licaon-kter/ejabberd.yml Secret

## ejabberd.yml
hosts:
  - mydomain.tld
  - meet.mydomain.tld

loglevel: 4

log_rotate_size: 10485760
log_rotate_count: 99

hide_sensitive_log_data: true

acme:
  auto: false

certfiles:
  - /etc/ejabberd/certs/mydomain.tld.crt.pem
  - /etc/ejabberd/certs/mydomain.tld.key.pem

define_macro:
  'TLS_CIPHERS': "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"
  'TLS_OPTIONS':
    - "cipher_server_preference"
    - "no_compression"
    - "no_sslv3"
    - "no_tlsv1"
    - "no_tlsv1_1"
  'DH_FILE': "/usr/local/etc/ejabberd/dhparams.pem"

c2s_dhfile: 'DH_FILE'
s2s_dhfile: 'DH_FILE'
c2s_ciphers: 'TLS_CIPHERS'
s2s_ciphers: 'TLS_CIPHERS'
c2s_protocol_options: 'TLS_OPTIONS'
s2s_protocol_options: 'TLS_OPTIONS'
s2s_use_starttls: required
s2s_timeout: infinity

listen:
  -
    port: 5222
    module: ejabberd_c2s
    starttls: true
    starttls_required: true
    zlib: true
    max_stanza_size: 262144
    shaper: c2s_shaper
    access: c2s
  -
    port: 5223
    module: ejabberd_c2s
    tls: true
    zlib: true
    max_stanza_size: 262144
    shaper: c2s_shaper
    access: c2s
  -
    port: 5269
    module: ejabberd_s2s_in
    max_stanza_size: 524288
  -
    port: 5280
    module: ejabberd_http
    request_handlers:
      "/admin": ejabberd_web_admin
    protocol_options: 'TLS_OPTIONS'
    dhfile: 'DH_FILE'
    ciphers: 'TLS_CIPHERS'
  -
    port: 5347
    module: ejabberd_service
    hosts:
      "focus.meet.mydomain.tld":
        password: ""
  -
    port: 5443
    module: ejabberd_http
    request_handlers:
      "/ws": ejabberd_http_ws
      "/http-bind": mod_bosh
    tls: true
    protocol_options: 'TLS_OPTIONS'
    dhfile: 'DH_FILE'
    ciphers: 'TLS_CIPHERS'
  -
    port: 5444
    module: ejabberd_http
    request_handlers:
      "": mod_http_upload
    tls: true
    protocol_options: 'TLS_OPTIONS'
    dhfile: 'DH_FILE'
    ciphers: 'TLS_CIPHERS'
  -
    port: 9999
    transport: udp
    use_turn: true
    turn_min_port: 60000
    turn_max_port: 65000
    turn_ipv4_address: MY.EXT.ERN.AL
    auth_realm: mydomain.tld
    module: ejabberd_stun
    turn_blacklist: []
  -
    port: 9999
    use_turn: true
    turn_min_port: 60000
    turn_max_port: 65000
    turn_ipv4_address: MY.EXT.ERN.AL
    auth_realm: mydomain.tld
    module: ejabberd_stun
    turn_blacklist: []
  -
    port: 9998
    use_turn: true
    turn_min_port: 60000
    turn_max_port: 65000
    turn_ipv4_address: MY.EXT.ERN.AL
    auth_realm: mydomain.tld
    module: ejabberd_stun
    tls: true
    certfile: /usr/local/etc/ejabberd/certs/test.pem
    turn_blacklist: []

host_config:
  "mydomain.tld":
    auth_method: sql
    auth_password_format: scram
  "meet.mydomain.tld":
    auth_method: anonymous
    allow_multiple_connections: true
    anonymous_protocol: both
    s2s_access: none

default_db: sql
sql_type: pgsql
sql_server: "localhost"
sql_database: "database"
sql_username: "database"
sql_password: ""
new_sql_schema: true
sql_pool_size: 2
disable_sasl_mechanisms: ["X-OAUTH2"]

acl:
  admin:
    user:
      - "admin@mydomain.tld"
      - "focus@mydomain.tld"
  local:
    user_regexp: ""
  loopback:
    ip:
      - 127.0.0.0/8
      - ::1/128
      - ::FFFF:127.0.0.1/128
  blocked_servers:
    server:
      - "itmightbematrix.org"

