Soju on Nixos with Nginx
How to configure soju with nixos using nginx as a reverse proxy
This took just enough struggle to be worth recording for any future travelers.
It configures the bare minimum, an irc port to listen on. Soju also will listen to websockets to support connections from clients such as gamja and http connections for file uploads. I did not need any of that so I did not configure it. If that changes, I will update this article.
Notes
After the service is up and running, to configure your admin account use the command:
sojuctl user create \
-username <username> \
-password <password> \
-admin true
There are contibuted docs here on how to configure nginx with soju. The big difference is they listen to domain sockets and we don’t. The default nixos module for soju configures a dynamic user, this made the permissions of the socket to be just annoying enough for me to not want to deal with. Also, irc is so low traffic I doubt the performance gains are worth much.
Please see the soju manual and the soju nixos module options for more configuration options.
Config
{ config, ... }:
let
domain = "example.com"; # Must be a fqdn
ircs_port = 6697; # This is what nginx will listen on
# it will be opened to the outside world
irc_port = 6667; # This is what soju will listen on
in
{
security.acme = {
acceptTerms = true;
defaults.email = "[email protected]";
};
services.soju = {
enable = true;
hostName = domain;
listen = [
"irc://localhost:${toString irc_port}"
];
};
networking.firewall = {
allowedTCPPorts = [
ircs_port
];
};
services.nginx = {
enable = true;
virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
};
streamConfig =
let
cert_root = config.security.acme.certs.${domain}.directory;
in
''
server {
listen ${toString ircs_port} ssl;
listen [::]:${toString ircs_port} ssl;
proxy_pass 127.0.0.1:${toString irc_port};
proxy_protocol on;
ssl_certificate ${cert_root}/fullchain.pem;
ssl_certificate_key ${cert_root}/key.pem;
ssl_trusted_certificate ${cert_root}/chain.pem;
}
'';
};
}