haproxy,jabber,bitlbee

11 files changed, 422 insertions, 55 deletions

diff --git a/.gotty b/.gotty
index e69fe13..a5e9c92 100644
--- a/.gotty
+++ b/.gotty
@@ -186,7 +186,7 @@ preferences {
   //     True if we should use bold weight font for text with the bold/bright attribute.
   //     False to use the normal weight font.
   //     Null to autodetect.
-  enable_bold = false
+  enable_bold = true
 
   // [bool] True if we should use bright colors (8-15 on a 16 color palette) for any text with the bold attribute.
   //        False otherwise.
@@ -211,7 +211,7 @@ preferences {
   // font_size = 15
 
   // [string] CSS font-smoothing property.
-  // font_smoothing = "antialiased"
+  font_smoothing = "antialiased"
 
   // [string] The foreground color for text with no other color attributes.
   // foreground_color = "rgb(240, 240, 240)"
@@ -288,7 +288,7 @@ preferences {
   // scroll_on_output = false
 
   // [bool] The vertical scrollbar mode.
-  scrollbar_visible = true
+  // scrollbar_visible = true
 
   // [int] The multiplier for the pixel delta in mousewheel event caused by the scroll wheel. Alters how fast the page scrolls.
   // scroll_wheel_move_multiplier = 1
diff --git a/.tmux.conf b/.tmux.conf
index f9485a2..7a824e4 100644
--- a/.tmux.conf
+++ b/.tmux.conf
@@ -1,14 +1,15 @@
 set -g @plugin 'tmux-plugins/tpm'
 set -g @plugin 'tmux-plugins/tmux-resurrect'
-set -g @plugin 'tmux-plugins/tmux-continuum'
+set -g @plugin 'tmux-plugins/tmux-online-status'
 set -g @plugin 'soyuka/tmux-current-pane-hostname'
 set -g @plugin 'laktak/extrakto'
 set -g @plugin 'tmux-plugins/tmux-copycat'
 set -g @plugin 'schasse/tmux-jump'
 set -g @continuum-restore 'on'
 set -g @plugin 'tmux-plugins/tmux-prefix-highlight'
-set -g @plugin 'tmux-plugins/tmux-online-status'
+set -g @plugin 'tmux-plugins/tmux-continuum'
 # set -g @plugin 'tmux-plugins/tmux-sidebar'
+# set -g @resurrect-processes `ranger ssh w3mlastsession k9s top cointop newsboat irssi neomutt`
 
 set-window-option -g automatic-rename on
 set-option -g set-titles on
@@ -28,7 +29,7 @@ set -g display-time 1000
 
 #prefix highlight settings
 set -g @prefix_highlight_show_copy_mode 'on'
-set -g @prefix_highlight_copy_mode_attr 'fg=black,bg=yellow,bold'
+set -g @prefix_highlight_copy_mode_attr 'fg=colour16,bg=yellow,bold'
 set -g @prefix_highlight_prefix_prompt 'Wait'
 set -g @prefix_highlight_copy_prompt 'Copy'
 set -g @prefix_highlight_output_suffix ''
@@ -68,8 +69,7 @@ bind -T off F6 \
   set -u key-table \;\
   refresh-client -S
 
-wg_is_keys_off="#[fg=colour15,bg=colour63,bold]#([ $(tmux show-option -qv key-table) = 'off' ] && echo 'OFF')#[fg=colour24] #{?#{pane_ssh_connected},#[fg=colour63 bg=colour31],#[fg=colour63 bg=colour24]}#[default]"
-
+wg_is_keys_off="#[fg=colour15,bg=colour63,bold]#([ $(tmux show-option -qv key-table) = 'off' ] && echo 'OFF')#[fg=colour24] #{?#{pane_ssh_connected},#[fg=colour63 bg=colour70],#[fg=colour63 bg=colour70]}#[default]"
 # from christoomey's vim-tmux-nivagator
 is_vim="ps -o state= -o comm= -t '#{pane_tty}' | grep -iqE '^[^TXZ ]+ +(\\S+\\/)?g?(view|n?vim?x?)(diff)?$'"
 #key bindings
@@ -136,9 +136,10 @@ set-option -g status-justify "centre"
 set-option -g status-left-length 120
 set-option -g status-right-length 170
 
