privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

cluster/services/irc: add oper configuration

Browse source
This commit is contained in:
Max Headroom 2022-09-18 23:37:50 +02:00
parent 1ffd88cfe3
commit fc845158d8
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
cluster/services/irc/irc-host.nix
View file

@ -9,6 +9,7 @@ let
linkSecure = cluster.config.links.ircSecure; linkSecure = cluster.config.links.ircSecure;
otherServers = map mkServer cluster.config.services.irc.otherNodes.host; otherServers = map mkServer cluster.config.services.irc.otherNodes.host;
otherServerFiles = map (builtins.toFile "ngircd-peer.conf") otherServers; otherServerFiles = map (builtins.toFile "ngircd-peer.conf") otherServers;
opers = map mkOper [ "max" "num" "ark" ];
mkServer = name: '' mkServer = name: ''
[Server] [Server]
@ -21,6 +22,14 @@ let
Passive = no Passive = no
''; '';
# oper password is irrelevant, mask ensures security thanks to PAM
mkOper = name: ''
[Operator]
Name = ${name}
Password = please
Mask = *!${name}@*
'';
serverName = "${subDomain}.irc.${domain}"; serverName = "${subDomain}.irc.${domain}";
cert = config.security.acme.certs."${serverName}"; cert = config.security.acme.certs."${serverName}";
dh = config.security.dhparams.params.ngircd; dh = config.security.dhparams.params.ngircd;
@ -51,6 +60,10 @@ in {
MorePrivacy = yes MorePrivacy = yes
PAM = yes PAM = yes
PAMIsOptional = yes PAMIsOptional = yes
OperCanUseMode = yes
OperChanPAutoOp = yes
${builtins.concatStringsSep "\n" opers}
''; '';
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [