maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(ops/meta01): deploy irccat

Browse source 
This deploys irccat, connected to the #snix channel.

We drop the custom irccat third_party, it's 2 years older than the
latest version in nixpkgs.

The irccat.nix module file contains some of the code present in the TVL
version, it however moves the secrets merging to ExecStartPre=,
given https://github.com/systemd/systemd/issues/19604#issuecomment-989279884
has been fixed for almost a year.

Contrary to the setup there, we don't let irccat connect to ZNC, but
hackint directly (so make use of the secrets logic).

We also drop the network-online.target, and make this overall more
tolerant by using Restart=on-failure.

Change-Id: Ieac3b744b7ea58b8dddf1cdc37a8bc057b205b1b
Reviewed-on: https://cl.snix.dev/c/snix/+/30504
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ryan Lahfa <ryan@lahfa.xyz>
Tested-by: besadii
This commit is contained in:
Florian Klink 2025-03-21 01:33:17 +00:00 committed by clbot
parent 5d16817f80
commit c9a77e5b58
5 changed files with 91 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

19
ops/machines/meta01/default.nix
View file

@ -16,6 +16,7 @@ in
(mod "o11y/alertmanager-irc-relay.nix")
(mod "known-hosts.nix")
(mod "clbot.nix")
(mod "irccat.nix")
(mod "www/mimir.snix.dev.nix")
(mod "www/loki.snix.dev.nix")
@ -79,6 +80,23 @@ in
};
};
services.irccat = {
enable = true;
config = {
generic.listen = "127.0.0.1:4722";
irc = {
server = "irc.eu.hackint.org:6697";
tls = true;
sasl_pass = "filled_in_by_secret";
nick = "snixbot";
channels = [
"#snix"
];
};
};
secretsFile = config.age.secrets.irccat-secrets.path;
};
networking.nftables.enable = true;
networking.firewall.extraInputRules = ''
# Prometheus, Loki, Tempo
@ -99,6 +117,7 @@ in
metrics-push-htpasswd.owner = "nginx";
mimir-webhook-url.file = secretFile "mimir-webhook-url";
alertmanager-irc-relay-environment.file = secretFile "alertmanager-irc-relay-environment";
irccat-secrets.file = secretFile "irccat-secrets";
restic-repository-password.file = secretFile "restic-repository-password";
restic-bucket-credentials.file = secretFile "restic-bucket-credentials";
};