enable soju

2023-08-22 14:28:59 +03:00 · 2023-08-22 14:28:59 +03:00 · 2e1af09789
parent c4bd57c47d
commit 2e1af09789
1 changed files with 30 additions and 0 deletions
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@ -223,6 +223,17 @@
        "jakstys.lt.".data = myData.jakstysLTZone;
      };
    };
+
+    soju = {
+      enable = true;
+      listen = [":${toString myData.ports.soju}"];
+      tlsCertificate = "/run/soju/cert.pem";
+      tlsCertificateKey = "/run/soju/key.pem";
+      hostName = "irc.jakstys.lt";
+      extraConfig = ''
+        message-store db;
+      '';
+    };
  };

  systemd.services = {
@ -238,6 +249,25 @@
      wants = ["nsd-acme-grafana.jakstys.lt.service"];
    };

+    soju = let
+      acme = config.mj.services.nsd-acme.zones."irc.jakstys.lt";
+    in {
+      unitConfig.ConditionPathExists = [acme.certFile acme.keyFile];
+      serviceConfig = {
+        RuntimeDirectory = "soju";
+        LoadCredential = [
+          "irc.jakstys.lt-cert.pem:${acme.certFile}"
+          "irc.jakstys.lt-key.pem:${acme.keyFile}"
+        ];
+      };
+      preStart = ''
+        ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-cert.pem /run/soju/cert.pem
+        ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-key.pem /run/soju/key.pem
+      '';
+      after = ["nsd-acme-irc.jakstys.lt.service"];
+      wants = ["nsd-acme-irc.jakstys.lt.service"];
+    };
+
    grafana = {
      preStart = "ln -sf $CREDENTIALS_DIRECTORY/oidc /run/grafana/oidc-secret";
      serviceConfig = {