From ce86f210793223c3a5a20836d679752c55ee81c9 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Fri, 29 Dec 2023 18:51:45 +0100 Subject: apparently i run a mumble now --- flora/configuration.nix | 1 + flora/services/murmur.nix | 24 ++++++++++++++++++++++++ flora/services/nginx.nix | 5 +++++ 3 files changed, 30 insertions(+) create mode 100644 flora/services/murmur.nix diff --git a/flora/configuration.nix b/flora/configuration.nix index fba97c1..9f2eb82 100644 --- a/flora/configuration.nix +++ b/flora/configuration.nix @@ -11,6 +11,7 @@ ./services/trainspotter.nix ./services/element.nix ./services/ntfy.nix + ./services/murmur.nix ]; # Use the GRUB 2 boot loader. diff --git a/flora/services/murmur.nix b/flora/services/murmur.nix new file mode 100644 index 0000000..0b92816 --- /dev/null +++ b/flora/services/murmur.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +{ + services.murmur = { + enable = true; + logDays = -1; + welcometext = ""; + sslKey = "/var/lib/acme/meow.noms.ing/key.pem"; + sslCert = "/var/lib/acme/meow.noms.ing/fullchain.pem"; + bandwidth = 128000; + }; + + # the mumble cert has its own group so that both nginx and murmur can read it + users.groups.mumblecert = { }; + security.acme.certs."meow.noms.ing" = { + group = "mumblecert"; + reloadServices = [ "murmur" ]; + }; + users.users.nginx.extraGroups = [ "mumblecert" ]; + users.users.murmur.extraGroups = [ "mumblecert" ]; + + networking.firewall.allowedTCPPorts = [ config.services.murmur.port ]; + networking.firewall.allowedUDPPorts = [ config.services.murmur.port ]; +} diff --git a/flora/services/nginx.nix b/flora/services/nginx.nix index ef5a3d6..7c792ba 100644 --- a/flora/services/nginx.nix +++ b/flora/services/nginx.nix @@ -15,5 +15,10 @@ forceSSL = true; locations."/".root = ../../pkgs/nomsing; }; + virtualHosts."meow.noms.ing" = { + enableACME = true; + forceSSL = true; + locations."/".root = ../../pkgs/nomsing; + }; }; } -- cgit v1.2.3