1 files changed, 1 insertions, 172 deletions
diff --git a/Biz/Nixpert.nix b/Biz/Nixpert.nix
index d009182..d6d6d4f 100644
--- a/Biz/Nixpert.nix
+++ b/Biz/Nixpert.nix
@@ -1,7 +1,5 @@
 { config, pkgs, ... }:
-#
-# xmpp chat service
-#
+
 let
   salespage = pkgs.runCommand "salespage" {} ''
     mkdir -p $out
@@ -14,113 +12,7 @@ let
       ${./Nixpert.md} \
       > $out/index.html
   '';
-  ssl = {
-    cert = "/var/lib/acme/simatime.com/fullchain.pem";
-    key = "/var/lib/acme/simatime.com/key.pem";
-  };
 in {
-  networking.firewall.allowedTCPPorts = [
-    # https://prosody.im/doc/ports
-    5000  # file transfer
-    5222  # client connections
-    5269  # server-to-server
-    5280  # http
-    5281  # https
-    5347  # external components
-    5582  # telnet console
-  ];
-
-  services.prosody = {
-    enable = true;
-    package = pkgs.prosody.override {
-      withCommunityModules = [
-        "conversejs"
-      ];
-    };
-    # when i learn how to use security.acme better, and use separate certs, then i
-    # can fix this group
-    group = "nginx";
-    admins = [ "bsima@simatime.com" ];
-    allowRegistration = true;
-    inherit ssl;
-    uploadHttp = {
-      domain = "upload.simatime.com";
-      uploadExpireAfter = toString (60*60*24*30); # 30 days, as seconds
-    };
-    modules = {
-      announce = true;
-      bosh = true;
-      groups = true;
-      motd = true;
-      register = true;
-      server_contact_info = true;
-      vcard = true;
-      watchregistrations = true;
-      websocket = true;
-      welcome = true;
-    };
-    extraConfig = ''
-      conversejs_options = {
-        allow_registration = true;
-        --- authentication = "internal_plain";
-        bosh_service_url = "https://simatime.com/http-bind";
-        debug = true;
-        loglevel = "debug";
-        -- default_domain = "simatime.com";
-        -- domain_placeholder = "simatime.com";
-        -- jid = "simatime.com";
-        -- keepalive = true;
-        -- registration_domain = "simatime.com";
-        websocket_url = "wss://simatime.com/xmpp-websocket";
-      }
-
-      cross_domain_websocket = { "https://simatime.com", "https://anon.simatime.com" }
-      cross_domain_bosh = false; -- handle this with nginx
-      consider_bosh_secure = true;
-
-      -- this is a virtualhost that allows anonymous authentication. use this
-      -- for the sales lobby. the nix module doesn't support 'authentication'
-      -- so i have to do this here.
-      VirtualHost "anon.simatime.com"
-        authentication = "anonymous"
-        ssl = {
-          cafile = "/etc/ssl/certs/ca-bundle.crt";
-          key = "/var/lib/acme/simatime.com/key.pem";
-          certificate = "/var/lib/acme/simatime.com/fullchain.pem";
-        };
-    '';
-    muc = [
-      {
-        domain = "conference.simatime.com";
-        maxHistoryMessages = 10000;
-        name = "Chat Rooms";
-        restrictRoomCreation = "admin";
-        roomDefaultHistoryLength = 20;
-        roomDefaultMembersOnly = true;
-        roomDefaultModerated = true;
-        roomDefaultPublic = false;
-      }
-    ];
-    virtualHosts = {
-      "simatime.com" = {
-        domain = "simatime.com";
-        enabled = true;
-        inherit ssl;
-      };
-    };
-  };
-
-  services.nginx.virtualHosts."simatime.com".locations."/http-bind" = {
-    proxyPass = "https://simatime.com:5281/http-bind";
-    extraConfig = ''
-      proxy_set_header Host $host;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_buffering off;
-      add_header Access-Control-Allow-Origin "*";
-    '';
-  };
-
   services.nginx.virtualHosts."nixpert.chat" = {
     forceSSL = true;
     enableACME = true;
@@ -131,67 +23,4 @@ in {
       '';
     };
   };
-
-  services.nginx.virtualHosts."simatime.com".locations."/xmpp-websocket" = {
-    proxyPass = "https://simatime.com:5281/xmpp-websocket";
-    extraConfig = ''
-      proxy_http_version 1.1;
-      proxy_buffering off;
-      proxy_set_header Host $host;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection "upgrade";
-      proxy_read_timeout 86400;
-      add_header Access-Control-Allow-Origin "*";
-    '';
-  };
-
-  services.nginx.virtualHosts."simatime.com".locations."/chat" = {
-    proxyPass = "https://simatime.com:5281/conversejs";
-    extraConfig = ''
-      add_header Access-Control-Allow-Origin "*";
-    '';
-  };
-
-  services.nginx.virtualHosts."anon.simatime.com" = {
-    useACMEHost = "simatime.com";
-    forceSSL = true;
-    locations = {
-      "/http-bind" = {
-        proxyPass = "https://anon.simatime.com:5281/http-bind";
-        extraConfig = ''
-          proxy_set_header Host $host;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Forwarded-Proto $scheme;
-          proxy_buffering off;
-          if ($request_method ~* "(GET|POST)") {
-            add_header Access-Control-Allow-Origin "*";
-          }
-          if ($request_method = OPTIONS) {
-            add_header Access-Control-Allow-Origin  "*";
-            add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, HEAD";
-            add_header Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept";
-            return 200;
-          }
-        '';
-      };
-    };
-  };
-
-  users.users.nginx.extraGroups = [ "prosody" ];
-
-  security.acme.certs.${config.networking.domain}.extraDomainNames = [
-    "upload.simatime.com" "conference.simatime.com" "simatime.com" "anon.simatime.com"
-  ];
-
-  #security.acme.certs.prosody = {
-  #  domain = "${domain}";
-  #  group = "prosody";
-  #  dnsProvider = "rfc2136";
-  #  #credentialsFile = config.secrets.files.dns_creds.path;
-  #  postRun = "systemctl restart prosody";
-  #  extraDomainNames = [
-  #    domain
-  #    "upload.${domain}"
-  #  ];
-  #};
 }