gerd.murmur: set superpassword on boot

2024-08-09 23:07:51 +02:00 · 2024-08-09 23:07:51 +02:00 · 8169ee57b0
commit 8169ee57b0
parent 5ff8a7a1bd
4 changed files with 16 additions and 1 deletions
--- a/machines/gerd/services/murmur.nix
+++ b/machines/gerd/services/murmur.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:

 {
  services.murmur = let
@ -15,6 +15,9 @@
    welcometext = "Welcome to Friclouds Mumble server!";
  };

+  # set superpassword on start from secrets
+  systemd.services.murmur.preStart = lib.mkAfter ''${config.services.murmur.package}/bin/mumble-server -ini /run/murmur/murmurd.ini -readsupw < ${config.age.secrets.murmur-superpassword.path}'';
+
  services.nginx.virtualHosts."mumble.fricloud.dk" = {
    forceSSL = true;
    enableACME = true;
@ -36,6 +39,7 @@

  age.secrets = {
    murmur-env.owner = config.users.users.murmur.name;
+    murmur-superpassword.owner = config.users.users.murmur.name;
  };

  environment.persistence.root.directories = [
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -13,5 +13,6 @@

    # mumble
    murmur-env.file = ./murmur/env.age;
+    murmur-superpassword.file = ./murmur/superpassword.age;
  };
 }
--- a/secrets/murmur/superpassword.age
+++ b/secrets/murmur/superpassword.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 QSDXqg LoWIvj4OQjNPaGbtQYSUEKtkqvcVa2pPisjyXL6ajy0
+ZfLdRcsWa4Nc6HdiWO1GCgSgHm7aZeUdEDCjUCn6CuY
+-> ssh-ed25519 n8n9DQ e7DWlUZdaDPgoS0Ylnxtf80IN+QMtCJ48oI4Z4U9+0I
+/2ZleHBcAkWh8Udt6D2QgBOCTKkqH3GIsGsGexpAaxA
+-> ssh-ed25519 BTp6UA bgTa1+cFzW07nPhe/5GKW1RreVO5IqIzvPZTYpnrGjY
+7F4HnAnHVZX+dfOpc5mPB4/TTgPgw8hiIyVTEbffRQw
+--- IrCqHtOIS3c5By3cBTPQAGpM2GzCu61AhiavRjozk7o
+<EFBFBD>hｶ<15>ﾈ都･ｹ5+RBi}ﾏ黍<EFBE8F>ﾍ瀨	ﾊN$wﾄ:ｶ![ｵs<EFBDB5>ﾂ､ﾞ<EFBDA4>ﾎｱ､<EFBDB1>.ｮgR･ﾄ｢>
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -23,4 +23,5 @@ in

  # mumble
  "murmur/env.age".publicKeys = defaultAccess;
+  "murmur/superpassword.age".publicKeys = defaultAccess;
 }