Skip to content

Commit

Permalink
nixos/prosody: add config check option
Browse files Browse the repository at this point in the history
  • Loading branch information
@SuperSandro2000
SuperSandro2000 committed Dec 5, 2023
1 parent 6281ed9 commit 00fb1d2
Showing 1 changed file with 112 additions and 91 deletions.
203 changes: 112 additions & 91 deletions nixos/modules/services/networking/prosody.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -452,6 +452,98 @@ let
};
};

configFile =
let
httpDiscoItems = optionals (cfg.uploadHttp != null)
[{ url = cfg.uploadHttp.domain; description = "HTTP upload endpoint";}];
mucDiscoItems = builtins.foldl'
(acc: muc: [{ url = muc.domain; description = "${muc.domain} MUC endpoint";}] ++ acc)
[]
cfg.muc;
discoItems = cfg.disco_items ++ httpDiscoItems ++ mucDiscoItems;
in pkgs.writeText "prosody.cfg.lua" ''
pidfile = "/run/prosody/prosody.pid"
log = "*syslog"
data_path = "${cfg.dataDir}"
plugin_paths = {
${lib.concatStringsSep ", " (map (n: "\"${n}\"") cfg.extraPluginPaths)}
}
${optionalString (cfg.ssl != null) (createSSLOptsStr cfg.ssl)}
admins = ${toLua cfg.admins}
modules_enabled = {
${lib.concatStringsSep "\n " (lib.mapAttrsToList
(name: val: optionalString val "${toLua name};")
cfg.modules)}
${lib.concatStringsSep "\n" (map (x: "${toLua x};") cfg.package.communityModules)}
${lib.concatStringsSep "\n" (map (x: "${toLua x};") cfg.extraModules)}
};
disco_items = {
${lib.concatStringsSep "\n" (builtins.map (x: ''{ "${x.url}", "${x.description}"};'') discoItems)}
};
allow_registration = ${toLua cfg.allowRegistration}
c2s_require_encryption = ${toLua cfg.c2sRequireEncryption}
s2s_require_encryption = ${toLua cfg.s2sRequireEncryption}
s2s_secure_auth = ${toLua cfg.s2sSecureAuth}
s2s_insecure_domains = ${toLua cfg.s2sInsecureDomains}
s2s_secure_domains = ${toLua cfg.s2sSecureDomains}
authentication = ${toLua cfg.authentication}
http_interfaces = ${toLua cfg.httpInterfaces}
https_interfaces = ${toLua cfg.httpsInterfaces}
http_ports = ${toLua cfg.httpPorts}
https_ports = ${toLua cfg.httpsPorts}
${cfg.extraConfig}
${lib.concatMapStrings (muc: ''
Component ${toLua muc.domain} "muc"
modules_enabled = { "muc_mam"; ${optionalString muc.vcard_muc ''"vcard_muc";'' } }
name = ${toLua muc.name}
restrict_room_creation = ${toLua muc.restrictRoomCreation}
max_history_messages = ${toLua muc.maxHistoryMessages}
muc_room_locking = ${toLua muc.roomLocking}
muc_room_lock_timeout = ${toLua muc.roomLockTimeout}
muc_tombstones = ${toLua muc.tombstones}
muc_tombstone_expiry = ${toLua muc.tombstoneExpiry}
muc_room_default_public = ${toLua muc.roomDefaultPublic}
muc_room_default_members_only = ${toLua muc.roomDefaultMembersOnly}
muc_room_default_moderated = ${toLua muc.roomDefaultModerated}
muc_room_default_public_jids = ${toLua muc.roomDefaultPublicJids}
muc_room_default_change_subject = ${toLua muc.roomDefaultChangeSubject}
muc_room_default_history_length = ${toLua muc.roomDefaultHistoryLength}
muc_room_default_language = ${toLua muc.roomDefaultLanguage}
${ muc.extraConfig }
'') cfg.muc}
${lib.optionalString (cfg.uploadHttp != null) ''
-- TODO: think about migrating this to mod-http_file_share instead.
Component ${toLua cfg.uploadHttp.domain} "http_upload"
http_upload_file_size_limit = ${cfg.uploadHttp.uploadFileSizeLimit}
http_upload_expire_after = ${cfg.uploadHttp.uploadExpireAfter}
${lib.optionalString (cfg.uploadHttp.userQuota != null) "http_upload_quota = ${toLua cfg.uploadHttp.userQuota}"}
http_upload_path = ${toLua cfg.uploadHttp.httpUploadPath}
''}
${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: ''
VirtualHost "${v.domain}"
enabled = ${boolToString v.enabled};
${optionalString (v.ssl != null) (createSSLOptsStr v.ssl)}
${v.extraConfig }
'') cfg.virtualHosts)}
'';

in

{
Expand All @@ -463,6 +555,15 @@ in
description = lib.mdDoc "Whether to enable the prosody server";
};

checkConfig = mkOption {
type = types.bool;
default = true;
example = false;
description = lib.mdDoc ''
Check the configuration file with `prosodyctl check config`.
'';
};

