nix-serve: port 5000 -> 5001; prosody: enable proxy65 on port 5000
This commit is contained in:
parent
b8f13cd965
commit
6191542805
|
@ -45,9 +45,6 @@
|
|||
# - ensure muc is working
|
||||
# - enable file uploads
|
||||
# - "upload.xmpp.uninsane.org:http_upload: URL: <https://upload.xmpp.uninsane.org:5281/upload> - Ensure this can be reached by users"
|
||||
# - move proxy65 to own port
|
||||
# - "portmanager: Failed to open server port 5000 on *, this port is in use by another application"
|
||||
# - port 5000 is in use by nix-serve (`sudo lsof -P -i4`)
|
||||
# - disable or fix bosh (jabber over http):
|
||||
# - "certmanager: No certificate/key found for client_https port 0"
|
||||
|
||||
|
@ -61,6 +58,12 @@ in
|
|||
sane.persist.sys.plaintext = [
|
||||
{ user = "prosody"; group = "prosody"; path = "/var/lib/prosody"; }
|
||||
];
|
||||
sane.ports.ports."5000" = {
|
||||
protocol = [ "tcp" ];
|
||||
visibleTo.lan = true;
|
||||
visibleTo.wan = true;
|
||||
description = "colin-xmpp-prosody-fileshare-proxy65";
|
||||
};
|
||||
sane.ports.ports."5222" = {
|
||||
protocol = [ "tcp" ];
|
||||
visibleTo.lan = true;
|
||||
|
@ -207,6 +210,7 @@ in
|
|||
# - private
|
||||
# - XEP-0049: let clients store arbitrary (private) data on the server
|
||||
# - proxy65
|
||||
# - XEP-0065: allow server to proxy file transfers between two clients who are behind NAT
|
||||
# - register
|
||||
# - roster
|
||||
# - saslauth
|
||||
|
@ -217,7 +221,6 @@ in
|
|||
# - vcard_legacy
|
||||
# - version
|
||||
|
||||
modules.proxy65 = false; # TODO: free its port 5000 and then re-enable
|
||||
extraModules = [
|
||||
# admin_shell: allows `prosodyctl shell` to work
|
||||
# see: <https://prosody.im/doc/modules/mod_admin_shell>
|
||||
|
|
|
@ -45,7 +45,7 @@ in
|
|||
# - `nix build ... --substituters http://desko:5000`
|
||||
nix.settings.substituters = mkIf cfg.enable (lib.flatten [
|
||||
(lib.optional cfg.substituters.servo "https://nixcache.uninsane.org")
|
||||
(lib.optional cfg.substituters.desko "http://desko:5000")
|
||||
(lib.optional cfg.substituters.desko "http://desko:${builtins.toString config.sane.service.nixserve.port}")
|
||||
(lib.optional cfg.substituters.nixos "https://cache.nixos.org/")
|
||||
(lib.optional cfg.substituters.cachix "https://nix-community.cachix.org")
|
||||
]);
|
||||
|
|
|
@ -13,6 +13,10 @@ in
|
|||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
sane.services.nixserve.port = mkOption {
|
||||
default = 5001;
|
||||
type = types.port;
|
||||
};
|
||||
sane.services.nixserve.secretKeyFile = mkOption {
|
||||
type = types.path;
|
||||
description = "path to file that contains the nix_serve_privkey secret (should not be in the store)";
|
||||
|
@ -22,8 +26,12 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
inherit (cfg) secretKeyFile;
|
||||
openFirewall = true; # not needed for servo; only desko
|
||||
inherit (cfg) port secretKeyFile;
|
||||
};
|
||||
sane.ports.ports."${builtins.toString cfg.port}" = {
|
||||
visibleTo.lan = true; # not needed for servo; only desko
|
||||
protocol = [ "tcp" ];
|
||||
description = "colin-nix-serve-cache";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user