soju: move to fwminex

This commit is contained in:
Motiejus Jakštys 2024-08-03 13:54:29 +03:00
parent 95d909d937
commit a2d99982e4
2 changed files with 41 additions and 69 deletions

View File

@ -94,25 +94,25 @@ in
];
};
#soju =
# let
# acme = config.mj.services.nsd-acme.zones."irc.jakstys.lt";
# in
# {
# serviceConfig = {
# RuntimeDirectory = "soju";
# LoadCredential = [
# "irc.jakstys.lt-cert.pem:${acme.certFile}"
# "irc.jakstys.lt-key.pem:${acme.keyFile}"
# ];
# };
# preStart = ''
# ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-cert.pem /run/soju/cert.pem
# ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-key.pem /run/soju/key.pem
# '';
# after = [ "nsd-acme-irc.jakstys.lt.service" ];
# requires = [ "nsd-acme-irc.jakstys.lt.service" ];
# };
soju =
let
acme = config.mj.services.nsd-acme.zones."irc.jakstys.lt";
in
{
serviceConfig = {
RuntimeDirectory = "soju";
LoadCredential = [
"irc.jakstys.lt-cert.pem:${acme.certFile}"
"irc.jakstys.lt-key.pem:${acme.keyFile}"
];
};
preStart = ''
ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-cert.pem /run/soju/cert.pem
ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-key.pem /run/soju/key.pem
'';
after = [ "nsd-acme-irc.jakstys.lt.service" ];
requires = [ "nsd-acme-irc.jakstys.lt.service" ];
};
cert-watcher = {
description = "Restart caddy when tls keys/certs change";
@ -155,6 +155,21 @@ in
powerKeyLongPress = "poweroff";
};
soju = {
enable = true;
listen = [
":${toString myData.ports.soju}"
"wss://:${toString myData.ports.soju-ws}"
];
tlsCertificate = "/run/soju/cert.pem";
tlsCertificateKey = "/run/soju/key.pem";
hostName = "irc.jakstys.lt";
httpOrigins = [ "*" ];
extraConfig = ''
message-store fs /var/lib/soju
'';
};
caddy = {
enable = true;
email = "motiejus+acme@jakstys.lt";
@ -415,6 +430,7 @@ in
"grafana"
"headscale"
"bitwarden_rs"
"private/soju"
"private/photoprism"
];
patterns = [ "- gitea/data/repo-archive/" ];
@ -526,9 +542,9 @@ in
tcp = with myData.ports; [
80
443
soju
soju-ws
prometheus
#soju
#soju-ws
];
}
];
@ -560,8 +576,8 @@ in
53
80
443
config.services.syncthing.relay.port
config.services.syncthing.relay.statusPort
#config.services.syncthing.relay.port
#config.services.syncthing.relay.statusPort
];
};
};

View File

@ -60,10 +60,7 @@
{
mountpoint = "/var/lib";
repo = "zh2769@zh2769.rsync.net:${config.networking.hostName}.${config.networking.domain}-var_lib";
paths = [
"tailscale"
"private/soju"
];
paths = [ "tailscale" ];
backup_at = "*-*-* 01:00:00 UTC";
prune.keep = {
within = "1d";
@ -77,10 +74,7 @@
repo = "borgstor@${
myData.hosts."vno3-rp3b.servers.jakst".jakstIP
}:${config.networking.hostName}.${config.networking.domain}-var_lib";
paths = [
"tailscale"
"private/soju"
];
paths = [ "tailscale" ];
backup_at = "*-*-* 01:00:00 UTC";
}
@ -100,8 +94,6 @@
tcp = with myData.ports; [
80
443
soju
soju-ws
];
}
];
@ -173,22 +165,6 @@
};
};
soju = {
enable = true;
listen = [
#"unix+admin://"
":${toString myData.ports.soju}"
"wss://:${toString myData.ports.soju-ws}"
];
tlsCertificate = "/run/soju/cert.pem";
tlsCertificateKey = "/run/soju/key.pem";
hostName = "irc.jakstys.lt";
httpOrigins = [ "*" ];
extraConfig = ''
message-store fs /var/lib/soju
'';
};
#syncthing.relay = {
# enable = true;
# providedBy = "11sync.net";
@ -196,26 +172,6 @@
};
systemd.services = {
soju =
let
acme = config.mj.services.nsd-acme.zones."irc.jakstys.lt";
in
{
serviceConfig = {
RuntimeDirectory = "soju";
LoadCredential = [
"irc.jakstys.lt-cert.pem:${acme.certFile}"
"irc.jakstys.lt-key.pem:${acme.keyFile}"
];
};
preStart = ''
ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-cert.pem /run/soju/cert.pem
ln -sf $CREDENTIALS_DIRECTORY/irc.jakstys.lt-key.pem /run/soju/key.pem
'';
after = [ "nsd-acme-irc.jakstys.lt.service" ];
requires = [ "nsd-acme-irc.jakstys.lt.service" ];
};
syncthing-relay.restartIfChanged = false;
};