ejabberd: port config to structured nix attrs
This commit is contained in:
parent
69ab1c1b8f
commit
2f12fd8ae7
|
@ -179,284 +179,285 @@ in
|
||||||
services.ejabberd.enable = true;
|
services.ejabberd.enable = true;
|
||||||
services.ejabberd.configFile = "/var/lib/ejabberd/ejabberd.yaml";
|
services.ejabberd.configFile = "/var/lib/ejabberd/ejabberd.yaml";
|
||||||
systemd.services.ejabberd.preStart = let
|
systemd.services.ejabberd.preStart = let
|
||||||
config-in = pkgs.writeTextFile {
|
config-in = pkgs.writeText "ejabberd.yaml.in" (lib.generators.toYAML {} {
|
||||||
name = "ejabberd.yaml.in";
|
hosts = [ "uninsane.org" ];
|
||||||
text = ''
|
# none | emergency | alert | critical | error | warning | notice | info | debug
|
||||||
hosts:
|
loglevel = "debug";
|
||||||
- uninsane.org
|
acme.auto = false;
|
||||||
|
certfiles = [ "/var/lib/acme/uninsane.org/full.pem" ];
|
||||||
|
# ca_file = "${pkgs.cacert.unbundled}/etc/ssl/certs/";
|
||||||
|
# ca_file = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
|
||||||
# none | emergency | alert | critical | error | warning | notice | info | debug
|
pam_userinfotype = "jid";
|
||||||
loglevel: debug
|
acl = {
|
||||||
# loglevel: info
|
admin.user = [ "colin@uninsane.org" ];
|
||||||
# loglevel: notice
|
local.user_regexp = "";
|
||||||
|
loopback.ip = [ "127.0.0.0/8" "::1/128" ];
|
||||||
|
};
|
||||||
|
|
||||||
acme:
|
access_rules = {
|
||||||
auto: false
|
local.allow = "local";
|
||||||
certfiles:
|
c2s_access.allow = "all";
|
||||||
- /var/lib/acme/uninsane.org/full.pem
|
announce.allow = "admin";
|
||||||
# ca_file: ${pkgs.cacert.unbundled}/etc/ssl/certs/
|
configure.allow = "admin";
|
||||||
# ca_file: ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
|
muc_create.allow = "local";
|
||||||
|
pubsub_createnode_access.allow = "all";
|
||||||
|
trusted_network.allow = "loopback";
|
||||||
|
};
|
||||||
|
|
||||||
pam_userinfotype: jid
|
# docs: <https://docs.ejabberd.im/admin/configuration/basic/#shaper-rules>
|
||||||
|
shaper_rules = {
|
||||||
|
# setting this to above 1 may break outgoing messages
|
||||||
|
# - maybe some servers rate limit? or just don't understand simultaneous connections?
|
||||||
|
max_s2s_connections = 1;
|
||||||
|
max_user_sessions = 10;
|
||||||
|
max_user_offline_messages = 5000;
|
||||||
|
c2s_shaper.fast = "all";
|
||||||
|
s2s_shaper.med = "all";
|
||||||
|
};
|
||||||
|
|
||||||
acl:
|
# docs: <https://docs.ejabberd.im/admin/configuration/basic/#shapers>
|
||||||
admin:
