summaryrefslogtreecommitdiffstats
path: root/profiles/bitlbee.nix
diff options
context:
space:
mode:
Diffstat (limited to 'profiles/bitlbee.nix')
-rw-r--r--profiles/bitlbee.nix89
1 files changed, 0 insertions, 89 deletions
diff --git a/profiles/bitlbee.nix b/profiles/bitlbee.nix
deleted file mode 100644
index 0b3f39f..0000000
--- a/profiles/bitlbee.nix
+++ /dev/null
@@ -1,89 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-
- pantalaimonConf = pkgs.writeText "pantalaimon.conf" ''
- [Default]
- Notifications = Off
- LogLevel = debug
-
- [codewreck]
- Homeserver = http://[::1]:8008
- ListenPort = 8009
- SSL = False
- UseKeyring = False
- '';
-
-in {
-
- services.bitlbee = {
- enable = true;
- portNumber = 16667;
- libpurple_plugins = [ pkgs.purple-matrix ];
- };
- systemd.services.bitlbee = {
- serviceConfig.BindPaths = [ "/var/lib/bitlbee" ];
- serviceConfig.BindReadOnlyPaths = [
- "/dev/urandom"
- "/dev/log"
- ];
- confinement = {
- enable = true;
- binSh = null;
- mode = "chroot-only";
- packages = [ pkgs.purple-matrix ];
- };
- };
-
- # matrix proxy
- systemd.services.pantalaimon = {
- description = "matrix E2EE proxy";
- serviceConfig = {
- Type = "simple";
- User = "asmadeus";
- BindPaths = [ "/home/asmadeus/.local/share/pantalaimon" ];
- BindReadOnlyPaths = [
- "/run/user/1000/bus" "/etc/machine-id"
- "/etc/passwd" "/etc/group"
- ];
- Environment = "XDG_RUNTIME_DIR=/run/user/1000";
- ExecStart = "${pkgs.pantalaimon}/bin/pantalaimon --config ${pantalaimonConf}";
- Restart = "always";
- NoNewPrivileges = "yes";
- };
- wantedBy = [ "default.target" ];
- confinement = {
- enable = true;
- binSh = null;
- mode = "chroot-only";
- };
- };
- # for panctl
- environment.systemPackages = with pkgs; [ pantalaimon ];
-
- # ssl front to bitlbee
- services.stunnel = {
- enable = true;
- servers = {
- bitlbee = {
- accept = ":::16697";
- connect = 16667;
- cert = "/var/lib/acme/jormungand.codewreck.org/full.pem";
- };
- };
- };
- systemd.services.stunnel = {
- serviceConfig.BindReadOnlyPaths = [
- "/var/lib/acme/jormungand.codewreck.org/full.pem"
- "/dev/null" "/etc/passwd" "/etc/group"
- ];
- confinement = {
- enable = true;
- binSh = null;
- mode = "chroot-only";
- };
- };
- networking.firewall.extraCommands = ''
- ip6tables -A nixos-fw -p tcp -m tcp --dport 16697 -s 2001:41d0:1:7a93::1 -j ACCEPT
- '';
-}