Bruno BELANYI
c856933803
Let's consolidate all modules under one path, so that NixOS, home-manager, and nix-darwin (if I ever end up using it down the line) would go under the same folder.
51 lines
1.3 KiB
Nix
51 lines
1.3 KiB
Nix
# An IRC client daemon
|
|
{ config, lib, ... }:
|
|
let
|
|
cfg = config.my.services.quassel;
|
|
domain = config.networking.domain;
|
|
in
|
|
{
|
|
options.my.services.quassel = with lib; {
|
|
enable = mkEnableOption "Quassel IRC client daemon";
|
|
port = mkOption {
|
|
type = types.port;
|
|
default = 4242;
|
|
example = 8080;
|
|
description = "The port number for Quassel";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
services.quassel = {
|
|
enable = true;
|
|
portNumber = cfg.port;
|
|
# Let's be secure
|
|
requireSSL = true;
|
|
certificateFile = config.security.acme.certs."${domain}".directory + "/full.pem";
|
|
# The whole point *is* to connect from other clients
|
|
interfaces = [ "0.0.0.0" ];
|
|
};
|
|
|
|
# Allow Quassel to read the certificates.
|
|
users.groups.acme.members = [ "quassel" ];
|
|
|
|
# Open port for Quassel
|
|
networking.firewall.allowedTCPPorts = [ cfg.port ];
|
|
|
|
# Create storage DB
|
|
services.postgresql = {
|
|
enable = true;
|
|
ensureDatabases = [ "quassel" ];
|
|
ensureUsers = [
|
|
{
|
|
name = "quassel";
|
|
ensurePermissions."DATABASE quassel" = "ALL PRIVILEGES";
|
|
}
|
|
];
|
|
# Insecure, I don't care.
|
|
# Because Quassel does not use the socket, I simply trust its connection
|
|
authentication = "host quassel quassel localhost trust";
|
|
};
|
|
};
|
|
}
|