kosmos/chef
8
3
Fork 0
Code Issues 32 Pull Requests 1 Projects 2 Activity

WIP: Set up ejabberd for kosmos.org #24

Closed
greg wants to merge 25 commits from feature/7-ejabberd_rebased into master
pull from: feature/7-ejabberd_rebased
merge into: kosmos:master
Conversation 6 Commits 25 Files Changed 71 +87 -69
1 changed files with 87 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 6b316f28fb - Show all commits

156
site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
View File

@@ -1,9 +1,9 @@
language: "en"
loglevel: 4 loglevel: 4
log_rotate_size: 10485760 log_rotate_size: 10485760
log_rotate_date: "" log_rotate_date: ""
log_rotate_count: 1 log_rotate_count: 1
log_rate_limit: 100 log_rate_limit: 100
hosts: hosts:
@@ -36,27 +36,47 @@ listen:
port: 5222 port: 5222
ip: "::" ip: "::"
module: ejabberd_c2s module: ejabberd_c2s
max_stanza_size: 262144 starttls: true
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5223
ip: "::"
module: ejabberd_c2s
tls: true
max_stanza_size: 65536
shaper: c2s_shaper shaper: c2s_shaper
access: c2s access: c2s
starttls_required: true
- -
port: 5269 port: 5269
ip: "::" ip: "::"
module: ejabberd_s2s_in module: ejabberd_s2s_in
max_stanza_size: 524288 max_stanza_size: 131072
shaper: s2s_shaper
- -
port: 5280 port: 5280
ip: "::" ip: "::"
module: ejabberd_http module: ejabberd_http
request_handlers:
"/ws": ejabberd_http_ws
"/bosh": mod_bosh
"/api": mod_http_api
tls: true
## "/pub/archive": mod_http_fileserver
web_admin: true web_admin: true
## register: true
captcha: false
- -
port: 5443 port: 5443
ip: "::"
module: ejabberd_http module: ejabberd_http
request_handlers: request_handlers:
"/upload": mod_http_upload "upload": mod_http_upload
<% if File.exist?("/opt/ejabberd/conf/kosmos.org.pem") -%>
tls: true tls: true
certfiles:
- "/opt/ejabberd/conf/kosmos.org.pem"
<% end -%>
custom_headers: custom_headers:
"Access-Control-Allow-Origin": "*" "Access-Control-Allow-Origin": "*"
"Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT" "Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT"
@@ -65,6 +85,9 @@ listen:
s2s_use_starttls: optional s2s_use_starttls: optional
auth_password_format: scram
auth_method: sql
default_db: sql default_db: sql
sql_type: pgsql sql_type: pgsql
@@ -73,14 +96,14 @@ sql_database: "ejabberd"
sql_username: "ejabberd" sql_username: "ejabberd"
sql_password: "<%= @pgsql_password %>" sql_password: "<%= @pgsql_password %>"
new_sql_schema: true new_sql_schema: true
shaper:
normal: 1000
fast: 50000
max_fsm_queue: 10000
acl: acl:
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
- "::1/128"
- "::FFFF:127.0.0.1/128"
admin: admin:
user: user:
- "greg@5apps.com" - "greg@5apps.com"
@@ -90,6 +113,25 @@ acl:
- "greg@kosmos.org" - "greg@kosmos.org"
- "galfert@kosmos.org" - "galfert@kosmos.org"
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
- "::1/128"
- "::FFFF:127.0.0.1/128"
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 100
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
access_rules: access_rules:
local: local:
- allow: local - allow: local
@@ -101,6 +143,7 @@ access_rules:
configure: configure:
- allow: admin - allow: admin
muc_create: muc_create:
- allow: admin
- allow: local - allow: local
pubsub_createnode: pubsub_createnode:
- allow: local - allow: local
@@ -138,50 +181,32 @@ api_permissions:
- "status" - "status"
- "connected_users_number" - "connected_users_number"
shaper: language: "en"
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 100
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
max_fsm_queue: 10000
acme:
contact: "mailto:admin@vagrant.vm"
ca_url: "https://acme-v01.api.letsencrypt.org"
modules: modules:
mod_adhoc: {} mod_adhoc: {}
mod_admin_extra: {} mod_admin_extra: {}
mod_admin_update_sql: {} mod_announce: # recommends mod_adhoc
mod_announce:
access: announce access: announce
mod_avatar: {} mod_blocking: {} # requires mod_privacy
mod_blocking: {}
mod_bosh: {}
mod_caps: {} mod_caps: {}
mod_carboncopy: {} mod_carboncopy: {}
mod_client_state: {} mod_client_state: {}
mod_configure: {} mod_configure: {} # requires mod_adhoc
mod_disco: {} mod_disco:
mod_fail2ban: {} server_info:
mod_http_api: {} -
modules: all
name: "abuse-addresses"
urls: ["mailto:abuse@kosmos.org"]
mod_bosh: {}
mod_http_upload: mod_http_upload:
docroot: "/var/www/xmpp.@HOST@/uploads/" docroot: "/var/www/xmpp.@HOST@/uploads/"
put_url: "https://xmpp.@HOST@:5443/upload" put_url: "https://xmpp.@HOST@:5443/upload"
thumbnail: false # otherwise needs the identify command from ImageMagick installed
mod_last: {} mod_last: {}
mod_mam: mod_mam:
default: always default: always
db_type: sql
assume_mam_usage: true
request_activates_archiving: true request_activates_archiving: true
mod_muc: mod_muc:
access: access:
@@ -190,9 +215,7 @@ modules:
- allow: admin - allow: admin
raucao commented 2019-03-27 10:50:21 +00:00
Outdated
Review
Copy Link

