soju: move to fwminex

This commit is contained in:
Motiejus Jakštys 2024-08-03 13:54:29 +03:00
parent 95d909d937
commit a2d99982e4
2 changed files with 41 additions and 69 deletions

View File

@ -94,25 +94,25 @@ in
]; ];
}; };
#soju = soju =
# let let
# acme = config.mj.services.nsd-acme.zones."irc.jakstys.lt"; acme = config.mj.services.nsd-acme.zones."irc.jakstys.lt";
# in in
# { {
# serviceConfig = { serviceConfig = {
# RuntimeDirectory = "soju"; RuntimeDirectory = "soju";
# LoadCredential = [ LoadCredential = [
# "irc.jakstys.lt-cert.pem:${acme.certFile}" "irc.jakstys.lt-cert.pem:${acme.certFile}"
# "irc.jakstys.lt-key.pem:${acme.keyFile}" "irc.jakstys.lt-key.pem:${acme.keyFile}"
# ]; ];
# }; };
# preStart = '' preStart = ''
# ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-cert.pem /run/soju/cert.pem ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-cert.pem /run/soju/cert.pem
# ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-key.pem /run/soju/key.pem ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-key.pem /run/soju/key.pem
# ''; '';
# after = [ "nsd-acme-irc.jakstys.lt.service" ]; after = [ "nsd-acme-irc.jakstys.lt.service" ];
# requires = [ "nsd-acme-irc.jakstys.lt.service" ]; requires = [ "nsd-acme-irc.jakstys.lt.service" ];
# }; };
cert-watcher = { cert-watcher = {
description = "Restart caddy when tls keys/certs change"; description = "Restart caddy when tls keys/certs change";
@ -155,6 +155,21 @@ in
powerKeyLongPress = "poweroff"; powerKeyLongPress = "poweroff";
}; };
soju = {
enable = true;
listen = [
":${toString myData.ports.soju}"
"wss://:${toString myData.ports.soju-ws}"
];
tlsCertificate = "/run/soju/cert.pem";
tlsCertificateKey = "/run/soju/key.pem";
hostName = "irc.jakstys.lt";
httpOrigins = [ "*" ];
extraConfig = ''
message-store fs /var/lib/soju
'';
};
caddy = { caddy = {
enable = true; enable = true;
email = "motiejus+acme@jakstys.lt"; email = "motiejus+acme@jakstys.lt";
@ -415,6 +430,7 @@ in
"grafana" "grafana"
"headscale" "headscale"
"bitwarden_rs" "bitwarden_rs"
"private/soju"
"private/photoprism" "private/photoprism"
]; ];
patterns = [ "- gitea/data/repo-archive/" ]; patterns = [ "- gitea/data/repo-archive/" ];
@ -526,9 +542,9 @@ in
tcp = with myData.ports; [ tcp = with myData.ports; [
80 80
443 443
soju
soju-ws
prometheus prometheus
#soju
#soju-ws
]; ];
} }
]; ];
@ -560,8 +576,8 @@ in
53 53
80 80
443 443
config.services.syncthing.relay.port #config.services.syncthing.relay.port
config.services.syncthing.relay.statusPort #config.services.syncthing.relay.statusPort
]; ];
}; };
}; };

View File

@ -60,10 +60,7 @@
{ {
mountpoint = "/var/lib"; mountpoint = "/var/lib";
repo = "zh2769@zh2769.rsync.net:${config.networking.hostName}.${config.networking.domain}-var_lib"; repo = "zh2769@zh2769.rsync.net:${config.networking.hostName}.${config.networking.domain}-var_lib";
paths = [ paths = [ "tailscale" ];
"tailscale"
"private/soju"
];
backup_at = "*-*-* 01:00:00 UTC"; backup_at = "*-*-* 01:00:00 UTC";
prune.keep = { prune.keep = {
within = "1d"; within = "1d";
@ -77,10 +74,7 @@
repo = "borgstor@${ repo = "borgstor@${
myData.hosts."vno3-rp3b.servers.jakst".jakstIP myData.hosts."vno3-rp3b.servers.jakst".jakstIP
}:${config.networking.hostName}.${config.networking.domain}-var_lib"; }:${config.networking.hostName}.${config.networking.domain}-var_lib";
paths = [ paths = [ "tailscale" ];
"tailscale"
"private/soju"
];
backup_at = "*-*-* 01:00:00 UTC"; backup_at = "*-*-* 01:00:00 UTC";
} }
@ -100,8 +94,6 @@
tcp = with myData.ports; [ tcp = with myData.ports; [
80 80
443 443
soju
soju-ws
]; ];
} }
]; ];
@ -173,22 +165,6 @@
}; };
}; };
soju = {
enable = true;
listen = [
#"unix+admin://"
":${toString myData.ports.soju}"
"wss://:${toString myData.ports.soju-ws}"
];
tlsCertificate = "/run/soju/cert.pem";
tlsCertificateKey = "/run/soju/key.pem";
hostName = "irc.jakstys.lt";
httpOrigins = [ "*" ];
extraConfig = ''
message-store fs /var/lib/soju
'';
};
#syncthing.relay = { #syncthing.relay = {
# enable = true; # enable = true;
# providedBy = "11sync.net"; # providedBy = "11sync.net";
@ -196,26 +172,6 @@
}; };
systemd.services = { systemd.services = {
soju =
let
acme = config.mj.services.nsd-acme.zones."irc.jakstys.lt";
in
{
serviceConfig = {
RuntimeDirectory = "soju";
LoadCredential = [
"irc.jakstys.lt-cert.pem:${acme.certFile}"
"irc.jakstys.lt-key.pem:${acme.keyFile}"
];
};
preStart = ''
ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-cert.pem /run/soju/cert.pem
ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-key.pem /run/soju/key.pem
'';
after = [ "nsd-acme-irc.jakstys.lt.service" ];
requires = [ "nsd-acme-irc.jakstys.lt.service" ];
};
syncthing-relay.restartIfChanged = false; syncthing-relay.restartIfChanged = false;
}; };