[Git] Sort gitignore

.gitignore

@@ -1,57 +1,58 @@
-rebuild-images.sh
+!data/conf/nginx/dynmaps.conf
-data/conf/sogo/sieve.creds
+!data/conf/nginx/meta_exporter.conf
+!data/conf/nginx/site.conf
+*.iml
+.idea
+.vscode/*
+data/assets/ejabberd/sqlite/sqlite.db
+data/assets/ssl-example/*
+data/assets/ssl/*
 data/conf/clamav/whitelist.ign2
-data/conf/phpfpm/sogo-sso/sogo-sso.pass
+data/conf/dovecot/acl_anyone
 data/conf/dovecot/dovecot-master.passwd
 data/conf/dovecot/dovecot-master.userdb
-mailcow.conf
+data/conf/dovecot/extra.conf
-mailcow.conf_backup
-data/conf/nginx/*.active
-data/conf/postfix/sni.map
-data/conf/postfix/sni.map.db
-data/conf/postfix/extra.cf
-data/conf/postfix/sql
-data/conf/postfix/custom_transport.pcre
-data/conf/postfix/custom_postscreen_whitelist.cidr
-data/conf/postfix/allow_mailcow_local.regexp
-data/conf/dovecot/sql
-data/conf/dovecot/lua
 data/conf/dovecot/global_sieve_*
-data/conf/dovecot/sogo_trusted_ip.conf
-data/conf/nextcloud-*.bak
-data/web/inc/vars.local.inc.php
-data/web/css/build/0081-custom-mailcow.css
-data/assets/ssl/*
-data/assets/ssl-example/*
-.vscode/*
-.idea
-*.iml
-data/web/.well-known/acme-challenge
-data/web/nextcloud*/
-data/web/rc*/
-data/conf/rspamd/local.d/*
-data/conf/rspamd/override.d/*
-!data/conf/nginx/dynmaps.conf
-!data/conf/nginx/site.conf
-!data/conf/nginx/meta_exporter.conf
-data/conf/nginx/*.conf
-data/conf/nginx/*.custom
-data/conf/nginx/*.bak
-data/conf/dovecot/acl_anyone
-data/conf/dovecot/mail_plugins*
 data/conf/dovecot/last_login
+data/conf/dovecot/lua
+data/conf/dovecot/mail_plugins*
+data/conf/dovecot/shared_namespace.conf
 data/conf/dovecot/sni.conf
 data/conf/dovecot/sogo-sso.conf
-data/conf/dovecot/extra.conf
+data/conf/dovecot/sogo_trusted_ip.conf
-data/conf/dovecot/shared_namespace.conf
+data/conf/dovecot/sql
-data/conf/rspamd/custom/*
+data/conf/ejabberd/autogen/*
+data/conf/nextcloud-*.bak
+data/conf/nginx/*.active
+data/conf/nginx/*.bak
+data/conf/nginx/*.conf
+data/conf/nginx/*.custom
+data/conf/phpfpm/sogo-sso/sogo-sso.pass
 data/conf/portainer/
-data/hooks/
+data/conf/postfix/allow_mailcow_local.regexp
+data/conf/postfix/custom_postscreen_whitelist.cidr
+data/conf/postfix/custom_transport.pcre
+data/conf/postfix/extra.cf
+data/conf/postfix/sni.map
+data/conf/postfix/sni.map.db
+data/conf/postfix/sql
+data/conf/rspamd/custom/*
+data/conf/rspamd/local.d/*
+data/conf/rspamd/override.d/*
+data/conf/sogo/plist_ldap
+data/conf/sogo/sieve.creds
+data/conf/sogo/sogo-full.svg
 data/gitea/
 data/gogs/
-data/conf/sogo/plist_ldap
+data/hooks/
-update_diffs/
+data/web/.well-known/acme-challenge
+data/web/css/build/0081-custom-mailcow.css
+data/web/inc/vars.local.inc.php
+data/web/nextcloud*/
+data/web/rc*/
 docker-compose.override.yml
+mailcow.conf
+mailcow.conf_backup
+rebuild-images.sh
 refresh_images.sh
-data/conf/sogo/sogo-full.svg
+update_diffs/
-data/conf/ejabberd/autogen/*

