ergo, but not broken

2026-02-12 23:22:18 -06:00 · 2026-02-12 23:22:18 -06:00 · b9f585f170
commit b9f585f170
parent 5747872651
2 changed files with 37 additions and 37 deletions
--- a/lxc-ergo.nix
+++ b/lxc-ergo.nix
@ -21,7 +21,7 @@

    networking.firewall.trustedInterfaces = [ "br-+" ];
    networking.firewall.allowedTCPPorts = [
-      6667
+      8067
      6697
      443
      80
@ -45,24 +45,23 @@
      virtualHosts."irc.dukeceph.xyz" = {
        addSSL = true;
        enableACME = true;
-        locations."/webirc" = {
-          proxyPass = "http://unix:/run/ergo/websocket";
-          proxyWebsockets = true;
-          extraConfig = ''
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "Upgrade";
-            proxy_set_header X-Forwarded-For $remote_addr;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_read_timeout 10m;
-          '';
-        };
+        root = "/var/www/html";
+        locations."/webirc".extraConfig = ''
+          proxy_pass http://127.0.0.1:8067;
+          proxy_read_timeout 600s;
+          proxy_http_version 1.1;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "Upgrade";
+          proxy_set_header X-Forwarded-For $remote_addr;
+          proxy_set_header X-Forwarded-Proto $scheme;
+        '';
      };
    };

-    users.groups."ergo" = {};
+    users.groups."ergo" = { };
    users.users."ergo" = {
-        group = "ergo";
-        isSystemUser = true;
+      group = "ergo";
+      isSystemUser = true;
    };

    services.ergochat = {
@ -85,34 +84,41 @@
                key = "/etc/letsencrypt/live/irc.dukeceph.xyz/privkey.pem";
              };
            };
+            ":8067" = {
+              websocket = true;
+            };
          };
+          secure-nets = [
+            "127.0.0.0/24"
+            "192.168.0.0/24"
+          ];
        };
        oper-classes = {
          chat-moderator = {
            title = "Chat Moderator";
            capabilities = [
-              "kill"      # disconnect user sessions
-              "ban"       # ban IPs, CIDRs, NUH masks, and suspend accounts (UBAN / DLINE / KLINE)
+              "kill" # disconnect user sessions
+              "ban" # ban IPs, CIDRs, NUH masks, and suspend accounts (UBAN / DLINE / KLINE)
              "nofakelag" # exempted from "fakelag" restrictions on rate of message sending
-              "relaymsg"  # use RELAYMSG in any channel (see the `relaymsg` config block)
-              "vhosts"    # add and remove vhosts from users
-              "sajoin"    # join arbitrary channels, including private channels
-              "samode"    # modify arbitrary channel and user modes
-              "snomasks"  # subscribe to arbitrary server notice masks
-              "roleplay"  # use the (deprecated) roleplay commands in any channel
+              "relaymsg" # use RELAYMSG in any channel (see the `relaymsg` config block)
+              "vhosts" # add and remove vhosts from users
+              "sajoin" # join arbitrary channels, including private channels
+              "samode" # modify arbitrary channel and user modes
+              "snomasks" # subscribe to arbitrary server notice masks
+              "roleplay" # use the (deprecated) roleplay commands in any channel
            ];
          };
          server-admin = {
            title = "Server Admin";
            extends = "chat-moderator";
            capabilities = [
-              "rehash"       # rehash the server, i.e. reload the config at runtime
-              "accreg"       # modify arbitrary account registrations
-              "chanreg"      # modify arbitrary channel registrations
-              "history"      # modify or delete history messages
-              "defcon"       # use the DEFCON command (restrict server capabilities)
-              "massmessage"  # message all users on the server
-              "metadata"     # modify arbitrary metadata on channels and users
+              "rehash" # rehash the server, i.e. reload the config at runtime
+              "accreg" # modify arbitrary account registrations
+              "chanreg" # modify arbitrary channel registrations
+              "history" # modify or delete history messages
+              "defcon" # use the DEFCON command (restrict server capabilities)
+              "massmessage" # message all users on the server
+              "metadata" # modify arbitrary metadata on channels and users
            ];
          };
        };
@ -128,5 +134,6 @@
    systemd.services.ergochat.serviceConfig.DynamicUser = lib.mkForce false;
    systemd.services.ergochat.serviceConfig.User = "ergo";
    systemd.services.ergochat.serviceConfig.Group = "ergo";
+    systemd.services.ergochat.restartIfChanged = false;
  };
 }
--- a/vm-homelab.nix
+++ b/vm-homelab.nix
@ -26,10 +26,6 @@ in
    services.caddy = {
      enable = true;
      virtualHosts = {
-        "dukeceph.xyz".extraConfig = ''
-          root * /mnt/nfs/public
-          file_server browse
-        '';
        "feed.rperce.net".extraConfig = ''
          reverse_proxy http://192.168.0.5:8080
        '';
@ -77,9 +73,6 @@ in
        "irc.dukeceph.xyz".extraConfig = ''
          reverse_proxy 192.168.0.8
        '';
-        "irc.dukeceph.xyz/webirc".extraConfig = ''
-          reverse_proxy 192.168.0.8:8067
-        '';
      };
    };