Gabe/nix-config
1
0
Fork 0
Code Issues 12 Pull requests Projects Releases Packages Wiki Activity

added soju IRC bouncer and a couple of IRC clients.

Browse source
This commit is contained in:
Gabe Venberg 2025-10-30 15:28:06 +01:00
parent 5da8f42240
commit 63060d1a68
11 changed files with 86 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

22
configs/home-manager/halloy-irc.nix Normal file
View file

@ -0,0 +1,22 @@
{
config,
pkgs,
lib,
...
}: {
programs.halloy = lib.mkIf (lib.hasAttrByPath ["sops" "secrets" "soju-password"] config) {
enable = true;
settings = {
servers.soju = {
server = "irc.venberg.xyz";
nickname = "toric";
port = 6697;
sasl.plain = {
username = "toric";
password_file = config.sops.secrets.soju-password.path;
};
};
buffer.chathistory.infinite_scroll = true;
};
};
}

15
configs/home-manager/senpai-irc.nix Normal file
View file

@ -0,0 +1,15 @@
{
config,
pkgs,
lib,
...
}: {
programs.senpai = lib.mkIf (lib.hasAttrByPath ["sops" "secrets" "soju-password"] config) {
enable = true;
config = {
address = "irc.venberg.xyz";
nickname = "toric";
password-cmd = ["cat" config.sops.secrets.soju-password.path];
};
};
}

1
configs/nixos/i3/default.nix
View file

@ -26,6 +26,7 @@
dex
firefox
thunderbird
mpv
];
services.playerctld.enable = true;
xsession.enable = true;

1
configs/nixos/nginx.nix
View file

@ -19,6 +19,7 @@
security.acme = {
acceptTerms = true;
defaults.email = "gabevenberg@gmail.com";
defaults.webroot = "/var/lib/acme/acme-challenge/";
};
networking.firewall.allowedTCPPorts = [443 80];
}

35
configs/nixos/soju.nix Normal file
View file

@ -0,0 +1,35 @@
{
inputs,
config,
pkgs,
lib,
...
}: let
domain = "irc.venberg.xyz";
port = 6697;
certDir = config.security.acme.certs.${domain}.directory;
in {
security.acme.certs.${domain} = {
reloadServices = ["soju.service"];
group = config.services.nginx.group;
};
# webserver for http challenge
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = domain;
locations."/.well-known/".root = "/var/lib/acme/acme-challenge/";
};
networking.firewall.allowedTCPPorts = [port 80];
services.soju = {
enable = true;
hostName = domain;
listen = [":${builtins.toString port}"];
tlsCertificate = "/run/credentials/soju.service/cert.pem";
tlsCertificateKey = "/run/credentials/soju.service/key.pem";
enableMessageLogging = true;
};
systemd.services.soju.serviceConfig.LoadCredential = [
"cert.pem:${certDir}/cert.pem"
"key.pem:${certDir}/key.pem"
];
}

6
flake.lock generated
View file

@ -125,10 +125,10 @@
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1759838094,
"narHash": "sha256-eLz+Xa+SEDBjevKYPIccrd8IoK8N/3ewJC0bNi4Pwx4=",
"lastModified": 1761828538,
"narHash": "sha256-q3nzaUAuBNefJQ5vSNtx4+0OsS4qKvAu7u2GkHXRBHI=",
"ref": "refs/heads/main",
"rev": "8172f0d3fefccac5568ac115a37ba9785dae3915",
"rev": "4c080031ee47552b20f286edd7e9374283811bbd",
"shallow": true,
"type": "git",
"url": "ssh://forgejo@git.venberg.xyz/Gabe/nix-secrets.git"

1
hosts/cirrus/default.nix
View file

@ -23,6 +23,7 @@ inputs.nixpkgs.lib.nixosSystem {
../../configs/nixos/forgejo.nix
../../configs/nixos/homepage.nix
../../configs/nixos/freshrss.nix
../../configs/nixos/soju.nix
({
config,
pkgs,

3
hosts/harmatan/default.nix
View file

@ -100,12 +100,15 @@ inputs.nixpkgs.lib.nixosSystem {
../../configs/home-manager/secrets.nix
../../configs/home-manager/email.nix
../../configs/home-manager/tiny-irc.nix
../../configs/home-manager/senpai-irc.nix
../../configs/home-manager/halloy-irc.nix
];
sops = lib.mkIf (inputs ? nix-secrets) {
secrets = {
gmail-password.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
irc-cert.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
soju-password.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
};
};
};

2
hosts/home-personal.nix
View file

@ -37,6 +37,7 @@ inputs.home-manager.lib.homeManagerConfiguration {
../configs/home-manager/email.nix
../configs/home-manager/tiny-irc.nix
../configs/home-manager/secrets.nix
../../configs/home-manager/senpai-irc.nix
inputs.sops-nix.homeManagerModules.sops
];
@ -44,6 +45,7 @@ inputs.home-manager.lib.homeManagerConfiguration {
secrets = {
gmail-password.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
irc-cert.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
soju-password.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
};
};
})

2
hosts/work-laptop.nix
View file

@ -38,6 +38,7 @@ inputs.home-manager.lib.homeManagerConfiguration {
../configs/home-manager/email.nix
../configs/home-manager/tiny-irc.nix
../configs/home-manager/secrets.nix
../../configs/home-manager/senpai-irc.nix
inputs.sops-nix.homeManagerModules.sops
];
@ -45,6 +46,7 @@ inputs.home-manager.lib.homeManagerConfiguration {
secrets = {
gmail-password.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
irc-cert.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
soju-password.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
};
};
})

2
modules/nixos/restic.nix
View file

@ -109,7 +109,7 @@
"NGINX must be enabled")
)
{
clientMaxBodySize = "1000m";
clientMaxBodySize = "0";
virtualHosts."${cfg.server.domain}" = {
enableACME = lib.asserts.assertMsg (
config.security.acme.acceptTerms