stockholm/krebs/2configs/ircd.nix

{ config, pkgs, lib, ... }:

{
  networking.firewall.allowedTCPPorts = [
    6667 6669
  ];

  systemd.services.solanum.serviceConfig.LimitNOFILE = lib.mkForce 16384;

  services.solanum = {
    enable = true;
    motd = ''
      hello
    '';
    config = ''
      loadmodule "extensions/m_omode";
      serverinfo {
        name = "${config.krebs.build.host.name}.irc.r";
        sid = "1as";
        description = "irc!";
        network_name = "irc.r";

        vhost = "0.0.0.0";
        vhost6 = "::";

        #ssl_private_key = "etc/ssl.key";
        #ssl_cert = "etc/ssl.cert";
        #ssl_dh_params = "etc/dh.pem";
        #ssld_count = 1;

        default_max_clients = 2048;
        #nicklen = 30;
      };

      listen {
        defer_accept = yes;

        /* If you want to listen on a specific IP only, specify host.
         * host definitions apply only to the following port line.
         */
        host = "0.0.0.0";
        port = 6667;
        #sslport = 6697;

        /* Listen on IPv6 (if you used host= above). */
        host = "::";
        port = 6667;
        #sslport = 6697;
      };

      class "users" {
        ping_time = 2 minutes;
        number_per_ident = 10;
        number_per_ip = 4096;
        number_per_ip_global = 4096;
        cidr_ipv4_bitlen = 24;
        cidr_ipv6_bitlen = 64;
        number_per_cidr = 65535;
        max_number = 65535;
        sendq = 1000 megabyte;
      };

      privset "op" {
        privs = oper:admin, oper:general;
      };

      operator "aids" {
        user = "*@*";
        password = "balls";
        flags = ~encrypted;
        snomask = "+s";
        privset = "op";
      };

      exempt {
        ip = "127.0.0.1";
      };

      exempt {
        ip = "10.243.0.0/16";
      };

      auth {
        user = "*@*";
        class = "users";
        flags = kline_exempt, exceed_limit, flood_exempt;
      };

      channel {
        autochanmodes = "+t";
        use_invex = yes;
        use_except = yes;
        use_forward = yes;
        use_knock = yes;
        knock_delay = 5 minutes;
        knock_delay_channel = 1 minute;
        max_chans_per_user = 150;
        max_bans = 100;
        max_bans_large = 500;
        default_split_user_count = 0;
        default_split_server_count = 0;
        no_create_on_split = no;
        no_join_on_split = no;
        burst_topicwho = yes;
        kick_on_split_riding = no;
        only_ascii_channels = no;
        resv_forcepart = yes;
        channel_target_change = yes;
        disable_local_channels = no;
      };

      general {
        #maybe we want ident someday?
        default_floodcount = 10000;
        disable_auth = yes;
        throttle_duration = 1;
        throttle_count = 10000;
      };
    '';
  };
}
solanum: use upstream service 2021-10-24 16:25:11 +00:00			`{ config, pkgs, lib, ... }:`
2 lass: re-add all configs 2015-07-16 13:51:01 +00:00
			`{`
move news & deps: echelon.r -> puyak.r 2017-09-03 22:16:54 +00:00			`networking.firewall.allowedTCPPorts = [`
			`6667 6669`
lass 2 ircd: open port 6667 to retiolum 2015-10-08 23:23:45 +00:00			`];`
lass 2 ircd: fix import of ircd.nix 2015-10-09 11:21:25 +00:00
solanum: use upstream service 2021-10-24 16:25:11 +00:00			`systemd.services.solanum.serviceConfig.LimitNOFILE = lib.mkForce 16384;`
ircd: raise all limits 2021-02-16 22:02:08 +00:00
solanum: use upstream service 2021-10-24 16:25:11 +00:00			`services.solanum = {`
2 lass: re-add all configs 2015-07-16 13:51:01 +00:00			`enable = true;`
ircd: add motd 2017-12-04 00:01:26 +00:00			`motd = ''`
			`hello`
			`'';`
2 lass: re-add all configs 2015-07-16 13:51:01 +00:00			`config = ''`
ircd: add oper mode, raise limits 2021-01-07 23:36:43 +00:00			`loadmodule "extensions/m_omode";`
2 lass: re-add all configs 2015-07-16 13:51:01 +00:00			`serverinfo {`
ircd: .retiolum -> .r 2018-01-09 18:09:15 +00:00			`name = "${config.krebs.build.host.name}.irc.r";`
lass 2 ircd: change sid and hostname 2015-10-08 23:09:13 +00:00			`sid = "1as";`
ircd: raise all limits 2021-02-16 22:02:08 +00:00			`description = "irc!";`
ircd: .retiolum -> .r 2018-01-09 18:09:15 +00:00			`network_name = "irc.r";`
2 lass: re-add all configs 2015-07-16 13:51:01 +00:00
			`vhost = "0.0.0.0";`
			`vhost6 = "::";`

