début de support de prosody (serveur jabber)
This commit is contained in:
parent
749f80a664
commit
064f36f368
|
@ -0,0 +1,231 @@
|
||||||
|
daemonize = true
|
||||||
|
pidfile = "/run/prosody/prosody.pid"
|
||||||
|
|
||||||
|
-- TODO server name
|
||||||
|
name = "JabberFR"
|
||||||
|
min_seconds_between_registrations = 86400
|
||||||
|
welcome_message = "Bienvenue $username sur le chat $host ! Pour toutes vos questions sur Jabber, nous vous recommandons https://{{ hostname }}/\nMerci de NE PAS repondre a ce message automatique."
|
||||||
|
|
||||||
|
limits = {
|
||||||
|
c2s = {
|
||||||
|
rate = "3kb/s";
|
||||||
|
burst = "2s";
|
||||||
|
};
|
||||||
|
s2sin = {
|
||||||
|
rate = "10kb/s";
|
||||||
|
burst = "5s";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
-- For mod_http_list_domains
|
||||||
|
main_domains = {
|
||||||
|
"{{ hostname }}";
|
||||||
|
}
|
||||||
|
|
||||||
|
-- For mod_block_registrations
|
||||||
|
block_registrations_users = {
|
||||||
|
"admin", "owner", "operator", "webmaster", "postmaster"
|
||||||
|
}
|
||||||
|
|
||||||
|
-- For mod_s2s_blacklist
|
||||||
|
s2s_blacklist = {
|
||||||
|
-- From https://github.com/JabberSPAM/blacklist/blob/master/blacklist.txt
|
||||||
|
"bashtel.ru",
|
||||||
|
"darkengine.biz",
|
||||||
|
"hiddenlizard.org",
|
||||||
|
"jabber.cd",
|
||||||
|
"jabber.ipredator.se",
|
||||||
|
"jabber.npw.net",
|
||||||
|
"jabber.sampo.ru",
|
||||||
|
"otr.chat",
|
||||||
|
"paranoid.scarab.name",
|
||||||
|
"rassnet.org",
|
||||||
|
"safetyjabber.com",
|
||||||
|
"sj.ms",
|
||||||
|
"xmpp.bytesund.biz",
|
||||||
|
}
|
||||||
|
|
||||||
|
-- Prevents clients from hogging all of the fds with unauthed c2s.
|
||||||
|
c2s_timeout = 120
|
||||||
|
|
||||||
|
-- For MAM.
|
||||||
|
storage = {
|
||||||
|
archive = "xmlarchive";
|
||||||
|
muc_log = "xmlarchive";
|
||||||
|
}
|
||||||
|
|
||||||
|
-- For ChatSecure to actually receive push notifications.
|
||||||
|
-- TODO: translate new message
|
||||||
|
push_notification_important_body = "Nouveau message."
|
||||||
|
|
||||||
|
-- So that every domain get our services.
|
||||||
|
disco_items = {
|
||||||
|
{ "chat.{{ hostname }}", "Salons de discussion" };
|
||||||
|
--{ "irc.{{ hostname }}", "Passerelle IRC" };
|
||||||
|
{ "proxy.{{ hostname }}", "Partager plus facilement des fichiers" };
|
||||||
|
{ "upload.{{ hostname }}", "Héberger de petits fichiers" };
|
||||||
|
}
|
||||||
|
|
||||||
|
-- TODO: default MUC for support/feedback
|
||||||
|
contact_info = {
|
||||||
|
abuse = { "mailto:root@{{ hostname }}", "xmpp:root@{{ hostname }}" },
|
||||||
|
admin = { "mailto:root@{{ hostname }}", "xmpp:root@{{ hostname }}" },
|
||||||
|
--feedback = { "xmpp:jabberfr@chat.{{ hostname }}?join" },
|
||||||
|
security = { "mailto:root@{{ hostname }}", "xmpp:root@{{ hostname }}" },
|
||||||
|
--support = { "xmpp:jabberfr@chat.{{ hostname }}?join" },
|
||||||
|
}
|
||||||
|
|
||||||
|
-- Needed for bosh to work at all on the web.
