blob: 5cc6f7da40ef9dcdd2f412ad0c828c7505e7111f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
{
config,
lib,
...
}: let
cfg = config.vhack.murmur;
in {
options.vhack.murmur = {
enable = lib.mkEnableOption "murmur, a mumble server software";
murmurStore = lib.mkOption {
type = lib.types.str;
default = "/var/lib/murmur";
description = "The location of murmurs data dir.";
};
host = lib.mkOption {
type = lib.types.str;
description = "The domain murmur should be served on.";
example = "mumble.vhack.eu";
};
url = lib.mkOption {
type = lib.types.str;
description = "The url this instance should be registered under. Note that
this is not the domain mumur is served on";
example = "vhack.eu";
};
name = lib.mkOption {
type = lib.types.str;
description = "The name this instance should be registered under.";
example = "vhack";
};
};
config = lib.mkIf cfg.enable {
vhack.persist.directories = [
{
directory = cfg.murmurStore;
user = "murmur";
group = "murmur";
mode = "0700";
}
];
services.murmur = {
enable = true;
openFirewall = true;
welcometext = ''
<b>You never get a second chance to make a first impression</b><br>
The entire team of [name of the company] is thrilled to welcome you on board. We hope you’ll do some amazing work here!
'';
sslKey = "${cfg.murmurStore}/key.pem";
sslCert = "${cfg.murmurStore}/fullchain.pem";
registerUrl = cfg.url;
registerName = cfg.name;
registerHostname = cfg.host;
hostName = cfg.host;
clientCertRequired = true;
bandwidth = 7200000;
};
security.acme.certs.murmur = {
domain = cfg.host;
postRun =
/*
bash
*/
''
set -x
rm "${cfg.murmurStore}/key.pem"
rm "${cfg.murmurStore}/fullchain.pem"
cp key.pem "${cfg.murmurStore}";
cp fullchain.pem "${cfg.murmurStore}";
chown murmur:murmur "${cfg.murmurStore}/key.pem"
chown murmur:murmur "${cfg.murmurStore}/fullchain.pem"
'';
};
};
}
|