access_rules:
  local:
    allow: local
  c2s:
    deny: blocked
    allow: all
  s2s:
    deny: blocked_servers
    allow: all
  announce:
    allow: admin
  configure:
    allow: admin
  muc_create:
    allow: local
  pubsub_createnode:
    allow: local

s2s_access: s2s

registration_timeout: 1

api_permissions:
  "console commands":
    from:
      - ejabberd_ctl
    who: all
    what: "*"
  "admin access":
    who:
      access:
        allow:
          acl: loopback
          acl: admin
      oauth:
        scope: "ejabberd:admin"
        access:
          allow:
            acl: loopback
            acl: admin
    what:
      - "*"
      - "!stop"
      - "!start"
  "public commands":
    who:
      ip: 127.0.0.1/8
    what:
      - status
      - connected_users_number

shaper:
  normal:
    rate: 32767
    burst_size: 65535
  fast: 5242880

shaper_rules:
  max_user_sessions: 32
  max_user_offline_messages:
    5000: admin
    5000: all
  c2s_shaper:
    none: admin
    normal: all
  s2s_shaper: fast

modules:
  mod_adhoc: {}
  mod_admin_extra: {}
  mod_announce:
    access: announce
  mod_avatar: {}
  mod_blocking: {}
  mod_bosh: {}
  mod_caps: {}
  mod_carboncopy: {}
  mod_client_state: {}
  mod_configure: {}
  mod_disco:
    server_info:
      -
        modules: all
        name: "abuse-addresses"
        urls: ["xmpp:admin@mydomain.tld"]
      -
        modules: [mod_disco]
        name: "feedback-addresses"
        urls: ["xmpp:admin@mydomain.tld"]
      -
        modules:
          - mod_disco
          - mod_vcard
        name: "admin-addresses"
        urls: ["xmpp:admin@mydomain.tld"]
  mod_fail2ban: {}
  mod_last: {}
  mod_mam:
    assume_mam_usage: true
    default: always
    compress_xml: true
  mod_offline:
    access_max_user_messages: max_user_offline_messages
    store_groupchat: true
    use_mam_for_storage: true
  mod_ping: {}
  mod_pres_counter:
    count: 16
    interval: 60 secs
  mod_privacy: {}
  mod_private: {}
  mod_proxy65:
    ip: "127.0.0.1"
    hosts:
      - "proxy.@HOST@"
    shaper: normal
    access: local
    max_connections: 10
  mod_pubsub:
    access_createnode: pubsub_createnode
    ignore_pep_from_offline: false
    last_item_cache: true
    plugins:
      - pep
      - flat
    force_node_config:
      eu.siacs.conversations.axolotl.*:
        access_model: open
      storage:bookmarks:
        access_model: whitelist
  mod_push: {}
  mod_push_keepalive: {}
  mod_register:
    access: none
  mod_roster:
    versioning: true
  mod_shared_roster: {}
  mod_stream_mgmt:
    resend_on_timeout: if_offline
  mod_stun_disco:
    services:
      -
        host: MY.EXT.ERN.AL
        port: 9999
        type: stun
      -
        host: MY.EXT.ERN.AL
        port: 9999
        type: turn
      -
        host: MY.EXT.ERN.AL
        port: 9999
        type: stun
        transport: tcp
      -
        host: MY.EXT.ERN.AL
        port: 9999
        type: turn
        transport: tcp
      -
        host: mydomain.tld
        port: 9998
        type: stuns
      -
        host: mydomain.tld
        port: 9998
        type: turns
  mod_vcard: {}
  mod_vcard_xupdate: {}
  mod_version:
    show_os: false

append_host_config:
  "mydomain.tld":
    modules:
      mod_http_upload:
        docroot: /var/www/upload
        put_url: "https://upload.@HOST@"
        external_secret: ""
      mod_http_upload_quota:
        max_days: 60
      mod_muc:
        host: "conference.@HOST@"
        access:
          - allow
        access_admin:
          - allow: admin
        access_create: muc_create
        access_persistent: muc_create
        default_room_options:
          mam: true
        history_size: 1000
      mod_muc_admin: {}
  "meet.mydomain.tld":
    modules:
      mod_muc:
        host: "conference.@HOST@"
        access: all
        access_create: local
        access_persistent: local
        access_admin: admin
      mod_muc_admin: {}
	hosts:
	- mydomain.tld
	- meet.mydomain.tld

