mod 'puppetlabs/certregen', '0.2.0'
+# Prosody
+mod 'mayflower-prosody',
+ git: 'https://github.com/mayflower/puppet-prosody.git',
+ ref: '863bb4ee0cd3369ad69a211042b4c5f7d66f4444'
+
# OpenStack
-mod 'duritong/sysctl', '0.0.11'
+mod 'duritong/sysctl', '0.0.11'
--- /dev/null
+---
+fixtures:
+ repositories:
+ stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib.git"
+ symlinks:
+ prosody: "#{source_dir}"
--- /dev/null
+.idea
+.rvmrc
+.bundle
+Gemfile.lock
+pkg
+vendor
+coverage/*
+spec/fixtures/*
--- /dev/null
+---
+AllCops:
+ Exclude:
+ - 'spec/fixtures/**/*'
+Metrics/BlockLength: {Enabled: false}
+Metrics/LineLength: {Enabled: true, Max: 180}
+Style/FormatStringToken: {Enabled: false}
--- /dev/null
+---
+language: ruby
+script: "bundle exec rake validate lint spec"
+matrix:
+ include:
+ - env: PUPPET_VERSION=5.5.10
+ rvm: 2.4.1
+ - env: PUPPET_VERSION=6.2.0
+ rvm: 2.5.1
--- /dev/null
+source ENV['GEM_SOURCE'] || 'https://rubygems.org'
+
+group :development, :test do
+ gem 'metadata-json-lint'
+ gem 'puppet-blacksmith', '>= 3.1.0'
+ gem 'puppet-lint', '>= 2'
+ gem 'puppet-lint-absolute_classname-check'
+ gem 'puppet-lint-empty_string-check'
+ gem 'puppet-lint-file_ensure-check'
+ gem 'puppet-lint-leading_zero-check'
+ gem 'puppet-lint-spaceship_operator_without_tag-check'
+ gem 'puppet-lint-trailing_comma-check'
+ gem 'puppet-lint-undef_in_function-check'
+ gem 'puppet-lint-unquoted_string-check'
+ gem 'puppet-lint-variable_contains_upcase'
+ gem 'puppetlabs_spec_helper'
+ gem 'rake'
+ gem 'rspec'
+ gem 'rspec-puppet'
+ gem 'semantic_puppet'
+ gem 'simplecov'
+end
+
+if ENV['FACTER_VERSION']
+ gem 'facter', ENV['FACTER_VERSION']
+else
+ gem 'facter' # rubocop:disable Bundler/DuplicatedGem
+end
+
+if ENV['PUPPET_VERSION']
+ gem 'puppet', ENV['PUPPET_VERSION']
+else
+ gem 'puppet' # rubocop:disable Bundler/DuplicatedGem
+end
--- /dev/null
+
+
+[](https://travis-ci.org/mayflower/puppet-prosody)
+
+Puppet module for the [Prosody](http://prosody.im/) Jabber/XMPP server.
+
+This module is a fork of rtyler/puppet-prosody because the upstream is dead. A
+bunch of features were added and bugs were fixed.
+
+If you want to use Prosody in a production environment, this is the Puppet
+module to use.
+
+## Using
+
+**Note:** This module has currently been tested on CentOS 7, Ubuntu and OpenBSD.
