--- /dev/null
+-- Prosody XMPP Server Configuration
+--
+-- Information on configuring Prosody can be found on our
+-- website at https://prosody.im/doc/configure
+--
+-- Tip: You can check that the syntax of this file is correct
+-- when you have finished by running this command:
+-- prosodyctl check config
+-- If there are any errors, it will let you know what and where
+-- they are, otherwise it will keep quiet.
+--
+-- Good luck, and happy Jabbering!
+
+
+---------- Server-wide settings ----------
+-- Settings in this section apply to the whole server and are the default settings
+-- for any virtual hosts
+
+-- This is a (by default, empty) list of accounts that are admins
+-- for the server. Note that you must create the accounts separately
+-- (see https://prosody.im/doc/creating_accounts for info)
+-- Example: admins = { "user1@example.com", "user2@example.net" }
+admins = {
+<% scope.lookupvar('prosody::admins').each do |admin| -%>
+ "<%= admin %>",
+<% end -%>
+}
+
+<% if scope.lookupvar('prosody::user') != '' -%>
+-- User to run prosody as
+prosody_user = "<%= scope.lookupvar('prosody::user') %>"
+<% end -%>
+<% if scope.lookupvar('prosody::group') != '' -%>
+-- Group to run prosody as
+prosody_group = "<%= scope.lookupvar('prosody::group') %>"
+<% end -%>
+
+-- Which interfaces (addresses) to listen on
+interfaces = {
+<% scope.lookupvar('prosody::interfaces').each do |interface| -%>
+ "<%= interface %>",
+<% end -%>
+}
+
+-- Enable use of libevent for better performance under high load
+-- For more information see: https://prosody.im/doc/libevent
+use_libevent = <%= scope.lookupvar('prosody::use_libevent') %>;
+
+-- This is the list of modules Prosody will load on startup.
+-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
+-- Documentation on modules can be found at: https://prosody.im/doc/modules
+modules_enabled = {
+
+ -- Base modules
+<% scope.lookupvar('prosody::modules_base').each do |mod| -%>
+ "<%= mod %>";
+<% end -%>
+
+ -- Custom modules
+<% scope.lookupvar('prosody::modules').each do |mod| -%>
+ "<%= mod %>";
+<% end -%>
+
+};
+
+<%- community_modules = scope.lookupvar('prosody::community_modules')
+ if community_modules != [] -%>
+-- Where to search for plugins/modules
+plugin_paths = {
+<%- base_path = scope.lookupvar('prosody::community_modules::path')
+ community_modules.each do |mod| -%>
+ "<%= base_path + '/mod_' + mod %>";
+<%- end -%>
+};
+<%- end -%>
+
+<%- modules_disabled = scope.lookupvar('prosody::modules_disabled')
+ if modules_disabled != [] -%>
+-- These modules are auto-loaded, but should you want
+-- to disable them then uncomment them here:
+modules_disabled = {
+<% scope.lookupvar('prosody::modules_disabled').each do |mod| -%>
+ "<%= mod %>";
+<%- end -%>
+};
+<%- end -%>
+
+-- Disable account creation by default, for security
+-- For more information see https://prosody.im/doc/creating_accounts
+allow_registration = <%= scope.lookupvar('prosody::allow_registration') %>;
+
+-- Debian:
+-- send the server to background.
+--
+daemonize = <%= scope.lookupvar('prosody::daemonize') %>;
+
+<% if scope.lookupvar('prosody::ssl_custom_config') -%>
+-- These are the SSL/TLS-related settings. If you don't want
+-- to use SSL/TLS, you may comment or remove this
+ssl = {
+ <% unless scope.lookupvar('prosody::ssl_protocol').nil? -%>
+ protocol = "<%= scope.lookupvar('prosody::ssl_protocol') %>";
+ <% end -%>
+ options = {
+ <%- scope.lookupvar('prosody::ssl_options').each do |option| -%>
+ "<%= option %>",
+ <%- end -%>
+ };
+ ciphers = "<%= scope.lookupvar('prosody::ssl_ciphers') %>";
+ curve = "<%= scope.lookupvar('prosody::ssl_curve') %>";
+ <%- dhparam = scope.lookupvar('prosody::ssl_dhparam')
+ if dhparam != '' -%>
+ dhparam = "<%= dhparam %>";
+ <%- end -%>
+ <%- ssl_key = scope.lookupvar('prosody::ssl_key')
+ if ssl_key != :undef -%>
+ key = "<%= ssl_key %>";
+ <%- end -%>
+ <%- ssl_cert = scope.lookupvar('prosody::ssl_cert')
+ if ssl_cert != :undef -%>
+ certificate = "<%= ssl_cert %>";
+ <%- end -%>
+}
+<% end -%>
+
+-- Force clients to use encrypted connections? This option will
+-- prevent clients from authenticating unless they are using encryption.
+
+c2s_require_encryption = <%= scope.lookupvar('prosody::c2s_require_encryption') %>
+
+-- Force servers to use encrypted connections?
+
+s2s_require_encryption = <%= scope.lookupvar('prosody::s2s_require_encryption') %>
+
+
+-- Force certificate authentication for server-to-server connections?