	loglevel: 4

	log_rotate_size: 10485760
	log_rotate_count: 99

	hide_sensitive_log_data: true

	acme:
	auto: false

	certfiles:
	- /etc/ejabberd/certs/mydomain.tld.crt.pem
	- /etc/ejabberd/certs/mydomain.tld.key.pem

	define_macro:
	'TLS_CIPHERS': "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"
	'TLS_OPTIONS':
	- "cipher_server_preference"
	- "no_compression"
	- "no_sslv3"
	- "no_tlsv1"
	- "no_tlsv1_1"
	'DH_FILE': "/usr/local/etc/ejabberd/dhparams.pem"

	c2s_dhfile: 'DH_FILE'
	s2s_dhfile: 'DH_FILE'
	c2s_ciphers: 'TLS_CIPHERS'
	s2s_ciphers: 'TLS_CIPHERS'
	c2s_protocol_options: 'TLS_OPTIONS'
	s2s_protocol_options: 'TLS_OPTIONS'
	s2s_use_starttls: required
	s2s_timeout: infinity

	listen:
	-
	port: 5222
	module: ejabberd_c2s
	starttls: true
	starttls_required: true
	zlib: true
	max_stanza_size: 262144
	shaper: c2s_shaper
	access: c2s
	-
	port: 5223
	module: ejabberd_c2s
	tls: true
	zlib: true
	max_stanza_size: 262144
	shaper: c2s_shaper
	access: c2s
	-
	port: 5269
	module: ejabberd_s2s_in
	max_stanza_size: 524288
	-
	port: 5280
	module: ejabberd_http
	request_handlers:
	"/admin": ejabberd_web_admin
	protocol_options: 'TLS_OPTIONS'
	dhfile: 'DH_FILE'
	ciphers: 'TLS_CIPHERS'
	-
	port: 5347
	module: ejabberd_service
	hosts:
	"focus.meet.mydomain.tld":
	password: ""
	-
	port: 5443
	module: ejabberd_http
	request_handlers:
	"/ws": ejabberd_http_ws
	"/http-bind": mod_bosh
	tls: true
	protocol_options: 'TLS_OPTIONS'
	dhfile: 'DH_FILE'
	ciphers: 'TLS_CIPHERS'
	-
	port: 5444
	module: ejabberd_http
	request_handlers:
	"": mod_http_upload
	tls: true
	protocol_options: 'TLS_OPTIONS'
	dhfile: 'DH_FILE'
	ciphers: 'TLS_CIPHERS'
	-
	port: 9999
	transport: udp
	use_turn: true
	turn_min_port: 60000
	turn_max_port: 65000
	turn_ipv4_address: MY.EXT.ERN.AL
	auth_realm: mydomain.tld
	module: ejabberd_stun
	turn_blacklist: []
	-
	port: 9999
	use_turn: true
	turn_min_port: 60000
	turn_max_port: 65000
	turn_ipv4_address: MY.EXT.ERN.AL
	auth_realm: mydomain.tld
	module: ejabberd_stun
	turn_blacklist: []
	-
	port: 9998
	use_turn: true
	turn_min_port: 60000
	turn_max_port: 65000
	turn_ipv4_address: MY.EXT.ERN.AL
	auth_realm: mydomain.tld
	module: ejabberd_stun
	tls: true
	certfile: /usr/local/etc/ejabberd/certs/test.pem
	turn_blacklist: []

	host_config:
	"mydomain.tld":
	auth_method: sql
	auth_password_format: scram
	"meet.mydomain.tld":
	auth_method: anonymous
	allow_multiple_connections: true
	anonymous_protocol: both
	s2s_access: none

	default_db: sql
	sql_type: pgsql
	sql_server: "localhost"
	sql_database: "database"
	sql_username: "database"
	sql_password: ""
	new_sql_schema: true
	sql_pool_size: 2
	disable_sasl_mechanisms: ["X-OAUTH2"]

	acl:
	admin:
	user:
	- "admin@mydomain.tld"
	- "focus@mydomain.tld"
	local:
	user_regexp: ""
	loopback:
	ip:
	- 127.0.0.0/8
	- ::1/128
	- ::FFFF:127.0.0.1/128
	blocked_servers:
	server:
	- "itmightbematrix.org"

