126 lines
3.4 KiB
Nix
126 lines
3.4 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
cfg = config.fudo.services.jabber;
|
|
hostname = config.instance.hostname;
|
|
host-secrets = config.fudo.secrets.host-secrets.${hostname};
|
|
|
|
in {
|
|
options.fudo.services.jabber = with types; {
|
|
enable = mkEnableOption "Enable Jabber server on this host.";
|
|
|
|
user = mkOption {
|
|
type = str;
|
|
description = "User as which to run the ejabberd server.";
|
|
default = "ejabberd";
|
|
};
|
|
|
|
group = mkOption {
|
|
type = str;
|
|
description = "Group as which to run the ejabberd server.";
|
|
default = "ejabberd";
|
|
};
|
|
|
|
hostname = mkOption {
|
|
type = str;
|
|
description = "Hostname of the user jabber server.";
|
|
default = "jabber.fudo.org";
|
|
};
|
|
|
|
ldap = {
|
|
user = mkOption {
|
|
type = str;
|
|
description = "System user as which to connect to the LDAP server to authenticate users.";
|
|
default = "ejabberd-auth";
|
|
};
|
|
|
|
servers = mkOption {
|
|
type = listOf str;
|
|
description = "List of LDAP servers to use while authenticating users.";
|
|
};
|
|
};
|
|
|
|
state-directory = mkOption {
|
|
type = str;
|
|
description = "Directory at which to store Jabber state. Should be persistent.";
|
|
default = "/var/lib/ejabberd";
|
|
};
|
|
};
|
|
|
|
config.fudo = let
|
|
ejabberd-ldap-auth-passwd-file =
|
|
pkgs.lib.passwd.stablerandom-passwd-file "ejabberd-auth-passwd-file"
|
|
"ejabberd-auth-passwd-file-${config.instance.build-seed}";
|
|
in {
|
|
system-users.${cfg.ldap.user} = {
|
|
description = "ejabberd authentication user.";
|
|
ldap-hashed-password =
|
|
pkgs.lib.passwd.hash-ldap-passwd "ejabberd-ldap-auth-passwd"
|
|
ejabberd-ldap-auth-passwd-file;
|
|
};
|
|
|
|
jabber = mkIf cfg.enable {
|
|
enable = true;
|
|
|
|
state-directory = cfg.state-directory;
|
|
|
|
secret-files = {
|
|
"__LDAP_PASSWORD__" = ejabberd-ldap-auth-passwd-file;
|
|
};
|
|
|
|
sites = {
|
|
${cfg.hostname} = {
|
|
site-config = {
|
|
auth_method = "ldap";
|
|
ldap_servers = cfg.ldap.servers;
|
|
ldap_port = 636;
|
|
ldap_rootdn = "cn=${cfg.ldap.user},dc=fudo,dc=org";
|
|
ldap_password = "__LDAP_PASSWORD__";
|
|
ldap_base = "ou=members,dc=fudo,dc=org";
|
|
ldap_filter = "(objectClass=posixAccount)";
|
|
ldap_uids = { uid = "%u"; };
|
|
|
|
modules = {
|
|
mod_adhoc = {};
|
|
mod_announce = {};
|
|
mod_avatar = {};
|
|
mod_blocking = {};
|
|
mod_caps = {};
|
|
mod_carboncopy = {};
|
|
mod_client_state = {};
|
|
mod_configure = {};
|
|
mod_disco = {};
|
|
mod_fail2ban = {};
|
|
mod_last = {};
|
|
mod_offline = {
|
|
access_max_user_messages = 5000;
|
|
};
|
|
mod_ping = {};
|
|
mod_privacy = {};
|
|
mod_private = {};
|
|
mod_pubsub = {
|
|
access_createnode = "pubsub_createnode";
|
|
ignore_pep_from_offline = true;
|
|
last_item_cache = false;
|
|
plugins = [
|
|
"flat"
|
|
"pep"
|
|
];
|
|
};
|
|
mod_roster = {};
|
|
mod_stream_mgmt = {};
|
|
mod_time = {};
|
|
mod_vcard = {
|
|
search = false;
|
|
};
|
|
mod_vcard_xupdate = {};
|
|
mod_version = {};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|