|
||||||
|
cross_domain_bosh = true
|
||||||
|
cross_domain_websocket = true
|
||||||
|
consider_bosh_secure = true
|
||||||
|
consider_websocket_secure = true
|
||||||
|
http_interfaces = { "::1" }
|
||||||
|
https_interfaces = {}
|
||||||
|
|
||||||
|
-- Which clients don’t need TLS to connect.
|
||||||
|
secure_interfaces = { "::1", "127.0.0.1" }
|
||||||
|
|
||||||
|
-- Ugh, spam…
|
||||||
|
--firewall_scripts = { "/etc/prosody/spammer.pfw" }
|
||||||
|
|
||||||
|
-- TODO: admins
|
||||||
|
admins = { "root@{{ hostname }}" }
|
||||||
|
|
||||||
|
-- For more information see: https://prosody.im/doc/libevent
|
||||||
|
--use_libevent = true
|
||||||
|
network_backend = "epoll"
|
||||||
|
|
||||||
|
-- TODO: maybe we have to change this?
|
||||||
|
plugin_paths = { "/usr/lib/prosody/prosody-modules-private"; "/usr/lib/prosody/prosody-modules" }
|
||||||
|
|
||||||
|
modules_enabled = {
|
||||||
|
|
||||||
|
-- Generally required
|
||||||
|
"roster"; -- Allow users to have a roster. Recommended ;)
|
||||||
|
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
|
||||||
|
"tls"; -- Add support for secure TLS on c2s/s2s connections
|
||||||
|
"dialback"; -- s2s dialback support
|
||||||
|
"disco"; -- Service discovery
|
||||||
|
|
||||||
|
-- Not essential, but recommended
|
||||||
|
"carbons"; -- Keep multiple clients in sync
|
||||||
|
"pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
|
||||||
|
"private"; -- Private XML storage (for room bookmarks, etc.)
|
||||||
|
"blocklist"; -- Allow users to block communications with other users
|
||||||
|
"vcard4"; -- User profiles (stored in PEP)
|
||||||
|
"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
|
||||||
|
|
||||||
|
-- Nice to have
|
||||||
|
"version"; -- Replies to server version requests
|
||||||
|
"uptime"; -- Report how long server has been running
|
||||||
|
"time"; -- Let others know the time here on this server
|
||||||
|
"ping"; -- Replies to XMPP pings with pongs
|
||||||
|
"mam"; -- Store messages in an archive and allow users to access it
|
||||||
|
"csi_simple"; -- Simple Mobile optimizations
|
||||||
|
|
||||||
|
-- Admin interfaces
|
||||||
|
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
|
||||||
|
|
||||||
|
-- HTTP modules
|
||||||
|
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
|
||||||
|
"websocket"; -- XMPP over WebSockets
|
||||||
|
|
||||||
|
-- Other specific functionality
|
||||||
|
"limits"; -- Enable bandwidth limiting for XMPP connections
|
||||||
|
"server_contact_info"; -- Publish contact information for this service
|
||||||
|
"welcome"; -- Welcome users who register accounts
|
||||||
|
"watchregistrations"; -- Alert admins of registrations
|
||||||
|
|
||||||
|
-- prosody-modules
|
||||||
|
"lastlog"; -- Allows to specify traffic bandwidth limits.
|
||||||
|
"smacks"; -- Prevents an unreliable connection from eating the battery.
|
||||||
|
"smacks_offline"; -- Because.
|
||||||
|
"cloud_notify"; -- For iOS, Android 6+ and WP clients to work properly.
|
||||||
|
"csi"; -- Optimisations for mobile.
|
||||||
|
"throttle_unsolicited"; -- Damn spammers!
|
||||||
|
--"firewall"; -- Ugh, spammers…
|
||||||
|
"s2s_blacklist"; -- Thanks, spammers.
|
||||||
|
"secure_interfaces"; -- Insecure local registration.
|
||||||
|
"auto_answer_disco_info"; -- Answers disco#info on the behalf of the local user.
|
||||||
|
"inject_ecaps2"; -- Add support for XEP-0390 for all local users.
