Merge pull request #125687 from malte-v/soju-module-new
nixos/soju: add module
This commit is contained in:
commit
abfdb24af0
@ -207,6 +207,13 @@
|
||||
<link linkend="opt-services.postfixadmin.enable">postfixadmin</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://sr.ht/~emersion/soju">soju</link>, a
|
||||
user-friendly IRC bouncer. Available as
|
||||
<link xlink:href="options.html#opt-services.soju.enable">services.soju</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-21.11-incompatibilities">
|
||||
|
@ -63,6 +63,8 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable
|
||||
|
||||
- [postfixadmin](https://postfixadmin.sourceforge.io/), a web based virtual user administration interface for Postfix mail servers. Available as [postfixadmin](#opt-services.postfixadmin.enable).
|
||||
|
||||
- [soju](https://sr.ht/~emersion/soju), a user-friendly IRC bouncer. Available as [services.soju](options.html#opt-services.soju.enable).
|
||||
|
||||
## Backward Incompatibilities {#sec-release-21.11-incompatibilities}
|
||||
|
||||
|
||||
|
@ -833,6 +833,7 @@
|
||||
./services/networking/smokeping.nix
|
||||
./services/networking/softether.nix
|
||||
./services/networking/solanum.nix
|
||||
./services/networking/soju.nix
|
||||
./services/networking/spacecookie.nix
|
||||
./services/networking/spiped.nix
|
||||
./services/networking/squid.nix
|
||||
|
113
nixos/modules/services/networking/soju.nix
Normal file
113
nixos/modules/services/networking/soju.nix
Normal file
@ -0,0 +1,113 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.soju;
|
||||
stateDir = "/var/lib/soju";
|
||||
listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") cfg.listen;
|
||||
tlsCfg = optionalString (cfg.tlsCertificate != null)
|
||||
"tls ${cfg.tlsCertificate} ${cfg.tlsCertificateKey}";
|
||||
logCfg = optionalString cfg.enableMessageLogging
|
||||
"log fs ${stateDir}/logs";
|
||||
|
||||
configFile = pkgs.writeText "soju.conf" ''
|
||||
${listenCfg}
|
||||
hostname ${cfg.hostName}
|
||||
${tlsCfg}
|
||||
db sqlite3 ${stateDir}/soju.db
|
||||
${logCfg}
|
||||
http-origin ${concatStringsSep " " cfg.httpOrigins}
|
||||
accept-proxy-ip ${concatStringsSep " " cfg.acceptProxyIP}
|
||||
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
in
|
||||
{
|
||||
###### interface
|
||||
|
||||
options.services.soju = {
|
||||
enable = mkEnableOption "soju";
|
||||
|
||||
listen = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ":6697" ];
|
||||
description = ''
|
||||
Where soju should listen for incoming connections. See the
|
||||
<literal>listen</literal> directive in
|
||||
<citerefentry><refentrytitle>soju</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry>.
|
||||
'';
|
||||
};
|
||||
|
||||
hostName = mkOption {
|
||||
type = types.str;
|
||||
default = config.networking.hostName;
|
||||
description = "Server hostname.";
|
||||
};
|
||||
|
||||
tlsCertificate = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
example = "/var/host.cert";
|
||||
description = "Path to server TLS certificate.";
|
||||
};
|
||||
|
||||
tlsCertificateKey = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
example = "/var/host.key";
|
||||
description = "Path to server TLS certificate key.";
|
||||
};
|
||||
|
||||
enableMessageLogging = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether to enable message logging.";
|
||||
};
|
||||
|
||||
httpOrigins = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
List of allowed HTTP origins for WebSocket listeners. The parameters are
|
||||
interpreted as shell patterns, see
|
||||
<citerefentry><refentrytitle>glob</refentrytitle>
|
||||
<manvolnum>7</manvolnum></citerefentry>.
|
||||
'';
|
||||
};
|
||||
|
||||
acceptProxyIP = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Allow the specified IPs to act as a proxy. Proxys have the ability to
|
||||
overwrite the remote and local connection addresses (via the X-Forwarded-\*
|
||||
HTTP header fields). The special name "localhost" accepts the loopback
|
||||
addresses 127.0.0.0/8 and ::1/128. By default, all IPs are rejected.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = "Lines added verbatim to the configuration file.";
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.soju = {
|
||||
description = "soju IRC bouncer";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
Restart = "always";
|
||||
ExecStart = "${pkgs.soju}/bin/soju -config ${configFile}";
|
||||
StateDirectory = "soju";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ malvo ];
|
||||
}
|
Loading…
Reference in New Issue
Block a user