It seems like this should be set to "open", according to the linked issue, no?

It seems like this should be set to "open", according to the linked issue, no?
greg commented 2019-03-27 10:58:40 +00:00
Outdated
Review
Copy Link

Fixed in ce4a4bf

Fixed in ce4a4bf
access_create: muc_create access_create: muc_create
access_persistent: muc_create access_persistent: muc_create
max_user_conferences: 1000
default_room_options: default_room_options:
allow_subscription: true # enable MucSub
mam: true mam: true
mod_muc_admin: {} mod_muc_admin: {}
mod_offline: mod_offline:
@@ -200,43 +223,37 @@ modules:
mod_ping: {} mod_ping: {}
mod_privacy: {} mod_privacy: {}
mod_private: {} mod_private: {}
mod_proxy65: mod_proxy65: {}
access: local
max_connections: 5
mod_pubsub: mod_pubsub:
access_createnode: pubsub_createnode access_createnode: pubsub_createnode
ignore_pep_from_offline: false
last_item_cache: false
max_items_node: 10
plugins: plugins:
- "flat" - "flat"
- "pep" - "pep" # pep requires mod_caps
force_node_config:
## Enable OMEMO support for clients using Conversations
## See https://github.com/processone/ejabberd/issues/2425
"eu.siacs.conversations.axolotl.*":
access_model: open
## Avoid buggy clients to make their bookmarks public
"storage:bookmarks":
access_model: whitelist
mod_push: {} mod_push: {}
mod_push_keepalive: {} mod_push_keepalive: {}
mod_register: mod_register:
## Only accept registration requests from the "trusted" welcome_message:
## network (see access_rules section above). subject: "Welcome!"
## Think twice before enabling registration from any body: |-
## address. See the Jabber SPAM Manifesto for details: Hi.
## https://github.com/ge0rg/jabber-spam-fighting-manifesto Welcome to this XMPP server.
ip_access: trusted_network ip_access: trusted_network
access: register
mod_roster: mod_roster:
versioning: true versioning: true
store_current_id: true store_current_id: true
mod_s2s_dialback: {}
mod_shared_roster: {} mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard: mod_vcard:
search: false search: false
mod_vcard_xupdate: {} mod_vcard_xupdate: {}
mod_version: mod_avatar: {}
show_os: false mod_version: {}
mod_stream_mgmt: {}
mod_s2s_dialback: {}
mod_http_api: {}
append_host_config: append_host_config:
"kosmos.org": "kosmos.org":
@@ -251,9 +268,10 @@ append_host_config:
access_persistent: muc_create access_persistent: muc_create
default_room_options: default_room_options:
mam: true mam: true
allow_contrib_modules: true allow_contrib_modules: true
### Local Variables: ### Local Variables:
### mode: yaml ### mode: yaml
### End: ### End:
### vim: set filetype=yaml tabstop=8 ### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker: