crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
crans_bcfg2/Python/etc/ejabberd/ejabberd.cfg
Vincent Le Gallic 841d762a7d [ejabberd] On rajoute des headers pour le fichier de conf et on vire le *$!% de certificat 
Ah oui, on pense à préciser que c'est pas des # pour les commentaires dans ejabberd.cfg…
2013-06-25 02:22:27 +02:00

554 lines
14 KiB
Python
Raw Blame History

# -*- coding: utf-8; mode: python -*-
info["owner"] = "ejabberd"
info["group"] = "ejabberd"
info["perms"] = 0640
include("secrets")
comment_start = "%%%"
header("Configuration du serveur xmpp du crans")
@%%%
@%%% Debian ejabberd configuration file
@%%% This config must be in UTF-8 encoding
@%%%
@%%% The parameters used in this configuration file are explained in more detail
@%%% in the ejabberd Installation and Operation Guide.
@%%% Please consult the Guide in case of doubts, it is available at
@%%% /usr/share/doc/ejabberd/guide.html
@
@%%% ===================================
@%%% OVERRIDE OPTIONS STORED IN DATABASE
@
@%%
@%% Override global options (shared by all ejabberd nodes in a cluster).
@%%
@%%override_global.
@
@%%
@%% Override local options (specific for this particular ejabberd node).
@%%
@%%override_local.
@
@%%
@%% Remove the Access Control Lists before new ones are added.
@%%
@%%override_acls.
@
@
@%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@%% Options which are set by Debconf and managed by ucf
@
@%% Admin user
@{acl, admin, {user, "regala", "crans.org"}}.
@{acl, admin, {user, "regala", "jabber.crans.org"}}.
@{acl, admin, {user, "huber", "crans.org"}}.
@{acl, admin, {user, "huber", "jabber.crans.org"}}.
@{acl, admin, {user, "olasd", "crans.org"}}.
@{acl, admin, {user, "nicolasd", "jabber.crans.org"}}.
@{acl, admin, {user, "legallic", "crans.org"}}.
@{acl, admin, {user, "legallic", "jabber.crans.org"}}.
@
@
@
@
@%% Hostname
@{hosts, ["xmpp.crans.org", "jabber.crans.org", "crans.org"]}.
@
@%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@
@%%% This configuration file contains Erlang terms.
@%%% In case you want to understand the syntax, here are the concepts:
@%%%
@%%% - The character to comment a line is %
@%%%
@%%% - Each term ends in a dot, for example:
@%%% override_global.
@%%%
@%%% - A tuple has a fixed definition, its elements are
@%%% enclosed in {}, and separated with commas:
@%%% {loglevel, 4}.
@%%%
@%%% - A list can have as many elements as you want,
@%%% and is enclosed in [], for example:
@%%% [http_poll, web_admin, tls]
@%%%
@%%% - A keyword of ejabberd is a word in lowercase.
@%%% The strings are enclosed in "" and can have spaces, dots...
@%%% {language, "en"}.
@%%% {ldap_rootdn, "dc=example,dc=com"}.
@%%%
@%%% - This term includes a tuple, a keyword, a list and two strings:
@%%% {hosts, ["jabber.example.net", "im.example.com"]}.
@%%%
@
@
@%%% =========
@%%% DEBUGGING
@
@%%
@%% loglevel: Verbosity of log files generated by ejabberd.
@%% 0: No ejabberd log at all (not recommended)
@%% 1: Critical
@%% 2: Error
@%% 3: Warning
@%% 4: Info
@%% 5: Debug
@%%
@{loglevel, 3}.
@
@%%
@%% watchdog_admins: If an ejabberd process consumes too much memory,
@%% send live notifications to those Jabber accounts.
@%%
@{watchdog_admins, ["huber@jabber.crans.org"]}.
@
@
@%%% ================
@%%% SERVED HOSTNAMES
@
@%%
@%% hosts: Domains served by ejabberd.
@%% You can define one or several, for example:
@%% {hosts, ["example.net", "example.com", "example.org"]}.
@%%
@%% (This option is defined by debconf earlier)
@%% {hosts, ["localhost"]}.
@
@%%
@%% route_subdomains: Delegate subdomains to other Jabber server.
@%% For example, if this ejabberd serves example.org and you want
@%% to allow communication with a Jabber server called im.example.org.
@%%
@%%{route_subdomains, s2s}.
