---
prosody_server_username: prosody
prosody_server_data_dir: "/var/lib/{{ prosody_server_username }}"
prosody_server_run_dir: "/var/run/{{ prosody_server_username }}"

# Base HTTP URL of the Prosody plugins (modules) repository from which
# to download new modules.
prosody_plugins_src_base_url: https://hg.prosody.im/prosody-modules/raw-file/

# List of community Prosody plugins to install.
prosody_plugins: [] # Empty by default, structure like this:
#  - name: conversejs      # Name of the plugin to install.
#    state: present        # Whether the plugin should be installed or not.
#    version: 2681f74750b2 # Branch or commit of the version to install.
#    # If set, hash of the downloaded module file to compare against.
#    checksum: sha1:6d84b4f4d5108bce25fa9103157ddfc519362460

# List of directories where Prosody plugins are searched.
prosody_plugin_paths:
  - /usr/local/lib/prosody/modules

# List of JIDs granted administrative privileges to the XMPP server.
prosody_admins: []

# Whether or not to enable user registration by default.
prosody_allow_registration: false

# Whether to force TLS connections by default.
prosody_c2s_require_encryption: true

# List of ports to listen on for connections from XMPP clients.
prosody_c2s_ports:
  - 5222

# Whether or not to require server-to-server connections to use TLS.
prosody_s2s_require_encryption: true

# List of ports to listen on for connections from XMPP servers.
prosody_s2s_ports:
  - 5269

# Whether to authenticate other servers using only TLS certificates.
prosody_s2s_secure_auth: true

# List of Prosody modules enabled by default.
prosody_modules_enabled:
  - roster
  - saslauth
  - tls
  - dialback
  - disco
  - carbons
  - pep
  - private
  - blocklist
  - vcard
  - version
  - uptime
  - time
  - ping
  - register
  - admin_adhoc

# List of Prosody modules disabled by default.
prosody_modules_disabled: []

prosody_http_files_dir: "/var/www/prosody"

# List of Prosody VirtualHosts to configure.
prosody_virtualhosts:
  - domain: localhost
    #state: present
    #enabled: true
    #certificate: /etc/prosody/certs/localhost.crt
    #key: /etc/prosody/certs/localhost.key
    # The password should be encrypted with Ansible Vault.
    #password: "passphrase to decrypt TLS key file"

# List of Prosody Components to configure.
prosody_components: []
#  - hostname: conference.example.com
#    plugin: muc
#    options:
#      restrict_room_creation: local

# List of Tor Onion service names whose onions should be added to the
# Prosody configuration's VirtualHosts list. This is mainly intended
# to make it possible to use Prosody HTTP modules that need to pass an
# HTTP Host header matching one of Tor's stealth Onion service onions.
#prosody_virtualhost_onions:
#  - name: example-onion
#    options: # Same as the `prosody_config.VirtualHost` keys.
#      # The special string `__PROSODY_DOMAIN__` will be replaced with
#      # the Onion domain extracted from the Tor `hostname` file.
#      http_external_url: "http://__PROSODY_DOMAIN__/"

# Complete Prosody configuration.
prosody_config:

  # Default TCP socket network interfaces to bind.
  # See https://prosody.im/doc/ports#default_interfaces
  #interfaces:
  #  - "*"  # All IPv4 interfaces.
  #  - "::" # All IPv6 interfaces.

  # Default private interfaces to bind to.
  # See https://prosody.im/doc/ports#default_interfaces
  #local_interfaces:
  #  - "127.0.0.1"
  #  - "::1"

  admins: "{{ prosody_admins }}"

  #data_path: "{{ prosody_server_data_dir }}"
  plugin_paths: "{{ prosody_plugin_paths }}"

  modules_enabled: "{{ prosody_modules_enabled }}"
  modules_disabled: "{{ prosody_modules_disabled }}"

  allow_registration: "{{ prosody_allow_registration }}"

  # Client-to-server settings.
  c2s_require_encryption: "{{ prosody_c2s_require_encryption }}"
  c2s_ports: "{{ prosody_c2s_ports }}"
  #c2s_interfaces:
  #  - "*"
  #  - "::"

  # Server-to-server settings.
  s2s_require_encryption: "{{ prosody_s2s_require_encryption }}"
  s2s_secure_auth: "{{ prosody_s2s_secure_auth }}"
  #s2s_insecure_domains: []
  #s2s_secure_domains: []
  s2s_ports: "{{ prosody_s2s_ports }}"
  #s2s_interfaces:
  #  - "*"
  #  - "::"

  pidfile: "{{ prosody_server_run_dir }}/prosody.pid"

  authentication: internal_hashed

  # See https://prosody.im/doc/storage
  #default_storage: internal
  #storage: internal
  #sql_manage_tables: true
  #sql:
    #driver: SQLite3
    #database: prosody.sqlite
    #username: prosody
    #password: secret
    #host: localhost

  archive_expires_after: "1w"

  log:
    info: "/var/log/prosody/prosody.log"
    error: "/var/log/prosody/prosody.err"

  #statistics: internal
  #conflict_resolve: kick_old
  #ignore_presence_priority: false

  # Location of directory to find certificates in (relative to main config file)
  certificates: certs

  VirtualHosts: "{{ prosody_virtualhosts }}"
  Components: "{{ prosody_components }}"

# List of user accounts registered with the Prosody server.
prosody_users: []
#  - jid: admin@localhost
#    password: password
#    state: present
#  - jid: test@localhost
#    password: password
#    state: absent