From ccfe0921edb6d81ccf53135654fd364eea679140 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Wed, 18 Jan 2017 17:32:45 +0100
Subject: Add ejabberd tweaks as snippets.

---
 ejabberd/ejabberd.yml.diff | 179 ++++++++++-----------------------------------
 1 file changed, 40 insertions(+), 139 deletions(-)

(limited to 'ejabberd/ejabberd.yml.diff')

diff --git a/ejabberd/ejabberd.yml.diff b/ejabberd/ejabberd.yml.diff
index ac19670..b99c6c8 100644
--- a/ejabberd/ejabberd.yml.diff
+++ b/ejabberd/ejabberd.yml.diff
@@ -1,145 +1,46 @@
---- ejabberd.yml.orig	2014-11-21 13:06:14.000000000 +0100
-+++ ejabberd.yml	2016-02-27 18:34:12.000000000 +0100
-@@ -72,7 +72,8 @@
- ##   - "example.org"
- ##
- hosts:
--  - "localhost"
-+  - "example.org"
-+  - "guest.example.org"
+--- a/ejabberd.yml
++++ b/ejabberd.yml
+@@ -2,6 +2,8 @@
+ ###'              ejabberd configuration file
+ ###
+ ###
++include_config_file:
++  "/etc/local-COMMON/ejabberd/prepend.yml": []
  
- ##
- ## route_subdomains: Delegate subdomains to other XMPP servers.
-@@ -98,14 +99,14 @@
-     ## certificate, specify the full path to the
-     ## file and uncomment this line:
-     ##
--    certfile: "/etc/ejabberd/ejabberd.pem"
--    starttls: true
-+    certfile: "/etc/ejabberd/chat.example.org.pem"
-+    starttls_required: true
-     ##
-     ## Custom OpenSSL options
-     ##
-     protocol_options:
-       - "no_sslv3"
--    ##   - "no_tlsv1"
-+      - "no_tlsv1"
-     max_stanza_size: 65536
-     shaper: c2s_shaper
-     access: c2s
-@@ -148,29 +149,62 @@
-     module: ejabberd_http
-     ## request_handlers:
-     ##   "/pub/archive": mod_http_fileserver
+ ### The parameters used in this configuration file are explained in more detail
+ ### in the ejabberd Installation and Operation Guide.
+@@ -168,23 +170,11 @@
+   ##   port: 4560
+   ##   module: ejabberd_xmlrpc
+   ##   access_commands: {}
+-  - 
+-    port: 5280
+-    ip: "::"
+-    module: ejabberd_http
+-    request_handlers:
+-      "/websocket": ejabberd_http_ws
+-    ##  "/pub/archive": mod_http_fileserver
 -    web_admin: true
--    http_poll: true
-+    web_admin: false
-+    http_poll: false
-     http_bind: true
-     ## register: true
--    captcha: true
-+    captcha: false
-+
-+  -
-+    port: 3478
-+    transport: udp
-+    module: ejabberd_stun
-+  -
-+    port: 3478
-+    module: ejabberd_stun
-+  -
-+    port: 5349
-+    module: ejabberd_stun
-+    certfile: "/etc/ejabberd/chat.example.org.pem"
-+    tls: true
-+    turn_ip: "188.183.5.254"
-+    auth_type: user
-+    auth_realm: "EXAMPLE.ORG"
-+##  -
-+##    port: 5060
-+##    transport: udp
-+##    module: ejabberd_sip
-+##  -
-+##    port: 5060
-+##    module: ejabberd_sip
-+  -
-+    port: 5061
-+    module: ejabberd_sip
-+    certfile: "/etc/ejabberd/chat.example.org.pem"
-+    tls: true
- 
- ##
- ## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
- ## Allowed values are: false optional required required_trusted
- ## You must specify a certificate file.
- ##
-+## s2s_use_starttls: optional
- s2s_use_starttls: optional
- 
- ##
- ## s2s_certfile: Specify a certificate file.
- ##
--s2s_certfile: "/etc/ejabberd/ejabberd.pem"
-+## s2s_certfile: "/path/to/ssl.pem"
-+s2s_certfile: "/etc/ejabberd/chat.example.org.pem"
+-    http_bind: true
+-    ## register: true
+-    ## captcha: true
+-    tls: true
+-    certfile: "/etc/ejabberd/ejabberd.pem"
  
- ## Custom OpenSSL options
- ##
-+## s2s_protocol_options:
-+##   - "no_sslv3"
-+##   - "no_tlsv1"
- s2s_protocol_options:
-   - "no_sslv3"
--##   - "no_tlsv1"
-+  - "no_tlsv1"
+ ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
+ ## password storage (see auth_password_format option).
+-disable_sasl_mechanisms: "digest-md5"
++disable_sasl_mechanisms:
++  - "digest-md5"
  
- ##
- ## domain_certfile: Specify a different certificate for each served hostname.
-@@ -289,6 +323,14 @@
- ##     auth_method:
- ##       - internal
- ##       - anonymous
-+host_config:
-+  "example.org":
-+    auth_method:
-+      - pam
-+  "guest.example.org":
-+    auth_method: anonymous
-+    allow_multiple_connections: true
-+    anonymous_protocol: both
+ ###.  ==================
+ ###'  S2S GLOBAL OPTIONS
+@@ -685,6 +675,8 @@
  
- ###   ==============
- ###   DATABASE SETUP
-@@ -472,7 +514,7 @@
-   ## In-band registration allows registration of any possible username.
-   ## To disable in-band registration, replace 'allow' with 'deny'.
-   register: 
--    all: allow
-+    all: deny
-   ## Only allow to register from localhost
-   trusted_network: 
-     loopback: allow
-@@ -553,7 +595,7 @@
-   ##   accesslog: "/var/log/ejabberd/access.log"
-   mod_last: {}
-   mod_muc: 
--    ## host: "conference.@HOST@"
-+    host: "conference.example.org"
-     access: muc
-     access_create: muc_create
-     access_persistent: muc_create
-@@ -615,11 +657,12 @@
-     ##
-     ## Local c2s or remote s2s users cannot register accounts
-     ##
--    ## access_from: deny
-+    access_from: deny
+ allow_contrib_modules: true
  
-     access: register
-   mod_roster: {}
-   mod_shared_roster: {}
-+  mod_sip: {}
-   mod_stats: {}
-   mod_time: {}
-   mod_vcard: {}
++include_config_file:
++  "/etc/local-COMMON/ejabberd/append.yml": []
+ ###.
+ ###'
+ ### Local Variables:
-- 
cgit v1.2.3