diff options
Diffstat (limited to 'Omni/Cloud')
| -rw-r--r-- | Omni/Cloud/Comms/Xmpp.nix | 40 | ||||
| -rw-r--r-- | Omni/Cloud/Web.nix | 68 |
2 files changed, 51 insertions, 57 deletions
diff --git a/Omni/Cloud/Comms/Xmpp.nix b/Omni/Cloud/Comms/Xmpp.nix index 5a8264b..ea50ed9 100644 --- a/Omni/Cloud/Comms/Xmpp.nix +++ b/Omni/Cloud/Comms/Xmpp.nix @@ -29,8 +29,8 @@ in { package = pkgs.prosody.override {withCommunityModules = ["conversejs"];}; - # when i learn how to use security.acme better, and use separate certs, then i - # can fix this group + # this is necessary bc prosody needs access to the acme certs managed in Omni/Cloud/Web.nix, when + # i learn how to use security.acme better, and use separate certs, then i can fix this group group = "nginx"; admins = ["bsima@${rootDomain}"]; allowRegistration = true; @@ -51,7 +51,7 @@ in { dialback = true; disco = true; groups = true; - http_files = false; # hm, look into this + http_files = false; # https://prosody.im/doc/modules/mod_http_files motd = true; pep = true; ping = true; @@ -108,17 +108,6 @@ in { roomDefaultModerated = true; roomDefaultPublic = false; } - { - domain = "chat.${rootDomain}"; - maxHistoryMessages = 10000; - name = "Chat Rooms"; - restrictRoomCreation = false; - roomDefaultHistoryLength = 200; - roomDefaultMembersOnly = false; - roomDefaultModerated = false; - roomDefaultPublic = true; - roomDefaultPublicJids = true; - } ]; virtualHosts = { @@ -192,23 +181,8 @@ in { users.users.nginx.extraGroups = ["prosody"]; - security.acme.certs.${rootDomain}.extraDomainNames = [ - # these stopped working idk why - #"upload.${rootDomain}" - #"conference.${rootDomain}" - "anon.${rootDomain}" - "chat.${rootDomain}" - ]; - - #security.acme.certs.prosody = { - # domain = "${domain}"; - # group = "prosody"; - # dnsProvider = "rfc2136"; - # #credentialsFile = config.secrets.files.dns_creds.path; - # postRun = "systemctl restart prosody"; - # extraDomainNames = [ - # domain - # "upload.${domain}" - # ]; - #}; + # restart prosody when we renew the main cert + # https://github.com/NixOS/nixpkgs/issues/133904 + systemd.services.prosody.requires = ["acme-finished-${rootDomain}.target"]; + systemd.services.prosody.after = ["acme-finished-${rootDomain}.target"]; } diff --git a/Omni/Cloud/Web.nix b/Omni/Cloud/Web.nix index 1791539..84f87d4 100644 --- a/Omni/Cloud/Web.nix +++ b/Omni/Cloud/Web.nix @@ -17,6 +17,8 @@ in { ]; }; + users.users.nginx.extraGroups = ["acme"]; + services = { libreddit = { enable = true; @@ -115,7 +117,6 @@ in { names.bensima = "2fa4b9ba71b6dab17c4723745bb7850dfdafcb6ae1a8642f76f9c64fa5f43436"; } }'"; - # disabled for nixpert test "/" = { root = "/var/web/simatime.com"; extraConfig = '' @@ -133,6 +134,24 @@ in { }; }; + # these are for xmpp, not sure if they are necessary but they seem to be? + "conference.${rootDomain}" = { + forceSSL = true; + useACMEHost = rootDomain; + locations."/" = { + root = "/var/web/simatime.com"; + extraConfig = "autoindex on;"; + }; + }; + "upload.${rootDomain}" = { + forceSSL = true; + useACMEHost = rootDomain; + locations."/" = { + root = "/var/web/simatime.com"; + extraConfig = "autoindex on;"; + }; + }; + "bsima.me" = { locations."/" = { root = "/var/web/ben"; @@ -265,27 +284,28 @@ in { }; }; - # This must contain all of the other domains we host - security.acme.certs.${rootDomain}.extraDomainNames = - ["bsima.me" "www.bsima.me"] - ++ map (sub: "${sub}.${rootDomain}") [ - "music" - "tv" - "matrix" - "chat" - "hoogle" - "dandel-rovbur" - "sabten" - "cal" - "notebook" - "nostr" - "reddit" - "old.reddit" - "www.reddit" - "youtube" - "www.youtube" - "m.youtube" - "sd" - "gerrit" - ]; + security.acme.certs.${rootDomain} = { + group = "nginx"; + # This must contain all of the other domains we host + extraDomainNames = + ["bsima.me" "www.bsima.me"] + ++ map (sub: "${sub}.${rootDomain}") [ + "music" + "tv" + "hoogle" + "dandel-rovbur" + "sabten" + "cal" + "notebook" + "nostr" + "youtube" + "www.youtube" + "m.youtube" + "sd" + "gerrit" + # xmpp stuff + "upload" + "conference" + ]; + }; } |