diff options
| -rw-r--r-- | README.md | 3 | ||||
| -rw-r--r-- | files/prosody.cfg.lua | 69 | ||||
| -rw-r--r-- | playbook.yaml | 14 |
3 files changed, 86 insertions, 0 deletions
@@ -11,6 +11,9 @@ This playbook is for creating an XMPP server using prosody. I use this playbook for my own purposes; it will likely not generalise to other deployments. +For instance, it is only tested with Debian Stable running on both the control +and managed nodes. + ## Quickstart ### Managed node initial setup diff --git a/files/prosody.cfg.lua b/files/prosody.cfg.lua new file mode 100644 index 0000000..57d307a --- /dev/null +++ b/files/prosody.cfg.lua @@ -0,0 +1,69 @@ +-- SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev> +-- +-- SPDX-License-Identifier: AGPL-3.0-only + +admins = { } + +plugin_paths = { "/usr/local/lib/prosody/modules" } + +modules_enabled = { + "admin_adhoc"; + "admin_shell"; + "blocklist"; + "bookmarks"; + "carbons"; + "csi_simple"; + "dialback"; + "disco"; + "invites"; + "invites_adhoc"; + "invites_register"; + "limits"; + "mam"; + "mimicking"; + "pep"; + "ping"; + "posix"; + "private"; + "register"; + "roster"; + "saslauth"; + "smacks"; + "time"; + "tls"; + "uptime"; + "vcard4"; + "vcard_legacy"; + "version"; +} + +modules_disabled = { } + +pidfile = "/run/prosody/prosody.pid"; + +log = { + info = "/var/log/prosody/prosody.log"; + error = "/var/log/prosody/prosody.err"; + { levels = { "error" }; to = "syslog"; }; +} + +s2s_secure_auth = true +s2s_require_encryption = true +c2s_require_encryption = true +authentication = "internal_hashed" +certificates = "certs" + +allow_registration = true + +limits = { + c2s = { + rate = "10kb/s"; + }; + s2sin = { + rate = "30kb/s"; + }; +} + +archive_expires_after = "3y" + +Include "conf.d/*.cfg.lua" diff --git a/playbook.yaml b/playbook.yaml index 503d3ae..b396d21 100644 --- a/playbook.yaml +++ b/playbook.yaml @@ -26,3 +26,17 @@ - WWW - XMPP become: true + - name: Ensure prosody is configured + ansible.builtin.copy: + src: "{{ playbook_dir }}/files/prosody.cfg.lua" + dest: /etc/prosody/prosody.cfg.lua + owner: root + group: root + mode: "0640" + become: true + - name: Ensure prosody config is reloaded + ansible.builtin.service: + name: prosody + enabled: true + state: reloaded + become: true |