From cec9f7acd5e5e365563212c5144394f71dd90b27 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sun, 3 Dec 2023 02:52:28 +0300 Subject: 2023-12-03 --- modules/nixos/soju.nix | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'modules/nixos/soju.nix') diff --git a/modules/nixos/soju.nix b/modules/nixos/soju.nix index b43fbdc..ea95bb3 100644 --- a/modules/nixos/soju.nix +++ b/modules/nixos/soju.nix @@ -11,12 +11,6 @@ in { options.nixfiles.modules.soju = { enable = mkEnableOption "soju"; - protocol = mkOption { - description = "Port."; - type = with types; enum ["ircs" "irc+insecure"]; - default = "irc+insecure"; - }; - address = mkOption { description = "Address."; type = with types; str; @@ -26,7 +20,7 @@ in { port = mkOption { description = "Port."; type = with types; port; - default = 6667; + default = 6697; }; domain = mkOption { @@ -50,13 +44,17 @@ in { db = "soju"; in mkIf cfg.enable { - nixfiles.modules.postgresql = { - enable = true; - extraPostStart = [ - '' - $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' - '' - ]; + nixfiles.modules = { + acme.enable = true; + nginx.enable = true; + postgresql = { + enable = true; + extraPostStart = [ + '' + $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' + '' + ]; + }; }; services.postgresql = { @@ -77,7 +75,8 @@ in { ExecStart = let # https://soju.im/doc/soju.1.html configFile = pkgs.writeText "soju.conf" '' - listen ${cfg.protocol}://${cfg.address}:${toString cfg.port} + listen ircs://${cfg.address}:${toString cfg.port} + tls ${with config.certs.${cfg.domain}; "${directory}/fullchain.pem ${directory}/key.pem"} ${ with cfg.prometheus; optionalString enable @@ -100,6 +99,7 @@ in { "-config ${configFile}" ]; DynamicUser = true; + SupplementaryGroups = [config.services.nginx.group]; AmbientCapabilities = [""]; CapabilityBoundingSet = [""]; UMask = "0077"; -- cgit 1.4.1