diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb index 133e978..9730415 100644 --- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb +++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb @@ -1,9 +1,9 @@ -language: "en" - loglevel: 4 + log_rotate_size: 10485760 log_rotate_date: "" log_rotate_count: 1 + log_rate_limit: 100 hosts: @@ -36,27 +36,47 @@ listen: port: 5222 ip: "::" module: ejabberd_c2s - max_stanza_size: 262144 + starttls: true + max_stanza_size: 65536 + shaper: c2s_shaper + access: c2s + - + port: 5223 + ip: "::" + module: ejabberd_c2s + tls: true + max_stanza_size: 65536 shaper: c2s_shaper access: c2s - starttls_required: true - port: 5269 ip: "::" module: ejabberd_s2s_in - max_stanza_size: 524288 + max_stanza_size: 131072 + shaper: s2s_shaper - port: 5280 ip: "::" module: ejabberd_http + request_handlers: + "/ws": ejabberd_http_ws + "/bosh": mod_bosh + "/api": mod_http_api + tls: true + ## "/pub/archive": mod_http_fileserver web_admin: true + ## register: true + captcha: false - port: 5443 - ip: "::" module: ejabberd_http request_handlers: - "/upload": mod_http_upload + "upload": mod_http_upload + <% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") -%> tls: true + certfiles: + - "/opt/ejabberd/conf/kosmos.org.pem" + <% end -%> custom_headers: "Access-Control-Allow-Origin": "*" "Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT" @@ -65,6 +85,9 @@ listen: s2s_use_starttls: optional +auth_password_format: scram +auth_method: sql + default_db: sql sql_type: pgsql @@ -73,14 +96,14 @@ sql_database: "ejabberd" sql_username: "ejabberd" sql_password: "<%= @pgsql_password %>" new_sql_schema: true + +shaper: + normal: 1000 + fast: 50000 + +max_fsm_queue: 10000 + acl: - local: - user_regexp: "" - loopback: - ip: - - "127.0.0.0/8" - - "::1/128" - - "::FFFF:127.0.0.1/128" admin: user: - "greg@5apps.com" @@ -90,6 +113,25 @@ acl: - "greg@kosmos.org" - "galfert@kosmos.org" + local: + user_regexp: "" + + loopback: + ip: + - "127.0.0.0/8" + - "::1/128" + - "::FFFF:127.0.0.1/128" + +shaper_rules: + max_user_sessions: 10 + max_user_offline_messages: + - 5000: admin + - 100 + c2s_shaper: + - none: admin + - normal + s2s_shaper: fast + access_rules: local: - allow: local @@ -101,6 +143,7 @@ access_rules: configure: - allow: admin muc_create: + - allow: admin - allow: local pubsub_createnode: - allow: local @@ -138,50 +181,32 @@ api_permissions: - "status" - "connected_users_number" -shaper: - normal: 1000 - fast: 50000 - -shaper_rules: - max_user_sessions: 10 - max_user_offline_messages: - - 5000: admin - - 100 - c2s_shaper: - - none: admin - - normal - s2s_shaper: fast - -max_fsm_queue: 10000 - -acme: - contact: "mailto:admin@vagrant.vm" - ca_url: "https://acme-v01.api.letsencrypt.org" +language: "en" modules: mod_adhoc: {} mod_admin_extra: {} - mod_admin_update_sql: {} - mod_announce: + mod_announce: # recommends mod_adhoc access: announce - mod_avatar: {} - mod_blocking: {} - mod_bosh: {} + mod_blocking: {} # requires mod_privacy mod_caps: {} mod_carboncopy: {} mod_client_state: {} - mod_configure: {} - mod_disco: {} - mod_fail2ban: {} - mod_http_api: {} + mod_configure: {} # requires mod_adhoc + mod_disco: + server_info: + - + modules: all + name: "abuse-addresses" + urls: ["mailto:abuse@kosmos.org"] + mod_bosh: {} mod_http_upload: docroot: "/var/www/xmpp.@HOST@/uploads/" put_url: "https://xmpp.@HOST@:5443/upload" + thumbnail: false # otherwise needs the identify command from ImageMagick installed mod_last: {} mod_mam: default: always - db_type: sql - assume_mam_usage: true request_activates_archiving: true mod_muc: access: @@ -190,9 +215,7 @@ modules: - allow: admin access_create: muc_create access_persistent: muc_create - max_user_conferences: 1000 default_room_options: - allow_subscription: true # enable MucSub mam: true mod_muc_admin: {} mod_offline: @@ -200,43 +223,37 @@ modules: mod_ping: {} mod_privacy: {} mod_private: {} - mod_proxy65: - access: local - max_connections: 5 + mod_proxy65: {} mod_pubsub: access_createnode: pubsub_createnode + ignore_pep_from_offline: false + last_item_cache: false + max_items_node: 10 plugins: - "flat" - - "pep" - force_node_config: - ## Enable OMEMO support for clients using Conversations - ## See https://github.com/processone/ejabberd/issues/2425 - "eu.siacs.conversations.axolotl.*": - access_model: open - ## Avoid buggy clients to make their bookmarks public - "storage:bookmarks": - access_model: whitelist + - "pep" # pep requires mod_caps mod_push: {} mod_push_keepalive: {} mod_register: - ## Only accept registration requests from the "trusted" - ## network (see access_rules section above). - ## Think twice before enabling registration from any - ## address. See the Jabber SPAM Manifesto for details: - ## https://github.com/ge0rg/jabber-spam-fighting-manifesto + welcome_message: + subject: "Welcome!" + body: |- + Hi. + Welcome to this XMPP server. ip_access: trusted_network + access: register mod_roster: versioning: true store_current_id: true - mod_s2s_dialback: {} mod_shared_roster: {} - mod_stream_mgmt: - resend_on_timeout: if_offline mod_vcard: search: false mod_vcard_xupdate: {} - mod_version: - show_os: false + mod_avatar: {} + mod_version: {} + mod_stream_mgmt: {} + mod_s2s_dialback: {} + mod_http_api: {} append_host_config: "kosmos.org": @@ -251,9 +268,10 @@ append_host_config: access_persistent: muc_create default_room_options: mam: true + allow_contrib_modules: true ### Local Variables: ### mode: yaml ### End: -### vim: set filetype=yaml tabstop=8 +### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker: