Merge pull request 'Merge staging to main' (#31) from staging into main

Reviewed-on: #31
This commit is contained in:
muppeth 2024-08-01 06:16:22 +02:00
commit cb723da293
10 changed files with 39 additions and 36 deletions

View file

@ -1,6 +0,0 @@
# Prosody role - Changelog
- 22.01.2022 - Change from mod_http_upload to mod_http_file_share
- 05.05.2021 - Add mod muc_ban_ip
- 04.05.2021 - Add mods for better compatibility with siskin
- 14.02.2021 - Public release of this role

View file

@ -6,7 +6,7 @@ You can deploy a test instance using `Vagrantfile` attached to the role. This ro
# Run in production
To run this role in production, do not forget to set your DNS as explained [here](./DNS_configuration.md) and to change all vars from files in `default/` to what you need.
The role's defaults should be already dpeloying fully funcitonal and modern XMPP Server. It allows to add/remove any additional module (whether core or community).
The role's defaults should be already deploying fully functional and modern XMPP Server. It allows to add/remove any additional module (whether core or community).
# Run test in Vagrant
To have it work using vagrant:
@ -15,11 +15,32 @@ To have it work using vagrant:
- and `ansible-playbook -b Playbooks/prosody.yml` to deploy Prosody on the Virtual Environment.
# Setup turnserver for viop
If you want to use viop, you need to set `turncredentials` to `true` in `default/mod.yml`. This feature depends on a third party service that needs to be installed seperatelly: coturn. To see how to set it, check [Prosody's documentation](https://prosody.im/doc/coturn)
If you want to use viop, you need to set `turncredentials` to `true` in `default/mod.yml`. This feature depends on a third party service that needs to be installed separately: coturn. To see how to set it, check [Prosody's documentation](https://prosody.im/doc/coturn)
# Add LDAP authentication and vhosts
To add LDAP authentication, edit `defaults/vhost.yml`, change `auth_method` from `internal_hashed` to `ldap` and change the LDAP vars in `prosody_ldap_config`.
This role supports multiple vhosts.
# Virtual hosts
This role supports multiple vhosts. In order to define them specify vhosts in `prosody_vhost` array. You can set number or settings. Make sure to provide certificates for each domain `prosody_certificate_path` eg:
```
prosody_vhost:
- name: 'example.org'
enabled: 'true'
carbon_defaults: 'true'
auth_method: 'internal_hashed'
- name: 'example.com'
enabled: 'true'
carbon_defaults: 'true'
auth_method: 'ldap'
prosody_ldap_config:
- ldap_server: "{{ prosody_ldap_server }}"
ldap_rootdn: "{{ prosody_ldap_rootdn }}"
ldap_password: "{{ prosody_ldap_password }}"
ldap_basedn: "{{ prosody_ldap_basedn }}"
ldap_tls: "{{ prosody_ldap_tls }}"
ldap_mode: "{{ prosody_ldap_mode }}"
```
# Modules

5
Vagrantfile vendored
View file

@ -8,13 +8,10 @@
Vagrant.configure("2") do |config|
#config.ssh.insert_key = false
config.vm.define "prosody" do |prosody|
prosody.vm.box = "generic/debian11"
prosody.vm.box = "generic/debian12"
prosody.vm.provider :libvirt do |libvirt|
libvirt.memory = 256
end
prosody.vm.network "forwarded_port", guest: 80, host: 8884, host_ip: "192.168.33.5"
prosody.vm.network "forwarded_port", guest: 443, host: 4444, host_ip: "192.168.33.5"
prosody.vm.network "forwarded_port", guest: 8080, host: 8081, host_ip: "192.168.33.5"
prosody.vm.network "private_network", ip: "192.168.33.5"
config.vm.provision "shell", inline: "apt install acl"
end

View file

@ -4,8 +4,7 @@ backports_uri: http://ftp.nl.debian.org/debian/
backports_components: "{{ container_distribution }}-backports main contrib non-free"
prosody_admins: "'admin@example.org'"
prosody_contact_info: "'support@example.org'"
prosody_abuse_info: "'abuse@example.org'"
prosody_core_modules_path: "/usr/lib/prosody/modules/"
prosody_community_modules_path: "/usr/lib/prosody-modules"
prosody_installer_plugin_path: '/etc/prosody/custom_scripts'
@ -29,7 +28,7 @@ firewall_users_blocked:
#PROSODY CONFIG
prosody_allow_registration: 'false'
prosody_certificates: 'certs'
prosody_certificate_path: '/etc/letsencrypt/live'
server_name: 'example.org'
prosody_c2s_encryption: 'true'
prosody_s2s_auth: 'false'

