diff options
Diffstat (limited to 'modules/private/ejabberd/default.nix')
-rw-r--r-- | modules/private/ejabberd/default.nix | 92 |
1 files changed, 0 insertions, 92 deletions
diff --git a/modules/private/ejabberd/default.nix b/modules/private/ejabberd/default.nix deleted file mode 100644 index 4d86a64..0000000 --- a/modules/private/ejabberd/default.nix +++ /dev/null | |||
@@ -1,92 +0,0 @@ | |||
1 | { lib, pkgs, config, ... }: | ||
2 | let | ||
3 | cfg = config.myServices.ejabberd; | ||
4 | in | ||
5 | { | ||
6 | options.myServices = { | ||
7 | ejabberd.enable = lib.mkOption { | ||
8 | type = lib.types.bool; | ||
9 | default = false; | ||
10 | description = '' | ||
11 | Whether to enable ejabberd service. | ||
12 | ''; | ||
13 | }; | ||
14 | }; | ||
15 | |||
16 | config = lib.mkIf cfg.enable { | ||
17 | security.acme.certs = { | ||
18 | "ejabberd" = config.myServices.certificates.certConfig // { | ||
19 | user = "ejabberd"; | ||
20 | group = "ejabberd"; | ||
21 | domain = "eldiron.immae.eu"; | ||
22 | keyType = "rsa4096"; | ||
23 | postRun = '' | ||
24 | systemctl restart ejabberd.service | ||
25 | ''; | ||
26 | extraDomains = { | ||
27 | "immae.fr" = null; | ||
28 | "conference.immae.fr" = null; | ||
29 | "proxy.immae.fr" = null; | ||
30 | "pubsub.immae.fr" = null; | ||
31 | "upload.immae.fr" = null; | ||
32 | }; | ||
33 | }; | ||
34 | }; | ||
35 | networking.firewall.allowedTCPPorts = [ 5222 5269 ]; | ||
36 | myServices.websites.tools.im.enable = true; | ||
37 | systemd.services.ejabberd.postStop = '' | ||
38 | rm /var/log/ejabberd/erl_crash*.dump | ||
39 | ''; | ||
40 | secrets.keys = { | ||
41 | "ejabberd/psql.yml" = { | ||
42 | permissions = "0400"; | ||
43 | user = "ejabberd"; | ||
44 | group = "ejabberd"; | ||
45 | text = '' | ||
46 | sql_type: pgsql | ||
47 | sql_server: "localhost" | ||
48 | sql_database: "${config.myEnv.jabber.postgresql.database}" | ||
49 | sql_username: "${config.myEnv.jabber.postgresql.user}" | ||
50 | sql_password: "${config.myEnv.jabber.postgresql.password}" | ||
51 | ''; | ||
52 | }; | ||
53 | "ejabberd/host.yml" = { | ||
54 | permissions = "0400"; | ||
55 | user = "ejabberd"; | ||
56 | group = "ejabberd"; | ||
57 | text = '' | ||
58 | host_config: | ||
59 | "immae.fr": | ||
60 | domain_certfile: "${config.security.acme.certs.ejabberd.directory}/full.pem" | ||
61 | auth_method: [ldap] | ||
62 | ldap_servers: ["${config.myEnv.jabber.ldap.host}"] | ||
63 | ldap_encrypt: tls | ||
64 | ldap_rootdn: "${config.myEnv.jabber.ldap.dn}" | ||
65 | ldap_password: "${config.myEnv.jabber.ldap.password}" | ||
66 | ldap_base: "${config.myEnv.jabber.ldap.base}" | ||
67 | ldap_uids: | ||
68 | uid: "%u" | ||
69 | immaeXmppUid: "%u" | ||
70 | ldap_filter: "${config.myEnv.jabber.ldap.filter}" | ||
71 | ''; | ||
72 | }; | ||
73 | }; | ||
74 | users.users.ejabberd.extraGroups = [ "keys" ]; | ||
75 | services.ejabberd = { | ||
76 | package = pkgs.ejabberd.override { withPgsql = true; }; | ||
77 | imagemagick = true; | ||
78 | enable = true; | ||
79 | ctlConfig = '' | ||
80 | ERLANG_NODE=ejabberd@localhost | ||
81 | ''; | ||
82 | configFile = pkgs.runCommand "ejabberd.yml" { | ||
83 | certificatePrivateKeyAndFullChain = "${config.security.acme.certs.ejabberd.directory}/full.pem"; | ||
84 | certificateCA = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; | ||
85 | sql_config_file = config.secrets.fullPaths."ejabberd/psql.yml"; | ||
86 | host_config_file = config.secrets.fullPaths."ejabberd/host.yml"; | ||
87 | } '' | ||
88 | substituteAll ${./ejabberd.yml} $out | ||
89 | ''; | ||
90 | }; | ||
91 | }; | ||
92 | } | ||