diff options
| author | Matthew Fennell <matthew@fennell.dev> | 2025-09-21 13:01:12 +0100 |
|---|---|---|
| committer | Matthew Fennell <matthew@fennell.dev> | 2025-09-21 13:13:30 +0100 |
| commit | c686f233201cd2d5d60ebc4b9127d1bc2389dcc3 (patch) | |
| tree | 34ce4558dcb14298c6e4468c86eea7fba5c8f789 | |
| parent | fea8112921b688c508bbab34587dc3c6661c72fa (diff) | |
Place invites behind a flag
Invites are not needed on a single-user transport-only server. Therefore, place
this functionality behind a flag.
| -rw-r--r-- | files/prosody.cfg.lua.j2 | 8 | ||||
| -rw-r--r-- | files/virtual_host.cfg.lua.j2 | 2 | ||||
| -rw-r--r-- | playbook.yaml | 22 |
3 files changed, 29 insertions, 3 deletions
diff --git a/files/prosody.cfg.lua.j2 b/files/prosody.cfg.lua.j2 index 692b0a3..332ac32 100644 --- a/files/prosody.cfg.lua.j2 +++ b/files/prosody.cfg.lua.j2 @@ -47,7 +47,6 @@ modules_enabled = { "stanza_debug"; "time"; "tls"; - "turn_external"; "uptime"; "vcard4"; "vcard_legacy"; @@ -60,6 +59,11 @@ modules_enabled = { "http_libjs"; {% endif %} + -- Turn +{% if not is_transport_server %} + "turn_external"; +{% endif %} + } modules_disabled = { } @@ -86,8 +90,10 @@ report_forward_to = { "submit@reports.xmppbl.org"; } +{% if not is_transport_server %} turn_external_host = "{{ turn_server }}" turn_external_secret = "{{ turn_secret }}" +{% endif %} -- From Monal considerations for XMPP server admins smacks_hibernation_time = 86400 diff --git a/files/virtual_host.cfg.lua.j2 b/files/virtual_host.cfg.lua.j2 index afc9774..c21886b 100644 --- a/files/virtual_host.cfg.lua.j2 +++ b/files/virtual_host.cfg.lua.j2 @@ -25,12 +25,14 @@ modules_enabled = { } +{% if not is_transport_server %} site_apps_show = { "conversations"; "dino"; "gajim"; "monal"; } +{% endif %} contact_info = { abuse = { "xmpp:abuse@{{ virtual_host }}" }; diff --git a/playbook.yaml b/playbook.yaml index 4b0f4c7..4fb5ffa 100644 --- a/playbook.yaml +++ b/playbook.yaml @@ -202,7 +202,6 @@ - name: Ensure required packages are installed ansible.builtin.apt: name: - - coturn # Audio / video calling server - lua-dbi-postgresql # Prosody postgres connection - postgresql # Database - prosody # XMPP server @@ -225,6 +224,15 @@ become: true when: not is_transport_server + - name: Ensure turn-specific packages are installed + ansible.builtin.apt: + name: + - coturn # Audio / video calling server + state: present + update_cache: true + become: true + when: not is_transport_server + - name: Ensure required ports with ufw applications are open community.general.ufw: rule: allow @@ -232,7 +240,6 @@ state: enabled loop: - OpenSSH - - Turnserver - XMPP become: true @@ -246,6 +253,16 @@ become: true when: not is_transport_server + - name: Ensure turn-specific ports with ufw applications are open + community.general.ufw: + rule: allow + name: "{{ item }}" + state: enabled + loop: + - Turnserver + become: true + when: not is_transport_server + - name: Ensure other required tcp ports are open community.general.ufw: rule: allow @@ -312,6 +329,7 @@ mode: "0640" become: true notify: Restart coturn + when: not is_transport_server - name: Ensure prosody database is set up community.postgresql.postgresql_db: |