files/prosody.cfg.lua.j2


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

-- SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
--
-- SPDX-License-Identifier: AGPL-3.0-only

plugin_paths = { "/usr/local/lib/prosody/modules" }

modules_enabled = {
    "account_activity";
    "admin_adhoc";
    "admin_shell";
    "anti_spam";
    "blocklist";
    "bookmarks";
    "bosh";
    "carbons";
    "cloud_notify";
    "csi_battery_saver";
    "dialback";
    "disco";
    "external_services";
    "http";
    "http_libjs";
    "lastactivity";
    "lastlog2";
    "limits";
    "mam";
    "measure_active_users";
    "mimicking";
    "pep";
    "ping";
    "private";
    "proxy65";
    "report_forward";
    "roster";
    "s2s_auth_dane_in";
    "s2s_bidi";
    "sasl2";
    "sasl2_bind2";
    "sasl2_fast";
    "sasl2_sm";
    "sasl_ssdp";
    "saslauth";
    "server_contact_info";
    "server_info";
    "smacks";
    "spam_reporting";
    "stanza_debug";
    "time";
    "tls";
    "turn_external";
    "uptime";
    "vcard4";
    "vcard_legacy";
    "version";
    "watch_spam_reports";
}

modules_disabled = { }

pidfile = "/run/prosody/prosody.pid";

log = {
    info = "/var/log/prosody/prosody.log";
    error = "/var/log/prosody/prosody.err";
    { levels = { "error" }; to = "syslog";  };
}

s2s_secure_auth = true
s2s_require_encryption = true
c2s_require_encryption = true
authentication = "internal_hashed"
certificates = "certs"
c2s_direct_tls_ports = { 5223 }
s2s_direct_tls_ports = { 5270 }
use_dane = true

anti_spam_services = { "xmppbl.org" }
report_forward_to = {
    "submit@reports.xmppbl.org";
}

turn_external_host = "{{ turn_server }}"
turn_external_secret = "{{ turn_secret }}"

-- From Monal considerations for XMPP server admins
smacks_hibernation_time = 86400

allow_registration = true
invite_expiry = 86400 * 365
registration_invite_only = true

firewall_scripts = {
  "module:scripts/spam-blocking.pfw";
  "module:script/spam-blocklists.pfw";
}

limits = {
    c2s = {
        rate = "10kb/s";
    };
    s2sin = {
        rate = "30kb/s";
    };
}

storage = "sql"
sql = {
    driver = "PostgreSQL";
    database = "prosody";
    username = "prosody";
    password = "{{ postgres_password }}";
}

Include "conf.d/*.cfg.lua"