services: add Quassel

Unfortunately this service is stateful, you need to connect to it to set
up the first user.

configuration.nix

@@ -107,6 +107,8 @@
     pirate.enable = true;
     # Regular backups
     postgresql-backup.enable = true;
+    # An IRC client daemon
+    quassel.enable = true;
     # RSS provider for websites that do not provide any feeds
     rss-bridge.enable = true;
     # Usenet client

services/default.nix

@@ -11,6 +11,7 @@
     ./nginx.nix
     ./pirate.nix
     ./postgresql-backup.nix
+    ./quassel.nix
     ./rss-bridge.nix
     ./sabnzbd.nix
     ./transmission.nix

services/quassel.nix

@@ -0,0 +1,35 @@
+# An IRC client daemon
+{ config, lib, ... }:
+let
+  cfg = config.my.services.quassel;
+  domain = config.networking.domain;
+in
+{
+  options.my.services.quassel = with lib; {
+    enable = mkEnableOption "Quassel IRC client daemon";
+    port = mkOption {
+      type = types.port;
+      default = 4242;
+      example = 8080;
+      description = "The port number for Quassel";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.quassel = {
+      enable = true;
+      portNumber = cfg.port;
+      # Let's be secure
+      requireSSL = true;
+      certificateFile = config.security.acme.certs."${domain}".directory + "/full.pem";
+      # The whole point *is* to connect from other clients
+      interfaces = [ "0.0.0.0" ];
+    };
+
+    # Allow Quassel to read the certificates.
+    users.groups.acme.members = [ "quassel" ];
+
+    # Open port for Quassel
+    networking.firewall.allowedTCPPorts = [ cfg.port ];
+  };
+}