From 85675c139f40b58f33c68d26d509e4aa5d11f598 Mon Sep 17 00:00:00 2001 From: Lars Jellema Date: Thu, 14 Feb 2019 14:31:41 +0100 Subject: nixos/quassel: Add support for certificate file --- nixos/modules/services/networking/quassel.nix | 28 ++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/quassel.nix b/nixos/modules/services/networking/quassel.nix index d850bb8b1305f..b223a48e05501 100644 --- a/nixos/modules/services/networking/quassel.nix +++ b/nixos/modules/services/networking/quassel.nix @@ -23,6 +23,22 @@ in ''; }; + certificateFile = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Path to the certificate used for SSL connections with clients. + ''; + }; + + requireSSL = mkOption { + type = types.bool; + default = false; + description = '' + Require SSL for connections from clients. + ''; + }; + package = mkOption { type = types.package; default = pkgs.quasselDaemon; @@ -71,6 +87,10 @@ in ###### implementation config = mkIf cfg.enable { + assertions = [ + { assertion = cfg.requireSSL -> cfg.certificateFile != null; + message = "Quassel needs a certificate file in order to require SSL"; + }]; users.users = mkIf (cfg.user == null) [ { name = "quassel"; @@ -98,7 +118,13 @@ in serviceConfig = { - ExecStart = "${quassel}/bin/quasselcore --listen=${concatStringsSep '','' cfg.interfaces} --port=${toString cfg.portNumber} --configdir=${cfg.dataDir}"; + ExecStart = concatStringsSep " " ([ + "${quassel}/bin/quasselcore" + "--listen=${concatStringsSep "," cfg.interfaces}" + "--port=${toString cfg.portNumber}" + "--configdir=${cfg.dataDir}" + ] ++ optional cfg.requireSSL "--require-ssl" + ++ optional (cfg.certificateFile != null) "--ssl-cert=${cfg.certificateFile}"); User = user; PermissionsStartOnly = true; }; -- cgit 1.4.1