fricloud/server-configs
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
server-configs/machines/gerd/services/murmur.nix
eyjhb 8169ee57b0
gerd.murmur: set superpassword on boot
2024-08-09 23:07:51 +02:00

48 lines
1.4 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
{
services.murmur = let
certLocation = config.security.acme.certs."mumble.fricloud.dk".directory;
in {
enable = true;
openFirewall = true;
sslCert = certLocation + "/fullchain.pem";
sslKey = certLocation + "/key.pem";
environmentFile = config.age.secrets.murmur-env.path;
password = "$MURMUR_PASSWORD";
welcometext = "Welcome to Friclouds Mumble server!";
};
# set superpassword on start from secrets
systemd.services.murmur.preStart = lib.mkAfter ''${config.services.murmur.package}/bin/mumble-server -ini /run/murmur/murmurd.ini -readsupw < ${config.age.secrets.murmur-superpassword.path}'';
services.nginx.virtualHosts."mumble.fricloud.dk" = {
forceSSL = true;
enableACME = true;
root = pkgs.writeTextDir "index.html" ''
<html>
<head>
<title>Mumble server</title>
</head>
<body>
<p>This server runs a mumble server, enjoy!</p>
</body>
</html>
'';
};
# need to change group to murmur for cert + add nginx to murmur group to do HTTP ACME
security.acme.certs."mumble.fricloud.dk".group = config.users.groups.murmur.name;
users.users.nginx.extraGroups = [ config.users.groups.murmur.name ];
age.secrets = {
murmur-env.owner = config.users.users.murmur.name;
murmur-superpassword.owner = config.users.users.murmur.name;
};
environment.persistence.root.directories = [
"/var/lib/murmur"
];
}
Reference in a new issue View git blame Copy permalink