232 lines
6.5 KiB
Django/Jinja
232 lines
6.5 KiB
Django/Jinja
daemonize = true
|
||
pidfile = "/run/prosody/prosody.pid"
|
||
|
||
-- TODO server name
|
||
name = "JabberFR"
|
||
min_seconds_between_registrations = 86400
|
||
welcome_message = "Bienvenue $username sur le chat $host ! Pour toutes vos questions sur Jabber, nous vous recommandons https://{{ hostname }}/\nMerci de NE PAS repondre a ce message automatique."
|
||
|
||
limits = {
|
||
c2s = {
|
||
rate = "3kb/s";
|
||
burst = "2s";
|
||
};
|
||
s2sin = {
|
||
rate = "10kb/s";
|
||
burst = "5s";
|
||
};
|
||
}
|
||
|
||
-- For mod_http_list_domains
|
||
main_domains = {
|
||
"{{ hostname }}";
|
||
}
|
||
|
||
-- For mod_block_registrations
|
||
block_registrations_users = {
|
||
"admin", "owner", "operator", "webmaster", "postmaster"
|
||
}
|
||
|
||
-- For mod_s2s_blacklist
|
||
s2s_blacklist = {
|
||
-- From https://github.com/JabberSPAM/blacklist/blob/master/blacklist.txt
|
||
"bashtel.ru",
|
||
"darkengine.biz",
|
||
"hiddenlizard.org",
|
||
"jabber.cd",
|
||
"jabber.ipredator.se",
|
||
"jabber.npw.net",
|
||
"jabber.sampo.ru",
|
||
"otr.chat",
|
||
"paranoid.scarab.name",
|
||
"rassnet.org",
|
||
"safetyjabber.com",
|
||
"sj.ms",
|
||
"xmpp.bytesund.biz",
|
||
}
|
||
|
||
-- Prevents clients from hogging all of the fds with unauthed c2s.
|
||
c2s_timeout = 120
|
||
|
||
-- For MAM.
|
||
storage = {
|
||
archive = "xmlarchive";
|
||
muc_log = "xmlarchive";
|
||
}
|
||
|
||
-- For ChatSecure to actually receive push notifications.
|
||
-- TODO: translate new message
|
||
push_notification_important_body = "Nouveau message."
|
||
|
||
-- So that every domain get our services.
|
||
disco_items = {
|
||
{ "chat.{{ hostname }}", "Salons de discussion" };
|
||
--{ "irc.{{ hostname }}", "Passerelle IRC" };
|
||
{ "proxy.{{ hostname }}", "Partager plus facilement des fichiers" };
|
||
{ "upload.{{ hostname }}", "Héberger de petits fichiers" };
|
||
}
|
||
|
||
-- TODO: default MUC for support/feedback
|
||
contact_info = {
|
||
abuse = { "mailto:root@{{ hostname }}", "xmpp:root@{{ hostname }}" },
|
||
admin = { "mailto:root@{{ hostname }}", "xmpp:root@{{ hostname }}" },
|
||
--feedback = { "xmpp:jabberfr@chat.{{ hostname }}?join" },
|
||
security = { "mailto:root@{{ hostname }}", "xmpp:root@{{ hostname }}" },
|
||
--support = { "xmpp:jabberfr@chat.{{ hostname }}?join" },
|
||
}
|
||
|
||
-- Needed for bosh to work at all on the web.
|
||
cross_domain_bosh = true
|
||
cross_domain_websocket = true
|
||
consider_bosh_secure = true
|
||
consider_websocket_secure = true
|
||
http_interfaces = { "::1" }
|
||
https_interfaces = {}
|
||
|
||
-- Which clients don’t need TLS to connect.
|
||
secure_interfaces = { "::1", "127.0.0.1" }
|
||
|
||
-- Ugh, spam…
|
||
--firewall_scripts = { "/etc/prosody/spammer.pfw" }
|
||
|
||
-- TODO: admins
|
||
admins = { "root@{{ hostname }}" }
|
||
|
||
-- For more information see: https://prosody.im/doc/libevent
|
||
--use_libevent = true
|
||
network_backend = "epoll"
|
||
|
||
-- TODO: maybe we have to change this?
|
||
plugin_paths = { "/usr/lib/prosody/prosody-modules-private"; "/usr/lib/prosody/prosody-modules" }
|
||
|
||
modules_enabled = {
|
||
|
||
-- Generally required
|
||
"roster"; -- Allow users to have a roster. Recommended ;)
|
||
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
|
||
"tls"; -- Add support for secure TLS on c2s/s2s connections
|
||
"dialback"; -- s2s dialback support
|
||
"disco"; -- Service discovery
|
||
|
||
-- Not essential, but recommended
|
||
"carbons"; -- Keep multiple clients in sync
|
||
"pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
|
||
"private"; -- Private XML storage (for room bookmarks, etc.)
