mumble: ssl for everyone :party:

services/murmur.nix

@@ -15,9 +15,28 @@
   networking.firewall.allowedTCPPorts = [ config.services.murmur.port ];
   networking.firewall.allowedUDPPorts = [ config.services.murmur.port ];
 
-  # the mumble cert has its own group so that both nginx and murmur can read it
+  # create ssl certs for all used domains
+  services.nginx.virtualHosts = let
+    vhost = {
+      enableACME = true;
+      forceSSL = true;
+    };
+  in {
+    "mumble.hacc.space" = vhost;
+    "mumble.infra4future.de" = vhost;
+  };
+  
+  # create group to share the certs
   users.groups.mumblecert = {};
-  security.acme.certs."mumble.hacc.space".group = "mumblecert";
   users.users.nginx.extraGroups = [ "mumblecert" ];
   users.users.murmur.extraGroups = [ "mumblecert" ];
+
+ # merge the certs into one and reload murmur on update
+  security.acme.certs."mumble.hacc.space" = {
+    group = "mumblecert";
+    extraDomainNames = [ "pad.infra4future.de" ];
+    reloadServices = [ "murmur" ];
+  };
+
+
 }