|
# this limits the bytes/sec.
|
||||||
user:
|
# for example, burst: 3_000_000 and rate: 100_000 means:
|
||||||
- "colin@uninsane.org"
|
# - each client has a BW budget that accumulates 100kB/sec and is capped at 3 MB
|
||||||
local:
|
shaper.fast = 1000000;
|
||||||
user_regexp: ""
|
shaper.med = 500000;
|
||||||
loopback:
|
# shaper.fast.rate = 1000000;
|
||||||
ip:
|
# shaper.fast.burst_size = 10000000;
|
||||||
- 127.0.0.0/8
|
# shaper.med.rate = 500000;
|
||||||
- ::1/128
|
# shaper.med.burst_size = 5000000;
|
||||||
|
|
||||||
access_rules:
|
# see: <https://docs.ejabberd.im/admin/configuration/listen/>
|
||||||
local:
|
# s2s_use_starttls = true;
|
||||||
allow: local
|
s2s_use_starttls = "optional";
|
||||||
c2s_access:
|
# lessens 504: remote-server-timeout errors
|
||||||
allow: all
|
# see: <https://github.com/processone/ejabberd/issues/3105#issuecomment-562182967>
|
||||||
announce:
|
negotiation_timeout = 60;
|
||||||
allow: admin
|
|
||||||
configure:
|
|
||||||
allow: admin
|
|
||||||
muc_create:
|
|
||||||
allow: local
|
|
||||||
pubsub_createnode_access:
|
|
||||||
allow: all
|
|
||||||
trusted_network:
|
|
||||||
allow: loopback
|
|
||||||
|
|
||||||
# docs: <https://docs.ejabberd.im/admin/configuration/basic/#shaper-rules>
|
listen = [
|
||||||
shaper_rules:
|
{
|
||||||
# setting this to above 1 may break outgoing messages
|
port = 5222;
|
||||||
# - maybe some servers rate limit? or just don't understand simultaneous connections?
|
module = "ejabberd_c2s";
|
||||||
max_s2s_connections: 1
|
shaper = "c2s_shaper";
|
||||||
max_user_sessions: 10
|
starttls = true;
|
||||||
max_user_offline_messages: 5000
|
access = "c2s_access";
|
||||||
c2s_shaper:
|
}
|
||||||
fast: all
|
{
|
||||||
s2s_shaper:
|
port = 5223;
|
||||||
med: all
|
module = "ejabberd_c2s";
|
||||||
|
shaper = "c2s_shaper";
|
||||||
|
tls = true;
|
||||||
|
access = "c2s_access";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
port = 5269;
|
||||||
|
module = "ejabberd_s2s_in";
|
||||||
|
shaper = "s2s_shaper";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
port = 5270;
|
||||||
|
module = "ejabberd_s2s_in";
|
||||||
|
shaper = "s2s_shaper";
|
||||||
|
tls = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
port = 5443;
|
||||||
|
module = "ejabberd_http";
|
||||||
|
tls = true;
|
||||||
|
request_handlers = {
|
||||||
|
"/admin" = "ejabberd_web_admin"; # TODO: ensure this actually works
|
||||||
|
"/api" = "mod_http_api"; # ejabberd API endpoint (to control server)
|
||||||
|
"/bosh" = "mod_bosh";
|
||||||
|
"/upload" = "mod_http_upload";
|
||||||
|
"/ws" = "ejabberd_http_ws";
|
||||||
|
# "/.well-known/host-meta" = "mod_host_meta";
|
||||||
|
# "/.well-known/host-meta.json" = "mod_host_meta";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# STUN+TURN TCP
|
||||||
|
# note that the full port range should be forwarded ("not NAT'd")
|
||||||
|
# `use_turn=true` enables both TURN *and* STUN
|
||||||
|
port = 3478;
|
||||||
|
module = "ejabberd_stun";
|
||||||
|
transport = "tcp";
|
||||||
|
use_turn = true;
|
||||||
|
turn_min_port = turnPortLow;
|
||||||
|
turn_max_port = turnPortHigh;
|
||||||
|
turn_ipv4_address = "%ANATIVE%";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# STUN+TURN UDP
|
||||||
|
port = 3478;
|
||||||
|
module = "ejabberd_stun";
|
||||||
|
transport = "udp";
|
||||||
|
use_turn = true;
|
||||||
|
turn_min_port = turnPortLow;
|
||||||
|
turn_max_port = turnPortHigh;
|
||||||
|
turn_ipv4_address = "%ANATIVE%";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# STUN+TURN TLS over TCP
|
||||||
|
port = 5349;
|
||||||
|
module = "ejabberd_stun";
|
||||||
|
transport = "tcp";
|
||||||
|
tls = true;
|
||||||
|
certfile = "/var/lib/acme/uninsane.org/full.pem";
|
||||||
|
use_turn = true;
|
||||||
|
turn_min_port = turnPortLow;
|
||||||
|
turn_max_port = turnPortHigh;
|
||||||
|
turn_ipv4_address = "%ANATIVE%";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
