services/xmpp: init

2026-02-09 12:29:19 -08:00 · 2021-04-30 22:54:26 +01:00 · 2021-04-30 22:54:26 +01:00 · 389d3fa702
commit 389d3fa702
parent 563a046710
2 changed files with 126 additions and 0 deletions
--- a/hosts/athame/nixos/default.nix
+++ b/hosts/athame/nixos/default.nix
@ -15,6 +15,7 @@ with lib;
    ../../../services/nginx.nix
    ../../../services/mail.nix
    ../../../services/calendar.nix
+    ../../../services/xmpp.nix
    ../../../services/gitea
    ../../../services/syncplay.nix
    ../../../services/weechat.nix
--- a/services/xmpp.nix
+++ b/services/xmpp.nix
@ -0,0 +1,125 @@
+{ config, lib, ... }:
+
+{
+  katnet.public.tcp.ports = [ 5000 5222 5223 5269 580 5281 5347 5582 ];
+
+  services.prosody = {
+    enable = true;
+    ssl.cert = "/var/lib/acme/prosody/fullchain.pem";
+    ssl.key = "/var/lib/acme/prosody/key.pem";
+    admins = [ "kat@kittywit.ch" ];
+    virtualHosts = {
+      "xmpp.kittywit.ch" = {
+        domain = "kittywit.ch";
+        enabled = true;
+        ssl.cert = "/var/lib/acme/prosody/fullchain.pem";
+        ssl.key = "/var/lib/acme/prosody/key.pem";
+        extraConfig = ''
+          legacy_ssl_ports = { 5223 }
+        '';
+      };
+    };
+    muc = [{ domain = "conference.kittywit.ch"; }];
+    uploadHttp = { domain = "upload.kittywit.ch"; };
+  };
+
+  security.acme.certs.prosody = {
+    domain = "xmpp.kittywit.ch";
+    group = "prosody";
+    dnsProvider = "rfc2136";
+    credentialsFile = config.secrets.files.dns_creds.path;
+    postRun = "systemctl restart prosody";
+    extraDomainNames =
+      [ "kittywit.ch" "upload.kittywit.ch" "conference.kittywit.ch" ];
+  };
+
+  deploy.tf.dns.records.kittywitch_xmpp = {
+    tld = "kittywit.ch.";
+    domain = "xmpp";
+    a.address = "168.119.126.111";
+  };
+
+  deploy.tf.dns.records.kittywitch_xmpp_v6 = {
+    tld = "kittywit.ch.";
+    domain = "xmpp";
+    aaaa.address =
+      (lib.head config.networking.interfaces.enp1s0.ipv6.addresses).address;
+  };
+
+  deploy.tf.dns.records.kittywitch_upload = {
+    tld = "kittywit.ch.";
+    domain = "upload";
+    cname.target = "xmpp.kittywit.ch.";
+  };
+
+  deploy.tf.dns.records.kittywitch_conference = {
+    tld = "kittywit.ch.";
+    domain = "conference";
+    cname.target = "xmpp.kittywit.ch.";
+  };
+
+  deploy.tf.dns.records.kittywitch_xmpp_muc = {
+    tld = "kittywit.ch.";
+    domain = "conference";
+    srv = {
+      service = "xmpp-server";
+      proto = "tcp";
+      priority = 0;
+      weight = 5;
+      port = 5269;
+      target = "xmpp.kittywit.ch.";
+    };
+  };
+
+  deploy.tf.dns.records.kittywitch_xmpp_client = {
+    tld = "kittywit.ch.";
+    domain = "@";
+    srv = {
+      service = "xmpp-client";
+      proto = "tcp";
+      priority = 0;
+      weight = 5;
+      port = 5222;
+      target = "xmpp.kittywit.ch.";
+    };
+  };
+
+  deploy.tf.dns.records.kittywitch_xmpps_client = {
+    tld = "kittywit.ch.";
+    domain = "@";
+    srv = {
+      service = "xmpps-client";
+      proto = "tcp";
+      priority = 0;
+      weight = 5;
+      port = 5223;
+      target = "xmpp.kittywit.ch.";
+    };
+  };
+
+  deploy.tf.dns.records.kittywitch_xmpp_server = {
+    tld = "kittywit.ch.";
+    domain = "@";
+    srv = {
+      service = "xmpp-server";
+      proto = "tcp";
+      priority = 0;
+      weight = 5;
+      port = 5269;
+      target = "xmpp.kittywit.ch.";
+    };
+  };
+
+  services.nginx.virtualHosts = {
+    "upload.kittywit.ch" = {
+      useACMEHost = "prosody";
+      forceSSL = true;
+    };
+
+    "conference.kittywit.ch" = {
+      useACMEHost = "prosody";
+      forceSSL = true;
+    };
+  };
+  users.users.nginx.extraGroups = [ "prosody" ];
+}