diff options
Diffstat (limited to 'modules/soju')
| -rw-r--r-- | modules/soju/default.nix | 13 | ||||
| -rw-r--r-- | modules/soju/options.nix | 16 | ||||
| -rw-r--r-- | modules/soju/sys.nix | 47 |
3 files changed, 0 insertions, 76 deletions
diff --git a/modules/soju/default.nix b/modules/soju/default.nix deleted file mode 100644 index 2b302f0..0000000 --- a/modules/soju/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - config, - lib, - pkgs, - doctrine, - ... -}: -doctrine.lib.mkModule { - inherit config; - name = "soju"; - sys = ./sys.nix; - options = ./options.nix; -} diff --git a/modules/soju/options.nix b/modules/soju/options.nix deleted file mode 100644 index 06c3381..0000000 --- a/modules/soju/options.nix +++ /dev/null @@ -1,16 +0,0 @@ -{lib, ...}: -with lib.types; { - sys = { - fullyQualifiedDomain = lib.mkOption { - type = str; - example = "soju.trivionomicon.com"; - description = "fully qualified domain name to be used by soju"; - }; - - port = lib.mkOption { - type = port; - default = 6697; - description = "port to be used by soju"; - }; - }; -} diff --git a/modules/soju/sys.nix b/modules/soju/sys.nix deleted file mode 100644 index 83c3560..0000000 --- a/modules/soju/sys.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - pkgs, - lib, - cfg, - doctrine, - ... -}: -with lib; { - security.acme.certs."${cfg.fullyQualifiedDomain}" = { - reloadServices = ["soju.service"]; - group = "soju"; - }; - - networking.firewall.allowedTCPPorts = [cfg.port]; - - services.soju = let - sojuCertDir = config.security.acme.certs."${cfg.fullyQualifiedDomain}".directory; - in { - enable = true; - hostName = "${cfg.fullyQualifiedDomain}"; - listen = ["ircs://[::]:${toString cfg.port}"]; - tlsCertificate = "${sojuCertDir}/fullchain.pem"; - tlsCertificateKey = "${sojuCertDir}/key.pem"; - }; - - systemd.services.soju = { - after = ["acme-${cfg.fullyQualifiedDomain}.service"]; - serviceConfig = { - DynamicUser = mkForce false; # fuck dynamic users - User = "soju"; - Group = "soju"; - ProtectSystem = "strict"; - ProtectHome = "read-only"; - PrivateTmp = true; - RemoveIPC = true; - }; - }; - - users = { - users.soju = { - isSystemUser = true; - group = "soju"; - }; - groups.soju = {}; - }; -} |