diff options
author | lassulus <lassulus@lassul.us> | 2022-01-09 00:43:23 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2022-01-09 00:43:23 +0100 |
commit | 545b424ecbd69df2b507f827b26ee6e38f1648c3 (patch) | |
tree | 3ec14efb568d219ce4ad31513306049887eea67c /krebs/2configs | |
parent | dbc238752043078de95aac231d31cc5fd88a329f (diff) |
krebs: use ergo instead of solanum everywhere
Diffstat (limited to 'krebs/2configs')
-rw-r--r-- | krebs/2configs/ergo.nix | 13 | ||||
-rw-r--r-- | krebs/2configs/ircd.nix | 149 | ||||
-rw-r--r-- | krebs/2configs/news.nix | 3 |
3 files changed, 38 insertions, 127 deletions
diff --git a/krebs/2configs/ergo.nix b/krebs/2configs/ergo.nix deleted file mode 100644 index db0bc5748..000000000 --- a/krebs/2configs/ergo.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, pkgs, ... }: - -{ - networking.firewall.allowedTCPPorts = [ - 6667 - ]; - - krebs.ergo = { - enable = true; - }; -} - - diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 904878731..c6c91e074 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -1,121 +1,44 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ - 6667 6669 + 6667 ]; - systemd.services.solanum.serviceConfig.LimitNOFILE = lib.mkForce 16384; - - services.solanum = { + krebs.ergo = { enable = true; - motd = '' - hello - ''; - config = '' - loadmodule "extensions/m_omode"; - serverinfo { - name = "${config.krebs.build.host.name}.irc.r"; - sid = "1as"; - description = "irc!"; - network_name = "irc.r"; - - vhost = "0.0.0.0"; - vhost6 = "::"; - - #ssl_private_key = "etc/ssl.key"; - #ssl_cert = "etc/ssl.cert"; - #ssl_dh_params = "etc/dh.pem"; - #ssld_count = 1; - - default_max_clients = 2048; - #nicklen = 30; - }; - - listen { - defer_accept = yes; - - /* If you want to listen on a specific IP only, specify host. - * host definitions apply only to the following port line. - */ - host = "0.0.0.0"; - port = 6667; - #sslport = 6697; - - /* Listen on IPv6 (if you used host= above). */ - host = "::"; - port = 6667; - #sslport = 6697; - }; - - class "users" { - ping_time = 2 minutes; - number_per_ident = 10; - number_per_ip = 4096; - number_per_ip_global = 4096; - cidr_ipv4_bitlen = 24; - cidr_ipv6_bitlen = 64; - number_per_cidr = 65535; - max_number = 65535; - sendq = 1000 megabyte; - }; - - privset "op" { - privs = oper:admin, oper:general; - }; - - operator "aids" { - user = "*@*"; - password = "balls"; - flags = ~encrypted; - snomask = "+s"; - privset = "op"; - }; - - exempt { - ip = "127.0.0.1"; - }; - - exempt { - ip = "10.243.0.0/16"; - }; - - auth { - user = "*@*"; - class = "users"; - flags = kline_exempt, exceed_limit, flood_exempt; - }; - - channel { - autochanmodes = "+t"; - use_invex = yes; - use_except = yes; - use_forward = yes; - use_knock = yes; - knock_delay = 5 minutes; - knock_delay_channel = 1 minute; - max_chans_per_user = 150; - max_bans = 100; - max_bans_large = 500; - default_split_user_count = 0; - default_split_server_count = 0; - no_create_on_split = no; - no_join_on_split = no; - burst_topicwho = yes; - kick_on_split_riding = no; - only_ascii_channels = no; - resv_forcepart = yes; - channel_target_change = yes; - disable_local_channels = no; - }; - - general { - #maybe we want ident someday? - default_floodcount = 10000; - disable_auth = yes; - throttle_duration = 1; - throttle_count = 10000; - }; - ''; + config = { + server.secure-nets = [ + "42::0/16" + "10.240.0.0/12" + ]; + oper-classes.server-admin = { + title = "admin"; + capabilities = [ + "kill" # disconnect user sessions + "ban" # ban IPs, CIDRs, and NUH masks ("d-line" and "k-line") + "nofakelag" # remove "fakelag" restrictions on rate of message sending + "relaymsg" # use RELAYMSG in any channel (see the 'relaymsg' config block) + "vhosts" # add and remove vhosts from users + "sajoin" # join arbitrary channels, including private channels + "samode" # modify arbitrary channel and user modes + "snomasks" # subscribe to arbitrary server notice masks + "roleplay" # use the (deprecated) roleplay commands in any channel + "rehash" # rehash the server, i.e. reload the config at runtime + "accreg" # modify arbitrary account registrations + "chanreg" # modify arbitrary channel registrations + "history" # modify or delete history messages + "defcon" # use the DEFCON command (restrict server capabilities) + "massmessage" # message all users on the server + ]; + }; + opers.aids = { + class = "server-admin"; + hidden = false; + password = "$2a$04$0AtVycWQJ07ymrDdKyAm2un3UVSVIzpzL3wsWbWb3PF95d1CZMcMO"; + }; + }; }; } + + diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 84a39f95b..639cadb37 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -68,7 +68,8 @@ wantedBy = [ "multi-user.target" ]; }; - systemd.services.brockman.bindsTo = [ "solanum.service" ]; + krebs.ergo.openFilesLimit = 16384; + systemd.services.brockman.bindsTo = [ "ergo.service" ]; systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; krebs.brockman = { |