feat(modules/murmur): init

4 files changed, 86 insertions, 51 deletions

diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix
index e16c67a..2a340b2 100644
--- a/hosts/by-name/server3/configuration.nix
+++ b/hosts/by-name/server3/configuration.nix
@@ -15,6 +15,12 @@
         "miniflux.vhack.eu"
       ];
     };
+    murmur = {
+      enable = true;
+      host = "mumble.vhack.eu";
+      name = "vhack";
+      url = "vhack.eu";
+    };
     nixconfig.enable = true;
     openssh.enable = true;
     persist = {
diff --git a/modules/by-name/mu/murmur/module.nix b/modules/by-name/mu/murmur/module.nix
new file mode 100644
index 0000000..5cc6f7d
--- /dev/null
+++ b/modules/by-name/mu/murmur/module.nix
@@ -0,0 +1,80 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.vhack.murmur;
+in {
+  options.vhack.murmur = {
+    enable = lib.mkEnableOption "murmur, a mumble server software";
+    murmurStore = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/lib/murmur";
+      description = "The location of murmurs data dir.";
+    };
+    host = lib.mkOption {
+      type = lib.types.str;
+      description = "The domain murmur should be served on.";
+      example = "mumble.vhack.eu";
+    };
+    url = lib.mkOption {
+      type = lib.types.str;
+      description = "The url this instance should be registered under. Note that
+      this is not the domain mumur is served on";
+      example = "vhack.eu";
+    };
+    name = lib.mkOption {
+      type = lib.types.str;
+      description = "The name this instance should be registered under.";
+      example = "vhack";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    vhack.persist.directories = [
+      {
+        directory = cfg.murmurStore;
+        user = "murmur";
+        group = "murmur";
+        mode = "0700";
+      }
+    ];
+
+    services.murmur = {
+      enable = true;
+      openFirewall = true;
+      welcometext = ''
+        <b>You never get a second chance to make a first impression</b><br>
+
+        The entire team of [name of the company] is thrilled to welcome you on board. We hope you’ll do some amazing work here!
+      '';
+      sslKey = "${cfg.murmurStore}/key.pem";
+      sslCert = "${cfg.murmurStore}/fullchain.pem";
+
+      registerUrl = cfg.url;
+      registerName = cfg.name;
+      registerHostname = cfg.host;
+      hostName = cfg.host;
+      clientCertRequired = true;
+      bandwidth = 7200000;
+    };
+
+    security.acme.certs.murmur = {
+      domain = cfg.host;
+      postRun =
+        /*
+        bash
+        */
+        ''
+          set -x
+          rm "${cfg.murmurStore}/key.pem"
+          rm "${cfg.murmurStore}/fullchain.pem"
+
+          cp key.pem "${cfg.murmurStore}";
+          cp fullchain.pem "${cfg.murmurStore}";
+
+          chown murmur:murmur "${cfg.murmurStore}/key.pem"
+          chown murmur:murmur "${cfg.murmurStore}/fullchain.pem"
+        '';
+    };
+  };
+}
diff --git a/system/services/default.nix b/system/services/default.nix
index 819c36a..dfce3be 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -5,7 +5,6 @@
     ./mastodon
     ./matrix
     ./minecraft
-    ./murmur
     ./restic
     ./taskserver
   ];
diff --git a/system/services/murmur/default.nix b/system/services/murmur/default.nix
deleted file mode 100644
index dec79ba..0000000
--- a/system/services/murmur/default.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{...}: let
-  murmurStore = "/var/lib/murmur";
-in {
-  vhack.persist.directories = [
-    {
-      directory = "/var/lib/murmur";
-      user = "murmur";
-      group = "murmur";
-      mode = "0700";
-    }
-  ];
-
-  services.murmur = {
-    enable = true;
-    openFirewall = true;
-    welcometext = ''
-      <b>You never get a second chance to make a first impression</b><br>
-
-      The entire team of [name of the company] is thrilled to welcome you on board. We hope you’ll do some amazing work here!
-    '';
-    sslKey = "${murmurStore}/key.pem";
-    sslCert = "${murmurStore}/fullchain.pem";
-
-    registerUrl = "vhack.eu";
-    registerName = "vhack";
-    registerHostname = "mumble.vhack.eu";
-    hostName = "mumble.vhack.eu";
-    clientCertRequired = true;
-    bandwidth = 7200000;
-  };
-
-  security.acme.certs.murmur = {
-    domain = "mumble.vhack.eu";
-    postRun =
-      /*
-      bash
-      */
-      ''
-        set -x
-        rm "${murmurStore}/key.pem"
-        rm "${murmurStore}/fullchain.pem"
-
-        cp key.pem "${murmurStore}";
-        cp fullchain.pem "${murmurStore}";
-
-        chown murmur:murmur "${murmurStore}/key.pem"
-        chown murmur:murmur "${murmurStore}/fullchain.pem"
-      '';
-  };
-}