2021-05-20 18:34:20 +01:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.services.soju;
|
|
|
|
stateDir = "/var/lib/soju";
|
2023-10-02 01:35:27 +01:00
|
|
|
runtimeDir = "/run/soju";
|
|
|
|
listen = cfg.listen
|
|
|
|
++ optional cfg.adminSocket.enable "unix+admin://${runtimeDir}/admin";
|
|
|
|
listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") listen;
|
2021-05-20 18:34:20 +01:00
|
|
|
tlsCfg = optionalString (cfg.tlsCertificate != null)
|
|
|
|
"tls ${cfg.tlsCertificate} ${cfg.tlsCertificateKey}";
|
|
|
|
logCfg = optionalString cfg.enableMessageLogging
|
|
|
|
"log fs ${stateDir}/logs";
|
|
|
|
|
|
|
|
configFile = pkgs.writeText "soju.conf" ''
|
|
|
|
${listenCfg}
|
|
|
|
hostname ${cfg.hostName}
|
|
|
|
${tlsCfg}
|
|
|
|
db sqlite3 ${stateDir}/soju.db
|
|
|
|
${logCfg}
|
|
|
|
http-origin ${concatStringsSep " " cfg.httpOrigins}
|
|
|
|
accept-proxy-ip ${concatStringsSep " " cfg.acceptProxyIP}
|
|
|
|
|
|
|
|
${cfg.extraConfig}
|
|
|
|
'';
|
2023-10-02 01:36:26 +01:00
|
|
|
|
|
|
|
sojuctl = pkgs.writeShellScriptBin "sojuctl" ''
|
|
|
|
exec ${cfg.package}/bin/sojuctl --config ${configFile} "$@"
|
|
|
|
'';
|
2021-05-20 18:34:20 +01:00
|
|
|
in
|
|
|
|
{
|
|
|
|
###### interface
|
|
|
|
|
|
|
|
options.services.soju = {
|
2024-04-13 13:54:15 +01:00
|
|
|
enable = mkEnableOption "soju";
|
2021-05-20 18:34:20 +01:00
|
|
|
|
2024-04-07 21:43:35 +01:00
|
|
|
package = mkPackageOption pkgs "soju" { };
|
|
|
|
|
2021-05-20 18:34:20 +01:00
|
|
|
listen = mkOption {
|
|
|
|
type = types.listOf types.str;
|
|
|
|
default = [ ":6697" ];
|
2024-04-13 13:54:15 +01:00
|
|
|
description = ''
|
2021-05-20 18:34:20 +01:00
|
|
|
Where soju should listen for incoming connections. See the
|
|
|
|
`listen` directive in
|
|
|
|
{manpage}`soju(1)`.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
hostName = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = config.networking.hostName;
|
|
|
|
defaultText = literalExpression "config.networking.hostName";
|
2024-04-13 13:54:15 +01:00
|
|
|
description = "Server hostname.";
|
2021-05-20 18:34:20 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
tlsCertificate = mkOption {
|
|
|
|
type = types.nullOr types.path;
|
2022-08-02 16:22:06 +01:00
|
|
|
default = null;
|
2021-05-20 18:34:20 +01:00
|
|
|
example = "/var/host.cert";
|
2024-04-13 13:54:15 +01:00
|
|
|
description = "Path to server TLS certificate.";
|
2021-05-20 18:34:20 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
tlsCertificateKey = mkOption {
|
|
|
|
type = types.nullOr types.path;
|
2022-08-02 16:22:06 +01:00
|
|
|
default = null;
|
2021-05-20 18:34:20 +01:00
|
|
|
example = "/var/host.key";
|
2024-04-13 13:54:15 +01:00
|
|
|
description = "Path to server TLS certificate key.";
|
2021-05-20 18:34:20 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
enableMessageLogging = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = true;
|
2024-04-13 13:54:15 +01:00
|
|
|
description = "Whether to enable message logging.";
|
2021-05-20 18:34:20 +01:00
|
|
|
};
|
|
|
|
|
2023-10-02 01:35:27 +01:00
|
|
|
adminSocket.enable = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = true;
|
2024-04-13 13:54:15 +01:00
|
|
|
description = ''
|
2023-10-02 01:35:27 +01:00
|
|
|
Listen for admin connections from sojuctl at /run/soju/admin.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2021-05-20 18:34:20 +01:00
|
|
|
httpOrigins = mkOption {
|
|
|
|
type = types.listOf types.str;
|
|
|
|
default = [];
|
2024-04-13 13:54:15 +01:00
|
|
|
description = ''
|
2021-05-20 18:34:20 +01:00
|
|
|
List of allowed HTTP origins for WebSocket listeners. The parameters are
|
|
|
|
interpreted as shell patterns, see
|
|
|
|
{manpage}`glob(7)`.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
acceptProxyIP = mkOption {
|
|
|
|
type = types.listOf types.str;
|
|
|
|
default = [];
|
2024-04-13 13:54:15 +01:00
|
|
|
description = ''
|
2021-05-20 18:34:20 +01:00
|
|
|
Allow the specified IPs to act as a proxy. Proxys have the ability to
|
|
|
|
overwrite the remote and local connection addresses (via the X-Forwarded-\*
|
|
|
|
HTTP header fields). The special name "localhost" accepts the loopback
|
|
|
|
addresses 127.0.0.0/8 and ::1/128. By default, all IPs are rejected.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
extraConfig = mkOption {
|
|
|
|
type = types.lines;
|
|
|
|
default = "";
|
2024-04-13 13:54:15 +01:00
|
|
|
description = "Lines added verbatim to the configuration file.";
|
2021-05-20 18:34:20 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
###### implementation
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
2022-08-02 16:22:06 +01:00
|
|
|
assertions = [
|
|
|
|
{
|
|
|
|
assertion = (cfg.tlsCertificate != null) == (cfg.tlsCertificateKey != null);
|
|
|
|
message = ''
|
|
|
|
services.soju.tlsCertificate and services.soju.tlsCertificateKey
|
|
|
|
must both be specified to enable TLS.
|
|
|
|
'';
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
2023-10-02 01:36:26 +01:00
|
|
|
environment.systemPackages = [ sojuctl ];
|
|
|
|
|
2021-05-20 18:34:20 +01:00
|
|
|
systemd.services.soju = {
|
|
|
|
description = "soju IRC bouncer";
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
2023-10-04 06:21:50 +01:00
|
|
|
wants = [ "network-online.target" ];
|
2021-05-20 18:34:20 +01:00
|
|
|
after = [ "network-online.target" ];
|
|
|
|
serviceConfig = {
|
|
|
|
DynamicUser = true;
|
|
|
|
Restart = "always";
|
2024-04-07 21:43:35 +01:00
|
|
|
ExecStart = "${cfg.package}/bin/soju -config ${configFile}";
|
2021-05-20 18:34:20 +01:00
|
|
|
StateDirectory = "soju";
|
2023-10-02 01:35:27 +01:00
|
|
|
RuntimeDirectory = "soju";
|
2021-05-20 18:34:20 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-02-05 14:05:51 +00:00
|
|
|
meta.maintainers = with maintainers; [ malte-v ];
|
2021-05-20 18:34:20 +01:00
|
|
|
}
|