nix/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2dd5407129
nixos-config/config/host-config/france/jabber.nix
niten 2dd5407129 Tons of changes, I guess?
2021-11-05 07:06:08 -07:00

194 lines
5.7 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
hostname = config.instance.hostname;
secrets = config.fudo.secrets.host-secrets.${hostname};
cfg = config.fudo.france.jabber;
generate-auth-file = name: files: let
make-entry = name: passwd-file:
''("${name}" . "${readFile passwd-file}")'';
entries = mapAttrsToList make-entry files;
content = concatStringsSep "\n" entries;
in pkgs.writeText "${name}-backplane-auth.scm" "'(${content})";
host-auth-file = generate-auth-file "host" cfg.backplane.host-passwd-files;
service-auth-file = generate-auth-file "service" cfg.backplane.service-passwd-files;
ldap-password-file =
pkgs.lib.fudo.passwd.random-passwd-file "ejabberd-ldap-auth-user" 30;
ldap-hashed-password =
pkgs.lib.fudo.passwd.hash-ldap-passwd "ejabberd-ldap-hashed-passwd" ldap-password-file;
in {
options.fudo.france = with types; {
jabber = {
ldap-user = mkOption {
type = str;
description = "System user as which to authenticate to LDAP.";
default = "ejabberd";
};
ldap-servers = mkOption {
type = listOf str;
description = "LDAP servers to use for user authentication.";
};
listen-ips = mkOption {
type = listOf str;
description = "IPs on which to listen for incoming connections.";
};
backplane = {
host-passwd-files = mkOption {
type = attrsOf str;
description = "Map of hostname to password file, for backplane host authentication.";
default = {};
};
service-passwd-files = mkOption {
type = attrsOf str;
description = "Map of service to password file, for backplane service authentication.";
default = {};
};
};
};
};
config = {
fudo = {
system-users.${cfg.ldap-user} = {
description = "ejabberd authentication user.";
ldap-hashed-password = ldap-hashed-password;
};
secrets.host-secrets.${hostname} = let
user = config.services.ejabberd.user;
in {
host-auth = {
source-file = host-auth-file;
target-file = "/run/backplane/host-auth-file.scm";
user = user;
};
service-auth = {
source-file = service-auth-file;
target-file = "/run/backplane/service-auth-file.scm";
user = user;
};
ldap-password = {
source-file = ldap-password-file;
target-file = "/run/ejabberd/ldap.passwd";
user = user;
};
};
jabber = {
enable = true;
listen-ips = cfg.listen-ips;
environment = {
FUDO_HOST_PASSWD_FILE = secrets.host-auth.target-file;
FUDO_SERVICE_PASSWD_FILE = secrets.service-auth.target-file;
};
secret-files = {
LDAP_PASSWORD = secrets.ldap-password.target-file;
};
sites = {
"fudo.im" = {
site-config = {
auth_method = "ldap";
ldap_servers = cfg.ldap-servers;
ldap_port = 389;
ldap_rootdn = "cn=${cfg.ldap-user},dc=fudo,dc=org";
ldap_password = ''"LDAP_PASSWD"'';
ldap_base = "ou=members,dc=fudo,dc=org";
ldap_filter = "(objectClass=posixAccount)";
ldap_uids = { uid = "%u"; };
modules = {
mod_adhoc = {};
mod_announce = {};
mod_avatar = {};
mod_blocking = {};
mod_caps = {};
mod_carboncopy = {};
mod_client_state = {};
mod_configure = {};
mod_disco = {};
mod_fail2ban = {};
mod_last = {};
mod_offline = {
access_max_user_messages = 5000;
};
mod_ping = {};
mod_privacy = {};
mod_private = {};
mod_pubsub = {
access_createnode = "pubsub_createnode";
ignore_pep_from_offline = true;
last_item_cache = false;
plugins = [
"flat"
"pep"
];
};
mod_roster = {};
mod_stream_mgmt = {};
mod_time = {};
mod_vcard = {
search = false;
};
mod_vcard_xupdate = {};
mod_version = {};
};
};
};
"backplane.fudo.org" = {
site-config = {
auth_method = "external";
extauth_program = "${pkgs.guile}/bin/guile -s ${pkgs.backplane-auth}/backplane-auth.scm";
extauth_pool_size = 3;
auth_use_cache = true;
modules = {
mod_adhoc = {};
mod_caps = {};
mod_carboncopy = {};
mod_client_state = {};
mod_configure = {};
mod_disco = {};
mod_fail2ban = {};
mod_last = {};
mod_offline = {
access_max_user_messages = 5000;
};
mod_ping = {};
mod_pubsub = {
access_createnode = "pubsub_createnode";
ignore_pep_from_offline = true;
last_item_cache = false;
plugins = [
"flat"
"pep"
];
};
mod_roster = {};
mod_stream_mgmt = {};
mod_time = {};
mod_version = {};
};
};
};
};
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink