From 09c5bd818ded489378104f523fcede23443c5092 Mon Sep 17 00:00:00 2001
From: Matthew Fennell <matthew@fennell.dev>
Date: Mon, 5 Feb 2024 11:58:12 +0000
Subject: Bulk update with all changes currently in prod

---
 files/prosody.cfg.lua         | 75 ------------------------------------
 files/prosody.cfg.lua.j2      | 90 +++++++++++++++++++++++++++++++++++++++++++
 files/turnserver.conf.j2      | 11 ++++++
 files/virtual_host.cfg.lua.j2 | 27 +++++++++++++
 4 files changed, 128 insertions(+), 75 deletions(-)
 delete mode 100644 files/prosody.cfg.lua
 create mode 100644 files/prosody.cfg.lua.j2
 create mode 100644 files/turnserver.conf.j2

(limited to 'files')

diff --git a/files/prosody.cfg.lua b/files/prosody.cfg.lua
deleted file mode 100644
index d75781a..0000000
--- a/files/prosody.cfg.lua
+++ /dev/null
@@ -1,75 +0,0 @@
--- SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
---
--- SPDX-License-Identifier: AGPL-3.0-only
-
-admins = { }
-
-plugin_paths = { "/usr/local/lib/prosody/modules" }
-
-modules_enabled = {
-    "admin_adhoc";
-    "admin_shell";
-    "blocklist";
-    "bookmarks";
-    "carbons";
-    "cloud_notify";
-    "csi_battery_saver";
-    "dialback";
-    "disco";
-    "external_services";
-    "invites";
-    "invites_adhoc";
-    "invites_register";
-    "limits";
-    "mam";
-    "mimicking";
-    "pep";
-    "ping";
-    "posix";
-    "private";
-    "proxy65";
-    "register";
-    "roster";
-    "saslauth";
-    "smacks";
-    "time";
-    "tls";
-    "uptime";
-    "vcard4";
-    "vcard_legacy";
-    "version";
-}
-
-modules_disabled = { }
-
-pidfile = "/run/prosody/prosody.pid";
-
-log = {
-    info = "/var/log/prosody/prosody.log";
-    error = "/var/log/prosody/prosody.err";
-    { levels = { "error" }; to = "syslog";  };
-}
-
-s2s_secure_auth = true
-s2s_require_encryption = true
-c2s_require_encryption = true
-authentication = "internal_hashed"
-certificates = "certs"
-
--- From Monal considerations for XMPP server admins
-smacks_hibernation_time = 86400
-
-allow_registration = true
-
-limits = {
-    c2s = {
-        rate = "10kb/s";
-    };
-    s2sin = {
-        rate = "30kb/s";
-    };
-}
-
-archive_expires_after = "10y"
-
-Include "conf.d/*.cfg.lua"
diff --git a/files/prosody.cfg.lua.j2 b/files/prosody.cfg.lua.j2
new file mode 100644
index 0000000..53d3d48
--- /dev/null
+++ b/files/prosody.cfg.lua.j2
@@ -0,0 +1,90 @@
+-- SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
+--
+-- SPDX-License-Identifier: AGPL-3.0-only
+
+admins = { }
+
+plugin_paths = { "/usr/local/lib/prosody/modules" }
+
+modules_enabled = {
+    "admin_adhoc";
+    "admin_shell";
+    "blocklist";
+    "bookmarks";
+    "carbons";
+    "cloud_notify";
+    "csi_battery_saver";
+    "dialback";
+    "disco";
+    "external_services";
+    "limits";
+    "mam";
+    "mimicking";
+    "pep";
+    "ping";
+    "posix";
+    "private";
+    "proxy65";
+    "register";
+    "register_apps";
+    "roster";
+    "saslauth";
+    "server_contact_info";
+    "smacks";
+    "time";
+    "tls";
+    "turn_external";
+    "uptime";
+    "vcard4";
+    "vcard_legacy";
+    "version";
+}
+
+modules_disabled = { }
+
+pidfile = "/run/prosody/prosody.pid";
+
+log = {
+    info = "/var/log/prosody/prosody.log";
+    error = "/var/log/prosody/prosody.err";
+    { levels = { "error" }; to = "syslog";  };
+}
+
+s2s_secure_auth = true
+s2s_require_encryption = true
+c2s_require_encryption = true
+authentication = "internal_hashed"
+certificates = "certs"
+c2s_direct_tls_ports = { 5223 }
+s2s_direct_tls_ports = { 5270 }
+
+-- From Monal considerations for XMPP server admins
+smacks_hibernation_time = 86400
+
+allow_registration = true
+site_apps_show = {
+  "conversations";
+  "dino";
+  "monal";
+}
+
+limits = {
+    c2s = {
+        rate = "10kb/s";
+    };
+    s2sin = {
+        rate = "30kb/s";
+    };
+}
+
+archive_expires_after = "10y"
+
+storage = "sql"
+sql = {
+    driver = "PostgreSQL";
+    database = "prosody";
+    username = "prosody";
+    password = "{{ postgres_password }}";
+}
+
+Include "conf.d/*.cfg.lua"
diff --git a/files/turnserver.conf.j2 b/files/turnserver.conf.j2
new file mode 100644
index 0000000..05c956c
--- /dev/null
+++ b/files/turnserver.conf.j2
@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
+#
+# SPDX-License-Identifier: AGPL-3.0-only
+
+syslog
+no-rfc5780
+no-stun-backward-compatibility
+response-origin-only-with-rfc5780
+realm=turn.{{ virtual_host }}
+use-auth-secret
+static-auth-secret={{ turn_secret }}
diff --git a/files/virtual_host.cfg.lua.j2 b/files/virtual_host.cfg.lua.j2
index 26058cb..5a6064a 100644
--- a/files/virtual_host.cfg.lua.j2
+++ b/files/virtual_host.cfg.lua.j2
@@ -4,5 +4,32 @@
 
 VirtualHost "{{ virtual_host }}"
 
+turn_external_host = "turn.{{ virtual_host }}"
+turn_external_secret = "{{ turn_secret }}"
+
+site_name = "{{ virtual_host }}"
+
 Component "upload.{{ virtual_host }}" "http_file_share"
 http_file_share_expires_after = 10 * 365 * 24 * 60 * 60
+
+Component "conference.{{ virtual_host }}" "muc"
+modules_enabled = {
+  "muc_mam";
+  "vcard_muc";
+}
+
+muc_log_expires_after = "10y"
+log_all_rooms = true
+
+restrict_room_creation = "local"
+max_history_messages = 1000
+enforce_registered_nickname = true
+
+muc_room_default_public = false
+muc_room_default_persistent = true
+muc_room_default_members_only = false
+muc_room_default_moderated = false
+muc_room_default_public_jids = true
+muc_room_default_change_subject = false
+muc_room_default_history_length = 1000
+muc_room_default_language = "en"
-- 
cgit v1.2.3