diff options
author | tv <tv@krebsco.de> | 2017-07-22 19:18:02 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-07-22 19:20:51 +0200 |
commit | 4b7731f91a54fc10dc91872d18c5752923918082 (patch) | |
tree | 5d77d608c838de6d46b15b87861016595ab24250 /tv/3modules/ejabberd/default.nix | |
parent | c8000ae285a6c7d793effbda954c5455c4f9ac95 (diff) |
tv ejabberd: 2.1.13 -> upstream
Diffstat (limited to 'tv/3modules/ejabberd/default.nix')
-rw-r--r-- | tv/3modules/ejabberd/default.nix | 42 |
1 files changed, 35 insertions, 7 deletions
diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix index 4d3493d..d7b8deb 100644 --- a/tv/3modules/ejabberd/default.nix +++ b/tv/3modules/ejabberd/default.nix @@ -1,5 +1,17 @@ { config, lib, pkgs, ... }@args: with import <stockholm/lib>; let + cfg = config.tv.ejabberd; + + gen-dhparam = pkgs.writeDash "gen-dhparam" '' + set -efu + path=$1 + bits=2048 + # TODO regenerate dhfile after some time? + if ! test -e "$path"; then + ${pkgs.openssl}/bin/openssl dhparam "$bits" > "$path" + fi + ''; + in { options.tv.ejabberd = { enable = mkEnableOption "tv.ejabberd"; @@ -11,20 +23,36 @@ in { source-path = toString <secrets> + "/ejabberd.pem"; }; }; + dhfile = mkOption { + type = types.secret-file; + default = { + path = "${cfg.user.home}/dhparams.pem"; + owner = cfg.user; + source-path = "/dev/null"; + }; + }; hosts = mkOption { type = with types; listOf str; }; pkgs.ejabberdctl = mkOption { type = types.package; default = pkgs.writeDashBin "ejabberdctl" '' - set -efu - export SPOOLDIR=${shell.escape cfg.user.home} - export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)} exec ${pkgs.ejabberd}/bin/ejabberdctl \ + --config ${toFile "ejabberd.yaml" (import ./config.nix { + inherit pkgs; + config = cfg; + })} \ --logs ${shell.escape cfg.user.home} \ + --spool ${shell.escape cfg.user.home} \ "$@" ''; }; + registration_watchers = mkOption { + type = types.listOf types.str; + default = [ + config.krebs.users.tv.mail + ]; + }; s2s_certfile = mkOption { type = types.secret-file; default = cfg.certfile; @@ -50,12 +78,12 @@ in { requires = [ "secret.service" ]; after = [ "network.target" "secret.service" ]; serviceConfig = { - Type = "oneshot"; - RemainAfterExit = "yes"; - PermissionsStartOnly = "true"; + ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}"; + ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground"; + PermissionsStartOnly = true; SyslogIdentifier = "ejabberd"; User = cfg.user.name; - ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start"; + TimeoutStartSec = 60; }; }; |