data/conf/ejabberd/ejabberd.yml

@@ -0,0 +1,218 @@
+loglevel: info
+
+auth_method: [external]
+auth_use_cache: false
+extauth_program: /var/www/authentication/authenticator
+
+include_config_file:
+  /ejabberd/ejabberd_api.yml
+
+include_config_file:
+  /ejabberd/ejabberd_acl.yml
+
+include_config_file:
+  /ejabberd/ejabberd_hosts.yml:
+    allow_only:
+      - hosts
+
+include_config_file:
+  /ejabberd/ejabberd_macros.yml:
+    allow_only:
+      - define_macro
+
+define_macro:
+  'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
+  'TLS_OPTIONS':
+    - "no_sslv3"
+    - "no_tlsv1"
+    - "no_tlsv1_1"
+    - "cipher_server_preference"
+    - "no_compression"
+
+new_sql_schema: true
+sql_type: sqlite
+sql_database: /sqlite/sqlite.db
+default_db: sql
+
+listen:
+  -
+    port: 5222
+    ip: "::"
+    module: ejabberd_c2s
+    max_stanza_size: 262144
+    shaper: c2s_shaper
+    access: c2s
+    starttls_required: true
+  -
+    port: 5269
+    ip: "::"
+    module: ejabberd_s2s_in
+    max_stanza_size: 524288
+  -
+    port: 5443
+    ip: "::"
+    module: ejabberd_http
+    tls: true
+    request_handlers:
+      /admin: ejabberd_web_admin
+      /api: mod_http_api
+      /captcha: ejabberd_captcha
+      /upload: mod_http_upload
+      /ws: ejabberd_http_ws
+  -
+    port: 5280
+    ip: "::"
+    module: ejabberd_http
+    request_handlers:
+      /admin: ejabberd_web_admin
+  -
+    module: ejabberd_http
+    port: 5281
+    request_handlers:
+      /.well-known/acme-challenge: ejabberd_acme
+  -
+    port: 1883
+    ip: "::"
+    module: mod_mqtt
+    backlog: 1000
+
+s2s_use_starttls: optional
+
+acme:
+  auto: true
+
+acl:
+  admin:
+    user:
+      - "admin": "localhost"
+  local:
+    user_regexp: ""
+  loopback:
+    ip:
+      - 127.0.0.0/8
+      - ::1/128
+
+access_rules:
+  local:
+    allow: local
+  c2s:
+    deny: blocked
+    allow: all
+  announce:
+    allow: admin
+  configure:
+    allow: admin
+  muc_create:
+    allow: local
+  pubsub_createnode:
+    allow: local
+  trusted_network:
+    allow: loopback
+
+api_permissions:
+  "console commands":
+    from:
+      - ejabberd_ctl
+    who: all
+    what: "*"
+  "admin access":
+    who:
+      access:
+        allow:
+          - acl: loopback
+          - acl: admin
+    what:
+      - "*"
+      - "!stop"
+      - "!start"
+
+shaper:
+  normal:
+    rate: 3000
+    burst_size: 20000
+  fast: 100000
+
+shaper_rules:
+  max_user_sessions: 10
+  max_user_offline_messages:
+    5000: admin
+    100: all
+  c2s_shaper:
+    none: admin
+    normal: all
+  s2s_shaper: fast
+
+modules:
+  mod_adhoc: {}
+  mod_admin_extra: {}
+  mod_announce:
+    access: announce
+  mod_avatar: {}
+  mod_blocking: {}
+  mod_caps: {}
+  mod_carboncopy: {}
+  mod_client_state: {}
+  mod_configure: {}
+  mod_disco: {}
+  mod_fail2ban: {}
+  mod_http_api: {}
+  mod_http_upload:
+    put_url: https://@HOST@:5443/upload
+    docroot: /var/www/upload
+    custom_headers:
+      "Access-Control-Allow-Origin": "https://@HOST@"
+      "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
+      "Access-Control-Allow-Headers": "Content-Type"
+  mod_last: {}
+  mod_mam:
+    clear_archive_on_room_destroy: true
+    default: roster
+  mod_mqtt: {}
+  mod_muc:
+    access:
+      - allow
+    access_admin:
+      - allow: admin
+    access_create: muc_create
+    access_persistent: muc_create
+    access_mam:
+      - allow
+    default_room_options:
+      mam: true
+  mod_muc_admin: {}
+  mod_offline:
+    access_max_user_messages: max_user_offline_messages
+  mod_ping: {}
+  mod_privacy: {}
+  mod_private: {}
+  mod_proxy65:
+    access: local
+    max_connections: 5
+  mod_pubsub:
+    access_createnode: pubsub_createnode
+    plugins:
+      - flat
+      - pep
+    force_node_config:
+      ## Avoid buggy clients to make their bookmarks public
+      storage:bookmarks:
+        access_model: whitelist
+  mod_push: {}
+  mod_push_keepalive: {}
+  mod_register:
+    ## Only accept registration requests from the "trusted"
+    ## network (see access_rules section above).
+    ## Think twice before enabling registration from any
+    ## address. See the Jabber SPAM Manifesto for details:
+    ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
+    ip_access: trusted_network
+  mod_roster:
+    versioning: true
+  mod_s2s_dialback: {}
+  mod_stream_mgmt:
+    resend_on_timeout: if_offline
+  mod_stun_disco: {}
+  mod_vcard: {}
+  mod_vcard_xupdate: {}
+  mod_version:
+    show_os: false