+continuumStatus="#[fg=colour16 bg=colour70]#{continuum_status}#{?#{pane_ssh_connected},#[fg=colour70 bg=colour31],#[fg=colour70 bg=colour24]}"
 # set-option -g status-left "#{prefix_highlight}$wg_is_keys_off#[fg=colour15 bg=colour22]#U@#H#[fg=colour22 bg=colour148]#(/home/devi/tmux-powerline/powerline.sh left)"
 # set-option -g status-right "#(/home/devi/tmux-powerline/powerline.sh right)#{online_status}"
-set-option -g status-left "#{prefix_highlight}$wg_is_keys_off#{?#{pane_ssh_connected},#[fg=colour15 bg=colour31],#[fg=colour15 bg=colour24]}#U@#H#{?#{pane_ssh_connected},:#{pane_ssh_port}#[fg=colour31 bg=colour26],#[fg=colour24 bg=colour26]}#(/home/devi/scripts/tmux/vcs_info.sh)"
+set-option -g status-left "#{prefix_highlight}$wg_is_keys_off$continuumStatus#{?#{pane_ssh_connected},#[fg=colour15 bold],#[fg=colour15 nobold]}#U@#H#{?#{pane_ssh_connected},:#{pane_ssh_port}#[fg=colour31 bg=colour26],#[fg=colour24 bg=colour26]}#[nobold]#(/home/devi/scripts/tmux/vcs_info.sh)"
 # set-option -g status-left "#{prefix_highlight}$wg_is_keys_off#{?#{pane_ssh_connected},#[fg=colour15 bg=colour31],#[fg=colour15 bg=colour24]}#[fg=colour15 bg=colour31]#U@#H:#{pane_ssh_port}#[fg=colour31 bg=colour61]#(/home/devi/scripts/tmux/vcs_info.sh)"
 set-option -g status-right "#(/home/devi/scripts/tmux/date.sh)#{online_status}"
 
diff --git a/.vimrc b/.vimrc
index 6aa5ec4..aa0f17e 100644
--- a/.vimrc
+++ b/.vimrc
@@ -81,7 +81,7 @@ let g:is_posix = 1
 set rtp+=/usr/bin/fzf
 " set rtp+=/home/bloodstalker/extra/llvm-clang-4/build/bin/clangd
 " set rtp+=/usr/local/bin/pyls
-let g:polyglot_disabled = ['go.plugin', 'markdown.plugin', 'terraform.plugin']
+let g:polyglot_disabled = ['go.plugin', 'markdown.plugin', 'terraform.plugin', 'haproxy.plugin']
 
 " call plug#begin('~/.vim/plugged')
 call plug#begin('~/.vim/bundle')
@@ -193,6 +193,7 @@ if has('nvim')
 endif
 Plug 'dansomething/vim-hackernews'
 Plug 'andrewstuart/vim-kubernetes'
+Plug 'Joorem/vim-haproxy'
 " Plug 'psliwka/vim-smoothie'
 " Plug 'lifepillar/pgsql.vim', {'for': ['sql','pqsl', 'pgsql']}
 " Plug 'tmux-plugins/vim-tmux'
@@ -477,10 +478,10 @@ nnoremap <leader>nn :bn<CR>
 nnoremap <leader>pp :bp<CR>
 cnoremap <C-a> <Home>
 cnoremap <C-e> <End>
-nnoremap k gk
-nnoremap gk k
-nnoremap j gj
-nnoremap gj j
+" nnoremap k gk
+" nnoremap gk k
+" nnoremap j gj
+" nnoremap gj j
 
