]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/prosody/biboumi.nix
carotte: use passwordFile for unattended decryption
[sourcephile-nix.git] / hosts / mermet / prosody / biboumi.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.services) biboumi;
5 inherit (config.users) users groups;
6 in
7 {
8 networking.nftables.ruleset = ''
9 add rule inet filter net2fw tcp dport ${toString biboumi.settings.identd_port} counter accept comment "identd"
10 add rule inet filter fw2net meta skuid ${users.biboumi.name} meta l4proto tcp counter accept comment "Biboumi"
11 '';
12 users.users."biboumi".isSystemUser = true;
13 users.users."biboumi".group = groups."biboumi".name;
14 users.groups."biboumi" = {};
15 systemd.services.biboumi.after = ["prosody.service"];
16 services.biboumi = {
17 enable = true;
18 settings = {
19 hostname = "biboumi.${networking.domain}";
20 password = "useless-secret-on-loopback";
21 xmpp_server_ip = "127.0.0.1";
22 port = 5347;
23 admin = [
24 "julm@${networking.domain}"
25 ];
26 #fixed_irc_server = "";
27 persistent_by_default = true;
28 realname_customization = true;
29 realname_from_jid = false;
30 log_level = 1;
31 };
32 };
33 }