# docs: <https://docs.ejabberd.im/admin/configuration/basic/#shapers>
|
# TODO: enable mod_fail2ban
|
||||||
# this limits the bytes/sec.
|
# TODO(low): look into mod_http_fileserver for serving macros?
|
||||||
# for example, burst: 3_000_000 and rate: 100_000 means:
|
modules = {
|
||||||
# - each client has a BW budget that accumulates 100kB/sec and is capped at 3 MB
|
# mod_adhoc = {};
|
||||||
shaper:
|
# mod_announce = {
|
||||||
fast: 1000000
|
# access = "admin";
|
||||||
med: 500000
|
# };
|
||||||
# fast:
|
# allows users to set avatars in vCard
|
||||||
# - rate: 1000000
|
# - <https://docs.ejabberd.im/admin/configuration/modules/#mod-avatar>
|
||||||
# - burst_size: 10000000
|
mod_avatar = {};
|
||||||
# med:
|
mod_caps = {}; # for mod_pubsub
|
||||||
# - rate: 500000
|
mod_carboncopy = {}; # allows multiple clients to receive a user's message
|
||||||
# - burst_size: 5000000
|
# queues messages when recipient is offline, including PEP and presence messages.
|
||||||
|
# compliance test suggests this be enabled
|
||||||
|
mod_client_state = {};
|
||||||
|
|
||||||
# see: <https://docs.ejabberd.im/admin/configuration/listen/>
|
# mod_conversejs: TODO: enable once on 21.12
|
||||||
# s2s_use_starttls: true
|
# allows clients like Dino to discover where to upload files
|
||||||
s2s_use_starttls: optional
|
mod_disco.server_info = [
|
||||||
# lessens 504: remote-server-timeout errors
|
{
|
||||||
# see: <https://github.com/processone/ejabberd/issues/3105#issuecomment-562182967>
|
modules = "all";
|
||||||
negotiation_timeout: 60
|
name = "abuse-addresses";
|
||||||
|
urls = [
|
||||||
listen:
|
"mailto:admin.xmpp@uninsane.org"
|
||||||
-
|
"xmpp:colin@uninsane.org"
|
||||||
port: 5222
|
];
|
||||||
module: ejabberd_c2s
|
}
|
||||||
shaper: c2s_shaper
|
{
|
||||||
starttls: true
|
modules = "all";
|
||||||
access: c2s_access
|
name = "admin-addresses";
|
||||||
-
|
urls = [
|
||||||
port: 5223
|
"mailto:admin.xmpp@uninsane.org"
|
||||||
module: ejabberd_c2s
|
"xmpp:colin@uninsane.org"
|
||||||
shaper: c2s_shaper
|
];
|
||||||
tls: true
|
}
|
||||||
access: c2s_access
|
];
|
||||||
-
|
mod_http_upload = {
|
||||||
port: 5269
|
host = "upload.xmpp.uninsane.org";
|
||||||
module: ejabberd_s2s_in
|
hosts = [ "upload.xmpp.uninsane.org" ];
|
||||||
shaper: s2s_shaper
|
put_url = "https://@HOST@:5443/upload";
|
||||||
-
|
dir_mode = "0750";
|
||||||
port: 5270
|
file_mode = "0750";
|
||||||
module: ejabberd_s2s_in
|
rm_on_unregister = false;
|
||||||
shaper: s2s_shaper
|
};
|
||||||
tls: true
|
# allow discoverability of BOSH and websocket endpoints
|
||||||
-
|
# TODO: enable once on ejabberd 22.05 (presently 21.04)
|
||||||
port: 5443
|
# mod_host_meta = {};
|
||||||
module: ejabberd_http
|
mod_jidprep = {}; # probably not needed: lets clients normalize jids
|
||||||
tls: true
|
mod_last = {}; # allow other users to know when i was last online
|
||||||
request_handlers:
|
mod_mam = {
|
||||||
/admin: ejabberd_web_admin # TODO: ensure this actually works
|
# Mnesia is limited to 2GB, better to use an SQL backend
|
||||||
/api: mod_http_api # ejabberd API endpoint (to control server)
|
# For small servers SQLite is a good fit and is very easy
|
