From 10783c7a7b7d525da4aadcdecf5c8fc73952755b Mon Sep 17 00:00:00 2001
From: root <root@pastila>
Date: Sat, 1 Jun 2024 20:53:10 +0200
Subject: [PATCH] pastila wip: prosody

---
 pastila/configuration.nix |  1 +
 pastila/prosody.nix       | 34 ++++++++++++++++++++++++++++++++++
 pastila/srv.nix           | 14 +++++++-------
 vars.nix                  |  3 +++
 4 files changed, 45 insertions(+), 7 deletions(-)
 create mode 100644 pastila/prosody.nix

diff --git a/pastila/configuration.nix b/pastila/configuration.nix
index bdb7e85..feb8c03 100644
--- a/pastila/configuration.nix
+++ b/pastila/configuration.nix
@@ -14,6 +14,7 @@ in
       ./letsencrypt.nix
       ./srv.nix
       ./weechat-relay.nix
+      ./prosody.nix
     ];
 
   # Use the GRUB 2 boot loader.
diff --git a/pastila/prosody.nix b/pastila/prosody.nix
new file mode 100644
index 0000000..d389be7
--- /dev/null
+++ b/pastila/prosody.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.prosody = {
+    enable = true;
+
+    uploadHttp = {
+      domain = "xu.isomorphis.me";
+    };
+
+    ssl = {
+      cert = /var/lib/acme/prosody/cert.pem;
+      key = /var/lib/acme/prosody/key.pem;
+    };
+
+    virtualHosts."isomorphisme" = {
+      enabled = true;
+      domain = "isomorphis.me";
+    };
+
+    admins = [ "armael@isomorphis.me" ];
+  };
+
+  security.acme.certs."prosody" = {
+    domain = "isomorphis.me";
+    extraDomainNames = [
+      "xmpp.isomorphis.me"
+      "xmppproxy.isomorphis.me"
+      "xu.isomorphis.me"
+    ];
+    group = config.services.prosody.group;
+  };
+
+}
\ No newline at end of file
diff --git a/pastila/srv.nix b/pastila/srv.nix
index 640b713..5a4157b 100644
--- a/pastila/srv.nix
+++ b/pastila/srv.nix
@@ -37,13 +37,13 @@ in
     };
   };
 
-  services.nginx.virtualHosts."isomorphis.me" = {
-    forceSSL = true;
-    enableACME = true;
-    locations."/" = {
-      root = isomorphisme_dir;
-    };
-  };
+  # services.nginx.virtualHosts."isomorphis.me" = {
+  #   forceSSL = true;
+  #   enableACME = true;
+  #   locations."/" = {
+  #     root = isomorphisme_dir;
+  #   };
+  # };
 
   system.activationScripts."srv-permissions" = ''
     chown -R up:nginx /srv/up
diff --git a/vars.nix b/vars.nix
index 4017fd3..0eec36f 100644
--- a/vars.nix
+++ b/vars.nix
@@ -8,6 +8,9 @@
       { num = 80; proto = "tcp"; }
       { num = 443; proto = "tcp"; }
       { num = 22; proto = "tcp"; }
+      # Prosody
+      { num = 5280; proto = "tcp"; }
+      { num = 5281; proto = "tcp"; }
     ];
   };
   onlineNetDNS = [