+
+```puppet
+node myserver {
+
+ class { 'prosody':
+ user => 'prosody',
+ group => 'prosody',
+ community_modules => ['mod_auth_ldap'],
+ authentication => 'ldap',
+ custom_options => {
+ 'ldap_base' => 'OU="accounts",DC="mydomain",DC="com"',
+ 'ldap_server' => 'ldapserver1:636 ldapserver2:636',
+ 'ldap_rootdn' => 'DN="prosody",OU="accounts",DC="mydomain",DC="com"',
+ 'ldap_password' => hiera(prosody-ldap-password),
+ 'ldap_scope' => 'subtree',
+ 'ldap_tls' => 'true',
+ },
+ }
+
+ prosody::virtualhost {
+ 'mydomain.com' :
+ ensure => present,
+ ssl_key => '/etc/ssl/key/mydomain.com.key',
+ ssl_cert => '/etc/ssl/crt/mydomain.com.crt',
+ }
+
+ prosody::user { 'foo':
+ host => 'mydomain.com',
+ pass => 'itsasecret',
+ }
+}
+```
+
+## Support
+
+Please file bugs and enhancement requests in the [GitHub issue tracker](https://github.com/mayflower/puppet-prosody/issues)
--- /dev/null
+require 'puppetlabs_spec_helper/rake_tasks'
+require 'puppet-lint/tasks/puppet-lint'
+
+PuppetLint.configuration.ignore_paths = ['spec/**/*.pp', 'tests/**/*.pp', 'pkg/**/*.pp', 'vendor/**/*.pp']
+PuppetLint.configuration.log_format = '%{path}:%{line}:%{KIND}: %{message}'
+
+desc 'Validate manifests, templates, and ruby files'
+task :validate do
+ Dir['manifests/**/*.pp'].each do |manifest|
+ sh "puppet parser validate --noop #{manifest}"
+ end
+ Dir['spec/**/*.rb', 'lib/**/*.rb'].each do |ruby_file|
+ sh "ruby -c #{ruby_file}" unless ruby_file =~ %r{/spec\/fixtures/}
+ end
+ Dir['templates/**/*.erb'].each do |template|
+ sh "erb -P -x -T '-' #{template} | ruby -c"
+ end
+end
+
+# blacksmith is broken with ruby 1.8.7
+if Gem::Version.new(RUBY_VERSION) > Gem::Version.new('1.8.7')
+ # blacksmith isn't always present, e.g. on Travis with --without development
+ begin
+ require 'puppet_blacksmith/rake_tasks'
+ Blacksmith::RakeTask.new do |t|
+ t.tag_pattern = '%s'
+ end
+ rescue LoadError => e
+ warn(e)
+ end
+end
--- /dev/null
+---
+prosody::admins: []
+prosody::allow_registration: false
+prosody::authentication: internal_plain
+prosody::c2s_require_encryption: true
+prosody::community_modules: []
+prosody::components: {}
+prosody::custom_options: {}
+prosody::daemonize: true
+prosody::error_log: /var/log/prosody/prosody.err
+prosody::group: prosody
+prosody::info_log: /var/log/prosody/prosody.log
+prosody::interfaces:
+ - '0.0.0.0'
+ - '::'
+prosody::log_level: info
+prosody::log_sinks:
+ - syslog
+prosody::log_advanced: {}
+prosody::modules: []
+prosody::modules_base:
+ - admin_adhoc
+ - dialback
+ - disco
+ - pep
+ - ping
+ - posix
+ - private
+ - roster
+ - saslauth
+ - time
+ - tls
+ - uptime
+ - vcard
+ - version
+prosody::modules_disabled: []
+prosody::package_ensure: present
+prosody::package_name: prosody
+prosody::pidfile: /var/run/prosody/prosody.pid
+prosody::s2s_insecure_domains: []
+prosody::s2s_require_encryption: true
+prosody::s2s_secure_auth: true
+prosody::s2s_secure_domains: []
+prosody::ssl_ciphers: 'DH+AES:ECDH+AES:+ECDH+SHA:AES:!PSK:!SRP:!DSS:!ADH:!AECDH'
+prosody::ssl_curve: secp521r1
+prosody::ssl_custom_config: true
+prosody::ssl_dhparam: ''
+prosody::ssl_options:
+ - cipher_server_preference
+ - no_compression
+ - no_sslv2
+ - no_sslv3
+ - no_ticket
+ - single_dh_use
+ - single_ecdh_use
+prosody::storage: internal
+prosody::use_libevent: true
+prosody::user: prosody
+prosody::virtualhost_defaults: {}
+prosody::virtualhosts: {}
+
+prosody::community_modules::ensure: present
+prosody::community_modules::path: /var/lib/prosody/modules
+prosody::community_modules::source: https://hg.prosody.im/prosody-modules/
+prosody::community_modules::type: hg
--- /dev/null
+---
+version: 5
+hierarchy:
+ - name: common
+ path: common.yaml
--- /dev/null
+# == Class: prosody::community_modules
