summaryrefslogtreecommitdiffstats
path: root/tv/3modules/ejabberd/default.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2016-02-22 14:35:59 +0100
committermakefu <github@syntax-fehler.de>2016-02-22 14:35:59 +0100
commitb25d15573ab10a4b2dd55e46291fbab6adf70162 (patch)
tree1036547a8003c5767565d53d748d83d3614271b6 /tv/3modules/ejabberd/default.nix
parent5b7039f1f11e7cf2da6f3735cc7d99322a31c7a5 (diff)
parent8393444dce1888d369955e46dd16983a43762bb9 (diff)
Merge remote-tracking branch 'cd/master'
Diffstat (limited to 'tv/3modules/ejabberd/default.nix')
-rw-r--r--tv/3modules/ejabberd/default.nix67
1 files changed, 67 insertions, 0 deletions
diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix
new file mode 100644
index 000000000..95ea24be1
--- /dev/null
+++ b/tv/3modules/ejabberd/default.nix
@@ -0,0 +1,67 @@
+{ config, lib, pkgs, ... }@args: with config.krebs.lib; let
+ cfg = config.tv.ejabberd;
+in {
+ options.tv.ejabberd = {
+ enable = mkEnableOption "tv.ejabberd";
+ certfile = mkOption {
+ type = types.secret-file;
+ default = {
+ path = "${cfg.user.home}/ejabberd.pem";
+ owner = cfg.user;
+ source-path = toString <secrets> + "/ejabberd.pem";
+ };
+ };
+ hosts = mkOption {
+ type = with types; listOf str;
+ };
+ pkgs.ejabberdctl = mkOption {
+ type = types.package;
+ default = pkgs.writeDashBin "ejabberdctl" ''
+ set -efu
+ export SPOOLDIR=${shell.escape cfg.user.home}
+ export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
+ exec ${pkgs.ejabberd}/bin/ejabberdctl \
+ --logs ${shell.escape cfg.user.home} \
+ "$@"
+ '';
+ };
+ s2s_certfile = mkOption {
+ type = types.secret-file;
+ default = cfg.certfile;
+ };
+ user = mkOption {
+ type = types.user;
+ default = {
+ name = "ejabberd";
+ home = "/var/ejabberd";
+ };
+ };
+ };
+ config = lib.mkIf cfg.enable {
+ environment.systemPackages = [ cfg.pkgs.ejabberdctl ];
+
+ krebs.secret.files = {
+ ejabberd-certfile = cfg.certfile;
+ ejabberd-s2s_certfile = cfg.s2s_certfile;
+ };
+
+ systemd.services.ejabberd = {
+ wantedBy = [ "multi-user.target" ];
+ requires = [ "secret.service" ];
+ after = [ "network.target" "secret.service" ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = "yes";
+ PermissionsStartOnly = "true";
+ SyslogIdentifier = "ejabberd";
+ User = cfg.user.name;
+ ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start";
+ };
+ };
+
+ users.users.${cfg.user.name} = {
+ inherit (cfg.user) home name uid;
+ createHome = true;
+ };
+ };
+}