blob: 7ea3acfad305b947b562a96dd1812cf12f230fe2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
{ config, lib, pkgs, ... }:
let
quassel = pkgs.libsForQt5.callPackage ./package.nix {
tag = "-core";
client = false;
monolithic = false;
enableDaemon = true;
withKDE = false;
};
in
{
disabledModules =
[ "services/networking/quassel.nix" ];
imports = [ ./quassel.nix ];
services.quassel = {
enable = true;
package = quassel;
openFirewall = true;
extraGroups = [ "acme" ];
settings = {
listen = [ "178.63.224.10" "2a01:4f8:231:56a::10" ];
dataDir = "/var/lib/quassel";
useDeclarativeConfig = true;
db = {
backend = "postgresql";
};
metrics.enable = true;
logLevel = "Debug";
ssl = {
required = true;
certFile = "/var/lib/acme/cocaine.farm/cert.pem";
keyFile = "/var/lib/acme/cocaine.farm/key.pem";
};
auth = {
authenticator = "LDAP";
ldap = {
hostname = "ldap://10.10.0.1";
port = 389;
bindDN = "cn=quassel,ou=users,dc=quassel,dc=vapor,dc=systems";
baseDN = "dc=quassel,dc=vapor,dc=systems";
filter = "(objectClass=inetOrgPerson)";
uidAttribute = "cn";
};
};
};
environmentFile = "/etc/secrets/quassel-ldap";
};
secrets = {
quasselLdap = {
source = ../../secrets/authentik/quassel;
dest = "/etc/secrets/quassel-ldap";
};
};
security.acme.certs = {
"cocaine.farm" = {
reloadServices = [ "quassel" ];
};
};
}
|
