@ -0,0 +1,231 @@
daemonize = true
pidfile = "/run/prosody/prosody.pid"
-- TODO server name
name = "JabberFR"
min_seconds_between_registrations = 86400
welcome_message = "Bienvenue $username sur le chat $host
limits = {
c2s = {
rate = "3kb/s";
burst = "2s";
};
s2sin = {
rate = "10kb/s";
burst = "5s";
};
}
-- For mod_http_list_domains
main_domains = {
"{{ hostname }}";
}
-- For mod_block_registrations
block_registrations_users = {
"admin", "owner", "operator", "webmaster", "postmaster"
}
-- For mod_s2s_blacklist
s2s_blacklist = {
-- From https://github.com/JabberSPAM/blacklist/blob/master/blacklist.txt
"bashtel.ru",
"darkengine.biz",
"hiddenlizard.org",
"jabber.cd",
"jabber.ipredator.se",
"jabber.npw.net",
"jabber.sampo.ru",
"otr.chat",
"paranoid.scarab.name",
"rassnet.org",
"safetyjabber.com",
"sj.ms",
"xmpp.bytesund.biz",
}
-- Prevents clients from hogging all of the fds with unauthed c2s.
c2s_timeout = 120
-- For MAM.
storage = {
archive = "xmlarchive";
muc_log = "xmlarchive";
}
-- For ChatSecure to actually receive push notifications.
-- TODO: translate new message
push_notification_important_body = "Nouveau message."
-- So that every domain get our services.
disco_items = {
{ "chat.{{ hostname }}", "Salons de discussion" };
--{ "irc.{{ hostname }}", "Passerelle IRC" };
{ "proxy.{{ hostname }}", "Partager plus facilement des fichiers" };
{ "upload.{{ hostname }}", "Héberger de petits fichiers" };
}
-- TODO: default MUC for support/feedback
contact_info = {
abuse = { "mailto:root@{{ hostname }}", "xmpp:root@{{ hostname }}" },
admin = { "mailto:root@{{ hostname }}", "xmpp:root@{{ hostname }}" },
--feedback = { "xmpp:jabberfr@chat.{{ hostname }}?join" },
security = { "mailto:root@{{ hostname }}", "xmpp:root@{{ hostname }}" },
--support = { "xmpp:jabberfr@chat.{{ hostname }}?join" },
}
-- Needed for bosh to work at all on the web.
cross_domain_bosh = true
cross_domain_websocket = true
consider_bosh_secure = true
consider_websocket_secure = true
http_interfaces = { "::1" }
https_interfaces = {}
-- Which clients don’
secure_interfaces = { "::1", "127.0.0.1" }
-- Ugh, spam…
--firewall_scripts = { "/etc/prosody/spammer.pfw" }
-- TODO: admins
admins = { "root@{{ hostname }}" }
-- For more information see: https://prosody.im/doc/libevent
--use_libevent = true
network_backend = "epoll"
-- TODO: maybe we have to change this?
plugin_paths = { "/usr/lib/prosody/prosody-modules-private"; "/usr/lib/prosody/prosody-modules" }
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
-- Not essential, but recommended
"carbons"; -- Keep multiple clients in sync
"pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
"private"; -- Private XML storage (for room bookmarks, etc.)
"blocklist"; -- Allow users to block communications with other users
"vcard4"; -- User profiles (stored in PEP)
"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"mam"; -- Store messages in an archive and allow users to access it
"csi_simple"; -- Simple Mobile optimizations
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
-- HTTP modules
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
"websocket"; -- XMPP over WebSockets
-- Other specific functionality
"limits"; -- Enable bandwidth limiting for XMPP connections
"server_contact_info"; -- Publish contact information for this service
"welcome"; -- Welcome users who register accounts
"watchregistrations"; -- Alert admins of registrations
-- prosody-modules
"lastlog"; -- Allows to specify traffic bandwidth limits.
"smacks"; -- Prevents an unreliable connection from eating the battery.
"smacks_offline"; -- Because.
"cloud_notify"; -- For iOS, Android 6+ and WP clients to work properly.
"csi"; -- Optimisations for mobile.
"throttle_unsolicited"; -- Damn spammers!
--"firewall"; -- Ugh, spammers…
"s2s_blacklist"; -- Thanks, spammers.
"secure_interfaces"; -- Insecure local registration.
"auto_answer_disco_info"; -- Answers disco#info on the behalf of the local user.
"inject_ecaps2"; -- Add support for XEP-0390 for all local users.
"ipcheck"; -- Like STUN but over XMPP.
"s2s_bidi"; -- To reduce the amount of s2s.
"bookmarks2"; -- To synchronise bookmarks between XEP-0402 and Private XML.
--"nodeinfo2"; -- For https://the-federation.info
}
certificate = "/etc/prosody/certs/{{ hostname }}.crt"
c2s_require_encryption = true
s2s_require_encryption = true
s2s_secure_auth = true
authentication = "internal_hashed"
archive_expires_after = "1w" -- Remove archived messages after 2 weeks
archive_cleanup_interval = 15
log = {
--debug = "/var/log/prosody/prosody.debug";
info = "/var/log/prosody/prosody.log";
error = "/var/log/prosody/prosody.err";
}
certificates = "certs"
https_certificate = "/etc/prosody/certs/{{ hostname }}.crt"
VirtualHost "jabber.fr"
http_external_url = "https://jabber.fr/"
VirtualHost "anon.{{ hostname }}"
authentication = "anonymous"
allow_anonymous_s2s = false
modules_enabled = {
"muc_ban_ip";
}
modules_disabled = {
"mam";
}
-- TODO: subdomain
Component "chat.{{ hostname }}" "muc"
modules_enabled = {
"s2s_bidi"; -- To reduce the amount of s2s.
"muc_mam";
"muc_badge";
"http_muc_log";
"http_muc_list";
"http_avatar";
"vcard_muc";
"muc_webchat_url";
}
admins = { "tofu@{{ hostname }}" }
muc_room_cache_size = 1024
Component "proxy.{{ hostname }}" "proxy65"
modules_disabled = {
"s2s";
"tls";
}
Component "upload.{{ hostname }}" "http_upload"
modules_enabled = {
"file_management";
}
modules_disabled = {
"s2s";
"tls";
}
http_external_url = "https://upload.{{ hostname }}/"
http_paths = {
upload = "/";
}
http_upload_path = "/srv/http/upload.{{ hostname }}/"
http_upload_file_size_limit = 10 * 1024 * 1024
-- TODO: IRC Gateway
-- Component "irc.{{ hostname }}"
-- component_secret = ":p"
southerntofu