dotnix/machines/dragonwell/soju.nix

{lib, ...}: let
  baseCertPath = "/var/lib/acme/irc.jolheiser.com";
in {
  security.acme = {
    acceptTerms = true;
    email = "irc@jolheiser.com";
    certs."irc.jolheiser.com" = {
      listenHTTP = ":7658";
      postRun = "systemctl reload soju";
      group = "soju";
    };
  };
  services.soju = {
    enable = true;
    tlsCertificate = "${baseCertPath}/fullchain.pem";
    tlsCertificateKey = "${baseCertPath}/key.pem";
  };
  systemd.services.soju.serviceConfig = {
    DynamicUser = lib.mkForce false;
    User = "soju";
    Group = "soju";
    ReadOnlyPaths = baseCertPath;
  };
  users = {
    users.soju = {
      isSystemUser = true;
      group = "soju";
    };
    groups.soju = {};
  };
}
feat: soju Signed-off-by: jolheiser <git@jolheiser.com> 2024-07-18 21:33:48 +00:00			`{lib, ...}: let`
			`baseCertPath = "/var/lib/acme/irc.jolheiser.com";`
			`in {`
			`security.acme = {`
			`acceptTerms = true;`
			`email = "irc@jolheiser.com";`
			`certs."irc.jolheiser.com" = {`
			`listenHTTP = ":7658";`
			`postRun = "systemctl reload soju";`
			`group = "soju";`
			`};`
			`};`
			`services.soju = {`
			`enable = true;`
			`tlsCertificate = "${baseCertPath}/fullchain.pem";`
			`tlsCertificateKey = "${baseCertPath}/key.pem";`
			`};`
			`systemd.services.soju.serviceConfig = {`
			`DynamicUser = lib.mkForce false;`
			`User = "soju";`
			`Group = "soju";`
			`ReadOnlyPaths = baseCertPath;`
			`};`
			`users = {`
			`users.soju = {`
			`isSystemUser = true;`
			`group = "soju";`
			`};`
			`groups.soju = {};`
			`};`
			`}`