]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/prosody/biboumi.nix
mermet: wg-intra: enable courge
[sourcephile-nix.git] / hosts / mermet / prosody / biboumi.nix
1 { config, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.services) biboumi;
5 inherit (config.users) users groups;
6 in
7 {
8 networking.nftables.ruleset = ''
9 table inet filter {
10 chain input-net {
11 tcp dport ${toString biboumi.settings.identd_port} counter accept comment "biboumi: identd"
12 }
13 chain output-net {
14 skuid ${users.biboumi.name} meta l4proto tcp counter accept comment "biboumi"
15 }
16 }
17 '';
18 users.users."biboumi".isSystemUser = true;
19 users.users."biboumi".group = groups."biboumi".name;
20 users.groups."biboumi" = { };
21 systemd.services.biboumi.after = [ "prosody.service" ];
22 services.biboumi = {
23 enable = true;
24 settings = {
25 hostname = "biboumi.${networking.domain}";
26 password = "useless-secret-on-loopback";
27 xmpp_server_ip = "127.0.0.1";
28 port = 5347;
29 admin = [
30 "julm@${networking.domain}"
31 ];
32 #fixed_irc_server = "";
33 persistent_by_default = true;
34 realname_customization = true;
35 realname_from_jid = false;
36 log_level = 1;
37 };
38 };
39 }