Squash changes containing private information

[perso/Immae/Config/Nix.git] / systems / eldiron / ejabberd / default.nix
diff --git a/modules/private/ejabberd/default.nix b/systems/eldiron/ejabberd/default.nix

similarity index 54%

rename from modules/private/ejabberd/default.nix

rename to systems/eldiron/ejabberd/default.nix

index 4d86a648ada0d460d4e56670d1bd8ef3aaac3904..5268516104fd5dc0d2e2384abd3818de1a2a80e5 100644 (file)
--- a/modules/private/ejabberd/default.nix
+++ b/systems/eldiron/ejabberd/default.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, config, ... }:
+{ lib, pkgs, config, mypackages-lib, ... }:
  let
    cfg = config.myServices.ejabberd;
  in
@@ -14,22 +14,44 @@ in
    };
  
    config = lib.mkIf cfg.enable {
+    myServices.dns.zones."immae.fr" = with config.myServices.dns.helpers;
+      lib.mkMerge [
+        {
+          extraConfig = ''
+            notify yes;
+          '';
+          slaves = [ "raito" ];
+          emailPolicies."".receive = true;
+        }
+        zoneHeader
+        mailMX
+        (mailCommon "immae.fr")
+        (ips servers.eldiron.ips.main)
+        {
+          ns = [ "immae" "raito" ];
+          CAA = letsencrypt;
+          subdomains.www = ips servers.eldiron.ips.production;
+          subdomains.im = ips servers.eldiron.ips.main;
+          subdomains.conference = ips servers.eldiron.ips.main;
+          subdomains.pubsub = ips servers.eldiron.ips.main;
+          subdomains.proxy = ips servers.eldiron.ips.main;
+          subdomains.upload = ips servers.eldiron.ips.main;
+          subdomains._xmppconnect.TXT = [
+            "_xmpp-client-xbosh=https://im.immae.fr/bosh"
+            "_xmpp-client-websocket=wss://im.immae.fr/ws"
+          ];
+        }
+      ];
+
      security.acme.certs = {
-      "ejabberd" = config.myServices.certificates.certConfig // {
-        user = "ejabberd";
+      "ejabberd" = {
          group = "ejabberd";
          domain = "eldiron.immae.eu";
          keyType = "rsa4096";
          postRun = ''
            systemctl restart ejabberd.service
            '';
-        extraDomains = {
-          "immae.fr" = null;
-          "conference.immae.fr" = null;
-          "proxy.immae.fr" = null;
-          "pubsub.immae.fr" = null;
-          "upload.immae.fr" = null;
-        };
+        extraDomainNames = [ "immae.fr" "conference.immae.fr" "proxy.immae.fr" "pubsub.immae.fr" "upload.immae.fr" ];
        };
      };
      networking.firewall.allowedTCPPorts = [ 5222 5269 ];
@@ -88,5 +110,32 @@ in
          substituteAll ${./ejabberd.yml} $out
          '';
      };
+    secrets.keys."postfix/scripts/ejabberd-env" = {
+      user = "postfixscripts";
+      group = "root";
+      permissions = "0400";
+      text = builtins.toJSON {
+        jid = "notify_bot@immae.fr";
+        password = "{{ .xmpp.notify_bot }}";
+      };
+    };
+    services.postfix.extraAliases = let
+      nixpkgs = builtins.fetchTarball {
+        url = "https://github.com/NixOS/nixpkgs/archive/840c782d507d60aaa49aa9e3f6d0b0e780912742.tar.gz";
+        sha256 = "14q3kvnmgz19pgwyq52gxx0cs90ddf24pnplmq33pdddbb6c51zn";
+      };
+      pkgs' = import nixpkgs { inherit (pkgs) system; overlays = []; };
+      warn_xmpp_email = scriptEnv: pkgs'.runCommand "warn_xmpp_email" {
+        inherit scriptEnv;
+        pythonEnv = pkgs'.python3.withPackages (ps: [
+          ps.unidecode ps.slixmpp
+        ]);
+      } ''
+        substituteAll ${./warn_xmpp_email.py} $out
+        chmod a+x $out
+      '';
+    in ''
+      ejabberd: "|${mypackages-lib.postfixScript pkgs "ejabberd" (warn_xmpp_email config.secrets.fullPaths."postfix/scripts/ejabberd-env")}"
+    '';
    };
  }