init

ansible/roles/prosody/templates/prosody.cfg.lua.j2

@@ -0,0 +1,111 @@
+admins = { "{{ admin_jid }}" }
+
+{% if oauth_client_id is defined or default_contacts is defined or smtp_host is defined or session_timeout is defined %}
+plugin_paths = { "/usr/lib/prosody/custom-modules" }
+{% endif %}
+
+modules_enabled = {
+    "roster";
+    "saslauth";
+    "tls";
+    "dialback";
+    "disco";
+    "carbons";
+    "pep";
+    "private";
+    "blocklist";
+    "vcard4";
+    "vcard_legacy";
+    "version";
+    "uptime";
+    "time";
+    "ping";
+    "register";
+    "admin_adhoc";
+    "bosh";
+    "websocket";
+    "smacks";
+    "csi_simple";
+    "mam";
+{% if oauth_client_id is defined %}
+    "sasl_oauthbearer_only_bosh";
+{% endif %}
+{% if session_timeout is defined %}
+    "session_timeout";
+{% endif %}
+{% if smtp_host is defined %}
+    "offline";
+    "offline_email";
+{% endif %}
+}
+
+allow_registration = false
+
+http_ports = { 5280 }
+http_interfaces = { "127.0.0.1" }
+
+https_ports = {}
+
+proxy65_ports = { {{ proxy65_port }} }
+
+consider_bosh_secure = true
+consider_websocket_secure = true
+
+VirtualHost "{{ domain }}"
+{% if oauth_client_id is defined %}
+    authentication = "oauth_external"
+    oauth_external_validation_endpoint = "{{ oauth_userinfo_url }}"
+    oauth_external_username_field = "preferred_username"
+    oauth_external_client_id = "{{ oauth_ropc_client_id | default(oauth_client_id) }}"
+{% if oauth_ropc_client_secret is defined %}
+    oauth_external_client_secret = "{{ oauth_ropc_client_secret }}"
+    oauth_external_token_endpoint = "{{ oauth_token_url }}"
+    oauth_external_resource_owner_password = true
+    oauth_external_scope = "openid profile email"
+{% endif %}
+{% else %}
+    authentication = "internal_hashed"
+{% endif %}
+{% if session_timeout is defined %}
+    session_timeout = {{ session_timeout }}
+{% endif %}
+{% if smtp_host is defined %}
+    offline_email_smtp_server = "{{ smtp_host }}"
+    offline_email_smtp_port = {{ smtp_port | default(587) }}
+    offline_email_smtp_username = "{{ smtp_username }}"
+    offline_email_smtp_password = "{{ smtp_password }}"
+    offline_email_smtp_from = "{{ smtp_from | default(smtp_username) }}"
+{% endif %}
+{% if default_contacts is defined %}
+    modules_enabled = { "default_contacts" }
+    default_contacts = {
+{% for contact in default_contacts %}
+        { jid = "{{ contact.jid }}"; name = "{{ contact.name }}"; groups = { "{{ contact.group | default('Contacts') }}" } };
+{% endfor %}
+    }
+{% endif %}
+
+{% if ssl_cert is defined %}
+    ssl = {
+        certificate = "/etc/prosody/certs/fullchain.pem";
+        key = "/etc/prosody/certs/privkey.pem";
+    }
+{% endif %}
+
+Component "conference.{{ domain }}" "muc"
+    modules_enabled = { "muc_mam" }
+    restrict_room_creation = true
+    muc_room_default_public = false
+    muc_room_default_members_only = true
+    muc_room_default_change_subject = true
+    muc_room_default_history_length = 50
+    muc_room_locking = false
+
+Component "upload.{{ domain }}" "http_file_share"
+    http_file_share_size_limit = {{ http_upload_file_size_limit }}
+    http_file_share_expires_after = {{ http_upload_expire_after }}
+    http_host = "upload.{{ domain }}"
+    http_external_url = "https://upload.{{ domain }}"
+
+Component "proxy.{{ domain }}" "proxy65"
+    proxy65_address = "{{ proxy65_address }}"