tv.charybdis: use krebs.secret

author: tv <tv@krebsco.de> 2016-02-21 06:23:06 +0100
committer: tv <tv@krebsco.de> 2016-02-21 06:41:57 +0100
commit: d5db8b88edbf40df3b48364429310872edb64cea (patch)
tree: 3b8d5219e95b5610bacf7232f8f0489b77e09b07 /tv/3modules/charybdis/default.nix
parent: 8a7e4b95c23c45b9d341f38b7bb96c3acfecff8a (diff)
1 files changed, 90 insertions, 0 deletions
diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix
new file mode 100644
index 000000000..0bab69529
--- /dev/null
+++ b/tv/3modules/charybdis/default.nix
@@ -0,0 +1,90 @@
+{ config, lib, pkgs, ... }@args: with config.krebs.lib; let
+  cfg = config.tv.charybdis;
+in {
+  options.tv.charybdis = {
+    enable = mkEnableOption "tv.charybdis";
+    motd = mkOption {
+      type = types.str;
+      default = "/join #retiolum";
+    };
+    port = mkOption {
+      type = types.int;
+      default = 6667;
+    };
+    ssl_cert = mkOption {
+      type = types.path;
+    };
+    ssl_dh_params = mkOption {
+      type = types.secret-file;
+      default = {
+        path = "${cfg.user.home}/dh.pem";
+        owner-name = "charybdis";
+        source-path = toString <secrets> + "/charybdis.dh.pem";
+      };
+    };
+    ssl_private_key = mkOption {
+      type = types.secret-file;
+      default = {
+        path = "${cfg.user.home}/ssl.key.pem";
+        owner-name = "charybdis";
+        source-path = toString <secrets> + "/charybdis.key.pem";
+      };
+    };
+    sslport = mkOption {
+      type = types.int;
+      default = 6697;
+    };
+    user = mkOption {
+      type = types.submodule {
+        options = {
+          name = mkOption {
+            type = types.str;
+          };
+          home = mkOption {
+            type = types.str;
+          };
+        };
+      };
+      default = {
+        name = "charybdis";
+        home = "/var/lib/charybdis";
+      };
+    };
+  };
+  config = lib.mkIf cfg.enable {
+
+    krebs.secret.files.charybdis-ssl_dh_params = cfg.ssl_dh_params;
+    krebs.secret.files.charybdis-ssl_private_key = cfg.ssl_private_key;
+
+    environment.etc."charybdis-ircd.motd".text = cfg.motd;
+
+    systemd.services.charybdis = {
+      wantedBy = [ "multi-user.target" ];
+      requires = [ "secret.service" ];
+      after = [ "network.target" "secret.service" ];
+      environment = {
+        BANDB_DBPATH = "${cfg.user.home}/ban.db";
+      };
+      serviceConfig = {
+        SyslogIdentifier = "charybdis";
+        User = cfg.user.name;
+        PrivateTmp = true;
+        Restart = "always";
+        ExecStartPre =
+          "${pkgs.coreutils}/bin/ln -s /etc/charybdis-ircd.motd /tmp/ircd.motd";
+        ExecStart = toString [
+          "${pkgs.charybdis}/bin/charybdis-ircd"
+            "-configfile ${import ./config.nix args}"
+            "-foreground"
+            "-logfile /dev/stderr"
+        ];
+      };
+    };
+
+    users.users.${cfg.user.name} = {
+      inherit (cfg.user) home name;
+      createHome = true;
+      uid = genid cfg.user.name;
+    };
+  };
+}
author	tv <tv@krebsco.de>	2016-02-21 06:23:06 +0100
committer	tv <tv@krebsco.de>	2016-02-21 06:41:57 +0100
commit	d5db8b88edbf40df3b48364429310872edb64cea (patch)
tree	3b8d5219e95b5610bacf7232f8f0489b77e09b07 /tv/3modules/charybdis/default.nix
parent	8a7e4b95c23c45b9d341f38b7bb96c3acfecff8a (diff)