X-Git-Url: https://git.ralfj.de/ansible.git/blobdiff_plain/fdf915a7edbe8a38b182b196492a1a8cecf7d169..80a1cc546b99c8380942f14d7daa594a3c4a5615:/roles/prosody/templates/prosody.cfg.lua?ds=inline diff --git a/roles/prosody/templates/prosody.cfg.lua b/roles/prosody/templates/prosody.cfg.lua index d92d82e..0fc27e2 100644 --- a/roles/prosody/templates/prosody.cfg.lua +++ b/roles/prosody/templates/prosody.cfg.lua @@ -72,7 +72,7 @@ modules_enabled = { --"websocket"; -- XMPP over WebSockets --"http_files"; -- Serve static files from a directory over HTTP - -- Other specific functionality + -- Other specific functionality --"limits"; -- Enable bandwidth limiting for XMPP connections --"groups"; -- Shared roster support --"server_contact_info"; -- Publish contact information for this service @@ -82,6 +82,7 @@ modules_enabled = { --"motd"; -- Send a message to users when they log in --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use + "external_services"; -- XEP-0215: External Service Discovery -- Community modules "smacks"; -- XEP-0198: Stream Management @@ -117,7 +118,7 @@ pidfile = "/var/run/prosody/prosody.pid" -- to use SSL/TLS, you may comment or remove this ssl = { key = "/etc/ssl/private/letsencrypt/live.key"; - certificate = "/etc/ssl/mycerts/letsencrypt/live.crt+chain"; + certificate = "/etc/ssl/mycerts/letsencrypt/live.crt"; ciphers = "ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:!3DES"; dhparam = "/etc/ssl/dh2048.pem"; } @@ -216,6 +217,22 @@ http_upload_file_size_limit = 5 * 1024 * 1024 http_upload_expire_after = 60 * 60 * 24 * 7 -- a week in seconds http_upload_quota = 50 * 1024 * 1024 +-- Set up external services +external_services = { + { + type = "stun", + transport = "udp", + host = "{{ prosody.host }}", + port = 3478 + }, { + type = "turn", + transport = "udp", + host = "{{ prosody.host }}", + port = 3478, + secret = "{{ prosody.turn.secret }}" + } +} + ----------- Virtual hosts ----------- -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. -- Settings under each VirtualHost entry apply *only* to that host.