+class prosody::community_modules(
+ Enum[present, latest] $ensure,
+ Stdlib::Absolutepath $path,
+ String $source,
+ Prosody::Moduletype $type,
+ Optional[String] $revision = undef,
+) {
+ case $type {
+ 'hg': { $_packages = ['mercurial'] }
+ 'git': { $_packages = ['git'] }
+ default: { $_packages = [] }
+ }
+ ensure_packages($_packages)
+ -> vcsrepo { $path:
+ ensure => $ensure,
+ provider => $type,
+ source => $source,
+ revision => $revision,
+ }
+}
--- /dev/null
+# == Class: prosody::config
+class prosody::config {
+ file { '/etc/prosody/conf.avail':
+ ensure => directory,
+ }
+
+ file { '/etc/prosody/conf.d':
+ ensure => directory,
+ }
+
+ file { '/etc/prosody/prosody.cfg.lua':
+ content => template('prosody/prosody.cfg.erb'),
+ require => Class['::prosody::package'],
+ notify => Class['::prosody::service'],
+ }
+}
--- /dev/null
+# == Class: prosody
+class prosody(
+ Array[String] $admins,
+ Boolean $allow_registration,
+ Prosody::Authentication $authentication,
+ Boolean $c2s_require_encryption,
+ Array[String] $community_modules,
+ Hash $components,
+ Hash $custom_options,
+ Boolean $daemonize,
+ Stdlib::Absolutepath $error_log,
+ String $group,
+ Stdlib::Absolutepath $info_log,
+ Array[Stdlib::IP::Address] $interfaces,
+ Prosody::Loglevel $log_level,
+ Array[String] $log_sinks,
+ Hash[Optional[Prosody::Loglevel], Data] $log_advanced,
+ Array[String] $modules,
+ Array[String] $modules_base,
+ Array[String] $modules_disabled,
+ Prosody::Packageensure $package_ensure,
+ String $package_name,
+ Stdlib::Absolutepath $pidfile,
+ Array[Stdlib::Fqdn] $s2s_insecure_domains,
+ Boolean $s2s_require_encryption,
+ Boolean $s2s_secure_auth,
+ Array[Stdlib::Fqdn] $s2s_secure_domains,
+ String $ssl_ciphers,
+ String $ssl_curve,
+ Boolean $ssl_custom_config,
+ String $ssl_dhparam,
+ Array[String] $ssl_options,
+ Prosody::Storage $storage,
+ Boolean $use_libevent,
+ String $user,
+ Hash $virtualhost_defaults,
+ Hash $virtualhosts,
+ Optional[Hash] $sql = undef,
+ Optional[Stdlib::Absolutepath] $ssl_cert = undef,
+ Optional[Stdlib::Absolutepath] $ssl_key = undef,
+ Optional[String] $ssl_protocol = undef,
+) {
+ if ($community_modules != []) {
+ class { '::prosody::community_modules':
+ require => Class['::prosody::package'],
+ before => Class['::prosody::config'],
+ }
+ }
+
+ anchor { 'prosody::begin': }
+ -> class { '::prosody::package': }
+ -> class { '::prosody::config': }
+ -> class { '::prosody::service': }
+ -> anchor { '::prosody::end': }
+
+ # create virtualhost resources via hiera
+ create_resources('prosody::virtualhost', $virtualhosts, $virtualhost_defaults)
+}
--- /dev/null
+# == Class: prosody::package
+class prosody::package {
+ package { $::prosody::package_name:
+ ensure => $::prosody::package_ensure,
+ }
+}
--- /dev/null
+# == Class: prosody::service
+class prosody::service {
+ if $::prosody::daemonize {
+ case $::osfamily {
+ 'OpenBSD': {
+ service { 'prosody':
+ ensure => running,
+ enable => true,
+ require => Class[prosody::config],
+ }
+ }
+ default: {
+ service { 'prosody' :
+ ensure => running,
+ hasstatus => false,
+ restart => '/usr/bin/prosodyctl reload',
+ require => Class[prosody::config],
+ }
+ }
+ }
+ }
+}
--- /dev/null
+# == Define: prosody::user
+define prosody::user(
+ String $pass,
+ Prosody::Host $host = 'localhost',
+) {
+ $dir = regsubst($host, '\.', '%2e', 'G')
+
+ ensure_resource('file', "/var/lib/prosody/${dir}", {
+ ensure => 'directory',
+ owner => 'prosody',
+ group => 'prosody',
+ })
+
+ ensure_resource('file', "/var/lib/prosody/${dir}/accounts", {
+ ensure => 'directory',
+ owner => 'prosody',
+ group => 'prosody',
+ require => File["/var/lib/prosody/${dir}"],
+ })
+
+ $_content = "
+return {
+ [\"password\"] = \"${pass}\";
