Initial commit

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 14:57:00 -08:00 · 2026-02-15 14:57:00 -08:00 · b8402a9049
commit b8402a9049
82 changed files with 1345 additions and 0 deletions
--- a/services/ergo.nix
+++ b/services/ergo.nix
@ -0,0 +1,113 @@
+{ lib, pkgs, config, ... }:
+
+let
+  settingsFormat = pkgs.formats.yaml { };
+  ergoConfigFile = settingsFormat.generate "ircd.yaml" config.services.ergochat.settings;
+in
+{
+  sops.secrets."ergo/oper_password_hash" = {
+    sopsFile = ./secrets/ergo.yaml;
+    mode = "0400";
+  };
+
+  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 6667 8097 ];
+
+  services.mysql = {
+    enable = true;
+    package = pkgs.mariadb;
+    ensureDatabases = [ "ergochat" ];
+    ensureUsers = [
+      {
+        name = "ergochat";
+        ensurePermissions = {
+          "ergochat.*" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+  };
+
+  systemd.services.ergochat = {
+    after = [ "mysql.service" ];
+    requires = [ "mysql.service" ];
+    serviceConfig = {
+      SupplementaryGroups = [ "mysql" ];
+      RuntimeDirectory = "ergochat";
+      ExecStartPre = [
+        # Run as root (+) to read our SOPS secret, then write the patched config
+        "+${pkgs.writeShellScript "ergochat-inject-secrets" ''
+          OPER_HASH=$(cat ${config.sops.secrets."ergo/oper_password_hash".path})
+          sed "s|__OPER_PASSWORD_PLACEHOLDER__|$OPER_HASH|" ${ergoConfigFile} > /run/ergochat/ircd.yaml
+          chown ergochat:ergochat /run/ergochat/ircd.yaml
+          chmod 0400 /run/ergochat/ircd.yaml
+        ''}"
+      ];
+      ExecStart = lib.mkForce "${pkgs.ergochat}/bin/ergo run --conf /run/ergochat/ircd.yaml";
+    };
+  };
+
+  services.ergochat = {
+    enable = true;
+    settings = {
+      network.name = "ellie.town";
+
+      server = {
+        name = "irc.ellie.town";
+        enforce-utf8 = true;
+        listeners = lib.mkForce {
+          "10.10.0.2:6667" = { };
+          "10.10.0.2:8097" = { websocket = true; };
+        };
+      };
+
+      accounts.registration.enabled = false;
+      accounts.nick-reservation.force-nick-equals-account = true;
+      accounts.nick-reservation.method = "strict";
+
+      datastore.mysql = {
+        enabled = true;
+        socket-path = "/run/mysqld/mysqld.sock";
+        user = "ergochat";
+        password = "";
+        history-database = "ergochat";
+      };
+
+      history.persistent = {
+        enabled = true;
+        unregistered-channels = false;
+        registered-channels = "opt-out";
+        direct-messages = "opt-out";
+      };
+
+      history.restrictions.expire-time = "0";
+
+      oper-classes = {
+        server-admin = {
+          title = "Server Admin";
+          capabilities = [
+            "rehash"
+            "accreg"
+            "chanreg"
+            "kill"
+            "ban"
+            "nofakelag"
+            "relaymsg"
+            "sajoin"
+            "samode"
+            "snomasks"
+            "history"
+            "defcon"
+            "massmessage"
+          ];
+        };
+      };
+
+      opers = {
+        ellie = {
+          class = "server-admin";
+          whois-line = "is a server administrator";
+          password = "__OPER_PASSWORD_PLACEHOLDER__";
+        };
+      };
+    };
+  };
+}