diff options
| author | EuAndreh <eu@euandre.org> | 2020-08-16 18:21:03 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2020-08-16 19:07:25 -0300 |
| commit | c26cf3f0dfa9df08201f344f625257daf7cb3a9c (patch) | |
| tree | 9a29c1a3f34461052fe386d647f743b5fdf66548 /vps-configuration.env.nix | |
| parent | Use NGINX to handle the creation of certificates for prosody (diff) | |
| download | server-c26cf3f0dfa9df08201f344f625257daf7cb3a9c.tar.gz server-c26cf3f0dfa9df08201f344f625257daf7cb3a9c.tar.xz | |
Checkpoint: Working Prosody server
Use NGINX to create TLS certificate and then share it with prosody.
Diffstat (limited to 'vps-configuration.env.nix')
| -rw-r--r-- | vps-configuration.env.nix | 25 |
1 files changed, 10 insertions, 15 deletions
diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix index d72d7f8..dad3a9c 100644 --- a/vps-configuration.env.nix +++ b/vps-configuration.env.nix @@ -22,7 +22,7 @@ let prosodyAdminUser = "$PROSODY_ADMIN_USER"; prosodyMUCTLD = "$PROSODY_MUC_TLD"; prosodyHTTPUploadTLD = "$PROSODY_HTTP_UPLOAD_TLD"; - prosodyPort = "$PROSODY_PORT"; + prosodyHTTPPort = "$PROSODY_HTTP_PORT"; }; boneco = pkgs.stdenv.mkDerivation { name = "boneco"; @@ -73,17 +73,6 @@ in { security.acme = { acceptTerms = true; email = envsubstConfiguration.letsencryptEmail; - certs = { - "${envsubstConfiguration.prosodyTLD}" = { - webroot = "/var/lib/acme/.challenges"; - user = "prosody"; - group = "prosody"; - extraDomains = { - "${envsubstConfiguration.prosodyMUCTLD}" = null; - "${envsubstConfiguration.prosodyHTTPUploadTLD}" = null; - }; - }; - }; }; services = { @@ -117,11 +106,13 @@ in { root = boneco; }; "${envsubstConfiguration.prosodyTLD}" = { + forceSSL = true; + enableACME = true; locations = { - "/.well-known/acme-challenge" = { - root = "/var/lib/acme/.challenges"; + "/" = { + proxyPass = + "http://localhost:${envsubstConfiguration.prosodyHTTPPort}/"; }; - "/" = { return = "301 https://${DOLLAR}host${DOLLAR}request_uri"; }; }; }; }; @@ -165,6 +156,10 @@ in { enable = true; admins = [ envsubstConfiguration.prosodyAdminUser ]; allowRegistration = true; + package = pkgs.prosody.override { + withCommunityModules = [ "http_upload" "conversejs" "bookmarks" ]; + }; + extraModules = [ "http_upload" "conversejs" "bookmarks" ]; ssl = { cert = fullchainPEM; key = keyPEM; |