diff options
| author | Silas Schöffel <sils@sils.li> | 2025-01-20 17:12:31 +0100 |
|---|---|---|
| committer | Silas Schöffel <sils@sils.li> | 2025-01-20 17:12:31 +0100 |
| commit | 67714b1987617844df71a83052c68004e755d8ff (patch) | |
| tree | f10804ba0b591653dbbba0e3e4597eadddb06d22 /modules/by-name/mu/murmur/module.nix | |
| parent | feat(modules/nixconfig): init (diff) | |
| download | nixos-server-67714b1987617844df71a83052c68004e755d8ff.zip | |
feat(modules/murmur): init
Diffstat (limited to 'modules/by-name/mu/murmur/module.nix')
| -rw-r--r-- | modules/by-name/mu/murmur/module.nix | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/modules/by-name/mu/murmur/module.nix b/modules/by-name/mu/murmur/module.nix new file mode 100644 index 0000000..5cc6f7d --- /dev/null +++ b/modules/by-name/mu/murmur/module.nix @@ -0,0 +1,80 @@ +{ + config, + lib, + ... +}: let + cfg = config.vhack.murmur; +in { + options.vhack.murmur = { + enable = lib.mkEnableOption "murmur, a mumble server software"; + murmurStore = lib.mkOption { + type = lib.types.str; + default = "/var/lib/murmur"; + description = "The location of murmurs data dir."; + }; + host = lib.mkOption { + type = lib.types.str; + description = "The domain murmur should be served on."; + example = "mumble.vhack.eu"; + }; + url = lib.mkOption { + type = lib.types.str; + description = "The url this instance should be registered under. Note that + this is not the domain mumur is served on"; + example = "vhack.eu"; + }; + name = lib.mkOption { + type = lib.types.str; + description = "The name this instance should be registered under."; + example = "vhack"; + }; + }; + config = lib.mkIf cfg.enable { + vhack.persist.directories = [ + { + directory = cfg.murmurStore; + user = "murmur"; + group = "murmur"; + mode = "0700"; + } + ]; + + services.murmur = { + enable = true; + openFirewall = true; + welcometext = '' + <b>You never get a second chance to make a first impression</b><br> + + The entire team of [name of the company] is thrilled to welcome you on board. We hope you’ll do some amazing work here! + ''; + sslKey = "${cfg.murmurStore}/key.pem"; + sslCert = "${cfg.murmurStore}/fullchain.pem"; + + registerUrl = cfg.url; + registerName = cfg.name; + registerHostname = cfg.host; + hostName = cfg.host; + clientCertRequired = true; + bandwidth = 7200000; + }; + + security.acme.certs.murmur = { + domain = cfg.host; + postRun = + /* + bash + */ + '' + set -x + rm "${cfg.murmurStore}/key.pem" + rm "${cfg.murmurStore}/fullchain.pem" + + cp key.pem "${cfg.murmurStore}"; + cp fullchain.pem "${cfg.murmurStore}"; + + chown murmur:murmur "${cfg.murmurStore}/key.pem" + chown murmur:murmur "${cfg.murmurStore}/fullchain.pem" + ''; + }; + }; +} |