From 68e5d83b0b379fdca677cbd3221fa05fe5ec268f Mon Sep 17 00:00:00 2001 From: sefidel Date: Thu, 2 Feb 2023 18:48:45 +0900 Subject: feat(colmena/cobalt): configure soju & acme --- colmena/cobalt/services/acme.nix | 26 ++++++++++++++++++++++++++ colmena/cobalt/services/soju.nix | 27 +++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 colmena/cobalt/services/acme.nix create mode 100644 colmena/cobalt/services/soju.nix (limited to 'colmena/cobalt/services') diff --git a/colmena/cobalt/services/acme.nix b/colmena/cobalt/services/acme.nix new file mode 100644 index 0000000..b41ae1c --- /dev/null +++ b/colmena/cobalt/services/acme.nix @@ -0,0 +1,26 @@ +let + poorObfuscation = y: x: "${x}@${y}"; +in +{ + security.acme = { + acceptTerms = true; + defaults.email = poorObfuscation "sefidel.com" "postmaster"; + certs = { + "sefidel.com" = { + domain = "*.sefidel.com"; + dnsProvider = "hetzner"; + dnsPropagationCheck = true; + credentialsFile = "/persist/secrets/hetzner.key"; + }; + }; + }; + + environment.persistence."/persist".directories = [ + "/var/lib/acme" + ]; + + deployment.keys."hetzner.key" = { + keyCommand = [ "pass" "show" "server/hetzner-dns" ]; + destDir = "/persist/secrets"; + }; +} diff --git a/colmena/cobalt/services/soju.nix b/colmena/cobalt/services/soju.nix new file mode 100644 index 0000000..3e1e3fe --- /dev/null +++ b/colmena/cobalt/services/soju.nix @@ -0,0 +1,27 @@ +{ + services.soju = { + enable = true; + extraGroups = [ "acme" ]; + hostName = "bouncer.sefidel.com"; + listen = [ + # ":6697" + "ircs://bouncer.sefidel.com:6697" + ]; + tlsCertificate = "/var/lib/acme/sefidel.com/cert.pem"; + tlsCertificateKey = "/var/lib/acme/sefidel.com/key.pem"; + }; + + networking.firewall.allowedTCPPorts = [ 6697 ]; + + environment.persistence."/persist".directories = [ + "/var/lib/private/soju" + ]; + + # TODO: remove this once merged + disabledModules = [ "services/networking/soju.nix" ]; + + imports = [ + ./acme.nix + ../overlays/soju.nix + ]; +} -- cgit 1.4.1