kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 29 Pull Requests 2 Projects 2 Activity

WIP: Set up ejabberd for kosmos.org #24

Closed
greg wants to merge 25 commits from feature/7-ejabberd_rebased into master
pull from: feature/7-ejabberd_rebased
merge into: kosmos:master
Conversation 6 Commits 25 Files Changed 71 +87 -69
1 changed files with 87 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 6b316f28fb - Show all commits

156
site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
View File

@ -1,9 +1,9 @@
language: "en"
loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
hosts:
@ -36,27 +36,47 @@ listen:
port: 5222
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
starttls: true
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5223
ip: "::"
module: ejabberd_c2s
tls: true
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
starttls_required: true
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
max_stanza_size: 131072
shaper: s2s_shaper
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
"/ws": ejabberd_http_ws
"/bosh": mod_bosh
"/api": mod_http_api
tls: true
## "/pub/archive": mod_http_fileserver
web_admin: true
## register: true
captcha: false
-
port: 5443
ip: "::"
module: ejabberd_http
request_handlers:
"/upload": mod_http_upload
"upload": mod_http_upload
<% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") -%>
tls: true
certfiles:
- "/opt/ejabberd/conf/kosmos.org.pem"
<% end -%>
custom_headers:
"Access-Control-Allow-Origin": "*"
"Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT"
@ -65,6 +85,9 @@ listen:
s2s_use_starttls: optional
auth_password_format: scram
auth_method: sql
default_db: sql
sql_type: pgsql
@ -73,14 +96,14 @@ sql_database: "ejabberd"
sql_username: "ejabberd"
sql_password: "<%= @pgsql_password %>"
new_sql_schema: true
shaper:
normal: 1000
fast: 50000
max_fsm_queue: 10000
acl:
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
- "::1/128"
- "::FFFF:127.0.0.1/128"
admin:
user:
- "greg@5apps.com"
@ -90,6 +113,25 @@ acl:
- "greg@kosmos.org"
- "galfert@kosmos.org"
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
- "::1/128"
- "::FFFF:127.0.0.1/128"
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 100
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
access_rules:
local:
- allow: local
@ -101,6 +143,7 @@ access_rules:
configure:
- allow: admin
muc_create:
- allow: admin
- allow: local
pubsub_createnode:
- allow: local
@ -138,50 +181,32 @@ api_permissions:
- "status"
- "connected_users_number"
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 100
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
max_fsm_queue: 10000
acme:
contact: "mailto:admin@vagrant.vm"
ca_url: "https://acme-v01.api.letsencrypt.org"
language: "en"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_admin_update_sql: {}
mod_announce:
mod_announce: # recommends mod_adhoc
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_blocking: {} # requires mod_privacy
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_configure: {} # requires mod_adhoc
mod_disco:
server_info:
-
modules: all
name: "abuse-addresses"
urls: ["mailto:abuse@kosmos.org"]
mod_bosh: {}
mod_http_upload:
docroot: "/var/www/xmpp.@HOST@/uploads/"
put_url: "https://xmpp.@HOST@:5443/upload"
thumbnail: false # otherwise needs the identify command from ImageMagick installed
mod_last: {}
mod_mam:
default: always
db_type: sql
assume_mam_usage: true
request_activates_archiving: true
mod_muc:
access:
@ -190,9 +215,7 @@ modules:
- allow: admin
raucao commented 2019-03-27 10:50:21 +00:00
Outdated
Review
Copy Link

It seems like this should be set to "open", according to the linked issue, no?

It seems like this should be set to "open", according to the linked issue, no?
greg commented 2019-03-27 10:58:40 +00:00
Outdated
Review
Copy Link

Fixed in ce4a4bf

Fixed in ce4a4bf
access_create: muc_create
access_persistent: muc_create
max_user_conferences: 1000
default_room_options:
allow_subscription: true # enable MucSub
mam: true
mod_muc_admin: {}
mod_offline:
@ -200,43 +223,37 @@ modules:
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_proxy65: {}
mod_pubsub:
access_createnode: pubsub_createnode
ignore_pep_from_offline: false
last_item_cache: false
max_items_node: 10
plugins:
- "flat"
- "pep"
force_node_config:
## Enable OMEMO support for clients using Conversations
## See https://github.com/processone/ejabberd/issues/2425
"eu.siacs.conversations.axolotl.*":
access_model: open
## Avoid buggy clients to make their bookmarks public
"storage:bookmarks":
access_model: whitelist
- "pep" # pep requires mod_caps
mod_push: {}
mod_push_keepalive: {}
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
welcome_message:
subject: "Welcome!"
body: |-
Hi.
Welcome to this XMPP server.
ip_access: trusted_network
access: register
mod_roster:
versioning: true
store_current_id: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard:
search: false
mod_vcard_xupdate: {}
mod_version:
show_os: false
mod_avatar: {}
mod_version: {}
mod_stream_mgmt: {}
mod_s2s_dialback: {}
mod_http_api: {}
append_host_config:
"kosmos.org":
@ -251,9 +268,10 @@ append_host_config:
access_persistent: muc_create
default_room_options:
mam: true
allow_contrib_modules: true
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8
### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker: