forked from hacc/haccfiles
stuebinm
72c16d9e1c
today i woke up to the realisation that there's an extremely obvious way to make these nicer, & then i did exactly that. For some reason I did not think of this when originally removing the dependency to nix-hexchen's evalConfig. unfortunately, this is not /quite/ a no-op. The only actual change is different whitespace in some of the semantically-equivalent coredns-configs that got unified.
73 lines
2.1 KiB
Nix
73 lines
2.1 KiB
Nix
{ config, lib, pkgs, evalConfig, ... }:
|
|
|
|
let
|
|
# necessary since overlays won't propagate into the
|
|
# container's config
|
|
thelounge = pkgs.thelounge-hacked;
|
|
in
|
|
{
|
|
containers.thelounge = {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.100.1";
|
|
localAddress = "192.168.100.4";
|
|
|
|
path = evalConfig ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
|
# for some inexplicable reason this does not import nopersist.
|
|
# i'm too lazy rn to deal with possible breakages if I add it.
|
|
# if you have spoons & nothing else to do, consider this a suggestion!
|
|
imports = [ profiles.container ];
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
services.thelounge = {
|
|
enable = true;
|
|
|
|
extraConfig = {
|
|
public = true;
|
|
# respect X-Forwarded-For
|
|
reverseProxy = true;
|
|
defaults = {
|
|
name = "libera chat";
|
|
host = "irc.eu.libera.chat";
|
|
port = 6697;
|
|
# encrypt things!
|
|
tls = true;
|
|
# yes, please do actually check the cert …
|
|
rejectUnauthorized = true;
|
|
nick = "haccGuest%%%%";
|
|
join = "#hacc-webchat";
|
|
};
|
|
lockNetwork = true;
|
|
|
|
# don't log messages (default is text / sqlite)
|
|
messageStorage = [];
|
|
|
|
# darker theme
|
|
#theme = "morning";
|
|
|
|
# these three should result in having link previews
|
|
# which are fetched only by the server, then proxied
|
|
# (i.e. clients won't directly connect to arbitrary
|
|
# domains to get previews)
|
|
prefetch = true;
|
|
prefetchStorage = true;
|
|
disableMediaPreview = true;
|
|
|
|
leaveMessage = "happy haccing";
|
|
};
|
|
};
|
|
|
|
# override the package we use
|
|
systemd.services.thelounge.serviceConfig.ExecStart =
|
|
pkgs.lib.mkForce "${thelounge}/bin/thelounge start";
|
|
});
|
|
};
|
|
|
|
services.nginx.virtualHosts."webchat.voc.hacc.space" = {
|
|
locations."/".proxyPass =
|
|
"http://${config.containers.thelounge.localAddress}:9000";
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
};
|
|
}
|