my Nix configuration
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

xmpp.nix 1.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
  1. { config, lib, pkgs, ... }:
  2. let
  3. acmeKeyDir = "${config.security.acme.directory}/${cfg.vhost}";
  4. communityModules = [ "mam" "carbons" "smacks" ];
  5. cfg = config.services.yorick.xmpp;
  6. in
  7. {
  8. options.services.yorick.xmpp = with lib; {
  9. enable = mkEnableOption "xmpp";
  10. vhost = mkOption { type = types.string; };
  11. admins = mkOption { type = types.listOf types.string; };
  12. };
  13. config = lib.mkIf cfg.enable {
  14. # XMPP
  15. services.prosody = let
  16. in {
  17. enable = true;
  18. allowRegistration = false;
  19. extraModules = [ "private" "vcard" "privacy" "compression" "muc" "pep" "adhoc" "lastactivity" "admin_adhoc" "blocklist"] ++ communityModules;
  20. virtualHosts.default = {
  21. enabled = true;
  22. domain = cfg.vhost;
  23. ssl = {
  24. key = "/var/lib/prosody/keys/key.pem";
  25. cert = "/var/lib/prosody/keys/fullchain.pem";
  26. };
  27. };
  28. # TODO: Component "chat.yori.cc" "muc" # also proxy65 and pubsub?
  29. extraConfig = ''
  30. use_libevent = true
  31. s2s_require_encryption = true
  32. c2s_require_encryption = true
  33. archive_expires_after = "never"
  34. storage = {
  35. archive2 = "sql";
  36. }
  37. '';
  38. inherit (cfg) admins;
  39. package = pkgs.prosody.override {
  40. withZlib = true; withDBI = true;
  41. withCommunityModules = communityModules;
  42. };
  43. };
  44. systemd.services.prosody.serviceConfig.PermissionsStartOnly = true;
  45. systemd.services.prosody.preStart = ''
  46. mkdir -m 0700 -p /var/lib/prosody/keys
  47. cp ${acmeKeyDir}/key.pem ${acmeKeyDir}/fullchain.pem /var/lib/prosody/keys
  48. chown -R prosody:prosody /var/lib/prosody
  49. '';
  50. networking.firewall.allowedTCPPorts = [5222 5269];
  51. security.acme.certs.${cfg.vhost}.postRun = ''
  52. systemctl restart prosody.service
  53. '';
  54. };
  55. }