-- SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
--
-- SPDX-License-Identifier: AGPL-3.0-only

plugin_paths = { "/usr/local/lib/prosody/modules" }

modules_enabled = {
    "account_activity";
    "admin_adhoc";
    "admin_shell";
    "blocklist";
    "bookmarks";
    "bosh";
    "carbons";
    "cloud_notify";
    "component";
    "csi_battery_saver";
    "dialback";
    "disco";
    "external_services";
    "http";
    "http_libjs";
    "lastactivity";
    "limits";
    "mam";
    "mimicking";
    "pep";
    "ping";
    "private";
    "proxy65";
    "roster";
    "s2s_auth_dane_in";
    "s2s_bidi";
    "sasl2";
    "sasl2_bind2";
    "sasl2_fast";
    "sasl2_sm";
    "sasl_ssdp";
    "saslauth";
    "server_contact_info";
    "server_info";
    "smacks";
    "stanza_debug";
    "time";
    "tls";
    "turn_external";
    "uptime";
    "vcard4";
    "vcard_legacy";
    "version";
}

modules_disabled = { }

pidfile = "/run/prosody/prosody.pid";

log = {
    info = "/var/log/prosody/prosody.log";
    error = "/var/log/prosody/prosody.err";
    { levels = { "error" }; to = "syslog";  };
}

s2s_secure_auth = true
s2s_require_encryption = true
c2s_require_encryption = true
authentication = "internal_hashed"
certificates = "certs"
c2s_direct_tls_ports = { 5223 }
s2s_direct_tls_ports = { 5270 }
use_dane = true

turn_external_host = "{{ turn_server }}"
turn_external_secret = "{{ turn_secret }}"

-- From Monal considerations for XMPP server admins
smacks_hibernation_time = 86400

allow_registration = true
invite_expiry = 86400 * 365
registration_invite_only = true

firewall_scripts = {
  "module:scripts/spam-blocking.pfw";
  "module:script/spam-blocklists.pfw";
}

limits = {
    c2s = {
        rate = "10kb/s";
    };
    s2sin = {
        rate = "30kb/s";
    };
}

storage = "sql"
sql = {
    driver = "PostgreSQL";
    database = "prosody";
    username = "prosody";
    password = "{{ postgres_password }}";
}

Include "conf.d/*.cfg.lua"