summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorstuebinm2023-12-29 18:51:45 +0100
committerstuebinm2023-12-29 18:51:45 +0100
commitce86f210793223c3a5a20836d679752c55ee81c9 (patch)
tree6e8d7c5fb1950d02aa7a304c900b544b06b43aac
parent47885b325b63671c5359afcc3c2ebc4ed85f3004 (diff)
apparently i run a mumble now
-rw-r--r--flora/configuration.nix1
-rw-r--r--flora/services/murmur.nix24
-rw-r--r--flora/services/nginx.nix5
3 files changed, 30 insertions, 0 deletions
diff --git a/flora/configuration.nix b/flora/configuration.nix
index fba97c1..9f2eb82 100644
--- a/flora/configuration.nix
+++ b/flora/configuration.nix
@@ -11,6 +11,7 @@
./services/trainspotter.nix
./services/element.nix
./services/ntfy.nix
+ ./services/murmur.nix
];
# Use the GRUB 2 boot loader.
diff --git a/flora/services/murmur.nix b/flora/services/murmur.nix
new file mode 100644
index 0000000..0b92816
--- /dev/null
+++ b/flora/services/murmur.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+{
+ services.murmur = {
+ enable = true;
+ logDays = -1;
+ welcometext = "";
+ sslKey = "/var/lib/acme/meow.noms.ing/key.pem";
+ sslCert = "/var/lib/acme/meow.noms.ing/fullchain.pem";
+ bandwidth = 128000;
+ };
+
+ # the mumble cert has its own group so that both nginx and murmur can read it
+ users.groups.mumblecert = { };
+ security.acme.certs."meow.noms.ing" = {
+ group = "mumblecert";
+ reloadServices = [ "murmur" ];
+ };
+ users.users.nginx.extraGroups = [ "mumblecert" ];
+ users.users.murmur.extraGroups = [ "mumblecert" ];
+
+ networking.firewall.allowedTCPPorts = [ config.services.murmur.port ];
+ networking.firewall.allowedUDPPorts = [ config.services.murmur.port ];
+}
diff --git a/flora/services/nginx.nix b/flora/services/nginx.nix
index ef5a3d6..7c792ba 100644
--- a/flora/services/nginx.nix
+++ b/flora/services/nginx.nix
@@ -15,5 +15,10 @@
forceSSL = true;
locations."/".root = ../../pkgs/nomsing;
};
+ virtualHosts."meow.noms.ing" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/".root = ../../pkgs/nomsing;
+ };
};
}