X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=systems%2Feldiron%2Fejabberd%2Fdefault.nix;fp=modules%2Fprivate%2Fejabberd%2Fdefault.nix;h=5268516104fd5dc0d2e2384abd3818de1a2a80e5;hp=4d86a648ada0d460d4e56670d1bd8ef3aaac3904;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0

diff --git a/modules/private/ejabberd/default.nix b/systems/eldiron/ejabberd/default.nix
similarity index 54%
rename from modules/private/ejabberd/default.nix
rename to systems/eldiron/ejabberd/default.nix
index 4d86a64..5268516 100644
--- a/modules/private/ejabberd/default.nix
+++ b/systems/eldiron/ejabberd/default.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, config, ... }:
+{ lib, pkgs, config, mypackages-lib, ... }:
 let
   cfg = config.myServices.ejabberd;
 in
@@ -14,22 +14,44 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+    myServices.dns.zones."immae.fr" = with config.myServices.dns.helpers;
+      lib.mkMerge [
+        {
+          extraConfig = ''
+            notify yes;
+          '';
+          slaves = [ "raito" ];
+          emailPolicies."".receive = true;
+        }
+        zoneHeader
+        mailMX
+        (mailCommon "immae.fr")
+        (ips servers.eldiron.ips.main)
+        {
+          ns = [ "immae" "raito" ];
+          CAA = letsencrypt;
+          subdomains.www = ips servers.eldiron.ips.production;
+          subdomains.im = ips servers.eldiron.ips.main;
+          subdomains.conference = ips servers.eldiron.ips.main;
+          subdomains.pubsub = ips servers.eldiron.ips.main;
+          subdomains.proxy = ips servers.eldiron.ips.main;
+          subdomains.upload = ips servers.eldiron.ips.main;
+          subdomains._xmppconnect.TXT = [
+            "_xmpp-client-xbosh=https://im.immae.fr/bosh"
+            "_xmpp-client-websocket=wss://im.immae.fr/ws"
+          ];
+        }
+      ];
+
     security.acme.certs = {
-      "ejabberd" = config.myServices.certificates.certConfig // {
-        user = "ejabberd";
+      "ejabberd" = {
         group = "ejabberd";
         domain = "eldiron.immae.eu";
         keyType = "rsa4096";
         postRun = ''
           systemctl restart ejabberd.service
           '';
-        extraDomains = {
-          "immae.fr" = null;
-          "conference.immae.fr" = null;
-          "proxy.immae.fr" = null;
-          "pubsub.immae.fr" = null;
-          "upload.immae.fr" = null;
-        };
+        extraDomainNames = [ "immae.fr" "conference.immae.fr" "proxy.immae.fr" "pubsub.immae.fr" "upload.immae.fr" ];
       };
     };
     networking.firewall.allowedTCPPorts = [ 5222 5269 ];
@@ -88,5 +110,32 @@ in
         substituteAll ${./ejabberd.yml} $out
         '';
     };
+    secrets.keys."postfix/scripts/ejabberd-env" = {
+      user = "postfixscripts";
+      group = "root";
+      permissions = "0400";
+      text = builtins.toJSON {
+        jid = "notify_bot@immae.fr";
+        password = "{{ .xmpp.notify_bot }}";
+      };
+    };
+    services.postfix.extraAliases = let
+      nixpkgs = builtins.fetchTarball {
+        url = "https://github.com/NixOS/nixpkgs/archive/840c782d507d60aaa49aa9e3f6d0b0e780912742.tar.gz";
+        sha256 = "14q3kvnmgz19pgwyq52gxx0cs90ddf24pnplmq33pdddbb6c51zn";
+      };
+      pkgs' = import nixpkgs { inherit (pkgs) system; overlays = []; };
+      warn_xmpp_email = scriptEnv: pkgs'.runCommand "warn_xmpp_email" {
+        inherit scriptEnv;
+        pythonEnv = pkgs'.python3.withPackages (ps: [
+          ps.unidecode ps.slixmpp
+        ]);
+      } ''
+        substituteAll ${./warn_xmpp_email.py} $out
+        chmod a+x $out
+      '';
+    in ''
+      ejabberd: "|${mypackages-lib.postfixScript pkgs "ejabberd" (warn_xmpp_email config.secrets.fullPaths."postfix/scripts/ejabberd-env")}"
+    '';
   };
 }