diff options
author | EuAndreh <eu@euandre.org> | 2020-09-06 08:34:36 -0300 |
---|---|---|
committer | EuAndreh <eu@euandre.org> | 2020-09-06 08:43:08 -0300 |
commit | 4419a3d0758bdd6ee2cda07a4c68da28beb64eaf (patch) | |
tree | e1f2ffd43d49c19add2ad292b5f99999c3e9d61d | |
parent | Add mediator documentation (diff) | |
download | server-4419a3d0758bdd6ee2cda07a4c68da28beb64eaf.tar.gz server-4419a3d0758bdd6ee2cda07a4c68da28beb64eaf.tar.xz |
Use dynamic toggle for prosody
-rwxr-xr-x | nixos-switch.sh | 3 | ||||
-rw-r--r-- | secrets/secret-envrc.sh | bin | 4114 -> 4144 bytes | |||
-rw-r--r-- | vps-configuration.env.nix | 26 |
3 files changed, 15 insertions, 14 deletions
diff --git a/nixos-switch.sh b/nixos-switch.sh index b74b8b5..2c1d10c 100755 --- a/nixos-switch.sh +++ b/nixos-switch.sh @@ -17,8 +17,7 @@ scp bash-profile.sh "${TLD}:.bash_profile" echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S systemctl restart pires-prod.service -# shellcheck disable=2050 -if [[ true = false ]]; then +if [[ "$PROSODY_ENABLE" = true ]]; then echo Ugly hack to change TLS certificates permissions echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S "\ sudo chown -R nginx:prosody /var/lib/acme/; \ diff --git a/secrets/secret-envrc.sh b/secrets/secret-envrc.sh Binary files differindex 7ad34ca..87656dc 100644 --- a/secrets/secret-envrc.sh +++ b/secrets/secret-envrc.sh diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix index e25b63f..d5a7f54 100644 --- a/vps-configuration.env.nix +++ b/vps-configuration.env.nix @@ -37,6 +37,7 @@ let prosodyMUCTLD = "$PROSODY_MUC_TLD"; prosodyPort = "$PROSODY_PORT"; prosodyHTTPPort = "$PROSODY_HTTP_PORT"; + prosodyEnable = $PROSODY_ENABLE; }; staticSiteFromRepo = repoName: pkgs.stdenv.mkDerivation { @@ -100,17 +101,18 @@ in { # HTTP and HTPPS: NGINX 80 443 - - # XMPP: Prosody - # https://prosody.im/doc/ports - 5000 - 5222 - 5269 - 5280 - 5281 - 5347 - 5582 - ]; + ] ++ (if prosodyEnable then + [ + # XMPP: Prosody + # https://prosody.im/doc/ports + 5000 + 5222 + 5269 + 5280 + 5281 + 5347 + 5582 + ] else []); security.acme = { acceptTerms = true; @@ -274,7 +276,7 @@ in { "/var/lib/acme/${envsubstConfiguration.prosodyConverseTLD}/key.pem"; }; in { - enable = false; + enable = prosodyEnable; admins = [ envsubstConfiguration.prosodyAdminUser ]; allowRegistration = false; modules = { websocket = true; }; |