tv ejabberd: add option certFile
This commit is contained in:
tv
parent
45a0cb01d3
commit
1c71216a05
|
|
@ -18,7 +18,7 @@ fi
|
|||
retiolum_secret=$(nixos-query $system_name tv.retiolum.privateKeyFile)
|
||||
retiolum_uid=$(nixos-query $system_name users.extraUsers.retiolum-tinc.uid)
|
||||
|
||||
ejabberd_secret=/etc/ejabberd/ejabberd.pem
|
||||
ejabberd_secret=$(nixos-query $system_name services.ejabberd-cd.certFile)
|
||||
ejabberd_uid=$(nixos-query $system_name users.extraUsers.ejabberd.uid)
|
||||
|
||||
rsync -cz --chown=0:0 -vr "$secrets_rsync/" "$target:/"
|
||||
|
|
|
|||
|
|
@ -9,7 +9,8 @@ let
|
|||
|
||||
cfg = config.services.ejabberd-cd;
|
||||
|
||||
|
||||
# XXX this is a placeholder that happens to work the default strings.
|
||||
toErlang = builtins.toJSON;
|
||||
|
||||
in
|
||||
|
||||
|
|
@ -26,6 +27,16 @@ in
|
|||
description = "Whether to enable ejabberd server";
|
||||
};
|
||||
|
||||
certFile = mkOption {
|
||||
# TODO if it's types.path then it gets copied to /nix/store with
|
||||
# bad unsafe permissions...
|
||||
type = types.string;
|
||||
default = "/etc/ejabberd/ejabberd.pem";
|
||||
description = ''
|
||||
TODO
|
||||
'';
|
||||
};
|
||||
|
||||
config = mkOption {
|
||||
type = types.string;
|
||||
default = "";
|
||||
|
|
@ -221,7 +232,7 @@ in
|
|||
%% file and uncomment this line:
|
||||
%%
|
||||
starttls,
|
||||
{certfile, "/etc/ejabberd/ejabberd.pem"},
|
||||
{certfile, ${toErlang cfg.certFile}},
|
||||
|
||||
{access, c2s},
|
||||
{shaper, c2s_shaper},
|
||||
|
|
@ -274,7 +285,7 @@ in
|
|||
%%
|
||||
%% s2s_certfile: Specify a certificate file.
|
||||
%%
|
||||
{s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
|
||||
{s2s_certfile, ${toErlang cfg.certFile}}.
|
||||
|
||||
%%
|
||||
%% domain_certfile: Specify a different certificate for each served hostname.
|
||||
|
|
|
|||
Loading…
Reference in a new issue