aboutsummaryrefslogtreecommitdiffstats
path: root/nix/prosody.nix
blob: c83ea571d33cbf095d1c9fe81cc895199b4fa9af (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
{ lib, config, ... }:

with lib;
let
  cfg = config.services.brook;
in
{
  options.services.brook.prosody = {
    enable = mkEnableOption "brook XMPP chat with prosody";

    port = mkOption {
      type = types.int;
      default = 5281;
      description = ''
        Specify the port that prosody's web server is listening on.
      '';
    };

    guest-domain = mkOption {
      type = types.str;
      description = ''
        The virtualhost prosody uses as an anonymous user scope.
        By default prosody can either run in normal user mode, or in
        anonymous mode.  Becuase the stream chat doesn't require registration,
        this creates a new virtualhost to achieve this.
      '';
    };

    certRoot = mkOption {
      type = types.str;
      description = ''
        Pass in the root path to the certificates that the 
        prosody virtualhost should use.
      '';
    };
  };

  config = mkIf cfg.prosody.enable {
    services.prosody = {
      modules = { bosh = true; websocket = true; };
      
      virtualHosts."${cfg.prosody.guest-domain}" = {
        enabled = true;
        domain = cfg.prosody.guest-domain;
        ssl = {
          cert = "${cfg.prosody.certRoot}/fullchain.pem";
          key = "${cfg.prosody.certRoot}/key.pem";
        };
        extraConfig = ''
          authentication = "anonymous"
          http_host = "${cfg.prosody.guest-domain}"
        '';
      };

      #extraConfig = config.services.prosody.extraConfig + ''
      #  consider_bosh_secure = true
      #'';
      extraConfig = ''
        consider_bosh_secure = true
      '';
    };
  };
}