2 files changed, 150 insertions, 0 deletions

diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix
new file mode 100644
index 000000000..9a4882644
--- /dev/null
+++ b/lass/3modules/ejabberd/config.nix
@@ -0,0 +1,93 @@
+{ config, ... }: with config.krebs.lib; let
+  cfg = config.lass.ejabberd;
+
+  # XXX this is a placeholder that happens to work the default strings.
+  toErlang = builtins.toJSON;
+in toFile "ejabberd.conf" ''
+  {loglevel, 3}.
+  {hosts, ${toErlang cfg.hosts}}.
+  {listen,
+   [
+    {5222, ejabberd_c2s, [
+        starttls,
+        {certfile, ${toErlang cfg.certfile}},
+        {access, c2s},
+        {shaper, c2s_shaper},
+        {max_stanza_size, 65536}
+             ]},
+    {5269, ejabberd_s2s_in, [
+           {shaper, s2s_shaper},
+           {max_stanza_size, 131072}
+          ]},
+    {5280, ejabberd_http, [
+         captcha,
+         http_bind,
+         http_poll,
+         web_admin
+        ]}
+   ]}.
+  {s2s_use_starttls, required}.
+  {s2s_certfile, ${toErlang cfg.s2s_certfile}}.
+  {auth_method, internal}.
+  {shaper, normal, {maxrate, 1000}}.
+  {shaper, fast, {maxrate, 50000}}.
+  {max_fsm_queue, 1000}.
+  {acl, local, {user_regexp, ""}}.
+  {access, max_user_sessions, [{10, all}]}.
+  {access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
+  {access, local, [{allow, local}]}.
+  {access, c2s, [{deny, blocked},
+           {allow, all}]}.
+  {access, c2s_shaper, [{none, admin},
+            {normal, all}]}.
+  {access, s2s_shaper, [{fast, all}]}.
+  {access, announce, [{allow, admin}]}.
+  {access, configure, [{allow, admin}]}.
+  {access, muc_admin, [{allow, admin}]}.
+  {access, muc_create, [{allow, local}]}.
+  {access, muc, [{allow, all}]}.
+  {access, pubsub_createnode, [{allow, local}]}.
+  {access, register, [{allow, local}]}.
+  {language, "en"}.
+  {modules,
+   [
+    {mod_adhoc,    []},
+    {mod_announce, [{access, announce}]},
+    {mod_blocking,[]},
+    {mod_caps,     []},
+    {mod_configure,[]},
+    {mod_disco,    []},
+    {mod_irc,      []},
+    {mod_http_bind, []},
+    {mod_last,     []},
+    {mod_muc,      [
+        {access, muc},
+        {access_create, muc_create},
+        {access_persistent, muc_create},
+        {access_admin, muc_admin}
+       ]},
+    {mod_offline,  [{access_max_user_messages, max_user_offline_messages}]},
+    {mod_ping,     []},
+    {mod_privacy,  []},
+    {mod_private,  []},
+    {mod_pubsub,   [
+        {access_createnode, pubsub_createnode},
+        {ignore_pep_from_offline, true},
+        {last_item_cache, false},
+        {plugins, ["flat", "hometree", "pep"]}
+       ]},
+    {mod_register, [
+        {welcome_message, {"Welcome!",
+               "Hi.\nWelcome to this XMPP server."}},
+        {ip_access, [{allow, "127.0.0.0/8"},
+               {allow, "0.0.0.0/0"}]},
+        {access, register}
+       ]},
+    {mod_roster,   []},
+    {mod_shared_roster,[]},
+    {mod_stats,    []},
+    {mod_time,     []},
+    {mod_vcard,    []},
+    {mod_version,  []}
+   ]}.
+''
diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix
new file mode 100644
index 000000000..c68f32ef0
--- /dev/null
+++ b/lass/3modules/ejabberd/default.nix
@@ -0,0 +1,57 @@
+{ config, lib, pkgs, ... }@args: with config.krebs.lib; let
+  cfg = config.lass.ejabberd;
+in {
+  options.lass.ejabberd = {
+    enable = mkEnableOption "lass.ejabberd";
+    certfile = mkOption {
+      type = types.str;
+    };
+    hosts = mkOption {
+      type = with types; listOf str;
+    };
+    pkgs.ejabberdctl = mkOption {
+      type = types.package;
+      default = pkgs.writeDashBin "ejabberdctl" ''
+        set -efu
+        export SPOOLDIR=${shell.escape cfg.user.home}
+        export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
+        exec ${pkgs.ejabberd}/bin/ejabberdctl \
+            --logs ${shell.escape cfg.user.home} \
+            --spool ${shell.escape cfg.user.home} \
+            "$@"
+      '';
+    };
+    s2s_certfile = mkOption {
+      type = types.str;
+      default = cfg.certfile;
+    };
+    user = mkOption {
+      type = types.user;
+      default = {
+        name = "ejabberd";
+        home = "/var/ejabberd";
+      };
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = [ cfg.pkgs.ejabberdctl ];
+
+    systemd.services.ejabberd = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = "yes";
+        PermissionsStartOnly = "true";
+        SyslogIdentifier = "ejabberd";
+        User = cfg.user.name;
+        ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start";
+      };
+    };
+
+    users.users.${cfg.user.name} = {
+      inherit (cfg.user) home name uid;
+      createHome = true;
+    };
+  };
+}