eanble ldap and ssl for quassel

1 files changed, 18 insertions, 7 deletions

diff --git a/modules/quassel/default.nix b/modules/quassel/default.nix
index e69d275..efb9661 100644
--- a/modules/quassel/default.nix
+++ b/modules/quassel/default.nix
@@ -3,8 +3,6 @@
 let
   quassel = pkgs.libsForQt5.callPackage ./package.nix {
     tag = "-core";
-    postgresql = pkgs.postgresql;
-    withLdap = true;
 
     client = false;
     monolithic = false;
@@ -20,21 +18,26 @@ in
 
   services.quassel = {
     enable = true;
-    configFromEnvironment = true;
-    # package = quassel;
+    package = quassel;
     settings = {
-      dataDir = "/var/lib/quassel";
       listen = [ "178.63.224.10" "2a01:4f8:231:56a::10" ];
+      dataDir = "/var/lib/quassel";
+      configFromEnvironment = true;
       db = {
         backend = "PostgreSQL";
         pgsql = {
           database = "quassel";
         };
       };
+      ssl = {
+        required = true;
+        certFile = "/var/lib/acme/cocaine.farm/cert.pem";
+        keyFile = "/var/lib/acme/cocaine.farm/key.pem";
+      };
       auth = {
-        # authenticator = "Ldap";
+        authenticator = "LDAP";
         ldap = {
-          hostname = "10.10.0.1";
+          hostname = "ldap://10.10.0.1";
           port = 389;
           bindDN = "cn=quassel,ou=users,dc=quassel,dc=vapor,dc=systems";
           baseDN = "dc=quassel,dc=vapor,dc=systems";
@@ -52,4 +55,12 @@ in
       dest = "/etc/secrets/quassel-ldap";
     };
   };
+
+  users.users.quassel.extraGroups = [ "acme" ];
+
+  security.acme.certs = {
+    "cocaine.farm" = {
+      reloadServices = [ "quassel" ];
+    };
+  };
 }