@
@
@%%% ===============
@%%% LISTENING PORTS
@
@%%
@%% listen: Which ports will ejabberd listen, which service handles it
@%% and what options to start it with.
@%%
@{listen,
@ [
@ {5222, ejabberd_c2s, [
@ inet6,
@ {access, c2s},
@ {shaper, c2s_shaper},
@ {max_stanza_size, 65536},
@ starttls, {certfile, "/etc/ejabberd/ssl/jabber.pem"}
@ ]},
@
@ %%
@ %% To enable the old SSL connection method (deprecated) in port 5223:
@ %%
@ {5223, ejabberd_c2s, [
@ inet6,
@ {access, c2s},
@ {shaper, c2s_shaper},
@ {max_stanza_size, 65536},
@ tls, {certfile, "/etc/ejabberd/ssl/jabber.pem"}
@ ]},
@
@ {5269, ejabberd_s2s_in, [
@ {shaper, s2s_shaper},
@ {max_stanza_size, 131072}
@ ]},
@
@ %% External MUC jabber-muc (but internal mod_muc is better :))
@ %%{5554, ejabberd_service, [
@ %% {ip, {127, 0, 0, 1}},
@ %% {access, all},
@ %% {shaper_rule, fast},
@ %% {host, "muc.localhost", [{password, "secret"}]}
@ %% ]},
@
@ %% Jabber ICQ Transport
@% {5555, ejabberd_service, [
@% {ip, {127, 0, 0, 1}},
@% {access, all},
@% {shaper_rule, fast},
@% {hosts, ["icq.crans.org", "sms.crans.org"],
@% [{password, "B2kOQ9Fd28"}]}
@% ]},
@
@ %% AIM Transport
@% {5556, ejabberd_service, [
@% {ip, {127, 0, 0, 1}},
@% {access, all},
@% {shaper_rule, fast},
@% {host, "aim.crans.org", [{password, "B2kOQ9Fd28"}]}
@% ]},
@
@ %% MSN Transport
@ {5560, ejabberd_service, [
@ {ip, {127, 0, 0, 1}},
@ {access, all},
@ {shaper_rule, fast},
@ {host, "msn2.crans.org", [{password, "ZJ4SXSIiSOUPU"}]}
@ ]},
@
@ %% Yahoo! Transport
@ {5558, ejabberd_service, [
@ {ip, {127, 0, 0, 1}},
@ {access, all},
@ {shaper_rule, fast},
@ {host, ["yahoo.crans.org", "chat.yahoo.crans.org"],
@ [{password, "secretoupas"}]}
@ ]},
@
@ %% External JUD (internal is more powerful,
@ %% but doesn't allow to register users from other servers)
@ %%{5559, ejabberd_service, [
@ %% {ip, {127, 0, 0, 1}},
@ %% {access, all},
@ %% {shaper_rule, fast},
@ %% {host, "jud.localhost", [{password, "secret"}]}
@ %% ]},
@%% Pour le http_poll pas de tls
@ {5280, ejabberd_http, [
@ http_poll]},
@
@%% un peu plus sécurisé
@ {5282, ejabberd_http, [
@ web_admin,
@ tls, {certfile, "/etc/ejabberd/ssl/jabber.pem"}
@ ]}
@
@ ]}.
@
@%%
@%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
@%% Allowed values are: true or false.
@%% You must specify a certificate file.
@%%
@{s2s_use_starttls, true}.
@
@%%
@%% s2s_certfile: Specify a certificate file.
@%%
@{s2s_certfile, "/etc/ejabberd/ssl/jabber.pem"}.
@
@%%
@%% domain_certfile: Specify a different certificate for each served hostname.
@%%
@%%{domain_certfile, "example.org", "/path/to/example_org.pem"}.
@%%{domain_certfile, "example.com", "/path/to/example_com.pem"}.
@
@%%
@%% S2S whitelist or blacklist
@%%
@%% Default s2s policy for undefined hosts.
@%%
@%%{s2s_default_policy, allow}.
@
@%%
@%% Allow or deny communication with specific servers.
@%%
@%%{{s2s_host, "goodhost.org"}, allow}.
@%%{{s2s_host, "badhost.org"}, deny}.
@
@
@%%% ==============
@%%% AUTHENTICATION
@
@%%
@%% auth_method: Method used to authenticate the users.
@%% The default method is the internal.
@%% If you want to use a different method,
@%% comment this line and enable the correct ones.
@%%
@%%{auth_method, internal}.