|
||||||
|
"ipcheck"; -- Like STUN but over XMPP.
|
||||||
|
"s2s_bidi"; -- To reduce the amount of s2s.
|
||||||
|
"bookmarks2"; -- To synchronise bookmarks between XEP-0402 and Private XML.
|
||||||
|
--"nodeinfo2"; -- For https://the-federation.info
|
||||||
|
}
|
||||||
|
|
||||||
|
certificate = "/etc/prosody/certs/{{ hostname }}.crt"
|
||||||
|
|
||||||
|
c2s_require_encryption = true
|
||||||
|
s2s_require_encryption = true
|
||||||
|
s2s_secure_auth = true
|
||||||
|
|
||||||
|
authentication = "internal_hashed"
|
||||||
|
|
||||||
|
archive_expires_after = "1w" -- Remove archived messages after 2 weeks
|
||||||
|
archive_cleanup_interval = 15
|
||||||
|
|
||||||
|
log = {
|
||||||
|
--debug = "/var/log/prosody/prosody.debug";
|
||||||
|
info = "/var/log/prosody/prosody.log";
|
||||||
|
error = "/var/log/prosody/prosody.err";
|
||||||
|
}
|
||||||
|
|
||||||
|
certificates = "certs"
|
||||||
|
|
||||||
|
https_certificate = "/etc/prosody/certs/{{ hostname }}.crt"
|
||||||
|
|
||||||
|
VirtualHost "jabber.fr"
|
||||||
|
http_external_url = "https://jabber.fr/"
|
||||||
|
|
||||||
|
VirtualHost "anon.{{ hostname }}"
|
||||||
|
authentication = "anonymous"
|
||||||
|
allow_anonymous_s2s = false
|
||||||
|
modules_enabled = {
|
||||||
|
"muc_ban_ip";
|
||||||
|
}
|
||||||
|
modules_disabled = {
|
||||||
|
"mam";
|
||||||
|
}
|
||||||
|
|
||||||
|
-- TODO: subdomain
|
||||||
|
Component "chat.{{ hostname }}" "muc"
|
||||||
|
modules_enabled = {
|
||||||
|
"s2s_bidi"; -- To reduce the amount of s2s.
|
||||||
|
"muc_mam";
|
||||||
|
"muc_badge";
|
||||||
|
"http_muc_log";
|
||||||
|
"http_muc_list";
|
||||||
|
"http_avatar";
|
||||||
|
"vcard_muc";
|
||||||
|
"muc_webchat_url";
|
||||||
|
}
|
||||||
|
admins = { "tofu@{{ hostname }}" }
|
||||||
|
muc_room_cache_size = 1024
|
||||||
|
|
||||||
|
Component "proxy.{{ hostname }}" "proxy65"
|
||||||
|
modules_disabled = {
|
||||||
|
"s2s";
|
||||||
|
"tls";
|
||||||
|
}
|
||||||
|
|
||||||
|
Component "upload.{{ hostname }}" "http_upload"
|
||||||
|
modules_enabled = {
|
||||||
|
"file_management";
|
||||||
|
}
|
||||||
|
modules_disabled = {
|
||||||
|
"s2s";
|
||||||
|
"tls";
|
||||||
|
}
|
||||||
|
http_external_url = "https://upload.{{ hostname }}/"
|
||||||
|
http_paths = {
|
||||||
|
upload = "/";
|
||||||
|
}
|
||||||
|
http_upload_path = "/srv/http/upload.{{ hostname }}/"
|
||||||
|
http_upload_file_size_limit = 10 * 1024 * 1024
|
||||||
|
|
||||||
|
-- TODO: IRC Gateway
|
||||||
|
-- Component "irc.{{ hostname }}"
|
||||||
|
-- component_secret = ":p"
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
- name: jabber-setup-prosody
|
||||||
|
apt:
|
||||||
|
name: prosody
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: jabber-config
|
||||||
|
template:
|
||||||
|
src: ../files/prosody.cfg.lua.j2
|
||||||
|
dest: /etc/prosody/prosody.cfg.lua
|
Loading…
Reference in New Issue