prosody: Opened c2s and s2s ports. Cleaned up config

2023-02-21 01:28:58 +01:00 · 2023-02-21 01:28:58 +01:00 · b9060ba7c2
commit b9060ba7c2
parent 83c741a107
1 changed files with 20 additions and 12 deletions
--- a/hosts/architect/prosody.nix
+++ b/hosts/architect/prosody.nix
@ -7,17 +7,20 @@ let
  network = import ./network.nix;
 in
 {
+  architect.firewall = {
+    openTCP = [ 5222 5269 ];
+  };
+
  services = {
    prosody = {
      enable = true;
-      virtualHosts = {
-        "${domain}" = {
-          domain = domain;
-          enabled = true;
-          ssl.key = "${config.security.acme.certs.${domain}.directory}/key.pem";
-          ssl.cert =
-            "${config.security.acme.certs.${domain}.directory}/fullchain.pem";
-        };
+      virtualHosts.${domain} = {
+        inherit domain;
+
+        enabled = true;
+        ssl.key = "${config.security.acme.certs.${domain}.directory}/key.pem";
+        ssl.cert =
+          "${config.security.acme.certs.${domain}.directory}/fullchain.pem";
      };

      muc = [{ domain = conference_domain; }];
@ -27,11 +30,16 @@ in
      #httpInterfaces = [ "wg0" ];
      #httpsInterfaces = [ "wg0" ];
    };
-  };

-  services.nginx.virtualHosts."${domain}".enableACME = true;
-  #services.nginx.virtualHosts."${conference_domain}".enableACME = true;
-  #services.nginx.virtualHosts."${upload_domain}".enableACME = true;
+    nginx.virtualHosts = {
+      "${domain}" = {
+        enableACME = true;
+        forceSSL = true;
+      };
+      # "${conference_domain}".enableACME = true;
+      # "${upload_domain}".enableACME = true;
+    };
+  };

  networking.extraHosts = ''
    ${network.architect-lan} ${domain}