2 files changed, 65 insertions, 41 deletions
diff --git a/chaski/configuration.nix b/chaski/configuration.nix
index 2ecfe4c..658f55a 100644
--- a/chaski/configuration.nix
+++ b/chaski/configuration.nix
@@ -10,58 +10,39 @@
       ./hardware-configuration.nix
       ./services/uplcg.nix
       ./services/tracktrain.nix
+      ./services/chat.nix
     ];
 
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-
-  users.users.chat = {
-    isNormalUser = true;
-    home = "/home/chat";
-    shell = pkgs.fish;
-    packages = with pkgs; [
-      fish tmux weechat
-    ];
-  };
-  services.openssh = {
-    extraConfig = ''
-      Match user chat
-        ForceCommand tmux attach || tmux
-    '';
-  };
-  programs.mosh.enable = true;
-  users.users.chat.openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCTeuG1alKNNqoT2d5nUAlH0Otsk0NHM7nmkYC5Yfk8qcLsgY4v2dXlyrMzieajYgDjndEApgO3/S/V0EQGhvHc0UugC6LU84jHPwsgYVABRmFS74v/ww8NigaNIAevwWl+DxlnK4nnWdB1lo4xS69ooQdvoAjbubk16dP04LsAbH8Z+3cPB5WKAaayNx62DUwObzDSpztqCagCZzlqpwKG1UGJngrqEhk7B5Q0v9iCk91gqVkLSPllsB00+bqIimgkMVIZnoLLh7pcEgOvbG0yP2EG3ttDNN3jPpqE6mu+znfLq+ua/MwJy5hjmY5R54yPlcvFdsIU34jrdMCDvWqpV49VrLwVvkFN3lRZln/9eifkXXJciP4Ber3xEl8JltysV1PE5iJunWfbcOy0fwsYvBChDeyR5G3CLG2c25jKL9f1Iq95QBBMVYgIxq/dpGy0tjB+24w1JzsorvElsmz5etXLXCydLP07ic9PfSu1Wmwu7F0tweIk52x97sra6ePhtY+TTRffjjDz0DEho1bWDfrPV0xfPPAWXWTKYisVO4VVmMQsJbtXrfxUJbappM5vIXcJ+2JpT2Oh7Kiy3rjm+pd7rukgoCp7yN5z8v+2vuOfHqBuKUwlaRg/XNMyPrbnGGzVR1xzUuhwdOnjAyMmAr95Ne9hRBPwfVo2NR/ZZw=="
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpWMKJrYaI9BRFCeVimQfHkg0THZJwLqh+z2fFxLU7q stuebinm@pixelimn"
-  ];
 
   services.nginx.enable = true;
-  services.nginx.appendHttpConfig = ''
-     access_log off;
-     add_header Permissions-Policy "interest-cohort=()";
-  '';
 
   # Use the GRUB 2 boot loader.
   boot.loader.grub.enable = true;
   boot.loader.grub.version = 2;
+  boot.loader.grub.devices = [ "/dev/sda" ];
 
-  networking.hostName = "chaski"; # Define your hostname.
+  networking = {
+    hostName = "chaski";
 
-  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
-  # Per-interface useDHCP will be mandatory in the future, so this generated config
-  # replicates the default behaviour.
-  networking.useDHCP = false;
-  networking.interfaces.ens10.useDHCP = true;
-  networking.interfaces.ens3.useDHCP = true;
+    enableIPv6 = true;
+    defaultGateway6 = {
+      address = "fe80::1";
+      interface = "ens3";
+    };
 
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "20.09"; # Did you read the comment?
+    interfaces.ens3.ipv6.addresses = [ {
+      address = "2a01:4f9:c010:69ed::1";
+      prefixLength = 64;
+    } ];
+
+    useDHCP = false;
+    interfaces.ens10.useDHCP = true;
+    interfaces.ens3.useDHCP = true;
+
+    firewall.logRefusedConnections = false;
+    firewall.allowedTCPPorts = [ 80 443 ];
+  };
 
-  boot.loader.grub.devices = [ "/dev/sda" ];
 
+  system.stateVersion = "20.09"; # Did you read the comment?
 }
diff --git a/chaski/services/chat.nix b/chaski/services/chat.nix
new file mode 100644
index 0000000..0771e19
--- /dev/null
+++ b/chaski/services/chat.nix
@@ -0,0 +1,43 @@
+{ config, lib, pkgs, inputs, ... }:
+
+# this defines an extra user, so i can run weechat in tmux
+# (and not deal with having an irc relay)
+{
+
+  imports = [ inputs.home-manager.nixosModule ];
+
+  programs.mosh.enable = true;
+  users.users.chat = {
+    isNormalUser = true;
+    home = "/home/chat";
+    shell = pkgs.fish;
+    packages = with pkgs; [
+      fish tmux weechat
+    ];
+  };
+  home-manager.users.chat = _: {
+    programs.tmux = {
+      enable = true;
+      terminal = "screen-256color";
+    };
+    home.stateVersion = "22.11";
+  };
+  services.openssh = {
+    extraConfig = ''
+      Match user chat
+        ForceCommand ${pkgs.writeScript "logon-weechat" ''
+          #!${pkgs.fish}/bin/fish
+          if test -n "$SSH_ORIGINAL_COMMAND"
+            # allow mosh to start its server
+            exec fish -c "$SSH_ORIGINAL_COMMAND"
+          else
+            tmux attach || tmux -c weechat
+          end
+        ''}
+    '';
+  };
+  users.users.chat.openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCTeuG1alKNNqoT2d5nUAlH0Otsk0NHM7nmkYC5Yfk8qcLsgY4v2dXlyrMzieajYgDjndEApgO3/S/V0EQGhvHc0UugC6LU84jHPwsgYVABRmFS74v/ww8NigaNIAevwWl+DxlnK4nnWdB1lo4xS69ooQdvoAjbubk16dP04LsAbH8Z+3cPB5WKAaayNx62DUwObzDSpztqCagCZzlqpwKG1UGJngrqEhk7B5Q0v9iCk91gqVkLSPllsB00+bqIimgkMVIZnoLLh7pcEgOvbG0yP2EG3ttDNN3jPpqE6mu+znfLq+ua/MwJy5hjmY5R54yPlcvFdsIU34jrdMCDvWqpV49VrLwVvkFN3lRZln/9eifkXXJciP4Ber3xEl8JltysV1PE5iJunWfbcOy0fwsYvBChDeyR5G3CLG2c25jKL9f1Iq95QBBMVYgIxq/dpGy0tjB+24w1JzsorvElsmz5etXLXCydLP07ic9PfSu1Wmwu7F0tweIk52x97sra6ePhtY+TTRffjjDz0DEho1bWDfrPV0xfPPAWXWTKYisVO4VVmMQsJbtXrfxUJbappM5vIXcJ+2JpT2Oh7Kiy3rjm+pd7rukgoCp7yN5z8v+2vuOfHqBuKUwlaRg/XNMyPrbnGGzVR1xzUuhwdOnjAyMmAr95Ne9hRBPwfVo2NR/ZZw=="
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpWMKJrYaI9BRFCeVimQfHkg0THZJwLqh+z2fFxLU7q stuebinm@pixelimn"
+  ];
+}