gerd.murmur: adds murmur server

This commit is contained in:
eyjhb 2024-08-09 22:45:15 +02:00
parent f3111da7f2
commit 5ff8a7a1bd
No known key found for this signature in database
GPG key ID: 609F508E3239F920
5 changed files with 55 additions and 0 deletions

View file

@ -14,6 +14,7 @@ in {
# ./gerd/services/authelia.nix # ./gerd/services/authelia.nix
./gerd/services/forgejo.nix ./gerd/services/forgejo.nix
./gerd/services/teeworlds.nix ./gerd/services/teeworlds.nix
./gerd/services/murmur.nix
]; ];
networking.hostName = "gerd"; networking.hostName = "gerd";

View file

@ -0,0 +1,44 @@
{ config, pkgs, ... }:
{
services.murmur = let
certLocation = config.security.acme.certs."mumble.fricloud.dk".directory;
in {
enable = true;
openFirewall = true;
sslCert = certLocation + "/fullchain.pem";
sslKey = certLocation + "/key.pem";
environmentFile = config.age.secrets.murmur-env.path;
password = "$MURMUR_PASSWORD";
welcometext = "Welcome to Friclouds Mumble server!";
};
services.nginx.virtualHosts."mumble.fricloud.dk" = {
forceSSL = true;
enableACME = true;
root = pkgs.writeTextDir "index.html" ''
<html>
<head>
<title>Mumble server</title>
</head>
<body>
<p>This server runs a mumble server, enjoy!</p>
</body>
</html>
'';
};
# need to change group to murmur for cert + add nginx to murmur group to do HTTP ACME
security.acme.certs."mumble.fricloud.dk".group = config.users.groups.murmur.name;
users.users.nginx.extraGroups = [ config.users.groups.murmur.name ];
age.secrets = {
murmur-env.owner = config.users.users.murmur.name;
};
environment.persistence.root.directories = [
"/var/lib/murmur"
];
}

View file

@ -1,5 +1,6 @@
{ {
age.secrets = { age.secrets = {
# authelia
authelia-jwt.file = ./authelia/jwt.age; authelia-jwt.file = ./authelia/jwt.age;
authelia-storage.file = ./authelia/storage.age; authelia-storage.file = ./authelia/storage.age;
authelia-session.file = ./authelia/session.age; authelia-session.file = ./authelia/session.age;
@ -7,6 +8,10 @@
authelia-oidc-issuer-privatekey-crt.file = ./authelia/oidc-issuer-privatekey-crt.age; authelia-oidc-issuer-privatekey-crt.file = ./authelia/oidc-issuer-privatekey-crt.age;
authelia-lldap-bind-user-pass.file = ./authelia/lldap-bind-user-pass.age; authelia-lldap-bind-user-pass.file = ./authelia/lldap-bind-user-pass.age;
# lldap
lldap-user-pass.file = ./lldap/user-pass.age; lldap-user-pass.file = ./lldap/user-pass.age;
# mumble
murmur-env.file = ./murmur/env.age;
}; };
} }

BIN
secrets/murmur/env.age Normal file

Binary file not shown.

View file

@ -10,6 +10,7 @@ let
defaultAccess = users ++ systems; defaultAccess = users ++ systems;
in in
{ {
# authelia
"authelia/jwt.age".publicKeys = defaultAccess; "authelia/jwt.age".publicKeys = defaultAccess;
"authelia/storage.age".publicKeys = defaultAccess; "authelia/storage.age".publicKeys = defaultAccess;
"authelia/session.age".publicKeys = defaultAccess; "authelia/session.age".publicKeys = defaultAccess;
@ -17,5 +18,9 @@ in
"authelia/oidc-issuer-privatekey-crt.age".publicKeys = defaultAccess; "authelia/oidc-issuer-privatekey-crt.age".publicKeys = defaultAccess;
"authelia/lldap-bind-user-pass.age".publicKeys = defaultAccess; "authelia/lldap-bind-user-pass.age".publicKeys = defaultAccess;
# lldap
"lldap/user-pass.age".publicKeys = defaultAccess; "lldap/user-pass.age".publicKeys = defaultAccess;
# mumble
"murmur/env.age".publicKeys = defaultAccess;
} }