0xa/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

init: mrbouncy

Browse source
This commit is contained in:
Grigory Shipunov 2023-02-09 19:23:12 +01:00
parent 69805fab21
commit 3d823e8667
Signed by: 0xa
GPG key ID: 91FA5E5BF9AA901C
1 changed files with 40 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
hosts/cirrus/irc.nix
View file

@ -1,25 +1,46 @@
{ pkgs, config, ... }: { { pkgs, config, ... }: {
containers.irc = { services.nginx = {
autoStart = true; # reverse-proxy irc traffic on 7000
privateNetwork = true; streamConfig = ''
localAddress = "10.34.44.100/24"; upstream soju {
server 127.0.0.1:6667;
}
server {
listen 7000 ssl;
listen [::]:7000 ssl;
ssl_certificate /var/lib/acme/mrbouncy.oxapentane.com/fullchain.pem;
ssl_certificate_key /var/lib/acme/mrbouncy.oxapentane.com/key.pem;
ssl_trusted_certificate /var/lib/acme/mrbouncy.oxapentane.com/chain.pem;
proxy_pass soju;
}
'';
# just here to get the cert for irc reverse proxy
virtualHosts = {
"mrbouncy.oxapentane.com" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
# no content for now, here just for no-boilerplate cert
return = "204";
};
};
};
};
};
config = { config, pkgs, ... }: {
services.soju = { services.soju = {
hostname = "mr_bouncy.oxapentane.com"; hostName = "mrbouncy.oxapentane.com";
listen = [ "irc+insecure://127.0.0.1:6667" ];
enable = true; enable = true;
enableMessageLogging = true; enableMessageLogging = true;
acceptProxyIP = [ acceptProxyIP = [ "localhost" ];
"192.168.100.1"
];
}; };
networking.firewall = { environment.systemPackages = [ pkgs.soju ]; # expose soju mgmt commands
enable = true;
allowedTCPPorts = [ 6697 22 ];
};
system.stateVersion = "22.11"; networking.firewall.allowedTCPPorts = [ 7000 ];
};
};
} }