1 files changed, 80 insertions, 0 deletions

diff --git a/modules/by-name/mu/murmur/module.nix b/modules/by-name/mu/murmur/module.nix
new file mode 100644
index 0000000..5cc6f7d
--- /dev/null
+++ b/modules/by-name/mu/murmur/module.nix
@@ -0,0 +1,80 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.vhack.murmur;
+in {
+  options.vhack.murmur = {
+    enable = lib.mkEnableOption "murmur, a mumble server software";
+    murmurStore = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/lib/murmur";
+      description = "The location of murmurs data dir.";
+    };
+    host = lib.mkOption {
+      type = lib.types.str;
+      description = "The domain murmur should be served on.";
+      example = "mumble.vhack.eu";
+    };
+    url = lib.mkOption {
+      type = lib.types.str;
+      description = "The url this instance should be registered under. Note that
+      this is not the domain mumur is served on";
+      example = "vhack.eu";
+    };
+    name = lib.mkOption {
+      type = lib.types.str;
+      description = "The name this instance should be registered under.";
+      example = "vhack";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    vhack.persist.directories = [
+      {
+        directory = cfg.murmurStore;
+        user = "murmur";
+        group = "murmur";
+        mode = "0700";
+      }
+    ];
+
+    services.murmur = {
+      enable = true;
+      openFirewall = true;
+      welcometext = ''
+        <b>You never get a second chance to make a first impression</b><br>
+
+        The entire team of [name of the company] is thrilled to welcome you on board. We hope you’ll do some amazing work here!
+      '';
+      sslKey = "${cfg.murmurStore}/key.pem";
+      sslCert = "${cfg.murmurStore}/fullchain.pem";
+
+      registerUrl = cfg.url;
+      registerName = cfg.name;
+      registerHostname = cfg.host;
+      hostName = cfg.host;
+      clientCertRequired = true;
+      bandwidth = 7200000;
+    };
+
+    security.acme.certs.murmur = {
+      domain = cfg.host;
+      postRun =
+        /*
+        bash
+        */
+        ''
+          set -x
+          rm "${cfg.murmurStore}/key.pem"
+          rm "${cfg.murmurStore}/fullchain.pem"
+
+          cp key.pem "${cfg.murmurStore}";
+          cp fullchain.pem "${cfg.murmurStore}";
+
+          chown murmur:murmur "${cfg.murmurStore}/key.pem"
+          chown murmur:murmur "${cfg.murmurStore}/fullchain.pem"
+        '';
+    };
+  };
+}