summaryrefslogtreecommitdiffstats
path: root/lass/3modules/ejabberd/default.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2017-10-07 11:08:13 +0200
committermakefu <github@syntax-fehler.de>2017-10-07 11:08:13 +0200
commit8290c6507e500c1899f4a7d1184ef5b24c8132cb (patch)
tree91d64e1cc20647acce06f7f28da46b58e5dd2571 /lass/3modules/ejabberd/default.nix
parent52f9105027a7c2d70145d7d2db69452e148b2158 (diff)
parenta8db051451d2827d7c7ad38f005284013e63c039 (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/3modules/ejabberd/default.nix')
-rw-r--r--lass/3modules/ejabberd/default.nix41
1 files changed, 34 insertions, 7 deletions
diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix
index e2fba5ff5..4838a9093 100644
--- a/lass/3modules/ejabberd/default.nix
+++ b/lass/3modules/ejabberd/default.nix
@@ -1,5 +1,16 @@
{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
cfg = config.lass.ejabberd;
+
+ gen-dhparam = pkgs.writeDash "gen-dhparam" ''
+ set -efu
+ path=$1
+ bits=2048
+ # TODO regenerate dhfile after some time?
+ if ! test -e "$path"; then
+ ${pkgs.openssl}/bin/openssl dhparam "$bits" > "$path"
+ fi
+ '';
+
in {
options.lass.ejabberd = {
enable = mkEnableOption "lass.ejabberd";
@@ -11,20 +22,36 @@ in {
source-path = "/var/lib/acme/lassul.us/full.pem";
};
};
+ dhfile = mkOption {
+ type = types.secret-file;
+ default = {
+ path = "${cfg.user.home}/dhparams.pem";
+ owner = cfg.user;
+ source-path = "/dev/null";
+ };
+ };
hosts = mkOption {
type = with types; listOf str;
};
pkgs.ejabberdctl = mkOption {
type = types.package;
default = pkgs.writeDashBin "ejabberdctl" ''
- set -efu
- export SPOOLDIR=${shell.escape cfg.user.home}
- export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
exec ${pkgs.ejabberd}/bin/ejabberdctl \
+ --config ${toFile "ejabberd.yaml" (import ./config.nix {
+ inherit pkgs;
+ config = cfg;
+ })} \
--logs ${shell.escape cfg.user.home} \
+ --spool ${shell.escape cfg.user.home} \
"$@"
'';
};
+ registration_watchers = mkOption {
+ type = types.listOf types.str;
+ default = [
+ config.krebs.users.tv.mail
+ ];
+ };
s2s_certfile = mkOption {
type = types.secret-file;
default = cfg.certfile;
@@ -50,12 +77,12 @@ in {
requires = [ "secret.service" ];
after = [ "network.target" "secret.service" ];
serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = "yes";
- PermissionsStartOnly = "true";
+ ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}";
+ ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground";
+ PermissionsStartOnly = true;
SyslogIdentifier = "ejabberd";
User = cfg.user.name;
- ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start";
+ TimeoutStartSec = 60;
};
};