-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathxmpp.nix
57 lines (55 loc) · 1.79 KB
/
xmpp.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
{ config, lib, pkgs, ... }:
let
acmeKeyDir = "${config.security.acme.directory}/${cfg.vhost}";
communityModules = [ "mam" "carbons" "smacks" ];
cfg = config.services.yorick.xmpp;
in
{
options.services.yorick.xmpp = with lib; {
enable = mkEnableOption "xmpp";
vhost = mkOption { type = types.string; };
admins = mkOption { type = types.listOf types.string; };
};
config = lib.mkIf cfg.enable {
# XMPP
services.prosody = let
in {
enable = true;
allowRegistration = false;
extraModules = [ "private" "vcard" "privacy" "compression" "muc" "pep" "adhoc" "lastactivity" "admin_adhoc" "blocklist"] ++ communityModules;
virtualHosts.default = {
enabled = true;
domain = cfg.vhost;
ssl = {
key = "/var/lib/prosody/keys/key.pem";
cert = "/var/lib/prosody/keys/fullchain.pem";
};
};
# TODO: Component "chat.yori.cc" "muc" # also proxy65 and pubsub?
extraConfig = ''
use_libevent = true
s2s_require_encryption = true
c2s_require_encryption = true
archive_expires_after = "never"
storage = {
archive2 = "sql";
}
'';
inherit (cfg) admins;
package = pkgs.prosody.override {
withZlib = true; withDBI = true;
withCommunityModules = communityModules;
};
};
systemd.services.prosody.serviceConfig.PermissionsStartOnly = true;
systemd.services.prosody.preStart = ''
mkdir -m 0700 -p /var/lib/prosody/keys
cp ${acmeKeyDir}/key.pem ${acmeKeyDir}/fullchain.pem /var/lib/prosody/keys
chown -R prosody:prosody /var/lib/prosody
'';
networking.firewall.allowedTCPPorts = [5222 5269];
security.acme.certs.${cfg.vhost}.postRun = ''
systemctl restart prosody.service
'';
};
}