X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fejabberd%2Fdefault.nix;h=4d86a648ada0d460d4e56670d1bd8ef3aaac3904;hb=4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0;hp=3537c246fe04a63c38872ff592afc08725a0401c;hpb=981fa80354fd6f00f49446777c38f77bd8a65f65;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/ejabberd/default.nix b/modules/private/ejabberd/default.nix
index 3537c24..4d86a64 100644
--- a/modules/private/ejabberd/default.nix
+++ b/modules/private/ejabberd/default.nix
@@ -14,11 +14,12 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    security.acme2.certs = {
+    security.acme.certs = {
       "ejabberd" = config.myServices.certificates.certConfig // {
         user = "ejabberd";
         group = "ejabberd";
         domain = "eldiron.immae.eu";
+        keyType = "rsa4096";
         postRun = ''
           systemctl restart ejabberd.service
           '';
@@ -36,9 +37,8 @@ in
     systemd.services.ejabberd.postStop = ''
       rm /var/log/ejabberd/erl_crash*.dump
       '';
-    secrets.keys = [
-      {
-        dest = "ejabberd/psql.yml";
+    secrets.keys = {
+      "ejabberd/psql.yml" = {
         permissions = "0400";
         user = "ejabberd";
         group = "ejabberd";
@@ -49,16 +49,15 @@ in
           sql_username: "${config.myEnv.jabber.postgresql.user}"
           sql_password: "${config.myEnv.jabber.postgresql.password}"
           '';
-      }
-      {
-        dest = "ejabberd/host.yml";
+      };
+      "ejabberd/host.yml" = {
         permissions = "0400";
         user = "ejabberd";
         group = "ejabberd";
         text = ''
           host_config:
             "immae.fr":
-              domain_certfile: "${config.security.acme2.certs.ejabberd.directory}/full.pem"
+              domain_certfile: "${config.security.acme.certs.ejabberd.directory}/full.pem"
               auth_method: [ldap]
               ldap_servers: ["${config.myEnv.jabber.ldap.host}"]
               ldap_encrypt: tls
@@ -66,12 +65,12 @@ in
               ldap_password: "${config.myEnv.jabber.ldap.password}"
               ldap_base: "${config.myEnv.jabber.ldap.base}"
               ldap_uids:
-                - "uid": "%u"
-                - "immaeXmppUid": "%u"
+                uid: "%u"
+                immaeXmppUid: "%u"
               ldap_filter: "${config.myEnv.jabber.ldap.filter}"
           '';
-      }
-    ];
+      };
+    };
     users.users.ejabberd.extraGroups = [ "keys" ];
     services.ejabberd = {
       package = pkgs.ejabberd.override { withPgsql = true; };
@@ -81,7 +80,7 @@ in
         ERLANG_NODE=ejabberd@localhost
       '';
       configFile = pkgs.runCommand "ejabberd.yml" {
-        certificatePrivateKeyAndFullChain = "${config.security.acme2.certs.ejabberd.directory}/full.pem";
+        certificatePrivateKeyAndFullChain = "${config.security.acme.certs.ejabberd.directory}/full.pem";
         certificateCA = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
         sql_config_file = config.secrets.fullPaths."ejabberd/psql.yml";
         host_config_file = config.secrets.fullPaths."ejabberd/host.yml";