mess with XMPP stuff. ejabberd: enable mam, some other acl's that probably aren't used
prosody is still broken
This commit is contained in:
parent
c3957d81c2
commit
b4314bd919
|
|
@ -1,9 +1,16 @@
|
||||||
# docs:
|
# docs:
|
||||||
# - <https://docs.ejabberd.im/admin/configuration/basic>
|
# - <https://docs.ejabberd.im/admin/configuration/basic>
|
||||||
# example configs:
|
# example configs:
|
||||||
|
# - <https://github.com/vkleen/machines/blob/138a2586ce185d7cf201d4e1fe898c83c4af52eb/hosts/europium/ejabberd.nix>
|
||||||
|
# - <https://github.com/Mic92/stockholm/blob/675ef0088624c9de1cb531f318446316884a9d3d/tv/3modules/ejabberd/default.nix>
|
||||||
|
# - <https://github.com/buffet/tararice/blob/bc5b65509f4e622313af3f1f4be690628123f1f3/programs/ejabberd.nix>
|
||||||
|
# - <https://github.com/leo60228/dotfiles/blob/39b3abba3009bdc31413d4757ca2f882a33eec8b/files/ejabberd.yml>
|
||||||
|
# - <https://github.com/Mic92/dotfiles/blob/ddf0f4821f554f7667fc803344657367c55fb9e6/nixos/eve/modules/ejabberd.nix>
|
||||||
|
# - <nixpkgs:nixos/tests/xmpp/ejabberd.nix>
|
||||||
# - 2013: <https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example>
|
# - 2013: <https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example>
|
||||||
{ lib, ... }:
|
{ lib, ... }:
|
||||||
|
|
||||||
|
# XXX: avatar support works in MUCs but not DMs
|
||||||
# lib.mkIf false
|
# lib.mkIf false
|
||||||
{
|
{
|
||||||
sane.impermanence.service-dirs = [
|
sane.impermanence.service-dirs = [
|
||||||
|
|
@ -12,6 +19,8 @@
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
5222 # XMPP client -> server
|
5222 # XMPP client -> server
|
||||||
5269 # XMPP server -> server
|
5269 # XMPP server -> server
|
||||||
|
5280 # bosh
|
||||||
|
5281 # bosh (https) ??
|
||||||
5443 # web services (file uploads, websockets, admin)
|
5443 # web services (file uploads, websockets, admin)
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
@ -43,18 +52,31 @@
|
||||||
pam_userinfotype: jid
|
pam_userinfotype: jid
|
||||||
|
|
||||||
acl:
|
acl:
|
||||||
|
admin:
|
||||||
|
user:
|
||||||
|
- "colin@uninsane.org"
|
||||||
local:
|
local:
|
||||||
user_regexp: ""
|
user_regexp: ""
|
||||||
|
loopback:
|
||||||
|
ip:
|
||||||
|
- 127.0.0.0/8
|
||||||
|
- ::1/128
|
||||||
|
|
||||||
access_rules:
|
access_rules:
|
||||||
local:
|
local:
|
||||||
allow: local
|
allow: local
|
||||||
pubsub_createnode_access:
|
|
||||||
allow: local
|
|
||||||
c2s_access:
|
c2s_access:
|
||||||
allow: all
|
allow: all
|
||||||
|
announce:
|
||||||
|
allow: admin
|
||||||
|
configure:
|
||||||
|
allow: admin
|
||||||
muc_create:
|
muc_create:
|
||||||
allow: local
|
allow: local
|
||||||
|
pubsub_createnode_access:
|
||||||
|
allow: local
|
||||||
|
trusted_network:
|
||||||
|
allow: loopback
|
||||||
|
|
||||||
# docs: <https://docs.ejabberd.im/admin/configuration/basic/#shaper-rules>
|
# docs: <https://docs.ejabberd.im/admin/configuration/basic/#shaper-rules>
|
||||||
shaper_rules:
|
shaper_rules:
