diff options
author | tv <tv@krebsco.de> | 2022-08-31 03:39:12 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2022-10-08 23:29:23 +0200 |
commit | be14863bcf1ab9207c68dd02bc4bd94708bc3467 (patch) | |
tree | ab81327018d4217534881795da8709efe25b2d9d | |
parent | 3f1a9c5375cd06dea30f3deaa36cae7125fad492 (diff) |
tv ejabberd: admit multiple certfiles
-rw-r--r-- | tv/3modules/ejabberd/config.nix | 3 | ||||
-rw-r--r-- | tv/3modules/ejabberd/default.nix | 24 |
2 files changed, 19 insertions, 8 deletions
diff --git a/tv/3modules/ejabberd/config.nix b/tv/3modules/ejabberd/config.nix index cc4dbcfb1..e989fc8bd 100644 --- a/tv/3modules/ejabberd/config.nix +++ b/tv/3modules/ejabberd/config.nix @@ -48,8 +48,7 @@ in /* yaml */ '' - "::1/128" - "::FFFF:127.0.0.1/128" - certfiles: - - /tmp/credentials/certfile + certfiles: ${toJSON config.credentials.certfiles} hosts: ${toJSON config.hosts} diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix index 15736e189..d6573ad01 100644 --- a/tv/3modules/ejabberd/default.nix +++ b/tv/3modules/ejabberd/default.nix @@ -15,9 +15,19 @@ in { options.tv.ejabberd = { enable = mkEnableOption "tv.ejabberd"; - certfile = mkOption { - type = types.absolute-pathname; - default = toString <secrets> + "/ejabberd.pem"; + certfiles = mkOption { + type = types.listOf types.absolute-pathname; + default = [ + (toString <secrets> + "/ejabberd.pem") + ]; + }; + credentials.certfiles = mkOption { + internal = true; + readOnly = true; + default = + imap + (i: const /* yaml */ "/tmp/credentials/certfile${toJSON i}") + cfg.certfiles; }; hosts = mkOption { type = with types; listOf str; @@ -92,9 +102,11 @@ in { "${cfg.pkgs.ejabberd}/bin/ejabberdctl stopped" ]; ExecReload = "${cfg.pkgs.ejabberd}/bin/ejabberdctl reload_config"; - LoadCredential = [ - "certfile:${cfg.certfile}" - ]; + LoadCredential = + zipListsWith + (dst: src: "${baseNameOf dst}:${src}") + cfg.credentials.certfiles + cfg.certfiles; LimitNOFILE = 65536; PrivateDevices = true; PrivateTmp = true; |