rob/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ergo, but not broken

Browse source
This commit is contained in:
Robert Perce 2026-02-12 23:22:18 -06:00
parent 5747872651
commit b9f585f170
2 changed files with 37 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

67
lxc-ergo.nix
View file

@ -21,7 +21,7 @@
networking.firewall.trustedInterfaces = [ "br-+" ]; networking.firewall.trustedInterfaces = [ "br-+" ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
6667 8067
6697 6697
443 443
80 80
@ -45,24 +45,23 @@
virtualHosts."irc.dukeceph.xyz" = { virtualHosts."irc.dukeceph.xyz" = {
addSSL = true; addSSL = true;
enableACME = true; enableACME = true;
locations."/webirc" = { root = "/var/www/html";
proxyPass = "http://unix:/run/ergo/websocket"; locations."/webirc".extraConfig = ''
proxyWebsockets = true; proxy_pass http://127.0.0.1:8067;
extraConfig = '' proxy_read_timeout 600s;
proxy_set_header Upgrade $http_upgrade; proxy_http_version 1.1;
proxy_set_header Connection "Upgrade"; proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $remote_addr;
proxy_read_timeout 10m; proxy_set_header X-Forwarded-Proto $scheme;
''; '';
};
}; };
}; };
users.groups."ergo" = {}; users.groups."ergo" = { };
users.users."ergo" = { users.users."ergo" = {
group = "ergo"; group = "ergo";
isSystemUser = true; isSystemUser = true;
}; };
services.ergochat = { services.ergochat = {
@ -85,34 +84,41 @@
key = "/etc/letsencrypt/live/irc.dukeceph.xyz/privkey.pem"; key = "/etc/letsencrypt/live/irc.dukeceph.xyz/privkey.pem";
}; };
}; };
":8067" = {
websocket = true;
};
}; };
secure-nets = [
"127.0.0.0/24"
"192.168.0.0/24"
];
}; };
oper-classes = { oper-classes = {
chat-moderator = { chat-moderator = {
title = "Chat Moderator"; title = "Chat Moderator";
capabilities = [ capabilities = [
"kill" # disconnect user sessions "kill" # disconnect user sessions
"ban" # ban IPs, CIDRs, NUH masks, and suspend accounts (UBAN / DLINE / KLINE) "ban" # ban IPs, CIDRs, NUH masks, and suspend accounts (UBAN / DLINE / KLINE)
"nofakelag" # exempted from "fakelag" restrictions on rate of message sending "nofakelag" # exempted from "fakelag" restrictions on rate of message sending
"relaymsg" # use RELAYMSG in any channel (see the `relaymsg` config block) "relaymsg" # use RELAYMSG in any channel (see the `relaymsg` config block)
"vhosts" # add and remove vhosts from users "vhosts" # add and remove vhosts from users
"sajoin" # join arbitrary channels, including private channels "sajoin" # join arbitrary channels, including private channels
"samode" # modify arbitrary channel and user modes "samode" # modify arbitrary channel and user modes
"snomasks" # subscribe to arbitrary server notice masks "snomasks" # subscribe to arbitrary server notice masks
"roleplay" # use the (deprecated) roleplay commands in any channel "roleplay" # use the (deprecated) roleplay commands in any channel
]; ];
}; };
server-admin = { server-admin = {
title = "Server Admin"; title = "Server Admin";
extends = "chat-moderator"; extends = "chat-moderator";
capabilities = [ capabilities = [
"rehash" # rehash the server, i.e. reload the config at runtime "rehash" # rehash the server, i.e. reload the config at runtime
"accreg" # modify arbitrary account registrations "accreg" # modify arbitrary account registrations
"chanreg" # modify arbitrary channel registrations "chanreg" # modify arbitrary channel registrations
"history" # modify or delete history messages "history" # modify or delete history messages
"defcon" # use the DEFCON command (restrict server capabilities) "defcon" # use the DEFCON command (restrict server capabilities)
"massmessage" # message all users on the server "massmessage" # message all users on the server
"metadata" # modify arbitrary metadata on channels and users "metadata" # modify arbitrary metadata on channels and users
]; ];
}; };
}; };
@ -128,5 +134,6 @@
systemd.services.ergochat.serviceConfig.DynamicUser = lib.mkForce false; systemd.services.ergochat.serviceConfig.DynamicUser = lib.mkForce false;
systemd.services.ergochat.serviceConfig.User = "ergo"; systemd.services.ergochat.serviceConfig.User = "ergo";
systemd.services.ergochat.serviceConfig.Group = "ergo"; systemd.services.ergochat.serviceConfig.Group = "ergo";
systemd.services.ergochat.restartIfChanged = false;
}; };
} }

7
vm-homelab.nix
View file

@ -26,10 +26,6 @@ in
services.caddy = { services.caddy = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
"dukeceph.xyz".extraConfig = ''
root * /mnt/nfs/public
file_server browse
'';
"feed.rperce.net".extraConfig = '' "feed.rperce.net".extraConfig = ''
reverse_proxy http://192.168.0.5:8080 reverse_proxy http://192.168.0.5:8080
''; '';
@ -77,9 +73,6 @@ in
"irc.dukeceph.xyz".extraConfig = '' "irc.dukeceph.xyz".extraConfig = ''
reverse_proxy 192.168.0.8 reverse_proxy 192.168.0.8
''; '';
"irc.dukeceph.xyz/webirc".extraConfig = ''
reverse_proxy 192.168.0.8:8067
'';
}; };
}; };