chat: major upgrade on debian package

This upgrade includes: * New configuration format for Ejabberd 16. * Support for chat installation on multitenancy environments (not yet available for every environment, only one). * Fix on odbcinst configuration.

chat: major upgrade on debian package
This upgrade includes: * New configuration format for Ejabberd 16. * Support for chat installation on multitenancy environments (not yet available for every environment, only one). * Fix on odbcinst configuration.
Rodrigo Souto
1 parent 98854f6f
Showing 8 changed files with 757 additions and 85 deletions Show diff stats
debian/control
debian/noosfero-chat.config
debian/noosfero-chat.install
debian/noosfero-chat.postinst
debian/noosfero-chat.templates
util/chat/ejabberd.cfg
util/chat/ejabberd.yml
util/chat/odbcinst.ini
@@ -107,7 +107,7 @@ Description: free web-based platform for social networks (apache frontend)
  
 Package: noosfero-chat
 Architecture: all
-Depends: noosfero (>= 1.2), ejabberd, odbc-postgresql, pidgin-data
+Depends: noosfero (>= 1.5.1), ejabberd (>= 16.06), odbc-postgresql, pidgin-data
 Description: free web-based platform for social networks (ejabberd based chat)
  Noosfero is a web platform for social and solidarity economy networks with
  blog, e-Porfolios, CMS, RSS, thematic discussion, events agenda and collective
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+if [ -f /usr/share/dbconfig-common/dpkg/config ]; then
+  # comma-separated, e.g. "mysql, pgsql, sqlite3"
+  dbc_dbtypes="pgsql"
+
+  . /usr/share/dbconfig-common/dpkg/config
+fi
+
+db_input high noosfero-chat/environment || true
+db_go
+
+db_input high noosfero-chat/admin || true
+db_go
+
 debian/default/noosfero-chat                etc/default
-util/chat/ejabberd.cfg                      etc/ejabberd
+util/chat/ejabberd.yml                      etc/ejabberd
 debian/update-noosfero-odbc                 usr/sbin
 etc/security/limits.d/noosfero-chat.conf    etc/security/limits.d
 etc/pam.d/noosfero-chat                     etc/pam.d
@@ -4,18 +4,32 @@ set -e
  
 . /usr/share/debconf/confmodule
  
-echo -n "Fetching noosfero domain ..."
-domain=$(noosfero-runner 'puts Environment.default.default_hostname(true)')
+db_get noosfero-chat/environment
+if [ ! -z "$RET" ]; then
+  environment="${RET}_production"
+else
+  environment="production"
+fi
+
+domain=$(noosfero-runner 'puts Environment.default.default_hostname(true)' $environment)
 echo " [domain = $domain]"
  
-ejabberd_config='/etc/ejabberd/ejabberd.cfg'
+db_get noosfero-chat/admin
+if [ ! -z "$RET" ]; then
+  admin="$RET@$domain"
+else
+  admin="admin@$domain"
+fi
+echo " [admin = $admin]"
+
+ejabberd_config='/etc/ejabberd/ejabberd.yml'
 if test -f $ejabberd_config; then
-  sed -i "s/acl, *\([^,]*\), *{user, *\([^,]*\), *[^}]*/acl, \1, {user, \2, \"$domain\"/" /etc/ejabberd/ejabberd.cfg
-  sed -i "s/hosts, *\[[^]]*/hosts, [\"$domain\"/" /etc/ejabberd/ejabberd.cfg
+  sed -i "s/HOST_DOMAIN/$domain/" /etc/ejabberd/ejabberd.yml
+  sed -i "s/ACL_ADMIN_ACCOUNT/$admin/" /etc/ejabberd/ejabberd.yml
 fi
  
 echo -n 'Fetching noosfero database name ...'
-noosfero_database=$(noosfero-runner 'puts Environment.connection_config[:database]')
+noosfero_database=$(noosfero-runner 'puts Environment.connection_config[:database]' $environment)
 echo " [database = $noosfero_database]"
  
 echo 'Creating ejabberd schema ...'
@@ -29,7 +43,7 @@ else
   echo " => GRANT CREATE ON DATABASE $noosfero_database TO $noosfero_user;"
 fi
  
-su - $noosfero_user -c 'rails dbconsole production < /usr/share/noosfero/util/chat/postgresql/ejabberd.sql > /dev/null'
+su - $noosfero_user -c "rails dbconsole $environment < /usr/share/noosfero/util/chat/postgresql/ejabberd.sql > /dev/null"
  
 if which update-noosfero-odbc &> /dev/null ; then
   update-noosfero-odbc
@@ -37,6 +51,7 @@ fi
  
 ejabberd_default='/etc/default/ejabberd'
 noosfero_chat_default='/etc/default/noosfero-chat'
+
 if test -f $ejabberd_default; then
   if ! cat $ejabberd_default | grep "^\. $noosfero_chat_default" > /dev/null ; then
     echo 'Extending ejabberd defaults with noosfero-chat defaults ...'
@@ -0,0 +1,19 @@
+Template: noosfero-chat/environment
+Type: string
+Description: Choose the environment in which the chat will be installed
+ Noosfero Chat currently does not support multitenancy environments. If your
+ system is using a multitenancy setup with multiple environments, you will need
+ to fill below the environment in which you want the chat installed
+ uses. For example, if your environment is 'social_production', you should
+ enter below 'social'.
+ .
+ If you are not using a multitenancy setup, you may leave this option blank, in
+ which case the used environment will be 'production'.
+
+Template: noosfero-chat/admin
+Type: string
+Description: Choose the admin of the chat
+ Enter the user identifier to define the user that will have administrator
+ privileges on the chat.
+ .
+ If you leave this option blank the user defined will be 'admin'.
@@ -1,74 +0,0 @@
-%%%
-%%%     Noosfero ejabberd configuration file
-%%%     This config must be in UTF-8 encoding
-%%%
-
-{acl, admin, {user, "admin", "mydomain.example.com"}}.
-{hosts, ["mydomain.example.com"]}.
-
-{loglevel, 4}.
-{listen,
- [
-  {5222, ejabberd_c2s, [
-			{access, c2s},
-			{shaper, c2s_shaper},
-			{max_stanza_size, 65536},
-			starttls, {certfile, "/etc/ejabberd/ejabberd.pem"}
-		       ]},
-  {5280, ejabberd_http, [
-			 http_bind,
-			 http_poll
-			]}
- ]}.
-{max_fsm_queue, 1000}.
-{auth_method, odbc}.
-{odbc_server, "DSN=PostgreSQLEjabberdNoosfero"}.
-{shaper, normal, {maxrate, 10000000}}.
-{shaper, fast, {maxrate, 50000}}.
-{acl, local, {user_regexp, ""}}.
-{access, max_user_sessions, [{10, all}]}.
-{access, local, [{allow, local}]}.
-{access, c2s, [{deny, blocked},
-	       {allow, all}]}.
-{access, c2s_shaper, [{none, admin},
-		      {normal, all}]}.
-{access, announce, [{allow, admin}]}.
-{access, configure, [{allow, admin}]}.
-{access, muc_admin, [{allow, admin}]}.
-{access, muc, [{allow, all}]}.
-{access, pubsub_createnode, [{allow, all}]}.
-{language, "pt"}.
