]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/ejabberd/ejabberd.yml
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add ejabberd service and website
[perso/Immae/Config/Nix.git] / modules / private / ejabberd / ejabberd.yml
1 ###
2 ### ejabberd configuration file
3 ###
4 ### The parameters used in this configuration file are explained at
5 ###
6 ### https://docs.ejabberd.im/admin/configuration
7 ###
8 ### The configuration file is written in YAML.
9 ### *******************************************************
10 ### ******* !!! WARNING !!! *******
11 ### ******* YAML IS INDENTATION SENSITIVE *******
12 ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
13 ### *******************************************************
14 ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
15 ### However, ejabberd treats different literals as different types:
16 ###
17 ### - unquoted or single-quoted strings. They are called "atoms".
18 ### Example: dog, 'Jupiter', '3.14159', YELLOW
19 ###
20 ### - numeric literals. Example: 3, -45.0, .0
21 ###
22 ### - quoted or folded strings.
23 ### Examples of quoted string: "Lizzard", "orange".
24 ### Example of folded string:
25 ### > Art thou not Romeo,
26 ### and a Montague?
27 ###
28
29 hosts:
30 - "immae.fr"
31
32 loglevel: 4
33 log_rotate_size: 10485760
34 log_rotate_date: ""
35 log_rotate_count: 1
36 log_rate_limit: 100
37
38 certfiles:
39 - "@certificatePrivateKeyAndFullChain@"
40
41 listen:
42 -
43 port: 5222
44 ip: "::"
45 module: ejabberd_c2s
46 max_stanza_size: 262144
47 shaper: c2s_shaper
48 access: c2s
49 starttls_required: true
50 -
51 port: 5269
52 ip: "::"
53 module: ejabberd_s2s_in
54 max_stanza_size: 524288
55 -
56 port: 5280
57 ip: "127.0.0.1"
58 module: ejabberd_http
59 request_handlers:
60 "/admin": ejabberd_web_admin
61 "/api": mod_http_api
62 "/bosh": mod_bosh
63 "/captcha": ejabberd_captcha
64 "/upload": mod_http_upload
65 "/ws": ejabberd_http_ws
66 tls: false
67
68 s2s_use_starttls: optional
69 s2s_cafile: "@certificateCA@"
70
71 default_db: sql
72 sql_type: pgsql
73 include_config_file: @sql_config_file@
74 include_config_file: @host_config_file@
75 new_sql_schema: true
76
77 acl:
78 admin:
79 - user: "ismael@immae.fr"
80 local:
81 user_regexp: ""
82 loopback:
83 ip:
84 - "127.0.0.0/8"
85 - "::1/128"
86 - "::FFFF:127.0.0.1/128"
87
88 access_rules:
89 local:
90 - allow: local
91 c2s:
92 - deny: blocked
93 - allow
94 announce:
95 - allow: admin
96 configure:
97 - allow: admin
98 muc_admin:
99 - allow: admin
100 muc_create:
101 - allow: local
102 muc:
103 - allow
104 pubsub_createnode:
105 - allow: local
106 register:
107 - deny
108 trusted_network:
109 - allow: loopback
110
111 api_permissions:
112 "console commands":
113 from:
114 - ejabberd_ctl
115 who: all
116 what: "*"
117 "admin access":
118 who:
119 - acl: admin
120 - oauth:
121 - scope: "ejabberd:admin"
122 - acl: admin
123 what:
124 - "*"
125 - "!stop"
126 - "!start"
127 "public commands":
128 who:
129 - ip:
130 - "0.0.0.0"
131 - "::"
132 what:
133 - "status"
134 - "connected_users_number"
135
136 shaper:
137 normal: 1000
138 fast: 50000
139
140 shaper_rules:
141 max_user_sessions: 10
142 max_user_offline_messages:
143 - 5000: admin
144 - 100
145 c2s_shaper:
146 - none: admin
147 - normal
148 s2s_shaper: fast
149
150 modules:
151 mod_adhoc: {}
152 mod_admin_extra: {}
153 mod_announce:
154 access: announce
155 mod_avatar: {}
156 mod_blocking: {}
157 mod_bosh: {}
158 mod_caps: {}
159 mod_carboncopy: {}
160 mod_client_state: {}
161 mod_configure: {}
162 mod_disco: {}
163 mod_fail2ban: {}
164 mod_http_api: {}
165 mod_http_upload:
166 put_url: "https://im.immae.fr/upload"
167 custom_headers:
168 "Access-Control-Allow-Origin": "*"
169 "Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, PUT, POST"
170 "Access-Control-Allow-Headers": "Content-Type"
171 mod_last: {}
172 mod_mam:
173 default: always
174 mod_muc:
175 access:
176 - allow
177 access_admin:
178 - allow: admin
179 access_create: muc_create
180 access_persistent: muc_create
181 default_room_options:
182 mam: true
183 mod_muc_admin: {}
184 mod_offline:
185 access_max_user_messages: max_user_offline_messages
186 mod_ping: {}
187 mod_privacy: {}
188 mod_private: {}
189 mod_proxy65:
190 access: local
191 max_connections: 5
192 mod_pubsub:
193 access_createnode: pubsub_createnode
194 plugins:
195 - "flat"
196 - "hometree"
197 - "pep"
198 force_node_config:
199 ## Change from "whitelist" to "open" to enable OMEMO support
200 ## See https://github.com/processone/ejabberd/issues/2425
201 "eu.siacs.conversations.axolotl.*":
202 access_model: open
203 ## Avoid buggy clients to make their bookmarks public
204 "storage:bookmarks":
205 access_model: whitelist
206 mod_push: {}
207 mod_push_keepalive: {}
208 mod_register:
209 ## Only accept registration requests from the "trusted"
210 ## network (see access_rules section above).
211 ## Think twice before enabling registration from any
212 ## address. See the Jabber SPAM Manifesto for details:
213 ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
214 ip_access: trusted_network
215 access: register
216 mod_roster:
217 versioning: true
218 mod_s2s_dialback: {}
219 mod_shared_roster: {}
220 mod_stats: {}
221 mod_stream_mgmt:
222 resend_on_timeout: if_offline
223 mod_time: {}
224 mod_vcard: {}
225 mod_vcard_xupdate: {}
226 mod_version:
227 show_os: false
228
229 ### Local Variables:
230 ### mode: yaml
231 ### End:
232 ### vim: set filetype=yaml tabstop=8
233
My infrastructure configuration