69 lines
1.6 KiB
Nix
69 lines
1.6 KiB
Nix
{ config, ... }: {
|
|
services = {
|
|
prosody = {
|
|
enable = true;
|
|
xmppComplianceSuite = false;
|
|
admins = [ "kaya@üü.ee" ];
|
|
ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";
|
|
ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";
|
|
virtualHosts = {
|
|
"üü.ee" = {
|
|
enabled = true;
|
|
domain = "üü.ee";
|
|
ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";
|
|
ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";
|
|
};
|
|
|
|
"xn--tdaa.ee" = {
|
|
enabled = true;
|
|
domain = "xn--tdaa.ee";
|
|
ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";
|
|
ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";
|
|
};
|
|
};
|
|
|
|
muc = [{
|
|
domain = "conference.üü.ee";
|
|
}];
|
|
uploadHttp = {
|
|
domain = "upload.üü.ee";
|
|
};
|
|
|
|
httpFileShare.domain = "share.üü.ee";
|
|
};
|
|
|
|
# üü.ee
|
|
caddy.virtualHosts."üü.ee" = {
|
|
useACMEHost = "xn--tdaa.ee";
|
|
extraConfig = ''
|
|
reverse_proxy :${toString (builtins.elemAt config.services.prosody.httpPorts 0)}
|
|
'';
|
|
|
|
serverAliases = [
|
|
"conference.üü.ee"
|
|
"upload.üü.ee"
|
|
"share.üü.ee"
|
|
];
|
|
};
|
|
};
|
|
|
|
users.users.caddy.extraGroups = [
|
|
"prosody" # Caddy needs access to the certs
|
|
];
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
5222 # c2s?
|
|
5269 # s2s
|
|
];
|
|
|
|
security.acme.certs."xn--tdaa.ee" = {
|
|
dnsProvider = "cloudflare";
|
|
group = "prosody";
|
|
extraDomainNames = [
|
|
"conference.xn--tdaa.ee"
|
|
"upload.xn--tdaa.ee"
|
|
"share.xn--tdaa.ee"
|
|
];
|
|
environmentFile = "/etc/secrets/acme.env";
|
|
};
|
|
}
|