summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2022-08-31 03:39:12 +0200
committertv <tv@krebsco.de>2022-10-08 23:29:23 +0200
commitbe14863bcf1ab9207c68dd02bc4bd94708bc3467 (patch)
treeab81327018d4217534881795da8709efe25b2d9d
parent3f1a9c5375cd06dea30f3deaa36cae7125fad492 (diff)
tv ejabberd: admit multiple certfiles
-rw-r--r--tv/3modules/ejabberd/config.nix3
-rw-r--r--tv/3modules/ejabberd/default.nix24
2 files changed, 19 insertions, 8 deletions
diff --git a/tv/3modules/ejabberd/config.nix b/tv/3modules/ejabberd/config.nix
index cc4dbcfb1..e989fc8bd 100644
--- a/tv/3modules/ejabberd/config.nix
+++ b/tv/3modules/ejabberd/config.nix
@@ -48,8 +48,7 @@ in /* yaml */ ''
- "::1/128"
- "::FFFF:127.0.0.1/128"
- certfiles:
- - /tmp/credentials/certfile
+ certfiles: ${toJSON config.credentials.certfiles}
hosts: ${toJSON config.hosts}
diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix
index 15736e189..d6573ad01 100644
--- a/tv/3modules/ejabberd/default.nix
+++ b/tv/3modules/ejabberd/default.nix
@@ -15,9 +15,19 @@
in {
options.tv.ejabberd = {
enable = mkEnableOption "tv.ejabberd";
- certfile = mkOption {
- type = types.absolute-pathname;
- default = toString <secrets> + "/ejabberd.pem";
+ certfiles = mkOption {
+ type = types.listOf types.absolute-pathname;
+ default = [
+ (toString <secrets> + "/ejabberd.pem")
+ ];
+ };
+ credentials.certfiles = mkOption {
+ internal = true;
+ readOnly = true;
+ default =
+ imap
+ (i: const /* yaml */ "/tmp/credentials/certfile${toJSON i}")
+ cfg.certfiles;
};
hosts = mkOption {
type = with types; listOf str;
@@ -92,9 +102,11 @@ in {
"${cfg.pkgs.ejabberd}/bin/ejabberdctl stopped"
];
ExecReload = "${cfg.pkgs.ejabberd}/bin/ejabberdctl reload_config";
- LoadCredential = [
- "certfile:${cfg.certfile}"
- ];
+ LoadCredential =
+ zipListsWith
+ (dst: src: "${baseNameOf dst}:${src}")
+ cfg.credentials.certfiles
+ cfg.certfiles;
LimitNOFILE = 65536;
PrivateDevices = true;
PrivateTmp = true;