[perso/Immae/Config/Nix.git] / modules / private / ejabberd / default.nix

{ lib, pkgs, config, ... }:
let
  cfg = config.myServices.ejabberd;
in
{
  options.myServices = {
    ejabberd.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = ''
        Whether to enable ejabberd service.
      '';
    };
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs = {
      "ejabberd" = config.myServices.certificates.certConfig // {
        group = "ejabberd";
        domain = "eldiron.immae.eu";
        keyType = "rsa4096";
        postRun = ''
          systemctl restart ejabberd.service
          '';
        extraDomainNames = [ "immae.fr" "conference.immae.fr" "proxy.immae.fr" "pubsub.immae.fr" "upload.immae.fr" ];
      };
    };
    networking.firewall.allowedTCPPorts = [ 5222 5269 ];
    myServices.websites.tools.im.enable = true;
    systemd.services.ejabberd.postStop = ''
      rm /var/log/ejabberd/erl_crash*.dump
      '';
    secrets.keys = {
      "ejabberd/psql.yml" = {
        permissions = "0400";
        user = "ejabberd";
        group = "ejabberd";
        text = ''
          sql_type: pgsql
          sql_server: "localhost"
          sql_database: "${config.myEnv.jabber.postgresql.database}"
          sql_username: "${config.myEnv.jabber.postgresql.user}"
          sql_password: "${config.myEnv.jabber.postgresql.password}"
          '';
      };
      "ejabberd/host.yml" = {
        permissions = "0400";
        user = "ejabberd";
        group = "ejabberd";
        text = ''
          host_config:
            "immae.fr":
              domain_certfile: "${config.security.acme.certs.ejabberd.directory}/full.pem"
              auth_method: [ldap]
              ldap_servers: ["${config.myEnv.jabber.ldap.host}"]
              ldap_encrypt: tls
              ldap_rootdn: "${config.myEnv.jabber.ldap.dn}"
              ldap_password: "${config.myEnv.jabber.ldap.password}"
              ldap_base: "${config.myEnv.jabber.ldap.base}"
              ldap_uids:
                uid: "%u"
                immaeXmppUid: "%u"
              ldap_filter: "${config.myEnv.jabber.ldap.filter}"
          '';
      };
    };
    users.users.ejabberd.extraGroups = [ "keys" ];
    services.ejabberd = {
      package = pkgs.ejabberd.override { withPgsql = true; };
      imagemagick = true;
      enable = true;
      ctlConfig = ''
        ERLANG_NODE=ejabberd@localhost
      '';
      configFile = pkgs.runCommand "ejabberd.yml" {
        certificatePrivateKeyAndFullChain = "${config.security.acme.certs.ejabberd.directory}/full.pem";
        certificateCA = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
        sql_config_file = config.secrets.fullPaths."ejabberd/psql.yml";
        host_config_file = config.secrets.fullPaths."ejabberd/host.yml";
      } ''
        substituteAll ${./ejabberd.yml} $out
        '';
    };
  };
}
Commit	Line	Data
3f453c7d IB	1	{ lib, pkgs, config, ... }:
	2	let
	3	cfg = config.myServices.ejabberd;
	4	in
	5	{
	6	options.myServices = {
	7	ejabberd.enable = lib.mkOption {
	8	type = lib.types.bool;
	9	default = false;
	10	description = ''
	11	Whether to enable ejabberd service.
	12	'';
	13	};
	14	};
	15
	16	config = lib.mkIf cfg.enable {
5400b9b6	17	security.acme.certs = {
3f453c7d	18	"ejabberd" = config.myServices.certificates.certConfig // {
3f453c7d IB	19	group = "ejabberd";
3f453c7d IB	20	domain = "eldiron.immae.eu";
70f39723	21	keyType = "rsa4096";
3f453c7d IB	22	postRun = ''
	23	systemctl restart ejabberd.service
	24	'';
e34b3079	25	extraDomainNames = [ "immae.fr" "conference.immae.fr" "proxy.immae.fr" "pubsub.immae.fr" "upload.immae.fr" ];
3f453c7d IB	26	};
	27	};
	28	networking.firewall.allowedTCPPorts = [ 5222 5269 ];
	29	myServices.websites.tools.im.enable = true;
	30	systemd.services.ejabberd.postStop = ''
	31	rm /var/log/ejabberd/erl_crash*.dump
	32	'';
4c4652aa IB	33	secrets.keys = {
4c4652aa IB	34	"ejabberd/psql.yml" = {
3f453c7d IB	35	permissions = "0400";
	36	user = "ejabberd";
	37	group = "ejabberd";
	38	text = ''
	39	sql_type: pgsql
	40	sql_server: "localhost"
	41	sql_database: "${config.myEnv.jabber.postgresql.database}"
	42	sql_username: "${config.myEnv.jabber.postgresql.user}"
	43	sql_password: "${config.myEnv.jabber.postgresql.password}"
	44	'';
4c4652aa IB	45	};
4c4652aa IB	46	"ejabberd/host.yml" = {
3f453c7d IB	47	permissions = "0400";
	48	user = "ejabberd";
	49	group = "ejabberd";
	50	text = ''
	51	host_config:
	52	"immae.fr":
5400b9b6	53	domain_certfile: "${config.security.acme.certs.ejabberd.directory}/full.pem"
3f453c7d IB	54	auth_method: [ldap]
	55	ldap_servers: ["${config.myEnv.jabber.ldap.host}"]
	56	ldap_encrypt: tls
	57	ldap_rootdn: "${config.myEnv.jabber.ldap.dn}"
	58	ldap_password: "${config.myEnv.jabber.ldap.password}"
	59	ldap_base: "${config.myEnv.jabber.ldap.base}"
	60	ldap_uids:
5400b9b6 IB	61	uid: "%u"
5400b9b6 IB	62	immaeXmppUid: "%u"
3f453c7d IB	63	ldap_filter: "${config.myEnv.jabber.ldap.filter}"
3f453c7d IB	64	'';
4c4652aa IB	65	};
4c4652aa IB	66	};
3f453c7d IB	67	users.users.ejabberd.extraGroups = [ "keys" ];
	68	services.ejabberd = {
	69	package = pkgs.ejabberd.override { withPgsql = true; };
	70	imagemagick = true;
	71	enable = true;
	72	ctlConfig = ''
	73	ERLANG_NODE=ejabberd@localhost
	74	'';
	75	configFile = pkgs.runCommand "ejabberd.yml" {
5400b9b6	76	certificatePrivateKeyAndFullChain = "${config.security.acme.certs.ejabberd.directory}/full.pem";
3f453c7d IB	77	certificateCA = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
	78	sql_config_file = config.secrets.fullPaths."ejabberd/psql.yml";
	79	host_config_file = config.secrets.fullPaths."ejabberd/host.yml";
	80	} ''
	81	substituteAll ${./ejabberd.yml} $out
	82	'';
	83	};
	84	};
	85	}