diff options
author | tv <tv@krebsco.de> | 2016-07-07 23:05:06 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2016-07-07 23:05:06 +0200 |
commit | f7d966043d04d73df719cbe6c13e4c1aa16bb7f7 (patch) | |
tree | 2bf4f994e8bcb15fe2ce16a1fe2d8f742234ab63 /lass/3modules/ejabberd/default.nix | |
parent | f18ababed59c21615d6659881a01597e18e706d3 (diff) | |
parent | 6eab08eef60d634324056b58c98a1b2a4fa1ed1f (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/3modules/ejabberd/default.nix')
-rw-r--r-- | lass/3modules/ejabberd/default.nix | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix index c68f32ef0..18c7cd656 100644 --- a/lass/3modules/ejabberd/default.nix +++ b/lass/3modules/ejabberd/default.nix @@ -4,7 +4,12 @@ in { options.lass.ejabberd = { enable = mkEnableOption "lass.ejabberd"; certfile = mkOption { - type = types.str; + type = types.secret-file; + default = { + path = "${cfg.user.home}/ejabberd.pem"; + owner = cfg.user; + source-path = "/var/lib/acme/lassul.us/full.pem"; + }; }; hosts = mkOption { type = with types; listOf str; @@ -17,12 +22,11 @@ in { export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)} exec ${pkgs.ejabberd}/bin/ejabberdctl \ --logs ${shell.escape cfg.user.home} \ - --spool ${shell.escape cfg.user.home} \ "$@" ''; }; s2s_certfile = mkOption { - type = types.str; + type = types.secret-file; default = cfg.certfile; }; user = mkOption { @@ -36,9 +40,15 @@ in { config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.pkgs.ejabberdctl ]; + krebs.secret.files = { + ejabberd-certfile = cfg.certfile; + ejabberd-s2s_certfile = cfg.s2s_certfile; + }; + systemd.services.ejabberd = { wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + requires = [ "secret.service" ]; + after = [ "network.target" "secret.service" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; |