+};
+"
+ file {"/var/lib/prosody/${dir}/accounts/${name}.dat":
+ owner => 'prosody',
+ group => 'prosody',
+ mode => '0640',
+ content => $_content,
+ require => File["/var/lib/prosody/${dir}/accounts"],
+ }
+}
--- /dev/null
+# == Type: prosody::virtualhost
+define prosody::virtualhost(
+ Hash $custom_options = {},
+ Enum[present, absent] $ensure = present,
+ Optional[Stdlib::Absolutepath] $ssl_key = undef,
+ Optional[Stdlib::Absolutepath] $ssl_cert = undef,
+ Boolean $ssl_copy = true,
+ Optional[String] $user = undef,
+ Optional[String] $group = undef,
+ Hash $components = {},
+) {
+ # Check if SSL set correctly
+ if (($ssl_key != undef) and ($ssl_cert == undef)) {
+ fail('The prosody::virtualhost type needs both ssl_key *and* ssl_cert set')
+ }
+ if (($ssl_key == undef) and ($ssl_cert != undef)) {
+ fail('The prosody::virtualhost type needs both ssl_key *and* ssl_cert set')
+ }
+
+ if (($ssl_key != undef) and ($ssl_cert != undef) and ($ssl_copy == true)) {
+ # Copy the provided sources to prosody certs folder
+ $prosody_ssl_key = "/etc/prosody/certs/${name}.key"
+ $prosody_ssl_cert = "/etc/prosody/certs/${name}.crt"
+
+ $file_user = pick_default($user, 'prosody')
+ $file_group = pick_default($group, 'prosody')
+
+ file {
+ $prosody_ssl_key:
+ source => $ssl_key,
+ links => follow,
+ mode => '0640',
+ owner => $file_user,
+ group => $file_group;
+ $prosody_ssl_cert:
+ source => $ssl_cert,
+ links => follow,
+ mode => '0644',
+ owner => $file_user,
+ group => $file_group;
+ }
+
+ $config_requires = [File[$prosody_ssl_key], File[$prosody_ssl_cert], Class['::prosody::package']]
+ }
+
+ elsif (($ssl_key != undef) and ($ssl_cert != undef) and ($ssl_copy == false)) {
+ $prosody_ssl_key = $ssl_key
+ $prosody_ssl_cert = $ssl_cert
+ }
+
+ else {
+ $config_requires = Class['::prosody::package']
+ }
+
+ $conf_avail_fn = "/etc/prosody/conf.avail/${name}.cfg.lua"
+
+ file { $conf_avail_fn:
+ ensure => $ensure,
+ require => $config_requires,
+ content => template('prosody/virtualhost.cfg.erb'),
+ notify => Class['::prosody::service'],
+ }
+
+ $cfg_ensure = $ensure ? {
+ 'present' => link,
+ 'absent' => absent,
+ }
+
+ file { "/etc/prosody/conf.d/${name}.cfg.lua":
+ ensure => $cfg_ensure,
+ target => $conf_avail_fn,
+ notify => Class['::prosody::service'],
+ require => File[$conf_avail_fn];
+ }
+}
--- /dev/null
+{
+ "name": "mayflower-prosody",
+ "version": "0.4.1",
+ "author": "Franz Pletz",
+ "summary": "Simple Puppet module for managing the Prosody Jabber/XMPP server",
+ "license": "Apache-2.0",
+ "source": "https://github.com/mayflower/puppet-prosody",
+ "issues_url": "https://github.com/mayflower/puppet-prosody/issues",
+ "description": "This module supports most configuration options and installing community modules",
+ "dependencies": [
+ {
+ "name": "puppetlabs/stdlib",
+ "version_requirement": ">= 4.25.0"
+ },
+ {
+ "name": "puppetlabs/vcsrepo",
+ "version_requirement": ">= 1.0.0 < 3.0.0"
+ }
+ ],
+ "requirements": [
+ {
+ "name": "puppet",
+ "version_requirement": ">= 5.5.10 < 7"
+ }
+ ]
+}
--- /dev/null
+require 'spec_helper'
+
+describe 'prosody' do
+ let(:facts) do
+ { osfamily: 'SomeOS' }
+ end
+ context 'on every platform' do
+ it { should contain_class 'prosody::package' }
+ it { should contain_class 'prosody::config' }
+ it { should contain_class 'prosody::service' }
+
+ it { should contain_package('prosody').with(ensure: 'present') }
+ end
+
+ context 'with daemonize => true' do
+ let(:params) { { daemonize: true } }
+ it {
+ should contain_service('prosody').with(
+ ensure: 'running'
+ )
+ }
+ end
+
+ context 'with daemonize => false' do
+ let(:params) { { daemonize: false } }
+ it {
+ should_not contain_service('prosody').with(
+ ensure: 'running'