 nmap [q :col<CR>
 nmap ]q :cnew<CR>
diff --git a/.zshrc b/.zshrc
index 06ebe57..cd7bb80 100644
--- a/.zshrc
+++ b/.zshrc
@@ -155,6 +155,8 @@ alias k9sskin="vim ~/scripts/.k9s/skin.yml"
 alias k9sconfig="vim ~/scripts/.k9s/config.yml"
 alias fixk9sskin="cp ~/scripts/.k9s/skin.yml ~/.k9s/skin.yml"
 alias fixk9sconfig="cp ~/scripts/.k9s/config.yml ~/.k9s/config.yml"
+alias gottyrc="vim ~/scripts/.gotty"
+alias fixgottyrc="cp ~/scripts/.gotty ~/.gotty"
 
 #autosuggest
 ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE="fg=#5f5fff,bg=#000000,bold"
diff --git a/devi.zsh-theme b/devi.zsh-theme
index 4c4aa33..9926600 100644
--- a/devi.zsh-theme
+++ b/devi.zsh-theme
@@ -247,16 +247,46 @@ pwd_shortened() {
   echo $shortened_path
 }
 
-PS1=$'%{$new2%}$(sudo_query)%{$reset_color%}%{$swampgreen%}%n%{$reset_color%} on %{$purblue%}%M%{$reset_color%} in %{$yagreen%}$(pwd_shortened)%{$reset_color%} at %{$muckgreen%}$(time_function)%{$reset_color%}$vcs_info_msg_0_%{$limblue%}%{$gnew%}$(gitadditions)%{$gnew2%}$(gitdeletions)%{$reset_color%}%{$deeppink%}$(virtualenv_info)%{$reset_color%}%{$teal%}$(node_version)%{$reset_color%}%{$gover%}$(goversion)%{$reset_color%}%{$rust%}$(rustversion)%{$reset_color%}%{$sneakyc%}$(sneaky)%{$reset_color%}%{$new%}$(rebuildquery)%{$reset_color%} %{$someblue%}<$ZSH_KUBECTL_PROMPT>%{$reset_color%}%{$batred%}$(dir_writeable)%{$reset_color%}'
-PS2=$'\n%{$limblue%}--➜%{$reset_color%}'
-PROMPT="$PS1$PS2"
+rebuildquery() {
+  make -q > /dev/null 2>&1
+  if [[ $? == 1 ]]; then
+    echo " ::rebuild::"
+  else
+    ;
+  fi
+}
 
+
+PS1=$'%{$new2%}$(sudo_query)%{$reset_color%}%{$swampgreen%}%n%{$reset_color%} on %{$purblue%}%M%{$reset_color%} in %{$yagreen%}$(pwd_shortened)%{$reset_color%} at %{$muckgreen%}$(time_function)%{$reset_color%}$vcs_info_msg_0_%{$limblue%}%{$gnew%}$(gitadditions)%{$gnew2%}$(gitdeletions)%{$reset_color%}%{$deeppink%}$(virtualenv_info)%{$reset_color%}%{$teal%}$(node_version)%{$reset_color%}%{$gover%}$(goversion)%{$reset_color%}%{$rust%}$(rustversion)%{$reset_color%}%{$sneakyc%}$(sneaky)%{$reset_color%}%{$new%}$(rebuildquery)%{$reset_color%} %{$someblue%}<$ZSH_KUBECTL_PROMPT>%{$reset_color%}%{$batred%}$(dir_writeable)%{$reset_color%}'
+PS2=$''
+PS3=$'\n%{$limblue%}--➜%{$reset_color%}'
 get_prompt_len() {
   local zero='%([BSUbfksu]|([FK]|){*})'
-  FOOLENGTH=${#${(S%%)PS1//$~zero/}}
-  # FOOLENGTH=$(($#1 * 3 - ${#${(ml[$#1 * 2])1}}))
+  local FOOLENGTH=${#${(S%%)PS1//$~zero/}}
+  echo $FOOLENGTH
+}
+get_prompt_len_2() {
+  local zero='%([BSUbfksu]|([FK]|){*})'
+  local FOOLENGTH=${#${(S%%)PS2//$~zero/}}
   echo $FOOLENGTH
 }
+
+get_enough_spaces(){
+  ps1_len=$(get_prompt_len)
+  ps2_len=$(get_prompt_len_2)
+  term_len=$(tput cols)
+  diff_len=$(($term_len - $ps1_len - $ps2_len))
+  echo $diff_len
+  for ((i=0;i<$diff_len;i++));do
+    echo -n " "
+    if [[ $i > $(tpul cols) ]];then break;fi
+  done
+}
+# PROMPT="$PS1$(get_enough_spaces)$PS2$PS3"
+PROMPT="$PS1$PS2$PS3"
+
+# PROMPT="$PS1$PS3"
+
 # function battery_charge {
 #   upower -e > /dev/null 2>&1
 