+-- This provides ideal security, but requires servers you communicate
+-- with to support encryption AND present valid, trusted certificates.
+-- NOTE: Your version of LuaSec must support certificate verification!
+-- For more information see https://prosody.im/doc/s2s#security
+
+s2s_secure_auth = <%= scope.lookupvar('prosody::s2s_secure_auth') %>
+
+-- Many servers don't support encryption or have invalid or self-signed
+-- certificates. You can list domains here that will not be required to
+-- authenticate using certificates. They will be authenticated using DNS.
+
+s2s_insecure_domains = {
+<% scope.lookupvar('prosody::s2s_insecure_domains').each do |domain| -%>
+ "<%= domain %>",
+<% end -%>
+}
+
+-- Even if you leave s2s_secure_auth disabled, you can still require valid
+-- certificates for some domains by specifying a list here.
+
+s2s_secure_domains = {
+<% scope.lookupvar('prosody::s2s_secure_domains').each do |domain| -%>
+ "<%= domain %>",
+<% end -%>
+}
+
+------ Custom config options ------
+
+<%-
+def print_recursive(object, indentation = 0)
+ case object
+ when Array
+ '{ "' + object.join('"; "') + '" }'
+ when Hash
+ "{\n" + ' ' * (indentation + 2) + object.map {|k,v| + "#{k} = " + print_recursive(v, indentation + 2)}.join(";\n" + ' ' * (indentation + 2)) + ";\n" + (' ' * indentation) + '}'
+ when TrueClass, FalseClass
+ object.to_s
+ else
+ '"' + object.to_s + '"'
+ end
+end
+-%>
+
+<% scope.lookupvar('prosody::custom_options').sort.each do |option, value| -%>
+<%= option %> = <%= print_recursive(value) %>
+<% end -%>
+
+-- Required for init scripts and prosodyctl
+pidfile = "<%= scope.lookupvar('prosody::pidfile') %>"
+
+-- Select the authentication backend to use. The 'internal' providers
+-- use Prosody's configured data storage to store the authentication data.
+-- To allow Prosody to offer secure authentication mechanisms to clients, the
+-- default provider stores passwords in plaintext. If you do not trust your
+-- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed
+-- for information about using the hashed backend.
+
+authentication = "<%= scope.lookupvar('prosody::authentication') %>"
+
+-- Select the storage backend to use. By default Prosody uses flat files
+-- in its configured data directory, but it also supports more backends
+-- through modules. An "sql" backend is included by default, but requires
+-- additional dependencies. See https://prosody.im/doc/storage for more info.
+
+<%- storage = scope.lookupvar('prosody::storage')
+ if storage != :undef
+ if storage.is_a?(String) -%>
+storage = "<%= storage %>"
+ <%- elsif storage.is_a?(Hash) -%>
+storage = {
+ <%- storage.sort.each do |type,location| -%>
+ <%= type %> = "<%= location %>";
+ <%- end -%>
+}
+ <%- end -%>
+<%- end -%>
+
+<%- sql = scope.lookupvar('prosody::sql')
+unless sql.nil? -%>
+sql = { driver = "<%= sql['driver'] %>", database = "<%= sql ['database'] %>", username = "<%= sql['username'] %>", password = "<%= sql['password'] %>", host = "<%= sql['host'] %>" }
+<%- end -%>
+
+-- Logging configuration
+-- For advanced logging see https://prosody.im/doc/logging
+log = {
+ <%= scope.lookupvar('prosody::log_level') -%> = "<%= scope.lookupvar('prosody::info_log') -%>"; -- Change 'info' to 'debug' for verbose logging
+ error = "<%= scope.lookupvar('prosody::error_log') -%>";
+<% scope.lookupvar('prosody::log_sinks').each do |sink| -%>
+ "*<%= sink %>";
+<% end -%>
+<% scope.lookupvar('prosody::log_advanced').each do |level, destination| -%>
+ { levels = { <%= level %> }; to = <%= destination %>; };
+<% end -%>
+}
+
+------ Components ------
+-- You can specify components to add hosts that provide special services,
+-- like multi-user conferences, and transports.
+-- For more information on components, see https://prosody.im/doc/components
+
+<% scope.lookupvar('prosody::components').sort.each do |name, component| %>
+Component "<%= name %>" <% if component.include?('type') then %>"<%= component['type'] %>"<% end %>
+ <%- if component.include?('secret') -%>
+ component_secret = "<%= component['secret'] %>"
+ <%- end -%>
+ <%- if component.include?('options') -%>
+ <%- component['options'].sort.each do |k, v| -%>
+ <%- if ( v.is_a? Array ) -%>
+ <%= k %> = { "<%= v.join('", "') %>" };
+ <%- else -%>
+ <%= k %> = <%= v %>;
+ <%- end -%>
+ <%- end -%>
+ <%- end -%>
+<% end -%>
+
+------ Additional config files ------
+-- For organizational purposes you may prefer to add VirtualHost and
+-- Component definitions in their own config files. This line includes
+-- all config files in /etc/prosody/conf.d/
+
+Include "conf.d/*.cfg.lua"
projects / mirror / dsa-puppet.git / blobdiff