Home

dotnix @main - refs - log -
- 
https://git.jolheiser.com/dotnix.git
My nix dotfiles
tree log patch
feat: soju Signed-off-by: jolheiser <git@jolheiser.com>
Signature
-----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgBTEvCQk6VqUAdN2RuH6bj1dNkY oOpbPWj+jw4ua1B1cAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQG5nTAkV7MW++cX3SC6yZeBD3Fc/O6Lhspt5k1duaqatEj5pGpi3rPtFFpUt+k+Hl6 /qbaikCtcTvnLrweYVRwM= -----END SSH SIGNATURE-----
jolheiser <git@jolheiser.com>
4 months ago
3 changed files, 36 additions(+), 2 deletions(-)
M machines/dragonwell/caddy.nix -> machines/dragonwell/caddy.nix
diff --git a/machines/dragonwell/caddy.nix b/machines/dragonwell/caddy.nix
index a5868fb6c57427b1245389a3313e5a16d43c4508..45ab0f0996b8124f3e24d61caa18192936ee0fe4 100644
--- a/machines/dragonwell/caddy.nix
+++ b/machines/dragonwell/caddy.nix
@@ -70,6 +70,9 @@       '';
       "recipes.jolheiser.com".extraConfig = ''
         reverse_proxy localhost:3663
       '';
+      "irc.jolheiser.com".extraConfig = ''
+        reverse_proxy localhost:7658
+      '';
     };
   };
 }
M machines/dragonwell/default.nix -> machines/dragonwell/default.nix
diff --git a/machines/dragonwell/default.nix b/machines/dragonwell/default.nix
index f83dbeb59e019c8997a0c6e315b26a94df5b53ac..7c738a490fb3df6f30c409265b4d539870cc5994 100644
--- a/machines/dragonwell/default.nix
+++ b/machines/dragonwell/default.nix
@@ -2,7 +2,7 @@ let
   username = "jolheiser";
   key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser'';
 in {
-  imports = [./caddy.nix ./dex.nix ./git-pr.nix ./golink.nix ./gotosocial.nix ./restic.nix ./tandoor.nix ./ugit.nix ./vikunja.nix ./hardware.nix];
+  imports = [./caddy.nix ./dex.nix ./git-pr.nix ./golink.nix ./gotosocial.nix ./restic.nix ./soju.nix ./tandoor.nix ./ugit.nix ./vikunja.nix ./hardware.nix];
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;
@@ -12,7 +12,7 @@     hostName = "dragonwell";
 
     firewall = {
       enable = true;
-      allowedTCPPorts = [80 443];
+      allowedTCPPorts = [80 443 6697];
     };
   };
I machines/dragonwell/soju.nix
diff --git a/machines/dragonwell/soju.nix b/machines/dragonwell/soju.nix
new file mode 100644
index 0000000000000000000000000000000000000000..a750536c0fb35fe642e59f8bd88d20d2125bf398
--- /dev/null
+++ b/machines/dragonwell/soju.nix
@@ -0,0 +1,31 @@
+{lib, ...}: let
+  baseCertPath = "/var/lib/acme/irc.jolheiser.com";
+in {
+  security.acme = {
+    acceptTerms = true;
+    email = "irc@jolheiser.com";
+    certs."irc.jolheiser.com" = {
+      listenHTTP = ":7658";
+      postRun = "systemctl reload soju";
+      group = "soju";
+    };
+  };
+  services.soju = {
+    enable = true;
+    tlsCertificate = "${baseCertPath}/fullchain.pem";
+    tlsCertificateKey = "${baseCertPath}/key.pem";
+  };
+  systemd.services.soju.serviceConfig = {
+    DynamicUser = lib.mkForce false;
+    User = "soju";
+    Group = "soju";
+    ReadOnlyPaths = baseCertPath;
+  };
+  users = {
+    users.soju = {
+      isSystemUser = true;
+      group = "soju";
+    };
+    groups.soju = {};
+  };
+}