{{ hostname }}" }
|
||||
muc_room_cache_size = 1024
|
||||
|
||||
Component "proxy.{{ hostname }}" "proxy65"
|
||||
modules_disabled = {
|
||||
"s2s";
|
||||
"tls";
|
||||
}
|
||||
|
||||
Component "upload.{{ hostname }}" "http_upload"
|
||||
modules_enabled = {
|
||||
"file_management";
|
||||
}
|
||||
modules_disabled = {
|
||||
"s2s";
|
||||
"tls";
|
||||
}
|
||||
http_external_url = "https://upload.{{ hostname }}/"
|
||||
http_paths = {
|
||||
upload = "/";
|
||||
}
|
||||
http_upload_path = "/srv/http/upload.{{ hostname }}/"
|
||||
http_upload_file_size_limit = 10 * 1024 * 1024
|
||||
|
||||
-- TODO: IRC Gateway
|
||||
-- Component "irc.{{ hostname }}"
|
||||
-- component_secret = ":p"
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
- name: jabber-setup-prosody
|
||||
apt:
|
||||
name: prosody
|
||||
state: present
|
||||
|
||||
- name: jabber-config
|
||||
template:
|
||||
src: ../files/prosody.cfg.lua.j2
|
||||
dest: /etc/prosody/prosody.cfg.lua
|
Loading…
Reference in New Issue