diff options
author | lassulus <lass@aidsballs.de> | 2016-05-20 00:02:29 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2016-05-20 00:02:29 +0200 |
commit | 3c4c71436ade88ec1e6e74bd8af4b4d77a03884e (patch) | |
tree | 8e6c778da2422c79d3156ffdbee1ca418f61bf11 /lass | |
parent | ac35c00c0454842b20146fad4be16fce628b6816 (diff) |
l 1 prism: start ejabberd & acme
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/prism.nix | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index e69fc545f..406acda5b 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -2,6 +2,10 @@ let ip = config.krebs.build.host.nets.internet.ip4.addr; + + inherit (import ../../4lib { inherit lib pkgs; }) + manageCerts; + in { imports = [ ../. @@ -159,6 +163,38 @@ in { enable = true; }; } + { + security.acme = { + certs."lassul.us" = { + email = "lass@lassul.us"; + webroot = "/var/lib/acme/challenges/lassul.us"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + "full.pem" + ]; + user = "ejabberd"; + }; + }; + krebs.nginx.servers."lassul.us" = { + server-names = [ "lassul.us" ]; + locations = [ + (lib.nameValuePair "/.well-known/acme-challenge" '' + root /var/lib/acme/challenges/lassul.us/; + '') + ]; + }; + lass.ejabberd = { + enable = true; + hosts = [ "lassul.us" ]; + certfile = "/var/lib/acme/lassul.us/full.pem"; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } + { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; |