diff options
| -rw-r--r-- | Omni/Bild/Sources.json | 11 | ||||
| -rw-r--r-- | Omni/Cloud.nix | 2 | ||||
| -rw-r--r-- | Omni/Cloud/Comms/Xmpp.nix | 40 | ||||
| -rw-r--r-- | Omni/Cloud/Web.nix | 68 |
4 files changed, 58 insertions, 63 deletions
diff --git a/Omni/Bild/Sources.json b/Omni/Bild/Sources.json index a2f695a..14abe06 100644 --- a/Omni/Bild/Sources.json +++ b/Omni/Bild/Sources.json @@ -130,17 +130,18 @@ "homepage": "", "owner": "nixos", "repo": "nixpkgs", - "rev": "3ffbbdbac0566a0977da3d2657b89cbcfe9a173b", - "sha256": "0m3zh14is40vixpv125alyacd22835v0v845dsnk5d68wvwhikq2", + "rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9", + "sha256": "0zffg0m7rhdpk94df578wln5lw3plamadac86cd7cfjcb1n13xmm", "type": "tarball", - "url": "https://github.com/nixos/nixpkgs/archive/3ffbbdbac0566a0977da3d2657b89cbcfe9a173b.tar.gz", + "url": "https://github.com/nixos/nixpkgs/archive/edf04b75c13c2ac0e54df5ec5c543e300f76f1c9.tar.gz", "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" }, "nixos-mailserver": { + "branch": "master", "repo": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver", - "rev": "f535d8123c4761b2ed8138f3d202ea710a334a1d", + "rev": "dc0569066e79ae96184541da6fa28f35a33fbf7b", "sha256": "0csx2i8p7gbis0n5aqpm57z5f9cd8n9yabq04bg1h4mkfcf7mpl6", - "type": "tarball", + "type": "git", "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/f535d8123c4761b2ed8138f3d202ea710a334a1d/nixos-mailserver-f535d8123c4761b2ed8138f3d202ea710a334a1d.tar.gz", "url_template": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/<rev>/nixos-mailserver-<rev>.tar.gz", "version": "master" diff --git a/Omni/Cloud.nix b/Omni/Cloud.nix index e9bff4b..8d5095d 100644 --- a/Omni/Cloud.nix +++ b/Omni/Cloud.nix @@ -5,7 +5,7 @@ bild.os { ./Os/Base.nix ./Packages.nix ./Users.nix - ./Cloud/Chat.nix + # ./Cloud/Chat.nix ./Cloud/Comms.nix ./Cloud/Git.nix ./Cloud/Hardware.nix diff --git a/Omni/Cloud/Comms/Xmpp.nix b/Omni/Cloud/Comms/Xmpp.nix index 5a8264b..ea50ed9 100644 --- a/Omni/Cloud/Comms/Xmpp.nix +++ b/Omni/Cloud/Comms/Xmpp.nix @@ -29,8 +29,8 @@ in { package = pkgs.prosody.override {withCommunityModules = ["conversejs"];}; - # when i learn how to use security.acme better, and use separate certs, then i - # can fix this group + # this is necessary bc prosody needs access to the acme certs managed in Omni/Cloud/Web.nix, when + # i learn how to use security.acme better, and use separate certs, then i can fix this group group = "nginx"; admins = ["bsima@${rootDomain}"]; allowRegistration = true; @@ -51,7 +51,7 @@ in { dialback = true; disco = true; groups = true; - http_files = false; # hm, look into this + http_files = false; # https://prosody.im/doc/modules/mod_http_files motd = true; pep = true; ping = true; @@ -108,17 +108,6 @@ in { roomDefaultModerated = true; roomDefaultPublic = false; } - { - domain = "chat.${rootDomain}"; - maxHistoryMessages = 10000; - name = "Chat Rooms"; - restrictRoomCreation = false; - roomDefaultHistoryLength = 200; - roomDefaultMembersOnly = false; - roomDefaultModerated = false; - roomDefaultPublic = true; - roomDefaultPublicJids = true; - } ]; virtualHosts = { @@ -192,23 +181,8 @@ in { users.users.nginx.extraGroups = ["prosody"]; - security.acme.certs.${rootDomain}.extraDomainNames = [ - # these stopped working idk why - #"upload.${rootDomain}" - #"conference.${rootDomain}" - "anon.${rootDomain}" - "chat.${rootDomain}" - ]; - - #security.acme.certs.prosody = { - # domain = "${domain}"; - # group = "prosody"; - # dnsProvider = "rfc2136"; - # #credentialsFile = config.secrets.files.dns_creds.path; - # postRun = "systemctl restart prosody"; - # extraDomainNames = [ - # domain - # "upload.${domain}" - # ]; - #}; + # restart prosody when we renew the main cert + # https://github.com/NixOS/nixpkgs/issues/133904 + systemd.services.prosody.requires = ["acme-finished-${rootDomain}.target"]; + systemd.services.prosody.after = ["acme-finished-${rootDomain}.target"]; } diff --git a/Omni/Cloud/Web.nix b/Omni/Cloud/Web.nix index 1791539..84f87d4 100644 --- a/Omni/Cloud/Web.nix +++ b/Omni/Cloud/Web.nix @@ -17,6 +17,8 @@ in { ]; }; + users.users.nginx.extraGroups = ["acme"]; + services = { libreddit = { enable = true; @@ -115,7 +117,6 @@ in { names.bensima = "2fa4b9ba71b6dab17c4723745bb7850dfdafcb6ae1a8642f76f9c64fa5f43436"; } }'"; - # disabled for nixpert test "/" = { root = "/var/web/simatime.com"; extraConfig = '' @@ -133,6 +134,24 @@ in { }; }; + # these are for xmpp, not sure if they are necessary but they seem to be? + "conference.${rootDomain}" = { + forceSSL = true; + useACMEHost = rootDomain; + locations."/" = { + root = "/var/web/simatime.com"; + extraConfig = "autoindex on;"; + }; + }; + "upload.${rootDomain}" = { + forceSSL = true; + useACMEHost = rootDomain; + locations."/" = { + root = "/var/web/simatime.com"; + extraConfig = "autoindex on;"; + }; + }; + "bsima.me" = { locations."/" = { root = "/var/web/ben"; @@ -265,27 +284,28 @@ in { }; }; - # This must contain all of the other domains we host - security.acme.certs.${rootDomain}.extraDomainNames = - ["bsima.me" "www.bsima.me"] - ++ map (sub: "${sub}.${rootDomain}") [ - "music" - "tv" - "matrix" - "chat" - "hoogle" - "dandel-rovbur" - "sabten" - "cal" - "notebook" - "nostr" - "reddit" - "old.reddit" - "www.reddit" - "youtube" - "www.youtube" - "m.youtube" - "sd" - "gerrit" - ]; + security.acme.certs.${rootDomain} = { + group = "nginx"; + # This must contain all of the other domains we host + extraDomainNames = + ["bsima.me" "www.bsima.me"] + ++ map (sub: "${sub}.${rootDomain}") [ + "music" + "tv" + "hoogle" + "dandel-rovbur" + "sabten" + "cal" + "notebook" + "nostr" + "youtube" + "www.youtube" + "m.youtube" + "sd" + "gerrit" + # xmpp stuff + "upload" + "conference" + ]; + }; } |