Merge branch 'master' of prism:stockholm

author: makefu <github@syntax-fehler.de> 2017-07-23 10:23:40 +0200
committer: makefu <github@syntax-fehler.de> 2017-07-23 10:23:40 +0200
commit: 3ee48434e3282ccd2b6ad83dd6c0d6552a54b71d (patch)
tree: 6c9c0cc04db334cbff93e97fd2f4b0702fdfd1b4 /tv/3modules/ejabberd/default.nix
parent: 20d5077ba6f67ea0b73345248f048eafda6548e4 (diff)
parent: 54a594dc474255b24bbff80bb6be28e6a1a523d4 (diff)
1 files changed, 35 insertions, 7 deletions
diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix
index 4d3493d78..d7b8deb7e 100644
--- a/tv/3modules/ejabberd/default.nix
+++ b/tv/3modules/ejabberd/default.nix
@@ -1,5 +1,17 @@
 { config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
+
   cfg = config.tv.ejabberd;
+
+  gen-dhparam = pkgs.writeDash "gen-dhparam" ''
+    set -efu
+    path=$1
+    bits=2048
+    # TODO regenerate dhfile after some time?
+    if ! test -e "$path"; then
+      ${pkgs.openssl}/bin/openssl dhparam "$bits" > "$path"
+    fi
+  '';
+
 in {
   options.tv.ejabberd = {
     enable = mkEnableOption "tv.ejabberd";
@@ -11,20 +23,36 @@ in {
         source-path = toString <secrets> + "/ejabberd.pem";
       };
     };
+    dhfile = mkOption {
+      type = types.secret-file;
+      default = {
+        path = "${cfg.user.home}/dhparams.pem";
+        owner = cfg.user;
+        source-path = "/dev/null";
+      };
+    };
     hosts = mkOption {
       type = with types; listOf str;
     };
     pkgs.ejabberdctl = mkOption {
       type = types.package;
       default = pkgs.writeDashBin "ejabberdctl" ''
-        set -efu
-        export SPOOLDIR=${shell.escape cfg.user.home}
-        export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
         exec ${pkgs.ejabberd}/bin/ejabberdctl \
+            --config ${toFile "ejabberd.yaml" (import ./config.nix {
+              inherit pkgs;
+              config = cfg;
+            })} \
             --logs ${shell.escape cfg.user.home} \
+            --spool ${shell.escape cfg.user.home} \
             "$@"
       '';
     };
+    registration_watchers = mkOption {
+      type = types.listOf types.str;
+      default = [
+        config.krebs.users.tv.mail
+      ];
+    };
     s2s_certfile = mkOption {
       type = types.secret-file;
       default = cfg.certfile;
@@ -50,12 +78,12 @@ in {
       requires = [ "secret.service" ];
       after = [ "network.target" "secret.service" ];
       serviceConfig = {
-        Type = "oneshot";
-        RemainAfterExit = "yes";
-        PermissionsStartOnly = "true";
+        ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}";
+        ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground";
+        PermissionsStartOnly = true;
         SyslogIdentifier = "ejabberd";
         User = cfg.user.name;
-        ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start";
+        TimeoutStartSec = 60;
       };
     };
author	makefu <github@syntax-fehler.de>	2017-07-23 10:23:40 +0200
committer	makefu <github@syntax-fehler.de>	2017-07-23 10:23:40 +0200
commit	3ee48434e3282ccd2b6ad83dd6c0d6552a54b71d (patch)
tree	6c9c0cc04db334cbff93e97fd2f4b0702fdfd1b4 /tv/3modules/ejabberd/default.nix
parent	20d5077ba6f67ea0b73345248f048eafda6548e4 (diff)
parent	54a594dc474255b24bbff80bb6be28e6a1a523d4 (diff)