nixpkgs/nixos/modules/services/networking/quassel.nix
2019-02-14 14:36:21 +01:00

136 lines
3.4 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.quassel;
quassel = cfg.package;
user = if cfg.user != null then cfg.user else "quassel";
in
{
###### interface
options = {
services.quassel = {
enable = mkOption {
default = false;
description = ''
Whether to run the Quassel IRC client daemon.
'';
};
certificateFile = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Path to the certificate used for SSL connections with clients.
'';
};
requireSSL = mkOption {
type = types.bool;
default = false;
description = ''
Require SSL for connections from clients.
'';
};
package = mkOption {
type = types.package;
default = pkgs.quasselDaemon;
defaultText = "pkgs.quasselDaemon";
description = ''
The package of the quassel daemon.
'';
example = literalExample "pkgs.quasselDaemon";
};
interfaces = mkOption {
default = [ "127.0.0.1" ];
description = ''
The interfaces the Quassel daemon will be listening to. If `[ 127.0.0.1 ]',
only clients on the local host can connect to it; if `[ 0.0.0.0 ]', clients
can access it from any network interface.
'';
};
portNumber = mkOption {
default = 4242;
description = ''
The port number the Quassel daemon will be listening to.
'';
};
dataDir = mkOption {
default = ''/home/${user}/.config/quassel-irc.org'';
description = ''
The directory holding configuration files, the SQlite database and the SSL Cert.
'';
};
user = mkOption {
default = null;
description = ''
The existing user the Quassel daemon should run as. If left empty, a default "quassel" user will be created.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.requireSSL -> cfg.certificateFile != null;
message = "Quassel needs a certificate file in order to require SSL";
}];
users.users = mkIf (cfg.user == null) [
{ name = "quassel";
description = "Quassel IRC client daemon";
group = "quassel";
uid = config.ids.uids.quassel;
}];
users.groups = mkIf (cfg.user == null) [
{ name = "quassel";
gid = config.ids.gids.quassel;
}];
systemd.services.quassel =
{ description = "Quassel IRC client daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ] ++ optional config.services.postgresql.enable "postgresql.service"
++ optional config.services.mysql.enable "mysql.service";
preStart = ''
mkdir -p ${cfg.dataDir}
chown ${user} ${cfg.dataDir}
'';
serviceConfig =
{
ExecStart = concatStringsSep " " ([
"${quassel}/bin/quasselcore"
"--listen=${concatStringsSep "," cfg.interfaces}"
"--port=${toString cfg.portNumber}"
"--configdir=${cfg.dataDir}"
] ++ optional cfg.requireSSL "--require-ssl"
++ optional (cfg.certificateFile != null) "--ssl-cert=${cfg.certificateFile}");
User = user;
PermissionsStartOnly = true;
};
};
};
}