NixOS module of Prosody is missing crucial functionalities, making it unusable

phaeseeKe5Ee · December 21, 2023, 8:39am

I am very new to NixOS, correct me if I am wrong.
I am trying to migrate my prosody server to NixOS, since the previous OS (not linux) I was using was missing some packages that prosody needed for siskin (an iOS client).

While I am translating the prosody.cfg.lua settings into nix, I found that the prosody module is missing crucial functionalities.

The main issue is that I cannot find an option to add muc modules.
According to the documents in Components in Prosody – Prosody IM :

Some modules such as mod_muc_mam enable additional functionality for a Component. These must not be enabled in the global modules_enabled, but rather in a modules_enabled under the Component, like so:
Component "conference.jabber.org" "muc"
modules_enabled = {
   "muc_mam",
}

I need to add a lot of community muc modules here ( namely muc_notifications, muc_mention_notifications, muc_cloud_notify, muc_offline_delivery, muc_local_only, muc_moderation,
) but not globally. Some of them are essentials for iOS clients to work properly in muc (to get notification).

I thought there should be some extraModules option in the nixos module specifically for muc, but seems not.

github.com

NixOS/nixpkgs/blob/d02ffbbe834b5599fc5f134e644e49397eb07188/nixos/modules/services/networking/prosody.nix#L821


      
          https_interfaces = ${toLua cfg.httpsInterfaces}
          
          
http_ports = ${toLua cfg.httpPorts}
          
          
https_ports = ${toLua cfg.httpsPorts}
          
          
${ cfg.extraConfig }
          
          
${lib.concatMapStrings (muc: ''
            Component ${toLua muc.domain} "muc"
                modules_enabled = { "muc_mam"; ${optionalString muc.vcard_muc ''"vcard_muc";'' } }
                name = ${toLua muc.name}
                restrict_room_creation = ${toLua muc.restrictRoomCreation}
                max_history_messages = ${toLua muc.maxHistoryMessages}
                muc_room_locking = ${toLua muc.roomLocking}
                muc_room_lock_timeout = ${toLua muc.roomLockTimeout}
                muc_tombstones = ${toLua muc.tombstones}
                muc_tombstone_expiry = ${toLua muc.tombstoneExpiry}
                muc_room_default_public = ${toLua muc.roomDefaultPublic}
                muc_room_default_members_only = ${toLua muc.roomDefaultMembersOnly}
                muc_room_default_moderated = ${toLua muc.roomDefaultModerated}

There are no options for us to add extra muc modules here.
My main purpose of the server is prosody. Please help!!
Thank you very much!

misuzu · December 21, 2023, 8:54am

You can override the prosody module by copying https://github.com/NixOS/nixpkgs/blob/d02ffbbe834b5599fc5f134e644e49397eb07188/nixos/modules/services/networking/prosody.nix to your configuration and importing it like this:

{
  imports = [ ./prosody.nix ];
  disabledModules = [ "services/networking/prosody.nix" ];
}

Then you should be able to modify the module the way you want. Bonus points if you submit a pull request to nixpkgs with your changes for the benefit of everyone

phaeseeKe5Ee · December 21, 2023, 9:48am

I didn’t know we can do this, I will figure it out after I successfully configure my server!
Thank you very much for your help!

aanderse · December 21, 2023, 12:32pm

i believe this PR adds the missing functionality you require

phaeseeKe5Ee · December 21, 2023, 6:22pm

That is impressive!!!
I am still configuring other related services (coturn, ddclient, acme, nginx, etc) for the past few hours, and discovered that the current prosody nixos module do not have acme options, but your PR seems support it, that is great!
Does it also require some webserver like nginx to renew the certificate?

By the way, I thought the mod_proxy65 has to be enabled by the line Component "proxy.example.com" "proxy65" stated in mod_proxy65 – Prosody IM , but I do not see this in the current prosody nixos module. Is it unnecessary?

aanderse · December 21, 2023, 7:43pm

to use the convenient useACMEHost option it requires you configure a certificate via the very flexible security.acme. options… which include dns challenges or setting up a http server without any hassle

looks like i have a TODO item or two to make proxy65 support really nice… i’ll see if i can include that in the PR, or maybe a future PR after this one is merged
for now it looks like you would do something like this:

{ config, pkgs, lib, ... }: {
  services.prosody.components."proxy.example.com" = {
    type = "proxy65";
    settings = {
      proxy65_address = "ftproxy.example.com";
      proxy65_acl = [ "example.com" "theadmin@anotherdomain.com" "only@fromwork.de/AtWork" ];
    };
  };
  networking.firewall.allowedTCPPorts = [ 5000 ]; # this could be made easier/more automatic, i'll look into that
}

phaeseeKe5Ee · December 22, 2023, 12:39am

Thanks for your advice!
After applying your module from the PR, I can now successfully get my prosody online!!!

By the way, the turn_external_secret = "ENV_TURN_EXTERNAL_SECRET"; in the example is missing a dollar sign before the environment variable.

Thank you so much for the custom prosody module, It works great!

phaeseeKe5Ee · December 24, 2023, 8:10pm

Updates and some thoughts after playing it around:
I want to test out jitsi-meet (never installed it before on other OS) so I switched back to the 23.11 prosody.nix module, which supports a more up-to-date jitsi-meet.nix module.
I found that the 23.11 prosody.nix module can also be configured to most of the way I want, but it heavily rely on the abuse of services.prosody.extraConfig and services.prosody.virtualHosts.<name>.extraConfig, including all the components like muc (question of this question), so that I can manually adding modules_enable = {} for it also in extraConfig.
However the 23.11 prosody.nix lack environmentFile ( prevent showing turnserver secret in nix store) and hardcoded a lot of things such as log = "*syslog", so the module should also be overridden. The re-written prosody.nix module in PR improved it a lot.
After I successfully installed jitsi-meet with 23.11 modules, I will also test installing it with the re-written modules.

aanderse · December 24, 2023, 10:47pm

the jitsi meet module was updated in that PR to account for the changes… bonus points if you can test the changes from that module too

thanks for the feedback

phaeseeKe5Ee · December 26, 2023, 10:31am

When using your custom modules, I encountered this error message.

error: The option `systemd.services.prosody.serviceConfig.EnvironmentFile' has conflicting definition values

The systemd.services.prosody.serviceConfig.EnvironmentFile in jitst-meet.nix is hardcoded, it conflicts with environmentFile if I set it in the custom prosody.nix module.

By the way, I can now get jitsi-meet to work (with prosody.enable, nginx.enable, jicofo.enable, videobridge.enable set to true) only when I disable prosody.nix module…
I am still looking into manual configuration (with the above set to false) to make jitsi-meet work together with my existing prosody configurations, which is a little bit complicated to me.