cluster/services/irc: refactor with hostLinks
This commit is contained in:
parent
b923e738e8
commit
1def40063d
2 changed files with 32 additions and 17 deletions
|
@ -1,24 +1,37 @@
|
||||||
{ tools, ... }:
|
{ config, lib, tools, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (tools.meta) domain;
|
||||||
|
subDomains = {
|
||||||
|
VEGAS = "eu1";
|
||||||
|
prophet = "eu2";
|
||||||
|
};
|
||||||
|
in
|
||||||
{
|
{
|
||||||
vars = {
|
vars = {
|
||||||
ircServers = {
|
|
||||||
VEGAS.subDomain = "eu1";
|
|
||||||
prophet.subDomain = "eu2";
|
|
||||||
};
|
|
||||||
ircPeerKey = {
|
ircPeerKey = {
|
||||||
file = ./irc-peer-key.age;
|
file = ./irc-peer-key.age;
|
||||||
owner = "ngircd";
|
owner = "ngircd";
|
||||||
group = "ngircd";
|
group = "ngircd";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
hostLinks = lib.genAttrs config.services.irc.nodes.host (name: {
|
||||||
|
irc = {
|
||||||
|
ipv4 = "${subDomains.${name}}.irc.${domain}";
|
||||||
|
inherit (config.links.irc) port;
|
||||||
|
};
|
||||||
|
ircSecure = {
|
||||||
|
ipv4 = "${subDomains.${name}}.irc.${domain}";
|
||||||
|
inherit (config.links.ircSecure) port;
|
||||||
|
};
|
||||||
|
});
|
||||||
links = {
|
links = {
|
||||||
irc = {
|
irc = {
|
||||||
ipv4 = "irc.${tools.meta.domain}";
|
ipv4 = "irc.${domain}";
|
||||||
port = 6667;
|
port = 6667;
|
||||||
};
|
};
|
||||||
ircSecure = {
|
ircSecure = {
|
||||||
ipv4 = "irc.${tools.meta.domain}";
|
ipv4 = "irc.${domain}";
|
||||||
port = 6697;
|
port = 6697;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,21 +1,23 @@
|
||||||
{ cluster, config, pkgs, tools, ... }:
|
{ cluster, config, pkgs, tools, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (tools.meta) domain adminEmail;
|
inherit (tools.meta) adminEmail;
|
||||||
inherit (cluster) vars;
|
inherit (cluster) vars;
|
||||||
inherit (vars.ircServers.${vars.hostName}) subDomain;
|
|
||||||
|
|
||||||
link = cluster.config.links.irc;
|
linkGlobalSecure = cluster.config.links.ircSecure;
|
||||||
linkSecure = cluster.config.links.ircSecure;
|
link = cluster.config.hostLinks.${vars.hostName}.irc;
|
||||||
|
linkSecure = cluster.config.hostLinks.${vars.hostName}.ircSecure;
|
||||||
otherServers = map mkServer cluster.config.services.irc.otherNodes.host;
|
otherServers = map mkServer cluster.config.services.irc.otherNodes.host;
|
||||||
otherServerFiles = map (builtins.toFile "ngircd-peer.conf") otherServers;
|
otherServerFiles = map (builtins.toFile "ngircd-peer.conf") otherServers;
|
||||||
opers = map mkOper [ "max" "num" "ark" ];
|
opers = map mkOper [ "max" "num" "ark" ];
|
||||||
|
|
||||||
mkServer = name: ''
|
mkServer = name: let
|
||||||
|
peerLink = cluster.config.hostLinks.${name}.ircSecure;
|
||||||
|
in ''
|
||||||
[Server]
|
[Server]
|
||||||
Name = ${vars.ircServers.${name}.subDomain}.irc.${domain}
|
Name = ${peerLink.ipv4}
|
||||||
Host = ${vars.ircServers.${name}.subDomain}.irc.${domain}
|
Host = ${peerLink.ipv4}
|
||||||
Port = ${linkSecure.portStr}
|
Port = ${peerLink.portStr}
|
||||||
MyPassword = @PEER_PASSWORD@
|
MyPassword = @PEER_PASSWORD@
|
||||||
PeerPassword = @PEER_PASSWORD@
|
PeerPassword = @PEER_PASSWORD@
|
||||||
SSLConnect = yes
|
SSLConnect = yes
|
||||||
|
@ -30,7 +32,7 @@ let
|
||||||
Mask = *!${name}@*
|
Mask = *!${name}@*
|
||||||
'';
|
'';
|
||||||
|
|
||||||
serverName = "${subDomain}.irc.${domain}";
|
serverName = linkSecure.ipv4;
|
||||||
cert = config.security.acme.certs."${serverName}";
|
cert = config.security.acme.certs."${serverName}";
|
||||||
dh = config.security.dhparams.params.ngircd;
|
dh = config.security.dhparams.params.ngircd;
|
||||||
in {
|
in {
|
||||||
|
@ -82,7 +84,7 @@ in {
|
||||||
dnsProvider = "pdns";
|
dnsProvider = "pdns";
|
||||||
group = "ngircd";
|
group = "ngircd";
|
||||||
reloadServices = [ "ngircd" ];
|
reloadServices = [ "ngircd" ];
|
||||||
extraDomainNames = [ "irc.${domain}" ];
|
extraDomainNames = [ linkGlobalSecure.ipv4 ];
|
||||||
};
|
};
|
||||||
security.pam.services.ngircd = {
|
security.pam.services.ngircd = {
|
||||||
text = ''
|
text = ''
|
||||||
|
|
Loading…
Reference in a new issue