fricloud/server-configs
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
server-configs/machines/gerd/services/murmur.nix

56 lines
1.7 KiB
Nix
Raw Blame History

{ config, lib, ... }:
let
svc_domain = config.mine.shared.settings.domain;
in {
services.murmur = let
certLocation = config.security.acme.certs."${svc_domain}".directory;
in {
enable = true;
openFirewall = true;
sslCert = certLocation + "/fullchain.pem";
sslKey = certLocation + "/key.pem";
environmentFile = config.age.secrets.murmur-env.path;
password = "$MURMUR_PASSWORD";
welcometext = "Welcome to Friclouds Mumble server!";
};
# set superpassword on start from secrets
systemd.services.murmur.preStart = lib.mkAfter ''${config.services.murmur.package}/bin/mumble-server -ini /run/murmur/murmurd.ini -readsupw < ${config.age.secrets.murmur-superpassword.path}'';
# automatically reload service
security.acme.certs."${svc_domain}".reloadServices = [ config.systemd.services.murmur.name ];
# add murmur user to domain group to access cert
users.groups.main-domain.members = [ config.users.groups.murmur.name ];
# secrets
age.secrets = {
murmur-env.owner = config.users.users.murmur.name;
murmur-superpassword.owner = config.users.users.murmur.name;
};
# persistence
environment.persistence.root.directories = [
"/var/lib/murmur"
];
# meta information about the service.
mine.shared.meta.murmur = {
name = "Mumble";
description = "We host our own mumble server at, which you're welcome to join. The password is {{secrets.MURMUR_PASSWORD}}.";
url = "mumble://${svc_domain}";
secrets.auth = config.age.secrets.murmur-env.path;
package = let
pkg = config.services.murmur.package;
in {
name = pkg.pname;
version = pkg.version;
meta = pkg.meta;
};
};
}
Reference in a new issue View git blame Copy permalink