-{modules,
- [
-  {mod_adhoc,    []},
-  {mod_announce, [{access, announce}]}, % requires mod_adhoc
-  {mod_caps,     []},
-  {mod_configure,[]}, % requires mod_adhoc
-  {mod_disco,    []},
-  {mod_last,     []},
-  {mod_muc,      [
-		  {access, muc},
-		  {access_create, muc},
-		  {access_persistent, muc},
-		  {access_admin, muc_admin},
-		  {max_users, 500},
-		  {default_room_options, [{anonymous, false}]}
-		 ]},
-  {mod_privacy_odbc,  []},
-  {mod_private_odbc,  []},
-  {mod_proxy65,  [
-		  {access, local},
-		  {shaper, c2s_shaper}
-		 ]},
-  {mod_roster_odbc,   []},
-  {mod_stats,    []},
-  {mod_time,     []},
-  {mod_vcard,    []},
-  {mod_http_bind,    []},
-  {mod_version,  []}
- ]}.
-
-%%% Local Variables:
-%%% mode: erlang
-%%% End:
-%%% vim: set filetype=erlang tabstop=8:
@@ -0,0 +1,694 @@
+###
+###'              ejabberd configuration file
+###
+###
+
+### The parameters used in this configuration file are explained in more detail
+### in the ejabberd Installation and Operation Guide.
+### Please consult the Guide in case of doubts, it is included with
+### your copy of ejabberd, and is also available online at
+### http://www.process-one.net/en/ejabberd/docs/
+
+### The configuration file is written in YAML.
+### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
+### However, ejabberd treats different literals as different types:
+###
+### - unquoted or single-quoted strings. They are called "atoms".
+###   Example: dog, 'Jupiter', '3.14159', YELLOW
+###
+### - numeric literals. Example: 3, -45.0, .0
+###
+### - quoted or folded strings.
+###   Examples of quoted string: "Lizzard", "orange".
+###   Example of folded string:
+###   > Art thou not Romeo,
+###     and a Montague?
+
+###.  =======
+###'  LOGGING
+
+##
+## loglevel: Verbosity of log files generated by ejabberd.
+## 0: No ejabberd log at all (not recommended)
+## 1: Critical
+## 2: Error
+## 3: Warning
+## 4: Info
+## 5: Debug
+##
+loglevel: 4
+
+##
+## rotation: Disable ejabberd's internal log rotation, as the Debian package
+## uses logrotate(8).
+log_rotate_size: 0
+log_rotate_date: ""
+
+##
+## overload protection: If you want to limit the number of messages per second
+## allowed from error_logger, which is a good idea if you want to avoid a flood
+## of messages when system is overloaded, you can set a limit.
+## 100 is ejabberd's default.
+log_rate_limit: 100
+
+##
+## watchdog_admins: Only useful for developers: if an ejabberd process
+## consumes a lot of memory, send live notifications to these XMPP
+## accounts.
+##
+## watchdog_admins:
+##   - "bob@example.com"
+
+###.  ===============
+###'  NODE PARAMETERS
+
+##
+## net_ticktime: Specifies net_kernel tick time in seconds. This options must have
+## identical value on all nodes, and in most cases shouldn't be changed at all from
+## default value.
+##
+## net_ticktime: 60
+
+###.  ================
+###'  SERVED HOSTNAMES
+
+##
+## hosts: Domains served by ejabberd.
+## You can define one or several, for example:
+## hosts: 
+##   - "example.net"
+##   - "example.com"
+##   - "example.org"
+##
+hosts:
+  - "HOST_DOMAIN"
+
+##
+## route_subdomains: Delegate subdomains to other XMPP servers.
+## For example, if this ejabberd serves example.org and you want
+## to allow communication with an XMPP server called im.example.org.
+##
+## route_subdomains: s2s
+
+###.  ===============
+###'  LISTENING PORTS
+
+##
+## listen: The ports ejabberd will listen on, which service each is handled
+## by and what options to start it with.
+##
+listen: 
+  - 
+    port: 5222
+    ip: "::"
+    module: ejabberd_c2s
+    ##
+    ## If TLS is compiled in and you installed a SSL
+    ## certificate, specify the full path to the
+    ## file and uncomment these lines:
+    ##
+    certfile: "/etc/ejabberd/ejabberd.pem"
+    starttls: true
+    ##
+    ## To enforce TLS encryption for client connections,
+    ## use this instead of the "starttls" option:
+    ##
+    ## starttls_required: true
+    ##
+    ## Custom OpenSSL options
+    ##
+    protocol_options:
+      - "no_sslv3"
+    ##   - "no_tlsv1"
+    max_stanza_size: 65536
+    shaper: c2s_shaper
+    access: c2s
+    zlib: true
+    resend_on_timeout: if_offline
+  - 
+    port: 5269
+    ip: "::"
+    module: ejabberd_s2s_in
+  ##
+  ## ejabberd_service: Interact with external components (transports, ...)
+  ##
+  ## - 
+  ##   port: 8888
+  ##   module: ejabberd_service
+  ##   access: all
+  ##   shaper_rule: fast
+  ##   ip: "127.0.0.1"
+  ##   hosts:
+  ##     "icq.example.org":
+  ##       password: "secret"
+  ##     "sms.example.org":
+  ##       password: "secret"
+
+  ##
+  ## ejabberd_stun: Handles STUN Binding requests
+  ##
+  ## - 
+  ##   port: 3478
+  ##   transport: udp
+  ##   module: ejabberd_stun
+
+  ##
+  ## To handle XML-RPC requests that provide admin credentials:
+  ##
+  ## - 
+  ##   port: 4560
+  ##   module: ejabberd_xmlrpc
+  ##   access_commands: {}
+  - 
+    port: 5280
+    ip: "::"
+    module: ejabberd_http
+    request_handlers:
+      "/websocket": ejabberd_http_ws
+    ##  "/pub/archive": mod_http_fileserver
+    web_admin: true
+    http_bind: true
+    http_poll: true
+    ## register: true
+    ## captcha: true
+    ## tls: true
+    ## certfile: "/etc/ejabberd/ejabberd.pem"
+
+## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
+## password storage (see auth_password_format option).
+disable_sasl_mechanisms: "digest-md5"
+
+###.  ==================
+###'  S2S GLOBAL OPTIONS
+
+##
+## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
+## Allowed values are: false optional required required_trusted
+## You must specify a certificate file.
+##
+s2s_use_starttls: optional
+
+##
+## s2s_certfile: Specify a certificate file.
+##
+s2s_certfile: "/etc/ejabberd/ejabberd.pem"
+
+## Custom OpenSSL options
+##
+s2s_protocol_options:
+  - "no_sslv3"
+##   - "no_tlsv1"
+
+##
+## domain_certfile: Specify a different certificate for each served hostname.
+##
+## host_config:
+##   "example.org":
+##     domain_certfile: "/path/to/example_org.pem"
+##   "example.com":
+##     domain_certfile: "/path/to/example_com.pem"
+
+##
+## S2S whitelist or blacklist
+##
+## Default s2s policy for undefined hosts.
+##
+## s2s_access: s2s
+
+##
+## Outgoing S2S options
+##
+## Preferred address families (which to try first) and connect timeout
+## in milliseconds.
+##
+## outgoing_s2s_families:
+##   - ipv4
+##   - ipv6
+## outgoing_s2s_timeout: 10000
+
+###.  ==============
+###'  AUTHENTICATION
+
+##
+## auth_method: Method used to authenticate the users.
+## The default method is the internal.