@
@%%
@%% Authentication using external script
@%% Make sure the script is executable by ejabberd.
@%%
@%%{auth_method, external}.
@%%{extauth_program, "/path/to/authentication/script"}.
@
@%%
@%% Authentication using ODBC
@%% Remember to setup a database in the next section.
@%%
@%%{auth_method, odbc}.
@
@%%
@%% Authentication using PAM
@%%
@%%{auth_method, pam}.
@%%{pam_service, "pamservicename"}.
@
@%%
@%% Authentication using LDAP
@%%
@{auth_method, ldap}.
@%%
@%% List of LDAP servers:
@{ldap_servers, ["ldap.adm.crans.org"]}.
@%%
@%% Encryption of connection to LDAP servers (LDAPS):
@%%{ldap_encrypt, tls}.
@%%
@%% Port connect to LDAP server:
@%%{ldap_port, 636}.
@%%
@%% LDAP manager:
print """{ldap_rootdn, "%s"}.""" % secrets.ldap_readonly_auth_dn
@%%
@%% Password to LDAP manager:
print """{ldap_password, "%s"}.""" % secrets.ldap_readonly_password
@%%
@%% Search base of LDAP directory:
@{ldap_base, "dc=crans,dc=org"}.
@%%
@%% LDAP attribute that holds user ID:
@{ldap_uids, [{"uid", "%u"}, {"mailAlias","%u@crans.org"}]}.
@%%
@%% LDAP filter:
@{ldap_filter, "(objectClass=cransAccount)"}.
@
@%%
@%% Anonymous login support:
@%% auth_method: anonymous
@%% anonymous_protocol: sasl_anon | login_anon | both
@%% allow_multiple_connections: true | false
@%%
@%%{host_config, "public.example.org", [{auth_method, anonymous},
@%% {allow_multiple_connections, false},
@%% {anonymous_protocol, sasl_anon}]}.
@%%
@%% To use both anonymous and internal authentication:
@%%
@%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
@{host_config, "crans.org", [{auth_method, ldap}]}.
@{host_config, "jabber.crans.org", [{auth_method, internal}]}.
@
@
@%%% ==============
@%%% DATABASE SETUP
@
@%% ejabberd uses by default the internal Mnesia database,
@%% so you can avoid this section.
@%% This section provides configuration examples in case
@%% you want to use other database backends.
@%% Please consult the ejabberd Guide for details about database creation.
@
@%%
@%% MySQL server:
@%%
@%%{odbc_server, {mysql, "server", "database", "username", "password"}}.
@%%
@%% If you want to specify the port:
@%%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}.
@
@%%
@%% PostgreSQL server:
@%%
@%%{odbc_server, {pgsql, "server", "database", "username", "password"}}.
@%%
@%% If you want to specify the port:
@%%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}.
@%%
@%% If you use PostgreSQL, have a large database, and need a
@%% faster but inexact replacement for "select count(*) from users"
@%%
@%%{pgsql_users_number_estimate, true}.
@
@%%
@%% ODBC compatible or MSSQL server:
@%%
@%%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.
@
@%%
@%% Number of connections to open to the database for each virtual host
@%%
@%%{odbc_pool_size, 10}.
@
@%%
@%% Interval to make a dummy SQL request to keep alive the connections
@%% to the database. Specify in seconds: for example 28800 means 8 hours
@%%
@%%{odbc_keepalive_interval, undefined}.
@
@
@%%% ===============
@%%% TRAFFIC SHAPERS
@
@%%
@%% The "normal" shaper limits traffic speed to 1.000 B/s
@%%
@{shaper, normal, {maxrate, 1000}}.
@
@%%
@%% The "fast" shaper limits traffic speed to 50.000 B/s
@%%
@{shaper, fast, {maxrate, 50000}}.
@
@
@%%% ====================
@%%% ACCESS CONTROL LISTS
@
@%%
@%% The 'admin' ACL grants administrative privileges to Jabber accounts.
@%% You can put as many accounts as you want.
@%%
@%%{acl, admin, {user, "aleksey", "localhost"}}.
@%%{acl, admin, {user, "ermine", "example.org"}}.
@
@%%
@%% Blocked users
@%%
@%%{acl, blocked, {user, "baduser", "example.org"}}.
@%%{acl, blocked, {user, "test"}}.
@
@%%
@%% Local users: don't modify this line.
@%%
@{acl, local, {user_regexp, ""}}.
@
@%%
@%% More examples of ACLs
@%%
@%%{acl, jabberorg, {server, "jabber.org"}}.
