l 1 prism: start ejabberd & acme

2016-05-20 00:02:29 +02:00 · 2016-05-20 00:02:29 +02:00 · 3c4c71436a
parent ac35c00c04
commit 3c4c71436a
1 changed files with 36 additions and 0 deletions
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@ -2,6 +2,10 @@

 let
  ip = config.krebs.build.host.nets.internet.ip4.addr;
+
+  inherit (import ../../4lib { inherit lib pkgs; })
+    manageCerts;
+
 in {
  imports = [
    ../.
@ -159,6 +163,38 @@ in {
        enable = true;
      };
    }
+    {
+      security.acme = {
+        certs."lassul.us" = {
+          email = "lass@lassul.us";
+          webroot = "/var/lib/acme/challenges/lassul.us";
+          plugins = [
+            "account_key.json"
+            "key.pem"
+            "fullchain.pem"
+            "full.pem"
+          ];
+          user = "ejabberd";
+        };
+      };
+      krebs.nginx.servers."lassul.us" = {
+        server-names = [ "lassul.us" ];
+        locations = [
+          (lib.nameValuePair "/.well-known/acme-challenge" ''
+            root /var/lib/acme/challenges/lassul.us/;
+          '')
+        ];
+      };
+      lass.ejabberd = {
+        enable = true;
+        hosts = [ "lassul.us" ];
+        certfile = "/var/lib/acme/lassul.us/full.pem";
+      };
+      krebs.iptables.tables.filter.INPUT.rules = [
+        { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }
+        { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; }
+      ];
+    }
  ];

  krebs.build.host = config.krebs.hosts.prism;