letsencrypt now generates certificates that include the chain

[ansible.git] / roles / prosody / templates / prosody.cfg.lua

diff --git a/roles/prosody/templates/prosody.cfg.lua b/roles/prosody/templates/prosody.cfg.lua
index 86c444971322218c9c8d5781898646ea475c18d4..238ca7538e4bcec0bcda7bc6ebb814749a5e3a61 100644 (file)
--- a/roles/prosody/templates/prosody.cfg.lua
+++ b/roles/prosody/templates/prosody.cfg.lua
@@ -85,7 +85,7 @@ modules_enabled = {
 
     -- Community modules
         "smacks"; -- XEP-0198: Stream Management
-        "csi"; "filter_chatstates"; "throttle_presence"; -- XEP-0352: Client State Indication
+        "csi_battery_saver"; -- XEP-0352: Client State Indication
         "http_upload"; -- XEP-0363: HTTP File Upload
         "register_web"; -- what it says on the tin
 };
@@ -105,7 +105,7 @@ allow_registration = false
 -- Debian:
 --   send the server to background.
 --
-daemonize = true
+daemonize = false
 
 -- Debian:
 --   Please, don't change this option since /var/run/prosody/
@@ -117,9 +117,9 @@ pidfile = "/var/run/prosody/prosody.pid"
 -- to use SSL/TLS, you may comment or remove this
 ssl = {
        key = "/etc/ssl/private/letsencrypt/live.key";
-       certificate = "/etc/ssl/mycerts/letsencrypt/live.crt+chain";
+       certificate = "/etc/ssl/mycerts/letsencrypt/live.crt";
        ciphers = "ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:!3DES";
-       dhparam = "{{ prosody.paths.dh2048 }}";
+       dhparam = "/etc/ssl/dh2048.pem";
 }
 -- support legacy clients
 legacy_ssl_ports = { 5223 }
@@ -186,7 +186,7 @@ authentication = "internal_hashed"
 -- they are offline. This setting controls how long Prosody will keep
 -- messages in the archive before removing them.
 
-archive_expires_after = "1w" -- Remove archived messages after 1 week
+archive_expires_after = "2d" -- Remove archived messages after 2 days
 
 -- You can also configure messages to be stored in-memory only. For more
 -- archiving options, see https://prosody.im/doc/modules/mod_mam