feat(tazjin/camden): Configure Quassel core instance r/1243

I'm not actually sure if this will apply cleanly, because the new
NixOS ACME module is kind of broken.

Change-Id: I39584333dbea0a5f7b72e68d5e9f752a4c31bfe6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/957
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>

1 files changed, 16 insertions, 0 deletions

diff --git a/users/tazjin/nixos/camden/default.nix b/users/tazjin/nixos/camden/default.nix
index 8927b2e85a..d0d97e9621 100644
--- a/users/tazjin/nixos/camden/default.nix
+++ b/users/tazjin/nixos/camden/default.nix
@@ -18,6 +18,7 @@ in lib.fix(self: {
     "${depot.depotPath}/ops/nixos/clbot.nix"
     "${depot.depotPath}/ops/nixos/depot.nix"
     "${depot.depotPath}/ops/nixos/monorepo-gerrit.nix"
+    "${depot.depotPath}/ops/nixos/quassel.nix"
     "${depot.depotPath}/ops/nixos/smtprelay.nix"
     "${depot.depotPath}/ops/nixos/sourcegraph.nix"
     "${depot.depotPath}/ops/nixos/tvl-slapd/default.nix"
@@ -220,6 +221,13 @@ in lib.fix(self: {
       postRun = "systemctl reload nginx";
     };
 
+    certs."quassel.tazj.in" = {
+      webroot = "/var/lib/acme/challenge-quassel";
+      user = "nginx"; # required because of a bug in the ACME module
+      group = "quassel";
+      allowKeysForGroup = true;
+    };
+
     certs."tvl.fyi" = {
       user = "nginx";
       group = "nginx";
@@ -288,6 +296,14 @@ in lib.fix(self: {
     };
   };
 
+  services.depot.quassel = {
+    enable = true;
+    acmeHost = "quassel.tazj.in";
+    bindAddresses = [
+      "0.0.0.0"
+    ];
+  };
+
   # serve my website(s)
   services.nginx = {
     enable = true;