summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2015-06-24 18:38:44 +0200
committertv <tv@krebsco.de>2015-06-24 18:38:44 +0200
commit80a4164e2150519ac7dcac3eb482f935e4a643fb (patch)
tree939336d6ef21b375de9ef66f8489678cbffdb59b
parent63ba96c32e00ef9b1337e061f75f6940511ca27c (diff)
tv ejabberd: add option certFile
-rwxr-xr-xbin/copy-secrets2
-rw-r--r--modules/tv/ejabberd.nix17
2 files changed, 15 insertions, 4 deletions
diff --git a/bin/copy-secrets b/bin/copy-secrets
index f38e924..d155399 100755
--- a/bin/copy-secrets
+++ b/bin/copy-secrets
@@ -18,7 +18,7 @@ fi
retiolum_secret=$(nixos-query $system_name tv.retiolum.privateKeyFile)
retiolum_uid=$(nixos-query $system_name users.extraUsers.retiolum-tinc.uid)
-ejabberd_secret=/etc/ejabberd/ejabberd.pem
+ejabberd_secret=$(nixos-query $system_name services.ejabberd-cd.certFile)
ejabberd_uid=$(nixos-query $system_name users.extraUsers.ejabberd.uid)
rsync -cz --chown=0:0 -vr "$secrets_rsync/" "$target:/"
diff --git a/modules/tv/ejabberd.nix b/modules/tv/ejabberd.nix
index 008fe2c..54a9aad 100644
--- a/modules/tv/ejabberd.nix
+++ b/modules/tv/ejabberd.nix
@@ -9,7 +9,8 @@ let
cfg = config.services.ejabberd-cd;
-
+ # XXX this is a placeholder that happens to work the default strings.
+ toErlang = builtins.toJSON;
in
@@ -26,6 +27,16 @@ in
description = "Whether to enable ejabberd server";
};
+ certFile = mkOption {
+ # TODO if it's types.path then it gets copied to /nix/store with
+ # bad unsafe permissions...
+ type = types.string;
+ default = "/etc/ejabberd/ejabberd.pem";
+ description = ''
+ TODO
+ '';
+ };
+
config = mkOption {
type = types.string;
default = "";
@@ -221,7 +232,7 @@ in
%% file and uncomment this line:
%%
starttls,
- {certfile, "/etc/ejabberd/ejabberd.pem"},
+ {certfile, ${toErlang cfg.certFile}},
{access, c2s},
{shaper, c2s_shaper},
@@ -274,7 +285,7 @@ in
%%
%% s2s_certfile: Specify a certificate file.
%%
- {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
+ {s2s_certfile, ${toErlang cfg.certFile}}.
%%
%% domain_certfile: Specify a different certificate for each served hostname.