+## If you want to use a different method,
+## comment this line and enable the correct ones.
+##
+#auth_method: internal
+
+##
+## Store the plain passwords or hashed for SCRAM:
+## auth_password_format: plain
+## auth_password_format: scram
+##
+## Define the FQDN if ejabberd doesn't detect it:
+## fqdn: "server3.example.com"
+
+##
+## Authentication using external script
+## Make sure the script is executable by ejabberd.
+##
+## auth_method: external
+## extauth_program: "/path/to/authentication/script"
+
+##
+## Authentication using SQL
+## Remember to setup a database in the next section.
+##
+auth_method: sql
+
+##
+## Authentication using PAM
+##
+## auth_method: pam
+## pam_service: "pamservicename"
+
+##
+## Authentication using LDAP
+##
+## auth_method: ldap
+##
+## List of LDAP servers:
+## ldap_servers:
+##   - "localhost"
+##
+## Encryption of connection to LDAP servers:
+## ldap_encrypt: none
+## ldap_encrypt: tls
+##
+## Port to connect to on LDAP servers:
+## ldap_port: 389
+## ldap_port: 636
+##
+## LDAP manager:
+## ldap_rootdn: "dc=example,dc=com"
+##
+## Password of LDAP manager:
+## ldap_password: "******"
+##
+## Search base of LDAP directory:
+## ldap_base: "dc=example,dc=com"
+##
+## LDAP attribute that holds user ID:
+## ldap_uids:
+##   - "mail": "%u@mail.example.org"
+##
+## LDAP filter:
+## ldap_filter: "(objectClass=shadowAccount)"
+
+##
+## Anonymous login support:
+##   auth_method: anonymous
+##   anonymous_protocol: sasl_anon | login_anon | both
+##   allow_multiple_connections: true | false
+##
+## host_config:
+##   "public.example.org":
+##     auth_method: anonymous
+##     allow_multiple_connections: false
+##     anonymous_protocol: sasl_anon
+##
+## To use both anonymous and internal authentication:
+##
+## host_config:
+##   "public.example.org":
+##     auth_method:
+##       - internal
+##       - anonymous
+
+###.  ==============
+###'  DATABASE SETUP
+
+## ejabberd by default uses the internal Mnesia database,
+## so you do not necessarily need this section.
+## This section provides configuration examples in case
+## you want to use other database backends.
+## Please consult the ejabberd Guide for details on database creation.
+
+##
+## MySQL server:
+##
+## sql_type: mysql
+## sql_server: "server"
+## sql_database: "database"
+## sql_username: "username"
+## sql_password: "password"
+##
+## If you want to specify the port:
+## sql_port: 1234
+
+##
+## PostgreSQL server:
+##
+## sql_type: pgsql
+## sql_server: "server"
+## sql_database: "database"
+## sql_username: "username"
+## sql_password: "password"
+##
+## If you want to specify the port:
+## sql_port: 1234
+##
+## If you use PostgreSQL, have a large database, and need a
+## faster but inexact replacement for "select count(*) from users"
+##
+## pgsql_users_number_estimate: true
+
+##
+## SQLite:
+##
+## sql_type: sqlite
+## sql_database: "/path/to/database.db"
+
+##
+## ODBC compatible or MSSQL server:
+##
+sql_type: odbc
+sql_server: "DSN=PostgreSQLEjabberdNoosfero"
+
+##
+## Number of connections to open to the database for each virtual host
+##
+## sql_pool_size: 10
+
+##
+## Interval to make a dummy SQL request to keep the connections to the
+## database alive. Specify in seconds: for example 28800 means 8 hours
+##
+## sql_keepalive_interval: undefined
+
+###.  ===============
+###'  TRAFFIC SHAPERS
+
+shaper:
+  ##
+  ## The "normal" shaper limits traffic speed to 1000 B/s
+  ##
+  normal: 1000
+
+  ##
+  ## The "fast" shaper limits traffic speed to 50000 B/s
+  ##
+  fast: 50000
+
+##
+## This option specifies the maximum number of elements in the queue
+## of the FSM. Refer to the documentation for details.
+##
+max_fsm_queue: 1000
+
+###.   ====================
+###'   ACCESS CONTROL LISTS
+acl:
+  ##
+  ## The 'admin' ACL grants administrative privileges to XMPP accounts.
+  ## You can put here as many accounts as you want.
+  ##
+  admin:
+     user:
+       - "ACL_ADMIN_ACCOUNT"
+
+  ##
+  ## Blocked users
+  ##
+  ## blocked:
+  ##   user:
+  ##     - "baduser@example.org"
+  ##     - "test"
+
+  ## Local users: don't modify this.
+  ##
+  local: 
+    user_regexp: ""
+
+  ##
+  ## More examples of ACLs
+  ##
+  ## jabberorg:
+  ##   server:
+  ##     - "jabber.org"
+  ## aleksey:
+  ##   user:
+  ##     - "aleksey@jabber.ru"
+  ## test:
+  ##   user_regexp: "^test"
+  ##   user_glob: "test*"
+
+  ##
+  ## Loopback network
+  ##
+  loopback:
+    ip:
+      - "127.0.0.0/8"
+
+  ##
+  ## Bad XMPP servers
+  ##
+  ## bad_servers:
+  ##   server:
+  ##     - "xmpp.zombie.org"
+  ##     - "xmpp.spam.com"
+
+##
+## Define specific ACLs in a virtual host.
+##
+## host_config:
+##   "localhost":
+##     acl:
+##       admin:
+##         user:
+##           - "bob-local@localhost"
+
+###.  ============
+###'  SHAPER RULES
+
+shaper_rules:
+  ## Maximum number of simultaneous sessions allowed for a single user:
+  max_user_sessions: 10
+  ## Maximum number of offline messages that users can have:
+  max_user_offline_messages:
+    - 5000: admin
+    - 100
+  ## For C2S connections, all users except admins use the "normal" shaper
+  c2s_shaper:
+    - none: admin
+    - normal
+  ## All S2S connections use the "fast" shaper
+  s2s_shaper: fast
+
+###.  ============
+###'  ACCESS RULES
+access_rules:
+  ## This rule allows access only for local users:
+  local:
+    - allow: local
+  ## Only non-blocked users can use c2s connections:
+  c2s:
+    - deny: blocked
+    - allow
+  ## Only admins can send announcement messages:
+  announce:
+    - allow: admin
+  ## Only admins can use the configuration interface:
+  configure: 
+    - allow: admin
+  muc_admin: 
+    - allow: admin
+  ## Only accounts of the local ejabberd server can create rooms:
+  muc_create: 
+    - allow: local
+  muc: 
+    - allow
+  ## Only accounts on the local ejabberd server can create Pubsub nodes:
+  pubsub_createnode: 
+    - allow: local
+  ## In-band registration allows registration of any possible username.
+  ## To disable in-band registration, replace 'allow' with 'deny'.
+  register: 
+    - allow
+  ## Only allow to register from localhost
+  trusted_network: 
+    - allow: loopback
+  ## Do not establish S2S connections with bad servers
+  ## s2s: 
+  ##   - deny:
+  ##     - ip: "XXX.XXX.XXX.XXX/32"
+  ##   - deny:
+  ##     - ip: "XXX.XXX.XXX.XXX/32"
+  ##   - allow
+
+## By default the frequency of account registrations from the same IP
+## is limited to 1 account every 10 minutes. To disable, specify: infinity
+## registration_timeout: 600
+  
+##
+## Define specific Access Rules in a virtual host.
