Enable 소주

2 files changed, 49 insertions, 1 deletions

diff --git a/configuration.nix b/configuration.nix
index 5db2c20..88e6397 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -32,7 +32,7 @@
   imports = [
     ./dns.nix
     ./ipfs.nix
-    ./mail.nix
+    ./irc.nix
     ./matrix.nix
     ./push.nix
     ./static.nix
diff --git a/irc.nix b/irc.nix
new file mode 100644
index 0000000..e8592c9
--- /dev/null
+++ b/irc.nix
@@ -0,0 +1,48 @@
+# IRC services
+# Copyright (C) 2023  Nguyễn Gia Phong
+#
+# This file is part of loang configuration.
+#
+# Loang configuration is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Loang configuration is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
+
+{ config, pkgs, ... }:
+let
+  inherit (config.networking) domain;
+  cert = config.security.acme.certs.${domain};
+  port = 6697;
+in {
+  environment.systemPackages = [ (pkgs.writeTextFile rec {
+    name = "sojupw";
+    text = ''
+      #!/bin/sh
+      read password
+      ${pkgs.apacheHttpd}/bin/htpasswd -bnBC 10 "" $password | tr -d ':\n'
+      echo
+    '';
+    executable = true;
+    destination = "/bin/${name}";
+  }) ];
+
+  networking.firewall.allowedTCPPorts = [ 6697 ];
+  services = {
+    soju = {
+      enable = true;
+      hostName = domain;
+      tlsCertificate = "${cert.directory}/cert.pem";
+      tlsCertificateKey = "${cert.directory}/key.pem";
+    };
+  };
+
+  systemd.services.soju.serviceConfig.SupplementaryGroups = [ cert.group ];
+}