+++ /dev/null
-{ lib, pkgs, config, ... }:
-let
- cfg = config.myServices.ejabberd;
-in
-{
- options.myServices = {
- ejabberd.enable = lib.mkOption {
- type = lib.types.bool;
- default = false;
- description = ''
- Whether to enable ejabberd service.
- '';
- };
- };
-
- config = lib.mkIf cfg.enable {
- security.acme.certs = {
- "ejabberd" = config.myServices.certificates.certConfig // {
- user = "ejabberd";
- group = "ejabberd";
- domain = "eldiron.immae.eu";
- keyType = "rsa4096";
- postRun = ''
- systemctl restart ejabberd.service
- '';
- extraDomains = {
- "immae.fr" = null;
- "conference.immae.fr" = null;
- "proxy.immae.fr" = null;
- "pubsub.immae.fr" = null;
- "upload.immae.fr" = null;
- };
- };
- };
- networking.firewall.allowedTCPPorts = [ 5222 5269 ];
- myServices.websites.tools.im.enable = true;
- systemd.services.ejabberd.postStop = ''
- rm /var/log/ejabberd/erl_crash*.dump
- '';
- secrets.keys = {
- "ejabberd/psql.yml" = {
- permissions = "0400";
- user = "ejabberd";
- group = "ejabberd";
- text = ''
- sql_type: pgsql
- sql_server: "localhost"
- sql_database: "${config.myEnv.jabber.postgresql.database}"
- sql_username: "${config.myEnv.jabber.postgresql.user}"
- sql_password: "${config.myEnv.jabber.postgresql.password}"
- '';
- };
- "ejabberd/host.yml" = {
- permissions = "0400";
- user = "ejabberd";
- group = "ejabberd";
- text = ''
- host_config:
- "immae.fr":
- domain_certfile: "${config.security.acme.certs.ejabberd.directory}/full.pem"
- auth_method: [ldap]
- ldap_servers: ["${config.myEnv.jabber.ldap.host}"]
- ldap_encrypt: tls
- ldap_rootdn: "${config.myEnv.jabber.ldap.dn}"
- ldap_password: "${config.myEnv.jabber.ldap.password}"
- ldap_base: "${config.myEnv.jabber.ldap.base}"
- ldap_uids:
- uid: "%u"
- immaeXmppUid: "%u"
- ldap_filter: "${config.myEnv.jabber.ldap.filter}"
- '';
- };
- };
- users.users.ejabberd.extraGroups = [ "keys" ];
- services.ejabberd = {
- package = pkgs.ejabberd.override { withPgsql = true; };
- imagemagick = true;
- enable = true;
- ctlConfig = ''
- ERLANG_NODE=ejabberd@localhost
- '';
- configFile = pkgs.runCommand "ejabberd.yml" {
- certificatePrivateKeyAndFullChain = "${config.security.acme.certs.ejabberd.directory}/full.pem";
- certificateCA = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
- sql_config_file = config.secrets.fullPaths."ejabberd/psql.yml";
- host_config_file = config.secrets.fullPaths."ejabberd/host.yml";
- } ''
- substituteAll ${./ejabberd.yml} $out
- '';
- };
- };
-}