			`#ssl_private_key = "etc/ssl.key";`
			`#ssl_cert = "etc/ssl.cert";`
			`#ssl_dh_params = "etc/dh.pem";`
			`#ssld_count = 1;`

ircd: raise all limits 2021-02-16 22:02:08 +00:00			`default_max_clients = 2048;`
2 lass: re-add all configs 2015-07-16 13:51:01 +00:00			`#nicklen = 30;`
			`};`

			`listen {`
			`defer_accept = yes;`

			`/* If you want to listen on a specific IP only, specify host.`
			`* host definitions apply only to the following port line.`
			`*/`
			`host = "0.0.0.0";`
			`port = 6667;`
ircd: raise all limits 2021-02-16 22:02:08 +00:00			`#sslport = 6697;`
2 lass: re-add all configs 2015-07-16 13:51:01 +00:00
			`/* Listen on IPv6 (if you used host= above). */`
			`host = "::";`
			`port = 6667;`
ircd: raise all limits 2021-02-16 22:02:08 +00:00			`#sslport = 6697;`
2 lass: re-add all configs 2015-07-16 13:51:01 +00:00			`};`

			`class "users" {`
			`ping_time = 2 minutes;`
l 2 ircd: exempt localhost & retiolum 2015-10-15 12:46:12 +00:00			`number_per_ident = 10;`
ircd: add oper mode, raise limits 2021-01-07 23:36:43 +00:00			`number_per_ip = 4096;`
l 2 ircd: exempt localhost & retiolum 2015-10-15 12:46:12 +00:00			`number_per_ip_global = 4096;`
2 lass: re-add all configs 2015-07-16 13:51:01 +00:00			`cidr_ipv4_bitlen = 24;`
			`cidr_ipv6_bitlen = 64;`
ircd: raise all limits 2021-02-16 22:02:08 +00:00			`number_per_cidr = 65535;`
			`max_number = 65535;`
			`sendq = 1000 megabyte;`
ircd: add oper mode, raise limits 2021-01-07 23:36:43 +00:00			`};`

			`privset "op" {`
ircd: add oper:general for umode addon 2021-05-25 18:09:18 +00:00			`privs = oper:admin, oper:general;`
ircd: add oper mode, raise limits 2021-01-07 23:36:43 +00:00			`};`

			`operator "aids" {`
			`user = "@";`
			`password = "balls";`
			`flags = ~encrypted;`
			`snomask = "+s";`
			`privset = "op";`
2 lass: re-add all configs 2015-07-16 13:51:01 +00:00			`};`

			`exempt {`
			`ip = "127.0.0.1";`
			`};`

l 2 ircd: exempt localhost & retiolum 2015-10-15 12:46:12 +00:00			`exempt {`
			`ip = "10.243.0.0/16";`
			`};`

2 lass: re-add all configs 2015-07-16 13:51:01 +00:00			`auth {`
			`user = "@";`
			`class = "users";`
l 2 ircd: exempt localhost & retiolum 2015-10-15 12:46:12 +00:00			`flags = kline_exempt, exceed_limit, flood_exempt;`
2 lass: re-add all configs 2015-07-16 13:51:01 +00:00			`};`

			`channel {`
ircd: allow msg without join 2021-03-26 19:04:35 +00:00			`autochanmodes = "+t";`
2 lass: re-add all configs 2015-07-16 13:51:01 +00:00			`use_invex = yes;`
			`use_except = yes;`
			`use_forward = yes;`
			`use_knock = yes;`
			`knock_delay = 5 minutes;`
			`knock_delay_channel = 1 minute;`
ircd: raise all limits 2021-02-16 22:02:08 +00:00			`max_chans_per_user = 150;`
2 lass: re-add all configs 2015-07-16 13:51:01 +00:00			`max_bans = 100;`
			`max_bans_large = 500;`
			`default_split_user_count = 0;`
			`default_split_server_count = 0;`
			`no_create_on_split = no;`
			`no_join_on_split = no;`
			`burst_topicwho = yes;`
			`kick_on_split_riding = no;`
			`only_ascii_channels = no;`
			`resv_forcepart = yes;`
			`channel_target_change = yes;`
			`disable_local_channels = no;`
			`};`
ircd: add oper mode, raise limits 2021-01-07 23:36:43 +00:00
2 lass.ircd: disable authentification 2015-07-18 12:19:41 +00:00			`general {`
			`#maybe we want ident someday?`
ircd: add oper mode, raise limits 2021-01-07 23:36:43 +00:00			`default_floodcount = 10000;`
2 lass.ircd: disable authentification 2015-07-18 12:19:41 +00:00			`disable_auth = yes;`
l 2 ircd: relax throttle 2017-05-09 18:40:11 +00:00			`throttle_duration = 1;`
ircd: add oper mode, raise limits 2021-01-07 23:36:43 +00:00			`throttle_count = 10000;`
2 lass.ircd: disable authentification 2015-07-18 12:19:41 +00:00			`};`
2 lass: re-add all configs 2015-07-16 13:51:01 +00:00			`'';`
			`};`
			`}`