### ###' ejabberd configuration file ### for ### https://liberta.casa ### by georg@lysergic.dev ### ### The parameters used in this configuration file are explained at ### ### https://docs.ejabberd.im/admin/configuration ### ### The configuration file is written in YAML. ### ******************************************************* ### ******* !!! WARNING !!! ******* ### ******* YAML IS INDENTATION SENSITIVE ******* ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY ******* ### ******************************************************* ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description. ### hosts: - liberta.casa - lib.casa loglevel: debug certfiles: - "/etc/ssl/xmpp/xmpp.liberta.casa.crt" - "/etc/ssl/xmpp/private/xmpp.liberta.casa.key" # ca_file: "/opt/ejabberd/conf/cacert.pem" listen: - port: 5222 ip: "::" module: ejabberd_c2s max_stanza_size: 262144 shaper: c2s_shaper access: c2s starttls_required: true - port: 5269 ip: "::" module: ejabberd_s2s_in max_stanza_size: 524288 - port: 5443 ip: "127.0.0.2" module: ejabberd_http tls: true request_handlers: "/admin": ejabberd_web_admin "/api": mod_http_api "/bosh": mod_bosh "/captcha": ejabberd_captcha "/upload": mod_http_upload "/ws": ejabberd_http_ws # "/oauth": ejabberd_oauth - port: 5280 ip: "127.0.0.2" module: ejabberd_http request_handlers: "/admin": ejabberd_web_admin - port: 1883 ip: "::" module: mod_mqtt backlog: 1000 - port: 5347 ip: 127.0.0.2 module: ejabberd_service access: all hosts: "biboumi.xyz": password: $biboumisec s2s_use_starttls: required acl: local: user_regexp: "" loopback: ip: - 127.0.0.0/8 - ::1/128 - ::FFFF:127.0.0.1/128 admin: user: - georg@liberta.casa - acidsys@liberta.casa - mogad0n@liberta.casa access_rules: local: allow: local c2s: deny: blocked allow: all announce: allow: admin configure: allow: admin muc_create: allow: local pubsub_createnode: allow: local trusted_network: allow: loopback api_permissions: "console commands": from: - ejabberd_ctl who: all what: "*" "admin access": who: access: allow: acl: loopback acl: admin oauth: scope: "ejabberd:admin" access: allow: acl: loopback acl: admin what: - "*" - "!stop" - "!start" "public commands": who: ip: 127.0.0.1/8 what: - status - connected_users_number shaper: normal: 1000 fast: 50000 shaper_rules: max_user_sessions: 10 max_user_offline_messages: 5000: admin 100: all c2s_shaper: none: admin normal: all s2s_shaper: fast max_fsm_queue: 10000 acme: auto: false modules: mod_adhoc: {} mod_admin_extra: {} mod_announce: access: announce mod_avatar: {} mod_blocking: {} mod_bosh: {} mod_caps: {} mod_carboncopy: {} mod_client_state: {} mod_configure: {} mod_disco: extra_domains: [biboumi.xyz] name: "LibertaCasa" server_info: - modules: all name: admin-addresses urls: - mailto:hello@liberta.casa - xmpp:acidsys@liberta.casa - xmpp:mogad0n@liberta.casa - modules: all name: security-addresses urls: ["mailto:system@lysergic.dev"] - modules: all name: abuse-addresses urls: ["mailto:abuse@liberta.casa"] - modules: all name: status-addresses urls: ["https://status.liberta.casa"] mod_stun_disco: credentials_lifetime: 12h offer_local_services: false secret: "$stunstaticsec" services: - host: stun.lysergic.dev port: 3478 type: stun transport: udp restricted: false - host: turn.lysergic.dev port: 3478 type: turn transport: udp restricted: true - host: stuns.lysergic.dev port: 3478 type: stuns transport: tcp restricted: false - host: turns.lysergic.dev port: 3478 type: turns transport: tcp restricted: true #mod_fail2ban: {} mod_http_api: {} mod_http_upload: put_url: https://up.xmpp.@HOST@ external_secret: "$upsec" max_size: 26214400 access: all dir_mode: "0750" # thumbnail: true -- not built into the packaged version vcard: fn: "LibertaCasa Uploader" adr: - work: true street: "Data Highway 420" mod_last: {} mod_mam: ## Mnesia is limited to 2GB, better to use an SQL backend ## For small servers SQLite is a good fit and is very easy ## to configure. Uncomment this when you have SQL configured: db_type: sql assume_mam_usage: true default: never mod_mqtt: {} mod_muc: access: - allow access_admin: - allow: admin access_create: muc_create access_persistent: muc_create access_mam: - allow default_room_options: allow_subscription: true # enable MucSub mam: false allow_user_invites: true hosts: [conference.@HOST@, muc.@HOST@] mod_muc_admin: {} mod_offline: access_max_user_messages: max_user_offline_messages mod_ping: {} mod_privacy: {} mod_private: {} mod_proxy65: access: local max_connections: 5 mod_pubsub: access_createnode: pubsub_createnode plugins: - flat - pep force_node_config: ## Avoid buggy clients to make their bookmarks public storage:bookmarks: access_model: whitelist mod_push: {} mod_push_keepalive: {} mod_register: redirect_url: https://sso.casa/ mod_roster: versioning: true mod_s2s_dialback: {} mod_shared_roster: {} mod_stream_mgmt: resend_on_timeout: if_offline mod_vcard: db_type: ldap ldap_rootdn: "cn=ejabberd_vcard,ou=syscid-system,dc=syscid,dc=com" ldap_password: "$ldapvcardbindsec" ldap_base: "ou=libertacasa-users,dc=syscid,dc=com" ldap_vcard_map: NICKNAME: {"%u": []} GIVEN: {"%s": [givenName]} FAMILY: {"%s": [sn]} FN: {"%s": [displayName]} EMAIL: {"%s": [mail]} ID: {"%s": [entryid]} ldap_search_fields: User: "%u" Name: givenName "Family Name": sn Email: mail ID: entryid ldap_search_reported: Name: GIVEN Nickname: NICKNAME Email: EMAIL mod_vcard_xupdate: {} mod_version: show_os: false # custom entries sql_type: mysql sql_server: "$dbhost" sql_database: "$db" sql_username: "$dbuser" sql_password: "$dbsec" auth_method: - ldap - anonymous anonymous_protocol: sasl_anon disable_sasl_mechanisms: ["X-OAUTH2"] ldap_servers: - orpheus.syscid.com - gaia.syscid.com ldap_encrypt: tls ldap_tls_cacertfile: /etc/pki/trust/anchors/syscid-ca.crt ldap_tls_verify: hard ldap_password: "$ldapbindsec" ldap_rootdn: "cn=ejabberd,ou=syscid-system,dc=syscid,dc=com" ldap_filter: "(objectClass=inetOrgPerson)" #append_host_config: ### Local Variables: ### mode: yaml ### End: ### vim: set filetype=yaml tabstop=8