@@ -290,15 +320,6 @@ get_prompt_len() {
 #   echo  $(if [ $(upower -i /org/freedesktop/UPower/devices/battery_BAT0 | grep state | gawk 'BEGIN{FS ~ ":"}{print $2}') = "charging" ]; then echo ++;else :;fi)$batcharge
 # }
 
-rebuildquery() {
-  make -q > /dev/null 2>&1
-  if [[ $? == 1 ]]; then
-    echo " ::rebuild::"
-  else
-    ;
-  fi
-}
-
 inranger() {
   local ranger_prompt=$(if [ -n "$RANGER_LEVEL" ];then echo " <ranger>";else echo "";fi)
   echo $ranger_prompt
diff --git a/docker/bitlbee-purple/conf/bitlbee.conf b/docker/bitlbee-purple/conf/bitlbee.conf
new file mode 100644
index 0000000..4a1540b
--- /dev/null
+++ b/docker/bitlbee-purple/conf/bitlbee.conf
@@ -0,0 +1,132 @@
+## BitlBee default configuration file
+##
+## Comments are marked like this. The rest of the file is INI-style. The
+## comments should tell you enough about what all settings mean.
+##
+
+[settings]
+
+## RunMode:
+##
+##  Inetd -- Run from inetd (default)
+##  Daemon -- Run as a stand-alone daemon, serving all users from one process.
+##    This saves memory if there are more users, the downside is that when one
+##    user hits a crash-bug, all other users will also lose their connection.
+##  ForkDaemon -- Run as a stand-alone daemon, but keep all clients in separate
+##    child processes. This should be pretty safe and reliable to use instead
+##    of inetd mode.
+##
+##RunMode = Daemon
+
+## User:
+##
+## If BitlBee is started by root as a daemon, it can drop root privileges,
+## and change to the specified user.
+##
+##User = bitlbee
+
+## DaemonPort/DaemonInterface:
+##
+## For daemon mode, you can specify on what interface and port the daemon
+## should be listening for connections.
+##
+##DaemonInterface = 127.0.0.1
+DaemonPort = 6667
+
+## ClientInterface:
+##
+## If for any reason, you want BitlBee to use a specific address/interface
+## for outgoing traffic (IM connections, HTTP(S), etc.), set it here.
+##
+# ClientInterface = 0.0.0.0
+
+## AuthMode
+##
+##  Open -- Accept connections from anyone, use NickServ for user authentication.
+##    (default)
+##  Closed -- Require authorization (using the PASS command during login) before
+##    allowing the user to connect at all.
+##  Registered -- Only allow registered users to use this server; this disables
+##    the register- and the account command until the user identifies himself.
+##
+# AuthMode = Open
+## AuthPassword
+##
+## Password the user should enter when logging into a closed BitlBee server.
+## You can also have an MD5-encrypted password here. Format: "md5:", followed
+## by a hash as generated for the <user password=""> attribute in a BitlBee
+## XML file (for now there's no easier way to generate the hash).
+##
+# AuthPassword = ItllBeBitlBee   ## Heh.. Our slogan. ;-)
+## or
+# AuthPassword = md5:gzkK0Ox/1xh+1XTsQjXxBJ571Vgl
+
+## OperPassword
+##
+## Password that unlocks access to special operator commands.
+##
+# OperPassword = ChangeMe!
+## or
+# OperPassword = md5:I0mnZbn1t4R731zzRdDN2/pK7lRX
+
+## HostName
+##
+## Normally, BitlBee gets a hostname using getsockname(). If you have a nicer
+## alias for your BitlBee daemon, you can set it here and BitlBee will identify
+## itself with that name instead.
+##
+# HostName = localhost
+
+## MotdFile
+##
+## Specify an alternative MOTD (Message Of The Day) file. Default value depends
+## on the --etcdir argument to configure.
+##
+# MotdFile = /etc/bitlbee/motd.txt
+
+## ConfigDir
+##
+## Specify an alternative directory to store all the per-user configuration
+## files. (.nicks/.accounts)
