[perso/Immae/Config/Nix.git] / modules / private / ejabberd / default.nix

{ lib, pkgs, config, ... }:
let
  cfg = config.myServices.ejabberd;
in
{
  options.myServices = {
    ejabberd.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = ''
        Whether to enable ejabberd service.
      '';
    };
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs = {
      "ejabberd" = config.myServices.certificates.certConfig // {
        user = "ejabberd";
        group = "ejabberd";
        domain = "eldiron.immae.eu";
        keyType = "rsa4096";
        postRun = ''
          systemctl restart ejabberd.service
          '';
        extraDomains = {
          "immae.fr" = null;
          "conference.immae.fr" = null;
          "proxy.immae.fr" = null;
          "pubsub.immae.fr" = null;
          "upload.immae.fr" = null;
        };
      };
    };
    networking.firewall.allowedTCPPorts = [ 5222 5269 ];
    myServices.websites.tools.im.enable = true;
    systemd.services.ejabberd.postStop = ''
      rm /var/log/ejabberd/erl_crash*.dump
      '';
    secrets.keys = [
      {
        dest = "ejabberd/psql.yml";
        permissions = "0400";
        user = "ejabberd";
        group = "ejabberd";
        text = ''
          sql_type: pgsql
          sql_server: "localhost"
          sql_database: "${config.myEnv.jabber.postgresql.database}"
          sql_username: "${config.myEnv.jabber.postgresql.user}"
          sql_password: "${config.myEnv.jabber.postgresql.password}"
          '';
      }
      {
        dest = "ejabberd/host.yml";
        permissions = "0400";
        user = "ejabberd";
        group = "ejabberd";
        text = ''
          host_config:
            "immae.fr":
              domain_certfile: "${config.security.acme.certs.ejabberd.directory}/full.pem"
              auth_method: [ldap]
              ldap_servers: ["${config.myEnv.jabber.ldap.host}"]
              ldap_encrypt: tls
              ldap_rootdn: "${config.myEnv.jabber.ldap.dn}"
              ldap_password: "${config.myEnv.jabber.ldap.password}"
              ldap_base: "${config.myEnv.jabber.ldap.base}"
              ldap_uids:
                uid: "%u"
                immaeXmppUid: "%u"
              ldap_filter: "${config.myEnv.jabber.ldap.filter}"
          '';
      }
    ];
    users.users.ejabberd.extraGroups = [ "keys" ];
    services.ejabberd = {
      package = pkgs.ejabberd.override { withPgsql = true; };
      imagemagick = true;
      enable = true;
      ctlConfig = ''
        ERLANG_NODE=ejabberd@localhost
      '';
      configFile = pkgs.runCommand "ejabberd.yml" {
        certificatePrivateKeyAndFullChain = "${config.security.acme.certs.ejabberd.directory}/full.pem";
        certificateCA = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
        sql_config_file = config.secrets.fullPaths."ejabberd/psql.yml";
        host_config_file = config.secrets.fullPaths."ejabberd/host.yml";
      } ''
        substituteAll ${./ejabberd.yml} $out
        '';
    };
  };
}
Commit	Line	Data
3f453c7d IB	1	{ lib, pkgs, config, ... }:
	2	let
	3	cfg = config.myServices.ejabberd;
	4	in
	5	{
	6	options.myServices = {
	7	ejabberd.enable = lib.mkOption {
	8	type = lib.types.bool;
	9	default = false;
	10	description = ''
	11	Whether to enable ejabberd service.
	12	'';
	13	};
	14	};
	15
	16	config = lib.mkIf cfg.enable {
5400b9b6	17	security.acme.certs = {
3f453c7d IB	18	"ejabberd" = config.myServices.certificates.certConfig // {
	19	user = "ejabberd";
	20	group = "ejabberd";
	21	domain = "eldiron.immae.eu";
70f39723	22	keyType = "rsa4096";
3f453c7d IB	23	postRun = ''
	24	systemctl restart ejabberd.service
	25	'';
	26	extraDomains = {
	27	"immae.fr" = null;
	28	"conference.immae.fr" = null;
	29	"proxy.immae.fr" = null;
	30	"pubsub.immae.fr" = null;
	31	"upload.immae.fr" = null;
	32	};
	33	};
	34	};
	35	networking.firewall.allowedTCPPorts = [ 5222 5269 ];
	36	myServices.websites.tools.im.enable = true;
	37	systemd.services.ejabberd.postStop = ''
	38	rm /var/log/ejabberd/erl_crash*.dump
	39	'';
	40	secrets.keys = [
	41	{
	42	dest = "ejabberd/psql.yml";
	43	permissions = "0400";
	44	user = "ejabberd";
	45	group = "ejabberd";
	46	text = ''
	47	sql_type: pgsql
	48	sql_server: "localhost"
	49	sql_database: "${config.myEnv.jabber.postgresql.database}"
	50	sql_username: "${config.myEnv.jabber.postgresql.user}"
	51	sql_password: "${config.myEnv.jabber.postgresql.password}"
	52	'';
	53	}
	54	{
	55	dest = "ejabberd/host.yml";
	56	permissions = "0400";
	57	user = "ejabberd";
	58	group = "ejabberd";
	59	text = ''
	60	host_config:
	61	"immae.fr":
5400b9b6	62	domain_certfile: "${config.security.acme.certs.ejabberd.directory}/full.pem"
3f453c7d IB	63	auth_method: [ldap]
	64	ldap_servers: ["${config.myEnv.jabber.ldap.host}"]
	65	ldap_encrypt: tls
	66	ldap_rootdn: "${config.myEnv.jabber.ldap.dn}"
	67	ldap_password: "${config.myEnv.jabber.ldap.password}"
	68	ldap_base: "${config.myEnv.jabber.ldap.base}"
	69	ldap_uids:
5400b9b6 IB	70	uid: "%u"
5400b9b6 IB	71	immaeXmppUid: "%u"
3f453c7d IB	72	ldap_filter: "${config.myEnv.jabber.ldap.filter}"
	73	'';
	74	}
	75	];
	76	users.users.ejabberd.extraGroups = [ "keys" ];
	77	services.ejabberd = {
	78	package = pkgs.ejabberd.override { withPgsql = true; };
	79	imagemagick = true;
	80	enable = true;
	81	ctlConfig = ''
	82	ERLANG_NODE=ejabberd@localhost
	83	'';
	84	configFile = pkgs.runCommand "ejabberd.yml" {
5400b9b6	85	certificatePrivateKeyAndFullChain = "${config.security.acme.certs.ejabberd.directory}/full.pem";
3f453c7d IB	86	certificateCA = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
	87	sql_config_file = config.secrets.fullPaths."ejabberd/psql.yml";
	88	host_config_file = config.secrets.fullPaths."ejabberd/host.yml";
	89	} ''
	90	substituteAll ${./ejabberd.yml} $out
	91	'';
	92	};
	93	};
	94	}