@%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
@%%{acl, test, {user_regexp, "^test"}}.
@%%{acl, test, {user_glob, "test*"}}.
@
@
@%%% ============
@%%% ACCESS RULES
@
@%% Define the maximum number of time a single user is allowed to connect:
@{access, max_user_sessions, [{10, all}]}.
@
@%% This rule allows access only for local users:
@{access, local, [{allow, local}]}.
@
@%% Only non-blocked users can use c2s connections:
@{access, c2s, [{deny, blocked},
@ {allow, all}]}.
@
@%% For all users except admins used "normal" shaper
@{access, c2s_shaper, [{none, admin},
@ {normal, all}]}.
@
@%% For all S2S connections used "fast" shaper
@{access, s2s_shaper, [{fast, all}]}.
@
@%% Only admins can send announcement messages:
@{access, announce, [{allow, admin}]}.
@
@%% Only admins can use configuration interface:
@{access, configure, [{allow, admin}]}.
@
@%% Admins of this server are also admins of MUC service:
@{access, muc_admin, [{allow, admin}]}.
@
@%% All users are allowed to use MUC service:
@{access, muc, [{allow, all}]}.
@
@%% No username can be registered via in-band registration:
@%% To enable in-band registration, replace 'deny' with 'allow'
@% (note that if you remove mod_register from modules list then users will not
@% be able to change their password as well as register).
@% This setting is default because it's more safe.
@{access, register, [{deny, all}]}.
@
@%% Everybody can create pubsub nodes
@{access, pubsub_createnode, [{allow, all}]}.
@
@
@%%% ================
@%%% DEFAULT LANGUAGE
@
@%%
@%% language: Default language used for server messages.
@%%
@{language, "en"}.
@
@
@%%% =======
@%%% MODULES
@
@%%
@%% Modules enabled in all ejabberd virtual hosts.
@%%
@{modules,
@ [
@ {mod_adhoc, []},
@ {mod_announce, [{access, announce}]}, % requires mod_adhoc
@ {mod_caps, []},
@ {mod_configure,[]}, % requires mod_adhoc
@%% Attention, n'existe plus avec ejabberd >= 2.1.x
@%% Ceci est remplacé par mod_admin_extra
@ {mod_ctlextra, []},
@ {mod_disco, [
@ {extra_domains, ["icq.crans.org",
@ "msn2.crans.org"
@ ]}]},
@ %%{mod_echo, [{host, "echo.localhost"}]},
@ % À mettre seulement sur un serveur
@ {mod_irc, []},
@ {mod_last, []},
@ {mod_muc, [
@ %%{host, "conference.@HOST@"},
@ {access, muc},
@ {access_create, muc},
@ {access_persistent, muc},
@ {access_admin, muc_admin},
@ {max_users, 500}
@ ]},
@ %%{mod_muc_log,[]},
@ {mod_offline, []},
@ {mod_privacy, []},
@ {mod_private, []},
@ % À mettre seulement sur un serveur
@ {mod_proxy65, [
@ {access, local},
@ {shaper, c2s_shaper}
@ ]},
@ {mod_pubsub, [ % requires mod_caps
@ {access_createnode, pubsub_createnode},
@ {plugins, ["default", "pep"]}
@ ]},
@ {mod_register, [
@ %%
@ %% After successful registration, the user receives
@ %% a message with this subject and body.
@ %%
@ {welcome_message, {"Welcome!",
@ "Welcome to a Jabber service powered by Debian. "
@ "For information about Jabber visit "
@ "http://www.jabber.org"}},
@ %% Replace it with 'none' if you don't want to send such message:
@ %%{welcome_message, none},
@
@ %%
@ %% When a user registers, send a notification to
@ %% these Jabber accounts.
@ %%
@ %%{registration_watchers, ["admin1@example.org"]},
@
@ {access, register}
@ ]},
@ {mod_roster, []},
@ %%{mod_service_log,[]},
@ %%{mod_shared_roster,[]},
@ {mod_stats, []},
@ {mod_time, []},
@ {mod_vcard, []},
@ {mod_version, []}
@ ]}.
@
@
@%%% $Id: ejabberd.cfg.example 1178 2008-02-08 18:28:36Z badlop $
@
@%%% Local Variables:
@%%% mode: erlang
@%%% End:
@%%% vim: set filetype=erlang tabstop=8:
Reference in a new issue View git blame Copy permalink