+##
+ConfigDir = /var/lib/bitlbee
+
+## Ping settings
+##
+## BitlBee can send PING requests to the client to check whether it's still
+## alive. This is not very useful on local servers, but it does make sense
+## when most clients connect to the server over a real network interface.
+## (Public servers) Pinging the client will make sure lost clients are
+## detected and cleaned up sooner.
+##
+## PING requests are sent every PingInterval seconds. If no PONG reply has
+
+## been received for PingTimeOut seconds, BitlBee aborts the connection.
+##
+## To disable the pinging, set at least one of these to 0.
+##
+# PingInterval = 180
+# PingTimeOut = 300
+
+## Using proxy servers for outgoing connections
+##
+## If you're running BitlBee on a host which is behind a restrictive firewall
+## and a proxy server, you can tell BitlBee to use that proxy server here.
+## The setting has to be a URL, formatted like one of these examples:
+##
+## (Obviously, the username and password are optional)
+##
+## Proxy = http://john:doe@proxy.localnet.com:8080
+## Proxy = socks4://socksproxy.localnet.com
+## Proxy = socks5://socksproxy.localnet.com
+
+
+[defaults]
+
+## Here you can override the defaults for some per-user settings. Users are
+## still able to override your defaults, so this is not a way to restrict
+## your users...
+
+## To enable private mode by default, for example:
+
+## private = 1
diff --git a/docker/bitlbee-purple/docker-compose.yaml b/docker/bitlbee-purple/docker-compose.yaml
new file mode 100644
index 0000000..2006d88
--- /dev/null
+++ b/docker/bitlbee-purple/docker-compose.yaml
@@ -0,0 +1,14 @@
+version: "3.7"
+services:
+  bitlbee:
+    # image: ezkrg/bitlbee-libpurple
+    image: luzifer/bitlbee
+    networks:
+      - bitlbeenet
+    ports:
+      - "127.0.0.1:6667:6667"
+    restart: unless-stopped
+    volumes:
+      - ./conf:/var/lib/bitlbee
+networks:
+  bitlbeenet:
diff --git a/postit b/postit
index 764b653..ec94931 100644
--- a/postit
+++ b/postit
@@ -20,3 +20,6 @@ sudo ./irc-slack --port 6667 --host 0.0.0.0 --debug
 ssh -N -D 9999 -o ExitOnForwardFailure=yes -l pi 192.168.1.108
 fall of hyperion--7:32:30
 proot -r d11rootfs -0
+gotty tmux new-session -t 0
+docker run -p 6667:6667 ezkrg/bitlbee-libpurple
+openssl s_client -connect chat.terminaldweller.com:5222 -starttls xmpp
diff --git a/terminaldweller.com/ejabberd/docker-compose.yaml b/terminaldweller.com/ejabberd/docker-compose.yaml
index cafe707..9b93896 100644
--- a/terminaldweller.com/ejabberd/docker-compose.yaml
+++ b/terminaldweller.com/ejabberd/docker-compose.yaml
@@ -5,14 +5,19 @@ services:
     networks:
       - ejabberdnet
     ports:
+      - "80:80"
       - "5222:5222"
       - "127.0.0.1:5269:5269"
       - "5280:5280"
-      - "127.0.0.1:5443:5443"
+      - "5443:5443"
       - "127.0.0.1:1883:1883"
-      - "5080:5080"
+      - "127.0.0.1:5080:5080"
     restart: unless-stopped
     volumes:
       - ./ejabberd.yml:/home/ejabberd/conf/ejabberd.yml
+      - ./acme:/var/lib/ejabberd/acme
+      - ./dh:/usr/local/etc/ejabberd
 networks:
   ejabberdnet:
+# openssl dhparam -out dhparams.pem 4096
+# sudo certbot certonly --standalone --email devi@terminaldweller.com --non-interactive --agree-tos -d chat.terminaldweller.com --preferred-challenges http
diff --git a/terminaldweller.com/ejabberd/ejabberd.yml b/terminaldweller.com/ejabberd/ejabberd.yml
index 6257515..87eb940 100644
--- a/terminaldweller.com/ejabberd/ejabberd.yml
+++ b/terminaldweller.com/ejabberd/ejabberd.yml
@@ -3,9 +3,26 @@ hosts:
 
