nixos/quassel: Add support for certificate file

2019-02-14 14:31:41 +01:00 · 2019-02-14 14:31:41 +01:00 · 85675c139f
commit 85675c139f
parent 36f3160074
1 changed files with 27 additions and 1 deletions
--- a/nixos/modules/services/networking/quassel.nix
+++ b/nixos/modules/services/networking/quassel.nix
@ -23,6 +23,22 @@ in
        '';
      };

+      certificateFile = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = ''
+          Path to the certificate used for SSL connections with clients.
+        '';
+      };
+
+      requireSSL = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Require SSL for connections from clients.
+        '';
+      };
+
      package = mkOption {
        type = types.package;
        default = pkgs.quasselDaemon;
@ -71,6 +87,10 @@ in
  ###### implementation

  config = mkIf cfg.enable {
+    assertions = [
+      { assertion = cfg.requireSSL -> cfg.certificateFile != null;
+        message = "Quassel needs a certificate file in order to require SSL";
+      }];

    users.users = mkIf (cfg.user == null) [
      { name = "quassel";
@ -98,7 +118,13 @@ in

        serviceConfig =
        {
-          ExecStart = "${quassel}/bin/quasselcore --listen=${concatStringsSep '','' cfg.interfaces} --port=${toString cfg.portNumber} --configdir=${cfg.dataDir}";
+          ExecStart = concatStringsSep " " ([
+            "${quassel}/bin/quasselcore"
+            "--listen=${concatStringsSep "," cfg.interfaces}"
+            "--port=${toString cfg.portNumber}"
+            "--configdir=${cfg.dataDir}"
+          ] ++ optional cfg.requireSSL "--require-ssl"
+            ++ optional (cfg.certificateFile != null) "--ssl-cert=${cfg.certificateFile}");
          User = user;
          PermissionsStartOnly = true;
        };