+##
+## host_config:
+##   "localhost":
+##     access:
+##       c2s:
+##         - allow: admin
+##         - deny
+##       register:
+##         - deny
+
+###.  ================
+###'  DEFAULT LANGUAGE
+
+##
+## language: Default language used for server messages.
+##
+language: "pt"
+
+##
+## Set a different default language in a virtual host.
+##
+## host_config:
+##   "localhost":
+##     language: "ru"
+
+###.  =======
+###'  CAPTCHA
+
+##
+## Full path to a script that generates the image.
+##
+## captcha_cmd: "/usr/share/ejabberd/captcha.sh"
+
+##
+## Host for the URL and port where ejabberd listens for CAPTCHA requests.
+##
+## captcha_host: "example.org:5280"
+
+##
+## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
+##
+## captcha_limit: 5
+
+###.  =======
+###'  MODULES
+
+##
+## Modules enabled in all ejabberd virtual hosts.
+##
+modules:
+  mod_adhoc: {}
+  mod_admin_extra: {}
+  mod_announce: # recommends mod_adhoc
+    access: announce
+  mod_blocking: {} # requires mod_privacy
+  mod_caps: {}
+  mod_carboncopy: {}
+  mod_client_state: {}
+  mod_configure: {} # requires mod_adhoc
+  mod_disco: {}
+  mod_echo: {}
+  mod_irc: {}
+  mod_http_bind: {}
+  ## mod_http_fileserver:
+  ##   docroot: "/var/www"
+  ##   accesslog: "/var/log/ejabberd/access.log"
+  mod_last: {}
+  mod_muc:
+    ## host: "conference.@HOST@"
+    access:
+      - allow
+    access_create: muc_create
+    access_persistent: muc_create
+    access_admin: muc_admin
+    default_room_options:
+      anonymous: false
+  ## mod_muc_log: {}
+  mod_muc_admin: {}
+  ## mod_multicast: {}
+  mod_offline:
+    access_max_user_messages: max_user_offline_messages
+  mod_ping: {}
+  ## mod_pres_counter:
+  ##   count: 5
+  ##   interval: 60
+  mod_privacy:
+    db_type: sql
+  mod_private:
+    db_type: sql
+  mod_proxy65:
+    access: local
+    shaper: c2s_shaper
+  mod_pubsub: 
+    access_createnode: pubsub_createnode
+    ## reduces resource comsumption, but XEP incompliant
+    ignore_pep_from_offline: true
+    ## XEP compliant, but increases resource comsumption
+    ## ignore_pep_from_offline: false
+    last_item_cache: false
+    plugins: 
+      - "flat"
+      - "hometree"
+      - "pep" # pep requires mod_caps
+  ## mod_register:
+    ##
+    ## Protect In-Band account registrations with CAPTCHA.
+    ##
+    ##   captcha_protected: true
+    ##
+    ## Set the minimum informational entropy for passwords.
+    ##
+    ##   password_strength: 32
+    ##
+    ## After successful registration, the user receives
+    ## a message with this subject and body.
+    ##
+    ##   welcome_message:
+    ##     subject: "Welcome!"
+    ##     body: |-
+    ##       Hi.
+    ##       Welcome to this XMPP server.
+    ##
+    ## When a user registers, send a notification to
+    ## these XMPP accounts.
+    ##
+    ##   registration_watchers:
+    ##     - "admin1@example.org"
+    ##
+    ## Only clients in the server machine can register accounts
+    ##
+    ##   ip_access: trusted_network
+    ##
+    ## Local c2s or remote s2s users cannot register accounts
+    ##
+    ##   access_from: deny
+    ##   access: register
+  mod_roster:
+    db_type: odbc
+  mod_shared_roster: {}
+  mod_stats: {}
+  mod_time: {}
+  mod_vcard:
+    search: false
+  mod_version: {}
+
+##
+## Enable modules with custom options in a specific virtual host
+##
+## host_config:
+##   "localhost":
+##     modules:
+##       mod_echo:
+##         host: "mirror.localhost"
+
+##
+## Enable modules management via ejabberdctl for installation and
+## uninstallation of public/private contributed modules
+## (enabled by default)
+##
+
+allow_contrib_modules: true
+
+###.
+###'
+### Local Variables:
+### mode: yaml
+### End:
+### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
 [PostgreSQL Unicode]
 Description = PostgreSQL ODBC driver (Unicode version)
-Driver      = /usr/lib/odbc/psqlodbcw.so
-Setup       = /usr/lib/odbc/libodbcpsqlS.so
+Driver      = psqlodbcw.so
+Setup       = libodbcpsqlS.so
 Debug       = 0
 CommLog     = 1
 UsageCount  = 3
...	...	@@ -107,7 +107,7 @@ Description: free web-based platform for social networks (apache frontend)
107	107
108	108	Package: noosfero-chat
109	109	Architecture: all
110		-Depends: noosfero (>= 1.2), ejabberd, odbc-postgresql, pidgin-data
	110	+Depends: noosfero (>= 1.5.1), ejabberd (>= 16.06), odbc-postgresql, pidgin-data
111	111	Description: free web-based platform for social networks (ejabberd based chat)
112	112	Noosfero is a web platform for social and solidarity economy networks with
113	113	blog, e-Porfolios, CMS, RSS, thematic discussion, events agenda and collective
...	...
...	...	@@ -0,0 +1,18 @@
	1	+#!/bin/sh
	2	+
	3	+set -e
	4	+
	5	+. /usr/share/debconf/confmodule
	6	+if [ -f /usr/share/dbconfig-common/dpkg/config ]; then
	7	+ # comma-separated, e.g. "mysql, pgsql, sqlite3"
	8	+ dbc_dbtypes="pgsql"
	9	+
	10	+ . /usr/share/dbconfig-common/dpkg/config
	11	+fi
	12	+
	13	+db_input high noosfero-chat/environment \|\| true
	14	+db_go
	15	+
	16	+db_input high noosfero-chat/admin \|\| true
	17	+db_go
	18	+
...	...
1	1	debian/default/noosfero-chat etc/default
2		-util/chat/ejabberd.cfg etc/ejabberd
	2	+util/chat/ejabberd.yml etc/ejabberd
3	3	debian/update-noosfero-odbc usr/sbin
4	4	etc/security/limits.d/noosfero-chat.conf etc/security/limits.d
5	5	etc/pam.d/noosfero-chat etc/pam.d
...	...
...	...	@@ -4,18 +4,32 @@ set -e
4	4
5	5	. /usr/share/debconf/confmodule
6	6
7		-echo -n "Fetching noosfero domain ..."
