dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions 2

feat(surgat): add soju bouncer
Some checks are pending
Continuous Integration / Checks (push) Waiting to run
Details

Browse source
This commit is contained in:
Tim Schubert 2025-08-02 22:02:56 +02:00
parent cef93c482b
commit a901e37b73
No known key found for this signature in database
9 changed files with 54 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

47
nixos/surgat/configuration.nix
View file

@ -27,7 +27,7 @@ in
};
services.nginx.virtualHosts."hydra.${config.networking.domain}" = {
enableACME = true;
useACMEHost = "dadada.li";
forceSSL = true;
root = "${pkgs.nginx}/html";
@ -135,6 +135,7 @@ in
22 # SSH
80
443 # HTTPS
1667
];
allowedUDPPorts = [
51234 # Wireguard
@ -173,5 +174,49 @@ in
'';
};
services.soju = {
enable = true;
listen = [ "unix:///run/soju/irc.sock" ];
acceptProxyIP = [ "localhost" ];
};
# For owning the socket the right group
systemd.services.soju.serviceConfig.Group = "nginx";
services.nginx.streamConfig = ''
server {
listen 1667 ssl;
proxy_pass unix:/run/soju/irc.sock;
proxy_protocol on;
proxy_connect_timeout 1s;
ssl_certificate /var/lib/acme/dadada.li/fullchain.pem;
ssl_certificate_key /var/lib/acme/dadada.li/key.pem;
ssl_trusted_certificate /var/lib/acme/dadada.li/chain.pem;
}
'';
services.nginx.virtualHosts."soju.dadada.li" = {
useACMEHost = "dadada.li";
forceSSL = true;
};
users.groups.acme.members = [
"nginx"
];
security.acme.certs = {
"dadada.li" = {
webroot = "/var/lib/acme/acme-challenge";
extraDomainNames = [
"element.dadada.li"
"hydra.dadada.li"
"git.dadada.li"
"miniflux.dadada.li"
"share.dadada.li"
"soju.dadada.li"
];
};
};
system.stateVersion = "23.05";
}