debops.prosody default variables

Packages and installation

prosody__base_packages

List of base packages to install.

prosody__base_packages:
  - 'prosody'
  - 'lua-zlib'
  - 'lua-sec'
  - 'prosody-modules'  # for ldap auth
  - '{{ "lua-event" if prosody__use_libevent | bool else [] }}'
prosody__packages

List of additional APT packages to install with Prosody.

prosody__packages: []

PKI

prosody__pki

Enable or disable support for PKI/SSL/TLS in prosody. Defaults to True if debops.pki is enabled on the remote host.

prosody__pki: '{{ ansible_local.pki.enabled | d() | bool }}'
prosody__pki_realm_path

Directory path where PKI realm live.

prosody__pki_realm_path: '{{ ansible_local.pki.path | d("/etc/pki/realms") }}'
prosody__pki_realm

Default PKI realm to use.

prosody__pki_realm: '{{ ansible_local.pki.realm | d("domain") }}'
prosody__pki_crt_filename

Default CRT file name to use.

prosody__pki_crt_filename: '{{ ansible_local.pki.crt | d("default.crt") }}'
prosody__pki_key_filename

Default private key file name to use.

prosody__pki_key_filename: '{{ ansible_local.pki.key | d("default.key") }}'
prosody__pki_hook_name

Name of the hook script which will be stored in hook directory.

prosody__pki_hook_name: 'prosody'
prosody__pki_hook_path

Directory with PKI hooks.

prosody__pki_hook_path: '{{ ansible_local.pki.hooks | d("/etc/pki/hooks") }}'
prosody__pki_hook_action

Specify how changes in PKI should affect prosody, either 'reload' or 'restart'.

prosody__pki_hook_action: 'reload'

Prosody Configuration

prosody__deploy_state

Set to absent to disable and uninstall this role

prosody__deploy_state: "present"
prosody__domain

The hosts's DNS domain name used in the Prosody configuration.

prosody__domain: '{{ ansible_domain }}'
prosody__admins

List of admin jabber accounts of this prosody instance

prosody__admins: []
prosody__use_libevent

Set this to true to enable the libevent backend @see https://prosody.im/doc/libevent

prosody__use_libevent: false
prosody__modules_default

Modules that are loaded by default @see https://prosody.im/doc/configure

prosody__modules_default:
  - "roster"
  - "saslauth"
  - "tls"
  - "dialback"
  - "disco"
  - "private"
  - "vcard"
  - "privacy"  #@TODO check version < 0.10
  - "version"
  - "uptime"
  - "time"
  - "ping"
  - "pep"
  - "admin_adhoc"
  - "posix"
  - "groups"
  - "carbons"
  - "mam"
  - "blocking"
  - "smacks"
  #- "s2s_auth_dane"
prosody__modules

Modules that should be enabled

prosody__modules: '{{ prosody__modules_default }}'
prosody__authentication
Providers:
  • internal_plain

  • internal_hashed

  • cyrus

  • anonymous

  • ldap2 (TODO)

https://prosody.im/doc/authentication

prosody__authentication: 'internal_plain'
prosody__insecure_domains

List of insecure domains. As example gmail.com https://prosody.im/doc/s2s

prosody__insecure_domains: []
prosody__allow_registration

Allow new registrations

prosody__allow_registration: False
prosody__config_ldap

LDAP config, this is used when prosody__authentication is ldap2. https://modules.prosody.im/mod_auth_ldap2.html

prosody__config_ldap:
  ldap:
    hostname: 'ldap.{{ ansible_domain }}'
    user:
      basedn: 'ou=users,..@TODO'
      usernamefield: 'uid'
    bind_dn: 'uid=....,dc=...@TODO'
    bind_password: 'lookup..@TODO'
    use_tls: True
prosody__default_config_global

Main prosody configuration, default values @see https://prosody.im/doc/configure

prosody__default_config_global:
  admins: '{{ prosody__admins }}'
  modules_enabled: '{{ prosody__modules }}'
  allow_registration: '{{ prosody__allow_registration }}'
  daemonize: True
  pidfile: "/var/run/prosody/prosody.pid"
  use_libevent: '{{ prosody__use_libevent }}'
  c2s_require_encryption: True
  s2s_require_encryption: True
  s2s_secure_auth: True
  s2s_insecure_domains: '{{ prosody__insecure_domains }}'
  authentication: '{{ prosody__authentication }}'
  log:
    info: "/var/log/prosody/prosody.log"
    error: "/var/log/prosody/prosody.err"
prosody__config_http_server