8		-domain=$(noosfero-runner 'puts Environment.default.default_hostname(true)')
	7	+db_get noosfero-chat/environment
	8	+if [ ! -z "$RET" ]; then
	9	+ environment="${RET}_production"
	10	+else
	11	+ environment="production"
	12	+fi
	13	+
	14	+domain=$(noosfero-runner 'puts Environment.default.default_hostname(true)' $environment)
9	15	echo " [domain = $domain]"
10	16
11		-ejabberd_config='/etc/ejabberd/ejabberd.cfg'
	17	+db_get noosfero-chat/admin
	18	+if [ ! -z "$RET" ]; then
	19	+ admin="$RET@$domain"
	20	+else
	21	+ admin="admin@$domain"
	22	+fi
	23	+echo " [admin = $admin]"
	24	+
	25	+ejabberd_config='/etc/ejabberd/ejabberd.yml'
12	26	if test -f $ejabberd_config; then
13		- sed -i "s/acl, \([^,]\), {user, \([^,]\), [^}]*/acl, \1, {user, \2, \"$domain\"/" /etc/ejabberd/ejabberd.cfg
14		- sed -i "s/hosts, \[[^]]/hosts, [\"$domain\"/" /etc/ejabberd/ejabberd.cfg
	27	+ sed -i "s/HOST_DOMAIN/$domain/" /etc/ejabberd/ejabberd.yml
	28	+ sed -i "s/ACL_ADMIN_ACCOUNT/$admin/" /etc/ejabberd/ejabberd.yml
15	29	fi
16	30
17	31	echo -n 'Fetching noosfero database name ...'
18		-noosfero_database=$(noosfero-runner 'puts Environment.connection_config[:database]')
	32	+noosfero_database=$(noosfero-runner 'puts Environment.connection_config[:database]' $environment)
19	33	echo " [database = $noosfero_database]"
20	34
21	35	echo 'Creating ejabberd schema ...'
...	...	@@ -29,7 +43,7 @@ else
29	43	echo " => GRANT CREATE ON DATABASE $noosfero_database TO $noosfero_user;"
30	44	fi
31	45
32		-su - $noosfero_user -c 'rails dbconsole production < /usr/share/noosfero/util/chat/postgresql/ejabberd.sql > /dev/null'
	46	+su - $noosfero_user -c "rails dbconsole $environment < /usr/share/noosfero/util/chat/postgresql/ejabberd.sql > /dev/null"
33	47
34	48	if which update-noosfero-odbc &> /dev/null ; then
35	49	update-noosfero-odbc
...	...	@@ -37,6 +51,7 @@ fi
37	51
38	52	ejabberd_default='/etc/default/ejabberd'
39	53	noosfero_chat_default='/etc/default/noosfero-chat'
	54	+
40	55	if test -f $ejabberd_default; then
41	56	if ! cat $ejabberd_default \| grep "^\. $noosfero_chat_default" > /dev/null ; then
42	57	echo 'Extending ejabberd defaults with noosfero-chat defaults ...'
...	...
...	...	@@ -0,0 +1,19 @@
	1	+Template: noosfero-chat/environment
	2	+Type: string
	3	+Description: Choose the environment in which the chat will be installed
	4	+ Noosfero Chat currently does not support multitenancy environments. If your
	5	+ system is using a multitenancy setup with multiple environments, you will need
	6	+ to fill below the environment in which you want the chat installed
	7	+ uses. For example, if your environment is 'social_production', you should
	8	+ enter below 'social'.
	9	+ .
	10	+ If you are not using a multitenancy setup, you may leave this option blank, in
	11	+ which case the used environment will be 'production'.
	12	+
	13	+Template: noosfero-chat/admin
	14	+Type: string
	15	+Description: Choose the admin of the chat
	16	+ Enter the user identifier to define the user that will have administrator
	17	+ privileges on the chat.
	18	+ .
	19	+ If you leave this option blank the user defined will be 'admin'.
...	...
...	...	@@ -1,74 +0,0 @@
1		-%%%
2		-%%% Noosfero ejabberd configuration file
3		-%%% This config must be in UTF-8 encoding
4		-%%%
5		-
6		-{acl, admin, {user, "admin", "mydomain.example.com"}}.
7		-{hosts, ["mydomain.example.com"]}.
8		-
9		-{loglevel, 4}.
10		-{listen,
11		- [
12		- {5222, ejabberd_c2s, [
13		- {access, c2s},
14		- {shaper, c2s_shaper},
15		- {max_stanza_size, 65536},
16		- starttls, {certfile, "/etc/ejabberd/ejabberd.pem"}
17		- ]},
18		- {5280, ejabberd_http, [
19		- http_bind,
20		- http_poll
21		- ]}
22		- ]}.
23		-{max_fsm_queue, 1000}.
24		-{auth_method, odbc}.
25		-{odbc_server, "DSN=PostgreSQLEjabberdNoosfero"}.
26		-{shaper, normal, {maxrate, 10000000}}.
27		-{shaper, fast, {maxrate, 50000}}.
28		-{acl, local, {user_regexp, ""}}.
29		-{access, max_user_sessions, [{10, all}]}.
30		-{access, local, [{allow, local}]}.
31		-{access, c2s, [{deny, blocked},
32		- {allow, all}]}.
33		-{access, c2s_shaper, [{none, admin},
34		- {normal, all}]}.
35		-{access, announce, [{allow, admin}]}.
36		-{access, configure, [{allow, admin}]}.
37		-{access, muc_admin, [{allow, admin}]}.
38		-{access, muc, [{allow, all}]}.
39		-{access, pubsub_createnode, [{allow, all}]}.
40		-{language, "pt"}.
41		-{modules,
42		- [
43		- {mod_adhoc, []},
44		- {mod_announce, [{access, announce}]}, % requires mod_adhoc
45		- {mod_caps, []},
46		- {mod_configure,[]}, % requires mod_adhoc
47		- {mod_disco, []},
48		- {mod_last, []},
49		- {mod_muc, [
50		- {access, muc},
51		- {access_create, muc},
52		- {access_persistent, muc},
53		- {access_admin, muc_admin},
54		- {max_users, 500},
55		- {default_room_options, [{anonymous, false}]}
56		- ]},
57		- {mod_privacy_odbc, []},
58		- {mod_private_odbc, []},
59		- {mod_proxy65, [
60		- {access, local},
61		- {shaper, c2s_shaper}
62		- ]},
63		- {mod_roster_odbc, []},
64		- {mod_stats, []},
65		- {mod_time, []},
66		- {mod_vcard, []},
67		- {mod_http_bind, []},
68		- {mod_version, []}
69		- ]}.
70		-
71		-%%% Local Variables:
72		-%%% mode: erlang
73		-%%% End:
74		-%%% vim: set filetype=erlang tabstop=8:
...	...	@@ -0,0 +1,694 @@
	1	+###
	2	+###' ejabberd configuration file
	3	+###
	4	+###
	5	+
	6	+### The parameters used in this configuration file are explained in more detail
	7	+### in the ejabberd Installation and Operation Guide.
	8	+### Please consult the Guide in case of doubts, it is included with
	9	+### your copy of ejabberd, and is also available online at
	10	+### http://www.process-one.net/en/ejabberd/docs/
	11	+
	12	+### The configuration file is written in YAML.
	13	+### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
	14	+### However, ejabberd treats different literals as different types:
	15	+###
	16	+### - unquoted or single-quoted strings. They are called "atoms".
	17	+### Example: dog, 'Jupiter', '3.14159', YELLOW
	18	+###
	19	+### - numeric literals. Example: 3, -45.0, .0
	20	+###
	21	+### - quoted or folded strings.
	22	+### Examples of quoted string: "Lizzard", "orange".
	23	+### Example of folded string:
	24	+### > Art thou not Romeo,
	25	+### and a Montague?
	26	+
	27	+###. =======
	28	+###' LOGGING
	29	+
	30	+##
	31	+## loglevel: Verbosity of log files generated by ejabberd.