 loglevel: 4
 log_rotate_size: 10485760
-log_rotate_date: ''
 log_rotate_count: 1
-log_rate_limit: 100
+
+define_macro:
+ 'TLS_CIPHERS': "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
+ 'TLS_OPTIONS':
+    - "no_sslv2, no_sslv3, no_tlsv1"
+    - "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
+    - "no_compression"
+ 'DH_FILE': "/usr/local/etc/ejabberd/dhparams.pem" # generated with: openssl dhparam -out dhparams.pem 4096
+
+c2s_dhfile: 'DH_FILE'
+s2s_dhfile: 'DH_FILE'
+c2s_ciphers: 'TLS_CIPHERS'
+s2s_ciphers: 'TLS_CIPHERS'
+c2s_protocol_options: 'TLS_OPTIONS'
+s2s_protocol_options: 'TLS_OPTIONS'
+certfiles:
+  - '/var/lib/ejabberd/acme/ejabberd.pem'
+
+auth_password_format: scram
 
 listen:
   - port: 5222
@@ -14,7 +31,13 @@ listen:
     max_stanza_size: 262144
     shaper: c2s_shaper
     access: c2s
+    starttls: true
     starttls_required: true
+    protocol_options: 'TLS_OPTIONS'
+    ciphers: 'TLS_CIPHERS'
+    dhfile: 'DH_FILE'
+    zlib: false
+    tls_compression: false
   - port: 5269
     ip: '::'
     module: ejabberd_s2s_in
@@ -22,6 +45,10 @@ listen:
   - port: 5443
     ip: '::'
     module: ejabberd_http
+    tls: true
+    protocol_options: 'TLS_OPTIONS'
+    ciphers: 'TLS_CIPHERS'
+    dhfile: 'DH_FILE'
     request_handlers:
       '/admin': ejabberd_web_admin
       '/api': mod_http_api
@@ -45,7 +72,7 @@ listen:
     use_turn: true
     turn_min_port: 49152
     turn_max_port: 65535
-    turn_ip: 0.0.0.0
+    turn_ipv4_address: 0.0.0.0
   - port: 5349
     transport: tcp
     module: ejabberd_stun
@@ -54,8 +81,8 @@ listen:
     turn_min_port: 49152
     turn_max_port: 65535
     ip: 0.0.0.0
-    turn_ip: 0.0.0.0
-  - port: 5280
+    turn_ipv4_address: 0.0.0.0
+  - port: 80
     module: ejabberd_http
     tls: false
     request_handlers:
@@ -73,7 +100,7 @@ acl:
       - ::FFFF:127.0.0.1/128
   admin:
     user:
-      - 'admin@localhost'
+      - 'admin@chat.terminaldweller.com'
 
