about summary refs log tree commit diff
path: root/nixos/socrates/configuration.nix
diff options
context:
space:
mode:
authorWilliam Carroll <wpcarro@gmail.com>2020-06-30T18·51+0100
committerWilliam Carroll <wpcarro@gmail.com>2020-06-30T18·53+0100
commit6cb921739da6fe3b34000d8aa4080bf61b4797cd (patch)
tree7621f781a1da1954aed9e7d949d068be2690bc48 /nixos/socrates/configuration.nix
parent58dc543a7b37e97416800e3b1d5f783c0e38060f (diff)
Support bitlbee + stunnel
TLS support for bitlbee...
Diffstat (limited to 'nixos/socrates/configuration.nix')
-rw-r--r--nixos/socrates/configuration.nix20
1 files changed, 19 insertions, 1 deletions
diff --git a/nixos/socrates/configuration.nix b/nixos/socrates/configuration.nix
index 81dc9f1a76e6..0af4a314191d 100644
--- a/nixos/socrates/configuration.nix
+++ b/nixos/socrates/configuration.nix
@@ -27,7 +27,7 @@ in {
     networkmanager.enable = true;
     interfaces.enp2s0f1.useDHCP = true;
     interfaces.wlp3s0.useDHCP = true;
-    firewall.allowedTCPPorts = [ 9418 80 443 6667 ];
+    firewall.allowedTCPPorts = [ 9418 80 443 6697 ];
   };
 
   time.timeZone = "UTC";
@@ -79,6 +79,24 @@ in {
   # Services
   ##############################################################################
 
+  systemd.services.bitlbee-stunnel = {
+    description = "Provides TLS termination for Bitlbee.";
+    wantedBy = [ "multi-user.target" ];
+    unitConfig = {
+      Restart = "always";
+      User = "nginx"; # This is a hack to easily get certificate access.
+    };
+    script = let configFile = builtins.toFile "stunnel.conf" ''
+      foreground = yes
+      debug = 7
+
+      [ircs]
+      accept = 0.0.0.0:6697
+      connect = 6667
+      cert = /var/lib/acme/wpcarro.dev/full.pem
+    ''; in "${pkgs.stunnel}/bin/stunnel ${configFile}";
+  };
+
   nixpkgs.config.bitlbee.enableLibPurple = true;
   services.bitlbee = {
     interface = "0.0.0.0";