loglevel: info log_rotate_count: 0 # We assume external logrotate hosts: - ba.ln.ea.cx certfiles: - /etc/letsencrypt/live/ba.ln.ea.cx/fullchain.pem - /etc/letsencrypt/live/ba.ln.ea.cx/privkey.pem acme: auto: false # TLS configuration define_macro: 'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH" 'TLS_OPTIONS': - no_sslv3 - no_tlsv1 - no_tlsv1_1 - cipher_server_preference - no_compression # 'DH_FILE': "/path/to/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 2048 'IP4': "45.61.184.234" include_config_file: /run/keys/biboumi/password.yml: allow_only: [define_macro] /etc/lldap_readonly.passwd.yml: allow_only: [define_macro] c2s_ciphers: 'TLS_CIPHERS' s2s_ciphers: 'TLS_CIPHERS' c2s_protocol_options: 'TLS_OPTIONS' s2s_protocol_options: 'TLS_OPTIONS' # c2s_dhfile: 'DH_FILE' # s2s_dhfile: 'DH_FILE' acl: local: user_regexp: "" admin: user: marsironpi@ba.ln.ea.cx access_rules: configure: allow: owner c2s: allow: all deny: blocked announce: allow: admin muc_create: allow: local muc_admin: allow: admin ejabberd_stun: allow: local pubsub_createnode: allow: local proxy65_allow: allow: local http_upload_access: allow: local ejabberd_service: allow: local listen: - port: 5222 ip: "::" module: ejabberd_c2s max_stanza_size: 262144 # shaper: c2s_shaper access: c2s starttls_required: true protocol_options: 'TLS_OPTIONS' - port: 5223 ip: "::" module: ejabberd_c2s max_stanza_size: 262144 # shaper: c2s_shaper access: c2s tls: true protocol_options: 'TLS_OPTIONS' - port: 5269 ip: "::" module: ejabberd_s2s_in max_stanza_size: 524288 # shaper: s2s_shaper - port: 5270 ip: "::" module: ejabberd_s2s_in max_stanza_size: 524288 # shaper: s2s_shaper tls: true protocol_options: 'TLS_OPTIONS' - port: 5347 ip: 127.0.0.1 module: ejabberd_service access: ejabberd_service hosts: irc.ba.ln.ea.cx: password: BIBOUMI_PASSWORD - port: 5280 ip: "::" module: ejabberd_http request_handlers: /bosh: mod_bosh /.well-known/host-meta: mod_host_meta /.well-known/host-meta.json: mod_host_meta # /converse: mod_conversejs - port: 5443 ip: "::" module: ejabberd_http tls: true protocol_options: 'TLS_OPTIONS' request_handlers: /bosh: mod_bosh /ws: ejabberd_http_ws /upload: mod_http_upload - port: 3478 ip: "::" transport: udp module: ejabberd_stun use_turn: true auth_type: user turn_ipv4_address: 'IP4' # turn_ipv6_address: "" - port: 3478 ip: "::" transport: tcp module: ejabberd_stun use_turn: true auth_type: user turn_ipv4_address: 'IP4' # turn_ipv6_address: "" - port: 5349 ip: "::" transport: tcp module: ejabberd_stun use_turn: true auth_type: user tls: true turn_ipv4_address: 'IP4' # turn_ipv6_address: "" trusted_proxies: [127.0.0.1] # Disable digest-md5 SASL authentication. digest-md5 requires # plain-text password storage (see auth_password_format option). disable_sasl_mechanisms: - digest-md5 - X-OAUTH2 s2s_use_starttls: required # shaper: # normal: # rate: 3000 # burst_size: 20000 # fast: 200000 # shaper_rules: # max_user_sessions: 10 # max_user_offline_messages: # 1000: all # c2s_shaper: # normal: all # s2s_shaper: fast default_db: sql sql_type: sqlite sql_database: /var/lib/ejabberd/db.sqlite new_sql_schema: true update_sql_schema: true auth_method: ldap ldap_base: ou=people,dc=ba,dc=ln,dc=ea,dc=cx ldap_rootdn: uid=lldap_readonly,ou=people,dc=ba,dc=ln,dc=ea,dc=cx ldap_password: 'LLDAP_READONLY_PASSWORD' ldap_servers: - localhost ldap_port: 3890 ldap_uids: - jabberid - uid ldap_filter: "(memberOf=jabber)" modules: # Core mod_disco: {} # Service Discovery (XEP-0030) mod_caps: {} # Entity Capabilities (XEP-0115) mod_pubsub: # Personal Eventing Protocol (XEP-0163) access_createnode: pubsub_createnode hosts: - pub.@HOST@ plugins: - flat - pep force_node_config: "eu.siacs.conversations.axolotl.*": access_model: open # OMEMO should be open "storage:bookmarks": access_model: whitelist # Bookmarks should be private # Web mod_bosh: {} # XMPP Over BOSH (XEP-0206) mod_host_meta: {} # Discovering Alternative XMPP Connection Methods (XEP-0156) # mod_conversejs: # conversejs_options: # theme: dracula # assets_path: "./" # conversejs_resources: "/var/www/converse/dist" # conversejs_script: "converse.min.js" # conversejs_css: "converse.min.css" # IM mod_vcard: {} # vcard-temp (XEP-0054) mod_vcard_xupdate: {} # vCard-Based Avatars (XEP-0153) mod_avatar: {} # User Avatar to vCard-Based Avatars Conversion (XEP-0398) mod_carboncopy: {} # Message Carbons (XEP-0280) mod_privacy: {} mod_blocking: {} # Blocking Command (XEP-0191) mod_muc: # Multi-User Chat (XEP-0045) access_create: muc_create access_admin: muc_admin default_room_options: allow_subscription: true enable_hats: true mam: true persistent: true hosts: - cam.@HOST@ mod_private: {} # Bookmark Storage (XEP-0048), Private XML Storage (XEP-0049) mod_mam: # Message Archive Management (XEP-0313) assume_mam_usage: true default: always user_mucsub_from_muc_archive: true mod_stream_mgmt: # Stream Management (XEP-0198) resume_timeout: 2880 # 48 hours max_ack_queue: infinity mod_http_upload: # HTTP File Upload (XEP-0363) access: http_upload_access hosts: - dep.@HOST@ thumbnail: true rm_on_unregister: false custom_headers: "Access-Control-Allow-Origin": "https://@HOST@" "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS" "Access-Control-Allow-Headers": "Content-Type" # Mobile mod_client_state: {} # Client State Indication (XEP-0352) mod_push: {} # Push Notifications (XEP-0357) mod_push_keepalive: {} # A/V mod_stun_disco: # External Service Discovery (XEP-0215) access: ejabberd_stun # Misc. mod_adhoc: {} mod_announce: access: announce mod_configure: {} mod_last: {} mod_muc_admin: {} mod_offline: use_mam_for_storage: true mod_ping: {} mod_pres_counter: count: 100 interval: 1 min mod_proxy65: ip: "::" access: proxy65_access hosts: - pro.@HOST@ mod_roster: versioning: true mod_time: {} mod_version: {} ### Local Variables: ### mode: yaml ### End: ### vim: set filetype=yaml tabstop=8