From c26cf3f0dfa9df08201f344f625257daf7cb3a9c Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Sun, 16 Aug 2020 18:21:03 -0300 Subject: Checkpoint: Working Prosody server Use NGINX to create TLS certificate and then share it with prosody. --- vps-configuration.env.nix | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) (limited to 'vps-configuration.env.nix') diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix index d72d7f8..dad3a9c 100644 --- a/vps-configuration.env.nix +++ b/vps-configuration.env.nix @@ -22,7 +22,7 @@ let prosodyAdminUser = "$PROSODY_ADMIN_USER"; prosodyMUCTLD = "$PROSODY_MUC_TLD"; prosodyHTTPUploadTLD = "$PROSODY_HTTP_UPLOAD_TLD"; - prosodyPort = "$PROSODY_PORT"; + prosodyHTTPPort = "$PROSODY_HTTP_PORT"; }; boneco = pkgs.stdenv.mkDerivation { name = "boneco"; @@ -73,17 +73,6 @@ in { security.acme = { acceptTerms = true; email = envsubstConfiguration.letsencryptEmail; - certs = { - "${envsubstConfiguration.prosodyTLD}" = { - webroot = "/var/lib/acme/.challenges"; - user = "prosody"; - group = "prosody"; - extraDomains = { - "${envsubstConfiguration.prosodyMUCTLD}" = null; - "${envsubstConfiguration.prosodyHTTPUploadTLD}" = null; - }; - }; - }; }; services = { @@ -117,11 +106,13 @@ in { root = boneco; }; "${envsubstConfiguration.prosodyTLD}" = { + forceSSL = true; + enableACME = true; locations = { - "/.well-known/acme-challenge" = { - root = "/var/lib/acme/.challenges"; + "/" = { + proxyPass = + "http://localhost:${envsubstConfiguration.prosodyHTTPPort}/"; }; - "/" = { return = "301 https://${DOLLAR}host${DOLLAR}request_uri"; }; }; }; }; @@ -165,6 +156,10 @@ in { enable = true; admins = [ envsubstConfiguration.prosodyAdminUser ]; allowRegistration = true; + package = pkgs.prosody.override { + withCommunityModules = [ "http_upload" "conversejs" "bookmarks" ]; + }; + extraModules = [ "http_upload" "conversejs" "bookmarks" ]; ssl = { cert = fullchainPEM; key = keyPEM; -- cgit v1.2.3