diff options
author | Lars Jellema <lars.jellema@gmail.com> | 2019-02-14 14:31:41 +0100 |
---|---|---|
committer | Lars Jellema <lars.jellema@gmail.com> | 2019-02-14 14:36:21 +0100 |
commit | 85675c139f40b58f33c68d26d509e4aa5d11f598 (patch) | |
tree | 0cb684d63f85b7412c98e0db4fd1ec9a29c34e39 /nixos | |
parent | 36f316007494c388df1fec434c1e658542e3c3cc (diff) |
nixos/quassel: Add support for certificate file
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/quassel.nix | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/quassel.nix b/nixos/modules/services/networking/quassel.nix index d850bb8b1305f..b223a48e05501 100644 --- a/nixos/modules/services/networking/quassel.nix +++ b/nixos/modules/services/networking/quassel.nix @@ -23,6 +23,22 @@ in ''; }; + certificateFile = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Path to the certificate used for SSL connections with clients. + ''; + }; + + requireSSL = mkOption { + type = types.bool; + default = false; + description = '' + Require SSL for connections from clients. + ''; + }; + package = mkOption { type = types.package; default = pkgs.quasselDaemon; @@ -71,6 +87,10 @@ in ###### implementation config = mkIf cfg.enable { + assertions = [ + { assertion = cfg.requireSSL -> cfg.certificateFile != null; + message = "Quassel needs a certificate file in order to require SSL"; + }]; users.users = mkIf (cfg.user == null) [ { name = "quassel"; @@ -98,7 +118,13 @@ in serviceConfig = { - ExecStart = "${quassel}/bin/quasselcore --listen=${concatStringsSep '','' cfg.interfaces} --port=${toString cfg.portNumber} --configdir=${cfg.dataDir}"; + ExecStart = concatStringsSep " " ([ + "${quassel}/bin/quasselcore" + "--listen=${concatStringsSep "," cfg.interfaces}" + "--port=${toString cfg.portNumber}" + "--configdir=${cfg.dataDir}" + ] ++ optional cfg.requireSSL "--require-ssl" + ++ optional (cfg.certificateFile != null) "--ssl-cert=${cfg.certificateFile}"); User = user; PermissionsStartOnly = true; }; |