 access_rules:
   local:
@@ -152,8 +179,9 @@ shaper_rules:
 max_fsm_queue: 10000
 
 acme:
+  auto: false
   contact: 'mailto:devi@terminaldweller.com'
-  ca_url: 'https://acme-v01.api.letsencrypt.org'
+  ca_url: 'https://acme-staging-v02.api.letsencrypt.org'
 
 oauth_expire: 31536000
 oauth_access: all
diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg
index f1c288e..f406de4 100644
--- a/terminaldweller.com/haproxy/haproxy.cfg
+++ b/terminaldweller.com/haproxy/haproxy.cfg
@@ -14,64 +14,224 @@ resolvers docker_resolver
   nameserver dns 127.0.0.11:53
 
 #Frontends
-frontend front
+frontend http
   bind *:80
-  bind *:443
-  mode tcp
-  timeout client 60s
+  mode http
   #ACLs
   acl letsencrypt-acl path_beg /.well-known/acme-challenge/
   acl blog-host hdr_sub(host) -i blog.terminaldweller.com
   acl mail-host hdr_sub(host) -i mail.terminaldweller.com
-  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
   acl api-host hdr_sub(host) -i api.terminaldweller.com
   acl chat-host hdr_sub(host) -i chat.terminaldweller.com
-  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
-  #Consitions
-  use_backend certbot-backend if letsencrypt-acl
+  #Conditions
+  #use_backend chat-cert-backend if letsencrypt-acl chat-host
+  use_backend blog-backend-cert if letsencrypt-acl blog-host
+  use_backend api-backend-cert if letsencrypt-acl api-host
+  use_backend certbot-backend if letsencrypt-acl !chat-host !blog-host !api-host
   use_backend blog-backend if blog-host
   use_backend mail-backend if mail-host
-  use_backend mail-backend-s if mail-host-s
   use_backend api-backend if api-host
-  use_backend chat-backend-s if chat-host-s
+  #use_backend chat-backend if chat-host
   default_backend blog-backend
 
+frontend https
+  bind *:443
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  #ACLs
+  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
+  #acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
+  acl blog-host-s req.ssl_sni -i blog.terminaldweller.com
+  acl api-host-s req.ssl_sni -i api.terminaldweller.com
+  #Conditions
+  use_backend mail-backend-s if mail-host-s
+  #use_backend chat-backend-s if chat-host-s
+  use_backend blog-backend-s if blog-host-s
+  use_backend api-backend-s if api-host-s
+
+frontend jabber5222
+  bind *:5222
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
+  use_backend chat-backend-c2s if chat-host-s
+frontend jabber5280
+  bind *:5280
+  mode http
+  acl chat-host hdr_sub(host) -i chat.terminaldweller.com
+  use_backend chat-backend-admin if chat-host
+frontend jabber5443
+  bind *:5443
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  acl chat-host-s req.ssl_sni -i chat.terminaldweller.com
+  use_backend chat-backend-s if chat-host-s
+
+frontend mail-imap
+  bind *:143
+  mode http
+  acl mail-host hdr_sub(host) -i mail.terminaldweller.com
+  use_backend mail-backend-imap if mail-host
+frontend mail-imaps
+  bind *:993
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
+  use_backend mail-backend-imaps if mail-host-s
+frontend mail-pop3
+  bind *:110
+  mode http
+  acl mail-host hdr_sub(host) -i mail.terminalweller.com
+  use_backend mail-backend-pop3 if mail-host
+frontend mail-pop3s
+  bind *:995
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
+  use_backend mail-backend-pop3s if mail-host-s
+frontend mail-smtp
+  bind *:25
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  acl mail-host req.ssl_sni -i mail.terminaldweller.com
+  use_backend mail-backend-smtp if mail-host
+frontend mail-smtps
+  bind *:465
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
+  use_backend mail-backend-smtps if mail-host-s
+frontend mail-submission
+  bind *:587
+  timeout client 60s
+  mode tcp
+  tcp-request inspect-delay 5s
+  tcp-request content accept if { req.ssl_hello_type 1 }
+  tcp-request content reject
+  acl mail-host-s req.ssl_sni -i mail.terminaldweller.com
+  use_backend mail-backend-submission if mail-host-s
+
+
 #Backends
 backend certbot-backend
+  mode http
   server nginx nginx:80 resolvers docker_resolver check init-addr none
 
