1 files changed, 29 insertions, 0 deletions
diff --git a/ymir.nix b/ymir.nix
index 34d5122d..3d1d8f9c 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -69,4 +69,33 @@
    enable = true;
  };
+  services.prosody = {
+    enable = true;
+    admins = [
+               "gkleen@xmpp.li"
+             ];
+    allowRegistration = false;
+    extraConfig = ''
+      authentication = "pam"
+    '';
+    extraModules = [ "auth_pam"
+                   ];
+    virtualHosts.default = {
+      enabled = true;
+      domain = "xmpp.li";
+      ssl = {
+        key = "certs/xmpp.li.key";
+        cert = "certs/xmpp.li.crt";
+      };
+    };
+  };
+  environment.etc."pam.d/xmpp" = {
+    text = ''
+      auth    [success=1 default=ignore]  pam_unix.so obscure sha512 nodelay
+      auth    required                    pam_succeed_if.so user ingroup xmpp
+      auth    requisite                   pam_deny.so
+      auth    required                    pam_permit.so
+    '';
+  };
 }

diff --git a/ymir.nix b/ymir.nix index 34d5122d..3d1d8f9c 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -69,4 +69,33 @@
69	enable = true;	69	enable = true;
70	};	70	};
71		71
		72	services.prosody = {
		73	enable = true;
		74	admins = [
		75	"gkleen@xmpp.li"
		76	];
		77	allowRegistration = false;
		78	extraConfig = ''
		79	authentication = "pam"
		80	'';
		81	extraModules = [ "auth_pam"
		82	];
		83
		84	virtualHosts.default = {
		85	enabled = true;
		86	domain = "xmpp.li";
		87	ssl = {
		88	key = "certs/xmpp.li.key";
		89	cert = "certs/xmpp.li.crt";
		90	};
		91	};
		92	};
		93	environment.etc."pam.d/xmpp" = {
		94	text = ''
		95	auth [success=1 default=ignore] pam_unix.so obscure sha512 nodelay
		96	auth required pam_succeed_if.so user ingroup xmpp
		97	auth requisite pam_deny.so
		98	auth required pam_permit.so
		99	'';
		100	};
72	}	101	}