diff options
| author | Matthew Fennell <matthew@fennell.dev> | 2024-01-07 12:28:15 +0000 |
|---|---|---|
| committer | Matthew Fennell <matthew@fennell.dev> | 2024-01-07 12:28:15 +0000 |
| commit | 14465fc9602ec96fc9d4e48bc0120e75415e1e26 (patch) | |
| tree | 4665e62cf54080f00b5b1ed3a49fb4632e766654 | |
| parent | 71e36164cae64494cdb91f537d65821c8e2e00f8 (diff) | |
Install prosody config file
This commit adds a prosody configuration file that can be installed on the
remote hosts. This lets me make the configuration locally, deploy it to staging
environments, and then to prod, without having to directly login to the hosts.
| -rw-r--r-- | README.md | 3 | ||||
| -rw-r--r-- | files/prosody.cfg.lua | 69 | ||||
| -rw-r--r-- | playbook.yaml | 14 |
3 files changed, 86 insertions, 0 deletions
@@ -11,6 +11,9 @@ This playbook is for creating an XMPP server using prosody. I use this playbook for my own purposes; it will likely not generalise to other deployments. +For instance, it is only tested with Debian Stable running on both the control +and managed nodes. + ## Quickstart ### Managed node initial setup diff --git a/files/prosody.cfg.lua b/files/prosody.cfg.lua new file mode 100644 index 0000000..57d307a --- /dev/null +++ b/files/prosody.cfg.lua @@ -0,0 +1,69 @@ +-- SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev> +-- +-- SPDX-License-Identifier: AGPL-3.0-only + +admins = { } + +plugin_paths = { "/usr/local/lib/prosody/modules" } + +modules_enabled = { + "admin_adhoc"; + "admin_shell"; + "blocklist"; + "bookmarks"; + "carbons"; + "csi_simple"; + "dialback"; + "disco"; + "invites"; + "invites_adhoc"; + "invites_register"; + "limits"; + "mam"; + "mimicking"; + "pep"; + "ping"; + "posix"; + "private"; + "register"; + "roster"; + "saslauth"; + "smacks"; + "time"; + "tls"; + "uptime"; + "vcard4"; + "vcard_legacy"; + "version"; +} + +modules_disabled = { } + +pidfile = "/run/prosody/prosody.pid"; + +log = { + info = "/var/log/prosody/prosody.log"; + error = "/var/log/prosody/prosody.err"; + { levels = { "error" }; to = "syslog"; }; +} + +s2s_secure_auth = true +s2s_require_encryption = true +c2s_require_encryption = true +authentication = "internal_hashed" +certificates = "certs" + +allow_registration = true + +limits = { + c2s = { + rate = "10kb/s"; + }; + s2sin = { + rate = "30kb/s"; + }; +} + +archive_expires_after = "3y" + +Include "conf.d/*.cfg.lua" diff --git a/playbook.yaml b/playbook.yaml index 503d3ae..b396d21 100644 --- a/playbook.yaml +++ b/playbook.yaml @@ -26,3 +26,17 @@ - WWW - XMPP become: true + - name: Ensure prosody is configured + ansible.builtin.copy: + src: "{{ playbook_dir }}/files/prosody.cfg.lua" + dest: /etc/prosody/prosody.cfg.lua + owner: root + group: root + mode: "0640" + become: true + - name: Ensure prosody config is reloaded + ansible.builtin.service: + name: prosody + enabled: true + state: reloaded + become: true |