]>
Commit | Line | Data |
---|---|---|
3f453c7d IB |
1 | { lib, pkgs, config, ... }: |
2 | let | |
3 | cfg = config.myServices.ejabberd; | |
4 | in | |
5 | { | |
6 | options.myServices = { | |
7 | ejabberd.enable = lib.mkOption { | |
8 | type = lib.types.bool; | |
9 | default = false; | |
10 | description = '' | |
11 | Whether to enable ejabberd service. | |
12 | ''; | |
13 | }; | |
14 | }; | |
15 | ||
16 | config = lib.mkIf cfg.enable { | |
5400b9b6 | 17 | security.acme.certs = { |
3f453c7d IB |
18 | "ejabberd" = config.myServices.certificates.certConfig // { |
19 | user = "ejabberd"; | |
20 | group = "ejabberd"; | |
21 | domain = "eldiron.immae.eu"; | |
70f39723 | 22 | keyType = "rsa4096"; |
3f453c7d IB |
23 | postRun = '' |
24 | systemctl restart ejabberd.service | |
25 | ''; | |
26 | extraDomains = { | |
27 | "immae.fr" = null; | |
28 | "conference.immae.fr" = null; | |
29 | "proxy.immae.fr" = null; | |
30 | "pubsub.immae.fr" = null; | |
31 | "upload.immae.fr" = null; | |
32 | }; | |
33 | }; | |
34 | }; | |
35 | networking.firewall.allowedTCPPorts = [ 5222 5269 ]; | |
36 | myServices.websites.tools.im.enable = true; | |
37 | systemd.services.ejabberd.postStop = '' | |
38 | rm /var/log/ejabberd/erl_crash*.dump | |
39 | ''; | |
4c4652aa IB |
40 | secrets.keys = { |
41 | "ejabberd/psql.yml" = { | |
3f453c7d IB |
42 | permissions = "0400"; |
43 | user = "ejabberd"; | |
44 | group = "ejabberd"; | |
45 | text = '' | |
46 | sql_type: pgsql | |
47 | sql_server: "localhost" | |
48 | sql_database: "${config.myEnv.jabber.postgresql.database}" | |
49 | sql_username: "${config.myEnv.jabber.postgresql.user}" | |
50 | sql_password: "${config.myEnv.jabber.postgresql.password}" | |
51 | ''; | |
4c4652aa IB |
52 | }; |
53 | "ejabberd/host.yml" = { | |
3f453c7d IB |
54 | permissions = "0400"; |
55 | user = "ejabberd"; | |
56 | group = "ejabberd"; | |
57 | text = '' | |
58 | host_config: | |
59 | "immae.fr": | |
5400b9b6 | 60 | domain_certfile: "${config.security.acme.certs.ejabberd.directory}/full.pem" |
3f453c7d IB |
61 | auth_method: [ldap] |
62 | ldap_servers: ["${config.myEnv.jabber.ldap.host}"] | |
63 | ldap_encrypt: tls | |
64 | ldap_rootdn: "${config.myEnv.jabber.ldap.dn}" | |
65 | ldap_password: "${config.myEnv.jabber.ldap.password}" | |
66 | ldap_base: "${config.myEnv.jabber.ldap.base}" | |
67 | ldap_uids: | |
5400b9b6 IB |
68 | uid: "%u" |
69 | immaeXmppUid: "%u" | |
3f453c7d IB |
70 | ldap_filter: "${config.myEnv.jabber.ldap.filter}" |
71 | ''; | |
4c4652aa IB |
72 | }; |
73 | }; | |
3f453c7d IB |
74 | users.users.ejabberd.extraGroups = [ "keys" ]; |
75 | services.ejabberd = { | |
76 | package = pkgs.ejabberd.override { withPgsql = true; }; | |
77 | imagemagick = true; | |
78 | enable = true; | |
79 | ctlConfig = '' | |
80 | ERLANG_NODE=ejabberd@localhost | |
81 | ''; | |
82 | configFile = pkgs.runCommand "ejabberd.yml" { | |
5400b9b6 | 83 | certificatePrivateKeyAndFullChain = "${config.security.acme.certs.ejabberd.directory}/full.pem"; |
3f453c7d IB |
84 | certificateCA = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; |
85 | sql_config_file = config.secrets.fullPaths."ejabberd/psql.yml"; | |
86 | host_config_file = config.secrets.fullPaths."ejabberd/host.yml"; | |
87 | } '' | |
88 | substituteAll ${./ejabberd.yml} $out | |
89 | ''; | |
90 | }; | |
91 | }; | |
92 | } |