X-Git-Url: https://git.ralfj.de/ansible.git/blobdiff_plain/a7dc7d2358f720bc87db3a9a82738d04cddded89..c25c1262b872581c73ee985a11cf3a1b877761d4:/roles/prosody/templates/prosody.cfg.lua diff --git a/roles/prosody/templates/prosody.cfg.lua b/roles/prosody/templates/prosody.cfg.lua index 86c4449..0fc27e2 100644 --- a/roles/prosody/templates/prosody.cfg.lua +++ b/roles/prosody/templates/prosody.cfg.lua @@ -72,7 +72,7 @@ modules_enabled = { --"websocket"; -- XMPP over WebSockets --"http_files"; -- Serve static files from a directory over HTTP - -- Other specific functionality + -- Other specific functionality --"limits"; -- Enable bandwidth limiting for XMPP connections --"groups"; -- Shared roster support --"server_contact_info"; -- Publish contact information for this service @@ -82,10 +82,11 @@ modules_enabled = { --"motd"; -- Send a message to users when they log in --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use + "external_services"; -- XEP-0215: External Service Discovery -- Community modules "smacks"; -- XEP-0198: Stream Management - "csi"; "filter_chatstates"; "throttle_presence"; -- XEP-0352: Client State Indication + "csi_battery_saver"; -- XEP-0352: Client State Indication "http_upload"; -- XEP-0363: HTTP File Upload "register_web"; -- what it says on the tin }; @@ -105,7 +106,7 @@ allow_registration = false -- Debian: -- send the server to background. -- -daemonize = true +daemonize = false -- Debian: -- Please, don't change this option since /var/run/prosody/ @@ -117,9 +118,9 @@ pidfile = "/var/run/prosody/prosody.pid" -- to use SSL/TLS, you may comment or remove this ssl = { key = "/etc/ssl/private/letsencrypt/live.key"; - certificate = "/etc/ssl/mycerts/letsencrypt/live.crt+chain"; + certificate = "/etc/ssl/mycerts/letsencrypt/live.crt"; ciphers = "ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:!3DES"; - dhparam = "{{ prosody.paths.dh2048 }}"; + dhparam = "/etc/ssl/dh2048.pem"; } -- support legacy clients legacy_ssl_ports = { 5223 } @@ -186,7 +187,7 @@ authentication = "internal_hashed" -- they are offline. This setting controls how long Prosody will keep -- messages in the archive before removing them. -archive_expires_after = "1w" -- Remove archived messages after 1 week +archive_expires_after = "2d" -- Remove archived messages after 2 days -- You can also configure messages to be stored in-memory only. For more -- archiving options, see https://prosody.im/doc/modules/mod_mam @@ -216,6 +217,22 @@ http_upload_file_size_limit = 5 * 1024 * 1024 http_upload_expire_after = 60 * 60 * 24 * 7 -- a week in seconds http_upload_quota = 50 * 1024 * 1024 +-- Set up external services +external_services = { + { + type = "stun", + transport = "udp", + host = "{{ prosody.host }}", + port = 3478 + }, { + type = "turn", + transport = "udp", + host = "{{ prosody.host }}", + port = 3478, + secret = "{{ prosody.turn.secret }}" + } +} + ----------- Virtual hosts ----------- -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. -- Settings under each VirtualHost entry apply *only* to that host.