server-configs/machines/gerd/services/murmur.nix

{ config, lib, ... }:

let
  svc_domain = config.mine.shared.settings.domain;
in {
  services.murmur = let
    certLocation = config.security.acme.certs."${svc_domain}".directory;
  in {
    enable = true;
    openFirewall = true;

    sslCert = certLocation + "/fullchain.pem";
    sslKey = certLocation + "/key.pem";
    
    environmentFile = config.age.secrets.murmur-env.path;
    password = "$MURMUR_PASSWORD";
    welcometext = "Welcome to Friclouds Mumble server!";
  };

  # set superpassword on start from secrets
  systemd.services.murmur.preStart = lib.mkAfter ''${config.services.murmur.package}/bin/mumble-server -ini /run/murmur/murmurd.ini -readsupw < ${config.age.secrets.murmur-superpassword.path}'';

  # automatically reload service
  security.acme.certs."${svc_domain}".reloadServices = [ config.systemd.services.murmur.name ];

  # add murmur user to domain group to access cert
  users.groups.main-domain.members = [ config.users.groups.murmur.name ];

  # secrets
  age.secrets = {
    murmur-env.owner = config.users.users.murmur.name;
    murmur-superpassword.owner = config.users.users.murmur.name;
  };

  # persistence
  environment.persistence.root.directories = [
    "/var/lib/murmur"
  ];

  # meta information about the service.
  mine.shared.meta.murmur = {
    name = "Mumble";
    description = "We host our own mumble server at, which you're welcome to join. The password is {{secrets.MURMUR_PASSWORD}}.";
    url = "mumble://:{{secrets.MURMUR_PASSWORD}}@${svc_domain}";

    secrets.auth = config.age.secrets.murmur-env.path;

    package = let
      pkg = config.services.murmur.package;
    in {
      name = pkg.pname;
      version = pkg.version;
      meta = pkg.meta;
    };
  };
}
gerd.murmur: removed unused argument 2024-08-11 11:39:58 +00:00			`{ config, lib, ... }:`
gerd.murmur: adds murmur server 2024-08-09 20:45:15 +00:00
configure domain in a central file 2024-08-11 12:50:32 +00:00			`let`
modules.settings->shared: renamed mine.settings to mine.shared.settings Allows to use it with other things, such as ... mine.shared.lib mine.shared.meta mine.shared.settings 2024-08-12 18:51:38 +00:00			`svc_domain = config.mine.shared.settings.domain;`
configure domain in a central file 2024-08-11 12:50:32 +00:00			`in {`
gerd.murmur: adds murmur server 2024-08-09 20:45:15 +00:00			`services.murmur = let`
configure domain in a central file 2024-08-11 12:50:32 +00:00			`certLocation = config.security.acme.certs."${svc_domain}".directory;`
gerd.murmur: adds murmur server 2024-08-09 20:45:15 +00:00			`in {`
			`enable = true;`
			`openFirewall = true;`

			`sslCert = certLocation + "/fullchain.pem";`
			`sslKey = certLocation + "/key.pem";`

			`environmentFile = config.age.secrets.murmur-env.path;`
			`password = "$MURMUR_PASSWORD";`
			`welcometext = "Welcome to Friclouds Mumble server!";`
			`};`

gerd.murmur: set superpassword on boot 2024-08-09 21:07:51 +00:00			`# set superpassword on start from secrets`
			`systemd.services.murmur.preStart = lib.mkAfter ''${config.services.murmur.package}/bin/mumble-server -ini /run/murmur/murmurd.ini -readsupw < ${config.age.secrets.murmur-superpassword.path}'';`

gerd.murmur: automatically reload service on certificate update/changes 2024-08-12 21:34:15 +00:00			`# automatically reload service`
			`security.acme.certs."${svc_domain}".reloadServices = [ config.systemd.services.murmur.name ];`

gerd.murmur: removed subdomain 2024-08-10 15:49:20 +00:00			`# add murmur user to domain group to access cert`
configure domain in a central file 2024-08-11 12:50:32 +00:00			`users.groups.main-domain.members = [ config.users.groups.murmur.name ];`
gerd.murmur: adds murmur server 2024-08-09 20:45:15 +00:00
add service information to mine.shared.meta 2024-08-13 12:42:32 +00:00			`# secrets`
gerd.murmur: adds murmur server 2024-08-09 20:45:15 +00:00			`age.secrets = {`
			`murmur-env.owner = config.users.users.murmur.name;`
gerd.murmur: set superpassword on boot 2024-08-09 21:07:51 +00:00			`murmur-superpassword.owner = config.users.users.murmur.name;`
gerd.murmur: adds murmur server 2024-08-09 20:45:15 +00:00			`};`

add service information to mine.shared.meta 2024-08-13 12:42:32 +00:00			`# persistence`
gerd.murmur: adds murmur server 2024-08-09 20:45:15 +00:00			`environment.persistence.root.directories = [`
			`"/var/lib/murmur"`
			`];`
add service information to mine.shared.meta 2024-08-13 12:42:32 +00:00
			`# meta information about the service.`
			`mine.shared.meta.murmur = {`
			`name = "Mumble";`
			`description = "We host our own mumble server at, which you're welcome to join. The password is {{secrets.MURMUR_PASSWORD}}.";`
gerd.murmur: changed murmur meta 2024-08-13 19:19:52 +00:00			`url = "mumble://:{{secrets.MURMUR_PASSWORD}}@${svc_domain}";`
add service information to mine.shared.meta 2024-08-13 12:42:32 +00:00
			`secrets.auth = config.age.secrets.murmur-env.path;`

			`package = let`
			`pkg = config.services.murmur.package;`
			`in {`
			`name = pkg.pname;`
			`version = pkg.version;`
			`meta = pkg.meta;`
			`};`
			`};`
gerd.murmur: adds murmur server 2024-08-09 20:45:15 +00:00			`}`