Weechat: Difference between revisions
imported>Rokka Added example for single file overlay. |
imported>Sdier Add glowing bear/nginx/oauth2 instructions. |
||
Line 101: | Line 101: | ||
} | } | ||
</syntaxhighlight> | |||
== Glowing Bear, nginx, TLS, and Oauth2 Proxy == | |||
One can set up Glowing Bear as a web client to Weechat. However, its best to proxy inbound connections from the internet through a more robust service with TLS enabled. Lastly, it's convenient to reuse an auth provider to provide access to internal applications. | |||
This configuration snippet can illustrate how to configure it: | |||
<syntaxhighlight lang="nix"> | |||
{ config, pkgs, ... }: | |||
{ | |||
services.weechat.enable = true; | |||
# Go read the terms at https://letsencrypt.org/repository/ | |||
security.acme.acceptTerms = false; | |||
security.acme.email = ""; | |||
services.nginx = { | |||
enable = true; | |||
recommendedGzipSettings = true; | |||
recommendedOptimisation = true; | |||
recommendedProxySettings = true; | |||
recommendedTlsSettings = true; | |||
# You'd think this is a good idea, but Safari doesn't support 1.3 on websockets yet from my testing in 2020. If one is only using Chrome, consider it. | |||
# sslProtocols = "TLSv1.3"; | |||
virtualHosts = { | |||
"irc.your.fqdn.goes.here" = { | |||
forceSSL = true; | |||
enableACME = true; | |||
locations."^~ /weechat" = { | |||
proxyPass = "http://127.0.0.1:9000"; | |||
proxyWebsockets = true; | |||
}; | |||
locations."/" = { | |||
root = pkgs.glowing-bear; | |||
}; | |||
}; | |||
}; | |||
services.oauth2.proxy = { | |||
enable = true; | |||
email.addresses = '' | |||
# your email goes here for authorization | |||
''; | |||
nginx.virtualhosts = [ | |||
"irc.your.fqdn.goes.here" | |||
]; | |||
clientID = ""; | |||
keyFile = ""; | |||
}; | |||
} | |||
</syntaxhighlight> | </syntaxhighlight> |