xmppComplianceSuite = mkOption {
type = types.bool;
default = true;
Expand Down Expand Up @@ -732,97 +833,17 @@ in

environment.systemPackages = [ cfg.package ];

environment.etc."prosody/prosody.cfg.lua".text =
let
httpDiscoItems = optionals (cfg.uploadHttp != null)
[{ url = cfg.uploadHttp.domain; description = "HTTP upload endpoint";}];
mucDiscoItems = builtins.foldl'
(acc: muc: [{ url = muc.domain; description = "${muc.domain} MUC endpoint";}] ++ acc)
[]
cfg.muc;
discoItems = cfg.disco_items ++ httpDiscoItems ++ mucDiscoItems;
in ''
pidfile = "/run/prosody/prosody.pid"
log = "*syslog"
data_path = "${cfg.dataDir}"
plugin_paths = {
${lib.concatStringsSep ", " (map (n: "\"${n}\"") cfg.extraPluginPaths)}
}
${optionalString (cfg.ssl != null) (createSSLOptsStr cfg.ssl)}
admins = ${toLua cfg.admins}
modules_enabled = {
${lib.concatStringsSep "\n " (lib.mapAttrsToList
(name: val: optionalString val "${toLua name};")
cfg.modules)}
${lib.concatStringsSep "\n" (map (x: "${toLua x};") cfg.package.communityModules)}
${lib.concatStringsSep "\n" (map (x: "${toLua x};") cfg.extraModules)}
};
disco_items = {
${lib.concatStringsSep "\n" (builtins.map (x: ''{ "${x.url}", "${x.description}"};'') discoItems)}
};
allow_registration = ${toLua cfg.allowRegistration}
c2s_require_encryption = ${toLua cfg.c2sRequireEncryption}
s2s_require_encryption = ${toLua cfg.s2sRequireEncryption}
s2s_secure_auth = ${toLua cfg.s2sSecureAuth}
s2s_insecure_domains = ${toLua cfg.s2sInsecureDomains}
s2s_secure_domains = ${toLua cfg.s2sSecureDomains}
authentication = ${toLua cfg.authentication}
http_interfaces = ${toLua cfg.httpInterfaces}
https_interfaces = ${toLua cfg.httpsInterfaces}
http_ports = ${toLua cfg.httpPorts}
https_ports = ${toLua cfg.httpsPorts}
${cfg.extraConfig}
${lib.concatMapStrings (muc: ''
Component ${toLua muc.domain} "muc"
modules_enabled = { "muc_mam"; ${optionalString muc.vcard_muc ''"vcard_muc";'' } }
name = ${toLua muc.name}
restrict_room_creation = ${toLua muc.restrictRoomCreation}
max_history_messages = ${toLua muc.maxHistoryMessages}
muc_room_locking = ${toLua muc.roomLocking}
muc_room_lock_timeout = ${toLua muc.roomLockTimeout}
muc_tombstones = ${toLua muc.tombstones}
muc_tombstone_expiry = ${toLua muc.tombstoneExpiry}
muc_room_default_public = ${toLua muc.roomDefaultPublic}
muc_room_default_members_only = ${toLua muc.roomDefaultMembersOnly}
muc_room_default_moderated = ${toLua muc.roomDefaultModerated}
muc_room_default_public_jids = ${toLua muc.roomDefaultPublicJids}
muc_room_default_change_subject = ${toLua muc.roomDefaultChangeSubject}
muc_room_default_history_length = ${toLua muc.roomDefaultHistoryLength}
muc_room_default_language = ${toLua muc.roomDefaultLanguage}
${ muc.extraConfig }
'') cfg.muc}
${lib.optionalString (cfg.uploadHttp != null) ''
-- TODO: think about migrating this to mod-http_file_share instead.
Component ${toLua cfg.uploadHttp.domain} "http_upload"
http_upload_file_size_limit = ${cfg.uploadHttp.uploadFileSizeLimit}
http_upload_expire_after = ${cfg.uploadHttp.uploadExpireAfter}
${lib.optionalString (cfg.uploadHttp.userQuota != null) "http_upload_quota = ${toLua cfg.uploadHttp.userQuota}"}
http_upload_path = ${toLua cfg.uploadHttp.httpUploadPath}
''}
${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: ''
VirtualHost "${v.domain}"
enabled = ${boolToString v.enabled};
${optionalString (v.ssl != null) (createSSLOptsStr v.ssl)}
${v.extraConfig }
'') cfg.virtualHosts)}
'';
environment.etc."prosody/prosody.cfg.lua".source = if cfg.checkConfig then
pkgs.runCommandLocal "prosody.cfg.lua-checked" {
nativeBuildInputs = [ cfg.package ];
} ''
ln -s ${configFile} $out
export NIX_REDIRECTS=/etc/prosody/prosody.cfg.lua=$out \
LD_PRELOAD=${pkgs.libredirect}/lib/libredirect.so
prosodyctl check config
''
else
configFile;

users.users.prosody = mkIf (cfg.user == "prosody") {
uid = config.ids.uids.prosody;
Expand Down

0 comments on commit 00fb1d2

Please sign in to comment.