diff options
| author | lassulus <lass@aidsballs.de> | 2016-07-07 22:19:29 +0200 |
|---|---|---|
| committer | lassulus <lass@aidsballs.de> | 2016-07-07 22:19:29 +0200 |
| commit | 6eab08eef60d634324056b58c98a1b2a4fa1ed1f (patch) | |
| tree | 4c966824fccef832ab32e3b2ce97bea9bc3bbbd3 | |
| parent | 8f3639df51ed85ac130b45525fabe6ce6f9cac26 (diff) | |
l 3 ejabberd: take config from tv
| -rw-r--r-- | lass/3modules/ejabberd/config.nix | 4 | ||||
| -rw-r--r-- | lass/3modules/ejabberd/default.nix | 18 |
2 files changed, 16 insertions, 6 deletions
diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix index 9a4882644..83ca5dc2a 100644 --- a/lass/3modules/ejabberd/config.nix +++ b/lass/3modules/ejabberd/config.nix @@ -10,7 +10,7 @@ in toFile "ejabberd.conf" '' [ {5222, ejabberd_c2s, [ starttls, - {certfile, ${toErlang cfg.certfile}}, + {certfile, ${toErlang cfg.certfile.path}}, {access, c2s}, {shaper, c2s_shaper}, {max_stanza_size, 65536} @@ -27,7 +27,7 @@ in toFile "ejabberd.conf" '' ]} ]}. {s2s_use_starttls, required}. - {s2s_certfile, ${toErlang cfg.s2s_certfile}}. + {s2s_certfile, ${toErlang cfg.s2s_certfile.path}}. {auth_method, internal}. {shaper, normal, {maxrate, 1000}}. {shaper, fast, {maxrate, 50000}}. diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix index c68f32ef0..18c7cd656 100644 --- a/lass/3modules/ejabberd/default.nix +++ b/lass/3modules/ejabberd/default.nix @@ -4,7 +4,12 @@ in { options.lass.ejabberd = { enable = mkEnableOption "lass.ejabberd"; certfile = mkOption { - type = types.str; + type = types.secret-file; + default = { + path = "${cfg.user.home}/ejabberd.pem"; + owner = cfg.user; + source-path = "/var/lib/acme/lassul.us/full.pem"; + }; }; hosts = mkOption { type = with types; listOf str; @@ -17,12 +22,11 @@ in { export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)} exec ${pkgs.ejabberd}/bin/ejabberdctl \ --logs ${shell.escape cfg.user.home} \ - --spool ${shell.escape cfg.user.home} \ "$@" ''; }; s2s_certfile = mkOption { - type = types.str; + type = types.secret-file; default = cfg.certfile; }; user = mkOption { @@ -36,9 +40,15 @@ in { config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.pkgs.ejabberdctl ]; + krebs.secret.files = { + ejabberd-certfile = cfg.certfile; + ejabberd-s2s_certfile = cfg.s2s_certfile; + }; + systemd.services.ejabberd = { wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + requires = [ "secret.service" ]; + after = [ "network.target" "secret.service" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; |