Add prosody

2025-01-23 23:38:04 +02:00 · 2025-01-23 23:38:04 +02:00 · 1c6c446cd2
commit 1c6c446cd2
parent c58a1ff77a
3 changed files with 72 additions and 12 deletions
--- a/caddy/default.nix
+++ b/caddy/default.nix
@ -58,18 +58,6 @@ in
    '';

    virtualHosts = {
-      # üü.ee
-      "xn--tdaa.ee".extraConfig = ''
-        tls {
-          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
-          resolvers 1.1.1.1
-        }
-
-        root * ${inputs.xn--tdaa-website}
-        file_server browse {
-          hide .git
-        }
-      '';
      "kaya.ee".extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
--- a/services/default.nix
+++ b/services/default.nix
@ -23,5 +23,6 @@
    ./rr.nix
    ./plex.nix
    ./komga.nix
+    ./prosody.nix
  ];
 }
--- a/services/prosody.nix
+++ b/services/prosody.nix
@ -0,0 +1,71 @@
+{ config, ... }: {
+  services = {
+    prosody = {
+      enable = true;
+      xmppComplianceSuite = false;
+      admins = [ "kaya@üü.ee" ];
+      ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";
+      ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";
+      virtualHosts = {
+        "üü.ee" = {
+          enabled = true;
+          domain = "üü.ee";
+          ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";
+          ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";
+        };
+
+        "xn--tdaa.ee" = {
+          enabled = true;
+          domain = "xn--tdaa.ee";
+          ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";
+          ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";
+        };
+      };
+
+      muc = [{
+        domain = "conference.üü.ee";
+      }];
+      uploadHttp = {
+        domain = "upload.üü.ee";
+      };
+
+      httpFileShare.domain = "share.üü.ee";
+    };
+
+    # üü.ee
+    caddy.virtualHosts."üü.ee" = {
+      useACMEHost = "xn--tdaa.ee";
+      extraConfig = ''
+        reverse_proxy :${toString (builtins.elemAt config.services.prosody.httpPorts 0)} {
+          header_up Host "(.*).xn--tdaa.ee" "$1.üü.ee"
+        }
+      '';
+
+      serverAliases = [
+        "conference.üü.ee"
+        "upload.üü.ee"
+        "share.üü.ee"
+      ];
+    };
+  };
+
+  users.users.caddy.extraGroups = [
+    "prosody" # Caddy needs access to the certs
+  ];
+
+  networking.firewall.allowedTCPPorts = [
+    5222 # c2s?
+    5269 # s2s
+  ];
+
+  security.acme.certs."xn--tdaa.ee" = {
+    dnsProvider = "cloudflare";
+    group = "prosody";
+    extraDomainNames = [
+      "conference.xn--tdaa.ee"
+      "upload.xn--tdaa.ee"
+      "share.xn--tdaa.ee"
+    ];
+    environmentFile = "/etc/secrets/acme.env";
+  };
+}