Mercurial > libervia-backend
annotate docker/prosody-e2e/prosody.cfg.lua @ 3934:e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
OpenPGP for XMPP Pubsub (https://xmpp.org/extensions/inbox/pubsub-encryption.html,
currently a protoXEP) is implemented and activated when `encrypted` is set to `True` in
pubsub's `extra` data.
On item retrieval, the decryption is transparent if the key is known, except if the
`decrypt` key in `extra` is set to `False` (notably useful when one wants to checks that
data is well encrypted).
Methods and corresponding bridge methods have been implemented to manage shared secrets
(to share, revoke or rotate the secrets).
plugin XEP-0060's `XEP-0060_publish` trigger point as been move before actual publish so
item can be modified (here e2ee) by the triggers. A new `XEP-0060_items` trigger point has
also been added.
`encrypted` flag can be used with plugin XEP-0277's microblog data
rel 380
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sat, 15 Oct 2022 20:36:53 +0200 |
| parents | b443821399a3 |
| children | 22cd3094cd1e |
| rev | line source |
|---|---|
| 3381 | 1 -- Prosody XMPP Server Configuration |
| 2 -- Adapted for SàT e2e tests | |
| 3 | |
| 4 local socket = require "socket" | |
| 5 | |
| 6 daemonize = false; | |
| 7 admins = { } | |
| 8 | |
| 9 plugin_paths = { "/usr/local/share/prosody/modules" } | |
| 10 | |
| 11 modules_enabled = { | |
| 12 "admin_adhoc"; | |
| 13 "blocklist"; | |
| 14 "carbons"; | |
| 15 "csi"; | |
| 16 "csi_simple"; | |
| 17 "delegation"; | |
| 18 "dialback"; | |
| 19 "disco"; | |
| 20 "mam"; | |
| 21 "pep"; | |
| 22 "ping"; | |
| 23 "private"; | |
| 24 "privilege"; | |
| 25 "register"; | |
| 26 "roster"; | |
| 27 "saslauth"; | |
| 28 "smacks"; | |
| 29 "time"; | |
| 30 "tls"; | |
| 31 "uptime"; | |
| 32 "vcard4"; | |
| 33 "vcard_legacy"; | |
| 34 "version"; | |
|
3386
129cc3e16825
docker (prosody_e2e): install `ipcheck` so jp doesn't need to contact external website
Goffi <goffi@goffi.org>
parents:
3381
diff
changeset
|
35 "ipcheck"; |
| 3381 | 36 } |
| 37 | |
| 38 modules_disabled = { | |
| 39 } | |
| 40 | |
| 41 allow_registration = true | |
|
3497
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3386
diff
changeset
|
42 registration_whitelist = { socket.dns.toip("backend") } |
| 3381 | 43 whitelist_registration_only = true |
| 44 | |
| 45 c2s_require_encryption = true | |
| 46 s2s_require_encryption = true | |
| 47 s2s_secure_auth = false | |
| 48 | |
| 49 pidfile = "/var/run/prosody/prosody.pid" | |
| 50 | |
| 51 authentication = "internal_hashed" | |
| 52 | |
| 53 archive_expires_after = "1d" | |
| 54 | |
| 55 log = { | |
| 56 {levels = {min = "info"}, to = "console"}; | |
| 57 } | |
| 58 | |
| 59 certificates = "certs" | |
| 60 | |
| 61 ssl = { | |
|
3497
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3386
diff
changeset
|
62 key = "/usr/share/libervia/certificates/server1.test-key.pem"; |
|
73e04040d577
docker: update following name changes:
Goffi <goffi@goffi.org>
parents:
3386
diff
changeset
|
63 certificate = "/usr/share/libervia/certificates/server1.test.pem"; |
| 3381 | 64 } |
| 65 | |
