blob: d051d790fd43c3a092ab9da56c3177d0fbce8972 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
{ lib, pkgs, config, ... }:
let
cfg = config.myServices.ejabberd;
in
{
options.myServices = {
ejabberd.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to enable ejabberd service.
'';
};
};
config = lib.mkIf cfg.enable {
security.acme.certs = {
"ejabberd" = config.myServices.certificates.certConfig // {
user = "ejabberd";
group = "ejabberd";
domain = "eldiron.immae.eu";
keyType = "rsa4096";
postRun = ''
systemctl restart ejabberd.service
'';
extraDomains = {
"immae.fr" = null;
"conference.immae.fr" = null;
"proxy.immae.fr" = null;
"pubsub.immae.fr" = null;
"upload.immae.fr" = null;
};
};
};
networking.firewall.allowedTCPPorts = [ 5222 5269 ];
myServices.websites.tools.im.enable = true;
systemd.services.ejabberd.postStop = ''
rm /var/log/ejabberd/erl_crash*.dump
'';
secrets.keys = [
{
dest = "ejabberd/psql.yml";
permissions = "0400";
user = "ejabberd";
group = "ejabberd";
text = ''
sql_type: pgsql
sql_server: "localhost"
sql_database: "${config.myEnv.jabber.postgresql.database}"
sql_username: "${config.myEnv.jabber.postgresql.user}"
sql_password: "${config.myEnv.jabber.postgresql.password}"
'';
}
{
dest = "ejabberd/host.yml";
permissions = "0400";
user = "ejabberd";
group = "ejabberd";
text = ''
host_config:
"immae.fr":
domain_certfile: "${config.security.acme.certs.ejabberd.directory}/full.pem"
auth_method: [ldap]
ldap_servers: ["${config.myEnv.jabber.ldap.host}"]
ldap_encrypt: tls
ldap_rootdn: "${config.myEnv.jabber.ldap.dn}"
ldap_password: "${config.myEnv.jabber.ldap.password}"
ldap_base: "${config.myEnv.jabber.ldap.base}"
ldap_uids:
uid: "%u"
immaeXmppUid: "%u"
ldap_filter: "${config.myEnv.jabber.ldap.filter}"
'';
}
];
users.users.ejabberd.extraGroups = [ "keys" ];
services.ejabberd = {
package = pkgs.ejabberd.override { withPgsql = true; };
imagemagick = true;
enable = true;
ctlConfig = ''
ERLANG_NODE=ejabberd@localhost
'';
configFile = pkgs.runCommand "ejabberd.yml" {
certificatePrivateKeyAndFullChain = "${config.security.acme.certs.ejabberd.directory}/full.pem";
certificateCA = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
sql_config_file = config.secrets.fullPaths."ejabberd/psql.yml";
host_config_file = config.secrets.fullPaths."ejabberd/host.yml";
} ''
substituteAll ${./ejabberd.yml} $out
'';
};
};
}
|