diff options
| author | Max Audron <audron@cocaine.farm> | 2023-10-06 18:27:27 +0200 |
|---|---|---|
| committer | Max Audron <audron@cocaine.farm> | 2023-10-06 18:27:27 +0200 |
| commit | ae075c83a3d616dd87713c44df7e4501f276e8be (patch) | |
| tree | a4b7a956bae8bfe7461d29b04662597e03c2a183 /modules/quassel | |
| parent | fix wireguard postShutdown errors (diff) | |
eanble ldap and ssl for quassel
Diffstat (limited to 'modules/quassel')
| -rw-r--r-- | modules/quassel/default.nix | 25 | ||||
| -rw-r--r-- | modules/quassel/package.nix | 94 | ||||
| -rw-r--r-- | modules/quassel/quassel.nix | 30 |
3 files changed, 128 insertions, 21 deletions
diff --git a/modules/quassel/default.nix b/modules/quassel/default.nix index e69d275..efb9661 100644 --- a/modules/quassel/default.nix +++ b/modules/quassel/default.nix @@ -3,8 +3,6 @@ let quassel = pkgs.libsForQt5.callPackage ./package.nix { tag = "-core"; - postgresql = pkgs.postgresql; - withLdap = true; client = false; monolithic = false; @@ -20,21 +18,26 @@ in services.quassel = { enable = true; - configFromEnvironment = true; - # package = quassel; + package = quassel; settings = { - dataDir = "/var/lib/quassel"; listen = [ "178.63.224.10" "2a01:4f8:231:56a::10" ]; + dataDir = "/var/lib/quassel"; + configFromEnvironment = true; db = { backend = "PostgreSQL"; pgsql = { database = "quassel"; }; }; + ssl = { + required = true; + certFile = "/var/lib/acme/cocaine.farm/cert.pem"; + keyFile = "/var/lib/acme/cocaine.farm/key.pem"; + }; auth = { - # authenticator = "Ldap"; + authenticator = "LDAP"; ldap = { - hostname = "10.10.0.1"; + hostname = "ldap://10.10.0.1"; port = 389; bindDN = "cn=quassel,ou=users,dc=quassel,dc=vapor,dc=systems"; baseDN = "dc=quassel,dc=vapor,dc=systems"; @@ -52,4 +55,12 @@ in dest = "/etc/secrets/quassel-ldap"; }; }; + + users.users.quassel.extraGroups = [ "acme" ]; + + security.acme.certs = { + "cocaine.farm" = { + reloadServices = [ "quassel" ]; + }; + }; } diff --git a/modules/quassel/package.nix b/modules/quassel/package.nix new file mode 100644 index 0000000..1324ec2 --- /dev/null +++ b/modules/quassel/package.nix @@ -0,0 +1,94 @@ +{ monolithic ? true # build monolithic Quassel +, enableDaemon ? false # build Quassel daemon +, client ? false # build Quassel client +, tag ? "-kf5" # tag added to the package name +, static ? false # link statically + +, lib, stdenv, fetchFromGitHub, cmake, makeWrapper, dconf +, mkDerivation, qtbase, boost, zlib, qtscript +, phonon, libdbusmenu, qca-qt5, openldap + +, withKDE ? true # enable KDE integration +, extra-cmake-modules +, kconfigwidgets +, kcoreaddons +, knotifications +, knotifyconfig +, ktextwidgets +, kwidgetsaddons +, kxmlgui +}: + +let + buildClient = monolithic || client; + buildCore = monolithic || enableDaemon; +in + +assert monolithic -> !client && !enableDaemon; +assert client || enableDaemon -> !monolithic; +assert !buildClient -> !withKDE; # KDE is used by the client only + +let + edf = flag: feature: [("-D" + feature + (if flag then "=ON" else "=OFF"))]; + +in (if !buildClient then stdenv.mkDerivation else mkDerivation) rec { + pname = "quassel${tag}"; + version = "0.14.0"; + + src = fetchFromGitHub { + owner = "quassel"; + repo = "quassel"; + rev = version; + sha256 = "sha256-eulhNcyCmy9ryietOhT2yVJeJH+MMZRbTUo2XuTy9qU="; + }; + + # Prevent ``undefined reference to `qt_version_tag''' in SSL check + env.NIX_CFLAGS_COMPILE = "-DQT_NO_VERSION_TAGGING=1"; + + nativeBuildInputs = [ cmake makeWrapper ]; + buildInputs = [ qtbase boost zlib ] + ++ lib.optionals buildCore [qtscript qca-qt5 openldap] + ++ lib.optionals buildClient [libdbusmenu phonon] + ++ lib.optionals (buildClient && withKDE) [ + extra-cmake-modules kconfigwidgets kcoreaddons + knotifications knotifyconfig ktextwidgets kwidgetsaddons + kxmlgui + ]; + + cmakeFlags = [ + "-DEMBED_DATA=OFF" + "-DUSE_QT5=ON" + ] + ++ edf static "STATIC" + ++ edf monolithic "WANT_MONO" + ++ edf enableDaemon "WANT_CORE" + ++ edf enableDaemon "WITH_LDAP" + ++ edf client "WANT_QTCLIENT" + ++ edf withKDE "WITH_KDE"; + + dontWrapQtApps = true; + + postFixup = + lib.optionalString enableDaemon '' + wrapProgram "$out/bin/quasselcore" --suffix PATH : "${qtbase.bin}/bin" + '' + + lib.optionalString buildClient '' + wrapQtApp "$out/bin/quassel${lib.optionalString client "client"}" \ + --prefix GIO_EXTRA_MODULES : "${dconf}/lib/gio/modules" + ''; + + meta = with lib; { + homepage = "https://quassel-irc.org/"; + description = "Qt/KDE distributed IRC client supporting a remote daemon"; + longDescription = '' + Quassel IRC is a cross-platform, distributed IRC client, + meaning that one (or multiple) client(s) can attach to + and detach from a central core -- much like the popular + combination of screen and a text-based IRC client such + as WeeChat, but graphical (based on Qt4/KDE4 or Qt5/KF5). + ''; + license = licenses.gpl3; + maintainers = with maintainers; [ ttuegel ]; + inherit (qtbase.meta) platforms; + }; +} diff --git a/modules/quassel/quassel.nix b/modules/quassel/quassel.nix index 6d259d0..13f6ba9 100644 --- a/modules/quassel/quassel.nix +++ b/modules/quassel/quassel.nix @@ -42,15 +42,6 @@ in ''; }; - configFromEnvironment = mkOption { - default = false; - type = types.bool; - description = '' - Configure quassels authenticator and database settings using environment variables, - Instead of imperatively setting it up using the setup wizard during first connection to the quassel core. - ''; - }; - settings = mkOption { description = literalExpression '' Configuration for quassel daemon. @@ -84,6 +75,15 @@ in ''; }; + configFromEnvironment = mkOption { + default = false; + type = types.bool; + description = '' + Configure quassels authenticator and database settings using environment variables, + Instead of imperatively setting it up using the setup wizard during first connection to the quassel core. + ''; + }; + ident = mkOption { description = literalExpression '' Configuration for quassels internal ident daemon. @@ -303,7 +303,7 @@ in type = types.submodule { options = { authenticator = mkOption { - type = types.enum [ "Database" "Ldap" ]; + type = types.enum [ "Database" "LDAP" ]; default = "Database"; description = '' Specify the backend used to authenticate users to quassel. Either "Database" to @@ -452,7 +452,7 @@ in "--metrics-listen=${concatStringsSep "," cfg.settings.metrics.listen}" "--metrics-port=${toString cfg.settings.metrics.port}" ] - ++ optional cfg.configFromEnvironment "--config-from-environment" + ++ optional cfg.settings.configFromEnvironment "--config-from-environment" # SSL ++ optional cfg.settings.ssl.required "--require-ssl" @@ -460,9 +460,11 @@ in ++ optional (cfg.settings.ssl.keyFile != null) "--ssl-key=${cfg.settings.ssl.keyFile}" )); + ExecReload="${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; - Environment = mkIf cfg.configFromEnvironment ([ + Environment = mkIf cfg.settings.configFromEnvironment ([ "AUTH_AUTHENTICATOR=${cfg.settings.auth.authenticator}" "DB_BACKEND=${cfg.settings.db.backend}" ] ++ (optional (cfg.settings.db.backend == "PostgreSQL") [ @@ -471,14 +473,14 @@ in "DB_PGSQL_USERNAME=${cfg.settings.db.pgsql.username}" "DB_PGSQL_PORT=${toString cfg.settings.db.pgsql.port}" ] ++ optional (cfg.settings.db.pgsql.password != null) "DB_PGSQL_PASSWORD=${cfg.settings.db.pgsql.password}" - ) ++ (optional (cfg.settings.auth.authenticator == "Ldap") [ + ) ++ (optional (cfg.settings.auth.authenticator == "LDAP") [ "AUTH_LDAP_BASE_DN=${cfg.settings.auth.ldap.baseDN}" "AUTH_LDAP_BIND_DN=${cfg.settings.auth.ldap.bindDN}" "AUTH_LDAP_FILTER=${cfg.settings.auth.ldap.filter}" "AUTH_LDAP_HOSTNAME=${cfg.settings.auth.ldap.hostname}" "AUTH_LDAP_PORT=${toString cfg.settings.auth.ldap.port}" "AUTH_LDAP_UID_ATTRIBUTE=${cfg.settings.auth.ldap.uidAttribute}" - ] /* ++ optional (cfg.settings.auth.ldap.bindPassword != null) "AUTH_LDAP_BIND_PASSWORD=${cfg.settings.auth.ldap.bindPassword}" */ + ] ++ optional (cfg.settings.auth.ldap.bindPassword != null) "AUTH_LDAP_BIND_PASSWORD=${cfg.settings.auth.ldap.bindPassword}" )); User = user; }; |