diff options
Diffstat (limited to 'profiles/bitlbee.nix')
-rw-r--r-- | profiles/bitlbee.nix | 89 |
1 files changed, 0 insertions, 89 deletions
diff --git a/profiles/bitlbee.nix b/profiles/bitlbee.nix deleted file mode 100644 index 0b3f39f..0000000 --- a/profiles/bitlbee.nix +++ /dev/null @@ -1,89 +0,0 @@ -{ config, pkgs, ... }: - -let - - pantalaimonConf = pkgs.writeText "pantalaimon.conf" '' - [Default] - Notifications = Off - LogLevel = debug - - [codewreck] - Homeserver = http://[::1]:8008 - ListenPort = 8009 - SSL = False - UseKeyring = False - ''; - -in { - - services.bitlbee = { - enable = true; - portNumber = 16667; - libpurple_plugins = [ pkgs.purple-matrix ]; - }; - systemd.services.bitlbee = { - serviceConfig.BindPaths = [ "/var/lib/bitlbee" ]; - serviceConfig.BindReadOnlyPaths = [ - "/dev/urandom" - "/dev/log" - ]; - confinement = { - enable = true; - binSh = null; - mode = "chroot-only"; - packages = [ pkgs.purple-matrix ]; - }; - }; - - # matrix proxy - systemd.services.pantalaimon = { - description = "matrix E2EE proxy"; - serviceConfig = { - Type = "simple"; - User = "asmadeus"; - BindPaths = [ "/home/asmadeus/.local/share/pantalaimon" ]; - BindReadOnlyPaths = [ - "/run/user/1000/bus" "/etc/machine-id" - "/etc/passwd" "/etc/group" - ]; - Environment = "XDG_RUNTIME_DIR=/run/user/1000"; - ExecStart = "${pkgs.pantalaimon}/bin/pantalaimon --config ${pantalaimonConf}"; - Restart = "always"; - NoNewPrivileges = "yes"; - }; - wantedBy = [ "default.target" ]; - confinement = { - enable = true; - binSh = null; - mode = "chroot-only"; - }; - }; - # for panctl - environment.systemPackages = with pkgs; [ pantalaimon ]; - - # ssl front to bitlbee - services.stunnel = { - enable = true; - servers = { - bitlbee = { - accept = ":::16697"; - connect = 16667; - cert = "/var/lib/acme/jormungand.codewreck.org/full.pem"; - }; - }; - }; - systemd.services.stunnel = { - serviceConfig.BindReadOnlyPaths = [ - "/var/lib/acme/jormungand.codewreck.org/full.pem" - "/dev/null" "/etc/passwd" "/etc/group" - ]; - confinement = { - enable = true; - binSh = null; - mode = "chroot-only"; - }; - }; - networking.firewall.extraCommands = '' - ip6tables -A nixos-fw -p tcp -m tcp --dport 16697 -s 2001:41d0:1:7a93::1 -j ACCEPT - ''; -} |