|
||||||
|
|
@ -116,8 +138,10 @@
|
||||||
# TODO: enable mod_client_state for net optimization
|
# TODO: enable mod_client_state for net optimization
|
||||||
# TODO: enable mod_fail2ban
|
# TODO: enable mod_fail2ban
|
||||||
# TODO(low): look into mod_http_fileserver for serving macros?
|
# TODO(low): look into mod_http_fileserver for serving macros?
|
||||||
# TODO: enable mod_muc
|
|
||||||
modules:
|
modules:
|
||||||
|
# mod_adhoc: {}
|
||||||
|
# mod_announce:
|
||||||
|
# access: admin
|
||||||
# allows users to set avatars in vCard
|
# allows users to set avatars in vCard
|
||||||
# - <https://docs.ejabberd.im/admin/configuration/modules/#mod-avatar>
|
# - <https://docs.ejabberd.im/admin/configuration/modules/#mod-avatar>
|
||||||
mod_avatar: {}
|
mod_avatar: {}
|
||||||
|
|
@ -152,6 +176,13 @@
|
||||||
# mod_host_meta: {}
|
# mod_host_meta: {}
|
||||||
mod_jidprep: {} # probably not needed: lets clients normalize jids
|
mod_jidprep: {} # probably not needed: lets clients normalize jids
|
||||||
mod_last: {} # allow other users to know when i was last online
|
mod_last: {} # allow other users to know when i was last online
|
||||||
|
mod_mam:
|
||||||
|
# Mnesia is limited to 2GB, better to use an SQL backend
|
||||||
|
# For small servers SQLite is a good fit and is very easy
|
||||||
|
# to configure. Uncomment this when you have SQL configured:
|
||||||
|
# db_type: sql
|
||||||
|
assume_mam_usage: true
|
||||||
|
default: always
|
||||||
mod_muc:
|
mod_muc:
|
||||||
access:
|
access:
|
||||||
- allow
|
- allow
|
||||||
|
|
@ -159,6 +190,8 @@
|
||||||
- allow: admin
|
- allow: admin
|
||||||
access_create: muc_create
|
access_create: muc_create
|
||||||
access_persistent: muc_create
|
access_persistent: muc_create
|
||||||
|
access_mam:
|
||||||
|
- allow
|
||||||
history_size: 100 # messages to show new participants
|
history_size: 100 # messages to show new participants
|
||||||
host: conference.xmpp.uninsane.org
|
host: conference.xmpp.uninsane.org
|
||||||
hosts:
|
hosts:
|
||||||
|
|
@ -167,6 +200,8 @@
|
||||||
anonymous: false
|
anonymous: false
|
||||||
lang: en
|
lang: en
|
||||||
persistent: true
|
persistent: true
|
||||||
|
mam: true
|
||||||
|
mod_muc_admin: {}
|
||||||
mod_offline: # store messages for a user when they're offline (TODO: understand multi-client workflow?)
|
mod_offline: # store messages for a user when they're offline (TODO: understand multi-client workflow?)
|
||||||
access_max_user_messages: max_user_offline_messages
|
access_max_user_messages: max_user_offline_messages
|
||||||
store_groupchat: true
|
store_groupchat: true
|
||||||
|
|
@ -195,8 +230,8 @@
|
||||||
hosts:
|
hosts:
|
||||||
- pubsub.xmpp.uninsane.org
|
- pubsub.xmpp.uninsane.org
|
||||||
plugins:
|
plugins:
|
||||||
- flat
|
|
||||||
- pep
|
- pep
|
||||||
|
# - flat
|
||||||
force_node_config:
|
force_node_config:
|
||||||
# avoid buggy clients to make their bookmarks public
|
# avoid buggy clients to make their bookmarks public
|
||||||
# XXX: not sure if this is necessary: copying config from examples
|
# XXX: not sure if this is necessary: copying config from examples
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,5 @@
|
||||||
|
# example configs:
|
||||||
|
# - <https://github.com/kittywitch/nixfiles/blob/main/services/prosody.nix>
|
||||||
# create users with:
|
# create users with:
|
||||||
# - `sudo -u prosody prosodyctl adduser colin@uninsane.org`
|
# - `sudo -u prosody prosodyctl adduser colin@uninsane.org`
|
||||||
|
|
||||||
|
|
@ -13,7 +15,7 @@ lib.mkIf false
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
5222 # XMPP client -> server
|
5222 # XMPP client -> server
|
||||||
5269 # XMPP server -> server
|
5269 # XMPP server -> server
|
||||||
5280 # Prosody HTTP port (necessary?)
|
5280 # bosh
|
||||||
5281 # Prosody HTTPS port (necessary?)
|
5281 # Prosody HTTPS port (necessary?)
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
@ -34,7 +36,7 @@ lib.mkIf false
|
||||||
# c2s_require_encryption = true
|
# c2s_require_encryption = true
|
||||||
# '';
|
# '';
|
||||||
|
|
||||||
# extraModules = [ "private" "vcard" "privacy" "compression" "component" "muc" "pep" "adhoc" "lastactivity" "admin_adhoc" "blocklist"];
|
extraModules = [ "private" "vcard" "privacy" "compression" "component" "muc" "pep" "adhoc" "lastactivity" "admin_adhoc" "blocklist"];
|
||||||
|
|
||||||
ssl.cert = "/var/lib/acme/uninsane.org/fullchain.pem";
|
ssl.cert = "/var/lib/acme/uninsane.org/fullchain.pem";
|
||||||
ssl.key = "/var/lib/acme/uninsane.org/key.pem";
|
ssl.key = "/var/lib/acme/uninsane.org/key.pem";
|
||||||
|
|
@ -51,7 +53,7 @@ lib.mkIf false
|
||||||
domain = "localhost";
|
domain = "localhost";
|
||||||
enabled = true;
|
enabled = true;
|
||||||
};
|
};
|
||||||
"uninsane.org" = {
|
"xmpp.uninsane.org" = {
|
||||||
domain = "uninsane.org";
|
domain = "uninsane.org";
|
||||||
enabled = true;
|
enabled = true;
|
||||||
ssl.cert = "/var/lib/acme/uninsane.org/fullchain.pem";
|
ssl.cert = "/var/lib/acme/uninsane.org/fullchain.pem";
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user