1 files changed, 0 insertions, 117 deletions
diff --git a/modules/nixfiles/soju.nix b/modules/nixfiles/soju.nix
deleted file mode 100644
index 14faf00..0000000
--- a/modules/nixfiles/soju.nix
+++ /dev/null
@@ -1,117 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  this,
-  ...
-}:
-with lib; let
-  cfg = config.nixfiles.modules.soju;
-in {
-  options.nixfiles.modules.soju = {
-    enable = mkEnableOption "soju";
-
-    protocol = mkOption {
-      description = "Port.";
-      type = with types; enum ["ircs" "irc+insecure"];
-      default = "irc+insecure";
-    };
-
-    address = mkOption {
-      description = "Address.";
-      type = with types; str;
-      default = this.wireguard.ipv4.address;
-    };
-
-    port = mkOption {
-      description = "Port.";
-      type = with types; port;
-      default = 6667;
-    };
-
-    domain = mkOption {
-      description = "Domain.";
-      type = with types; str;
-      default = config.networking.fqdn;
-    };
-  };
-
-  config = let
-    db = "soju";
-  in
-    mkIf cfg.enable {
-      nixfiles.modules.postgresql = {
-        enable = true;
-        extraPostStart = [
-          ''
-            $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"'
-          ''
-        ];
-      };
-
-      services.postgresql = {
-        ensureDatabases = [db];
-        ensureUsers = [
-          {
-            name = db;
-            ensurePermissions."DATABASE \"${db}\"" = "ALL";
-          }
-        ];
-      };
-
-      systemd.services.soju = {
-        description = "soju IRC bouncer";
-        wantedBy = ["multi-user.target"];
-        after = ["network-online.target" "postgresql.service"];
-        serviceConfig = {
-          ExecStart = let
-            # https://soju.im/doc/soju.1.html
-            configFile = pkgs.writeText "soju.conf" ''
-              listen ${cfg.protocol}://${cfg.address}:${toString cfg.port}
-              db postgres ${
-                concatStringsSep " " [
-                  "host=/run/postgresql"
-                  "user=${db}"
-                  "dbname=${db}"
-                  "sslmode=disable"
-                ]
-              }
-              hostname ${cfg.domain}
-              title ${cfg.domain}
-            '';
-          in
-            concatStringsSep " " [
-              "${pkgs.soju}/bin/soju"
-              "-config ${configFile}"
-            ];
-          DynamicUser = true;
-          AmbientCapabilities = [""];
-          CapabilityBoundingSet = [""];
-          UMask = "0077";
-          LockPersonality = true;
-          MemoryDenyWriteExecute = true;
-          NoNewPrivileges = true;
-          PrivateDevices = true;
-          PrivateTmp = true;
-          PrivateUsers = true;
-          ProtectClock = true;
-          ProtectControlGroups = true;
-          ProtectHome = true;
-          ProtectHostname = true;
-          ProtectKernelLogs = true;
-          ProtectKernelModules = true;
-          ProtectKernelTunables = true;
-          ProtectSystem = "strict";
-          ProtectProc = "invisible";
-          ProcSubset = "pid";
-          RemoveIPC = true;
-          RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"];
-          RestrictNamespaces = true;
-          RestrictRealtime = true;
-          RestrictSUIDSGID = true;
-          SystemCallArchitectures = "native";
-          SystemCallFilter = ["@system-service" "~@privileged"];
-        };
-      };
-    };
-}