	32	+## 0: No ejabberd log at all (not recommended)
	33	+## 1: Critical
	34	+## 2: Error
	35	+## 3: Warning
	36	+## 4: Info
	37	+## 5: Debug
	38	+##
	39	+loglevel: 4
	40	+
	41	+##
	42	+## rotation: Disable ejabberd's internal log rotation, as the Debian package
	43	+## uses logrotate(8).
	44	+log_rotate_size: 0
	45	+log_rotate_date: ""
	46	+
	47	+##
	48	+## overload protection: If you want to limit the number of messages per second
	49	+## allowed from error_logger, which is a good idea if you want to avoid a flood
	50	+## of messages when system is overloaded, you can set a limit.
	51	+## 100 is ejabberd's default.
	52	+log_rate_limit: 100
	53	+
	54	+##
	55	+## watchdog_admins: Only useful for developers: if an ejabberd process
	56	+## consumes a lot of memory, send live notifications to these XMPP
	57	+## accounts.
	58	+##
	59	+## watchdog_admins:
	60	+## - "bob@example.com"
	61	+
	62	+###. ===============
	63	+###' NODE PARAMETERS
	64	+
	65	+##
	66	+## net_ticktime: Specifies net_kernel tick time in seconds. This options must have
	67	+## identical value on all nodes, and in most cases shouldn't be changed at all from
	68	+## default value.
	69	+##
	70	+## net_ticktime: 60
	71	+
	72	+###. ================
	73	+###' SERVED HOSTNAMES
	74	+
	75	+##
	76	+## hosts: Domains served by ejabberd.
	77	+## You can define one or several, for example:
	78	+## hosts:
	79	+## - "example.net"
	80	+## - "example.com"
	81	+## - "example.org"
	82	+##
	83	+hosts:
	84	+ - "HOST_DOMAIN"
	85	+
	86	+##
	87	+## route_subdomains: Delegate subdomains to other XMPP servers.
	88	+## For example, if this ejabberd serves example.org and you want
	89	+## to allow communication with an XMPP server called im.example.org.
	90	+##
	91	+## route_subdomains: s2s
	92	+
	93	+###. ===============
	94	+###' LISTENING PORTS
	95	+
	96	+##
	97	+## listen: The ports ejabberd will listen on, which service each is handled
	98	+## by and what options to start it with.
	99	+##
	100	+listen:
	101	+ -
	102	+ port: 5222
	103	+ ip: "::"
	104	+ module: ejabberd_c2s
	105	+ ##
	106	+ ## If TLS is compiled in and you installed a SSL
	107	+ ## certificate, specify the full path to the
	108	+ ## file and uncomment these lines:
	109	+ ##
	110	+ certfile: "/etc/ejabberd/ejabberd.pem"
	111	+ starttls: true
	112	+ ##
	113	+ ## To enforce TLS encryption for client connections,
	114	+ ## use this instead of the "starttls" option:
	115	+ ##
	116	+ ## starttls_required: true
	117	+ ##
	118	+ ## Custom OpenSSL options
	119	+ ##
	120	+ protocol_options:
	121	+ - "no_sslv3"
	122	+ ## - "no_tlsv1"
	123	+ max_stanza_size: 65536
	124	+ shaper: c2s_shaper
	125	+ access: c2s
	126	+ zlib: true
	127	+ resend_on_timeout: if_offline
	128	+ -
	129	+ port: 5269
	130	+ ip: "::"
	131	+ module: ejabberd_s2s_in
	132	+ ##
	133	+ ## ejabberd_service: Interact with external components (transports, ...)
	134	+ ##
	135	+ ## -
	136	+ ## port: 8888
	137	+ ## module: ejabberd_service
	138	+ ## access: all
	139	+ ## shaper_rule: fast
	140	+ ## ip: "127.0.0.1"
	141	+ ## hosts:
	142	+ ## "icq.example.org":
	143	+ ## password: "secret"
	144	+ ## "sms.example.org":
	145	+ ## password: "secret"
	146	+
	147	+ ##
	148	+ ## ejabberd_stun: Handles STUN Binding requests
	149	+ ##
	150	+ ## -
	151	+ ## port: 3478
	152	+ ## transport: udp
	153	+ ## module: ejabberd_stun
	154	+
	155	+ ##
	156	+ ## To handle XML-RPC requests that provide admin credentials:
	157	+ ##
	158	+ ## -
	159	+ ## port: 4560
	160	+ ## module: ejabberd_xmlrpc
	161	+ ## access_commands: {}
	162	+ -
	163	+ port: 5280
	164	+ ip: "::"
	165	+ module: ejabberd_http
	166	+ request_handlers:
	167	+ "/websocket": ejabberd_http_ws
	168	+ ## "/pub/archive": mod_http_fileserver
	169	+ web_admin: true
	170	+ http_bind: true
	171	+ http_poll: true
	172	+ ## register: true
	173	+ ## captcha: true
	174	+ ## tls: true
	175	+ ## certfile: "/etc/ejabberd/ejabberd.pem"
	176	+
	177	+## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
	178	+## password storage (see auth_password_format option).
	179	+disable_sasl_mechanisms: "digest-md5"
	180	+
	181	+###. ==================
	182	+###' S2S GLOBAL OPTIONS
	183	+
	184	+##
	185	+## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
	186	+## Allowed values are: false optional required required_trusted
	187	+## You must specify a certificate file.
	188	+##
	189	+s2s_use_starttls: optional
	190	+
	191	+##
	192	+## s2s_certfile: Specify a certificate file.
	193	+##
	194	+s2s_certfile: "/etc/ejabberd/ejabberd.pem"
	195	+
	196	+## Custom OpenSSL options
	197	+##
	198	+s2s_protocol_options:
	199	+ - "no_sslv3"
	200	+## - "no_tlsv1"
	201	+
	202	+##
	203	+## domain_certfile: Specify a different certificate for each served hostname.
	204	+##
	205	+## host_config:
	206	+## "example.org":
	207	+## domain_certfile: "/path/to/example_org.pem"
	208	+## "example.com":
	209	+## domain_certfile: "/path/to/example_com.pem"
	210	+
	211	+##
	212	+## S2S whitelist or blacklist
	213	+##
	214	+## Default s2s policy for undefined hosts.
	215	+##
	216	+## s2s_access: s2s
	217	+
	218	+##
	219	+## Outgoing S2S options
	220	+##
	221	+## Preferred address families (which to try first) and connect timeout
	222	+## in milliseconds.
	223	+##
	224	+## outgoing_s2s_families:
	225	+## - ipv4
	226	+## - ipv6
	227	+## outgoing_s2s_timeout: 10000
	228	+
	229	+###. ==============
	230	+###' AUTHENTICATION
	231	+
	232	+##
	233	+## auth_method: Method used to authenticate the users.
	234	+## The default method is the internal.
	235	+## If you want to use a different method,
	236	+## comment this line and enable the correct ones.
	237	+##
	238	+#auth_method: internal
	239	+
	240	+##
	241	+## Store the plain passwords or hashed for SCRAM:
	242	+## auth_password_format: plain
	243	+## auth_password_format: scram
	244	+##
	245	+## Define the FQDN if ejabberd doesn't detect it:
	246	+## fqdn: "server3.example.com"
	247	+
	248	+##
	249	+## Authentication using external script
	250	+## Make sure the script is executable by ejabberd.
	251	+##
	252	+## auth_method: external
	253	+## extauth_program: "/path/to/authentication/script"
	254	+
	255	+##
	256	+## Authentication using SQL
	257	+## Remember to setup a database in the next section.
