fricloud/server-configs
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

gerd.murmur: set superpassword on boot

Browse source
This commit is contained in:
eyjhb 2024-08-09 23:07:51 +02:00
parent 5ff8a7a1bd
commit 8169ee57b0
No known key found for this signature in database
GPG key ID: 609F508E3239F920
4 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
machines/gerd/services/murmur.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
services.murmur = let services.murmur = let
@ -15,6 +15,9 @@
welcometext = "Welcome to Friclouds Mumble server!"; welcometext = "Welcome to Friclouds Mumble server!";
}; };
# set superpassword on start from secrets
systemd.services.murmur.preStart = lib.mkAfter ''${config.services.murmur.package}/bin/mumble-server -ini /run/murmur/murmurd.ini -readsupw < ${config.age.secrets.murmur-superpassword.path}'';
services.nginx.virtualHosts."mumble.fricloud.dk" = { services.nginx.virtualHosts."mumble.fricloud.dk" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -36,6 +39,7 @@
age.secrets = { age.secrets = {
murmur-env.owner = config.users.users.murmur.name; murmur-env.owner = config.users.users.murmur.name;
murmur-superpassword.owner = config.users.users.murmur.name;
}; };
environment.persistence.root.directories = [ environment.persistence.root.directories = [

1
secrets/default.nix
View file

@ -13,5 +13,6 @@
# mumble # mumble
murmur-env.file = ./murmur/env.age; murmur-env.file = ./murmur/env.age;
murmur-superpassword.file = ./murmur/superpassword.age;
}; };
} }

9
secrets/murmur/superpassword.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 QSDXqg LoWIvj4OQjNPaGbtQYSUEKtkqvcVa2pPisjyXL6ajy0
ZfLdRcsWa4Nc6HdiWO1GCgSgHm7aZeUdEDCjUCn6CuY
-> ssh-ed25519 n8n9DQ e7DWlUZdaDPgoS0Ylnxtf80IN+QMtCJ48oI4Z4U9+0I
/2ZleHBcAkWh8Udt6D2QgBOCTKkqH3GIsGsGexpAaxA
-> ssh-ed25519 BTp6UA bgTa1+cFzW07nPhe/5GKW1RreVO5IqIzvPZTYpnrGjY
7F4HnAnHVZX+dfOpc5mPB4/TTgPgw8hiIyVTEbffRQw
--- IrCqHtOIS3c5By3cBTPQAGpM2GzCu61AhiavRjozk7o
<EFBFBD>h<15>ネ都・ケ5+RBi}マ黍<EFBE8F>ヘ瀨 ハN$wト:カ![オs<EFBDB5>、゙<EFBDA4>ホア、<EFBDB1>.ョgR・ト「>

1
secrets/secrets.nix
View file

@ -23,4 +23,5 @@ in
# mumble # mumble
"murmur/env.age".publicKeys = defaultAccess; "murmur/env.age".publicKeys = defaultAccess;
"murmur/superpassword.age".publicKeys = defaultAccess;
} }