From 44f4bbb79f339912dcc7080853133a1d16163dda Mon Sep 17 00:00:00 2001
From: Yorick van Pelt <yorick@yorickvanpelt.nl>
Date: Wed, 22 Mar 2023 12:55:13 +0100
Subject: [PATCH] pennyworth: add weechat relay

---
 nixos/machines/pennyworth/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/nixos/machines/pennyworth/default.nix b/nixos/machines/pennyworth/default.nix
index 93f15e0..3f0eab3 100644
--- a/nixos/machines/pennyworth/default.nix
+++ b/nixos/machines/pennyworth/default.nix
@@ -90,6 +90,12 @@ in {
     "media.yori.cc" = sslforward "http://${vpn.ips.frumar}:32001";
   };
   networking.firewall.allowedUDPPorts = [ 31790 ]; # wg
+  networking.firewall.allowedTCPPorts = [ 60307 ]; # weechat relay
+  security.acme.certs."pennyworth.yori.cc".postRun = ''
+    cat fullchain.pem key.pem > /home/yorick/.weechat/ssl/relay.pem
+    chown yorick:users /home/yorick/.weechat/ssl/relay.pem
+    chmod 0600 $_
+  '';
   networking.wireguard.interfaces.wg-y.peers = lib.mkForce (lib.mapAttrsToList
     (machine: publicKey: {
       inherit publicKey;