|
||
"blocklist"; -- Allow users to block communications with other users
|
||
"vcard4"; -- User profiles (stored in PEP)
|
||
"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
|
||
|
||
-- Nice to have
|
||
"version"; -- Replies to server version requests
|
||
"uptime"; -- Report how long server has been running
|
||
"time"; -- Let others know the time here on this server
|
||
"ping"; -- Replies to XMPP pings with pongs
|
||
"mam"; -- Store messages in an archive and allow users to access it
|
||
"csi_simple"; -- Simple Mobile optimizations
|
||
|
||
-- Admin interfaces
|
||
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
|
||
|
||
-- HTTP modules
|
||
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
|
||
"websocket"; -- XMPP over WebSockets
|
||
|
||
-- Other specific functionality
|
||
"limits"; -- Enable bandwidth limiting for XMPP connections
|
||
"server_contact_info"; -- Publish contact information for this service
|
||
"welcome"; -- Welcome users who register accounts
|
||
"watchregistrations"; -- Alert admins of registrations
|
||
|
||
-- prosody-modules
|
||
"lastlog"; -- Allows to specify traffic bandwidth limits.
|
||
"smacks"; -- Prevents an unreliable connection from eating the battery.
|
||
"smacks_offline"; -- Because.
|
||
"cloud_notify"; -- For iOS, Android 6+ and WP clients to work properly.
|
||
"csi"; -- Optimisations for mobile.
|
||
"throttle_unsolicited"; -- Damn spammers!
|
||
--"firewall"; -- Ugh, spammers…
|
||
"s2s_blacklist"; -- Thanks, spammers.
|
||
"secure_interfaces"; -- Insecure local registration.
|
||
"auto_answer_disco_info"; -- Answers disco#info on the behalf of the local user.
|
||
"inject_ecaps2"; -- Add support for XEP-0390 for all local users.
|
||
"ipcheck"; -- Like STUN but over XMPP.
|
||
"s2s_bidi"; -- To reduce the amount of s2s.
|
||
"bookmarks2"; -- To synchronise bookmarks between XEP-0402 and Private XML.
|
||
--"nodeinfo2"; -- For https://the-federation.info
|
||
}
|
||
|
||
certificate = "/etc/prosody/certs/{{ hostname }}.crt"
|
||
|
||
c2s_require_encryption = true
|
||
s2s_require_encryption = true
|
||
s2s_secure_auth = true
|
||
|
||
authentication = "internal_hashed"
|
||
|
||
archive_expires_after = "1w" -- Remove archived messages after 2 weeks
|
||
archive_cleanup_interval = 15
|
||
|
||
log = {
|
||
--debug = "/var/log/prosody/prosody.debug";
|
||
info = "/var/log/prosody/prosody.log";
|
||
error = "/var/log/prosody/prosody.err";
|
||
}
|
||
|
||
certificates = "certs"
|
||
|
||
https_certificate = "/etc/prosody/certs/{{ hostname }}.crt"
|
||
|
||
VirtualHost "jabber.fr"
|
||
http_external_url = "https://jabber.fr/"
|
||
|
||
VirtualHost "anon.{{ hostname }}"
|
||
authentication = "anonymous"
|
||
allow_anonymous_s2s = false
|
||
modules_enabled = {
|
||
"muc_ban_ip";
|
||
}
|
||
modules_disabled = {
|
||
"mam";
|
||
}
|
||
|
||
-- TODO: subdomain
|
||
Component "chat.{{ hostname }}" "muc"
|
||
modules_enabled = {
|
||
"s2s_bidi"; -- To reduce the amount of s2s.
|
||
"muc_mam";
|
||
"muc_badge";
|
||
"http_muc_log";
|
||
"http_muc_list";
|
||
"http_avatar";
|
||
"vcard_muc";
|
||
"muc_webchat_url";
|
||
}
|
||
admins = { "tofu@{{ hostname }}" }
|
||
muc_room_cache_size = 1024
|
||
|
||
Component "proxy.{{ hostname }}" "proxy65"
|
||
modules_disabled = {
|
||
"s2s";
|
||
"tls";
|
||
}
|
||
|
||
Component "upload.{{ hostname }}" "http_upload"
|
||
modules_enabled = {
|
||
"file_management";
|
||
}
|
||
modules_disabled = {
|
||
"s2s";
|
||
"tls";
|
||
}
|
||
http_external_url = "https://upload.{{ hostname }}/"
|
||
http_paths = {
|
||
upload = "/";
|
||
}
|
||
http_upload_path = "/srv/http/upload.{{ hostname }}/"
|
||
http_upload_file_size_limit = 10 * 1024 * 1024
|
||
|
||
-- TODO: IRC Gateway
|
||
-- Component "irc.{{ hostname }}"
|
||
-- component_secret = ":p"
|
||
|