View file

@ -165,7 +165,7 @@ prosody_modules:
description: 'Registration Redirect.'
module_enabled: 'true'
extra_options:
- 'registrarion_url = "https://registration.example.com"'
- 'registration_url = "https://registration.example.com"'
- 'registration_text = "Your custom instructions banner here"'
- name: 'mam'
@ -225,9 +225,9 @@ prosody_modules:
module_enabled: 'true'
extra_options:
- 'contact_info = {'
- 'admin = { "mailto:{{ prosody_admins }}", "xmpp:{{ prosody_admins }}" };'
- 'abuse = { "mailto:{{ prosody_abuse_info }}", "xmpp:{{ prosody_abuse_info }}" };'
- 'support = { "mailto:{{ prosody_contact_info }}", "xmpp:{{ prosody_contact_info }}" };'
- 'admin = { "xmpp:admin@example.org", "mailto:admin@example.org" };'
- 'abuse = { "xmpp:abuse@example.org", "mailto:abuse@example.org" };'
- 'support = { "xmpp:abuse@example.org", "mailto:abuse@example.org" };'
- '};'
- name: 'turn_external'

View file

@ -11,7 +11,7 @@ Component "{{ item.name }}"
{% if item.ssl %}
-- SSL Settings
ssl = {
key = "/etc/prosody/{{ prosody_certificates }}/{{ item.name }}/privkey.pem";
certificate = "/etc/prosody/{{ prosody_certificates }}/{{ item.name }}/fullchain.pem";
key = "{{ prosody_certificate_path }}/{{ item.name }}/privkey.pem";
certificate = "{{ prosody_certificate_path }}/{{ item.name }}/fullchain.pem";
}
{% endif %}

View file

@ -29,8 +29,8 @@ modules_enabled = {
-- SSL Settings
ssl = {
key = "/etc/prosody/{{ prosody_certificates }}/{{ item.url }}/privkey.pem";
certificate = "/etc/prosody/{{ prosody_certificates }}/{{ item.url }}/fullchain.pem";
key = "{{ prosody_certificate_path }}/{{ item.url }}/privkey.pem";
certificate = "{{ prosody_certificate_path }}/{{ item.url }}/fullchain.pem";
}
{% endfor %}
{% endif %}

View file

@ -7,6 +7,6 @@ Component "{{ prosody_proxy65_url }}" "proxy65"
-- SSL Settings
ssl = {
key = "/etc/prosody/{{ prosody_certificates }}/{{ prosody_proxy65_url }}/privkey.pem";
certificate = "/etc/prosody/{{ prosody_certificates }}/{{ prosody_proxy65_url }}/fullchain.pem";
key = "{{ prosody_certificate_path }}/{{ prosody_proxy65_url }}/privkey.pem";
certificate = "{{ prosody_certificate_path }}/{{ prosody_proxy65_url }}/fullchain.pem";
}

View file

@ -33,6 +33,6 @@ feed = {
-- SSL Settings
ssl = {
key = "/etc/prosody/{{ prosody_certificates }}/{{ prosody_pubsub_url }}/privkey.pem";
certificate = "/etc/prosody/{{ prosody_certificates }}/{{ prosody_pubsub_url }}/fullchain.pem";
key = "{{ prosody_certificate_path }}/{{ prosody_pubsub_url }}/privkey.pem";
certificate = "{{ prosody_certificate_path }}/{{ prosody_pubsub_url }}/fullchain.pem";
}

View file

@ -25,14 +25,6 @@
-- Example: admins = { "user1@example.com", "user2@example.net" }
admins = { {{ prosody_admins }} }
{% for item in prosody_modules %}
{% if item.name == 'server_contact_info' %}
{% if item.module_enabled == 'false' %}
contact_info = { {{ prosody_contact_info }} }
{% endif %}
{% endif %}
{% endfor %}
interfaces ="{{ prosody_interfaces }}" -- Set interfaces prosody should listen on
http_host = "{{ prosody_http_host }}"
http_external_url = "{{ prosody_http_external_url }}"