Merge pull request #258520 from Benjamin-L/soju-admin-socket

- The `krb5` module has been rewritten and moved to `security.krb5`, moving all options but `security.krb5.enable` and `security.krb5.package` into `security.krb5.settings`.

- `services.soju` now has a wrapper for the `sojuctl` command, pointed at the service config file. It also has the new option `adminSocket.enable`, which creates a unix admin socket at `/run/soju/admin`.

- Gitea 1.21 upgrade has several breaking changes, including:

  - Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*`

  - New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command.

let

  cfg = config.services.soju;

  stateDir = "/var/lib/soju";

  listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") cfg.listen;

  runtimeDir = "/run/soju";

  listen = cfg.listen

    ++ optional cfg.adminSocket.enable "unix+admin://${runtimeDir}/admin";

  listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") listen;

  tlsCfg = optionalString (cfg.tlsCertificate != null)

    "tls ${cfg.tlsCertificate} ${cfg.tlsCertificateKey}";

  logCfg = optionalString cfg.enableMessageLogging

    ${cfg.extraConfig}

  '';

  sojuctl = pkgs.writeShellScriptBin "sojuctl" ''

    exec ${cfg.package}/bin/sojuctl --config ${configFile} "$@"

  '';

in

{

  ###### interface

  options.services.soju = {

    enable = mkEnableOption (lib.mdDoc "soju");

    package = mkPackageOption pkgs "soju" { };

    listen = mkOption {

      type = types.listOf types.str;

      default = [ ":6697" ];

      description = lib.mdDoc "Whether to enable message logging.";

    };

    adminSocket.enable = mkOption {

      type = types.bool;

      default = true;

      description = lib.mdDoc ''

        Listen for admin connections from sojuctl at /run/soju/admin.

      '';

    };

    httpOrigins = mkOption {

      type = types.listOf types.str;

      default = [];

      }

    ];

    environment.systemPackages = [ sojuctl ];

    systemd.services.soju = {

      description = "soju IRC bouncer";

      wantedBy = [ "multi-user.target" ];

      serviceConfig = {

        DynamicUser = true;

        Restart = "always";

        ExecStart = "${pkgs.soju}/bin/soju -config ${configFile}";

        ExecStart = "${cfg.package}/bin/soju -config ${configFile}";

        StateDirectory = "soju";

        RuntimeDirectory = "soju";

      };

    };

  };

  soapui = handleTest ./soapui.nix {};

  soft-serve = handleTest ./soft-serve.nix {};

  sogo = handleTest ./sogo.nix {};

  soju = handleTest ./soju.nix {};

  solanum = handleTest ./solanum.nix {};

  sonarr = handleTest ./sonarr.nix {};

  sonic-server = handleTest ./sonic-server.nix {};

import ./make-test-python.nix ({ pkgs, lib, ... }:

let

  certs = import ./common/acme/server/snakeoil-certs.nix;

  domain = certs.domain;

  user = "testuser";

  pass = "hunter2";

in

{

  name = "soju";

  meta.maintainers = with lib.maintainers; [ Benjamin-L ];

  nodes.machine = { ... }: {

    services.soju = {

      enable = true;

      adminSocket.enable = true;

      hostName = domain;

      tlsCertificate = certs.${domain}.cert;

      tlsCertificateKey = certs.${domain}.key;

    };

  };

  testScript = ''

    start_all()

    machine.wait_for_unit("soju")

    machine.wait_for_file("/run/soju/admin")

    machine.succeed("sojuctl user create -username ${user} -password ${pass}")

  '';

})