X-Git-Url: https://git.ralfj.de/ansible.git/blobdiff_plain/b55ddd98e08a5196b0d60d1b69e0f6ecd9fdf9ff..7b4085e4007a14c733f77dc275cece83a4e26d7c:/roles/prosody/templates/prosody.cfg.lua?ds=inline diff --git a/roles/prosody/templates/prosody.cfg.lua b/roles/prosody/templates/prosody.cfg.lua index 4f99029..0fc27e2 100644 --- a/roles/prosody/templates/prosody.cfg.lua +++ b/roles/prosody/templates/prosody.cfg.lua @@ -72,7 +72,7 @@ modules_enabled = { --"websocket"; -- XMPP over WebSockets --"http_files"; -- Serve static files from a directory over HTTP - -- Other specific functionality + -- Other specific functionality --"limits"; -- Enable bandwidth limiting for XMPP connections --"groups"; -- Shared roster support --"server_contact_info"; -- Publish contact information for this service @@ -82,10 +82,11 @@ modules_enabled = { --"motd"; -- Send a message to users when they log in --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use + "external_services"; -- XEP-0215: External Service Discovery -- Community modules "smacks"; -- XEP-0198: Stream Management - "csi"; "filter_chatstates"; "throttle_presence"; -- XEP-0352: Client State Indication + "csi_battery_saver"; -- XEP-0352: Client State Indication "http_upload"; -- XEP-0363: HTTP File Upload "register_web"; -- what it says on the tin }; @@ -105,7 +106,7 @@ allow_registration = false -- Debian: -- send the server to background. -- -daemonize = true +daemonize = false -- Debian: -- Please, don't change this option since /var/run/prosody/ @@ -117,9 +118,9 @@ pidfile = "/var/run/prosody/prosody.pid" -- to use SSL/TLS, you may comment or remove this ssl = { key = "/etc/ssl/private/letsencrypt/live.key"; - certificate = "/etc/ssl/mycerts/letsencrypt/live.crt+chain"; + certificate = "/etc/ssl/mycerts/letsencrypt/live.crt"; ciphers = "ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:!3DES"; - dhparam = "{{ prosody.paths.dh2048 }}"; + dhparam = "/etc/ssl/dh2048.pem"; } -- support legacy clients legacy_ssl_ports = { 5223 } @@ -216,6 +217,22 @@ http_upload_file_size_limit = 5 * 1024 * 1024 http_upload_expire_after = 60 * 60 * 24 * 7 -- a week in seconds http_upload_quota = 50 * 1024 * 1024 +-- Set up external services +external_services = { + { + type = "stun", + transport = "udp", + host = "{{ prosody.host }}", + port = 3478 + }, { + type = "turn", + transport = "udp", + host = "{{ prosody.host }}", + port = 3478, + secret = "{{ prosody.turn.secret }}" + } +} + ----------- Virtual hosts ----------- -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. -- Settings under each VirtualHost entry apply *only* to that host.