Add the prosody module

[mirror/dsa-puppet.git] / 3rdparty / modules / prosody / templates / prosody.cfg.erb

-- Prosody XMPP Server Configuration
--
-- Information on configuring Prosody can be found on our
-- website at https://prosody.im/doc/configure
--
-- Tip: You can check that the syntax of this file is correct
-- when you have finished by running this command:
--     prosodyctl check config
-- If there are any errors, it will let you know what and where
-- they are, otherwise it will keep quiet.
--
-- Good luck, and happy Jabbering!


---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts

-- This is a (by default, empty) list of accounts that are admins
-- for the server. Note that you must create the accounts separately
-- (see https://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" }
admins = {
<% scope.lookupvar('prosody::admins').each do |admin| -%>
    "<%= admin %>",
<% end -%>
}

<% if scope.lookupvar('prosody::user') != '' -%>
-- User to run prosody as
prosody_user = "<%= scope.lookupvar('prosody::user') %>"
<% end -%>
<% if scope.lookupvar('prosody::group') != '' -%>
-- Group to run prosody as
prosody_group = "<%= scope.lookupvar('prosody::group') %>"
<% end -%>

-- Which interfaces (addresses) to listen on
interfaces = {
<% scope.lookupvar('prosody::interfaces').each do |interface| -%>
    "<%= interface %>",
<% end -%>
}

-- Enable use of libevent for better performance under high load
-- For more information see: https://prosody.im/doc/libevent
use_libevent = <%= scope.lookupvar('prosody::use_libevent') %>;

-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-- Documentation on modules can be found at: https://prosody.im/doc/modules
modules_enabled = {

  -- Base modules
<% scope.lookupvar('prosody::modules_base').each do |mod| -%>
    "<%= mod %>";
<% end -%>

  -- Custom modules
<% scope.lookupvar('prosody::modules').each do |mod| -%>
    "<%= mod %>";
<% end -%>

};

<%- community_modules = scope.lookupvar('prosody::community_modules')
    if community_modules != [] -%>
-- Where to search for plugins/modules
plugin_paths = {
<%- base_path = scope.lookupvar('prosody::community_modules::path')
    community_modules.each do |mod| -%>
    "<%= base_path + '/mod_' + mod %>";
<%- end -%>
};
<%- end -%>

<%- modules_disabled = scope.lookupvar('prosody::modules_disabled')
    if modules_disabled != [] -%>
-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
<% scope.lookupvar('prosody::modules_disabled').each do |mod| -%>
    "<%= mod %>";
<%- end -%>
};
<%- end -%>

-- Disable account creation by default, for security
-- For more information see https://prosody.im/doc/creating_accounts
allow_registration = <%= scope.lookupvar('prosody::allow_registration') %>;

-- Debian:
--   send the server to background.
--
daemonize = <%= scope.lookupvar('prosody::daemonize') %>;

<% if scope.lookupvar('prosody::ssl_custom_config') -%>
-- These are the SSL/TLS-related settings. If you don't want
-- to use SSL/TLS, you may comment or remove this
ssl = {
  <% unless scope.lookupvar('prosody::ssl_protocol').nil? -%>
  protocol = "<%= scope.lookupvar('prosody::ssl_protocol') %>";
  <% end -%>
  options = {
  <%- scope.lookupvar('prosody::ssl_options').each do |option| -%>
    "<%= option %>",
  <%- end -%>
  };
  ciphers = "<%= scope.lookupvar('prosody::ssl_ciphers') %>";
  curve = "<%= scope.lookupvar('prosody::ssl_curve') %>";
  <%- dhparam = scope.lookupvar('prosody::ssl_dhparam')
      if dhparam != '' -%>
  dhparam = "<%= dhparam %>";
  <%- end -%>
  <%- ssl_key = scope.lookupvar('prosody::ssl_key')
      if ssl_key != :undef -%>
  key = "<%= ssl_key %>";
  <%- end -%>
  <%- ssl_cert = scope.lookupvar('prosody::ssl_cert')
      if ssl_cert != :undef -%>
  certificate = "<%= ssl_cert %>";
  <%- end -%>
}
<% end -%>

-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.

c2s_require_encryption = <%= scope.lookupvar('prosody::c2s_require_encryption') %>

-- Force servers to use encrypted connections?

s2s_require_encryption = <%= scope.lookupvar('prosody::s2s_require_encryption') %>


-- Force certificate authentication for server-to-server connections?
-- This provides ideal security, but requires servers you communicate
-- with to support encryption AND present valid, trusted certificates.
-- NOTE: Your version of LuaSec must support certificate verification!
-- For more information see https://prosody.im/doc/s2s#security

s2s_secure_auth = <%= scope.lookupvar('prosody::s2s_secure_auth') %>

-- Many servers don't support encryption or have invalid or self-signed
-- certificates. You can list domains here that will not be required to
-- authenticate using certificates. They will be authenticated using DNS.

s2s_insecure_domains = {
<% scope.lookupvar('prosody::s2s_insecure_domains').each do |domain| -%>
    "<%= domain %>",
<% end -%>
}

-- Even if you leave s2s_secure_auth disabled, you can still require valid
-- certificates for some domains by specifying a list here.

s2s_secure_domains = {
<% scope.lookupvar('prosody::s2s_secure_domains').each do |domain| -%>
    "<%= domain %>",
<% end -%>
}

------ Custom config options ------

<%-
def print_recursive(object, indentation = 0)
  case object
  when Array
    '{ "' + object.join('"; "') + '" }'
  when Hash
    "{\n" + ' ' * (indentation + 2) + object.map {|k,v| + "#{k} = " + print_recursive(v, indentation + 2)}.join(";\n" + ' ' * (indentation + 2)) + ";\n" + (' ' * indentation) + '}'
  when TrueClass, FalseClass
    object.to_s
  else
    '"' + object.to_s + '"'
  end
end
-%>

<% scope.lookupvar('prosody::custom_options').sort.each do |option, value| -%>
<%= option %> = <%= print_recursive(value) %>
<% end -%>

-- Required for init scripts and prosodyctl
pidfile = "<%= scope.lookupvar('prosody::pidfile') %>"

-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.
-- To allow Prosody to offer secure authentication mechanisms to clients, the
-- default provider stores passwords in plaintext. If you do not trust your
-- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed
-- for information about using the hashed backend.

authentication = "<%= scope.lookupvar('prosody::authentication') %>"

-- Select the storage backend to use. By default Prosody uses flat files
-- in its configured data directory, but it also supports more backends
-- through modules. An "sql" backend is included by default, but requires
-- additional dependencies. See https://prosody.im/doc/storage for more info.

<%- storage = scope.lookupvar('prosody::storage')
    if storage != :undef
      if storage.is_a?(String) -%>
storage = "<%= storage %>"
  <%- elsif storage.is_a?(Hash) -%>
storage = {
        <%- storage.sort.each do |type,location| -%>
   <%= type %> = "<%= location %>";
        <%- end -%>
}
      <%- end -%>
<%- end -%>

<%- sql = scope.lookupvar('prosody::sql')
unless sql.nil? -%>
sql = { driver = "<%= sql['driver'] %>", database = "<%= sql ['database'] %>", username = "<%= sql['username'] %>", password = "<%= sql['password'] %>", host = "<%= sql['host'] %>" }
<%- end -%>

-- Logging configuration
-- For advanced logging see https://prosody.im/doc/logging
log = {
        <%= scope.lookupvar('prosody::log_level') -%> = "<%= scope.lookupvar('prosody::info_log') -%>"; -- Change 'info' to 'debug' for verbose logging
        error = "<%= scope.lookupvar('prosody::error_log') -%>";
<% scope.lookupvar('prosody::log_sinks').each do |sink|  -%>
        "*<%= sink %>";
<% end -%>
<% scope.lookupvar('prosody::log_advanced').each do |level, destination|  -%>
    { levels = { <%= level %> }; to = <%= destination %>; };
<% end -%>
}

------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-- For more information on components, see https://prosody.im/doc/components

<% scope.lookupvar('prosody::components').sort.each do |name, component| %>
Component "<%= name %>" <% if component.include?('type') then %>"<%= component['type'] %>"<% end %>
  <%- if component.include?('secret') -%>
  component_secret = "<%= component['secret'] %>"
  <%- end -%>
  <%- if component.include?('options') -%>
    <%- component['options'].sort.each do |k, v| -%>
      <%- if ( v.is_a? Array ) -%>
  <%= k %> = { "<%= v.join('", "') %>" };
      <%- else -%>
  <%= k %> = <%= v %>;
      <%- end -%>
    <%- end -%>
  <%- end -%>
<% end -%>

------ Additional config files ------
-- For organizational purposes you may prefer to add VirtualHost and
-- Component definitions in their own config files. This line includes
-- all config files in /etc/prosody/conf.d/

Include "conf.d/*.cfg.lua"