feat(surgat): add soju bouncer

feat(stolas): add steam
2025-08-03 00:22:07 +02:00 · 2025-08-02 21:11:25 +02:00
12 changed files with 59 additions and 21 deletions
--- a/home/default.nix
+++ b/home/default.nix
@ -119,7 +119,7 @@ in
  '';
  home.file.".jjconfig.toml".source = ./jjconfig.toml;
-  home.file.".config/halloy/config.toml".source = ./halloy.toml;
+  #home.file.".config/halloy/config.toml".source = ./halloy.toml;
  systemd.user.timers."backup-keepassxc" = {
    Unit.Description = "Backup password DB";
--- a/home/halloy.toml
+++ b/home/halloy.toml
@ -1,10 +0,0 @@
 # Halloy config.
 #
 # For a complete list of available options,
 # please visit https://halloy.squidowl.org/configuration/index.html
 [servers.liberachat]
 nickname = "dadada"
 server = "irc.libera.chat"
 channels = ["#stratum0"]
 sasl.external.cert = "/home/dadada/.config/halloy/libera.pem"
--- a/nixos/configurations.nix
+++ b/nixos/configurations.nix
@ -21,6 +21,8 @@ let
        "brgenml1lpr"
        "saleae-logic-2"
        "spotify"
        "steam"
        "steam-unwrapped"
      ];
  };
  nixosSystem = nixpkgs.lib.nixosSystem;
--- a/nixos/modules/element.nix
+++ b/nixos/modules/element.nix
@ -13,7 +13,7 @@ in
  };
  config = lib.mkIf cfg.enable {
    services.nginx.virtualHosts."element.${config.networking.domain}" = {
-      enableACME = true;
+      useACMEHost = "dadada.li";
      forceSSL = true;
      serverAliases = [
        "element.${config.networking.domain}"
--- a/nixos/modules/gitea.nix
+++ b/nixos/modules/gitea.nix
@ -82,7 +82,7 @@ in
    };
    services.nginx.virtualHosts."git.${config.networking.domain}" = {
-      enableACME = true;
+      useACMEHost = "dadada.li";
      forceSSL = true;
      locations."/".extraConfig = ''
--- a/nixos/modules/homepage.nix
+++ b/nixos/modules/homepage.nix
@ -19,7 +19,7 @@ with lib;
    services.nginx.enable = true;
    services.nginx.virtualHosts."dadada.li" = {
-      enableACME = true;
+      useACMEHost = "dadada.li";
      forceSSL = true;
      root = "${cfg.package}";
    };
--- a/nixos/modules/miniflux.nix
+++ b/nixos/modules/miniflux.nix
@ -21,7 +21,7 @@ in
    };
    services.nginx.virtualHosts.${domain} = {
-      enableACME = true;
+      useACMEHost = "dadada.li";
      forceSSL = true;
      locations."/".extraConfig = ''
--- a/nixos/modules/share.nix
+++ b/nixos/modules/share.nix
@ -16,7 +16,7 @@ in
    services.nginx.enable = true;
    services.nginx.virtualHosts."share.dadada.li" = {
-      enableACME = true;
+      useACMEHost = "dadada.li";
      forceSSL = true;
      root = "/var/lib/share";
--- a/nixos/modules/steam.nix
+++ b/nixos/modules/steam.nix
@ -15,11 +15,11 @@ in
    };
  };
  config = mkIf cfg.enable {
    programs.steam.enable = true;
    hardware.graphics = {
      enable = true;
      extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
    };
-
+    services.pulseaudio.support32Bit = true;
    hardware.pulseaudio.support32Bit = true;
  };
 }
--- a/nixos/modules/weechat.nix
+++ b/nixos/modules/weechat.nix
@ -21,7 +21,7 @@ in
    services.nginx.enable = true;
    services.nginx.virtualHosts."webchat.dadada.li" = {
-      enableACME = true;
+      useACMEHost = "dadada.li";
      forceSSL = true;
      root = pkgs.glowing-bear;
@ -36,7 +36,7 @@ in
      };
    };
    services.nginx.virtualHosts."weechat.dadada.li" = {
-      enableACME = true;
+      useACMEHost = "dadada.li";
      forceSSL = true;
      root = "${pkgs.nginx}/html";
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@ -94,6 +94,7 @@
      enable = true;
      repo = "u355513-sub5@u355513-sub5.your-storagebox.de:/home/backup";
    };
    steam.enable = true;
  };
  programs = {
--- a/nixos/surgat/configuration.nix
+++ b/nixos/surgat/configuration.nix
@ -27,7 +27,7 @@ in
  };
  services.nginx.virtualHosts."hydra.${config.networking.domain}" = {
-    enableACME = true;
+    useACMEHost = "dadada.li";
    forceSSL = true;
    root = "${pkgs.nginx}/html";
@ -135,6 +135,7 @@ in
      22 # SSH
      80
      443 # HTTPS
      1667
    ];
    allowedUDPPorts = [
      51234 # Wireguard
@ -173,5 +174,49 @@ in
    '';
  };
  services.soju = {
    enable = true;
    listen = [ "unix:///run/soju/irc.sock" ];
    acceptProxyIP = [ "localhost" ];
  };
  # For owning the socket the right group
  systemd.services.soju.serviceConfig.Group = "nginx";
  services.nginx.streamConfig = ''
    server {
      listen 1667 ssl;
      proxy_pass unix:/run/soju/irc.sock;
      proxy_protocol on;
      proxy_connect_timeout 1s;
      ssl_certificate /var/lib/acme/dadada.li/fullchain.pem;
      ssl_certificate_key /var/lib/acme/dadada.li/key.pem;
      ssl_trusted_certificate /var/lib/acme/dadada.li/chain.pem;
    }
  '';
  services.nginx.virtualHosts."soju.dadada.li" = {
    useACMEHost = "dadada.li";
    forceSSL = true;
  };
  users.groups.acme.members = [
    "nginx"
  ];
  security.acme.certs = {
    "dadada.li" = {
      webroot = "/var/lib/acme/acme-challenge";
      extraDomainNames = [
        "element.dadada.li"
        "hydra.dadada.li"
        "git.dadada.li"
        "miniflux.dadada.li"
        "share.dadada.li"
        "soju.dadada.li"
      ];
    };
  };
  system.stateVersion = "23.05";
 }
Author	SHA1	Message	Date
Tim Schubert	a901e37b73	feat(surgat): add soju bouncer Some checks are pending Continuous Integration / Checks (push) Waiting to run Details	2025-08-03 00:22:07 +02:00
Tim Schubert	cef93c482b	feat(stolas): add steam	2025-08-02 21:11:25 +02:00