blob: 438049e8d83e8d3cd5676ed588e9030f5831f045 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
prosody_certificate_dir: /etc/pki/prosody
prosody_module_dir: /usr/local/lib64/prosody/modules
prosody_data_dir: /var/lib/prosody
prosody_keytab: /var/lib/gssproxy/clients/{{ prosody_user }}.keytab
prosody_groups_file: /etc/prosody/groups.ini
prosody_module_repo: https://hg.prosody.im/prosody-modules/
prosody_packages:
- prosody
- lua-dbi
- lua-event
- lua-ldap
- lua-sec
- mercurial
prosody_apache_config: |
{{ apache_proxy_config }}
ProxyPass / http://127.0.0.1:{{ prosody_http_port }}/
ProxyPassReverse / http://127.0.0.1:{{ prosody_http_port }}/
prosody_selinux_policy_te: |
require {
type prosody_t;
type gssproxy_t;
type gssproxy_var_lib_t;
type ldap_port_t;
type unconfined_service_t;
type unreserved_port_t;
type sysctl_net_t;
class dir search;
class key read;
class file { read open getattr};
class sock_file write;
class udp_socket name_bind;
class unix_stream_socket connectto;
class tcp_socket name_connect;
}
#============= prosody_t ==============
allow prosody_t gssproxy_var_lib_t:dir search;
allow prosody_t gssproxy_var_lib_t:sock_file write;
allow prosody_t gssproxy_t:unix_stream_socket connectto;
allow prosody_t ldap_port_t:tcp_socket name_connect;
allow prosody_t sysctl_net_t:dir search;
allow prosody_t sysctl_net_t:file { read open getattr };
allow prosody_t unconfined_service_t:key read;
allow prosody_t unreserved_port_t:udp_socket name_bind;
|