||||||
/bosh: mod_bosh
|
# to configure. Uncomment this when you have SQL configured:
|
||||||
/upload: mod_http_upload
|
# db_type: sql
|
||||||
/ws: ejabberd_http_ws
|
assume_mam_usage = true;
|
||||||
# /.well-known/host-meta: mod_host_meta
|
default = "always";
|
||||||
# /.well-known/host-meta.json: mod_host_meta
|
};
|
||||||
-
|
mod_muc = {
|
||||||
# STUN+TURN TCP
|
access = [ "allow" ];
|
||||||
# note that the full port range should be forwarded ("not NAT'd")
|
access_admin = { allow = "admin"; };
|
||||||
# `use_turn=true` enables both TURN *and* STUN
|
access_create = "muc_create";
|
||||||
port: 3478
|
access_persistent = "muc_create";
|
||||||
module: ejabberd_stun
|
access_mam = [ "allow" ];
|
||||||
transport: tcp
|
history_size = 100; # messages to show new participants
|
||||||
use_turn: true
|
host = "muc.xmpp.uninsane.org";
|
||||||
turn_min_port: ${builtins.toString turnPortLow}
|
hosts = [ "muc.xmpp.uninsane.org" ];
|
||||||
turn_max_port: ${builtins.toString turnPortHigh}
|
default_room_options = {
|
||||||
turn_ipv4_address: %ANATIVE%
|
anonymous = false;
|
||||||
-
|
lang = "en";
|
||||||
# STUN+TURN UDP
|
persistent = true;
|
||||||
port: 3478
|
mam = true;
|
||||||
module: ejabberd_stun
|
};
|
||||||
transport: udp
|
};
|
||||||
use_turn: true
|
mod_muc_admin = {};
|
||||||
turn_min_port: ${builtins.toString turnPortLow}
|
mod_offline = {
|
||||||
turn_max_port: ${builtins.toString turnPortHigh}
|
# store messages for a user when they're offline (TODO: understand multi-client workflow?)
|
||||||
turn_ipv4_address: %ANATIVE%
|
access_max_user_messages = "max_user_offline_messages";
|
||||||
-
|
store_groupchat = true;
|
||||||
# STUN+TURN TLS over TCP
|
};
|
||||||
port: 5349
|
mod_ping = {};
|
||||||
module: ejabberd_stun
|
mod_privacy = {}; # deprecated, but required for `ejabberctl export_piefxis`
|
||||||
transport: tcp
|
mod_private = {}; # allow local clients to persist arbitrary data on my server
|
||||||
tls: true
|
# push notifications to services integrated with e.g. Apple/Android.
|
||||||
certfile: /var/lib/acme/uninsane.org/full.pem
|
# default is for a maximum amount of PII to be withheld, since these push notifs
|
||||||
use_turn: true
|
# generally traverse 3rd party services. can opt to include message body, etc, though.
|
||||||
turn_min_port: ${builtins.toString turnPortLow}
|
mod_push = {};
|
||||||
turn_max_port: ${builtins.toString turnPortHigh}
|
# i don't fully understand what this does, but it seems aimed at making push notifs more reliable.
|
||||||
turn_ipv4_address: %ANATIVE%
|
mod_push_keepalive = {};
|
||||||
|
mod_roster = {
|
||||||
# TODO: enable mod_fail2ban
|
versioning = true;
|
||||||
# TODO(low): look into mod_http_fileserver for serving macros?
|
};
|
||||||
modules:
|
# docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-s2s-dialback>
|
||||||
# mod_adhoc: {}
|
# s2s dialback to verify inbound messages
|
||||||
# mod_announce:
|
# unclear to what degree the XMPP network requires this
|
||||||
# access: admin
|
mod_s2s_dialback = {};
|
||||||
# allows users to set avatars in vCard
|
mod_shared_roster = {}; # creates groups for @all, @online, and anything manually administered?
