From c032cf8bf7581ad6a1e1fb36c566b4577c8b8809 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 25 Sep 2015 16:15:40 +0200
Subject: first work on prosody on ymir

---
 ymir.nix | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index 34d5122d..3d1d8f9c 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -69,4 +69,33 @@
     enable = true;
   };
 
+  services.prosody = {
+    enable = true;
+    admins = [
+               "gkleen@xmpp.li"
+             ];
+    allowRegistration = false;
+    extraConfig = ''
+      authentication = "pam"
+    '';
+    extraModules = [ "auth_pam"
+                   ];
+
+    virtualHosts.default = {
+      enabled = true;
+      domain = "xmpp.li";
+      ssl = {
+        key = "certs/xmpp.li.key";
+        cert = "certs/xmpp.li.crt";
+      };
+    };
+  };
+  environment.etc."pam.d/xmpp" = {
+    text = ''
+      auth    [success=1 default=ignore]  pam_unix.so obscure sha512 nodelay
+      auth    required                    pam_succeed_if.so user ingroup xmpp
+      auth    requisite                   pam_deny.so
+      auth    required                    pam_permit.so
+    '';
+  };
 }
-- 
cgit v1.2.3