From 4d0686ce669d61d30828ab0b499962243b797cc6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Thu, 12 Oct 2023 22:40:40 +0200
Subject: [PATCH] jabber: add s2s tls, http_altdirect

---
 hosts/jabber/default.nix | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/hosts/jabber/default.nix b/hosts/jabber/default.nix
index 1d7f9bc1..1dd6f8d1 100644
--- a/hosts/jabber/default.nix
+++ b/hosts/jabber/default.nix
@@ -18,12 +18,13 @@ in
     firewall = {
       allowedTCPPorts = [
         # Prosody
+        80
+        443
         5222
         5223
         5269
-        80
+        5270
         5280
-        443
         5281
         # Coturn
         3478
@@ -103,6 +104,7 @@ in
       modules = {
         # HTTP stuff
         bosh = true;
+        http_altconnect = true;
         http_files = true;
         websocket = true;
 
@@ -110,6 +112,7 @@ in
         announce = true;
         mam = true;
         carbons = true;
+        # File-transfer proxies are an outdated technology
         proxy65 = false;
         server_contact_info = true;
       };
@@ -170,6 +173,7 @@ in
             key = "/var/lib/acme/${domain}/key.pem",
             certificate = "/var/lib/acme/${domain}/fullchain.pem",
           }
+          s2s_direct_tls_ports = { 5270 }
           certificates = "/var/lib/acme"
 
           contact_info = {
@@ -212,13 +216,6 @@ in
               type = "turn";
             };
           };
-
-          -- File-transfer proxies are an outdated technology
-          -- Component "proxy65.${domain}" "proxy65"
-          --   proxy65_address = "proxy.${domain}"
-          --   proxy65_acl = { "${domain}" }
-          --   proxy65_interfaces = { "*", "::" }
-          --   proxy65_ports = { 5000 }
         '';
     };
   };