pastila wip: prosody

2024-06-01 20:53:10 +02:00 · 2024-06-01 20:53:10 +02:00 · 10783c7a7b
parent fe941dcf31
commit 10783c7a7b
4 changed files with 45 additions and 7 deletions
--- a/pastila/configuration.nix
+++ b/pastila/configuration.nix
@ -14,6 +14,7 @@ in
      ./letsencrypt.nix
      ./srv.nix
      ./weechat-relay.nix
+      ./prosody.nix
    ];

  # Use the GRUB 2 boot loader.
--- a/pastila/prosody.nix
+++ b/pastila/prosody.nix
@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.prosody = {
+    enable = true;
+
+    uploadHttp = {
+      domain = "xu.isomorphis.me";
+    };
+
+    ssl = {
+      cert = /var/lib/acme/prosody/cert.pem;
+      key = /var/lib/acme/prosody/key.pem;
+    };
+
+    virtualHosts."isomorphisme" = {
+      enabled = true;
+      domain = "isomorphis.me";
+    };
+
+    admins = [ "armael@isomorphis.me" ];
+  };
+
+  security.acme.certs."prosody" = {
+    domain = "isomorphis.me";
+    extraDomainNames = [
+      "xmpp.isomorphis.me"
+      "xmppproxy.isomorphis.me"
+      "xu.isomorphis.me"
+    ];
+    group = config.services.prosody.group;
+  };
+
+}
--- a/pastila/srv.nix
+++ b/pastila/srv.nix
@ -37,13 +37,13 @@ in
    };
  };

-  services.nginx.virtualHosts."isomorphis.me" = {
-    forceSSL = true;
-    enableACME = true;
-    locations."/" = {
-      root = isomorphisme_dir;
-    };
-  };
+  # services.nginx.virtualHosts."isomorphis.me" = {
+  #   forceSSL = true;
+  #   enableACME = true;
+  #   locations."/" = {
+  #     root = isomorphisme_dir;
+  #   };
+  # };

  system.activationScripts."srv-permissions" = ''
    chown -R up:nginx /srv/up
--- a/vars.nix
+++ b/vars.nix
@ -8,6 +8,9 @@
      { num = 80; proto = "tcp"; }
      { num = 443; proto = "tcp"; }
      { num = 22; proto = "tcp"; }
+      # Prosody
+      { num = 5280; proto = "tcp"; }
+      { num = 5281; proto = "tcp"; }
    ];
  };
  onlineNetDNS = [