From 5ff8a7a1bd25a318e2d076d4a3ac5919d9a36cc2 Mon Sep 17 00:00:00 2001 From: eyjhb Date: Fri, 9 Aug 2024 22:45:15 +0200 Subject: [PATCH] gerd.murmur: adds murmur server --- machines/gerd.nix | 1 + machines/gerd/services/murmur.nix | 44 ++++++++++++++++++++++++++++++ secrets/default.nix | 5 ++++ secrets/murmur/env.age | Bin 0 -> 483 bytes secrets/secrets.nix | 5 ++++ 5 files changed, 55 insertions(+) create mode 100644 machines/gerd/services/murmur.nix create mode 100644 secrets/murmur/env.age diff --git a/machines/gerd.nix b/machines/gerd.nix index 3fcc0f2..527471c 100644 --- a/machines/gerd.nix +++ b/machines/gerd.nix @@ -14,6 +14,7 @@ in { # ./gerd/services/authelia.nix ./gerd/services/forgejo.nix ./gerd/services/teeworlds.nix + ./gerd/services/murmur.nix ]; networking.hostName = "gerd"; diff --git a/machines/gerd/services/murmur.nix b/machines/gerd/services/murmur.nix new file mode 100644 index 0000000..f621c93 --- /dev/null +++ b/machines/gerd/services/murmur.nix @@ -0,0 +1,44 @@ +{ config, pkgs, ... }: + +{ + services.murmur = let + certLocation = config.security.acme.certs."mumble.fricloud.dk".directory; + in { + enable = true; + openFirewall = true; + + sslCert = certLocation + "/fullchain.pem"; + sslKey = certLocation + "/key.pem"; + + environmentFile = config.age.secrets.murmur-env.path; + password = "$MURMUR_PASSWORD"; + welcometext = "Welcome to Friclouds Mumble server!"; + }; + + services.nginx.virtualHosts."mumble.fricloud.dk" = { + forceSSL = true; + enableACME = true; + root = pkgs.writeTextDir "index.html" '' + + + Mumble server + + +

This server runs a mumble server, enjoy!

+ + + ''; + }; + + # need to change group to murmur for cert + add nginx to murmur group to do HTTP ACME + security.acme.certs."mumble.fricloud.dk".group = config.users.groups.murmur.name; + users.users.nginx.extraGroups = [ config.users.groups.murmur.name ]; + + age.secrets = { + murmur-env.owner = config.users.users.murmur.name; + }; + + environment.persistence.root.directories = [ + "/var/lib/murmur" + ]; +} diff --git a/secrets/default.nix b/secrets/default.nix index 3060baa..aeb0e10 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -1,5 +1,6 @@ { age.secrets = { + # authelia authelia-jwt.file = ./authelia/jwt.age; authelia-storage.file = ./authelia/storage.age; authelia-session.file = ./authelia/session.age; @@ -7,6 +8,10 @@ authelia-oidc-issuer-privatekey-crt.file = ./authelia/oidc-issuer-privatekey-crt.age; authelia-lldap-bind-user-pass.file = ./authelia/lldap-bind-user-pass.age; + # lldap lldap-user-pass.file = ./lldap/user-pass.age; + + # mumble + murmur-env.file = ./murmur/env.age; }; } diff --git a/secrets/murmur/env.age b/secrets/murmur/env.age new file mode 100644 index 0000000000000000000000000000000000000000..ab3550d75d5f1b7397df7e171896144f19b62fa7 GIT binary patch literal 483 zcmZ9_J&%)M007`~(S$@dCl^i=trCQnD-;rA;hEhY}e{WNhk4leHZ{DH>}7x*HbZ>se+&eF%(CL|z0@TX`|MEJs|Xc};+ zIg+M%h#De<$?>u-1lO`uU$f?8U2j!H2h(N>XnS5&N`%agB@iO@1{!RqDudxF5atQL zwt**v0Q9QZOko?Na}72-n|w{{SGSZ+Imtw!Wp~4F+7hxMAVZ!mMtPE3tH3hGCxn9O zGux{fXGoM5iA;`o-!*Ab9(E#55toB$Sr}SIHtl#fQ>Dy5sh5?mP6yl7)lC?$8H+~~ zCg?Z;C$(H3c%d$lI|EQu*H$)L2Xv3?ITML8PbQIQB1LF&%Q>@)U6FKhDcY{uo}*~k z(EyHmB7tPymS@ZLA j;{4l%{Nw%Ii+=~F57M7V<2U{Uxjs3&xv!o5oiG0ZR;{BT literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 5439a8e..3635933 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -10,6 +10,7 @@ let defaultAccess = users ++ systems; in { + # authelia "authelia/jwt.age".publicKeys = defaultAccess; "authelia/storage.age".publicKeys = defaultAccess; "authelia/session.age".publicKeys = defaultAccess; @@ -17,5 +18,9 @@ in "authelia/oidc-issuer-privatekey-crt.age".publicKeys = defaultAccess; "authelia/lldap-bind-user-pass.age".publicKeys = defaultAccess; + # lldap "lldap/user-pass.age".publicKeys = defaultAccess; + + # mumble + "murmur/env.age".publicKeys = defaultAccess; }