};
config = lib.mkIf cfg.enable {
- security.acme2.certs = {
+ security.acme.certs = {
"ejabberd" = config.myServices.certificates.certConfig // {
user = "ejabberd";
group = "ejabberd";
domain = "eldiron.immae.eu";
+ keyType = "rsa4096";
postRun = ''
systemctl restart ejabberd.service
'';
systemd.services.ejabberd.postStop = ''
rm /var/log/ejabberd/erl_crash*.dump
'';
- secrets.keys = [
- {
- dest = "ejabberd/psql.yml";
+ secrets.keys = {
+ "ejabberd/psql.yml" = {
permissions = "0400";
user = "ejabberd";
group = "ejabberd";
sql_username: "${config.myEnv.jabber.postgresql.user}"
sql_password: "${config.myEnv.jabber.postgresql.password}"
'';
- }
- {
- dest = "ejabberd/host.yml";
+ };
+ "ejabberd/host.yml" = {
permissions = "0400";
user = "ejabberd";
group = "ejabberd";
text = ''
host_config:
"immae.fr":
- domain_certfile: "${config.security.acme2.certs.ejabberd.directory}/full.pem"
+ domain_certfile: "${config.security.acme.certs.ejabberd.directory}/full.pem"
auth_method: [ldap]
ldap_servers: ["${config.myEnv.jabber.ldap.host}"]
ldap_encrypt: tls
ldap_password: "${config.myEnv.jabber.ldap.password}"
ldap_base: "${config.myEnv.jabber.ldap.base}"
ldap_uids:
- - "uid": "%u"
- - "immaeXmppUid": "%u"
+ uid: "%u"
+ immaeXmppUid: "%u"
ldap_filter: "${config.myEnv.jabber.ldap.filter}"
'';
- }
- ];
+ };
+ };
users.users.ejabberd.extraGroups = [ "keys" ];
services.ejabberd = {
package = pkgs.ejabberd.override { withPgsql = true; };
ERLANG_NODE=ejabberd@localhost
'';
configFile = pkgs.runCommand "ejabberd.yml" {
- certificatePrivateKeyAndFullChain = "${config.security.acme2.certs.ejabberd.directory}/full.pem";
+ certificatePrivateKeyAndFullChain = "${config.security.acme.certs.ejabberd.directory}/full.pem";
certificateCA = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
sql_config_file = config.secrets.fullPaths."ejabberd/psql.yml";
host_config_file = config.secrets.fullPaths."ejabberd/host.yml";