added soju IRC bouncer and a couple of IRC clients.

2025-10-30 15:28:06 +01:00 · 2025-10-30 15:28:06 +01:00 · 63060d1a68
commit 63060d1a68
parent 5da8f42240
11 changed files with 86 additions and 4 deletions
--- a/configs/home-manager/halloy-irc.nix
+++ b/configs/home-manager/halloy-irc.nix
@ -0,0 +1,22 @@
 {
  config,
  pkgs,
  lib,
  ...
 }: {
  programs.halloy = lib.mkIf (lib.hasAttrByPath ["sops" "secrets" "soju-password"] config) {
    enable = true;
    settings = {
      servers.soju = {
        server = "irc.venberg.xyz";
        nickname = "toric";
        port = 6697;
        sasl.plain = {
          username = "toric";
          password_file = config.sops.secrets.soju-password.path;
        };
      };
      buffer.chathistory.infinite_scroll = true;
    };
  };
 }
--- a/configs/home-manager/senpai-irc.nix
+++ b/configs/home-manager/senpai-irc.nix
@ -0,0 +1,15 @@
 {
  config,
  pkgs,
  lib,
  ...
 }: {
  programs.senpai = lib.mkIf (lib.hasAttrByPath ["sops" "secrets" "soju-password"] config) {
    enable = true;
    config = {
      address = "irc.venberg.xyz";
      nickname = "toric";
      password-cmd = ["cat" config.sops.secrets.soju-password.path];
    };
  };
 }
--- a/configs/nixos/i3/default.nix
+++ b/configs/nixos/i3/default.nix
@ -26,6 +26,7 @@
      dex
      firefox
      thunderbird
      mpv
    ];
    services.playerctld.enable = true;
    xsession.enable = true;
--- a/configs/nixos/nginx.nix
+++ b/configs/nixos/nginx.nix
@ -19,6 +19,7 @@
  security.acme = {
    acceptTerms = true;
    defaults.email = "gabevenberg@gmail.com";
    defaults.webroot = "/var/lib/acme/acme-challenge/";
  };
  networking.firewall.allowedTCPPorts = [443 80];
 }
--- a/configs/nixos/soju.nix
+++ b/configs/nixos/soju.nix
@ -0,0 +1,35 @@
 {
  inputs,
  config,
  pkgs,
  lib,
  ...
 }: let
  domain = "irc.venberg.xyz";
  port = 6697;
  certDir = config.security.acme.certs.${domain}.directory;
 in {
  security.acme.certs.${domain} = {
    reloadServices = ["soju.service"];
    group = config.services.nginx.group;
  };
  # webserver for http challenge
  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    useACMEHost = domain;
    locations."/.well-known/".root = "/var/lib/acme/acme-challenge/";
  };
  networking.firewall.allowedTCPPorts = [port 80];
  services.soju = {
    enable = true;
    hostName = domain;
    listen = [":${builtins.toString port}"];
    tlsCertificate = "/run/credentials/soju.service/cert.pem";
    tlsCertificateKey = "/run/credentials/soju.service/key.pem";
    enableMessageLogging = true;
  };
  systemd.services.soju.serviceConfig.LoadCredential = [
    "cert.pem:${certDir}/cert.pem"
    "key.pem:${certDir}/key.pem"
  ];
 }
--- a/flake.lock
+++ b/flake.lock
@ -125,10 +125,10 @@
    "nix-secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1759838094,
+        "lastModified": 1761828538,
-        "narHash": "sha256-eLz+Xa+SEDBjevKYPIccrd8IoK8N/3ewJC0bNi4Pwx4=",
+        "narHash": "sha256-q3nzaUAuBNefJQ5vSNtx4+0OsS4qKvAu7u2GkHXRBHI=",
        "ref": "refs/heads/main",
-        "rev": "8172f0d3fefccac5568ac115a37ba9785dae3915",
+        "rev": "4c080031ee47552b20f286edd7e9374283811bbd",
        "shallow": true,
        "type": "git",
        "url": "ssh://forgejo@git.venberg.xyz/Gabe/nix-secrets.git"
--- a/hosts/cirrus/default.nix
+++ b/hosts/cirrus/default.nix
@ -23,6 +23,7 @@ inputs.nixpkgs.lib.nixosSystem {
    ../../configs/nixos/forgejo.nix
    ../../configs/nixos/homepage.nix
    ../../configs/nixos/freshrss.nix
    ../../configs/nixos/soju.nix
    ({
      config,
      pkgs,
--- a/hosts/harmatan/default.nix
+++ b/hosts/harmatan/default.nix
@ -100,12 +100,15 @@ inputs.nixpkgs.lib.nixosSystem {
          ../../configs/home-manager/secrets.nix
          ../../configs/home-manager/email.nix
          ../../configs/home-manager/tiny-irc.nix
          ../../configs/home-manager/senpai-irc.nix
          ../../configs/home-manager/halloy-irc.nix
        ];
        sops = lib.mkIf (inputs ? nix-secrets) {
          secrets = {
            gmail-password.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
            irc-cert.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
            soju-password.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
          };
        };
      };
--- a/hosts/home-personal.nix
+++ b/hosts/home-personal.nix
@ -37,6 +37,7 @@ inputs.home-manager.lib.homeManagerConfiguration {
        ../configs/home-manager/email.nix
        ../configs/home-manager/tiny-irc.nix
        ../configs/home-manager/secrets.nix
        ../../configs/home-manager/senpai-irc.nix
        inputs.sops-nix.homeManagerModules.sops
      ];
@ -44,6 +45,7 @@ inputs.home-manager.lib.homeManagerConfiguration {
        secrets = {
          gmail-password.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
          irc-cert.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
          soju-password.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
        };
      };
    })
--- a/hosts/work-laptop.nix
+++ b/hosts/work-laptop.nix
@ -38,6 +38,7 @@ inputs.home-manager.lib.homeManagerConfiguration {
        ../configs/home-manager/email.nix
        ../configs/home-manager/tiny-irc.nix
        ../configs/home-manager/secrets.nix
        ../../configs/home-manager/senpai-irc.nix
        inputs.sops-nix.homeManagerModules.sops
      ];
@ -45,6 +46,7 @@ inputs.home-manager.lib.homeManagerConfiguration {
        secrets = {
          gmail-password.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
          irc-cert.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
          soju-password.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
        };
      };
    })
--- a/modules/nixos/restic.nix
+++ b/modules/nixos/restic.nix
@ -109,7 +109,7 @@
          "NGINX must be enabled")
      )
      {
-        clientMaxBodySize = "1000m";
+        clientMaxBodySize = "0";
        virtualHosts."${cfg.server.domain}" = {
          enableACME = lib.asserts.assertMsg (
            config.security.acme.acceptTerms