From d5db8b88edbf40df3b48364429310872edb64cea Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Feb 2016 06:23:06 +0100 Subject: tv.charybdis: use krebs.secret --- tv/3modules/charybdis/default.nix | 90 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 tv/3modules/charybdis/default.nix (limited to 'tv/3modules/charybdis/default.nix') diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix new file mode 100644 index 000000000..0bab69529 --- /dev/null +++ b/tv/3modules/charybdis/default.nix @@ -0,0 +1,90 @@ +{ config, lib, pkgs, ... }@args: with config.krebs.lib; let + cfg = config.tv.charybdis; +in { + options.tv.charybdis = { + enable = mkEnableOption "tv.charybdis"; + motd = mkOption { + type = types.str; + default = "/join #retiolum"; + }; + port = mkOption { + type = types.int; + default = 6667; + }; + ssl_cert = mkOption { + type = types.path; + }; + ssl_dh_params = mkOption { + type = types.secret-file; + default = { + path = "${cfg.user.home}/dh.pem"; + owner-name = "charybdis"; + source-path = toString + "/charybdis.dh.pem"; + }; + }; + ssl_private_key = mkOption { + type = types.secret-file; + default = { + path = "${cfg.user.home}/ssl.key.pem"; + owner-name = "charybdis"; + source-path = toString + "/charybdis.key.pem"; + }; + }; + sslport = mkOption { + type = types.int; + default = 6697; + }; + user = mkOption { + type = types.submodule { + options = { + name = mkOption { + type = types.str; + }; + home = mkOption { + type = types.str; + }; + }; + }; + default = { + name = "charybdis"; + home = "/var/lib/charybdis"; + }; + }; + }; + config = lib.mkIf cfg.enable { + + krebs.secret.files.charybdis-ssl_dh_params = cfg.ssl_dh_params; + krebs.secret.files.charybdis-ssl_private_key = cfg.ssl_private_key; + + environment.etc."charybdis-ircd.motd".text = cfg.motd; + + systemd.services.charybdis = { + wantedBy = [ "multi-user.target" ]; + requires = [ "secret.service" ]; + after = [ "network.target" "secret.service" ]; + environment = { + BANDB_DBPATH = "${cfg.user.home}/ban.db"; + }; + serviceConfig = { + SyslogIdentifier = "charybdis"; + User = cfg.user.name; + PrivateTmp = true; + Restart = "always"; + ExecStartPre = + "${pkgs.coreutils}/bin/ln -s /etc/charybdis-ircd.motd /tmp/ircd.motd"; + ExecStart = toString [ + "${pkgs.charybdis}/bin/charybdis-ircd" + "-configfile ${import ./config.nix args}" + "-foreground" + "-logfile /dev/stderr" + ]; + }; + }; + + users.users.${cfg.user.name} = { + inherit (cfg.user) home name; + createHome = true; + uid = genid cfg.user.name; + }; + }; +} -- cgit v1.2.3 From c5f18dfdfe9874ba48834447c8d3259b115c1357 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Feb 2016 06:39:12 +0100 Subject: tv.{charybdis,ejabberd}.user :: user --- tv/3modules/charybdis/default.nix | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) (limited to 'tv/3modules/charybdis/default.nix') diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 0bab69529..5cb0c55b7 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -35,16 +35,7 @@ in { default = 6697; }; user = mkOption { - type = types.submodule { - options = { - name = mkOption { - type = types.str; - }; - home = mkOption { - type = types.str; - }; - }; - }; + type = types.user; default = { name = "charybdis"; home = "/var/lib/charybdis"; -- cgit v1.2.3 From 05be525be6d0896b155da7305b2cee950fb3530e Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Feb 2016 06:56:57 +0100 Subject: krebs.types.user: add uid :: int --- tv/3modules/charybdis/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'tv/3modules/charybdis/default.nix') diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 5cb0c55b7..87cb37ef4 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -73,9 +73,8 @@ in { }; users.users.${cfg.user.name} = { - inherit (cfg.user) home name; + inherit (cfg.user) home name uid; createHome = true; - uid = genid cfg.user.name; }; }; } -- cgit v1.2.3 From e3ddf995e92985ee14dab5735ac55045c166aaaf Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Feb 2016 07:18:13 +0100 Subject: krebs types.secret-file: owner-name -> owner :: user --- tv/3modules/charybdis/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tv/3modules/charybdis/default.nix') diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 87cb37ef4..3af971cd4 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -18,7 +18,7 @@ in { type = types.secret-file; default = { path = "${cfg.user.home}/dh.pem"; - owner-name = "charybdis"; + owner = cfg.user; source-path = toString + "/charybdis.dh.pem"; }; }; @@ -26,7 +26,7 @@ in { type = types.secret-file; default = { path = "${cfg.user.home}/ssl.key.pem"; - owner-name = "charybdis"; + owner = cfg.user; source-path = toString + "/charybdis.key.pem"; }; }; -- cgit v1.2.3