kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
chef/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
Râu Cao fe581c348a
Fix bookmarks disappearing for XMPP users 
The limit for PEP nodes was ridiculously low. No idea why, but it means
users were only able to save 10 items (e.g. channel bookmarks) at once.
2024-10-16 12:34:31 +02:00

293 lines
5.9 KiB
Plaintext
Raw Blame History

loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
hosts:
<% @hosts.each do |host| -%>
- "<%= host[:name] %>"
<% end -%>
<% @hosts.each do |host| -%>
include_config_file: "/opt/ejabberd/conf/<%= host[:name] %>.yml"
<% end -%>
ca_file: "/opt/ejabberd/conf/cacert.pem"
define_macro:
'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
'TLS_OPTIONS':
- "no_sslv3"
- "cipher_server_preference"
- "no_compression"
'DH_FILE': "/opt/ejabberd/conf/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048
c2s_dhfile: 'DH_FILE'
s2s_dhfile: 'DH_FILE'
c2s_ciphers: 'TLS_CIPHERS'
s2s_ciphers: 'TLS_CIPHERS'
c2s_protocol_options: 'TLS_OPTIONS'
s2s_protocol_options: 'TLS_OPTIONS'
acme:
auto: false
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
use_proxy_protocol: true
starttls: true
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5223
ip: "::"
module: ejabberd_c2s
use_proxy_protocol: true
tls: true
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
use_proxy_protocol: true
max_stanza_size: 131072
shaper: s2s_shaper
-
port: 80
ip: "<%= @private_ip_address %>"
module: ejabberd_http
request_handlers:
"/api": mod_http_api
tls: false
captcha: false
-
port: 5443
ip: "::"
module: ejabberd_http
use_proxy_protocol: true
request_handlers:
"/ws": ejabberd_http_ws
"/bosh": mod_bosh
"/admin": ejabberd_web_admin
custom_headers:
"Access-Control-Allow-Origin": "*"
"Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT"
"Access-Control-Allow-Headers": "Authorization"
"Access-Control-Allow-Credentials": "true"
tls: true
## "/pub/archive": mod_http_fileserver
## register: true
captcha: false
s2s_use_starttls: optional
auth_password_format: scram
auth_method: sql
default_db: sql
shaper:
normal:
rate: 3000
burst_size: 20000
fast: 100000
max_fsm_queue: 10000
acl:
admin:
user:
<% @admin_users.each do |admin| -%>
- "<%= admin %>"
<% end -%>
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
- "::1/128"
- "::FFFF:127.0.0.1/128"
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 1000
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
access_rules:
local:
- allow: local
c2s:
- deny: blocked
- allow
announce:
- allow: admin
configure:
- allow: admin
muc_create:
- allow: admin
- allow: local
pubsub_createnode:
- allow: local
register:
- allow
trusted_network:
- allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
- access:
- allow:
- acl: loopback
- acl: admin
- oauth:
- scope: "ejabberd:admin"
- access:
- allow:
- acl: loopback
- acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
- ip: "127.0.0.1/8"
what:
- "status"
- "connected_users_number"
"akkounts":
who:
<% @akkounts_ip_addresses.each do |ip| -%>
- ip: "<%= ip %>/32"
<% end -%>
what:
- "add_rosteritem"
- "delete_rosteritem"
- "send_message"
- "private_set"
language: "en"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce: # recommends mod_adhoc
access: announce
mod_blocking: {} # requires mod_privacy
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {} # requires mod_adhoc
mod_bosh: {}
mod_last: {}
mod_mam:
default: always
request_activates_archiving: true
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65: {}
mod_pubsub:
access_createnode: pubsub_createnode
ignore_pep_from_offline: false
last_item_cache: false
max_items_node: 10000
plugins:
- "flat"
- "pep" # pep requires mod_caps
mod_push: {}
mod_push_keepalive: {}
# Allow existing accounts to change their password
mod_register:
access: none
mod_roster:
versioning: true
store_current_id: true
mod_shared_roster: {}
mod_stun_disco:
offer_local_services: false
credentials_lifetime: 300
secret: <%= @stun_secret %>
services:
-
host: <%= @turn_domain %>
port: <%= @stun_turn_port %>
type: stun
transport: udp
restricted: false
-
host: <%= @turn_domain %>
port: <%= @stun_turn_port_tls %>
type: stuns
transport: tcp
restricted: false
-
host: <%= @turn_domain %>
port: <%= @stun_turn_port %>
type: turn
transport: udp
restricted: true
-
host: <%= @turn_domain %>
port: <%= @stun_turn_port_tls %>
type: turns
transport: tcp
restricted: true
mod_vcard:
search: false
mod_vcard_xupdate: {}
mod_avatar: {}
mod_version: {}
mod_stream_mgmt: {}
mod_s2s_dialback: {}
mod_http_api: {}
mod_muc_occupantid: {}
mod_muc_rtbl: {}
mod_s3_upload:
region: <%= @mod_s3_upload[:region] %>
bucket_url: <%= @mod_s3_upload[:bucket_url] %>
download_url: <%= @mod_s3_upload[:download_url] %>
access_key_id: <%= @mod_s3_upload[:key_id] %>
access_key_secret: <%= @mod_s3_upload[:secret_key] %>
max_size: 104857600
put_ttl: 600
set_public: true
service_name: 'S3 Upload'
access: local
hosts:
<% @hosts.each do |host| -%>
- "upload.<%= host[:name] %>"
<% end -%>
allow_contrib_modules: true
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
Reference in New Issue View Git Blame Copy Permalink