+# Please contact the RTC team about this service at debian-rtc-team@alioth-lists.debian.net
+#
+
+class profile::prosody {
+
+ class { 'prosody':
+ user => 'prosody',
+ group => 'prosody',
+ use_libevent => false,
+ daemonize => true,
+ s2s_secure_auth => false,
+ package_name => 'prosody-modules',
+ ssl_custom_config => false,
+ log_sinks => [],
+ log_advanced => {
+ 'error' => 'syslog',
+ },
+ authentication => 'ha1',
+ custom_options => {
+ 'auth_ha1_file' => '/var/local/rtc-passwords.prosody',
+ 'auth_ha1_use_ha1b' => true,
+ 'auth_ha1_realm' => 'rtc.debian.org',
+ },
+ # we override whatever the module decides as a base
+ modules_base => [
+ 'roster', 'saslauth', 'tls', 'dialback', 'disco', 'posix', 'private',
+ 'vcard', 'version', 'uptime', 'time', 'ping', 'pep', 'register',
+ ],
+ # and add the modules we want on top
+ modules => [
+ 'admin_adhoc', 'blocking', 'carbons', 'carbons_adhoc',
+ 'cloud_notify', 'csi', 'filter_chatstates', 'http',
+ 'http_upload', 'mam', 'smacks', 'smaks', 'throttle_presence',
+ ],
+ }
+
+ -> prosody::virtualhost {
+ 'debian.org':
+ ensure => present,
+ ssl_key => '/etc/ssl/private/debian.org.key',
+ ssl_cert => '/etc/ssl/debian/certs/debian.org.crt-chained',
+ ssl_copy => false,
+ components => {
+ 'conference.debian.org' => {
+ 'type' => 'muc',
+ }
+ }
+ }
+
+ -> posix_acl { '/etc/prosody/prosody.cfg.lua':
+ action => exact,
+ recursive => false,
+ provider => posixacl,
+ permission => [
+ 'user::rw',
+ 'group::r',
+ 'group:debvoip:rw',
+ 'group:prosody:r',
+ 'mask::r',
+ 'other::',
+ ],
+ }
+
+ -> posix_acl { '/etc/prosody/conf.avail/debian.org.cfg.lua':
+ action => exact,
+ recursive => false,
+ provider => posixacl,
+ permission => [
+ 'user::rw',
+ 'group::r',
+ 'group:debvoip:rw',
+ 'group:prosody:r',
+ 'mask::r',
+ 'other::',
+ ],
+ }
+
+}