# IRC services # Copyright (C) 2023 Nguyễn Gia Phong # # This file is part of loang configuration. # # Loang configuration is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Loang configuration is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with loang configuration. If not, see . { config, pkgs, ... }: let inherit (config.networking) domain; cert = config.security.acme.certs.${domain}; in { environment.systemPackages = let htpasswd = "${pkgs.apacheHttpd}/bin/htpasswd"; sojupw = pkgs.writeShellScriptBin "sojupw" '' set -e printf 'soju password: ' read -rs password printf '\nretype soju password: ' read -rs confirmation file=$(mktemp) trap 'rm $file' EXIT ${htpasswd} -bBC 10 $file "" $password 2> /dev/null if ${htpasswd} -bv $file "" $confirmation 2> /dev/null then printf '\nbcrypt: ' cat $file | tr -d ':\n' echo exit 0 else printf '\nsorry, passwords do not match\n' exit 1 fi ''; in [ sojupw ]; networking.firewall.allowedTCPPorts = [ 6697 ]; services = { postgresql = { ensureDatabases = [ "soju" ]; ensureUsers = [ { name = "soju"; ensureDBOwnership = true; } ]; }; postgresqlBackup.databases = [ "soju" ]; soju = { enable = true; extraConfig = '' db postgres "host=/run/postgresql dbname=soju" ''; hostName = domain; tlsCertificate = "${cert.directory}/cert.pem"; tlsCertificateKey = "${cert.directory}/key.pem"; }; }; systemd.services.soju.serviceConfig.SupplementaryGroups = [ cert.group ]; }