diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2023-08-13 12:28:13 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2023-08-13 12:28:13 +0200 |
commit | da548bff47254c25329b78899c52b3c84ee9cac9 (patch) | |
tree | 32ca4247498482a637ba21be04dc9f28666da39f /ymir.nix | |
parent | 6fd0d804498c12bbd76ea0c3f05b8732890ddecc (diff) | |
download | nixos-da548bff47254c25329b78899c52b3c84ee9cac9.tar nixos-da548bff47254c25329b78899c52b3c84ee9cac9.tar.gz nixos-da548bff47254c25329b78899c52b3c84ee9cac9.tar.bz2 nixos-da548bff47254c25329b78899c52b3c84ee9cac9.tar.xz nixos-da548bff47254c25329b78899c52b3c84ee9cac9.zip |
...
Diffstat (limited to 'ymir.nix')
-rw-r--r-- | ymir.nix | 30 |
1 files changed, 3 insertions, 27 deletions
@@ -237,8 +237,7 @@ in rec { | |||
237 | }; | 237 | }; |
238 | 238 | ||
239 | users.groups."ssl" = { | 239 | users.groups."ssl" = { |
240 | members = [ "ejabberd" | 240 | members = [ "nginx" |
241 | "nginx" | ||
242 | config.services.postfix.user | 241 | config.services.postfix.user |
243 | "murmur" | 242 | "murmur" |
244 | "infinoted" | 243 | "infinoted" |
@@ -258,27 +257,6 @@ in rec { | |||
258 | ''; | 257 | ''; |
259 | }; | 258 | }; |
260 | 259 | ||
261 | services.ejabberd = { | ||
262 | enable = false; | ||
263 | package = pkgs.ejabberd.override { withPam = true; withTools = true; }; | ||
264 | configFile = ./ymir/ejabberd.yml; | ||
265 | }; | ||
266 | |||
267 | security.pam.services."xmpp".text = '' | ||
268 | auth requisite pam_succeed_if.so user ingroup xmpp | ||
269 | auth required pam_unix.so audit likeauth nullok nodelay | ||
270 | account sufficient pam_unix.so | ||
271 | ''; | ||
272 | users.groups."shadow" = { | ||
273 | members = [ "ejabberd" | ||
274 | ]; | ||
275 | }; | ||
276 | users.groups."xmpp" = {}; | ||
277 | system.activationScripts."shadow-perms" = '' | ||
278 | chown root:shadow /etc/shadow | ||
279 | chmod 0640 /etc/shadow | ||
280 | ''; | ||
281 | |||
282 | services.yggdrasilTinc = { | 260 | services.yggdrasilTinc = { |
283 | enable = true; | 261 | enable = true; |
284 | connect = false; | 262 | connect = false; |
@@ -777,7 +755,7 @@ in rec { | |||
777 | "nights.email" "*.nights.email" | 755 | "nights.email" "*.nights.email" |
778 | ]; | 756 | ]; |
779 | postRun = '' | 757 | postRun = '' |
780 | systemctl try-reload-or-restart nginx.service dovecot2.service postfix.service ejabberd.service vsftpd.service infinoted.service | 758 | systemctl try-reload-or-restart nginx.service dovecot2.service postfix.service vsftpd.service infinoted.service |
781 | ''; | 759 | ''; |
782 | }; | 760 | }; |
783 | }; | 761 | }; |
@@ -944,7 +922,7 @@ in rec { | |||
944 | ''; | 922 | ''; |
945 | 923 | ||
946 | systemd.status-mail = { | 924 | systemd.status-mail = { |
947 | onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "ejabberd" "opendkim" "unbound" "tinc@yggdrasil" "postsrsd" ]; | 925 | onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "opendkim" "unbound" "tinc@yggdrasil" "postsrsd" ]; |
948 | }; | 926 | }; |
949 | 927 | ||
950 | services.vsftpd = { | 928 | services.vsftpd = { |
@@ -1004,8 +982,6 @@ in rec { | |||
1004 | "postfix-512".bits = 512; | 982 | "postfix-512".bits = 512; |
1005 | "postfix-1024".bits = 1024; | 983 | "postfix-1024".bits = 1024; |
1006 | "dovecot2".bits = 2048; | 984 | "dovecot2".bits = 2048; |
1007 | "ejabberd-s2s".bits = 2048; | ||
1008 | "ejabberd-c2s".bits = 2048; | ||
1009 | }; | 985 | }; |
1010 | }; | 986 | }; |
1011 | 987 | ||