diff options
Diffstat (limited to '')
| -rw-r--r-- | hosts/by-name/server3/configuration.nix | 6 | ||||
| -rw-r--r-- | modules/by-name/mu/murmur/module.nix | 80 | ||||
| -rw-r--r-- | system/services/default.nix | 1 | ||||
| -rw-r--r-- | system/services/murmur/default.nix | 50 |
4 files changed, 86 insertions, 51 deletions
diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix index e16c67a..2a340b2 100644 --- a/hosts/by-name/server3/configuration.nix +++ b/hosts/by-name/server3/configuration.nix @@ -15,6 +15,12 @@ "miniflux.vhack.eu" ]; }; + murmur = { + enable = true; + host = "mumble.vhack.eu"; + name = "vhack"; + url = "vhack.eu"; + }; nixconfig.enable = true; openssh.enable = true; persist = { diff --git a/modules/by-name/mu/murmur/module.nix b/modules/by-name/mu/murmur/module.nix new file mode 100644 index 0000000..5cc6f7d --- /dev/null +++ b/modules/by-name/mu/murmur/module.nix @@ -0,0 +1,80 @@ +{ + config, + lib, + ... +}: let + cfg = config.vhack.murmur; +in { + options.vhack.murmur = { + enable = lib.mkEnableOption "murmur, a mumble server software"; + murmurStore = lib.mkOption { + type = lib.types.str; + default = "/var/lib/murmur"; + description = "The location of murmurs data dir."; + }; + host = lib.mkOption { + type = lib.types.str; + description = "The domain murmur should be served on."; + example = "mumble.vhack.eu"; + }; + url = lib.mkOption { + type = lib.types.str; + description = "The url this instance should be registered under. Note that + this is not the domain mumur is served on"; + example = "vhack.eu"; + }; + name = lib.mkOption { + type = lib.types.str; + description = "The name this instance should be registered under."; + example = "vhack"; + }; + }; + config = lib.mkIf cfg.enable { + vhack.persist.directories = [ + { + directory = cfg.murmurStore; + user = "murmur"; + group = "murmur"; + mode = "0700"; + } + ]; + + services.murmur = { + enable = true; + openFirewall = true; + welcometext = '' + <b>You never get a second chance to make a first impression</b><br> + + The entire team of [name of the company] is thrilled to welcome you on board. We hope you’ll do some amazing work here! + ''; + sslKey = "${cfg.murmurStore}/key.pem"; + sslCert = "${cfg.murmurStore}/fullchain.pem"; + + registerUrl = cfg.url; + registerName = cfg.name; + registerHostname = cfg.host; + hostName = cfg.host; + clientCertRequired = true; + bandwidth = 7200000; + }; + + security.acme.certs.murmur = { + domain = cfg.host; + postRun = + /* + bash + */ + '' + set -x + rm "${cfg.murmurStore}/key.pem" + rm "${cfg.murmurStore}/fullchain.pem" + + cp key.pem "${cfg.murmurStore}"; + cp fullchain.pem "${cfg.murmurStore}"; + + chown murmur:murmur "${cfg.murmurStore}/key.pem" + chown murmur:murmur "${cfg.murmurStore}/fullchain.pem" + ''; + }; + }; +} diff --git a/system/services/default.nix b/system/services/default.nix index 819c36a..dfce3be 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -5,7 +5,6 @@ ./mastodon ./matrix ./minecraft - ./murmur ./restic ./taskserver ]; diff --git a/system/services/murmur/default.nix b/system/services/murmur/default.nix deleted file mode 100644 index dec79ba..0000000 --- a/system/services/murmur/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{...}: let - murmurStore = "/var/lib/murmur"; -in { - vhack.persist.directories = [ - { - directory = "/var/lib/murmur"; - user = "murmur"; - group = "murmur"; - mode = "0700"; - } - ]; - - services.murmur = { - enable = true; - openFirewall = true; - welcometext = '' - <b>You never get a second chance to make a first impression</b><br> - - The entire team of [name of the company] is thrilled to welcome you on board. We hope you’ll do some amazing work here! - ''; - sslKey = "${murmurStore}/key.pem"; - sslCert = "${murmurStore}/fullchain.pem"; - - registerUrl = "vhack.eu"; - registerName = "vhack"; - registerHostname = "mumble.vhack.eu"; - hostName = "mumble.vhack.eu"; - clientCertRequired = true; - bandwidth = 7200000; - }; - - security.acme.certs.murmur = { - domain = "mumble.vhack.eu"; - postRun = - /* - bash - */ - '' - set -x - rm "${murmurStore}/key.pem" - rm "${murmurStore}/fullchain.pem" - - cp key.pem "${murmurStore}"; - cp fullchain.pem "${murmurStore}"; - - chown murmur:murmur "${murmurStore}/key.pem" - chown murmur:murmur "${murmurStore}/fullchain.pem" - ''; - }; -} |