diff options
author | lassulus <lassulus@lassul.us> | 2021-12-25 20:08:03 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2021-12-25 20:08:03 +0100 |
commit | 9f194012bd6e5524f547a9c361ee411baaee5048 (patch) | |
tree | a4cd821b08167d2db91b8ee7eca93805f41c776b /tv/3modules/charybdis/default.nix | |
parent | f31f9f37907c031091f208d30bd5f2e5011eebb0 (diff) | |
parent | a1a0f11af481d94fea38f0f6f71e3340587503ac (diff) |
Merge remote-tracking branch 'ni/master'
Diffstat (limited to 'tv/3modules/charybdis/default.nix')
-rw-r--r-- | tv/3modules/charybdis/default.nix | 46 |
1 files changed, 18 insertions, 28 deletions
diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 9c5ce2731..96aae702a 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -15,22 +15,12 @@ in { type = types.path; }; ssl_dh_params = mkOption { - type = types.secret-file; - default = { - name = "charybdis-ssl_dh_params"; - path = "${cfg.user.home}/dh.pem"; - owner = cfg.user; - source-path = toString <secrets> + "/charybdis.dh.pem"; - }; + type = types.absolute-pathname; + default = toString <secrets> + "/charybdis.dh.pem"; }; ssl_private_key = mkOption { - type = types.secret-file; - default = { - name = "charybdis-ssl_private_key"; - path = "${cfg.user.home}/ssl.key.pem"; - owner = cfg.user; - source-path = toString <secrets> + "/charybdis.key.pem"; - }; + type = types.absolute-pathname; + default = toString <secrets> + "/charybdis.key.pem"; }; sslport = mkOption { type = types.int; @@ -46,22 +36,13 @@ in { }; config = lib.mkIf cfg.enable { - krebs.secret.files.charybdis-ssl_dh_params = cfg.ssl_dh_params; - krebs.secret.files.charybdis-ssl_private_key = cfg.ssl_private_key; - environment.etc."charybdis-ircd.motd".text = cfg.motd; + krebs.systemd.services.charybdis = {}; + systemd.services.charybdis = { wantedBy = [ "multi-user.target" ]; - after = [ - config.krebs.secret.files.charybdis-ssl_dh_params.service - config.krebs.secret.files.charybdis-ssl_private_key.service - "network-online.target" - ]; - partOf = [ - config.krebs.secret.files.charybdis-ssl_dh_params.service - config.krebs.secret.files.charybdis-ssl_private_key.service - ]; + after = [ "network-online.target" ]; environment = { BANDB_DBPATH = "${cfg.user.home}/ban.db"; }; @@ -70,21 +51,30 @@ in { User = cfg.user.name; PrivateTmp = true; Restart = "always"; - ExecStartPre = - "${pkgs.coreutils}/bin/ln -s /etc/charybdis-ircd.motd /tmp/ircd.motd"; + ExecStartPre = [ + "${pkgs.coreutils}/bin/ln -s /etc/charybdis-ircd.motd /tmp/ircd.motd" + "${pkgs.coreutils}/bin/ln -s \${CREDENTIALS_DIRECTORY} /tmp/credentials" + ]; ExecStart = toString [ "${pkgs.charybdis}/bin/charybdis" "-configfile ${import ./config.nix args}" "-foreground" "-logfile /dev/stderr" ]; + LoadCredential = [ + "ssl_dh_params:${cfg.ssl_dh_params}" + "ssl_private_key:${cfg.ssl_private_key}" + ]; }; }; users.users.${cfg.user.name} = { inherit (cfg.user) home name uid; createHome = true; + group = cfg.user.name; isSystemUser = true; }; + + users.groups.${cfg.user.name} = {}; }; } |