From 14465fc9602ec96fc9d4e48bc0120e75415e1e26 Mon Sep 17 00:00:00 2001 From: Matthew Fennell Date: Sun, 7 Jan 2024 12:28:15 +0000 Subject: Install prosody config file This commit adds a prosody configuration file that can be installed on the remote hosts. This lets me make the configuration locally, deploy it to staging environments, and then to prod, without having to directly login to the hosts. --- README.md | 3 +++ files/prosody.cfg.lua | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++ playbook.yaml | 14 +++++++++++ 3 files changed, 86 insertions(+) create mode 100644 files/prosody.cfg.lua diff --git a/README.md b/README.md index 4547009..ffc6c3d 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,9 @@ This playbook is for creating an XMPP server using prosody. I use this playbook for my own purposes; it will likely not generalise to other deployments. +For instance, it is only tested with Debian Stable running on both the control +and managed nodes. + ## Quickstart ### Managed node initial setup diff --git a/files/prosody.cfg.lua b/files/prosody.cfg.lua new file mode 100644 index 0000000..57d307a --- /dev/null +++ b/files/prosody.cfg.lua @@ -0,0 +1,69 @@ +-- SPDX-FileCopyrightText: 2024 Matthew Fennell +-- +-- SPDX-License-Identifier: AGPL-3.0-only + +admins = { } + +plugin_paths = { "/usr/local/lib/prosody/modules" } + +modules_enabled = { + "admin_adhoc"; + "admin_shell"; + "blocklist"; + "bookmarks"; + "carbons"; + "csi_simple"; + "dialback"; + "disco"; + "invites"; + "invites_adhoc"; + "invites_register"; + "limits"; + "mam"; + "mimicking"; + "pep"; + "ping"; + "posix"; + "private"; + "register"; + "roster"; + "saslauth"; + "smacks"; + "time"; + "tls"; + "uptime"; + "vcard4"; + "vcard_legacy"; + "version"; +} + +modules_disabled = { } + +pidfile = "/run/prosody/prosody.pid"; + +log = { + info = "/var/log/prosody/prosody.log"; + error = "/var/log/prosody/prosody.err"; + { levels = { "error" }; to = "syslog"; }; +} + +s2s_secure_auth = true +s2s_require_encryption = true +c2s_require_encryption = true +authentication = "internal_hashed" +certificates = "certs" + +allow_registration = true + +limits = { + c2s = { + rate = "10kb/s"; + }; + s2sin = { + rate = "30kb/s"; + }; +} + +archive_expires_after = "3y" + +Include "conf.d/*.cfg.lua" diff --git a/playbook.yaml b/playbook.yaml index 503d3ae..b396d21 100644 --- a/playbook.yaml +++ b/playbook.yaml @@ -26,3 +26,17 @@ - WWW - XMPP become: true + - name: Ensure prosody is configured + ansible.builtin.copy: + src: "{{ playbook_dir }}/files/prosody.cfg.lua" + dest: /etc/prosody/prosody.cfg.lua + owner: root + group: root + mode: "0640" + become: true + - name: Ensure prosody config is reloaded + ansible.builtin.service: + name: prosody + enabled: true + state: reloaded + become: true -- cgit v1.2.3