	258	+##
	259	+auth_method: sql
	260	+
	261	+##
	262	+## Authentication using PAM
	263	+##
	264	+## auth_method: pam
	265	+## pam_service: "pamservicename"
	266	+
	267	+##
	268	+## Authentication using LDAP
	269	+##
	270	+## auth_method: ldap
	271	+##
	272	+## List of LDAP servers:
	273	+## ldap_servers:
	274	+## - "localhost"
	275	+##
	276	+## Encryption of connection to LDAP servers:
	277	+## ldap_encrypt: none
	278	+## ldap_encrypt: tls
	279	+##
	280	+## Port to connect to on LDAP servers:
	281	+## ldap_port: 389
	282	+## ldap_port: 636
	283	+##
	284	+## LDAP manager:
	285	+## ldap_rootdn: "dc=example,dc=com"
	286	+##
	287	+## Password of LDAP manager:
	288	+## ldap_password: "******"
	289	+##
	290	+## Search base of LDAP directory:
	291	+## ldap_base: "dc=example,dc=com"
	292	+##
	293	+## LDAP attribute that holds user ID:
	294	+## ldap_uids:
	295	+## - "mail": "%u@mail.example.org"
	296	+##
	297	+## LDAP filter:
	298	+## ldap_filter: "(objectClass=shadowAccount)"
	299	+
	300	+##
	301	+## Anonymous login support:
	302	+## auth_method: anonymous
	303	+## anonymous_protocol: sasl_anon \| login_anon \| both
	304	+## allow_multiple_connections: true \| false
	305	+##
	306	+## host_config:
	307	+## "public.example.org":
	308	+## auth_method: anonymous
	309	+## allow_multiple_connections: false
	310	+## anonymous_protocol: sasl_anon
	311	+##
	312	+## To use both anonymous and internal authentication:
	313	+##
	314	+## host_config:
	315	+## "public.example.org":
	316	+## auth_method:
	317	+## - internal
	318	+## - anonymous
	319	+
	320	+###. ==============
	321	+###' DATABASE SETUP
	322	+
	323	+## ejabberd by default uses the internal Mnesia database,
	324	+## so you do not necessarily need this section.
	325	+## This section provides configuration examples in case
	326	+## you want to use other database backends.
	327	+## Please consult the ejabberd Guide for details on database creation.
	328	+
	329	+##
	330	+## MySQL server:
	331	+##
	332	+## sql_type: mysql
	333	+## sql_server: "server"
	334	+## sql_database: "database"
	335	+## sql_username: "username"
	336	+## sql_password: "password"
	337	+##
	338	+## If you want to specify the port:
	339	+## sql_port: 1234
	340	+
	341	+##
	342	+## PostgreSQL server:
	343	+##
	344	+## sql_type: pgsql
	345	+## sql_server: "server"
	346	+## sql_database: "database"
	347	+## sql_username: "username"
	348	+## sql_password: "password"
	349	+##
	350	+## If you want to specify the port:
	351	+## sql_port: 1234
	352	+##
	353	+## If you use PostgreSQL, have a large database, and need a
	354	+## faster but inexact replacement for "select count(*) from users"
	355	+##
	356	+## pgsql_users_number_estimate: true
	357	+
	358	+##
	359	+## SQLite:
	360	+##
	361	+## sql_type: sqlite
	362	+## sql_database: "/path/to/database.db"
	363	+
	364	+##
	365	+## ODBC compatible or MSSQL server:
	366	+##
	367	+sql_type: odbc
	368	+sql_server: "DSN=PostgreSQLEjabberdNoosfero"
	369	+
	370	+##
	371	+## Number of connections to open to the database for each virtual host
	372	+##
	373	+## sql_pool_size: 10
	374	+
	375	+##
	376	+## Interval to make a dummy SQL request to keep the connections to the
	377	+## database alive. Specify in seconds: for example 28800 means 8 hours
	378	+##
	379	+## sql_keepalive_interval: undefined
	380	+
	381	+###. ===============
	382	+###' TRAFFIC SHAPERS
	383	+
	384	+shaper:
	385	+ ##
	386	+ ## The "normal" shaper limits traffic speed to 1000 B/s
	387	+ ##
	388	+ normal: 1000
	389	+
	390	+ ##
	391	+ ## The "fast" shaper limits traffic speed to 50000 B/s
	392	+ ##
	393	+ fast: 50000
	394	+
	395	+##
	396	+## This option specifies the maximum number of elements in the queue
	397	+## of the FSM. Refer to the documentation for details.
	398	+##
	399	+max_fsm_queue: 1000
	400	+
	401	+###. ====================
	402	+###' ACCESS CONTROL LISTS
	403	+acl:
	404	+ ##
	405	+ ## The 'admin' ACL grants administrative privileges to XMPP accounts.
	406	+ ## You can put here as many accounts as you want.
	407	+ ##
	408	+ admin:
	409	+ user:
	410	+ - "ACL_ADMIN_ACCOUNT"
	411	+
	412	+ ##
	413	+ ## Blocked users
	414	+ ##
	415	+ ## blocked:
	416	+ ## user:
	417	+ ## - "baduser@example.org"
	418	+ ## - "test"
	419	+
	420	+ ## Local users: don't modify this.
	421	+ ##
	422	+ local:
	423	+ user_regexp: ""
	424	+
	425	+ ##
	426	+ ## More examples of ACLs
	427	+ ##
	428	+ ## jabberorg:
	429	+ ## server:
	430	+ ## - "jabber.org"
	431	+ ## aleksey:
	432	+ ## user:
	433	+ ## - "aleksey@jabber.ru"
	434	+ ## test:
	435	+ ## user_regexp: "^test"
	436	+ ## user_glob: "test*"
	437	+
	438	+ ##
	439	+ ## Loopback network
	440	+ ##
	441	+ loopback:
	442	+ ip:
	443	+ - "127.0.0.0/8"
	444	+
	445	+ ##
	446	+ ## Bad XMPP servers
	447	+ ##
	448	+ ## bad_servers:
	449	+ ## server:
	450	+ ## - "xmpp.zombie.org"
	451	+ ## - "xmpp.spam.com"
	452	+
	453	+##
	454	+## Define specific ACLs in a virtual host.
	455	+##
	456	+## host_config:
	457	+## "localhost":
	458	+## acl:
	459	+## admin:
	460	+## user:
	461	+## - "bob-local@localhost"
	462	+
	463	+###. ============
	464	+###' SHAPER RULES
	465	+
	466	+shaper_rules:
	467	+ ## Maximum number of simultaneous sessions allowed for a single user:
	468	+ max_user_sessions: 10
	469	+ ## Maximum number of offline messages that users can have:
	470	+ max_user_offline_messages:
	471	+ - 5000: admin
	472	+ - 100
	473	+ ## For C2S connections, all users except admins use the "normal" shaper
	474	+ c2s_shaper:
	475	+ - none: admin
	476	+ - normal
	477	+ ## All S2S connections use the "fast" shaper
	478	+ s2s_shaper: fast
	479	+
	480	+###. ============
	481	+###' ACCESS RULES
	482	+access_rules:
	483	+ ## This rule allows access only for local users:
	484	+ local:
	485	+ - allow: local
	486	+ ## Only non-blocked users can use c2s connections:
	487	+ c2s:
	488	+ - deny: blocked
	489	+ - allow
	490	+ ## Only admins can send announcement messages:
	491	+ announce:
	492	+ - allow: admin
	493	+ ## Only admins can use the configuration interface:
	494	+ configure:
	495	+ - allow: admin
	496	+ muc_admin:
	497	+ - allow: admin
	498	+ ## Only accounts of the local ejabberd server can create rooms:
	499	+ muc_create:
	500	+ - allow: local
	501	+ muc:
	502	+ - allow
	503	+ ## Only accounts on the local ejabberd server can create Pubsub nodes:
	504	+ pubsub_createnode:
	505	+ - allow: local
	506	+ ## In-band registration allows registration of any possible username.
