diff options
| author | tv <tv@shackspace.de> | 2015-06-24 18:38:44 +0200 |
|---|---|---|
| committer | tv <tv@shackspace.de> | 2015-06-24 18:38:44 +0200 |
| commit | 1c71216a051746d600fd8f5e9ae8c133be232160 (patch) | |
| tree | 939336d6ef21b375de9ef66f8489678cbffdb59b | |
| parent | 45a0cb01d37e64b4d4d56a7a6769aba61d0fd8f2 (diff) | |
tv ejabberd: add option certFile
| -rwxr-xr-x | bin/copy-secrets | 2 | ||||
| -rw-r--r-- | modules/tv/ejabberd.nix | 17 |
2 files changed, 15 insertions, 4 deletions
diff --git a/bin/copy-secrets b/bin/copy-secrets index f38e9249e..d155399e9 100755 --- a/bin/copy-secrets +++ b/bin/copy-secrets @@ -18,7 +18,7 @@ fi retiolum_secret=$(nixos-query $system_name tv.retiolum.privateKeyFile) retiolum_uid=$(nixos-query $system_name users.extraUsers.retiolum-tinc.uid) -ejabberd_secret=/etc/ejabberd/ejabberd.pem +ejabberd_secret=$(nixos-query $system_name services.ejabberd-cd.certFile) ejabberd_uid=$(nixos-query $system_name users.extraUsers.ejabberd.uid) rsync -cz --chown=0:0 -vr "$secrets_rsync/" "$target:/" diff --git a/modules/tv/ejabberd.nix b/modules/tv/ejabberd.nix index 008fe2cda..54a9aad0f 100644 --- a/modules/tv/ejabberd.nix +++ b/modules/tv/ejabberd.nix @@ -9,7 +9,8 @@ let cfg = config.services.ejabberd-cd; - + # XXX this is a placeholder that happens to work the default strings. + toErlang = builtins.toJSON; in @@ -26,6 +27,16 @@ in description = "Whether to enable ejabberd server"; }; + certFile = mkOption { + # TODO if it's types.path then it gets copied to /nix/store with + # bad unsafe permissions... + type = types.string; + default = "/etc/ejabberd/ejabberd.pem"; + description = '' + TODO + ''; + }; + config = mkOption { type = types.string; default = ""; @@ -221,7 +232,7 @@ in %% file and uncomment this line: %% starttls, - {certfile, "/etc/ejabberd/ejabberd.pem"}, + {certfile, ${toErlang cfg.certFile}}, {access, c2s}, {shaper, c2s_shaper}, @@ -274,7 +285,7 @@ in %% %% s2s_certfile: Specify a certificate file. %% - {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}. + {s2s_certfile, ${toErlang cfg.certFile}}. %% %% domain_certfile: Specify a different certificate for each served hostname. |