gerd.murmur: adds murmur server

2024-08-09 22:45:15 +02:00 · 2024-08-09 22:45:15 +02:00 · 5ff8a7a1bd
commit 5ff8a7a1bd
parent f3111da7f2
5 changed files with 55 additions and 0 deletions
--- a/machines/gerd.nix
+++ b/machines/gerd.nix
@ -14,6 +14,7 @@ in {
    # ./gerd/services/authelia.nix
    ./gerd/services/forgejo.nix
    ./gerd/services/teeworlds.nix
+    ./gerd/services/murmur.nix
  ];

  networking.hostName = "gerd";
--- a/machines/gerd/services/murmur.nix
+++ b/machines/gerd/services/murmur.nix
@ -0,0 +1,44 @@
+{ config, pkgs, ... }:
+
+{
+  services.murmur = let
+    certLocation = config.security.acme.certs."mumble.fricloud.dk".directory;
+  in {
+    enable = true;
+    openFirewall = true;
+
+    sslCert = certLocation + "/fullchain.pem";
+    sslKey = certLocation + "/key.pem";
+    
+    environmentFile = config.age.secrets.murmur-env.path;
+    password = "$MURMUR_PASSWORD";
+    welcometext = "Welcome to Friclouds Mumble server!";
+  };
+
+  services.nginx.virtualHosts."mumble.fricloud.dk" = {
+    forceSSL = true;
+    enableACME = true;
+    root = pkgs.writeTextDir "index.html" ''
+      <html>
+        <head>
+          <title>Mumble server</title>
+        </head>
+        <body>
+          <p>This server runs a mumble server, enjoy!</p>
+        </body>
+      </html>
+    '';
+  };
+
+  # need to change group to murmur for cert + add nginx to murmur group to do HTTP ACME
+  security.acme.certs."mumble.fricloud.dk".group = config.users.groups.murmur.name;
+  users.users.nginx.extraGroups = [ config.users.groups.murmur.name ];
+
+  age.secrets = {
+    murmur-env.owner = config.users.users.murmur.name;
+  };
+
+  environment.persistence.root.directories = [
+    "/var/lib/murmur"
+  ];
+}
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -1,5 +1,6 @@
 {
  age.secrets = {
+    # authelia
    authelia-jwt.file = ./authelia/jwt.age;
    authelia-storage.file = ./authelia/storage.age;
    authelia-session.file = ./authelia/session.age;
@ -7,6 +8,10 @@
    authelia-oidc-issuer-privatekey-crt.file = ./authelia/oidc-issuer-privatekey-crt.age;
    authelia-lldap-bind-user-pass.file = ./authelia/lldap-bind-user-pass.age;

+    # lldap
    lldap-user-pass.file = ./lldap/user-pass.age;
+
+    # mumble
+    murmur-env.file = ./murmur/env.age;
  };
 }
--- a/secrets/murmur/env.age
+++ b/secrets/murmur/env.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -10,6 +10,7 @@ let
  defaultAccess = users ++ systems;
 in
 {
+  # authelia
  "authelia/jwt.age".publicKeys = defaultAccess;
  "authelia/storage.age".publicKeys = defaultAccess;
  "authelia/session.age".publicKeys = defaultAccess;
@ -17,5 +18,9 @@ in
  "authelia/oidc-issuer-privatekey-crt.age".publicKeys = defaultAccess;
  "authelia/lldap-bind-user-pass.age".publicKeys = defaultAccess;

+  # lldap
  "lldap/user-pass.age".publicKeys = defaultAccess;
+
+  # mumble
+  "murmur/env.age".publicKeys = defaultAccess;
 }