132 lines
3.5 KiB
Nix
132 lines
3.5 KiB
Nix
# docs:
|
|
# - <https://docs.ejabberd.im/admin/configuration/basic>
|
|
# example configs:
|
|
# - 2013: <https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example>
|
|
{ lib, ... }:
|
|
|
|
# XXX disabled: fails to start because of `mnesia_tm` dependency
|
|
# lib.mkIf false
|
|
{
|
|
sane.impermanence.service-dirs = [
|
|
{ user = "ejabberd"; group = "ejabberd"; directory = "/var/lib/ejabberd"; }
|
|
];
|
|
networking.firewall.allowedTCPPorts = [
|
|
5222 # XMPP client -> server
|
|
5269 # XMPP server -> server
|
|
5443 # web services (file uploads, websockets, admin)
|
|
];
|
|
|
|
# provide access to certs
|
|
users.users.ejabberd.extraGroups = [ "nginx" ];
|
|
|
|
security.acme.certs."uninsane.org".extraDomainNames = [
|
|
"upload.xmpp.uninsane.org"
|
|
];
|
|
|
|
# TODO: allocate UIDs/GIDs ?
|
|
services.ejabberd.enable = true;
|
|
services.ejabberd.configFile = builtins.toFile "ejabberd.yaml" ''
|
|
hosts:
|
|
- uninsane.org
|
|
|
|
# none | emergency | alert | critical | error | warning | notice | info | debug
|
|
loglevel: debug
|
|
|
|
acme:
|
|
auto: false
|
|
certfiles:
|
|
- /var/lib/acme/uninsane.org/fullchain.pem
|
|
- /var/lib/acme/uninsane.org/key.pem
|
|
|
|
pam_userinfotype: jid
|
|
|
|
acl:
|
|
local:
|
|
user_regexp: ""
|
|
|
|
access_rules:
|
|
local:
|
|
- allow: local
|
|
|
|
# docs: <https://docs.ejabberd.im/admin/configuration/basic/#shaper-rules>
|
|
shaper_rules:
|
|
max_s2s_connections: 3
|
|
max_user_offline_messages: 5000
|
|
c2s_shaper:
|
|
fast: all
|
|
s2s_shaper:
|
|
med: all
|
|
|
|
# docs: <https://docs.ejabberd.im/admin/configuration/basic/#shapers>
|
|
# this limits the bytes/sec.
|
|
# for example, burst: 3_000_000 and rate: 100_000 means:
|
|
# - each client has a BW budget that accumulates 100kB/sec and is capped at 3 MB
|
|
shaper:
|
|
fast: 1000000
|
|
med: 500000
|
|
# fast:
|
|
# - rate: 1000000
|
|
# - burst_size: 10000000
|
|
# med:
|
|
# - rate: 500000
|
|
# - burst_size: 5000000
|
|
|
|
# see: <https://docs.ejabberd.im/admin/configuration/listen/>
|
|
# TODO: host web admin panel
|
|
s2s_use_starttls: true
|
|
listen:
|
|
-
|
|
port: 5222
|
|
module: ejabberd_c2s
|
|
shaper: c2s_shaper
|
|
starttls: true
|
|
-
|
|
port: 5269
|
|
module: ejabberd_s2s_in
|
|
shaper: s2s_shaper
|
|
-
|
|
port: 5443
|
|
module: ejabberd_http
|
|
tls: true
|
|
request_handlers:
|
|
/admin: ejabberd_web_admin
|
|
/api: mod_http_api
|
|
/bosh: mod_bosh
|
|
/upload: mod_http_upload
|
|
/ws: ejabberd_http_ws
|
|
|
|
# TODO: enable mod_client_state for net optimization
|
|
# TODO: enable mod_conversejs for web-hosted XMPP client
|
|
# TODO: enable mod_fail2ban
|
|
# TODO: enable mod_host_meta
|
|
# TODO(low): look into mod_http_fileserver for serving macros?
|
|
# TODO: enable mod_muc ?
|
|
# TODO: enable mod_offline for buffering messages to offline users/servers?
|
|
modules:
|
|
mod_disco:
|
|
server_info:
|
|
-
|
|
modules: all
|
|
name: abuse-addresses
|
|
urls:
|
|
- "mailto:admin.xmpp@uninsane.org"
|
|
- "xmpp:colin@uninsane.org"
|
|
-
|
|
modules: all
|
|
name: admin-addresses
|
|
urls:
|
|
- "mailto:admin.xmpp@uninsane.org"
|
|
- "xmpp:colin@uninsane.org"
|
|
mod_http_upload:
|
|
host: upload.xmpp.uninsane.org
|
|
hosts:
|
|
- upload.xmpp.uninsane.org
|
|
put_url: "https://@HOST@:5443/upload"
|
|
dir_mode: "0750"
|
|
file_mode: "0750"
|
|
rm_on_unregister: false
|
|
mod_ping: {}
|
|
mod_version: {}
|
|
'';
|
|
}
|