1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-19 04:02:10 +00:00
nixpkgs/nixos/modules/services/networking/soju.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

146 lines
3.9 KiB
Nix
Raw Normal View History

2021-05-20 18:34:20 +01:00
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.soju;
stateDir = "/var/lib/soju";
runtimeDir = "/run/soju";
listen = cfg.listen
++ optional cfg.adminSocket.enable "unix+admin://${runtimeDir}/admin";
listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") listen;
2021-05-20 18:34:20 +01:00
tlsCfg = optionalString (cfg.tlsCertificate != null)
"tls ${cfg.tlsCertificate} ${cfg.tlsCertificateKey}";
logCfg = optionalString cfg.enableMessageLogging
"log fs ${stateDir}/logs";
configFile = pkgs.writeText "soju.conf" ''
${listenCfg}
hostname ${cfg.hostName}
${tlsCfg}
db sqlite3 ${stateDir}/soju.db
${logCfg}
http-origin ${concatStringsSep " " cfg.httpOrigins}
accept-proxy-ip ${concatStringsSep " " cfg.acceptProxyIP}
${cfg.extraConfig}
'';
sojuctl = pkgs.writeShellScriptBin "sojuctl" ''
exec ${cfg.package}/bin/sojuctl --config ${configFile} "$@"
'';
2021-05-20 18:34:20 +01:00
in
{
###### interface
options.services.soju = {
enable = mkEnableOption "soju";
2021-05-20 18:34:20 +01:00
2024-04-07 21:43:35 +01:00
package = mkPackageOption pkgs "soju" { };
2021-05-20 18:34:20 +01:00
listen = mkOption {
type = types.listOf types.str;
default = [ ":6697" ];
description = ''
2021-05-20 18:34:20 +01:00
Where soju should listen for incoming connections. See the
`listen` directive in
{manpage}`soju(1)`.
'';
};
hostName = mkOption {
type = types.str;
default = config.networking.hostName;
defaultText = literalExpression "config.networking.hostName";
description = "Server hostname.";
2021-05-20 18:34:20 +01:00
};
tlsCertificate = mkOption {
type = types.nullOr types.path;
default = null;
2021-05-20 18:34:20 +01:00
example = "/var/host.cert";
description = "Path to server TLS certificate.";
2021-05-20 18:34:20 +01:00
};
tlsCertificateKey = mkOption {
type = types.nullOr types.path;
default = null;
2021-05-20 18:34:20 +01:00
example = "/var/host.key";
description = "Path to server TLS certificate key.";
2021-05-20 18:34:20 +01:00
};
enableMessageLogging = mkOption {
type = types.bool;
default = true;
description = "Whether to enable message logging.";
2021-05-20 18:34:20 +01:00
};
adminSocket.enable = mkOption {
type = types.bool;
default = true;
description = ''
Listen for admin connections from sojuctl at /run/soju/admin.
'';
};
2021-05-20 18:34:20 +01:00
httpOrigins = mkOption {
type = types.listOf types.str;
default = [];
description = ''
2021-05-20 18:34:20 +01:00
List of allowed HTTP origins for WebSocket listeners. The parameters are
interpreted as shell patterns, see
{manpage}`glob(7)`.
'';
};
acceptProxyIP = mkOption {
type = types.listOf types.str;
default = [];
description = ''
2021-05-20 18:34:20 +01:00
Allow the specified IPs to act as a proxy. Proxys have the ability to
overwrite the remote and local connection addresses (via the X-Forwarded-\*
HTTP header fields). The special name "localhost" accepts the loopback
addresses 127.0.0.0/8 and ::1/128. By default, all IPs are rejected.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Lines added verbatim to the configuration file.";
2021-05-20 18:34:20 +01:00
};
};
###### implementation
config = mkIf cfg.enable {
assertions = [
{
assertion = (cfg.tlsCertificate != null) == (cfg.tlsCertificateKey != null);
message = ''
services.soju.tlsCertificate and services.soju.tlsCertificateKey
must both be specified to enable TLS.
'';
}
];
environment.systemPackages = [ sojuctl ];
2021-05-20 18:34:20 +01:00
systemd.services.soju = {
description = "soju IRC bouncer";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
2021-05-20 18:34:20 +01:00
after = [ "network-online.target" ];
serviceConfig = {
DynamicUser = true;
Restart = "always";
2024-04-07 21:43:35 +01:00
ExecStart = "${cfg.package}/bin/soju -config ${configFile}";
2021-05-20 18:34:20 +01:00
StateDirectory = "soju";
RuntimeDirectory = "soju";
2021-05-20 18:34:20 +01:00
};
};
};
2023-02-05 14:05:51 +00:00
meta.maintainers = with maintainers; [ malte-v ];
2021-05-20 18:34:20 +01:00
}