From 0c4f3acb281be6290c55a6e96bc29fab5b5c7a11 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 11 Sep 2023 18:24:28 +0200
Subject: stockholm -> hrm

---
 modules/charybdis/default.nix | 80 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)
 create mode 100644 modules/charybdis/default.nix

(limited to 'modules/charybdis/default.nix')

diff --git a/modules/charybdis/default.nix b/modules/charybdis/default.nix
new file mode 100644
index 0000000..337ea13
--- /dev/null
+++ b/modules/charybdis/default.nix
@@ -0,0 +1,80 @@
+{ config, lib, mylib, pkgs, ... }@args: let
+  cfg = config.tv.charybdis;
+in {
+  options.tv.charybdis = {
+    enable = lib.mkEnableOption "tv.charybdis";
+    motd = lib.mkOption {
+      type = lib.types.str;
+      default = "/join #retiolum";
+    };
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 6667;
+    };
+    ssl_cert = lib.mkOption {
+      type = lib.types.path;
+    };
+    ssl_dh_params = lib.mkOption {
+      type = mylib.types.absolute-pathname;
+      default = "${config.krebs.secret.directory}/charybdis.dh.pem";
+    };
+    ssl_private_key = lib.mkOption {
+      type = mylib.types.absolute-pathname;
+      default = "${config.krebs.secret.directory}/charybdis.key.pem";
+    };
+    sslport = lib.mkOption {
+      type = lib.types.int;
+      default = 6697;
+    };
+    user = lib.mkOption {
+      type = mylib.types.user;
+      default = {
+        name = "charybdis";
+        home = "/var/lib/charybdis";
+      };
+    };
+  };
+  config = lib.mkIf cfg.enable {
+
+    environment.etc."charybdis-ircd.motd".text = cfg.motd;
+
+    krebs.systemd.services.charybdis = {};
+
+    systemd.services.charybdis = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-online.target" ];
+      environment = {
+        BANDB_DBPATH = "${cfg.user.home}/ban.db";
+      };
+      serviceConfig = {
+        SyslogIdentifier = "charybdis";
+        User = cfg.user.name;
+        PrivateTmp = true;
+        Restart = "always";
+        ExecStartPre = [
+          "${pkgs.coreutils}/bin/ln -s /etc/charybdis-ircd.motd /tmp/ircd.motd"
+          "${pkgs.coreutils}/bin/ln -s \${CREDENTIALS_DIRECTORY} /tmp/credentials"
+        ];
+        ExecStart = toString [
+          "${pkgs.charybdis}/bin/charybdis"
+            "-configfile ${import ./config.nix args}"
+            "-foreground"
+            "-logfile /dev/stderr"
+        ];
+        LoadCredential = [
+          "ssl_dh_params:${cfg.ssl_dh_params}"
+          "ssl_private_key:${cfg.ssl_private_key}"
+        ];
+      };
+    };
+
+    users.users.${cfg.user.name} = {
+      inherit (cfg.user) home name uid;
+      createHome = true;
+      group = cfg.user.name;
+      isSystemUser = true;
+    };
+
+    users.groups.${cfg.user.name} = {};
+  };
+}
-- 
cgit v1.2.3