Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

tv ejabberd: admit multiple certfiles

Browse Source
This commit is contained in:
tv 2022-08-31 03:39:12 +02:00
parent 3f1a9c5375
commit be14863bcf
2 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tv/3modules/ejabberd/config.nix
View File

@ -48,8 +48,7 @@ in /* yaml */ ''
- "::1/128" - "::1/128"
- "::FFFF:127.0.0.1/128" - "::FFFF:127.0.0.1/128"
certfiles: certfiles: ${toJSON config.credentials.certfiles}
- /tmp/credentials/certfile
hosts: ${toJSON config.hosts} hosts: ${toJSON config.hosts}

24
tv/3modules/ejabberd/default.nix
View File

@ -15,9 +15,19 @@
in { in {
options.tv.ejabberd = { options.tv.ejabberd = {
enable = mkEnableOption "tv.ejabberd"; enable = mkEnableOption "tv.ejabberd";
certfile = mkOption { certfiles = mkOption {
type = types.absolute-pathname; type = types.listOf types.absolute-pathname;
default = toString <secrets> + "/ejabberd.pem"; default = [
(toString <secrets> + "/ejabberd.pem")
];
};
credentials.certfiles = mkOption {
internal = true;
readOnly = true;
default =
imap
(i: const /* yaml */ "/tmp/credentials/certfile${toJSON i}")
cfg.certfiles;
}; };
hosts = mkOption { hosts = mkOption {
type = with types; listOf str; type = with types; listOf str;
@ -92,9 +102,11 @@ in {
"${cfg.pkgs.ejabberd}/bin/ejabberdctl stopped" "${cfg.pkgs.ejabberd}/bin/ejabberdctl stopped"
]; ];
ExecReload = "${cfg.pkgs.ejabberd}/bin/ejabberdctl reload_config"; ExecReload = "${cfg.pkgs.ejabberd}/bin/ejabberdctl reload_config";
LoadCredential = [ LoadCredential =
"certfile:${cfg.certfile}" zipListsWith
]; (dst: src: "${baseNameOf dst}:${src}")
cfg.credentials.certfiles
cfg.certfiles;
LimitNOFILE = 65536; LimitNOFILE = 65536;
PrivateDevices = true; PrivateDevices = true;
PrivateTmp = true; PrivateTmp = true;