nixos/hosts/architect/prosody.nix

{ lib, config, ... }:

let
  domain = "xmpp.giugl.io";
  conference_domain = "conference.${domain}";
  upload_domain = "uploads.${domain}";
  
  utilities = import ./utilities.nix { inherit lib config; };
  inherit (utilities) architectInterfaceAddress;
in
{
  architect.firewall = {
    openTCP = [ 5222 5269 ];
  };

  services = {
    prosody = {
      enable = true;
      virtualHosts.${domain} = {
        inherit domain;

        enabled = true;
        ssl.key = "${config.security.acme.certs.${domain}.directory}/key.pem";
        ssl.cert =
          "${config.security.acme.certs.${domain}.directory}/fullchain.pem";
      };

      muc = [{ domain = conference_domain; }];
      uploadHttp = { domain = upload_domain; };

      admins = [ "giulio@${domain}" ];
      #httpInterfaces = [ "wg0" ];
      #httpsInterfaces = [ "wg0" ];
    };

    nginx.virtualHosts = {
      "${domain}" = {
        enableACME = true;
        forceSSL = true;
      };
      # "${conference_domain}".enableACME = true;
      # "${upload_domain}".enableACME = true;
    };
  };

  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';

  users.groups = {
    acme.members = [ "prosody" ];
    nginx.members = [ "prosody" ];
  };
}
prossima volta committo seriamente 2022-02-15 10:58:08 +00:00			`{ lib, config, ... }:`

			`let`
			`domain = "xmpp.giugl.io";`
			`conference_domain = "conference.${domain}";`
			`upload_domain = "uploads.${domain}";`
architect: services use new networking attrset 2023-05-12 22:05:10 +01:00
			`utilities = import ./utilities.nix { inherit lib config; };`
			`inherit (utilities) architectInterfaceAddress;`
Formatting 2023-02-11 02:29:48 +00:00			`in`
			`{`
prosody: Opened c2s and s2s ports. Cleaned up config 2023-02-21 00:28:58 +00:00			`architect.firewall = {`
			`openTCP = [ 5222 5269 ];`
			`};`

prossima volta committo seriamente 2022-02-15 10:58:08 +00:00			`services = {`
			`prosody = {`
			`enable = true;`
prosody: Opened c2s and s2s ports. Cleaned up config 2023-02-21 00:28:58 +00:00			`virtualHosts.${domain} = {`
			`inherit domain;`

			`enabled = true;`
			`ssl.key = "${config.security.acme.certs.${domain}.directory}/key.pem";`
			`ssl.cert =`
			`"${config.security.acme.certs.${domain}.directory}/fullchain.pem";`
prossima volta committo seriamente 2022-02-15 10:58:08 +00:00			`};`

			`muc = [{ domain = conference_domain; }];`
			`uploadHttp = { domain = upload_domain; };`

			`admins = [ "giulio@${domain}" ];`
many updates, yasssss 2022-03-15 15:58:04 +00:00			`#httpInterfaces = [ "wg0" ];`
			`#httpsInterfaces = [ "wg0" ];`
prossima volta committo seriamente 2022-02-15 10:58:08 +00:00			`};`

prosody: Opened c2s and s2s ports. Cleaned up config 2023-02-21 00:28:58 +00:00			`nginx.virtualHosts = {`
			`"${domain}" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`};`
			`# "${conference_domain}".enableACME = true;`
			`# "${upload_domain}".enableACME = true;`
			`};`
			`};`
prossima volta committo seriamente 2022-02-15 10:58:08 +00:00
			`networking.extraHosts = ''`
architect: services use new networking attrset 2023-05-12 22:05:10 +01:00			`${architectInterfaceAddress "lan"} ${domain}`
			`${architectInterfaceAddress "tailscale"} ${domain}`
Add prosody to nginx group 2022-10-11 20:30:49 +01:00			`'';`
prossima volta committo seriamente 2022-02-15 10:58:08 +00:00
Add prosody to nginx group 2022-10-11 20:30:49 +01:00			`users.groups = {`
			`acme.members = [ "prosody" ];`
			`nginx.members = [ "prosody" ];`
			`};`
prossima volta committo seriamente 2022-02-15 10:58:08 +00:00			`}`