tweaks

2025-11-04 12:48:38 +00:00 · 2025-11-04 12:48:38 +00:00 · 9f40a68eb4
commit 9f40a68eb4
parent 766f143e51
12 changed files with 222 additions and 215 deletions
--- a/services/prosody.nix
+++ b/services/prosody.nix
@ -1,36 +1,50 @@
 {
  pkgs,
-  lib,
  config,
  ...
 }: {
  age.secrets."bind_pw".file = ../secrets/bind_pw;

-  services.prosody = {
-    package = pkgs.prosody.override {
-      withExtraLuaPackages = pkgs: with pkgs.luaPackages; [lualdap];
-    };
-    enable = true;
-    admins = ["root@distrust.network"];
-    ssl.cert = "/var/lib/acme/distrust.network/fullchain.pem";
-    ssl.key = "/var/lib/acme/distrust.network/key.pem";
-    virtualHosts."distrust.network" = {
-      enabled = true;
-      domain = "distrust.network";
+  services = {
+    prosody = {
+      package = pkgs.prosody.override {
+        withExtraLuaPackages = pkgs: with pkgs.luaPackages; [lualdap];
+      };
+      enable = true;
+      admins = ["root@distrust.network"];
      ssl.cert = "/var/lib/acme/distrust.network/fullchain.pem";
      ssl.key = "/var/lib/acme/distrust.network/key.pem";
+      virtualHosts."distrust.network" = {
+        enabled = true;
+        domain = "distrust.network";
+        ssl.cert = "/var/lib/acme/distrust.network/fullchain.pem";
+        ssl.key = "/var/lib/acme/distrust.network/key.pem";
+      };
+      muc = [{domain = "conference.distrust.network";}];
+      httpFileShare = {
+        domain = "upload.distrust.network";
+        path = "/var/lib/prosody";
+      };
+      extraConfig = ''
+        authentication = "ldap"
+        ldap_base = "ou=people,dc=distrust,dc=network"
+        ldap_server = "localhost:3890"
+        ldap_rootdn = "uid=bind,ou=people,dc=distrust,dc=network"
+        ldap_password = "${builtins.readFile config.age.secrets."bind_pw".path}"
+      '';
    };
-    muc = [{domain = "conference.distrust.network";}];
-    httpFileShare = {
-      domain = "upload.distrust.network";
-      path = "/var/lib/prosody";
-    };
-    extraConfig = ''
-      authentication = "ldap"
-      ldap_base = "ou=people,dc=distrust,dc=network"
-      ldap_server = "localhost:3890"
-      ldap_rootdn = "uid=bind,ou=people,dc=distrust,dc=network"
-      ldap_password = "${builtins.readFile config.age.secrets."bind_pw".path}"
+    caddy.virtualHosts."distrust.network".extraConfig = ''
+      handle /.well-known/* {
+        root * /var/lib/acme/
+        file_server
+      }
+    '';
+
+    caddy.virtualHosts."conference.distrust.network upload.distrust.network".extraConfig = ''
+      handle /.well-known/* {
+        root * /var/lib/acme/
+        file_server
+      }
    '';
  };

@ -63,18 +77,4 @@
    #  after = [ "acme-order-renew-chat.distrust.network.service" ];
    serviceConfig.SupplementaryGroups = ["acme"];
  };
-
-  services.caddy.virtualHosts."distrust.network".extraConfig = ''
-    handle /.well-known/* {
-      root * /var/lib/acme/
-      file_server
-    }
-  '';
-
-  services.caddy.virtualHosts."conference.distrust.network upload.distrust.network".extraConfig = ''
-    handle /.well-known/* {
-      root * /var/lib/acme/
-      file_server
-    }
-  '';
 }