diff options
author | makefu <github@syntax-fehler.de> | 2016-02-22 14:35:59 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2016-02-22 14:35:59 +0100 |
commit | b25d15573ab10a4b2dd55e46291fbab6adf70162 (patch) | |
tree | 1036547a8003c5767565d53d748d83d3614271b6 /tv/3modules/ejabberd/default.nix | |
parent | 5b7039f1f11e7cf2da6f3735cc7d99322a31c7a5 (diff) | |
parent | 8393444dce1888d369955e46dd16983a43762bb9 (diff) |
Merge remote-tracking branch 'cd/master'
Diffstat (limited to 'tv/3modules/ejabberd/default.nix')
-rw-r--r-- | tv/3modules/ejabberd/default.nix | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix new file mode 100644 index 000000000..95ea24be1 --- /dev/null +++ b/tv/3modules/ejabberd/default.nix @@ -0,0 +1,67 @@ +{ config, lib, pkgs, ... }@args: with config.krebs.lib; let + cfg = config.tv.ejabberd; +in { + options.tv.ejabberd = { + enable = mkEnableOption "tv.ejabberd"; + certfile = mkOption { + type = types.secret-file; + default = { + path = "${cfg.user.home}/ejabberd.pem"; + owner = cfg.user; + source-path = toString <secrets> + "/ejabberd.pem"; + }; + }; + hosts = mkOption { + type = with types; listOf str; + }; + pkgs.ejabberdctl = mkOption { + type = types.package; + default = pkgs.writeDashBin "ejabberdctl" '' + set -efu + export SPOOLDIR=${shell.escape cfg.user.home} + export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)} + exec ${pkgs.ejabberd}/bin/ejabberdctl \ + --logs ${shell.escape cfg.user.home} \ + "$@" + ''; + }; + s2s_certfile = mkOption { + type = types.secret-file; + default = cfg.certfile; + }; + user = mkOption { + type = types.user; + default = { + name = "ejabberd"; + home = "/var/ejabberd"; + }; + }; + }; + config = lib.mkIf cfg.enable { + environment.systemPackages = [ cfg.pkgs.ejabberdctl ]; + + krebs.secret.files = { + ejabberd-certfile = cfg.certfile; + ejabberd-s2s_certfile = cfg.s2s_certfile; + }; + + systemd.services.ejabberd = { + wantedBy = [ "multi-user.target" ]; + requires = [ "secret.service" ]; + after = [ "network.target" "secret.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = "yes"; + PermissionsStartOnly = "true"; + SyslogIdentifier = "ejabberd"; + User = cfg.user.name; + ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start"; + }; + }; + + users.users.${cfg.user.name} = { + inherit (cfg.user) home name uid; + createHome = true; + }; + }; +} |