	507	+ ## To disable in-band registration, replace 'allow' with 'deny'.
	508	+ register:
	509	+ - allow
	510	+ ## Only allow to register from localhost
	511	+ trusted_network:
	512	+ - allow: loopback
	513	+ ## Do not establish S2S connections with bad servers
	514	+ ## s2s:
	515	+ ## - deny:
	516	+ ## - ip: "XXX.XXX.XXX.XXX/32"
	517	+ ## - deny:
	518	+ ## - ip: "XXX.XXX.XXX.XXX/32"
	519	+ ## - allow
	520	+
	521	+## By default the frequency of account registrations from the same IP
	522	+## is limited to 1 account every 10 minutes. To disable, specify: infinity
	523	+## registration_timeout: 600
	524	+
	525	+##
	526	+## Define specific Access Rules in a virtual host.
	527	+##
	528	+## host_config:
	529	+## "localhost":
	530	+## access:
	531	+## c2s:
	532	+## - allow: admin
	533	+## - deny
	534	+## register:
	535	+## - deny
	536	+
	537	+###. ================
	538	+###' DEFAULT LANGUAGE
	539	+
	540	+##
	541	+## language: Default language used for server messages.
	542	+##
	543	+language: "pt"
	544	+
	545	+##
	546	+## Set a different default language in a virtual host.
	547	+##
	548	+## host_config:
	549	+## "localhost":
	550	+## language: "ru"
	551	+
	552	+###. =======
	553	+###' CAPTCHA
	554	+
	555	+##
	556	+## Full path to a script that generates the image.
	557	+##
	558	+## captcha_cmd: "/usr/share/ejabberd/captcha.sh"
	559	+
	560	+##
	561	+## Host for the URL and port where ejabberd listens for CAPTCHA requests.
	562	+##
	563	+## captcha_host: "example.org:5280"
	564	+
	565	+##
	566	+## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
	567	+##
	568	+## captcha_limit: 5
	569	+
	570	+###. =======
	571	+###' MODULES
	572	+
	573	+##
	574	+## Modules enabled in all ejabberd virtual hosts.
	575	+##
	576	+modules:
	577	+ mod_adhoc: {}
	578	+ mod_admin_extra: {}
	579	+ mod_announce: # recommends mod_adhoc
	580	+ access: announce
	581	+ mod_blocking: {} # requires mod_privacy
	582	+ mod_caps: {}
	583	+ mod_carboncopy: {}
	584	+ mod_client_state: {}
	585	+ mod_configure: {} # requires mod_adhoc
	586	+ mod_disco: {}
	587	+ mod_echo: {}
	588	+ mod_irc: {}
	589	+ mod_http_bind: {}
	590	+ ## mod_http_fileserver:
	591	+ ## docroot: "/var/www"
	592	+ ## accesslog: "/var/log/ejabberd/access.log"
	593	+ mod_last: {}
	594	+ mod_muc:
	595	+ ## host: "conference.@HOST@"
	596	+ access:
	597	+ - allow
	598	+ access_create: muc_create
	599	+ access_persistent: muc_create
	600	+ access_admin: muc_admin
	601	+ default_room_options:
	602	+ anonymous: false
	603	+ ## mod_muc_log: {}
	604	+ mod_muc_admin: {}
	605	+ ## mod_multicast: {}
	606	+ mod_offline:
	607	+ access_max_user_messages: max_user_offline_messages
	608	+ mod_ping: {}
	609	+ ## mod_pres_counter:
	610	+ ## count: 5
	611	+ ## interval: 60
	612	+ mod_privacy:
	613	+ db_type: sql
	614	+ mod_private:
	615	+ db_type: sql
	616	+ mod_proxy65:
	617	+ access: local
	618	+ shaper: c2s_shaper
	619	+ mod_pubsub:
	620	+ access_createnode: pubsub_createnode
	621	+ ## reduces resource comsumption, but XEP incompliant
	622	+ ignore_pep_from_offline: true
	623	+ ## XEP compliant, but increases resource comsumption
	624	+ ## ignore_pep_from_offline: false
	625	+ last_item_cache: false
	626	+ plugins:
	627	+ - "flat"
	628	+ - "hometree"
	629	+ - "pep" # pep requires mod_caps
	630	+ ## mod_register:
	631	+ ##
	632	+ ## Protect In-Band account registrations with CAPTCHA.
	633	+ ##
	634	+ ## captcha_protected: true
	635	+ ##
	636	+ ## Set the minimum informational entropy for passwords.
	637	+ ##
	638	+ ## password_strength: 32
	639	+ ##
	640	+ ## After successful registration, the user receives
	641	+ ## a message with this subject and body.
	642	+ ##
	643	+ ## welcome_message:
	644	+ ## subject: "Welcome!"
	645	+ ## body: \|-
	646	+ ## Hi.
	647	+ ## Welcome to this XMPP server.
	648	+ ##
	649	+ ## When a user registers, send a notification to
	650	+ ## these XMPP accounts.
	651	+ ##
	652	+ ## registration_watchers:
	653	+ ## - "admin1@example.org"
	654	+ ##
	655	+ ## Only clients in the server machine can register accounts
	656	+ ##
	657	+ ## ip_access: trusted_network
	658	+ ##
	659	+ ## Local c2s or remote s2s users cannot register accounts
	660	+ ##
	661	+ ## access_from: deny
	662	+ ## access: register
	663	+ mod_roster:
	664	+ db_type: odbc
	665	+ mod_shared_roster: {}
	666	+ mod_stats: {}
	667	+ mod_time: {}
	668	+ mod_vcard:
	669	+ search: false
	670	+ mod_version: {}
	671	+
	672	+##
	673	+## Enable modules with custom options in a specific virtual host
	674	+##
	675	+## host_config:
	676	+## "localhost":
	677	+## modules:
	678	+## mod_echo:
	679	+## host: "mirror.localhost"
	680	+
	681	+##
	682	+## Enable modules management via ejabberdctl for installation and
	683	+## uninstallation of public/private contributed modules
	684	+## (enabled by default)
	685	+##
	686	+
	687	+allow_contrib_modules: true
	688	+
	689	+###.
	690	+###'
	691	+### Local Variables:
	692	+### mode: yaml
	693	+### End:
	694	+### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
...	...
1	1	[PostgreSQL Unicode]
2	2	Description = PostgreSQL ODBC driver (Unicode version)
3		-Driver = /usr/lib/odbc/psqlodbcw.so
4		-Setup = /usr/lib/odbc/libodbcpsqlS.so
	3	+Driver = psqlodbcw.so
	4	+Setup = libodbcpsqlS.so
5	5	Debug = 0
6	6	CommLog = 1
7	7	UsageCount = 3
...	...