+ )
+ }
+ end
+
+ context 'with custom options' do
+ let(:params) { { custom_options: { 'foo' => 'bar', 'baz' => 'quux' } } }
+ it {
+ should contain_file('/etc/prosody/prosody.cfg.lua') \
+ .with_content(/^foo = "bar"$/, /^baz = "quux"$/)
+ }
+ end
+
+ context 'with deeply nested custom options' do
+ let(:params) { { custom_options: { 'foo' => { 'fnord' => '23', 'xyzzy' => '42' }, 'bar' => %w[cool elements], 'baz' => 'quux' } } }
+ it {
+ should contain_file('/etc/prosody/prosody.cfg.lua') \
+ .with_content(/^foo = {\n fnord = "23";\n xyzzy = "42";\n}$/, /^baz = "quux"$/, /^bar = [ "cool"; "elements" ]$/)
+ }
+ end
+end
--- /dev/null
+require 'spec_helper'
+require 'erb'
+
+describe 'prosody::virtualhost' do
+ let(:pre_condition) do
+ 'include ::prosody'
+ end
+ let(:facts) do
+ {
+ osfamily: 'SomeOS'
+ }
+ end
+ let(:title) { 'mockvirtualhost' }
+
+ before :each do
+ @path_avail = "/etc/prosody/conf.avail/#{title}.cfg.lua"
+ @path_link = "/etc/prosody/conf.d/#{title}.cfg.lua"
+ end
+
+ context 'with no parameters' do
+ it {
+ should contain_file(@path_avail).with(
+ ensure: 'present'
+ )
+ }
+
+ it {
+ should contain_file(@path_link).with(
+ ensure: 'link',
+ target: @path_avail,
+ require: "File[#{@path_avail}]"
+ )
+ }
+ end
+
+ context 'with ssl_key but no ssl_cert' do
+ let(:params) { { ssl_key: 'bananas' } }
+ it {
+ expect do
+ should contain_class('prosody')
+ end.to raise_error(Puppet::Error)
+ }
+ end
+
+ context 'with ssl_cert but no ssl_key' do
+ let(:params) { { ssl_cert: 'bananas' } }
+ it {
+ expect do
+ should contain_class('prosody')
+ end.to raise_error(Puppet::Error)
+ }
+ end
+
+ context 'with ssl keys and certs' do
+ let(:ssl_key) { '/etc/prosody/certs/rspec-puppet.com.key' }
+ let(:ssl_cert) { '/etc/prosody/certs/rspec-puppet.com.crt' }
+ let(:params) { { ssl_key: ssl_key, ssl_cert: ssl_cert } }
+
+ before :each do
+ @ssl_key = ssl_key
+ @ssl_cert = ssl_cert
+ end
+
+ it {
+ # This require statment is bananas
+ should contain_file(@path_avail).with(
+ ensure: 'present',
+ require: ['File[/etc/prosody/certs/mockvirtualhost.key]', 'File[/etc/prosody/certs/mockvirtualhost.crt]', 'Class[Prosody::Package]']
+ )
+
+ should contain_file('/etc/prosody/certs/mockvirtualhost.key').with_source(@ssl_key)
+ should contain_file('/etc/prosody/certs/mockvirtualhost.crt').with_source(@ssl_cert)
+ }
+ end
+
+ context 'ensure => absent' do
+ let(:params) { { ensure: 'absent' } }
+ it {
+ @ensure = 'absent'
+ should contain_file(@path_avail).with(
+ ensure: @ensure
+ )
+ }
+
+ it {
+ should contain_file(@path_link).with_ensure('absent')
+ }
+ end
+
+ context 'with custom options' do
+ let(:params) { { custom_options: { 'foo' => 'bar', 'baz' => 'quux' } } }
+ it {
+ should contain_file(@path_avail) \
+ .with_content(/^foo = "bar"$/, /^baz = "quux"$/)
+ }
+ end
+
+ context 'with deeply nested custom options' do
+ let(:params) { { custom_options: { 'foo' => { 'fnord' => '23', 'xyzzy' => '42' }, 'bar' => %w[cool elements], 'baz' => 'quux' } } }
+ it {
+ should contain_file(@path_avail) \
+ .with_content(/^foo = {\n fnord = "23";\n xyzzy = "42";\n}$/, /^baz = "quux"$/, /^bar = [ "cool"; "elements" ]$/)
+ }
+ end
+end
--- /dev/null
+require 'puppetlabs_spec_helper/module_spec_helper'
+require 'simplecov'
+
+SimpleCov.start do
+ add_filter '/spec/'
+end
--- /dev/null
+-- Prosody XMPP Server Configuration
+--
+-- Information on configuring Prosody can be found on our
+-- website at https://prosody.im/doc/configure
+--
+-- Tip: You can check that the syntax of this file is correct
+-- when you have finished by running this command:
+-- prosodyctl check config
+-- If there are any errors, it will let you know what and where
+-- they are, otherwise it will keep quiet.
+--
+-- Good luck, and happy Jabbering!
+
+
+---------- Server-wide settings ----------
+-- Settings in this section apply to the whole server and are the default settings
+-- for any virtual hosts
+
+-- This is a (by default, empty) list of accounts that are admins
+-- for the server. Note that you must create the accounts separately
+-- (see https://prosody.im/doc/creating_accounts for info)
+-- Example: admins = { "user1@example.com", "user2@example.net" }
+admins = {
+<% scope.lookupvar('prosody::admins').each do |admin| -%>
+ "<%= admin %>",
+<% end -%>
+}
+
+<% if scope.lookupvar('prosody::user') != '' -%>
+-- User to run prosody as
+prosody_user = "<%= scope.lookupvar('prosody::user') %>"
+<% end -%>
+<% if scope.lookupvar('prosody::group') != '' -%>
+-- Group to run prosody as
+prosody_group = "<%= scope.lookupvar('prosody::group') %>"
+<% end -%>
+
+-- Which interfaces (addresses) to listen on
+interfaces = {
+<% scope.lookupvar('prosody::interfaces').each do |interface| -%>
+ "<%= interface %>",
+<% end -%>
+}
+
+-- Enable use of libevent for better performance under high load
+-- For more information see: https://prosody.im/doc/libevent
+use_libevent = <%= scope.lookupvar('prosody::use_libevent') %>;
+
+-- This is the list of modules Prosody will load on startup.
+-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
+-- Documentation on modules can be found at: https://prosody.im/doc/modules
+modules_enabled = {
+
+ -- Base modules
+<% scope.lookupvar('prosody::modules_base').each do |mod| -%>
+ "<%= mod %>";
+<% end -%>
+
+ -- Custom modules
+<% scope.lookupvar('prosody::modules').each do |mod| -%>
+ "<%= mod %>";
+<% end -%>
+
+};
+
+<%- community_modules = scope.lookupvar('prosody::community_modules')
+ if community_modules != [] -%>
+-- Where to search for plugins/modules
+plugin_paths = {
+<%- base_path = scope.lookupvar('prosody::community_modules::path')
+ community_modules.each do |mod| -%>
+ "<%= base_path + '/mod_' + mod %>";
+<%- end -%>
+};
+<%- end -%>
+
+<%- modules_disabled = scope.lookupvar('prosody::modules_disabled')
+ if modules_disabled != [] -%>
+-- These modules are auto-loaded, but should you want
+-- to disable them then uncomment them here:
+modules_disabled = {
+<% scope.lookupvar('prosody::modules_disabled').each do |mod| -%>
+ "<%= mod %>";
+<%- end -%>
+};
+<%- end -%>
+
+-- Disable account creation by default, for security
+-- For more information see https://prosody.im/doc/creating_accounts
+allow_registration = <%= scope.lookupvar('prosody::allow_registration') %>;
+
+-- Debian:
+-- send the server to background.
+--
+daemonize = <%= scope.lookupvar('prosody::daemonize') %>;
+
+<% if scope.lookupvar('prosody::ssl_custom_config') -%>
+-- These are the SSL/TLS-related settings. If you don't want
+-- to use SSL/TLS, you may comment or remove this
+ssl = {
+ <% unless scope.lookupvar('prosody::ssl_protocol').nil? -%>
+ protocol = "<%= scope.lookupvar('prosody::ssl_protocol') %>";
+ <% end -%>
+ options = {
+ <%- scope.lookupvar('prosody::ssl_options').each do |option| -%>
+ "<%= option %>",
+ <%- end -%>
+ };
+ ciphers = "<%= scope.lookupvar('prosody::ssl_ciphers') %>";
+ curve = "<%= scope.lookupvar('prosody::ssl_curve') %>";
+ <%- dhparam = scope.lookupvar('prosody::ssl_dhparam')
+ if dhparam != '' -%>
+ dhparam = "<%= dhparam %>";
+ <%- end -%>
+ <%- ssl_key = scope.lookupvar('prosody::ssl_key')
+ if ssl_key != :undef -%>
+ key = "<%= ssl_key %>";
+ <%- end -%>
+ <%- ssl_cert = scope.lookupvar('prosody::ssl_cert')
+ if ssl_cert != :undef -%>
+ certificate = "<%= ssl_cert %>";
+ <%- end -%>
+}
+<% end -%>
+
+-- Force clients to use encrypted connections? This option will
+-- prevent clients from authenticating unless they are using encryption.
