diff --git a/services/default.nix b/services/default.nix index 4ba0cbf..b6398b2 100644 --- a/services/default.nix +++ b/services/default.nix @@ -11,6 +11,6 @@ ./trackmap.nix ./forgejo.nix ./cerca.nix -# ./irc.nix + ./irc.nix ]; } diff --git a/services/irc.nix b/services/irc.nix index ecdc5ad..5139b86 100644 --- a/services/irc.nix +++ b/services/irc.nix @@ -1,21 +1,148 @@ { - users = { - groups.irc = {}; - users.irc = { - name = "irc"; - group = "irc"; - isSystemUser = false; - isNormalUser = true; - home = "/var/irc"; - createHome = true; + services = { + ergochat = { + enable = true; + settings = { + oper-classes = { + chat-moderator = { + title = "Moderator"; + capabilities = [ + "kill" + "ban" + "nofakelag" + "relaymsg" + "vhosts" + "sajoin" + "samode" + "snomasks" + "roleplay" + ]; + }; + server-admin = { + title = "Server Admin"; + extends = "chat-moderator"; + capabilities = [ + "rehash" + "accreg" + "chanreg" + "history" + "defcon" + "massmessage" + "metadata" + ]; + }; + }; + opers = { + admin = { + class = "server-admin"; + hidden = true; + whois-line = "Server admin"; + password = "$2a$04$UYqtziFKyT2S/ujHETvOFebxKH8TVeKuRpH8FgFZhcbF4UuogOcz2"; + }; + }; + accounts = { + authentication-enabled = true; + multiclient = { + allowed-by-default = true; + always-on = "opt-out"; + auto-away = "opt-out"; + enabled = true; + }; + registration = { + allow-before-connect = true; + bcrypt-cost = 4; + email-verification = { + enabled = false; + }; + enabled = true; + throttling = { + duration = "10m"; + enabled = true; + max-attempts = 30; + }; + }; + }; + channels = { + default-modes = "+ntC"; + registration = { + enabled = true; + }; + }; + datastore = { + autoupgrade = true; + path = "/var/lib/ergo/ircd.db"; + }; + history = { + autoreplay-on-join = 0; + autoresize-window = "3d"; + channel-length = 2048; + chathistory-maxmessages = 100; + client-length = 256; + enabled = true; + restrictions = { + expire-time = "1w"; + grace-period = "1h"; + query-cutoff = "none"; + }; + retention = { + allow-individual-delete = false; + enable-account-indexing = false; + }; + tagmsg-storage = { + default = false; + whitelist = [ + "+draft/react" + "+react" + ]; + }; + znc-maxmessages = 2048; + }; + limits = { + awaylen = 390; + channellen = 64; + identlen = 20; + kicklen = 390; + nicklen = 32; + topiclen = 390; + }; + network = { + name = "HermitCollective"; + }; + server = { + casemapping = "permissive"; + check-ident = false; + enforce-utf = true; + forward-confirm-hostnames = false; + ip-cloaking = { + enabled = true; + enabled-for-always-on = true; + netname = "irc"; + cidr-len-ipv4 = 32; + cidr-len-ipv6 = 64; + num-bits = 64; + }; + ip-limits = { + count = false; + throttle = false; + }; + listeners = { + ":6667" = { } + }; + lookup-hostnames = false; + max-sendq = "1M"; + name = "irc.hermitcollective.net"; + relaymsg = { + enabled = false; + }; + }; }; - }; - - services.nginx.virtualHosts."irc.hermitcollective.net" = { + }; + nginx.virtualHosts."irc.hermitcollective.net" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://localhost:6667"; +# proxyPass = "http://[::1]:6667/"; proxyWebsockets = true; # needed if you need to use WebSocket extraConfig = # required when the target is also TLS server with multiple hosts @@ -24,6 +151,7 @@ "proxy_pass_header Authorization;" ; }; + }; }; }