	access_rules:
	local:
	allow: local
	c2s:
	deny: blocked
	allow: all
	s2s:
	deny: blocked_servers
	allow: all
	announce:
	allow: admin
	configure:
	allow: admin
	muc_create:
	allow: local
	pubsub_createnode:
	allow: local

	s2s_access: s2s

	registration_timeout: 1

	api_permissions:
	"console commands":
	from:
	- ejabberd_ctl
	who: all
	what: "*"
	"admin access":
	who:
	access:
	allow:
	acl: loopback
	acl: admin
	oauth:
	scope: "ejabberd:admin"
	access:
	allow:
	acl: loopback
	acl: admin
	what:
	- "*"
	- "!stop"
	- "!start"
	"public commands":
	who:
	ip: 127.0.0.1/8
	what:
	- status
	- connected_users_number

	shaper:
	normal:
	rate: 32767
	burst_size: 65535
	fast: 5242880

	shaper_rules:
	max_user_sessions: 32
	max_user_offline_messages:
	5000: admin
	5000: all
	c2s_shaper:
	none: admin
	normal: all
	s2s_shaper: fast

	modules:
	mod_adhoc: {}
	mod_admin_extra: {}
	mod_announce:
	access: announce
	mod_avatar: {}
	mod_blocking: {}
	mod_bosh: {}
	mod_caps: {}
	mod_carboncopy: {}
	mod_client_state: {}
	mod_configure: {}
	mod_disco:
	server_info:
	-
	modules: all
	name: "abuse-addresses"
	urls: ["xmpp:admin@mydomain.tld"]
	-
	modules: [mod_disco]
	name: "feedback-addresses"
	urls: ["xmpp:admin@mydomain.tld"]
	-
	modules:
	- mod_disco
	- mod_vcard
	name: "admin-addresses"
	urls: ["xmpp:admin@mydomain.tld"]
	mod_fail2ban: {}
	mod_last: {}
	mod_mam:
	assume_mam_usage: true
	default: always
	compress_xml: true
	mod_offline:
	access_max_user_messages: max_user_offline_messages
	store_groupchat: true
	use_mam_for_storage: true
	mod_ping: {}
	mod_pres_counter:
	count: 16
	interval: 60 secs
	mod_privacy: {}
	mod_private: {}
	mod_proxy65:
	ip: "127.0.0.1"
	hosts:
	- "proxy.@HOST@"
	shaper: normal
	access: local
	max_connections: 10
	mod_pubsub:
	access_createnode: pubsub_createnode
	ignore_pep_from_offline: false
	last_item_cache: true
	plugins:
	- pep
	- flat
	force_node_config:
	eu.siacs.conversations.axolotl.*:
	access_model: open
	storage:bookmarks:
	access_model: whitelist
	mod_push: {}
	mod_push_keepalive: {}
	mod_register:
	access: none
	mod_roster:
	versioning: true
	mod_shared_roster: {}
	mod_stream_mgmt:
	resend_on_timeout: if_offline
	mod_stun_disco:
	services:
	-
	host: MY.EXT.ERN.AL
	port: 9999
	type: stun
	-
	host: MY.EXT.ERN.AL
	port: 9999
	type: turn
	-
	host: MY.EXT.ERN.AL
	port: 9999
	type: stun
	transport: tcp
	-
	host: MY.EXT.ERN.AL
	port: 9999
	type: turn
	transport: tcp
	-
	host: mydomain.tld
	port: 9998
	type: stuns
	-
	host: mydomain.tld
	port: 9998
	type: turns
	mod_vcard: {}
	mod_vcard_xupdate: {}
	mod_version:
	show_os: false

	append_host_config:
	"mydomain.tld":
	modules:
	mod_http_upload:
	docroot: /var/www/upload
	put_url: "https://upload.@HOST@"
	external_secret: ""
	mod_http_upload_quota:
	max_days: 60
	mod_muc:
	host: "conference.@HOST@"
	access:
	- allow
	access_admin:
	- allow: admin
	access_create: muc_create
	access_persistent: muc_create
	default_room_options:
	mam: true
	history_size: 1000
	mod_muc_admin: {}
	"meet.mydomain.tld":
	modules:
	mod_muc:
	host: "conference.@HOST@"
	access: all
	access_create: local
	access_persistent: local
	access_admin: admin
	mod_muc_admin: {}