diff options
| -rwxr-xr-x | nixos-switch.sh | 3 | ||||
| -rw-r--r-- | secrets/secret-envrc.sh | bin | 4114 -> 4144 bytes | |||
| -rw-r--r-- | vps-configuration.env.nix | 26 |
3 files changed, 15 insertions, 14 deletions
diff --git a/nixos-switch.sh b/nixos-switch.sh index b74b8b5..2c1d10c 100755 --- a/nixos-switch.sh +++ b/nixos-switch.sh @@ -17,8 +17,7 @@ scp bash-profile.sh "${TLD}:.bash_profile" echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S systemctl restart pires-prod.service -# shellcheck disable=2050 -if [[ true = false ]]; then +if [[ "$PROSODY_ENABLE" = true ]]; then echo Ugly hack to change TLS certificates permissions echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S "\ sudo chown -R nginx:prosody /var/lib/acme/; \ diff --git a/secrets/secret-envrc.sh b/secrets/secret-envrc.sh Binary files differindex 7ad34ca..87656dc 100644 --- a/secrets/secret-envrc.sh +++ b/secrets/secret-envrc.sh diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix index e25b63f..d5a7f54 100644 --- a/vps-configuration.env.nix +++ b/vps-configuration.env.nix @@ -37,6 +37,7 @@ let prosodyMUCTLD = "$PROSODY_MUC_TLD"; prosodyPort = "$PROSODY_PORT"; prosodyHTTPPort = "$PROSODY_HTTP_PORT"; + prosodyEnable = $PROSODY_ENABLE; }; staticSiteFromRepo = repoName: pkgs.stdenv.mkDerivation { @@ -100,17 +101,18 @@ in { # HTTP and HTPPS: NGINX 80 443 - - # XMPP: Prosody - # https://prosody.im/doc/ports - 5000 - 5222 - 5269 - 5280 - 5281 - 5347 - 5582 - ]; + ] ++ (if prosodyEnable then + [ + # XMPP: Prosody + # https://prosody.im/doc/ports + 5000 + 5222 + 5269 + 5280 + 5281 + 5347 + 5582 + ] else []); security.acme = { acceptTerms = true; @@ -274,7 +276,7 @@ in { "/var/lib/acme/${envsubstConfiguration.prosodyConverseTLD}/key.pem"; }; in { - enable = false; + enable = prosodyEnable; admins = [ envsubstConfiguration.prosodyAdminUser ]; allowRegistration = false; modules = { websocket = true; }; |