krebs: use ergo instead of solanum everywhere
This commit is contained in:
parent
dbc2387520
commit
545b424ecb
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
<stockholm/krebs/2configs/buildbot-stockholm.nix>
|
<stockholm/krebs/2configs/buildbot-stockholm.nix>
|
||||||
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
||||||
<stockholm/krebs/2configs/ergo.nix>
|
<stockholm/krebs/2configs/ircd.nix>
|
||||||
<stockholm/krebs/2configs/reaktor2.nix>
|
<stockholm/krebs/2configs/reaktor2.nix>
|
||||||
<stockholm/krebs/2configs/wiki.nix>
|
<stockholm/krebs/2configs/wiki.nix>
|
||||||
<stockholm/krebs/2configs/acme.nix>
|
<stockholm/krebs/2configs/acme.nix>
|
||||||
|
@ -1,13 +0,0 @@
|
|||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
|
||||||
6667
|
|
||||||
];
|
|
||||||
|
|
||||||
krebs.ergo = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
@ -1,121 +1,44 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
6667 6669
|
6667
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.services.solanum.serviceConfig.LimitNOFILE = lib.mkForce 16384;
|
krebs.ergo = {
|
||||||
|
|
||||||
services.solanum = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
motd = ''
|
config = {
|
||||||
hello
|
server.secure-nets = [
|
||||||
'';
|
"42::0/16"
|
||||||
config = ''
|
"10.240.0.0/12"
|
||||||
loadmodule "extensions/m_omode";
|
];
|
||||||
serverinfo {
|
oper-classes.server-admin = {
|
||||||
name = "${config.krebs.build.host.name}.irc.r";
|
title = "admin";
|
||||||
sid = "1as";
|
capabilities = [
|
||||||
description = "irc!";
|
"kill" # disconnect user sessions
|
||||||
network_name = "irc.r";
|
"ban" # ban IPs, CIDRs, and NUH masks ("d-line" and "k-line")
|
||||||
|
"nofakelag" # remove "fakelag" restrictions on rate of message sending
|
||||||
vhost = "0.0.0.0";
|
"relaymsg" # use RELAYMSG in any channel (see the 'relaymsg' config block)
|
||||||
vhost6 = "::";
|
"vhosts" # add and remove vhosts from users
|
||||||
|
"sajoin" # join arbitrary channels, including private channels
|
||||||
#ssl_private_key = "etc/ssl.key";
|
"samode" # modify arbitrary channel and user modes
|
||||||
#ssl_cert = "etc/ssl.cert";
|
"snomasks" # subscribe to arbitrary server notice masks
|
||||||
#ssl_dh_params = "etc/dh.pem";
|
"roleplay" # use the (deprecated) roleplay commands in any channel
|
||||||
#ssld_count = 1;
|
"rehash" # rehash the server, i.e. reload the config at runtime
|
||||||
|
"accreg" # modify arbitrary account registrations
|
||||||
default_max_clients = 2048;
|
"chanreg" # modify arbitrary channel registrations
|
||||||
#nicklen = 30;
|
"history" # modify or delete history messages
|
||||||
|
"defcon" # use the DEFCON command (restrict server capabilities)
|
||||||
|
"massmessage" # message all users on the server
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
opers.aids = {
|
||||||
listen {
|
class = "server-admin";
|
||||||
defer_accept = yes;
|
hidden = false;
|
||||||
|
password = "$2a$04$0AtVycWQJ07ymrDdKyAm2un3UVSVIzpzL3wsWbWb3PF95d1CZMcMO";
|
||||||
/* If you want to listen on a specific IP only, specify host.
|
|
||||||
* host definitions apply only to the following port line.
