server.nix/services/prosody.nix

{ config, ... }: {
  services = {
    prosody = {
      enable = true;
      xmppComplianceSuite = false;
      admins = [ "kaya@üü.ee" ];
      ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";
      ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";
      virtualHosts = {
        "üü.ee" = {
          enabled = true;
          domain = "üü.ee";
          ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";
          ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";
        };

        "xn--tdaa.ee" = {
          enabled = true;
          domain = "xn--tdaa.ee";
          ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";
          ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";
        };
      };

      muc = [{
        domain = "conference.üü.ee";
      }];
      uploadHttp = {
        domain = "upload.üü.ee";
      };

      httpFileShare.domain = "share.üü.ee";
    };

    # üü.ee
    caddy.virtualHosts."üü.ee" = {
      useACMEHost = "xn--tdaa.ee";
      extraConfig = ''
        reverse_proxy :${toString (builtins.elemAt config.services.prosody.httpPorts 0)}
      '';

      serverAliases = [
        "conference.üü.ee"
        "upload.üü.ee"
        "share.üü.ee"
      ];
    };
  };

  users.users.caddy.extraGroups = [
    "prosody" # Caddy needs access to the certs
  ];

  networking.firewall.allowedTCPPorts = [
    5222 # c2s?
    5269 # s2s
  ];

  security.acme.certs."xn--tdaa.ee" = {
    dnsProvider = "cloudflare";
    group = "prosody";
    extraDomainNames = [
      "conference.xn--tdaa.ee"
      "upload.xn--tdaa.ee"
      "share.xn--tdaa.ee"
    ];
    environmentFile = "/etc/secrets/acme.env";
  };
}
Add prosody 2025-01-23 23:38:04 +02:00			`{ config, ... }: {`
			`services = {`
			`prosody = {`
			`enable = true;`
			`xmppComplianceSuite = false;`
			`admins = [ "kaya@üü.ee" ];`
			`ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";`
			`ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";`
			`virtualHosts = {`
			`"üü.ee" = {`
			`enabled = true;`
			`domain = "üü.ee";`
			`ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";`
			`ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";`
			`};`

			`"xn--tdaa.ee" = {`
			`enabled = true;`
			`domain = "xn--tdaa.ee";`
			`ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";`
			`ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";`
			`};`
			`};`

			`muc = [{`
			`domain = "conference.üü.ee";`
			`}];`
			`uploadHttp = {`
			`domain = "upload.üü.ee";`
			`};`

			`httpFileShare.domain = "share.üü.ee";`
			`};`

			`# üü.ee`
			`caddy.virtualHosts."üü.ee" = {`
			`useACMEHost = "xn--tdaa.ee";`
			`extraConfig = ''`
Clean up, remove epicgames-freegames-node, move scrutiny to its own file 2025-01-24 19:18:20 +02:00			`reverse_proxy :${toString (builtins.elemAt config.services.prosody.httpPorts 0)}`
Add prosody 2025-01-23 23:38:04 +02:00			`'';`

			`serverAliases = [`
			`"conference.üü.ee"`
			`"upload.üü.ee"`
			`"share.üü.ee"`
			`];`
			`};`
			`};`

			`users.users.caddy.extraGroups = [`
			`"prosody" # Caddy needs access to the certs`
			`];`

			`networking.firewall.allowedTCPPorts = [`
			`5222 # c2s?`
			`5269 # s2s`
			`];`

			`security.acme.certs."xn--tdaa.ee" = {`
			`dnsProvider = "cloudflare";`
			`group = "prosody";`
			`extraDomainNames = [`
			`"conference.xn--tdaa.ee"`
			`"upload.xn--tdaa.ee"`
			`"share.xn--tdaa.ee"`
			`];`
			`environmentFile = "/etc/secrets/acme.env";`
			`};`
			`}`