diff options
| author | EuAndreh <eu@euandre.org> | 2020-08-23 21:27:02 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2020-08-23 21:27:02 -0300 |
| commit | d733066fc6cc09f10c6c456bf2d3e1705c40307d (patch) | |
| tree | 9f6b83485d14a7906e6cffe8177293412de9021f /vps-configuration.env.nix | |
| parent | Chage DNS record of prosody (diff) | |
| download | server-d733066fc6cc09f10c6c456bf2d3e1705c40307d.tar.gz server-d733066fc6cc09f10c6c456bf2d3e1705c40307d.tar.xz | |
WIP Fix Converse.js setup
Diffstat (limited to 'vps-configuration.env.nix')
| -rw-r--r-- | vps-configuration.env.nix | 41 |
1 files changed, 31 insertions, 10 deletions
diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix index 1ef5eb2..4a4e743 100644 --- a/vps-configuration.env.nix +++ b/vps-configuration.env.nix @@ -24,6 +24,7 @@ let gitPort = "$GIT_PORT"; gitRoot = "$GIT_ROOT"; systemStateVersion = "$SYSTEM_STATE_VERSION"; + prosodyConverseTLD = "$PROSODY_CONVERSE_TLD"; prosodyAdminUser = "$PROSODY_ADMIN_USER"; prosodyMUCTLD = "$PROSODY_MUC_TLD"; prosodyPort = "$PROSODY_PORT"; @@ -143,15 +144,24 @@ in { root ${envsubstConfiguration.staticRoot}/songbooks/; ''; }; + # Generate and maintain TLS certificate with NGINX + # to be used by Prosody "${envsubstConfiguration.prosodyTLD}" = { forceSSL = true; enableACME = true; + }; + "${envsubstConfiguration.prosodyConverseTLD}" = { + forceSSL = true; + enableACME = true; extraConfig = '' location = /favicon.ico { alias ${envsubstConfiguration.dataRoot}/favicons/conversejs.ico; } + location = / { + return 301 conversejs; + } location / { - proxy_pass http://localhost:${envsubstConfiguration.prosodyHTTPPort}/conversejs; + proxy_pass http://localhost:${envsubstConfiguration.prosodyHTTPPort}/; } ''; }; @@ -189,9 +199,16 @@ in { }; prosody = let - fullchainPEM = - "/var/lib/acme/${envsubstConfiguration.prosodyTLD}/fullchain.pem"; - keyPEM = "/var/lib/acme/${envsubstConfiguration.prosodyTLD}/key.pem"; + XMPP = { + fullchainPEM = + "/var/lib/acme/${envsubstConfiguration.prosodyTLD}/fullchain.pem"; + keyPEM = "/var/lib/acme/${envsubstConfiguration.prosodyTLD}/key.pem"; + }; + ConverseJS = { + fullchainPEM = + "/var/lib/acme/${envsubstConfiguration.prosodyConverseTLD}/fullchain.pem"; + keyPEM = "/var/lib/acme/${envsubstConfiguration.prosodyConverseTLD}/key.pem"; + }; in { enable = true; admins = [ envsubstConfiguration.prosodyAdminUser ]; @@ -201,17 +218,21 @@ in { withCommunityModules = [ "http_upload" "conversejs" "bookmarks" ]; }; extraModules = [ "http_upload" "conversejs" "bookmarks" ]; - ssl = { - cert = fullchainPEM; - key = keyPEM; - }; virtualHosts = { "${envsubstConfiguration.prosodyTLD}" = { enabled = true; domain = "${envsubstConfiguration.prosodyTLD}"; ssl = { - cert = fullchainPEM; - key = keyPEM; + cert = XMPP.fullchainPEM; + key = XMPP.keyPEM; + }; + }; + "${envsubstConfiguration.prosodyConverseTLD}" = { + enabled = true; + domain = "${envsubstConfiguration.prosodyConverseTLD}"; + ssl = { + cert = ConverseJS.fullchainPEM; + key = ConverseJS.keyPEM; }; }; }; |