|
|
||||||
*/
|
|
||||||
host = "0.0.0.0";
|
|
||||||
port = 6667;
|
|
||||||
#sslport = 6697;
|
|
||||||
|
|
||||||
/* Listen on IPv6 (if you used host= above). */
|
|
||||||
host = "::";
|
|
||||||
port = 6667;
|
|
||||||
#sslport = 6697;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
class "users" {
|
|
||||||
ping_time = 2 minutes;
|
|
||||||
number_per_ident = 10;
|
|
||||||
number_per_ip = 4096;
|
|
||||||
number_per_ip_global = 4096;
|
|
||||||
cidr_ipv4_bitlen = 24;
|
|
||||||
cidr_ipv6_bitlen = 64;
|
|
||||||
number_per_cidr = 65535;
|
|
||||||
max_number = 65535;
|
|
||||||
sendq = 1000 megabyte;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
privset "op" {
|
|
||||||
privs = oper:admin, oper:general;
|
|
||||||
};
|
|
||||||
|
|
||||||
operator "aids" {
|
|
||||||
user = "*@*";
|
|
||||||
password = "balls";
|
|
||||||
flags = ~encrypted;
|
|
||||||
snomask = "+s";
|
|
||||||
privset = "op";
|
|
||||||
};
|
|
||||||
|
|
||||||
exempt {
|
|
||||||
ip = "127.0.0.1";
|
|
||||||
};
|
|
||||||
|
|
||||||
exempt {
|
|
||||||
ip = "10.243.0.0/16";
|
|
||||||
};
|
|
||||||
|
|
||||||
auth {
|
|
||||||
user = "*@*";
|
|
||||||
class = "users";
|
|
||||||
flags = kline_exempt, exceed_limit, flood_exempt;
|
|
||||||
};
|
|
||||||
|
|
||||||
channel {
|
|
||||||
autochanmodes = "+t";
|
|
||||||
use_invex = yes;
|
|
||||||
use_except = yes;
|
|
||||||
use_forward = yes;
|
|
||||||
use_knock = yes;
|
|
||||||
knock_delay = 5 minutes;
|
|
||||||
knock_delay_channel = 1 minute;
|
|
||||||
max_chans_per_user = 150;
|
|
||||||
max_bans = 100;
|
|
||||||
max_bans_large = 500;
|
|
||||||
default_split_user_count = 0;
|
|
||||||
default_split_server_count = 0;
|
|
||||||
no_create_on_split = no;
|
|
||||||
no_join_on_split = no;
|
|
||||||
burst_topicwho = yes;
|
|
||||||
kick_on_split_riding = no;
|
|
||||||
only_ascii_channels = no;
|
|
||||||
resv_forcepart = yes;
|
|
||||||
channel_target_change = yes;
|
|
||||||
disable_local_channels = no;
|
|
||||||
};
|
|
||||||
|
|
||||||
general {
|
|
||||||
#maybe we want ident someday?
|
|
||||||
default_floodcount = 10000;
|
|
||||||
disable_auth = yes;
|
|
||||||
throttle_duration = 1;
|
|
||||||
throttle_count = 10000;
|
|
||||||
};
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -68,7 +68,8 @@
|
|||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.brockman.bindsTo = [ "solanum.service" ];
|
krebs.ergo.openFilesLimit = 16384;
|
||||||
|
systemd.services.brockman.bindsTo = [ "ergo.service" ];
|
||||||
systemd.services.brockman.serviceConfig.LimitNOFILE = 16384;
|
systemd.services.brockman.serviceConfig.LimitNOFILE = 16384;
|
||||||
systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG";
|
systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG";
|
||||||
krebs.brockman = {
|
krebs.brockman = {
|
||||||
|
@ -2,6 +2,13 @@
|
|||||||
options = {
|
options = {
|
||||||
krebs.ergo = {
|
krebs.ergo = {
|
||||||
enable = lib.mkEnableOption "Ergo IRC daemon";
|
enable = lib.mkEnableOption "Ergo IRC daemon";
|
||||||
|
openFilesLimit = lib.mkOption {
|
||||||
|
type = lib.types.int;
|
||||||
|
default = 1024;
|
||||||
|
description = ''
|
||||||
|
Maximum number of open files. Limits the clients and server connections.
|
||||||
|
'';
|
||||||
|
};
|
||||||
config = lib.mkOption {
|
config = lib.mkOption {
|
||||||
type = (pkgs.formats.json {}).type;
|
type = (pkgs.formats.json {}).type;
|
||||||
description = ''
|
description = ''
|
||||||
@ -54,8 +61,8 @@
|
|||||||
multiclient = {
|
multiclient = {
|
||||||
enabled = true;
|
enabled = true;
|
||||||
allowed-by-default = true;
|
allowed-by-default = true;
|
||||||
always-on = "opt-in";
|
always-on = "opt-out";
|
||||||
auto-away = "opt-in";
|
auto-away = "opt-out";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
channels = {
|
channels = {
|
||||||
@ -111,13 +118,15 @@
|
|||||||
systemd.services.ergo = {
|
systemd.services.ergo = {
|
||||||
description = "Ergo IRC daemon";
|
description = "Ergo IRC daemon";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
reloadIfChanged = true;
|
# reload currently not working as expected
|
||||||
|
# reloadIfChanged = true;
|
||||||
restartTriggers = [ configFile ];
|
restartTriggers = [ configFile ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml";
|
ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml";
|
||||||
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
|
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
StateDirectory = "ergo";
|
StateDirectory = "ergo";
|
||||||
|
LimitNOFILE = "${toString cfg.openFilesLimit}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user