modules: add soju

hosts: import soju into germanium caddy: reverse proxy Layer 4 streams to allow ircs:// -> irc:// connectivity
fufexan · Dec 17, 2024 · c4ca24d · c4ca24d
1 parent e08c3f1
commit c4ca24d
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 18 deletions.
diff --git a/hosts/default.nix b/hosts/default.nix
@@ -16,6 +16,7 @@ in {
         mod
         "${mod}/networking"
         "${mod}/services/caddy.nix"
+        "${mod}/services/soju.nix"
         "${mod}/services/vaultwarden.nix"
         "${mod}/services/website.nix"
       ];

diff --git a/modules/services/acme.nix b/modules/services/acme.nix
diff --git a/modules/services/caddy.nix b/modules/services/caddy.nix
@@ -1,10 +1,17 @@
 {
+  self,
+  pkgs,
+  ...
+}: {
   networking.firewall = let
     ports = [80 443];
   in {
     allowedTCPPorts = ports;
     allowedUDPPorts = ports;
   };
 
-  services.caddy.enable = true;
+  services.caddy = {
+    enable = true;
+    package = self.packages.${pkgs.system}.caddy-with-plugins;
+  };
 }
diff --git a/modules/services/soju.nix b/modules/services/soju.nix
@@ -1,12 +1,28 @@
-{config, ...}: {
-  security.acme.certs.soju = {};
-
-  services.soju = let
-    certDir = config.security.acme.certs.soju.directory;
+{
+  networking.firewall = let
+    ports = [6697];
   in {
-    enable = true;
+    allowedTCPPorts = ports;
+    allowedUDPPorts = ports;
+  };
 
-    tlsCertificate = "${certDir}/fullchain.pem";
-    tlsCertificateKey = "${certDir}/key.pem";
+  services.soju = {
+    enable = true;
+    hostName = "fufexan.net";
+    listen = ["irc+insecure://localhost:6667"];
   };
+
+  services.caddy.globalConfig = ''
+    layer4 {
+      :6697 {
+        route {
+          tls
+          proxy {
+            proxy_protocol v2
+            upstream localhost:6667
+          }
+        }
+      }
+    }
+  '';
 }