# Inferencium - xb000-0 # ejabberd - Configuration # Copyright 2022 Jake Winters # SPDX-License-Identifier: BSD-3-Clause # Version: 6.0.0.11 # Hosts hosts: - inferencium.net - dissensionclub.net # Hosts configuration host_config: inferencium.net: auth_method: internal dissensionclub.net: auth_method: internal # Language language: en # Security ## Passwords auth_password_format: scram auth_scram_hash: sha256 ### Upgrade password hashes to SHA-512 when possible; currently infeasible due to current users ### having passwords created using SHA-256. #auth_scram_hash: sha512 ## Server-to-Server s2s_dhfile: "/etc/ssl/inferencium.net/dh-3072.pem" s2s_ciphers: - "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256" s2s_protocol_options: - no_sslv2 - no_sslv3 - no_tlsv1 - no_tlsv1_1 - cipher_server_preferences s2s_use_starttls: required s2s_tls_compression: false s2s_zlib: false allow_multiple_connections: false # Logging loglevel: info hide_sensitive_log_data: true # Certificates ca_file: "/etc/ssl/certs/ca-certificates.crt" certfiles: ## dissensionclub.net - "/etc/ssl/dissensionclub.net/ejabberd.pem" ## inferencium.net - "/etc/ssl/inferencium.net/ejabberd.pem" - "/etc/ssl/hfu.xmpp.inferencium.net/ejabberd.pem" - "/etc/ssl/muc.xmpp.inferencium.net/ejabberd.pem" - "/etc/ssl/xmpp.inferencium.net/ejabberd.pem" listen: - port: 5222 ip: "::" module: ejabberd_c2s dhfile: "/etc/ssl/inferencium.net/dh-3072.pem" protocol_options: - no_sslv2 - no_sslv3 - no_tlsv1 - no_tlsv1_1 ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256" starttls: true starttls_required: true tls_compression: false max_stanza_size: 262144 shaper: c2s_shaper access: c2s - port: 5223 ip: "::" module: ejabberd_c2s dhfile: "/etc/ssl/inferencium.net/dh-3072.pem" tls: true protocol_options: - no_sslv2 - no_sslv3 - no_tlsv1 - no_tlsv1_1 ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256" tls_compression: false max_stanza_size: 262144 shaper: c2s_shaper access: c2s - port: 5269 ip: "::" module: ejabberd_s2s_in max_stanza_size: 524288 - port: 5443 ip: "::" module: ejabberd_http tls: true request_handlers: /admin: ejabberd_web_admin /api: mod_http_api /bosh: mod_bosh /captcha: ejabberd_captcha /upload: mod_http_upload /ws: ejabberd_http_ws custom_headers: "Access-Control-Allow-Origin": "*" "Access-Control-Allow-Methods": "GET,HEAD,OPTIONS,PUT" "Access-Control-Allow-Headers": "Authorization" "Access-Control-Allow-Headers": "Content-Type, Origin, X-Requested-Width" "Access-Control-Allow-Credentials": "true" - port: 5280 ip: "::" module: ejabberd_http request_handlers: /admin: ejabberd_web_admin - port: 3478 ip: "::" transport: udp module: ejabberd_stun use_turn: true ## The server's public IPv4 address: # turn_ipv4_address: "203.0.113.3" ## The server's public IPv6 address: # turn_ipv6_address: "2001:db8::3" acl: local: user_regexp: "" loopback: ip: - 127.0.0.0/8 - ::1/128 admin: user: - "admin@inferencium.net" access_rules: local: allow: local c2s: deny: blocked allow: all announce: allow: admin configure: allow: admin muc_create: allow: local pubsub_createnode: allow: local trusted_network: allow: loopback api_permissions: "console commands": from: - ejabberd_ctl who: all what: "*" "admin access": who: access: allow: - acl: loopback - acl: admin oauth: scope: "ejabberd:admin" access: allow: - acl: loopback - acl: admin what: - "*" - "!stop" - "!start" "public commands": who: ip: 127.0.0.1/8 what: - status - connected_users_number shaper: normal: rate: 3000 burst_size: 20000 fast: 100000 shaper_rules: max_user_sessions: 10 max_user_offline_messages: 5000: admin 100: all c2s_shaper: none: admin normal: all s2s_shaper: fast modules: mod_adhoc: {} mod_admin_extra: {} mod_announce: access: announce mod_avatar: {} mod_blocking: {} mod_bosh: {} mod_caps: {} mod_carboncopy: {} mod_client_state: {} mod_configure: {} mod_disco: {} mod_fail2ban: {} mod_http_api: {} mod_http_upload: name: HTTP File Upload access: local custom_headers: "Access-Control-Allow-Origin": "*" #"Access-Control-Allow-Origin": "https://@HOST@" "Access-Control-Allow-Methods": "GET,HEAD,OPTIONS,PUT" "Access-Control-Allow-Headers": "Content-Type" docroot: /var/lib/ejabberd/upload/@HOST@ dir_mode: "2750" file_mode: "0640" max_size: 67108864 put_url: https://@HOST@:5443/upload thumbnail: false mod_last: {} mod_mam: assume_mam_usage: true default: always mod_mqtt: {} mod_muc: host: muc.xmpp.inferencium.net access: - allow access_admin: - allow: admin access_create: muc_create access_persistent: muc_create access_mam: - allow default_room_options: allow_private_messages: true # allow_private_messages_from_visitors: nobody # allow_voice_requests: false anonymous: false logging: false mam: true # members_only: true persistent: true public: false public_list: false mod_muc_admin: {} mod_offline: access_max_user_messages: max_user_offline_messages mod_ping: {} mod_privacy: {} mod_private: {} mod_proxy65: access: local max_connections: 5 mod_pubsub: access_createnode: pubsub_createnode plugins: - flat - pep force_node_config: ## Avoid buggy clients to make their bookmarks public storage:bookmarks: access_model: whitelist mod_push: {} mod_push_keepalive: {} mod_register: ip_access: trusted_network mod_roster: versioning: true mod_s2s_dialback: {} mod_shared_roster: {} mod_stream_mgmt: resend_on_timeout: if_offline mod_stun_disco: {} mod_vcard: {} mod_vcard_xupdate: {} mod_version: show_os: false default_db: sql sql_type: pgsql sql_server: "localhost" sql_database: "ejabberd" sql_username: "ejabberd" sql_password: "[REDACTED]" ### Local Variables: ### mode: yaml ### End: ### vim: set filetype=yaml tabstop=8