{ config, pkgs, ... }: let prosodyModules = pkgs.callPackage (import ./custom/prosody-modules.nix) { modules = [ "mod_auth_pam" ]; }; in { imports = [ ./ymir-hw.nix ./custom/zsh.nix ./users.nix ]; boot.loader.grub = { enable = true; version = 2; device = "/dev/vda"; }; environment.systemPackages = with pkgs; [ git mosh rsync tmux zsh ]; networking = { hostName = "ymir"; hostId = "1c5c994e"; firewall = { enable = true; allowPing = true; allowedTCPPorts = [ 22 5222 5269 ]; allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh ]; }; enableIPv6 = true; defaultGateway6 = "fe80::1"; interfaces."enp0s3" = { ipv6Address = "2a03:4000:6:d004::"; ipv6PrefixLength = 64; }; }; users.extraUsers.root = let template = (import users/gkleen.nix); in { inherit (template) shell; openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles; }; services.ntp = { enable = false; }; # List services that you want to enable: services.openssh = { enable = true; }; services.fcron = { enable = true; systab = '' %weekly * * nix-collect-garbage --delete-older-than '7d' ''; }; services.chrony = { enable = true; }; services.prosody = { enable = true; admins = [ "gkleen@xmpp.li" ]; allowRegistration = false; # extraConfig = '' # plugin_paths = { "${prosodyModules}" } # authentication = "pam" # ''; # extraModules = [ "auth_pam" # ]; virtualHosts.default = { enabled = true; domain = "xmpp.li"; ssl = { key = "certs/xmpp.li.key"; cert = "certs/xmpp.li.crt"; }; }; }; security.pam.services."xmpp".text = '' auth [success=1 default=ignore] pam_unix.so obscure sha512 nodelay auth required pam_succeed_if.so user ingroup xmpp auth requisite pam_deny.so auth required pam_permit.so ''; }