summaryrefslogtreecommitdiffstats
path: root/tv/3modules/ejabberd/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'tv/3modules/ejabberd/default.nix')
-rw-r--r--tv/3modules/ejabberd/default.nix46
1 files changed, 33 insertions, 13 deletions
diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix
index d7b8deb7e..e99b94ff9 100644
--- a/tv/3modules/ejabberd/default.nix
+++ b/tv/3modules/ejabberd/default.nix
@@ -34,18 +34,24 @@ in {
hosts = mkOption {
type = with types; listOf str;
};
- pkgs.ejabberdctl = mkOption {
+ pkgs.ejabberd = mkOption {
type = types.package;
- default = pkgs.writeDashBin "ejabberdctl" ''
- exec ${pkgs.ejabberd}/bin/ejabberdctl \
- --config ${toFile "ejabberd.yaml" (import ./config.nix {
- inherit pkgs;
- config = cfg;
- })} \
- --logs ${shell.escape cfg.user.home} \
- --spool ${shell.escape cfg.user.home} \
- "$@"
- '';
+ default = pkgs.symlinkJoin {
+ name = "ejabberd-wrapper";
+ paths = [
+ (pkgs.writeDashBin "ejabberdctl" ''
+ exec ${pkgs.ejabberd}/bin/ejabberdctl \
+ --config ${toFile "ejabberd.yaml" (import ./config.nix {
+ inherit pkgs;
+ config = cfg;
+ })} \
+ --logs ${shell.escape cfg.user.home} \
+ --spool ${shell.escape cfg.user.home} \
+ "$@"
+ '')
+ pkgs.ejabberd
+ ];
+ };
};
registration_watchers = mkOption {
type = types.listOf types.str;
@@ -66,7 +72,21 @@ in {
};
};
config = lib.mkIf cfg.enable {
- environment.systemPackages = [ cfg.pkgs.ejabberdctl ];
+ environment.systemPackages = [
+ (pkgs.symlinkJoin {
+ name = "ejabberd-sudo-wrapper";
+ paths = [
+ (pkgs.writeDashBin "ejabberdctl" ''
+ set -efu
+ cd ${shell.escape cfg.user.home}
+ exec /run/wrappers/bin/sudo \
+ -u ${shell.escape cfg.user.name} \
+ ${cfg.pkgs.ejabberd}/bin/ejabberdctl "$@"
+ '')
+ cfg.pkgs.ejabberd
+ ];
+ })
+ ];
krebs.secret.files = {
ejabberd-certfile = cfg.certfile;
@@ -79,7 +99,7 @@ in {
after = [ "network.target" "secret.service" ];
serviceConfig = {
ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}";
- ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground";
+ ExecStart = "${cfg.pkgs.ejabberd}/bin/ejabberdctl foreground";
PermissionsStartOnly = true;
SyslogIdentifier = "ejabberd";
User = cfg.user.name;