# IRC services
# Copyright (C) 2023  Nguyễn Gia Phong
#
# This file is part of loang configuration.
#
# Loang configuration is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Loang configuration is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.

{ config, pkgs, ... }:
let
  inherit (config.networking) domain;
  cert = config.security.acme.certs.${domain};
  port = 6697;
in {
  environment.systemPackages = [ (pkgs.writeTextFile rec {
    name = "sojupw";
    text = ''
      #!/bin/sh
      read password
      ${pkgs.apacheHttpd}/bin/htpasswd -bnBC 10 "" $password | tr -d ':\n'
      echo
    '';
    executable = true;
    destination = "/bin/${name}";
  }) ];

  networking.firewall.allowedTCPPorts = [ 6697 ];
  services = {
    soju = {
      enable = true;
      hostName = domain;
      tlsCertificate = "${cert.directory}/cert.pem";
      tlsCertificateKey = "${cert.directory}/key.pem";
    };
  };

  systemd.services.soju.serviceConfig.SupplementaryGroups = [ cert.group ];
}