diff --git a/machines/gerd/services/murmur.nix b/machines/gerd/services/murmur.nix index f621c93..f934636 100644 --- a/machines/gerd/services/murmur.nix +++ b/machines/gerd/services/murmur.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: { services.murmur = let @@ -15,6 +15,9 @@ welcometext = "Welcome to Friclouds Mumble server!"; }; + # set superpassword on start from secrets + systemd.services.murmur.preStart = lib.mkAfter ''${config.services.murmur.package}/bin/mumble-server -ini /run/murmur/murmurd.ini -readsupw < ${config.age.secrets.murmur-superpassword.path}''; + services.nginx.virtualHosts."mumble.fricloud.dk" = { forceSSL = true; enableACME = true; @@ -36,6 +39,7 @@ age.secrets = { murmur-env.owner = config.users.users.murmur.name; + murmur-superpassword.owner = config.users.users.murmur.name; }; environment.persistence.root.directories = [ diff --git a/secrets/default.nix b/secrets/default.nix index aeb0e10..d02ef2a 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -13,5 +13,6 @@ # mumble murmur-env.file = ./murmur/env.age; + murmur-superpassword.file = ./murmur/superpassword.age; }; } diff --git a/secrets/murmur/superpassword.age b/secrets/murmur/superpassword.age new file mode 100644 index 0000000..af799f6 --- /dev/null +++ b/secrets/murmur/superpassword.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 QSDXqg LoWIvj4OQjNPaGbtQYSUEKtkqvcVa2pPisjyXL6ajy0 +ZfLdRcsWa4Nc6HdiWO1GCgSgHm7aZeUdEDCjUCn6CuY +-> ssh-ed25519 n8n9DQ e7DWlUZdaDPgoS0Ylnxtf80IN+QMtCJ48oI4Z4U9+0I +/2ZleHBcAkWh8Udt6D2QgBOCTKkqH3GIsGsGexpAaxA +-> ssh-ed25519 BTp6UA bgTa1+cFzW07nPhe/5GKW1RreVO5IqIzvPZTYpnrGjY +7F4HnAnHVZX+dfOpc5mPB4/TTgPgw8hiIyVTEbffRQw +--- IrCqHtOIS3c5By3cBTPQAGpM2GzCu61AhiavRjozk7o +ïÕh¶øºÈû·¥¹5+RBi}Ï‹oô¹ÍûP ÊN$wÄ:¶![µsý¤Þô›Î±¤÷B.®gR¥Ä¢> \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3635933..8030755 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -23,4 +23,5 @@ in # mumble "murmur/env.age".publicKeys = defaultAccess; + "murmur/superpassword.age".publicKeys = defaultAccess; }