5 files changed, 55 insertions, 8 deletions

diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix
index 0ce0345d8..3153e4cfc 100644
--- a/krebs/3modules/ergo.nix
+++ b/krebs/3modules/ergo.nix
@@ -6,6 +6,7 @@
         type = (pkgs.formats.json {}).type;
         description = ''
           Ergo IRC daemon configuration file.
+          https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml
         '';
         default = {
           network = {
@@ -34,19 +35,34 @@
             };
           };
           datastore = {
+            autoupgrade = true;
             path = "/var/lib/ergo/ircd.db";
           };
           accounts = {
             authentication-enabled = true;
             registration = {
               enabled = true;
-              email-verification = {
-                enabled = false;
+              allow-before-connect = true;
+              throttling = {
+                enabled = true;
+                duration = "10m";
+                max-attempts = 30;
               };
+              bcrypt-cost = 4;
+              email-verification.enabled = false;
+            };
+            multiclient = {
+              enabled = true;
+              allowed-by-default = true;
+              always-on = "opt-in";
+              auto-away = "opt-in";
             };
           };
           channels = {
-            default-modes = "+nt";
+            default-modes = "+ntC";
+            registration = {
+              enabled = true;
+            };
           };
           limits = {
             nicklen = 32;
@@ -56,6 +72,31 @@
             kicklen = 390;
             topiclen = 390;
           };
+          history = {
+            enabled = true;
+            channel-length = 2048;
+            client-length = 256;
+            autoresize-window = "3d";
+            autoreplay-on-join = 0;
+            chathistory-maxmessages = 100;
+            znc-maxmessages = 2048;
+            restrictions = {
+              expire-time = "1w";
+              query-cutoff = "none";
+              grace-period = "1h";
+            };
+            retention = {
+              allow-individual-delete = false;
+              enable-account-indexing = false;
+            };
+            tagmsg-storage = {
+              default = false;
+              whitelist = [
+                "+draft/react"
+                "+react"
+              ];
+            };
+          };
         };
       };
     };
@@ -64,13 +105,17 @@
     cfg = config.krebs.ergo;
     configFile = pkgs.writeJSON "ergo.conf" cfg.config;
   in lib.mkIf cfg.enable ({
+    environment.etc."ergo.yaml".source = configFile;
     krebs.ergo.config =
       lib.mapAttrsRecursive (_: lib.mkDefault) options.krebs.ergo.config.default;
     systemd.services.ergo = {
       description = "Ergo IRC daemon";
       wantedBy = [ "multi-user.target" ];
+      reloadIfChanged = true;
+      restartTriggers = [ configFile ];
       serviceConfig = {
-        ExecStart = "${pkgs.ergo}/bin/ergo run --conf ${configFile}";
+        ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml";
+        ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
         DynamicUser = true;
         StateDirectory = "ergo";
       };
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 4a87c3501..4c4e53f2f 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -253,12 +253,12 @@ in {
       };
     };
 
-    pinpox-ahorn = {
+    ahorn = {
       owner = config.krebs.users.pinpox;
       nets = {
         retiolum = {
           ip4.addr = "10.243.100.100";
-          aliases = [ "pinpox-ahorn.r" ];
+          aliases = [ "ahorn.r" ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
             MIICCgKCAgEAyfCuWUYEqp4vEt+a6DRvFpIrBu+GlkpNs/mE4OHzATQLNnWooOXQ
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index b1e11b452..9a3c855f4 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -173,7 +173,7 @@ in {
         };
         retiolum = {
           via = internet;
-          aliases = [ "eve.r" ];
+          aliases = [ "eve.r" "tts.r" ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
             MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH
diff --git a/krebs/3modules/external/ssh/kmein.pub b/krebs/3modules/external/ssh/kmein.pub
index 5711a2c1c..8eade3498 100644
--- a/krebs/3modules/external/ssh/kmein.pub
+++ b/krebs/3modules/external/ssh/kmein.pub
@@ -1 +1,2 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC19H0FhSNWcfBRPKzbTVSMJikIWZl0CoM8zCm+/3fdMgoaLRpeZWe/AfDK6b4qOjk/sez/J0JUFCGr+JbMwjsduoazsuQowu9L9DLP9Q5UkJje4BD7MHznaeu9/XfVng/MvyaEWArA/VUJeKQesHe76tR511/+n3+bdzlIh8Zw/3wfFxmg1OTNA99/vLkXrQzHDTuV/yj1pxykL4xFtN0OIssW1IKncJeKtkO/OHGT55ypz52Daj6bNKqvxiTuzeEhv5M+5ppyIPcRf1uj/7IaPKttCgZAntEqBTIR9MbyXFeAZVayzaFnLl2okeam5XreeZbj+Y1h2ZjxiIuWoab3MLndSekVfLtfa63gtcWIf8CIvZO2wJoH8v73y0U78JsfWVaTM09ZCfFlHHA/bWqZ6laAjW+mWLO/c77DcYkB3IBzaMVNfc6mfTcGFIC+biWeYpKgA0zC6rByUPbmbIoMueP9zqJwqUaM90Nwd6559inBB107/BK3Ktb3b+37mMCstetIPB9e4EFpGMjhmnL/G81jS53ACWLXJYzt7mKU/fEsiW93MtaB+Le46OEC18y/4G8F7p/nnH7i0kO74ukxbnc4PlpiM7iWT6ra2Cyy+nzEgdXCNXywIxr05TbCQDwX6/NY8k7Hokgdfyz+1Pq3sX0yCcWRPaoB26YF12KYFQ== kieran.meinhardt@gmail.com
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyTnGhFq0Q+vghNhrqNrAyY+CsN7nNz8bPfiwIwNpjk
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiQEc8rTr7C7xVLYV7tQ99BDDBLrJsy5hslxtCEatkB
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 1b5d903cb..5e0e69924 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -92,6 +92,7 @@ in {
             h5ZUzfd1r1pTzQ0nYD5aRtlDd7zP7y5tUwIDAQAB
             -----END RSA PUBLIC KEY-----
           '';
+          tinc.pubkey_ed25519 = "ugy/sGReVro3YzjDuroV/5hdeBdqD18no9dMhTy9DYL";
         };
       };
       ssh.privkey.path = <secrets/ssh.id_ed25519>;