diff options
author | Alyssa Ross <hi@alyssa.is> | 2023-12-07 14:04:09 +0100 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2023-12-07 14:04:09 +0100 |
commit | 190fd93d11701ad81af757be6260df9635bdb41a (patch) | |
tree | aa1ee74a2f4ef2d13030fba9d255e6a528161475 /modules | |
parent | ec26f0f0f055a34992f5a9a3884f0a10a6c3e6d7 (diff) | |
download | nixlib-190fd93d11701ad81af757be6260df9635bdb41a.tar nixlib-190fd93d11701ad81af757be6260df9635bdb41a.tar.gz nixlib-190fd93d11701ad81af757be6260df9635bdb41a.tar.bz2 nixlib-190fd93d11701ad81af757be6260df9635bdb41a.tar.lz nixlib-190fd93d11701ad81af757be6260df9635bdb41a.tar.xz nixlib-190fd93d11701ad81af757be6260df9635bdb41a.tar.zst nixlib-190fd93d11701ad81af757be6260df9635bdb41a.zip |
modules/soju: init
Diffstat (limited to 'modules')
-rw-r--r-- | modules/server/irc/default.nix | 2 | ||||
-rw-r--r-- | modules/server/irc/soju/default.nix | 47 |
2 files changed, 48 insertions, 1 deletions
diff --git a/modules/server/irc/default.nix b/modules/server/irc/default.nix index a0f390c685f6..81a039ae420b 100644 --- a/modules/server/irc/default.nix +++ b/modules/server/irc/default.nix @@ -1,5 +1,5 @@ { ... }: { - imports = [ ./znc ]; + imports = [ ./soju ./znc ]; } diff --git a/modules/server/irc/soju/default.nix b/modules/server/irc/soju/default.nix new file mode 100644 index 000000000000..8e8a1dce502b --- /dev/null +++ b/modules/server/irc/soju/default.nix @@ -0,0 +1,47 @@ +{ config, lib, ... }: + +{ + networking.firewall.allowedTCPPorts = [ 6698 ]; + + services.postgresql.enable = true; + services.postgresql.ensureDatabases = [ "soju" ]; + services.postgresql.ensureUsers = [ + { + name = "soju"; + ensureDBOwnership = true; + } + ]; + + services.soju.enable = true; + services.soju.hostName = "${config.networking.hostName}.${config.networking.domain}"; + services.soju.extraConfig = '' + db postgres "dbname=soju host=/run/postgresql sslmode=disable" + message-store db + ''; + services.soju.listen = [ + "unix:///run/soju/soju.sock" + "unix+admin://" + ]; + + services.nginx.streamConfig = '' + server { + listen [::]:6698 ssl ipv6only=off; + ssl_certificate /var/lib/acme/${config.networking.domain}/fullchain.pem; + ssl_certificate_key /var/lib/acme/${config.networking.domain}/key.pem; + proxy_pass unix:/run/soju/soju.sock; + } + ''; + + systemd.services.soju.serviceConfig.DynamicUser = lib.mkForce false; + systemd.services.soju.serviceConfig.Group = "soju"; + systemd.services.soju.serviceConfig.RuntimeDirectory = "soju"; + systemd.services.soju.serviceConfig.UMask = "0007"; + systemd.services.soju.serviceConfig.User = "soju"; + + users.users.nginx.extraGroups = [ "soju" ]; + users.users.soju = { + isNormalUser = true; + group = "soju"; + }; + users.groups.soju = {}; +} |