diff options
Diffstat (limited to 'vps-configuration.env.nix')
| -rw-r--r-- | vps-configuration.env.nix | 95 |
1 files changed, 92 insertions, 3 deletions
diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix index 9013fb8..831a714 100644 --- a/vps-configuration.env.nix +++ b/vps-configuration.env.nix @@ -5,6 +5,7 @@ let TLD = "$TLD"; nextcloudTLD = "$NEXTCLOUD_TLD"; gitTLD = "$GIT_TLD"; + prosodyTLD = "$PROSODY_TLD"; bonecoTLD = "$BONECO_TLD"; letsencryptEmail = "$LETSENCRYPT_EMAIL"; authorizedKey = "$AUTHORIZED_KEY"; @@ -18,7 +19,18 @@ let gitRoot = "$GIT_ROOT"; gitPort = "$GIT_PORT"; systemStateVersion = "$SYSTEM_STATE_VERSION"; - songbooksDocumentationTLD = "$SONGBOOKS_DOCUMENTATION_TLD"; + prosodyAdminUser = "$PROSODY_ADMIN_USER"; + prosodyMUCTLD = "$PROSODY_MUC_TLD"; + prosodyPort = "$PROSODY_PORT"; + prosodyHTTPPort = "$PROSODY_HTTP_PORT"; + matterbridgeTelegramToken = "$MATTERBRIDGE_TELEGRAM_TOKEN"; + matterbridgeTelegramChannel = "$MATTERBRIDGE_TELEGRAM_CHANNEL"; + matterbridgeBotJID = "$MATTERBRIDGE_BOT_JID"; + matterbridgeBotPassword = "$MATTERBRIDGE_BOT_PASSWORD"; + matterbridgeBotNick = "$MATTERBRIDGE_BOT_NICK"; + matterbridgeMUCServer = "$MATTERBRIDGE_MUC_SERVER"; + matterbridgeXMPPServer = "$MATTERBRIDGE_XMPP_SERVER"; + matterbridgeXMPPChannel = "$MATTERBRIDGE_XMPP_CHANNEL"; }; boneco = pkgs.stdenv.mkDerivation { name = "boneco"; @@ -54,6 +66,16 @@ in { # HTTP and HTPPS: NGINX 80 443 + + # XMPP: Prosody + # https://prosody.im/doc/ports + 5000 + 5222 + 5269 + 5280 + 5281 + 5347 + 5582 ]; security.acme = { @@ -91,10 +113,16 @@ in { enableACME = true; root = boneco; }; - "${envsubstConfiguration.songbooksDocumentationTLD}" = { + "${envsubstConfiguration.prosodyTLD}" = { forceSSL = true; enableACME = true; - root = "/home/${envsubstConfiguration.userName}/songbooks/"; + serverAliases = [ envsubstConfiguration.prosodyMUCTLD ]; + locations = { + "/" = { + proxyPass = + "http://localhost:${envsubstConfiguration.prosodyHTTPPort}/"; + }; + }; }; }; }; @@ -129,6 +157,67 @@ in { }; }; + prosody = let + fullchainPEM = + "/var/lib/acme/${envsubstConfiguration.prosodyTLD}/fullchain.pem"; + keyPEM = "/var/lib/acme/${envsubstConfiguration.prosodyTLD}/key.pem"; + in { + enable = true; + admins = [ envsubstConfiguration.prosodyAdminUser ]; + allowRegistration = false; + modules = { websocket = true; }; + package = pkgs.prosody.override { + withCommunityModules = [ "http_upload" "conversejs" "bookmarks" ]; + }; + extraModules = [ "http_upload" "conversejs" "bookmarks" ]; + ssl = { + cert = fullchainPEM; + key = keyPEM; + }; + virtualHosts = { + "${envsubstConfiguration.prosodyTLD}" = { + enabled = true; + domain = "${envsubstConfiguration.prosodyTLD}"; + ssl = { + cert = fullchainPEM; + key = keyPEM; + }; + }; + }; + # muc = [{ + # domain = envsubstConfiguration.prosodyMUCTLD; + # }]; + }; + + matterbridge = { + enable = true; + configFile = '' + [telegram.mytelegram] + Token="${envsubstConfiguration.matterbridgeTelegramToken}" + RemoteNickFormat="[{PROTOCOL}] <{NICK}>" + + [xmpp.myxmpp] + Server="${envsubstConfiguration.matterbridgeXMPPServer}" + Jid="${envsubstConfiguration.matterbridgeBotJID}" + Password="${envsubstConfiguration.matterbridgeBotPassword}" + Muc="${envsubstConfiguration.matterbridgeMUCServer}" + Nick="${envsubstConfiguration.matterbridgeBotNick}" + RemoteNickFormat="[{PROTOCOL}] <{NICK}>" + + [[gateway]] + name="gateway1" + enable=true + + [[gateway.inout]] + account="telegram.mytelegram" + channel="${envsubstConfiguration.matterbridgeTelegramChannel}" + + [[gateway.inout]] + account="xmpp.myxmpp" + channel="${envsubstConfiguration.matterbridgeXMPPChannel}" + ''; + }; + lighttpd = { enable = true; port = pkgs.lib.toInt envsubstConfiguration.gitPort; |