 backend blog-backend
   mode http
   option forwardfor
   server blog-host 192.99.102.52:9000 check
+backend blog-backend-cert
+  mode http
+  option forwardfor
+  server blog-host 192.99.102.52:80
+backend blog-backend-s
+  timeout server 60s
+  timeout client 60s
+  mode tcp
+  option ssl-hello-chk
+  server blog-host 192.99.102.52:9000 check
 
 backend mail-backend
   mode http
   option forwardfor
-  server mail-host 185.126.202.69:80 check
-
+  server mail-host 185.126.202.69:80
 backend mail-backend-s
   timeout server 60s
   timeout client 60s
   mode tcp
+  option ssl-hello-chk
+  server mail-host 185.126.202.69:443 check
+backend mail-backend-imap
+  mode http
+  option forwardfor
+  server mail-host 185.126.202.69:143 check
+backend mail-backend-imaps
+  timeout server 60s
+  timeout client 60s
+  mode tcp
+  option ssl-hello-chk
+  server mail-host 185.126.202.69:993 check
+backend mail-backend-pop3
+  mode http
   option forwardfor
+  server mail-host 185.126.202.69:110 check
+backend mail-backend-pop3s
+  timeout server 60s
+  timeout client 60s
+  mode tcp
+  option ssl-hello-chk
+  server mail-host 185.126.202.69:995 check
+backend mail-backend-smtp
+  timeout server 60s
+  timeout client 60s
+  mode tcp
+  option ssl-hello-chk
+  server mail-host 185.126.202.69:25 check
+backend mail-backend-smtps
+  timeout server 60s
+  timeout client 60s
+  mode tcp
   option ssl-hello-chk
-  server mail-host-s 185.126.202.69:443 check
+  server mail-host 185.126.202.69:465 check
+backend mail-backend-submission
+  timeout server 60s
+  timeout client 60s
+  mode tcp
+  option ssl-hello-chk
+  server mail-host 185.126.202.69:587
 
 backend api-backend
   mode http
   option forwardfor
   server api-host 192.99.102.52:8008 check
-
-backend chat-backend
+backend api-backend-s
+  timeout server 60s
+  timeout client 60s
+  mode tcp
+  option ssl-hello-chk
+  server api-host 192.99.102.52:8008
+backend api-backend-cert
   mode http
   option forwardfor
-  server chat-host 87.236.209.206:5280 check
+  server api-host 192.99.102.52:80
 
+backend chat-backend-admin
+  mode http
+  server chat-host 130.185.121.80:5280 check
 backend chat-backend-s
   timeout server 60s
   timeout client 60s
   mode tcp
-  option forwardfor
   option ssl-hello-chk
-  server chat-host-s 87.236.209.206:5280 check
+  server chat-host 130.185.121.80:5443
+backend chat-backend-c2s
+  timeout server 60s
+  timeout client 60s
+  mode tcp
+  option ssl-hello-chk
+  server chat-host 130.185.121.80:5222
+backend chat-cert-backend
+  mode http
+  server chat-cert-server 130.185.121.80:80