Install prosody config file

This commit adds a prosody configuration file that can be installed on the
remote hosts. This lets me make the configuration locally, deploy it to staging
environments, and then to prod, without having to directly login to the hosts.

1 files changed, 69 insertions, 0 deletions

diff --git a/files/prosody.cfg.lua b/files/prosody.cfg.lua
new file mode 100644
index 0000000..57d307a
--- /dev/null
+++ b/files/prosody.cfg.lua
@@ -0,0 +1,69 @@
+-- SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
+--
+-- SPDX-License-Identifier: AGPL-3.0-only
+
+admins = { }
+
+plugin_paths = { "/usr/local/lib/prosody/modules" }
+
+modules_enabled = {
+    "admin_adhoc";
+    "admin_shell";
+    "blocklist";
+    "bookmarks";
+    "carbons";
+    "csi_simple";
+    "dialback";
+    "disco";
+    "invites";
+    "invites_adhoc";
+    "invites_register";
+    "limits";
+    "mam";
+    "mimicking";
+    "pep";
+    "ping";
+    "posix";
+    "private";
+    "register";
+    "roster";
+    "saslauth";
+    "smacks";
+    "time";
+    "tls";
+    "uptime";
+    "vcard4";
+    "vcard_legacy";
+    "version";
+}
+
+modules_disabled = { }
+
+pidfile = "/run/prosody/prosody.pid";
+
+log = {
+    info = "/var/log/prosody/prosody.log";
+    error = "/var/log/prosody/prosody.err";
+    { levels = { "error" }; to = "syslog";  };
+}
+
+s2s_secure_auth = true
+s2s_require_encryption = true
+c2s_require_encryption = true
+authentication = "internal_hashed"
+certificates = "certs"
+
+allow_registration = true
+
+limits = {
+    c2s = {
+        rate = "10kb/s";
+    };
+    s2sin = {
+        rate = "30kb/s";
+    };
+}
+
+archive_expires_after = "3y"
+
+Include "conf.d/*.cfg.lua"