From a2d99982e4cd1ab2c6ee43956a63b5c87eb20e4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Sat, 3 Aug 2024 13:54:29 +0300
Subject: [PATCH] soju: move to fwminex

---
 hosts/fwminex/configuration.nix  | 62 ++++++++++++++++++++------------
 hosts/vno1-oh2/configuration.nix | 48 ++-----------------------
 2 files changed, 41 insertions(+), 69 deletions(-)

diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index d0054d2..60eba0e 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -94,25 +94,25 @@ in
           ];
         };
 
-      #soju =
-      #  let
-      #    acme = config.mj.services.nsd-acme.zones."irc.jakstys.lt";
-      #  in
-      #  {
-      #    serviceConfig = {
-      #      RuntimeDirectory = "soju";
-      #      LoadCredential = [
-      #        "irc.jakstys.lt-cert.pem:${acme.certFile}"
-      #        "irc.jakstys.lt-key.pem:${acme.keyFile}"
-      #      ];
-      #    };
-      #    preStart = ''
-      #      ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-cert.pem /run/soju/cert.pem
-      #      ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-key.pem /run/soju/key.pem
-      #    '';
-      #    after = [ "nsd-acme-irc.jakstys.lt.service" ];
-      #    requires = [ "nsd-acme-irc.jakstys.lt.service" ];
-      #  };
+      soju =
+        let
+          acme = config.mj.services.nsd-acme.zones."irc.jakstys.lt";
+        in
+        {
+          serviceConfig = {
+            RuntimeDirectory = "soju";
+            LoadCredential = [
+              "irc.jakstys.lt-cert.pem:${acme.certFile}"
+              "irc.jakstys.lt-key.pem:${acme.keyFile}"
+            ];
+          };
+          preStart = ''
+            ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-cert.pem /run/soju/cert.pem
+            ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-key.pem /run/soju/key.pem
+          '';
+          after = [ "nsd-acme-irc.jakstys.lt.service" ];
+          requires = [ "nsd-acme-irc.jakstys.lt.service" ];
+        };
 
       cert-watcher = {
         description = "Restart caddy when tls keys/certs change";
@@ -155,6 +155,21 @@ in
       powerKeyLongPress = "poweroff";
     };
 
+    soju = {
+      enable = true;
+      listen = [
+        ":${toString myData.ports.soju}"
+        "wss://:${toString myData.ports.soju-ws}"
+      ];
+      tlsCertificate = "/run/soju/cert.pem";
+      tlsCertificateKey = "/run/soju/key.pem";
+      hostName = "irc.jakstys.lt";
+      httpOrigins = [ "*" ];
+      extraConfig = ''
+        message-store fs /var/lib/soju
+      '';
+    };
+
     caddy = {
       enable = true;
       email = "motiejus+acme@jakstys.lt";
@@ -415,6 +430,7 @@ in
                     "grafana"
                     "headscale"
                     "bitwarden_rs"
+                    "private/soju"
                     "private/photoprism"
                   ];
                   patterns = [ "- gitea/data/repo-archive/" ];
@@ -526,9 +542,9 @@ in
           tcp = with myData.ports; [
             80
             443
+            soju
+            soju-ws
             prometheus
-            #soju
-            #soju-ws
           ];
         }
       ];
@@ -560,8 +576,8 @@ in
         53
         80
         443
-        config.services.syncthing.relay.port
-        config.services.syncthing.relay.statusPort
+        #config.services.syncthing.relay.port
+        #config.services.syncthing.relay.statusPort
       ];
     };
   };
diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix
index 6bd313f..2c9c75a 100644
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@@ -60,10 +60,7 @@
           {
             mountpoint = "/var/lib";
             repo = "zh2769@zh2769.rsync.net:${config.networking.hostName}.${config.networking.domain}-var_lib";
-            paths = [
-              "tailscale"
-              "private/soju"
-            ];
+            paths = [ "tailscale" ];
             backup_at = "*-*-* 01:00:00 UTC";
             prune.keep = {
               within = "1d";
@@ -77,10 +74,7 @@
             repo = "borgstor@${
               myData.hosts."vno3-rp3b.servers.jakst".jakstIP
             }:${config.networking.hostName}.${config.networking.domain}-var_lib";
-            paths = [
-              "tailscale"
-              "private/soju"
-            ];
+            paths = [ "tailscale" ];
             backup_at = "*-*-* 01:00:00 UTC";
           }
 
@@ -100,8 +94,6 @@
           tcp = with myData.ports; [
             80
             443
-            soju
-            soju-ws
           ];
         }
       ];
@@ -173,22 +165,6 @@
       };
     };
 
-    soju = {
-      enable = true;
-      listen = [
-        #"unix+admin://"
-        ":${toString myData.ports.soju}"
-        "wss://:${toString myData.ports.soju-ws}"
-      ];
-      tlsCertificate = "/run/soju/cert.pem";
-      tlsCertificateKey = "/run/soju/key.pem";
-      hostName = "irc.jakstys.lt";
-      httpOrigins = [ "*" ];
-      extraConfig = ''
-        message-store fs /var/lib/soju
-      '';
-    };
-
     #syncthing.relay = {
     #  enable = true;
     #  providedBy = "11sync.net";
@@ -196,26 +172,6 @@
   };
 
   systemd.services = {
-    soju =
-      let
-        acme = config.mj.services.nsd-acme.zones."irc.jakstys.lt";
-      in
-      {
-        serviceConfig = {
-          RuntimeDirectory = "soju";
-          LoadCredential = [
-            "irc.jakstys.lt-cert.pem:${acme.certFile}"
-            "irc.jakstys.lt-key.pem:${acme.keyFile}"
-          ];
-        };
-        preStart = ''
-          ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-cert.pem /run/soju/cert.pem
-          ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-key.pem /run/soju/key.pem
-        '';
-        after = [ "nsd-acme-irc.jakstys.lt.service" ];
-        requires = [ "nsd-acme-irc.jakstys.lt.service" ];
-      };
-
     syncthing-relay.restartIfChanged = false;
 
   };