1 { pkgs, lib, config, ... }:
3 inherit (config) networking;
4 inherit (config.users) users;
5 inherit (config.services) prosody;
8 networking.nftables.ruleset = ''
9 add rule inet filter net2fw tcp dport {5222, 5269} counter accept comment "XMPP"
10 add rule inet filter net2fw tcp dport 5000 counter accept comment "XMPP XEP-0065 File Transfer Proxy"
11 add rule inet filter net2fw tcp dport {${lib.concatMapStringsSep "," toString prosody.httpsPorts}} counter accept comment "XMPP HTTPS"
12 add rule inet filter fw2net meta skuid ${prosody.user} counter accept comment "Prosody"
14 users.groups.acme.members = [ users.prosody.name ];
17 xmppComplianceSuite = true;
24 watchregistrations = true;
31 Component "proxy65.${networking.domain}" "proxy65"
36 c2sRequireEncryption = true;
37 s2sRequireEncryption = true;
40 domain = "tmp.${networking.domain}";
41 # Prosody's HTTP parser limit on body size
42 uploadFileSizeLimit = "10485760";
43 userQuota = 100 * 1024 * 1024;
44 uploadExpireAfter = "60 * 60 * 24 * 7";
47 { domain = "salons.${networking.domain}";
49 restrict_room_creation = "local"
50 max_history_messages = 42
51 muc_room_locking = true
52 muc_room_lock_timeout = 600
54 muc_tombstone_expiry = 31 * 24 * 60 * 60
55 muc_room_default_public = true
56 muc_room_default_members_only = false
57 muc_room_default_moderated = true
58 muc_room_default_public_jids = false
59 muc_room_default_change_subject = true
60 muc_room_default_history_length = 42
61 muc_room_default_language = "fr"
65 virtualHosts."${networking.domain}" = {
67 domain = "${networking.domain}";
68 ssl.key = "/var/lib/acme/${networking.domain}/key.pem";
69 ssl.cert = "/var/lib/acme/${networking.domain}/fullchain.pem";
72 "julm@${networking.domain}"
74 allowRegistration = false;
75 authentication = "internal_hashed";