Place s2s modules behind a flag

We do not need s2s modules or config for a single-user transport oriented server. Likewise, we do not need admin or abuse contacts if s2s is disabled. No messages can escape, and it would be impossible to contact them regardless!
author: Matthew Fennell <matthew@fennell.dev> 2025-09-21 16:34:31 +0100
committer: Matthew Fennell <matthew@fennell.dev> 2025-09-21 17:57:54 +0100
commit: eaf1e70bed9fb6029800a8d8ba5b0b53b4f32929 (patch)
tree: 345a5c52e8deb50cec10b6120cf60c25b1dea238 /files/prosody.cfg.lua.j2
parent: fbb14450ea04f955aab4d1b9c4eab05d5f8707c6 (diff)
1 files changed, 17 insertions, 2 deletions
diff --git a/files/prosody.cfg.lua.j2 b/files/prosody.cfg.lua.j2
index 85ab04b..c05c730 100644
--- a/files/prosody.cfg.lua.j2
+++ b/files/prosody.cfg.lua.j2
@@ -31,8 +31,6 @@ modules_enabled = {
     "private";
     "proxy65";
     "roster";
-    "s2s_auth_dane_in";
-    "s2s_bidi";
     "sasl2";
     "sasl2_bind2";
     "sasl2_fast";
@@ -69,9 +67,20 @@ modules_enabled = {
     "watch_spam_reports";
 {% endif %}
 
+    -- S2S
+{% if not is_transport_server %}
+    "s2s_auth_dane_in";
+    "s2s_bidi";
+{% endif %}
+
 }
 
 modules_disabled = {
+
+{% if is_transport_server %}
+    "s2s";
+{% endif %}
+
 }
 
 pidfile = "/run/prosody/prosody.pid";
@@ -87,14 +96,20 @@ log = {
     };
 }
 
+{% if not is_transport_server %}
 s2s_secure_auth = true
+{% endif %}
+
 c2s_direct_tls_ports = {
     5223
 }
+
+{% if not is_transport_server %}
 s2s_direct_tls_ports = {
     5270
 }
 use_dane = true
+{% endif %}
 
 {% if not is_transport_server %}
 anti_spam_services = {
author	Matthew Fennell <matthew@fennell.dev>	2025-09-21 16:34:31 +0100
committer	Matthew Fennell <matthew@fennell.dev>	2025-09-21 17:57:54 +0100
commit	eaf1e70bed9fb6029800a8d8ba5b0b53b4f32929 (patch)
tree	345a5c52e8deb50cec10b6120cf60c25b1dea238 /files/prosody.cfg.lua.j2
parent	fbb14450ea04f955aab4d1b9c4eab05d5f8707c6 (diff)