summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--flora/configuration.nix1
-rw-r--r--flora/services/murmur.nix24
-rw-r--r--flora/services/nginx.nix5
3 files changed, 30 insertions, 0 deletions
diff --git a/flora/configuration.nix b/flora/configuration.nix
index fba97c1..9f2eb82 100644
--- a/flora/configuration.nix
+++ b/flora/configuration.nix
@@ -11,6 +11,7 @@
./services/trainspotter.nix
./services/element.nix
./services/ntfy.nix
+ ./services/murmur.nix
];
# Use the GRUB 2 boot loader.
diff --git a/flora/services/murmur.nix b/flora/services/murmur.nix
new file mode 100644
index 0000000..0b92816
--- /dev/null
+++ b/flora/services/murmur.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+{
+ services.murmur = {
+ enable = true;
+ logDays = -1;
+ welcometext = "";
+ sslKey = "/var/lib/acme/meow.noms.ing/key.pem";
+ sslCert = "/var/lib/acme/meow.noms.ing/fullchain.pem";
+ bandwidth = 128000;
+ };
+
+ # the mumble cert has its own group so that both nginx and murmur can read it
+ users.groups.mumblecert = { };
+ security.acme.certs."meow.noms.ing" = {
+ group = "mumblecert";
+ reloadServices = [ "murmur" ];
+ };
+ users.users.nginx.extraGroups = [ "mumblecert" ];
+ users.users.murmur.extraGroups = [ "mumblecert" ];
+
+ networking.firewall.allowedTCPPorts = [ config.services.murmur.port ];
+ networking.firewall.allowedUDPPorts = [ config.services.murmur.port ];
+}
diff --git a/flora/services/nginx.nix b/flora/services/nginx.nix
index ef5a3d6..7c792ba 100644
--- a/flora/services/nginx.nix
+++ b/flora/services/nginx.nix
@@ -15,5 +15,10 @@
forceSSL = true;
locations."/".root = ../../pkgs/nomsing;
};
+ virtualHosts."meow.noms.ing" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/".root = ../../pkgs/nomsing;
+ };
};
}