|
||||||
# - <https://docs.ejabberd.im/admin/configuration/modules/#mod-avatar>
|
mod_stream_mgmt = {
|
||||||
mod_avatar: {}
|
# resend undelivered messages if the origin client is offline
|
||||||
mod_caps: {} # for mod_pubsub
|
resend_on_timeout = "if_offline";
|
||||||
mod_carboncopy: {} # allows multiple clients to receive a user's message
|
};
|
||||||
# queues messages when recipient is offline, including PEP and presence messages.
|
# fallback for when DNS-based STUN discovery is unsupported.
|
||||||
# compliance test suggests this be enabled
|
# - see: <https://xmpp.org/extensions/xep-0215.html>
|
||||||
mod_client_state: {}
|
# docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-stun-disco>
|
||||||
# mod_conversejs: TODO: enable once on 21.12
|
# people say to just keep this defaulted (i guess ejabberd knows to return its `host` option of uninsane.org?)
|
||||||
# allows clients like Dino to discover where to upload files
|
mod_stun_disco = {};
|
||||||
mod_disco:
|
# docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-vcard>
|
||||||
server_info:
|
mod_vcard = {
|
||||||
-
|
allow_return_all = true; # all users are discoverable (?)
|
||||||
modules: all
|
host = "vjid.xmpp.uninsane.org";
|
||||||
name: abuse-addresses
|
hosts = [ "vjid.xmpp.uninsane.org" ];
|
||||||
urls:
|
search = true;
|
||||||
- "mailto:admin.xmpp@uninsane.org"
|
};
|
||||||
- "xmpp:colin@uninsane.org"
|
mod_vcard_xupdate = {}; # needed for avatars
|
||||||
-
|
# docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-pubsub>
|
||||||
modules: all
|
mod_pubsub = {
|
||||||
name: admin-addresses
|
#^ needed for avatars
|
||||||
urls:
|
access_createnode = "pubsub_createnode_access";
|
||||||
- "mailto:admin.xmpp@uninsane.org"
|
host = "pubsub.xmpp.uninsane.org";
|
||||||
- "xmpp:colin@uninsane.org"
|
hosts = [ "pubsub.xmpp.uninsane.org" ];
|
||||||
mod_http_upload:
|
ignore_pep_from_offline = false;
|
||||||
host: upload.xmpp.uninsane.org
|
last_item_cache = true;
|
||||||
hosts:
|
plugins = [
|
||||||
- upload.xmpp.uninsane.org
|
"pep"
|
||||||
put_url: "https://@HOST@:5443/upload"
|
"flat"
|
||||||
dir_mode: "0750"
|
];
|
||||||
file_mode: "0750"
|
force_node_config = {
|
||||||
rm_on_unregister: false
|
# ensure client bookmarks are private
|
||||||
# allow discoverability of BOSH and websocket endpoints
|
"storage:bookmarks:" = {
|
||||||
# TODO: enable once on ejabberd 22.05 (presently 21.04)
|
"access_model" = "whitelist";
|
||||||
# mod_host_meta: {}
|
};
|
||||||
mod_jidprep: {} # probably not needed: lets clients normalize jids
|
"urn:xmpp:avatar:data" = {
|
||||||
mod_last: {} # allow other users to know when i was last online
|
"access_model" = "open";
|
||||||
mod_mam:
|
};
|
||||||
# Mnesia is limited to 2GB, better to use an SQL backend
|
"urn:xmpp:avatar:metadata" = {
|
||||||
# For small servers SQLite is a good fit and is very easy
|
"access_model" = "open";
|
||||||
# to configure. Uncomment this when you have SQL configured:
|
};
|
||||||
# db_type: sql
|
};
|
||||||
assume_mam_usage: true
|
};
|
||||||
default: always
|
mod_version = {};
|
||||||
mod_muc:
|
};
|
||||||
access:
|
});
|
||||||
- allow
|
|
||||||
access_admin:
|
|
||||||
- allow: admin
|
|
||||||
access_create: muc_create
|
|
||||||
access_persistent: muc_create
|
|
||||||
access_mam:
|
|
||||||
- allow
|
|
||||||
history_size: 100 # messages to show new participants
|
|
||||||
host: muc.xmpp.uninsane.org
|
|
||||||
hosts:
|
|
||||||
- muc.xmpp.uninsane.org
|
|
||||||
default_room_options:
|
|
||||||
anonymous: false
|
|
||||||
lang: en
|
|
||||||
persistent: true
|
|
||||||
mam: true
|
|
||||||
mod_muc_admin: {}
|
|
||||||
mod_offline: # store messages for a user when they're offline (TODO: understand multi-client workflow?)
