diff options
Diffstat (limited to 'ymir')
-rw-r--r-- | ymir/ejabberd.yml | 183 |
1 files changed, 183 insertions, 0 deletions
diff --git a/ymir/ejabberd.yml b/ymir/ejabberd.yml new file mode 100644 index 00000000..f51629e2 --- /dev/null +++ b/ymir/ejabberd.yml | |||
@@ -0,0 +1,183 @@ | |||
1 | loglevel: 4 | ||
2 | hosts: | ||
3 | - xmpp.li | ||
4 | - yggdrasil.li | ||
5 | - praseodym.org | ||
6 | - 141.li | ||
7 | - nights.email | ||
8 | certfiles: | ||
9 | - /var/lib/acme/yggdrasil.li/fullchain.pem | ||
10 | - /var/lib/acme/yggdrasil.li/key.pem | ||
11 | listen: | ||
12 | - port: 5222 | ||
13 | ip: "::" | ||
14 | module: ejabberd_c2s | ||
15 | starttls: true | ||
16 | starttls_required: true | ||
17 | max_stanza_size: 262144 | ||
18 | shaper: c2s_shaper | ||
19 | access: c2s | ||
20 | - port: 5269 | ||
21 | ip: "::" | ||
22 | module: ejabberd_s2s_in | ||
23 | max_stanza_size: 524288 | ||
24 | s2s_use_starttls: optional | ||
25 | |||
26 | auth_method: [pam] | ||
27 | pam_service: xmpp | ||
28 | |||
29 | acl: | ||
30 | local: | ||
31 | user_regexp: "" | ||
32 | loopback: | ||
33 | ip: | ||
34 | - 127.0.0.0/8 | ||
35 | - ::1/128 | ||
36 | admin: | ||
37 | user: | ||
38 | - "gkleen@xmpp.li" | ||
39 | - "gkleen@praseodym.org" | ||
40 | - "gkleen@141.li" | ||
41 | - "gkleen@yggdrasil.li" | ||
42 | |||
43 | access_rules: | ||
44 | local: | ||
45 | allow: local | ||
46 | c2s: | ||
47 | deny: blocked | ||
48 | allow: all | ||
49 | announce: | ||
50 | allow: admin | ||
51 | configure: | ||
52 | allow: admin | ||
53 | muc_create: | ||
54 | allow: local | ||
55 | pubsub_createnode: | ||
56 | allow: local | ||
57 | trusted_network: | ||
58 | allow: loopback | ||
59 | |||
60 | api_permissions: | ||
61 | "console commands": | ||
62 | from: | ||
63 | - ejabberd_ctl | ||
64 | who: all | ||
65 | what: "*" | ||
66 | "admin access": | ||
67 | who: | ||
68 | access: | ||
69 | allow: | ||
70 | - acl: loopback | ||
71 | - acl: admin | ||
72 | oauth: | ||
73 | scope: "ejabberd:admin" | ||
74 | access: | ||
75 | allow: | ||
76 | - acl: loopback | ||
77 | - acl: admin | ||
78 | what: | ||
79 | - "*" | ||
80 | - "!stop" | ||
81 | - "!start" | ||
82 | "public commands": | ||
83 | who: | ||
84 | ip: 127.0.0.1/8 | ||
85 | what: | ||
86 | - status | ||
87 | - connected_users_number | ||
88 | |||
89 | shaper: | ||
90 | normal: | ||
91 | rate: 3000 | ||
92 | burst_size: 20000 | ||
93 | fast: 100000 | ||
94 | |||
95 | shaper_rules: | ||
96 | max_user_sessions: 10 | ||
97 | max_user_offline_messages: | ||
98 | 5000: admin | ||
99 | 100: all | ||
100 | c2s_shaper: | ||
101 | none: admin | ||
102 | normal: all | ||
103 | s2s_shaper: fast | ||
104 | |||
105 | modules: | ||
106 | mod_adhoc: {} | ||
107 | mod_admin_extra: {} | ||
108 | mod_announce: | ||
109 | access: announce | ||
110 | mod_avatar: {} | ||
111 | mod_blocking: {} | ||
112 | mod_bosh: {} | ||
113 | mod_caps: {} | ||
114 | mod_carboncopy: {} | ||
115 | mod_client_state: {} | ||
116 | mod_configure: {} | ||
117 | mod_disco: {} | ||
118 | mod_fail2ban: {} | ||
119 | mod_http_api: {} | ||
120 | # mod_http_upload: | ||
121 | # put_url: https://@HOST@:5443/upload | ||
122 | # custom_headers: | ||
123 | # "Access-Control-Allow-Origin": "https://@HOST@" | ||
124 | # "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS" | ||
125 | # "Access-Control-Allow-Headers": "Content-Type" | ||
126 | mod_last: {} | ||
127 | mod_mam: | ||
128 | ## Mnesia is limited to 2GB, better to use an SQL backend | ||
129 | ## For small servers SQLite is a good fit and is very easy | ||
130 | ## to configure. Uncomment this when you have SQL configured: | ||
131 | ## db_type: sql | ||
132 | assume_mam_usage: true | ||
133 | default: always | ||
134 | mod_mqtt: {} | ||
135 | mod_muc: | ||
136 | access: | ||
137 | - allow | ||
138 | access_admin: | ||
139 | - allow: admin | ||
140 | access_create: muc_create | ||
141 | access_persistent: muc_create | ||
142 | access_mam: | ||
143 | - allow | ||
144 | default_room_options: | ||
145 | mam: true | ||
146 | mod_muc_admin: {} | ||
147 | mod_offline: | ||
148 | access_max_user_messages: max_user_offline_messages | ||
149 | mod_ping: {} | ||
150 | mod_privacy: {} | ||
151 | mod_private: {} | ||
152 | mod_proxy65: | ||
153 | access: local | ||
154 | max_connections: 5 | ||
155 | mod_pubsub: | ||
156 | access_createnode: pubsub_createnode | ||
157 | plugins: | ||
158 | - flat | ||
159 | - pep | ||
160 | force_node_config: | ||
161 | ## Avoid buggy clients to make their bookmarks public | ||
162 | storage:bookmarks: | ||
163 | access_model: whitelist | ||
164 | mod_push: {} | ||
165 | mod_push_keepalive: {} | ||
166 | mod_register: | ||
167 | ## Only accept registration requests from the "trusted" | ||
168 | ## network (see access_rules section above). | ||
169 | ## Think twice before enabling registration from any | ||
170 | ## address. See the Jabber SPAM Manifesto for details: | ||
171 | ## https://github.com/ge0rg/jabber-spam-fighting-manifesto | ||
172 | ip_access: trusted_network | ||
173 | mod_roster: | ||
174 | versioning: true | ||
175 | mod_s2s_dialback: {} | ||
176 | mod_shared_roster: {} | ||
177 | mod_stream_mgmt: | ||
178 | resend_on_timeout: if_offline | ||
179 | mod_stun_disco: {} | ||
180 | mod_vcard: {} | ||
181 | mod_vcard_xupdate: {} | ||
182 | mod_version: | ||
183 | show_os: false | ||