HTTP server specific settings. More infos at https://prosody.im/doc/http

prosody__config_http_server:
  http_port:
    - 5280
  http_interface:
    - '*'
  https_port:
    - 5281
  https_interface:
    - '*'
  https_ssl:
    certificate: '{{ prosody__pki_realm_path + "/" + prosody__pki_realm + "/" + prosody__pki_crt_filename }}'
    key: '{{ prosody__pki_realm_path + "/" + prosody__pki_realm + "/" + prosody__pki_key_filename }}'
prosody__config_global

Mapping for global configs which will be managed on all hosts in the Ansible inventory.

prosody__config_global: {}
prosody__group_config_global

Mapping for global configs which will be managed on specific groups in the Ansible inventory.

prosody__group_config_global: {}
prosody__host_config_global

Mapping for global configs which will be managed on specific hosts in the Ansible inventory.

prosody__host_config_global: {}
prosody__combined_config_global

Mapping which combines all of the global config variables and is used in the configuration template.

prosody__combined_config_global: '{{ prosody__default_config_global | combine(prosody__config_http_server,
                                                                              prosody__config_ldap if prosody__authentication == "ldap2" else {},
                                                                              prosody__config_global,
                                                                              prosody__group_config_global,
                                                                              prosody__host_config_global) }}'
prosody__config_virtual_hosts

List of virtual hosts

prosody__config_virtual_hosts:
  - name: '{{ ansible_domain }}'
    enabled: false
    pki_realm: 'domain'
prosody__http_upload

http_upload enables upload via http(s) for clients to share files https://modules.prosody.im/mod_http_upload.html XEP-0363

prosody__http_upload: True
prosody__muc

muc (multi user channel) enables group channel function. https://prosody.im/doc/modules/mod_muc XEP-0045

prosody__muc: True
prosody__config_http_upload

http_upload config is for client upload via http(s) to share files https://modules.prosody.im/mod_http_upload.html XEP-0363

prosody__config_http_upload:
  - domain: 'upload.{{ prosody__domain }}'
    params: '"http_upload"'
prosody__config_muc

muc (multi user channel) config for group channel function. https://prosody.im/doc/modules/mod_muc XEP-0045

prosody__config_muc:
  - domain: 'conference.{{ prosody__domain }}'
    params: '"muc"'
prosody__default_config_components

List of default components

prosody__default_config_components: '{{ (prosody__config_http_upload if prosody__http_upload | bool else [])
                                      + (prosody__config_muc if prosody__muc | bool else []) }}'
prosody__config_components

List of components which will be managed on all hosts in the Ansible inventory.

prosody__config_components: []
prosody__group_config_components

List of components which will be managed on specific groups in the Ansible inventory.

prosody__group_config_components: []
prosody__host_config_components

List of components which will be managed on specific hosts in the Ansible inventory.

prosody__host_config_components: []
prosody__combined_config_components

List which combines all of the global config variables and is used in the configuration template.

prosody__combined_config_components: '{{ prosody__default_config_components
                                         + prosody__config_components
                                         + prosody__group_config_components
                                         + prosody__host_config_components }}'
prosody__ferm__dependent_rules

Configuration for iptables firewall managed by ferm.

prosody__ferm__dependent_rules:

  - type: 'accept'
    dport: [ '5222' ]
    accept_any: True
    weight: '40'
    by_role: 'prosody'
    name: 'prosody-xmpp-client'
    multiport: True
    rule_state: '{{ prosody__deploy_state }}'
  - type: 'accept'
    dport: [ '5269' ]
    accept_any: True
    weight: '40'
    by_role: 'prosody'
    name: 'prosody-xmpp-server'
    multiport: True
    rule_state: '{{ prosody__deploy_state }}'
  - type: 'accept'
    dport: [ '5280', '5281' ]
    accept_any: True
    weight: '40'
    by_role: 'prosody'
    name: 'prosody-http'
    multiport: True
    rule_state: '{{ prosody__deploy_state }}'