|
|
||||||
access_max_user_messages: max_user_offline_messages
|
|
||||||
store_groupchat: true
|
|
||||||
mod_ping: {}
|
|
||||||
mod_privacy: {} # deprecated, but required for `ejabberctl export_piefxis`
|
|
||||||
mod_private: {} # allow local clients to persist arbitrary data on my server
|
|
||||||
# push notifications to services integrated with e.g. Apple/Android.
|
|
||||||
# default is for a maximum amount of PII to be withheld, since these push notifs
|
|
||||||
# generally traverse 3rd party services. can opt to include message body, etc, though.
|
|
||||||
mod_push: {}
|
|
||||||
# i don't fully understand what this does, but it seems aimed at making push notifs more reliable.
|
|
||||||
mod_push_keepalive: {}
|
|
||||||
mod_roster:
|
|
||||||
versioning: true
|
|
||||||
# docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-s2s-dialback>
|
|
||||||
# s2s dialback to verify inbound messages
|
|
||||||
# unclear to what degree the XMPP network requires this
|
|
||||||
mod_s2s_dialback: {}
|
|
||||||
mod_shared_roster: {} # creates groups for @all, @online, and anything manually administered?
|
|
||||||
mod_stream_mgmt:
|
|
||||||
resend_on_timeout: if_offline # resend undelivered messages if the origin client is offline
|
|
||||||
# fallback for when DNS-based STUN discovery is unsupported.
|
|
||||||
# - see: <https://xmpp.org/extensions/xep-0215.html>
|
|
||||||
# docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-stun-disco>
|
|
||||||
# people say to just keep this defaulted (i guess ejabberd knows to return its `host` option of uninsane.org?)
|
|
||||||
mod_stun_disco: {}
|
|
||||||
# docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-vcard>
|
|
||||||
mod_vcard:
|
|
||||||
allow_return_all: true # all users are discoverable (?)
|
|
||||||
host: vjid.xmpp.uninsane.org
|
|
||||||
hosts:
|
|
||||||
- vjid.xmpp.uninsane.org
|
|
||||||
search: true
|
|
||||||
mod_vcard_xupdate: {} # needed for avatars
|
|
||||||
# docs: <https://docs.ejabberd.im/admin/configuration/modules/#mod-pubsub>
|
|
||||||
mod_pubsub: # needed for avatars
|
|
||||||
access_createnode: pubsub_createnode_access
|
|
||||||
host: pubsub.xmpp.uninsane.org
|
|
||||||
hosts:
|
|
||||||
- pubsub.xmpp.uninsane.org
|
|
||||||
ignore_pep_from_offline: false
|
|
||||||
last_item_cache: true
|
|
||||||
plugins:
|
|
||||||
- pep
|
|
||||||
- flat
|
|
||||||
force_node_config:
|
|
||||||
# ensure client bookmarks are private
|
|
||||||
storage:bookmarks:
|
|
||||||
access_model: whitelist
|
|
||||||
urn:xmpp:avatar:data:
|
|
||||||
access_model: open
|
|
||||||
urn:xmpp:avatar:metadata:
|
|
||||||
access_model: open
|
|
||||||
mod_version: {}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
sed = "${pkgs.gnused}/bin/sed";
|
sed = "${pkgs.gnused}/bin/sed";
|
||||||
in ''
|
in ''
|
||||||
ip=$(cat '${config.sane.services.dyn-dns.ipPath}')
|
ip=$(cat '${config.sane.services.dyn-dns.ipPath}')
|
||||||
# config is 444 (not 644), so we want to write out-of-place and then atomically move
|
# config is 444 (not 644), so we want to write out-of-place and then atomically move
|
||||||
# TODO: factor this out into `sane-woop` helper?
|
# TODO: factor this out into `sane-woop` helper?
|
||||||
rm -f /var/lib/ejabberd/ejabberd.yaml.new
|
rm -f /var/lib/ejabberd/ejabberd.yaml.new
|
||||||
${sed} "s/%ANATIVE%/$ip/" ${config-in} > /var/lib/ejabberd/ejabberd.yaml.new
|
${sed} "s/%ANATIVE%/$ip/g" ${config-in} > /var/lib/ejabberd/ejabberd.yaml.new
|
||||||
mv /var/lib/ejabberd/ejabberd.yaml{.new,}
|
mv /var/lib/ejabberd/ejabberd.yaml{.new,}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user