about summary refs log tree commit diff
path: root/modules/nixos/soju.nix
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2023-12-03 02:52:28 +0300
committerAzat Bahawi <azat@bahawi.net>2023-12-03 02:52:28 +0300
commitcec9f7acd5e5e365563212c5144394f71dd90b27 (patch)
tree667b308a7241ab2e8f3fa4e2b53cc7888e876c68 /modules/nixos/soju.nix
parent2023-11-29 (diff)
2023-12-03
Diffstat (limited to 'modules/nixos/soju.nix')
-rw-r--r--modules/nixos/soju.nix30
1 files changed, 15 insertions, 15 deletions
diff --git a/modules/nixos/soju.nix b/modules/nixos/soju.nix
index b43fbdc..ea95bb3 100644
--- a/modules/nixos/soju.nix
+++ b/modules/nixos/soju.nix
@@ -11,12 +11,6 @@ in {
   options.nixfiles.modules.soju = {
     enable = mkEnableOption "soju";
 
-    protocol = mkOption {
-      description = "Port.";
-      type = with types; enum ["ircs" "irc+insecure"];
-      default = "irc+insecure";
-    };
-
     address = mkOption {
       description = "Address.";
       type = with types; str;
@@ -26,7 +20,7 @@ in {
     port = mkOption {
       description = "Port.";
       type = with types; port;
-      default = 6667;
+      default = 6697;
     };
 
     domain = mkOption {
@@ -50,13 +44,17 @@ in {
     db = "soju";
   in
     mkIf cfg.enable {
-      nixfiles.modules.postgresql = {
-        enable = true;
-        extraPostStart = [
-          ''
-            $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"'
-          ''
-        ];
+      nixfiles.modules = {
+        acme.enable = true;
+        nginx.enable = true;
+        postgresql = {
+          enable = true;
+          extraPostStart = [
+            ''
+              $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"'
+            ''
+          ];
+        };
       };
 
       services.postgresql = {
@@ -77,7 +75,8 @@ in {
           ExecStart = let
             # https://soju.im/doc/soju.1.html
             configFile = pkgs.writeText "soju.conf" ''
-              listen ${cfg.protocol}://${cfg.address}:${toString cfg.port}
+              listen ircs://${cfg.address}:${toString cfg.port}
+              tls ${with config.certs.${cfg.domain}; "${directory}/fullchain.pem ${directory}/key.pem"}
               ${
                 with cfg.prometheus;
                   optionalString enable
@@ -100,6 +99,7 @@ in {
               "-config ${configFile}"
             ];
           DynamicUser = true;
+          SupplementaryGroups = [config.services.nginx.group];
           AmbientCapabilities = [""];
           CapabilityBoundingSet = [""];
           UMask = "0077";

Consider giving Nix/NixOS a try! <3