From e7915c7d11752e57870aefa2eb711a26ee4f331d Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 22 Jul 2017 19:18:02 +0200
Subject: tv ejabberd: 2.1.13 -> upstream

---
 tv/3modules/ejabberd/default.nix | 42 +++++++++++++++++++++++++++++++++-------
 1 file changed, 35 insertions(+), 7 deletions(-)

(limited to 'tv/3modules/ejabberd/default.nix')

diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix
index 4d3493d7..d7b8deb7 100644
--- a/tv/3modules/ejabberd/default.nix
+++ b/tv/3modules/ejabberd/default.nix
@@ -1,5 +1,17 @@
 { config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
+
   cfg = config.tv.ejabberd;
+
+  gen-dhparam = pkgs.writeDash "gen-dhparam" ''
+    set -efu
+    path=$1
+    bits=2048
+    # TODO regenerate dhfile after some time?
+    if ! test -e "$path"; then
+      ${pkgs.openssl}/bin/openssl dhparam "$bits" > "$path"
+    fi
+  '';
+
 in {
   options.tv.ejabberd = {
     enable = mkEnableOption "tv.ejabberd";
@@ -11,20 +23,36 @@ in {
         source-path = toString <secrets> + "/ejabberd.pem";
       };
     };
+    dhfile = mkOption {
+      type = types.secret-file;
+      default = {
+        path = "${cfg.user.home}/dhparams.pem";
+        owner = cfg.user;
+        source-path = "/dev/null";
+      };
+    };
     hosts = mkOption {
       type = with types; listOf str;
     };
     pkgs.ejabberdctl = mkOption {
       type = types.package;
       default = pkgs.writeDashBin "ejabberdctl" ''
-        set -efu
-        export SPOOLDIR=${shell.escape cfg.user.home}
-        export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
         exec ${pkgs.ejabberd}/bin/ejabberdctl \
+            --config ${toFile "ejabberd.yaml" (import ./config.nix {
+              inherit pkgs;
+              config = cfg;
+            })} \
             --logs ${shell.escape cfg.user.home} \
+            --spool ${shell.escape cfg.user.home} \
             "$@"
       '';
     };
+    registration_watchers = mkOption {
+      type = types.listOf types.str;
+      default = [
+        config.krebs.users.tv.mail
+      ];
+    };
     s2s_certfile = mkOption {
       type = types.secret-file;
       default = cfg.certfile;
@@ -50,12 +78,12 @@ in {
       requires = [ "secret.service" ];
       after = [ "network.target" "secret.service" ];
       serviceConfig = {
-        Type = "oneshot";
-        RemainAfterExit = "yes";
-        PermissionsStartOnly = "true";
+        ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}";
+        ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground";
+        PermissionsStartOnly = true;
         SyslogIdentifier = "ejabberd";
         User = cfg.user.name;
-        ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start";
+        TimeoutStartSec = 60;
       };
     };
 
-- 
cgit v1.2.3