From 389d3fa702b1da3731416dc0c9daf81b99ad138c Mon Sep 17 00:00:00 2001 From: kat witch Date: Fri, 30 Apr 2021 22:54:26 +0100 Subject: [PATCH] services/xmpp: init --- hosts/athame/nixos/default.nix | 1 + services/xmpp.nix | 125 +++++++++++++++++++++++++++++++++ 2 files changed, 126 insertions(+) create mode 100644 services/xmpp.nix diff --git a/hosts/athame/nixos/default.nix b/hosts/athame/nixos/default.nix index f7341c56..a4be8853 100644 --- a/hosts/athame/nixos/default.nix +++ b/hosts/athame/nixos/default.nix @@ -15,6 +15,7 @@ with lib; ../../../services/nginx.nix ../../../services/mail.nix ../../../services/calendar.nix + ../../../services/xmpp.nix ../../../services/gitea ../../../services/syncplay.nix ../../../services/weechat.nix diff --git a/services/xmpp.nix b/services/xmpp.nix new file mode 100644 index 00000000..36c47bae --- /dev/null +++ b/services/xmpp.nix @@ -0,0 +1,125 @@ +{ config, lib, ... }: + +{ + katnet.public.tcp.ports = [ 5000 5222 5223 5269 580 5281 5347 5582 ]; + + services.prosody = { + enable = true; + ssl.cert = "/var/lib/acme/prosody/fullchain.pem"; + ssl.key = "/var/lib/acme/prosody/key.pem"; + admins = [ "kat@kittywit.ch" ]; + virtualHosts = { + "xmpp.kittywit.ch" = { + domain = "kittywit.ch"; + enabled = true; + ssl.cert = "/var/lib/acme/prosody/fullchain.pem"; + ssl.key = "/var/lib/acme/prosody/key.pem"; + extraConfig = '' + legacy_ssl_ports = { 5223 } + ''; + }; + }; + muc = [{ domain = "conference.kittywit.ch"; }]; + uploadHttp = { domain = "upload.kittywit.ch"; }; + }; + + security.acme.certs.prosody = { + domain = "xmpp.kittywit.ch"; + group = "prosody"; + dnsProvider = "rfc2136"; + credentialsFile = config.secrets.files.dns_creds.path; + postRun = "systemctl restart prosody"; + extraDomainNames = + [ "kittywit.ch" "upload.kittywit.ch" "conference.kittywit.ch" ]; + }; + + deploy.tf.dns.records.kittywitch_xmpp = { + tld = "kittywit.ch."; + domain = "xmpp"; + a.address = "168.119.126.111"; + }; + + deploy.tf.dns.records.kittywitch_xmpp_v6 = { + tld = "kittywit.ch."; + domain = "xmpp"; + aaaa.address = + (lib.head config.networking.interfaces.enp1s0.ipv6.addresses).address; + }; + + deploy.tf.dns.records.kittywitch_upload = { + tld = "kittywit.ch."; + domain = "upload"; + cname.target = "xmpp.kittywit.ch."; + }; + + deploy.tf.dns.records.kittywitch_conference = { + tld = "kittywit.ch."; + domain = "conference"; + cname.target = "xmpp.kittywit.ch."; + }; + + deploy.tf.dns.records.kittywitch_xmpp_muc = { + tld = "kittywit.ch."; + domain = "conference"; + srv = { + service = "xmpp-server"; + proto = "tcp"; + priority = 0; + weight = 5; + port = 5269; + target = "xmpp.kittywit.ch."; + }; + }; + + deploy.tf.dns.records.kittywitch_xmpp_client = { + tld = "kittywit.ch."; + domain = "@"; + srv = { + service = "xmpp-client"; + proto = "tcp"; + priority = 0; + weight = 5; + port = 5222; + target = "xmpp.kittywit.ch."; + }; + }; + + deploy.tf.dns.records.kittywitch_xmpps_client = { + tld = "kittywit.ch."; + domain = "@"; + srv = { + service = "xmpps-client"; + proto = "tcp"; + priority = 0; + weight = 5; + port = 5223; + target = "xmpp.kittywit.ch."; + }; + }; + + deploy.tf.dns.records.kittywitch_xmpp_server = { + tld = "kittywit.ch."; + domain = "@"; + srv = { + service = "xmpp-server"; + proto = "tcp"; + priority = 0; + weight = 5; + port = 5269; + target = "xmpp.kittywit.ch."; + }; + }; + + services.nginx.virtualHosts = { + "upload.kittywit.ch" = { + useACMEHost = "prosody"; + forceSSL = true; + }; + + "conference.kittywit.ch" = { + useACMEHost = "prosody"; + forceSSL = true; + }; + }; + users.users.nginx.extraGroups = [ "prosody" ]; +}