+
+c2s_require_encryption = <%= scope.lookupvar('prosody::c2s_require_encryption') %>
+
+-- Force servers to use encrypted connections?
+
+s2s_require_encryption = <%= scope.lookupvar('prosody::s2s_require_encryption') %>
+
+
+-- Force certificate authentication for server-to-server connections?
+-- This provides ideal security, but requires servers you communicate
+-- with to support encryption AND present valid, trusted certificates.
+-- NOTE: Your version of LuaSec must support certificate verification!
+-- For more information see https://prosody.im/doc/s2s#security
+
+s2s_secure_auth = <%= scope.lookupvar('prosody::s2s_secure_auth') %>
+
+-- Many servers don't support encryption or have invalid or self-signed
+-- certificates. You can list domains here that will not be required to
+-- authenticate using certificates. They will be authenticated using DNS.
+
+s2s_insecure_domains = {
+<% scope.lookupvar('prosody::s2s_insecure_domains').each do |domain| -%>
+ "<%= domain %>",
+<% end -%>
+}
+
+-- Even if you leave s2s_secure_auth disabled, you can still require valid
+-- certificates for some domains by specifying a list here.
+
+s2s_secure_domains = {
+<% scope.lookupvar('prosody::s2s_secure_domains').each do |domain| -%>
+ "<%= domain %>",
+<% end -%>
+}
+
+------ Custom config options ------
+
+<%-
+def print_recursive(object, indentation = 0)
+ case object
+ when Array
+ '{ "' + object.join('"; "') + '" }'
+ when Hash
+ "{\n" + ' ' * (indentation + 2) + object.map {|k,v| + "#{k} = " + print_recursive(v, indentation + 2)}.join(";\n" + ' ' * (indentation + 2)) + ";\n" + (' ' * indentation) + '}'
+ when TrueClass, FalseClass
+ object.to_s
+ else
+ '"' + object.to_s + '"'
+ end
+end
+-%>
+
+<% scope.lookupvar('prosody::custom_options').sort.each do |option, value| -%>
+<%= option %> = <%= print_recursive(value) %>
+<% end -%>
+
+-- Required for init scripts and prosodyctl
+pidfile = "<%= scope.lookupvar('prosody::pidfile') %>"
+
+-- Select the authentication backend to use. The 'internal' providers
+-- use Prosody's configured data storage to store the authentication data.
+-- To allow Prosody to offer secure authentication mechanisms to clients, the
+-- default provider stores passwords in plaintext. If you do not trust your
+-- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed
+-- for information about using the hashed backend.
+
+authentication = "<%= scope.lookupvar('prosody::authentication') %>"
+
+-- Select the storage backend to use. By default Prosody uses flat files
+-- in its configured data directory, but it also supports more backends
+-- through modules. An "sql" backend is included by default, but requires
+-- additional dependencies. See https://prosody.im/doc/storage for more info.
+
+<%- storage = scope.lookupvar('prosody::storage')
+ if storage != :undef
+ if storage.is_a?(String) -%>
+storage = "<%= storage %>"
+ <%- elsif storage.is_a?(Hash) -%>
+storage = {
+ <%- storage.sort.each do |type,location| -%>
+ <%= type %> = "<%= location %>";
+ <%- end -%>
+}
+ <%- end -%>
+<%- end -%>
+
+<%- sql = scope.lookupvar('prosody::sql')
+unless sql.nil? -%>
+sql = { driver = "<%= sql['driver'] %>", database = "<%= sql ['database'] %>", username = "<%= sql['username'] %>", password = "<%= sql['password'] %>", host = "<%= sql['host'] %>" }
+<%- end -%>
+
+-- Logging configuration
+-- For advanced logging see https://prosody.im/doc/logging
+log = {
+ <%= scope.lookupvar('prosody::log_level') -%> = "<%= scope.lookupvar('prosody::info_log') -%>"; -- Change 'info' to 'debug' for verbose logging
+ error = "<%= scope.lookupvar('prosody::error_log') -%>";
+<% scope.lookupvar('prosody::log_sinks').each do |sink| -%>
+ "*<%= sink %>";
+<% end -%>
+<% scope.lookupvar('prosody::log_advanced').each do |level, destination| -%>
+ { levels = { <%= level %> }; to = <%= destination %>; };
+<% end -%>
+}
+
+------ Components ------
+-- You can specify components to add hosts that provide special services,
+-- like multi-user conferences, and transports.
+-- For more information on components, see https://prosody.im/doc/components
+
+<% scope.lookupvar('prosody::components').sort.each do |name, component| %>
+Component "<%= name %>" <% if component.include?('type') then %>"<%= component['type'] %>"<% end %>
+ <%- if component.include?('secret') -%>
+ component_secret = "<%= component['secret'] %>"
+ <%- end -%>
+ <%- if component.include?('options') -%>
+ <%- component['options'].sort.each do |k, v| -%>
+ <%- if ( v.is_a? Array ) -%>
+ <%= k %> = { "<%= v.join('", "') %>" };
+ <%- else -%>
+ <%= k %> = <%= v %>;
+ <%- end -%>
+ <%- end -%>
+ <%- end -%>
+<% end -%>
+
+------ Additional config files ------
+-- For organizational purposes you may prefer to add VirtualHost and
+-- Component definitions in their own config files. This line includes
+-- all config files in /etc/prosody/conf.d/
+
+Include "conf.d/*.cfg.lua"
--- /dev/null
+VirtualHost "<%= @name %>"
+<% if @ensure == 'present' -%>
+ enabled = true
+<% else -%>
+ enabled = false
+<% end -%>
+
+<% if (@ssl_key != 'UNSET') && (@ssl_cert != 'UNSET') -%>
+ -- Assign this host a certificate for TLS, otherwise it would use the one
+ -- set in the global section (if any).
+ -- Note that old-style SSL on port 5223 only supports one certificate, and will always
+ -- use the global one.
+ ssl = {
+ key = "<%= @prosody_ssl_key %>";
+ certificate = "<%= @prosody_ssl_cert %>";
+ }
+<% end -%>
+
+<%- if @custom_options != {} -%>
+<%-
+def print_recursive(object, indentation = 0)
+ case object
+ when Array
+ '{ "' + object.join('"; "') + '" }'
+ when Hash
+ "{\n" + ' ' * (indentation + 2) + object.map {|k,v| + "#{k} = " + print_recursive(v, indentation + 2)}.join(";\n" + ' ' * (indentation + 2)) + ";\n" + (' ' * indentation) + '}'
+ when TrueClass, FalseClass
+ object.to_s
+ else
+ '"' + object.to_s + '"'
+ end
+end
+-%>
+------ Custom config options ------
+<%- @custom_options.sort.each do |option, value| -%>
+<%= option %> = <%= print_recursive(value) %>
+<%- end; end -%>
+
+<%- if @components != {} -%>
+------ Components ------
+-- You can specify components to add hosts that provide special services,
+-- like multi-user conferences, and transports.
+-- For more information on components, see http://prosody.im/doc/components
+
+<% @components.sort.each do |name, component| %>
+Component "<%= name %>" <% if component.include?('type') then %>"<%= component['type'] %>"<% end %>
+ <%- if component.include?('secret') -%>
+ component_secret = "<%= component['secret'] %>"
+ <%- end -%>
+ <%- if component.include?('options') -%>
+ <%- component['options'].sort.each do |k, v| -%>
+ <%= k %> = <%= v %>;
+ <%- end -%>
+ <%- end -%>
+<% end -%>
+<% end -%>
--- /dev/null
+node default {
+ include ::prosody
+
+ prosody::virtualhost {
+ 'puppetlabs.com' :
+ ensure => present;
+ }
+}
--- /dev/null
+../../../manifests
\ No newline at end of file
--- /dev/null
+../../../templates
\ No newline at end of file
--- /dev/null
+type Prosody::Authentication = Enum['internal_plain', 'internal_hashed', 'cyrus', 'anonymous', 'ha1']
--- /dev/null
+# Note: Stdlib::Host does not match "localhost"
+type Prosody::Host = Variant[Pattern[/^localhost$/], Stdlib::Host]
--- /dev/null
+type Prosody::Loglevel = Enum['debug', 'info', 'warn', 'error']
--- /dev/null
+type Prosody::Moduletype = Enum['hg', 'git']
--- /dev/null
+type Prosody::Packageensure = Variant[Enum[present, latest], String]
--- /dev/null
+type Prosody::Storage = Variant[Hash, Enum['internal', 'sql', 'memory', 'null', 'none']]
projects / mirror / dsa-puppet.git / commitdiff