From e2e15791854178ab36d90c19005c5994b95e21c8 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Wed, 8 Jul 2020 23:03:07 +0100 Subject: feat(tazjin/camden): Configure Quassel core instance I'm not actually sure if this will apply cleanly, because the new NixOS ACME module is kind of broken. Change-Id: I39584333dbea0a5f7b72e68d5e9f752a4c31bfe6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/957 Tested-by: BuildkiteCI Reviewed-by: tazjin --- users/tazjin/nixos/camden/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'users/tazjin/nixos/camden') diff --git a/users/tazjin/nixos/camden/default.nix b/users/tazjin/nixos/camden/default.nix index 8927b2e85ae5..d0d97e962102 100644 --- a/users/tazjin/nixos/camden/default.nix +++ b/users/tazjin/nixos/camden/default.nix @@ -18,6 +18,7 @@ in lib.fix(self: { "${depot.depotPath}/ops/nixos/clbot.nix" "${depot.depotPath}/ops/nixos/depot.nix" "${depot.depotPath}/ops/nixos/monorepo-gerrit.nix" + "${depot.depotPath}/ops/nixos/quassel.nix" "${depot.depotPath}/ops/nixos/smtprelay.nix" "${depot.depotPath}/ops/nixos/sourcegraph.nix" "${depot.depotPath}/ops/nixos/tvl-slapd/default.nix" @@ -220,6 +221,13 @@ in lib.fix(self: { postRun = "systemctl reload nginx"; }; + certs."quassel.tazj.in" = { + webroot = "/var/lib/acme/challenge-quassel"; + user = "nginx"; # required because of a bug in the ACME module + group = "quassel"; + allowKeysForGroup = true; + }; + certs."tvl.fyi" = { user = "nginx"; group = "nginx"; @@ -288,6 +296,14 @@ in lib.fix(self: { }; }; + services.depot.quassel = { + enable = true; + acmeHost = "quassel.tazj.in"; + bindAddresses = [ + "0.0.0.0" + ]; + }; + # serve my website(s) services.nginx = { enable = true; -- cgit 1.4.1