| 66 component_interface = "*" | |
| 67 | |
| 68 VirtualHost "server1.test" | |
| 69 privileged_entities = { | |
| 70 ["pubsub.server1.test"] = { | |
| 71 roster = "get"; | |
|
3768
b443821399a3
docker (prosody-e2e): update Prosody's conf:
Goffi <goffi@goffi.org>
parents:
3497
diff
changeset
|
72 message = "outgoing"; |
| 3381 | 73 presence = "roster"; |
|
3768
b443821399a3
docker (prosody-e2e): update Prosody's conf:
Goffi <goffi@goffi.org>
parents:
3497
diff
changeset
|
74 iq = { |
|
b443821399a3
docker (prosody-e2e): update Prosody's conf:
Goffi <goffi@goffi.org>
parents:
3497
diff
changeset
|
75 ["http://jabber.org/protocol/pubsub"] = "set"; |
|
b443821399a3
docker (prosody-e2e): update Prosody's conf:
Goffi <goffi@goffi.org>
parents:
3497
diff
changeset
|
76 }; |
| 3381 | 77 }, |
| 78 } | |
| 79 | |
| 80 delegations = { | |
| 81 ["urn:xmpp:mam:2"] = { | |
| 82 filtering = {"node"}; | |
| 83 jid = "pubsub.server1.test"; | |
| 84 }, | |
| 85 ["http://jabber.org/protocol/pubsub"] = { | |
| 86 jid = "pubsub.server1.test"; | |
| 87 }, | |
| 88 ["http://jabber.org/protocol/pubsub#owner"] = { | |
| 89 jid = "pubsub.server1.test"; | |
| 90 }, | |
| 91 ["https://salut-a-toi/protocol/schema:0"] = { | |
| 92 jid = "pubsub.server1.test"; | |
| 93 }, | |
|
3768
b443821399a3
docker (prosody-e2e): update Prosody's conf:
Goffi <goffi@goffi.org>
parents:
3497
diff
changeset
|
94 ["https://salut-a-toi.org/spec/pubsub_admin:0"] = { |
| 3381 | 95 jid = "pubsub.server1.test"; |
| 96 }, | |
|
3768
b443821399a3
docker (prosody-e2e): update Prosody's conf:
Goffi <goffi@goffi.org>
parents:
3497
diff
changeset
|
97 ["urn:xmpp:pam:0"] = { |
|
b443821399a3
docker (prosody-e2e): update Prosody's conf:
Goffi <goffi@goffi.org>
parents:
3497
diff
changeset
|
98 jid = "pubsub.server1.test"; |
|
b443821399a3
docker (prosody-e2e): update Prosody's conf:
Goffi <goffi@goffi.org>
parents:
3497
diff
changeset
|
99 }, |
|
b443821399a3
docker (prosody-e2e): update Prosody's conf:
Goffi <goffi@goffi.org>
parents:
3497
diff
changeset
|
100 ["urn:xmpp:delegation:2:bare:disco#info:*"] = { |
|
b443821399a3
docker (prosody-e2e): update Prosody's conf:
Goffi <goffi@goffi.org>
parents:
3497
diff
changeset
|
101 jid = "pubsub.server1.test"; |
|
b443821399a3
docker (prosody-e2e): update Prosody's conf:
Goffi <goffi@goffi.org>
parents:
3497
diff
changeset
|
102 }, |
|
b443821399a3
docker (prosody-e2e): update Prosody's conf:
Goffi <goffi@goffi.org>
parents:
3497
diff
changeset
|
103 ["urn:xmpp:delegation:2:bare:disco#items:*"] = { |
| 3381 | 104 jid = "pubsub.server1.test"; |
| 105 }, | |
| 106 } | |
| 107 | |
| 108 VirtualHost "server2.test" | |
| 109 | |
| 110 VirtualHost "server3.test" | |
| 111 | |
| 112 -- Component "muc.server1.test" "muc" | |
| 113 -- modules_enabled = { | |
| 114 -- "muc_mam"; | |
| 115 -- "vcard"; | |
| 116 -- } | |
| 117 | |
| 118 Component "pubsub.server1.test" | |
| 119 component_secret = "test_e2e" | |
| 120 modules_enabled = {"privilege", "delegation"} | |
| 121 | |
| 122 Component "proxy.server1.test" "proxy65" | |
| 123 | |
| 124 Component "files.server1.test" | |
| 125 component_secret = "test_e2e" |