mirror of https://git.jolheiser.com/dotnix.git
32 lines
709 B
Nix
32 lines
709 B
Nix
{lib, ...}: let
|
|
baseCertPath = "/var/lib/acme/irc.jolheiser.com";
|
|
in {
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
email = "irc@jolheiser.com";
|
|
certs."irc.jolheiser.com" = {
|
|
listenHTTP = ":7658";
|
|
postRun = "systemctl reload soju";
|
|
group = "soju";
|
|
};
|
|
};
|
|
services.soju = {
|
|
enable = true;
|
|
tlsCertificate = "${baseCertPath}/fullchain.pem";
|
|
tlsCertificateKey = "${baseCertPath}/key.pem";
|
|
};
|
|
systemd.services.soju.serviceConfig = {
|
|
DynamicUser = lib.mkForce false;
|
|
User = "soju";
|
|
Group = "soju";
|
|
ReadOnlyPaths = baseCertPath;
|
|
};
|
|
users = {
|
|
users.soju = {
|
|
isSystemUser = true;
|
|
group = "soju";
|
|
};
|
|
groups.soju = {};
|
|
};
|
|
}
|