Merge remote-tracking branch 'ni/master'

author: lassulus <lassulus@lassul.us> 2017-07-22 20:51:21 +0200
committer: lassulus <lassulus@lassul.us> 2017-07-22 20:51:21 +0200
commit: 96bc68be7d36d790bb9badf7a516760d8050e187 (patch)
tree: c83230ac78f0a50296be28ad4c350b7a7e850acf /tv/3modules/ejabberd/default.nix
parent: edfd8ca19101e0c5c99fb799f05bd404c6d2287b (diff)
parent: e7915c7d11752e57870aefa2eb711a26ee4f331d (diff)
1 files changed, 35 insertions, 7 deletions
diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix
index 4d3493d78..d7b8deb7e 100644
--- a/tv/3modules/ejabberd/default.nix
+++ b/tv/3modules/ejabberd/default.nix
@@ -1,5 +1,17 @@
 { config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
+
   cfg = config.tv.ejabberd;
+
+  gen-dhparam = pkgs.writeDash "gen-dhparam" ''
+    set -efu
+    path=$1
+    bits=2048
+    # TODO regenerate dhfile after some time?
+    if ! test -e "$path"; then
+      ${pkgs.openssl}/bin/openssl dhparam "$bits" > "$path"
+    fi
+  '';
+
 in {
   options.tv.ejabberd = {
     enable = mkEnableOption "tv.ejabberd";
@@ -11,20 +23,36 @@ in {
         source-path = toString <secrets> + "/ejabberd.pem";
       };
     };
+    dhfile = mkOption {
+      type = types.secret-file;
+      default = {
+        path = "${cfg.user.home}/dhparams.pem";
+        owner = cfg.user;
+        source-path = "/dev/null";
+      };
+    };
     hosts = mkOption {
       type = with types; listOf str;
     };
     pkgs.ejabberdctl = mkOption {
       type = types.package;
       default = pkgs.writeDashBin "ejabberdctl" ''
-        set -efu
-        export SPOOLDIR=${shell.escape cfg.user.home}
-        export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
         exec ${pkgs.ejabberd}/bin/ejabberdctl \
+            --config ${toFile "ejabberd.yaml" (import ./config.nix {
+              inherit pkgs;
+              config = cfg;
+            })} \
             --logs ${shell.escape cfg.user.home} \
+            --spool ${shell.escape cfg.user.home} \
             "$@"
       '';
     };
+    registration_watchers = mkOption {
+      type = types.listOf types.str;
+      default = [
+        config.krebs.users.tv.mail
+      ];
+    };
     s2s_certfile = mkOption {
       type = types.secret-file;
       default = cfg.certfile;
@@ -50,12 +78,12 @@ in {
       requires = [ "secret.service" ];
       after = [ "network.target" "secret.service" ];
       serviceConfig = {
-        Type = "oneshot";
-        RemainAfterExit = "yes";
-        PermissionsStartOnly = "true";
+        ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}";
+        ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground";
+        PermissionsStartOnly = true;
         SyslogIdentifier = "ejabberd";
         User = cfg.user.name;
-        ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start";
+        TimeoutStartSec = 60;
       };
     };
author	lassulus <lassulus@lassul.us>	2017-07-22 20:51:21 +0200
committer	lassulus <lassulus@lassul.us>	2017-07-22 20:51:21 +0200
commit	96bc68be7d36d790bb9badf7a516760d8050e187 (patch)
tree	c83230ac78f0a50296be28ad4c350b7a7e850acf /tv/3modules/ejabberd/default.nix
parent	edfd8ca19101e0c5c99fb799f05bd404c6d2287b (diff)
parent	e7915c7d11752e57870aefa2eb711a26ee4f331d (diff)