with import <stockholm/lib>; { config, ... }: let # See https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example ciphers = concatStringsSep ":" [ "ECDHE-ECDSA-AES256-GCM-SHA384" "ECDHE-RSA-AES256-GCM-SHA384" "ECDHE-ECDSA-CHACHA20-POLY1305" "ECDHE-RSA-CHACHA20-POLY1305" "ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-RSA-AES128-GCM-SHA256" "ECDHE-ECDSA-AES256-SHA384" "ECDHE-RSA-AES256-SHA384" "ECDHE-ECDSA-AES128-SHA256" "ECDHE-RSA-AES128-SHA256" ]; protocol_options = [ "no_sslv2" "no_sslv3" "no_tlsv1" "no_tlsv1_10" ]; in /* yaml */ '' access_rules: announce: - allow: admin local: - allow: local configure: - allow: admin register: - allow s2s: - allow trusted_network: - allow: loopback acl: local: user_regexp: "" loopback: ip: - "127.0.0.0/8" - "::1/128" - "::FFFF:127.0.0.1/128" hosts: ${toJSON config.hosts} language: "en" listen: - port: 5222 ip: "::" module: ejabberd_c2s shaper: c2s_shaper certfile: ${toJSON config.certfile.path} ciphers: ${toJSON ciphers} dhfile: ${toJSON config.dhfile.path} protocol_options: ${toJSON protocol_options} starttls: true starttls_required: true tls: false tls_compression: false max_stanza_size: 65536 - port: 5269 ip: "::" module: ejabberd_s2s_in shaper: s2s_shaper max_stanza_size: 131072 loglevel: 4 modules: mod_adhoc: {} mod_admin_extra: {} mod_announce: access: announce mod_caps: {} mod_carboncopy: {} mod_client_state: {} mod_configure: {} mod_disco: {} mod_echo: {} mod_bosh: {} mod_last: {} mod_offline: access_max_user_messages: max_user_offline_messages mod_ping: {} mod_privacy: {} mod_private: {} mod_register: access_from: allow access: register # ip_access: trusted_network registration_watchers: ${toJSON config.registration_watchers} mod_roster: {} mod_shared_roster: {} mod_stats: {} mod_time: {} mod_vcard: search: false mod_version: {} mod_http_api: {} s2s_access: s2s s2s_certfile: ${toJSON config.s2s_certfile.path} s2s_ciphers: ${toJSON ciphers} s2s_dhfile: ${toJSON config.dhfile.path} s2s_protocol_options: ${toJSON protocol_options} s2s_tls_compression: false s2s_use_starttls: required shaper_rules: max_user_offline_messages: - 5000: admin - 100 max_user_sessions: 10 c2s_shaper: - none: admin - normal s2s_shaper: fast ''