3 files changed, 30 insertions, 0 deletions

diff --git a/flora/configuration.nix b/flora/configuration.nix
index fba97c1..9f2eb82 100644
--- a/flora/configuration.nix
+++ b/flora/configuration.nix
@@ -11,6 +11,7 @@
     ./services/trainspotter.nix
     ./services/element.nix
     ./services/ntfy.nix
+    ./services/murmur.nix
   ];
   
   # Use the GRUB 2 boot loader.
diff --git a/flora/services/murmur.nix b/flora/services/murmur.nix
new file mode 100644
index 0000000..0b92816
--- /dev/null
+++ b/flora/services/murmur.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.murmur = {
+    enable = true;
+    logDays = -1;
+    welcometext = "";
+    sslKey = "/var/lib/acme/meow.noms.ing/key.pem";
+    sslCert = "/var/lib/acme/meow.noms.ing/fullchain.pem";
+    bandwidth = 128000;
+  };
+
+  # the mumble cert has its own group so that both nginx and murmur can read it
+  users.groups.mumblecert = { };
+  security.acme.certs."meow.noms.ing" = {
+    group = "mumblecert";
+    reloadServices = [ "murmur" ];
+  };
+  users.users.nginx.extraGroups = [ "mumblecert" ];
+  users.users.murmur.extraGroups = [ "mumblecert" ];
+
+  networking.firewall.allowedTCPPorts = [ config.services.murmur.port ];
+  networking.firewall.allowedUDPPorts = [ config.services.murmur.port ];
+}
diff --git a/flora/services/nginx.nix b/flora/services/nginx.nix
index ef5a3d6..7c792ba 100644
--- a/flora/services/nginx.nix
+++ b/flora/services/nginx.nix
@@ -15,5 +15,10 @@
       forceSSL = true;
       locations."/".root = ../../pkgs/nomsing;
     };
+    virtualHosts."meow.noms.ing" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/".root = ../../pkgs/nomsing;
+    };
   };
 }