diff options
Diffstat (limited to 'tv/3modules/ejabberd/default.nix')
-rw-r--r-- | tv/3modules/ejabberd/default.nix | 107 |
1 files changed, 0 insertions, 107 deletions
diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix deleted file mode 100644 index 935df9a9..00000000 --- a/tv/3modules/ejabberd/default.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let - - cfg = config.tv.ejabberd; - - gen-dhparam = pkgs.writeDash "gen-dhparam" '' - set -efu - path=$1 - bits=2048 - # TODO regenerate dhfile after some time? - if ! test -e "$path"; then - ${pkgs.openssl}/bin/openssl dhparam "$bits" > "$path" - fi - ''; - -in { - options.tv.ejabberd = { - enable = mkEnableOption "tv.ejabberd"; - certfile = mkOption { - type = types.absolute-pathname; - default = toString <secrets> + "/ejabberd.pem"; - }; - hosts = mkOption { - type = with types; listOf str; - }; - pkgs.ejabberd = mkOption { - type = types.package; - default = pkgs.symlinkJoin { - name = "ejabberd-wrapper"; - paths = [ - (pkgs.writeDashBin "ejabberdctl" '' - exec ${pkgs.ejabberd}/bin/ejabberdctl \ - --config ${toFile "ejabberd.yaml" (import ./config.nix { - inherit pkgs; - config = cfg; - })} \ - --logs ${shell.escape cfg.user.home} \ - --spool ${shell.escape cfg.user.home} \ - "$@" - '') - pkgs.ejabberd - ]; - }; - }; - registration_watchers = mkOption { - type = types.listOf types.str; - default = [ - config.krebs.users.tv.mail - ]; - }; - user = mkOption { - type = types.user; - default = { - name = "ejabberd"; - home = "/var/lib/ejabberd"; - }; - }; - }; - config = lib.mkIf cfg.enable { - environment.systemPackages = [ - (pkgs.symlinkJoin { - name = "ejabberd-sudo-wrapper"; - paths = [ - (pkgs.writeDashBin "ejabberdctl" '' - set -efu - cd ${shell.escape cfg.user.home} - exec /run/wrappers/bin/sudo \ - -u ${shell.escape cfg.user.name} \ - ${cfg.pkgs.ejabberd}/bin/ejabberdctl "$@" - '') - cfg.pkgs.ejabberd - ]; - }) - ]; - - krebs.systemd.services.ejabberd = {}; - - systemd.services.ejabberd = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - ExecStart = pkgs.writeDash "ejabberd" '' - ${pkgs.coreutils}/bin/ln -s "$CREDENTIALS_DIRECTORY" /tmp/credentials - ${gen-dhparam} /var/lib/ejabberd/dhfile - exec ${cfg.pkgs.ejabberd}/bin/ejabberdctl foreground - ''; - LoadCredential = [ - "certfile:${cfg.certfile}" - ]; - PermissionsStartOnly = true; - PrivateTmp = true; - SyslogIdentifier = "ejabberd"; - StateDirectory = "ejabberd"; - User = cfg.user.name; - TimeoutStartSec = 60; - }; - }; - - users.users.${cfg.user.name} = { - inherit (cfg.user) home name uid; - createHome = true; - group = cfg.user.name; - isSystemUser = true; - }; - - users.groups.${cfg.user.name} = {}; - }; -} |