diff --git a/ejabberd.yml b/ejabberd.yml deleted file mode 100644 index dc0132f..0000000 --- a/ejabberd.yml +++ /dev/null @@ -1,277 +0,0 @@ - -### -### ejabberd configuration file -### -### The parameters used in this configuration file are explained at -### -### https://docs.ejabberd.im/admin/configuration -### -### The configuration file is written in YAML. -### ******************************************************* -### ******* !!! WARNING !!! ******* -### ******* YAML IS INDENTATION SENSITIVE ******* -### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY ******* -### ******************************************************* -### Refer to http://en.wikipedia.org/wiki/YAML for the brief description. -### -define_macro: - BACKLOG: 50 - DH_FILE: /etc/ssl/dh2048.pem - CIPHERS: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" - TLS_OPTIONS: - - "no_sslv2" - - "no_sslv3" - - "no_tlsv1" - - "no_tlsv1_1" - - "cipher_server_preference" - - "no_compression" - -hosts: - - ksi.xyz - -loglevel: info - -acme: - auto: false - -certfiles: - - FILL IN - -c2s_ciphers: TLS_CIPHERS -c2s_protocol_options: TLS_OPTIONS -c2s_dhfile: DH_FILE -s2s_ciphers: TLS_CIPHERS -s2s_protocol_options: TLS_OPTIONS -s2s_dhfile: DH_FILE -s2s_use_starttls: required - -listen: - - - port: 5222 - ip: "::" - module: ejabberd_c2s - max_stanza_size: 262144 - starttls: true - starttls_required: false - tls_compression: false - shaper: c2s_shaper - access: c2s - backlog: BACKLOG - - - port: 5223 - ip: "::" - tls: true - backlog: BACKLOG - module: ejabberd_c2s - max_stanza_size: 262144 - shaper: c2s_shaper - access: c2s - tls_compression: false - - - port: 5269 - ip: "::" - module: ejabberd_s2s_in - max_stanza_size: 524288 - tls_compression: false - - - port: 5270 - ip: "::" - backlog: BACKLOG - module: ejabberd_s2s_in - max_stanza_size: 524288 - tls_compression: false - - - port: 5280 - ip: "::" - module: ejabberd_http - request_handlers: - /admin: ejabberd_web_admin - /.well-known/acme-challenge: ejabberd_acme - /upload: mod_http_upload - - - port: 3478 - ip: "::" - transport: udp - module: ejabberd_stun - use_turn: true - - - port: 1883 - ip: "::" - module: mod_mqtt - backlog: 1000 - -auth_method: sql -default_db: sql - -sql_type: mysql -sql_server: "localhost" -sql_database: "ejabberd" -sql_username: "ejabberd" -sql_password: "password" - -acl: - admin: - user: admin@domain.tld - local: - user_regexp: "" - loopback: - ip: - - 127.0.0.0/8 - - ::1/128 - -access_rules: - configure: - allow: admin # only allow an admin to configure the server - local: - allow: local - c2s: - allow: all - deny: blocked - announce: - allow: admin # only allow an admin to send announcements - muc_create: - allow: admin # only allow an admin to create MUCs - pubsub_createnode: - allow: local - trusted_network: - allow: loopback - -api_permissions: - "console commands": - from: - - ejabberd_ctl - who: all - what: "*" - "admin access": - who: - access: - allow: - - acl: loopback - - acl: admin - oauth: - scope: "ejabberd:admin" - access: - allow: - - acl: loopback - - acl: admin - what: - - "*" - - "!stop" - - "!start" - "public commands": - who: - ip: 127.0.0.1/8 - what: - - status - - connected_users_number - -shaper: - normal: - rate: 1000000 # For Monal it was rather low, we only have 30 seconds for handling a push notification (Loading all messages that are pending from the server). - burst_size: 5000000 # Same as above. I opted for rather large values, may be a bit to high depending on your server - fast: 50000000 - -shaper_rules: - max_user_sessions: 10 - max_user_offline_messages: - 5000: admin - 1000: all - c2s_shaper: - none: admin - normal: all - s2s_shaper: fast - soft_upload_quota: - 3700: all # MB - hard_upload_quota: - 4000: all # MB - -modules: - mod_adhoc: {} - mod_admin_extra: {} - mod_announce: - access: announce - mod_avatar: {} - mod_blocking: {} - mod_bosh: {} - mod_caps: {} - mod_carboncopy: {} - mod_client_state: {} - mod_configure: {} - mod_disco: {} - mod_fail2ban: {} - mod_http_api: {} - mod_http_upload: - put_url: "https://upload./upload/@HOST@" - hosts: - - upload. - custom_headers: - "Access-Control-Allow-Origin": "*" - "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS" - "Access-Control-Allow-Headers": "Content-Type" - #mod_http_upload_quota: - #max_days: 100 # 100 days until content is deleted - mod_last: {} - mod_mam: - ## Mnesia is limited to 2GB, better to use an SQL backend - ## For small servers SQLite is a good fit and is very easy - ## to configure. Uncomment this when you have SQL configured: - db_type: sql - assume_mam_usage: true - default: always - mod_mqtt: {} - mod_muc: - access: - - allow - access_admin: - - allow: admin - access_create: muc_create - access_persistent: muc_create - access_mam: - - allow - default_room_options: - mam: true - mod_muc_admin: {} - mod_offline: - access_max_user_messages: max_user_offline_messages - mod_ping: {} - mod_privacy: {} - mod_private: {} - mod_proxy65: - access: local - max_connections: 5 - mod_pubsub: - access_createnode: pubsub_createnode - plugins: - - flat - - pep - force_node_config: - ## Avoid buggy clients to make their bookmarks public - "eu.siacs.conversations.axolotl.*": - access_model: open - storage:bookmarks: - access_model: whitelist - mod_push: {} - mod_push_keepalive: {} - mod_register: - ## Only accept registration requests from the "trusted" - ## network (see access_rules section above). - ## Think twice before enabling registration from any - ## address. See the Jabber SPAM Manifesto for details: - ## https://github.com/ge0rg/jabber-spam-fighting-manifesto - ip_access: trusted_network - mod_roster: - versioning: true - mod_s2s_dialback: {} - mod_shared_roster: {} - mod_stream_mgmt: - resend_on_timeout: if_offline - mod_stun_disco: {} - mod_vcard: {} - mod_vcard_xupdate: {} - mod_version: - show_os: false - -### Local Variables: -### mode: yaml -### End: -### vim: set filetype=yaml tabstop=8