tv ejabberd: admit multiple certfiles

2022-08-31 03:39:12 +02:00 · 2022-08-31 03:39:12 +02:00 · be14863bcf
commit be14863bcf
parent 3f1a9c5375
2 changed files with 19 additions and 8 deletions
--- a/tv/3modules/ejabberd/config.nix
+++ b/tv/3modules/ejabberd/config.nix
@ -48,8 +48,7 @@ in /* yaml */ ''
        - "::1/128"
        - "::FFFF:127.0.0.1/128"

-  certfiles:
-    - /tmp/credentials/certfile
+  certfiles: ${toJSON config.credentials.certfiles}

  hosts: ${toJSON config.hosts}

--- a/tv/3modules/ejabberd/default.nix
+++ b/tv/3modules/ejabberd/default.nix
@ -15,9 +15,19 @@
 in {
  options.tv.ejabberd = {
    enable = mkEnableOption "tv.ejabberd";
-    certfile = mkOption {
-      type = types.absolute-pathname;
-      default = toString <secrets> + "/ejabberd.pem";
+    certfiles = mkOption {
+      type = types.listOf types.absolute-pathname;
+      default = [
+        (toString <secrets> + "/ejabberd.pem")
+      ];
+    };
+    credentials.certfiles = mkOption {
+      internal = true;
+      readOnly = true;
+      default =
+        imap
+          (i: const /* yaml */ "/tmp/credentials/certfile${toJSON i}")
+          cfg.certfiles;
    };
    hosts = mkOption {
      type = with types; listOf str;
@ -92,9 +102,11 @@ in {
          "${cfg.pkgs.ejabberd}/bin/ejabberdctl stopped"
        ];
        ExecReload = "${cfg.pkgs.ejabberd}/bin/ejabberdctl reload_config";
-        LoadCredential = [
-          "certfile:${cfg.certfile}"
-        ];
+        LoadCredential =
+          zipListsWith
+            (dst: src: "${baseNameOf dst}:${src}")
+            cfg.credentials.certfiles
+            cfg.certfiles;
        LimitNOFILE = 65536;
        PrivateDevices = true;
        PrivateTmp = true;