ngp.computer / nixos
Configuration for my NixOS based systems and Home Manager
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix ergo config, slightly

Noah Pederson 6080b9b5 5beb7873

+54 -3
+54 -3
host-specific/misaki/services.nix
··· 43 43 services.hardware.bolt.enable = true; 44 44 45 45 services.ergochat = { 46 - enable = true; 46 + enable = false; 47 47 settings = { 48 48 accounts = { 49 49 authentication-enabled = true; 50 + require-sasl = { 51 + enabled = true; 52 + # Exempt localhost so opers can bootstrap 53 + exempted = [ 54 + "localhost" 55 + "127.0.0.0/8" 56 + "::1/128" 57 + ]; 58 + }; 59 + login-throttling = { 60 + enabled = true; 61 + duration = "1m"; 62 + max-attempts = 3; 63 + }; 50 64 multiclient = { 51 65 allowed-by-default = true; 52 66 always-on = "opt-out"; ··· 54 68 enabled = true; 55 69 }; 56 70 registration = { 57 - allow-before-connect = true; 71 + allow-before-connect = false; 58 72 bcrypt-cost = 4; 59 73 email-verification = { 60 74 enabled = false; 61 75 }; 76 + # Disabled: only opers can create accounts 62 77 enabled = false; 63 78 }; 64 79 }; ··· 70 85 }; 71 86 datastore = { 72 87 autoupgrade = true; 73 - path = "/srv/shoukuhou/applications/ergochat/ircd.db"; 88 + path = "/srv/shokuhou/applications/ergochat/ircd.db"; 74 89 }; 75 90 history = { 76 91 autoreplay-on-join = 0; ··· 107 122 }; 108 123 network = { 109 124 name = "ngpnet"; 125 + }; 126 + opers = { 127 + admin = { 128 + class = "server-admin"; 129 + whois-line = "is a server admin"; 130 + # Generate with: ergo genpasswd 131 + # Then set this to the bcrypt hash 132 + password = "$2a$04$PLACEHOLDER_GENERATE_WITH_ergo_genpasswd"; 133 + }; 134 + }; 135 + oper-classes = { 136 + chat-moderator = { 137 + title = "Chat Moderator"; 138 + capabilities = [ 139 + "kill" 140 + "ban" 141 + "nofakelag" 142 + "relaymsg" 143 + "vhosts" 144 + "sajoin" 145 + "samode" 146 + "snomasks" 147 + ]; 148 + }; 149 + server-admin = { 150 + title = "Server Admin"; 151 + extends = "chat-moderator"; 152 + capabilities = [ 153 + "rehash" 154 + "accreg" 155 + "chanreg" 156 + "history" 157 + "defcon" 158 + "massmessage" 159 + ]; 160 + }; 110 161 }; 111 162 server = { 112 163 casemapping = "permissive";