tv ejabberd: add option certFile
This commit is contained in:
parent
45a0cb01d3
commit
1c71216a05
|
@ -18,7 +18,7 @@ fi
|
||||||
retiolum_secret=$(nixos-query $system_name tv.retiolum.privateKeyFile)
|
retiolum_secret=$(nixos-query $system_name tv.retiolum.privateKeyFile)
|
||||||
retiolum_uid=$(nixos-query $system_name users.extraUsers.retiolum-tinc.uid)
|
retiolum_uid=$(nixos-query $system_name users.extraUsers.retiolum-tinc.uid)
|
||||||
|
|
||||||
ejabberd_secret=/etc/ejabberd/ejabberd.pem
|
ejabberd_secret=$(nixos-query $system_name services.ejabberd-cd.certFile)
|
||||||
ejabberd_uid=$(nixos-query $system_name users.extraUsers.ejabberd.uid)
|
ejabberd_uid=$(nixos-query $system_name users.extraUsers.ejabberd.uid)
|
||||||
|
|
||||||
rsync -cz --chown=0:0 -vr "$secrets_rsync/" "$target:/"
|
rsync -cz --chown=0:0 -vr "$secrets_rsync/" "$target:/"
|
||||||
|
|
|
@ -9,7 +9,8 @@ let
|
||||||
|
|
||||||
cfg = config.services.ejabberd-cd;
|
cfg = config.services.ejabberd-cd;
|
||||||
|
|
||||||
|
# XXX this is a placeholder that happens to work the default strings.
|
||||||
|
toErlang = builtins.toJSON;
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
|
@ -26,6 +27,16 @@ in
|
||||||
description = "Whether to enable ejabberd server";
|
description = "Whether to enable ejabberd server";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
certFile = mkOption {
|
||||||
|
# TODO if it's types.path then it gets copied to /nix/store with
|
||||||
|
# bad unsafe permissions...
|
||||||
|
type = types.string;
|
||||||
|
default = "/etc/ejabberd/ejabberd.pem";
|
||||||
|
description = ''
|
||||||
|
TODO
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
config = mkOption {
|
config = mkOption {
|
||||||
type = types.string;
|
type = types.string;
|
||||||
default = "";
|
default = "";
|
||||||
|
@ -221,7 +232,7 @@ in
|
||||||
%% file and uncomment this line:
|
%% file and uncomment this line:
|
||||||
%%
|
%%
|
||||||
starttls,
|
starttls,
|
||||||
{certfile, "/etc/ejabberd/ejabberd.pem"},
|
{certfile, ${toErlang cfg.certFile}},
|
||||||
|
|
||||||
{access, c2s},
|
{access, c2s},
|
||||||
{shaper, c2s_shaper},
|
{shaper, c2s_shaper},
|
||||||
|
@ -274,7 +285,7 @@ in
|
||||||
%%
|
%%
|
||||||
%% s2s_certfile: Specify a certificate file.
|
%% s2s_certfile: Specify a certificate file.
|
||||||
%%
|
%%
|
||||||
{s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
|
{s2s_certfile, ${toErlang cfg.certFile}}.
|
||||||
|
|
||||||
%%
|
%%
|
||||||
%% domain_certfile: Specify a different certificate for each served hostname.
|
%% domain_certfile: Specify a different certificate for each served hostname.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user