about summary refs log tree commit diff
path: root/users/wpcarro/nixos/diogenes
diff options
context:
space:
mode:
Diffstat (limited to 'users/wpcarro/nixos/diogenes')
-rw-r--r--users/wpcarro/nixos/diogenes/default.nix24
1 files changed, 20 insertions, 4 deletions
diff --git a/users/wpcarro/nixos/diogenes/default.nix b/users/wpcarro/nixos/diogenes/default.nix
index d3de8890d3f2..5bcf404127a3 100644
--- a/users/wpcarro/nixos/diogenes/default.nix
+++ b/users/wpcarro/nixos/diogenes/default.nix
@@ -5,6 +5,7 @@ let
   inherit (depot.users.wpcarro) keys;
 in {
   imports = [
+    "${depot.path}/ops/modules/quassel.nix"
     (pkgs.path + "/nixos/modules/virtualisation/google-compute-image.nix")
   ];
 
@@ -27,7 +28,7 @@ in {
     users = {
       wpcarro = {
         isNormalUser = true;
-        extraGroups = [ "wheel" ];
+        extraGroups = [ "wheel" "quassel" ];
         openssh.authorizedKeys.keys = keys.all;
         shell = pkgs.fish;
       };
@@ -35,9 +36,16 @@ in {
   };
 
   security = {
-    # Provision SSL certificates to support HTTPS connections.
-    acme.acceptTerms = true;
-    acme.email = "wpcarro@gmail.com";
+    acme = {
+      acceptTerms = true;
+      email = "wpcarro@gmail.com";
+
+      certs."quassel.wpcarro.dev" = {
+        email = "wpcarro@gmail.com";
+        webroot = "/var/lib/acme/challenge-quassel";
+        group = "quassel";
+      };
+    };
 
     sudo.wheelNeedsPassword = false;
   };
@@ -62,6 +70,14 @@ in {
       preserveGenerations = "14d";
     };
 
+    depot.quassel = {
+      enable = true;
+      acmeHost = "quassel.wpcarro.dev";
+      bindAddresses = [
+        "0.0.0.0"
+      ];
+    };
+
     journaldriver = {
       enable = true;
       logStream = "home";